Tech Trend Update: If Biosecurity Then Autonomous Edge

  • Buy Link or Shortcode: {j2store}99|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation

COVID-19 has created new risks to physical encounters among workers and customers. New biosecurity processes and ways to effectively enforce them – in the least intrusive way possible – are required to resume these activities.

Our Advice

Critical Insight

New biosecurity standards will be imposed on many industries, and the autonomous edge will be part of the solution to manage that new reality.

Impact and Result

There are some key considerations for businesses considering new biosecurity measures:

  1. If prevention, then ID-based access control
  2. If intervention, then alerts based on data
  3. If investigation, then contact tracing

Tech Trend Update: If Biosecurity Then Autonomous Edge Research & Tools

Tech Trend Update: If Biosecurity Then Autonomous Edge

Understand how new biosecurity requirements could affect your business and why AI at the edge could be part of the solution.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Tech Trend Update: If Biosecurity Then Autonomous Edge Storyboard
[infographic]

Do you believe in absolute efficiency?

Weekend read. Hence I post this a bit later on Friday.
Lately, I've been fascinated by infinity. And in infinity, some weird algebra pops up. Yet that weirdness is very much akin to what our business stakeholders want, driven by what our clients demand, and hence our KPIs drive us. Do more with less. And that is what absolute efficiency means.

Register to read more …

Customer Value Contribution

I'm proud to announce our new Customer Value Contribution Calculator©, or CVCC© in short.

It enhances and possibly replaces the BIA (Business Impact Analysis) process with a much simpler way.

More info to follow shortly.

Cost Optimization

  • Buy Link or Shortcode: {j2store}14|cart{/j2store}
  • Related Products: {j2store}14|crosssells{/j2store}
  • Up-Sell: {j2store}14|upsells{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Financial Management
  • Parent Category Link: /financial-management
Minimize the damage of IT cost cuts

Make Your IT Governance Adaptable

  • Buy Link or Shortcode: {j2store}359|cart{/j2store}
  • member rating overall impact (scale of 10): 8.0/10 Overall Impact
  • member rating average dollars saved: $123,499 Average $ Saved
  • member rating average days saved: 10 Average Days Saved
  • Parent Category Name: IT Governance, Risk & Compliance
  • Parent Category Link: /it-governance-risk-and-compliance
  • People don’t understand the value of governance, seeing it as a hindrance to productivity and efficiency.
  • Governance is delegated to people and practices that don’t have the ability or authority to make these decisions.
  • Decisions are made within committees that don’t meet frequently enough to support business velocity.
  • It is difficult to allocate time and resources to build or execute governance effectively.

Our Advice

Critical Insight

  • IT governance applies not just to the IT department but to all uses of information and technology.
  • IT governance works against you if it no longer aligns with or supports your organizational direction, goals, and work practices.
  • Governance doesn’t have to be bureaucratic or control based.
  • Your governance model should be able to adapt to changes in the organization’s strategy and goals, your industry, and your ways of working.
  • Governance can be embedded and automated into your practices.

Impact and Result

  • You will produce more value from IT by developing a governance framework optimized for your current needs and context, with the ability to adapt as your needs shift.
  • You will create the foundation and ability to delegate and empower governance to enable agile delivery.
  • You will identify areas where governance does not require manual oversight and can be embedded into the way you work.

Make Your IT Governance Adaptable Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Make Your IT Governance Adaptable Deck – A document that walks you through how to design and implement governance that fits the context of your organization and can adapt to change.

Our dynamic, flexible, and embedded approach to governance will help drive organizational success. The three-phase methodology will help you identify your governance needs, select and refine your governance model, and embed and automate governance decisions.

  • Make Your IT Governance Adaptable – Phases 1-3

2. Adaptive and Controlled Governance Model Templates and Workbook – Documents that gather context information about your organization to identify the best approach for governance.

Use these templates and workbook to identify the criteria and design factors for your organization and the design triggers to maintain fit. Upon completion this will be your new governance framework model.

  • Controlled Governance Models Template
  • IT Governance Program Overview
  • Governance Workbook

3. Implementation Plan and Workbook – Tools that help you build and finalize your approach to implement your new or revised governance model.

Upon completion you will have a finalized implementation plan and a visual roadmap.

  • Governance Implementation Plan
  • Governance Roadmap Workbook

4. Governance Committee Charter Templates – Base charters that can be adapted for communication.

Customize these templates to create the committee charters or terms of reference for the committees developed in your governance model.

  • IT PMO Committee Charter
  • IT Risk Committee Charter for Controlled Governance
  • IT Steering Committee Charter for Controlled Governance
  • Program Governance Committee Charter
  • Architecture Review Board Charter
  • Data Governance Committee Charter
  • Digital Governance Committee Charter

5. Governance Automation Criteria Checklist and Worksheet – Tools that help you determine which governance decisions can be automated and work through the required logic and rules.

The checklist is a starting point for confirming which activities and decisions should be considered for automation or embedding. Use the worksheet to develop decision logic by defining the steps and information inputs involved in making decisions.

  • Governance Automation Criteria Checklist
  • Governance Automation Worksheet

Infographic

Workshop: Make Your IT Governance Adaptable

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Develop Your Guiding Star

The Purpose

Establish the context for your governance model.

Key Benefits Achieved

Core understanding of the context that will enable us to build an optimal model

Activities

1.1 Confirm mission, vision, and goals.

1.2 Define scope and principles.

1.3 Adjust for culture and finalize context.

Outputs

Governance principles

Governance context and goals

2 Define the Governance Model

The Purpose

To select and adapt a governance model based on your context.

Key Benefits Achieved

A selected and optimized governance model

Activities

2.1 Select and refine governance model.

2.2 Confirm and adjust the structure.

2.3 Review and adapt governance responsibilities and activities.

2.4 Validate governance mandates and membership.

Outputs

IT governance model and adjustment triggers

IT governance structure, responsibilities, membership, and cadence

Governance committee charters

3 Build Governance Process and Policy

The Purpose

Refine your governance practices and associate policies properly.

Key Benefits Achieved

A completed governance model that can be implemented with clear update triggers and review timing

Policy alignment with the right levels of authority

Activities

3.1 Update your governance process.

3.2 Align policies to mandate.

3.3 Adjust and confirm your model.

3.4 Identify and document update triggers and embed into review cycle.

Outputs

IT governance process and information flow

IT governance policies

Finalized governance model

4 Embed and Automate Governance

The Purpose

Identify options to automate and embed governance activities and decisions.

Key Benefits Achieved

Simply more consistent governance activities and automate them to enhance speed and support governance delegation and empowerment

Activities

4.1 Identify decisions and standards that can be automated. Develop decision logic.

4.2 Plan verification and validation approach.

4.3 Build implementation plan.

4.4 Develop communication strategy and messaging.

Outputs

Selected automation options, decision logic, and business rules

Implementation and communication plan

Further reading

Make Your IT Governance Adaptable

Governance isn't optional, so keep it simple and make it flexible.

Table of Contents

4 Analyst Perspective

5 Executive Summary

13 Governance Stages

14 Info-Tech’s IT Governance Thought Model

19 Info-Tech’s Approach

23 Insight Summary

30 Phase 1: Identify Your Governance Needs

54 Phase 2: Select and Refine Your Governance Model

76 Phase 3: Embed and Automate

94 Summary of Accomplishment

95 Additional Support

97 Contributors

98 Bibliography

Make Your IT Governance Adaptable

Governance isn't optional, so keep it simple and make it flexible.

EXECUTIVE BRIEF

Analyst Perspective

Governance will always be part of the fabric of your organization. Make it adaptable so it doesn’t constrain your success.

Photo of Valence Howden, Principal Research Director, Info-Tech Research Group

Far too often, the purpose of information and technology (I&T) governance is misunderstood. Instead of being seen as a way to align the organization’s vision to its investment in information and technology, it has become so synonymous with compliance and control that even mentioning the word “governance” elicits a negative reaction.

Success in modern digital organizations depends on their ability to adjust for velocity and uncertainty, requiring a dynamic and responsive approach to governance – one that is embedded and automated in your organization to enable new ways of working, innovation, and change.

Evolutionary theory describes adaptability as the way an organism adjusts to fit a new environment, or changes to its existing environment, to survive. Applied to organizations, adaptable governance is critical to the ability to survive and succeed.

If your governance doesn’t adjust to enable your changing business environment and customer needs, it will quickly become misaligned with your goals and drive you to failure.

It is critical that people build an approach to governance that is effective and relevant today while building in adaptability to keep it relevant tomorrow.

Valence Howden
Principal Research Director, Info-Tech Research Group

Executive Summary

Your Challenge

  • People don’t understand the value of governance, seeing it as a hindrance to productivity and efficiency.
  • Governance is delegated to people and practices that don’t have the ability or authority to make decisions.
  • Decisions are made within committees that don’t meet frequently enough to support business velocity.
  • It is difficult to allocate time and resources to build or execute governance effectively

Common Obstacles

  • You are unable to clearly communicate how governance adds value to your organization.
  • Your IT governance approach no longer aligns with or supports your organizational direction, goals, and work practices.
  • Governance is seen and performed as a bureaucratic control-based exercise.
  • Governance activities are not transparent.
  • The governance committee gets too deeply involved with project deep dives and daily management, derailing its effectiveness and ability to produce value.

Info-Tech’s Approach

  • Use Info-Tech’s IT governance models to identify a base model similar to the way you are organized. Confirm your current and future placement in governance execution.
  • Adjust the model based on industry needs, your principles, regulatory requirements, and your future direction.
  • Identify where to embed or automate decision making and compliance and what is required to do so effectively.
  • Implement your governance model for success.

Info-Tech Insight

IT governance must be embedded and automated, where possible, to effectively meet the needs and velocity of digital organizations and modern practices and to drive success and value.

What is governance?

IT governance is a critical and embedded practice that ensures that information and technology investments, risks, and resources are aligned in the best interests of the organization and produce business value.

Effective governance ensures that the right technology investments are made at the right time to support and enable your organization’s mission, vision, and goals.

5 KEY OUTCOMES OF GOOD GOVERNANCE

STRATEGIC ALIGNMENT

Technology investments and portfolios are aligned with the organization's strategic objectives.

RISK OPTIMIZATION

Organizational risks are understood and addressed to minimize impact and optimize opportunities.

VALUE DELIVERY

IT investments and initiatives deliver their expected benefits.

RESOURCE OPTIMIZATION

Resources (people, finances, time) are appropriately allocated across the organization to optimal organizational benefit.

PERFORMANCE MEASUREMENT

The performance of technology investments is monitored and used to determine future courses of action and to confirm achievement of success.

‹–EVALUATE–DIRECT–MONITOR–›

Why is this necessary?

  • Governance is not simply a committee or an activity that you perform at a specific point in time; it is a critical and continuously active practice that drives the success of your organization. It is part of your organization’s DNA and is just as unique, with some attributes common to all (IT governance elements), some specific to your family (industry refinements), and some specific to you (individual organization).
  • Your approach to governance needs to change over time in order to remain relevant and continue to enable value and success, but organizations rarely want to change governance once it’s in place.
  • To meet the speed and flow of practices like Lean, DevOps, and Agile, your IT governance needs to be done differently and become embedded into the way your organization works. You must adjust your governance model based on key moments of change – organizational triggers – to maintain the effectiveness of your model.

Info-Tech Insight

Build an optimal model quickly and implement the core elements using an iterative approach to ensure the changes provide the most value.

The Technology Value Trinity

Delivery of Business Value & Strategic Needs

  • DIGITAL & TECHNOLOGY STRATEGY
    The identification of objectives and initiatives necessary to achieve business goals.
  • IT OPERATING MODEL
    The model for how IT is organized to deliver on business needs and strategies.
  • INFORMATION & TECHNOLOGY GOVERNANCE
    The governance to ensure the organization and its customers get maximum value from the use of information and technology.

All three elements of the Technology Value Trinity work in harmony to deliver business value and meet strategic needs. As one changes, the others need to change as well.

  • Digital and IT Strategy tells you what you need to achieve to be successful.
  • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
  • Information & Technology Governance is the confirmation that IT’s goals and strategy align with the business’ strategy. It is the mechanism by which you continuously prioritize work to ensure that what you deliver is in line with the strategy. This oversight involves evaluating, directing, and monitoring the delivery of outcomes to ensure that the use of resources results in achieving the organization’s goals.

Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest rather than on what is in the best interest of the organization.

Where information & technology governance fits within an organization

An infographic illustrating where Governance fits within an organization. The main section is titled 'Enterprise Governance and Strategy' and contains 'Value Outcomes', 'Mission and Vision', 'Goals and Objectives', and 'Guiding Principles'. These all feed into the highlighted 'Information & Technology Governance', which then contributes to 'IT Strategy', which lies outside the main section.

I&T governance hasn’t achieved its purpose

Governance is the means by which IT ensures that information and technology delivery and spend is aligned to business goals and delivers business outcomes. However, most CEOs continue to perceive IT as being poorly aligned to the business’ strategic goals, which indicates that governance is not implemented or executed properly.

For I&T governance to be effective you need a clear understanding of the things that drive your organization and its success. This understanding becomes your guiding star, which is critical for effective governance. It also requires participation by all parts of the organization, not just IT.

Info-Tech CIO/CEO Alignment Diagnostics (N=124)

43% of CEOs believe that business goals are going unsupported by IT.

60% of CEOs believe that improvement is required around IT’s understanding of business goals.

80% of CIOs/CEOs are misaligned on the target role for IT.

30% of business stakeholders are supporters (N=32,536) of their IT departments

Common causes of poor governance

Key causes of poor or misaligned governance

  1. Governance and its value to your organization is not well understood, often being confused or integrated with more granular management activities.
  2. Business executives fail to understand that IT governance is a function of the business and not the IT department.
  3. Poor past experiences have made “governance” a bad word in the organization. People see it as a constraint and barrier that must be circumvented to get work done.
  4. There is misalignment between accountability and authority throughout the organization, and the wrong people are involved in governance practices.
  5. There is an unwillingness to change a governance approach that has served the organization well in the past, leading to challenges when the organization starts to change practices and speed of delivery.
  6. There is a lack of data and data-related capabilities required to support good decision making and the automation of governance decisions.
  7. The goals and strategy of the organization are not known or understood, leaving nothing for IT governance to orient around.

Key symptoms of ineffective governance committees

  1. No actions or decisions are generated. The committee produces no value and makes no decisions after it meets. The lack of value output makes the usefulness of the committee questionable.
  2. Resources are overallocated. There is a lack of clear understanding of capacity and value in work to be done, leading to consistent underestimation of required resources and poor resource allocation.
  3. Decisions are changed outside of committee. Decisions made or initiatives approved by the committee are later changed when the proper decision makers are involved or the right information becomes available.
  4. Governance decisions conflict with organizational direction. This shows an obvious lack of alignment and behavioral disconnect that work against organizational success. It is often due to not accounting for where power really exists within the structure.
  5. Consistently poor outcomes are produced from governance direction. Committee members’ lack of business acumen, relevant data, or understanding of organizational goals results in decisions that fail to drive successful measured outcomes.

Mature your governance by transitioning from ad hoc to automated

Organizations should look to progress in their governance stages. Ad hoc and controlled governance practices tend to be more rigid, making these a poor fit for organizations requiring higher velocity delivery or using more agile and adaptive practices.

The goal as you progress through these stages is to delegate governance and empower teams based on your fit and culture, enabling teams where needed to make optimal decisions in real time, ensuring that they are aligned with the best interests of the organization.

Automate governance for optimal velocity while mitigating risks and driving value.

This puts your organization in the best position to be adaptive, able to react effectively to volatility and uncertainty.

A graph illustrating the transition from Ad Hoc to Automated. The y-axis is 'Process Integration' and x-axis is 'Trust & Empowerment'. 'Ad Hoc: Inconsistent Decision Making' lies close to the origin, ranking low on both axes' values. 'Controlled: Authoritarian, Highly Structured' ranks slightly higher on both axes. 'Agile: Distributed & Empowered' ranks 2nd highest on both axes. 'Automated: High Velocity, Embedded & Flexible' ranks highest on both axes.

Stages of governance

Adaptive
Data-Centric


ˆ


ˆ


ˆ


ˆ


ˆ
Traditional
(People- and Document-Centric)

4

Automated Governance
  • Entrenched into organizational processes and product/service design
  • Empowered and fully delegated to maintain fit and drive organizational success and survival

3

Agile Governance
  • Flexible enough to support different needs in the organization and respond quickly to change
  • Driven by principles and delegated throughout the company

2

Controlled Governance
  • Focused on compliance and hierarchy-based authority
  • Levels of authority defined and often driven by regulatory requirements

1

Ad Hoc Governance
  • Not well defined or understood within the organization
  • Occurs out of necessity but often not done by the right people or bodies

Make Governance Adaptable and Automated to Drive Success and Value

Governance adaptiveness ensures the success of digital organizations and modern practice implementation.

THE PROBLEM

  • The wrong people are making decisions.
  • Organizations don't understand what governance is or why it's done.
  • Governance scope and design is a bad fit, damaging the organization.
  • People think governance is optional.

THE SOLUTION

ESTABLISH YOUR GUIDING PRINCIPLES

Define and establish the guiding principle that drive your organization toward success.

  • Mission & Vision
  • Business Goals & Success Criteria
  • Operating Model & Work Practices
  • Governance Scope
  • Principles
SELECT AND REFINE YOUR MODEL

Use Info-Tech's IT Governance Models to identify a base model similar to the way you are organized. Confirm your current and future placement in governance execution.

IDENTIFY MODEL UPDATE TRIGGERS

Adjust the model based on industry needs, your principles, regulatory requirements, and future direction.

  • Principles
    Select principles that allow the organization to be adaptive while still ensuring the governance continues to stay on course with pursuing its guiding star.
  • Responsibilities
    Decide on the governance responsibilities related to Oversight Level, Strategic Alignment, Value Delivery, Risk Optimization, Resource Optimization, and Performance Management.
  • Structure
    Determine at which structured level governance is appropriate: Enterprise, Strategic, Tactical, or Operational.
  • Processes
    Establish processes that will enable governance to occur such as: Embed the processes required for successful governance.
  • Membership
    Identify the Responsibility & Accountability of those who should be involved in governance processes, policies, guidelines, and responsibilities.
  • Policies
    Confirm any governing policies that need to be adhered to and considered to manage risk.
DETERMINE AUTOMATION OPTIONS AND DECISION RULES

Identify where to embed or automate decision making and compliance and what is required to do so effectively.

STAGES OF GOVERNANCE

    Traditional (People- and document-centric)
  1. AD HOC GOVERNANCE
    Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people or bodies.
  2. CONTROLLED GOVERNANCE
    Governance focused on compliance and hierarchy-based, authority-driven control of decisions. Levels of Authority are defined and often driven by regulatory requirements.
  3. Adaptive (Data Centric)
  4. AGILE GOVERNANCE
    Governance that is flexible to support different needs and quick responses in the organization. Driven by principles and delegated throughout the company.
  5. AUTOMATED GOVERNANCE
    Governance that is entrenched and automated into the organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival.

KEY INSIGHT

Governance must actively adapt to changes in your organization, environment, and practices or it will drive you to failure.

Developing governance principles

Governance principles support the move from controlled to automated governance by providing guardrails that guide your decisions. They provide the ethical boundaries and cultural perspectives that contextualize your decisions and keep you in line with organizational values. Determining principles are global in nature.

CONTROLLED CHANGE ACTIONS AND RATIONALE AUTOMATED
Disentangle governance and management Move from governance focused on evaluating, directing, and monitoring strategic decisions around information and technology toward defining and automating rules and principles for decision making into processes and practices, empowering the organization and driving adaptiveness. Delegate and empower
Govern toward value Move from identifying the organization’s mission, goals, and key drivers toward orienting IT to align with those value outcomes and embedding value outcomes into design and delivery practices. Deliver to defined outcomes
Make risk-informed decisions Move from governance bodies using risk information to manually make informed decisions based on their defined risk tolerance toward having risk information and attestation baked into decision making across all aspects and layers of the IT organization – from design to sustainment. Embed risk decision making into processes and practices
Measure to drive improvement Move from static lagging metrics that validate that the work being done is meeting the organization’s needs and guide future decision making toward automated governance with more transparency driven by data-based decision making and real-time data insights. Trust through real-time reporting
Enforce standards and behavior Move from enforcing standards and behavior and managing exceptions to ensure that there are consistent outcomes and quality toward automating standards and behavioral policies and embedding adherence and changes in behavior into the organization’s natural way of working. Automate standards through automated decision rules, verification, and validation

Find your guiding star

MISSION AND VISION –› GOALS AND OBJECTIVES –› GUIDING PRINCIPLES –›

VALUE

Why your organization exists and what value it aims to provide. The purpose you build a strategy to achieve. What your organization needs be successful at to fulfill its mission. Key propositions and guardrails that define and guide expected organizational behavior and beliefs.

Your mission and vision define your goals and objectives. These are reinforced by your guiding principles, including ethical considerations, your culture, and expected behaviors. They provide the boundaries and guardrails for enabling adaptive governance, ensuring you continue to move in the right direction for organizational success.

To paraphrase Lewis Carroll, “If you don't know where you want to get to, it doesn't much matter which way you go.” Once you know what matters, where value resides, and which considerations are necessary to make decisions, you have consistent directional alignment that allows you to delegate empowered governance throughout the organization, taking you to the places you want to go.

Understand governance versus management

Don’t blur the lines between governance and management; each has a unique role to play. Confusing them results in wasted time and confusion around ownership.

Governance

I&T governance defines WHAT should be done and sets direction through prioritization and decision making, monitoring overall IT performance.

Governance aligns with the mission and vision of the organization to guide IT.

A cycle of processes split into two halves, 'Governance Processes' and 'Management Processes'. Beginning on the Management side, the processes are 'Plan', 'Build', 'Run', 'Monitor', then to the Governance side, 'Evaluate', 'Direct', 'Monitor', and back to the beginning.

Management

Management focuses on HOW to do things to achieve the WHAT. It is responsible for executing on, operating, and monitoring activities as determined by I&T governance.

Management makes decisions for implementation based on governance direction.

Data is critical to automating governance

Documents and subjective/non-transparent decisions do not create sufficient structure to allow for the true automation of governance. Data related to decisions and aggregated risk allow you to define decision logic and rules and algorithmically embed them into your organization.

People- and Document-Centric

Governance drives activities through specific actors (individuals/committees) and unstructured data in processes and documents that are manually executed, assessed, and revised. There are often constraints caused by gaps or lack of adequate and integrated information in support of good decisions.

Data-Centric

Governance actors provide principles, parameters, and decision logic that enable the creation of code, rulesets, and algorithms that leverage organizational data. Attestation is automatic – validated and managed within the process, product, or service.

Info-Tech’s Approach

Define your context and build your model

ESTABLISH YOUR GUIDING PRINCIPLES

Define and establish the guiding principle that drive your organization toward success.

  • Mission & Vision
  • Business Goals & Success Criteria
  • Operating Model & Work Practices
  • Governance Scope
  • Principles
SELECT AND REFINE YOUR MODEL

Use Info-Tech's IT Governance Models to identify a base model similar to the way you are organized. Confirm your current and future placement in governance execution.

MODEL UPDATE TRIGGERS

Adjust the model based on industry needs, your principles, regulatory requirements, and future direction.

  • Principles
    Select principles that allow the organization to be adaptive while still ensuring the governance continues to stay on course with pursuing its guiding star.
  • Responsibilities
    Decide on the governance responsibilities related to Oversight Level, Strategic Alignment, Value Delivery, Risk Optimization, Resource Optimization, and Performance Management.
  • Structure
    Determine at which structured level governance is appropriate: Enterprise, Strategic, Tactical, or Operational.
  • Processes
    Establish processes that will enable governance to occur such as: Embed the processes required for successful governance.
  • Membership
    Identify the Responsibility & Accountability of those who should be involved in governance processes, policies, guidelines, and responsibilities.
  • Policies
    Confirm any governing policies that need to be adhered to and considered to manage risk.
AUTOMATION OPTIONS AND DECISION RULES

Identify where to embed or automate decision making and compliance and what is required to do so effectively.

The Info-Tech Difference

Define your context and build your model

  1. Quickly identify the organizational needs driving governance and your guiding star.
  2. Select and refine a base governance model based on our templates.
  3. Define and document the key changes in your organization that will trigger a need to update or revise your governance.
  4. Determine where you might be able to automate aspects of your governance.
  5. Design your decision rules where appropriate to support automated and adaptive governance.

How to use this research

Where are you in your governance optimization journey?

MY GOVERNANCE IS AD HOC AND WE’RE STARTING FROM SCRATCH I NEED TO BUILD A NEW GOVERNANCE STRUCTURE OUR GOVERNANCE APPROACH IS INEFFECTIVE AND NEEDS IMPROVEMENT I NEED TO LOOK AT OPTIONS FOR AUTOMATING GOVERNANCE PRACTICES
Step 1.1: Define Your Governance Context Step 1.2: Structure Your IT Governance Phase 2: Select and Refine Your Model Phase 3: Embed and Automate

IT governance is about ensuring that the investment decisions made around information and technology drive the optimal organizational value, not about governing the IT department.

In this section we will clarify your organizational context for governance and define your guiding star to orient your governance design and inform your structure.

There is no need to start from scratch! Start with Info-Tech’s best-practice IT governance models and customize them based on your organizational context.

The research in this section will help you to select the right base model to work from and provide guidance on how to refine it.

Governance practices eventually stop being a good fit for a changing organization, and things that worked before become bottlenecks.

Governing roles and committees don’t adjust well, don’t have consistent practices, and lack the right information to make good decisions.

The research in this section will help you improve and realign your governance practices.

Once your governance is controlled and optimized you are ready to investigate opportunities to automate.

This phase of the blueprint will help you determine where it’s feasible to automate and embed governance, understand key governance automation practices, and develop governing business rules to move your journey forward.

Related Research:

If you are looking for details on specific associated practices, please see our related research:

  1. I need to establish data governance.
  2. I need to manage my project portfolio, from intake to confirmation of value.
  3. I need better risk information to support decision making.
  4. I need to ensure I am getting the expected outcomes and benefits from IT spend.
  5. I need to prioritize my product backlog or service portfolio.

Info-Tech’s methodology for building and embedding adaptive governance

1. Identify Your Governance Needs 2. Select and Refine Your Governance Model 3. Embed and Automate
Phase Steps
  1. Confirm Mission, Vision, and Goals
  2. Define Scope and Principles
  3. Adjust for Culture and Finalize Context
  1. Select and Refine Your Governance Model
  2. Identify and Document Your Governance Triggers
  3. Build Your Implementation Plan
  1. Identify Decisions to Embed and Automate
  2. Plan Validation and Verification
  3. Update Implementation Plan
Phase Outcomes
  • Governance context, guiding star, and principles
  • Completed governance model with associated decisions and policies
  • Implementation plan
  • List of automation options
  • Decision logic, rules, and rulesets
  • Validation and verification approach
  • Finalized implementation plan

Insight summary

Value

To remain valuable, I&T governance must actively adapt to changes in your organization, environment, and practices, or it will drive you to failure instead of success.

Focus

I&T governance does not focus on the IT department. Rather, its intent is to ensure your organization makes sound decisions around investment in and use of information and technology.

Maturity

Your governance approach progresses in stages from ad hoc to automated as your organization matures. Your stage depends on your organizational needs and ways of working.

Good governance

Good governance does not equate to control and does not stifle innovation.

Automation

Automating governance must be done in stages, based on your capabilities, level of maturity, and amount of usable data.

Strategy

Establish the least amount of governance required to allow you to achieve your goals.

Guiding star

If you don’t establish a guiding star to align the different stakeholders in your organization, governance practices will create conflict and confusion.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key Deliverable:
Governance Framework Model

The governance framework model provides the design of your new governance model and the organizational context to retain stakeholder alignment and organizational satisfaction with governance.

The model includes the structures, practices, and responsibilities to drive effective governance in your organization.

Sample of the key blueprint deliverable 'Governance Framework Model'.

Governance Implementation Plan

This roadmap lays out the changes required to implement the governance model, the cultural items that need to be addressed, and anticipated timing.

Sample of the blueprint deliverable 'Governance Implementation Plan'.

Governance Committee Charters

Develop a detail governance charter or term of reference for each governing body. Outline the mandate, responsibilities, membership, process, and associated policies for each.

Sample of the blueprint deliverable 'Governance Committee Charters'.

Blueprint benefits

IT Benefits

  • Stronger, traceable alignment of IT decisions and initiatives to business needs.
  • Improved ability for IT to meet the changing demands and velocity of the business.
  • Better support and enablement of innovation – removing constraints and barriers.
  • Optimized governance that supports and enables modern work practices.
  • Increased value generation from IT initiatives and optimal use of IT resources.
  • Designed adaptability to ensure you remain in alignment as your business and IT environments change.

Business Benefits

  • Clear transparent focus of IT initiatives on generating strategic business value.
  • Improved ability to measure the value and contribution of IT to business goals.
  • Alignment and integration of business/IT strategy.
  • Optimized development and use of IT capabilities to meet business needs.
  • Improved integration with corporate/enterprise governance.

Executive Brief Case Study

INDUSTRY Manufacturing
SOURCE Info-Tech analyst experience

Improving the governance approach and delegating decision making to support a change in business operation

Challenge

The large, multi-national organization has locations across the world but has two primary headquarters, in Europe and the United States.

Market shifts drove an organizational shift in strategy, leading to a change in operating models, a product focus, and new work approaches across the organization.

Much of the implementation and execution was done in isolation, and effectiveness was slowed by poor integration and conflicting activities that worked against each other.

The product owner role was not well defined.

Solution

After reviewing the organization’s challenges and governance approach, we redefined and realigned its organizational and regional goals and identified outcomes that needed to be driven into their strategies.

We also reviewed their span of control and integration requirements and properly defined decisions that could be made regionally versus globally, so that decisions could be made to support new work practices.

We defined the product and service owner roles and the decisions each needed to make.

Results

We saw an improvement in the alignment of organizational activities and the right people and bodies making decisions.

Work and practices were aimed at the same key outcomes and alignment between teams toward organizational goal improved.

Within one year, the success rate of the organization’s initiatives increased by 22%, and the percentage of product-related decisions made by product owners increased by 50%.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 5 and 8 calls over the course of 2 to 3 months.

What does a typical GI on this topic look like?

    Phase 1: Identify Your Governance Needs

  • Call #1: Confirm your organization’s mission and vision and review your strategy and goals.
  • Call #2: Identify considerations and governance needs. Develop your guiding star and governing principles.
  • Phase 2: Select and Refine Your Model

  • Call #3: Select your base model and optimize it to meet your governance needs.
  • Call #4: Define your adjustment triggers and develop your implementation plan.
  • Phase 3: Embed and Automate

  • Call #5: Identify decisions and standards you can automate and where to embed them.
  • Call #6: Confirm levels of authority and data requirements. Establish your approach and update the implementation plan.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com1-888-670-8889

Session 1 Session 2 Session 3 Session 4 Session 5
Activities
Develop Your Guiding Star

1.1 Confirm mission, vision, and goals

1.2 Define scope and principles

1.3 Adjust for culture and finalize context

Define the Governance Model

2.1 Select and refine governance model

2.2 Confirm and adjust the structure

2.3 Review and adapt governance responsibilities and activities

2.4 Validate governance mandates and membership

Build Governance Process and Policy

3.1 Update your governance process

3.2 Align policies to mandate

3.3 Adjust and confirm your governance model

3.4 Identify and document your update triggers

3.5 Embed triggers into review cycle

Embed and Automate Governance

4.1 Identify decisions and standards to automate

4.2 Plan verification and validation approach

4.3 Build implementation plan

4.4 Develop communication strategy and messaging

Next Steps and Wrap-Up

5.1 Complete in-progress outputs from previous four sessions

5.2 Set up review time for workshop outputs and to discuss next steps

Outcomes
  1. Governance context and goals
  2. Governance principles
  1. IT governance model and adjustment triggers
  2. IT governance structure, responsibilities, membership, and cadence
  3. Governance committee charters
  1. IT governance process and information flow
  2. IT governance policies
  3. Finalized governance model
  1. Selected automation options, decision logic, and business rules
  2. Implementation and communication plan
  1. Governance context and principles
  2. Finalized governance model and charters
  3. Finalized implementation plan

Make Your IT Governance Adaptable

Phase 1

Identify your Governance Needs

Phase 1

  • 1.1 Define Your Guiding Star
  • 1.2 Define Scope and Principles
  • 1.3 Adjust for Culture and Finalize Context

Phase 2

  • 2.1 Choose and Adapt Your Model
  • 2.2. Identify and Document Your Governance Triggers
  • 2.3 Build Your Implementation Approach

Phase 3

  • 3.1 Identify Decisions to Embed and Automate
  • 3.2 Plan Validation and Verification
  • 3.3 Update Implementation Plan

This phase will walk you through the following activities:

Identify the organization’s goals, mission, and vision that will guide governance.

Define the scope of your governance model and the principles that will guide how it works.

Account for organizational attitudes, behaviors, and culture related to governance and finalize your context.

This phase involves the following participants:

  • Senior IT leadership
  • Governance leads

Step 1.1

Define Your Guiding Star

Activities
  • 1.1.1 Document and interpret your strategy, mission, and vision
  • 1.1.2 Document and interpret the business and IT goals and outcomes
  • 1.1.3 Identify your operating model and work processes

This step will walk you through the following activities:

Review your business and IT strategy, mission, and vision to ensure understanding of organizational direction.

Identify the business and IT goals that governance needs to align.

Confirm your operating model and any work practices that need to be accounted for in your model.

This step involves the following participants:

  • Senior IT leadership
  • Governance leads

Outcomes of this step

Identified guiding star outcomes to align governance outcomes with

Defined operating model type and work style that impact governance design

Identify Your Governance Needs

Step 1.1 – Define your Guiding Star Step 1.2 – Define Scope and Principles Step 1.3 – Adjust for Culture and Finalize Context

Govern by intent

Find the balance for your designed governance approach

Organic governance occurs during the formation of an organization and shifts with challenges, but it is rarely transparent and understood. It changes your culture in uncontrolled ways. Intentional governance is triggered by changes in organizational needs, working approaches, goals, and structures. It is deliberate and changes your culture to enable success.
Stock photo of a weight scale.

Info-Tech Insight

Your approach to governance needs to be designed, even if your execution of governance is adaptable and delegated.

What is your guiding star?

Your guiding star is a combination of your organization’s mission, vision, and strategy and the goals that have been defined to meet them.

It provides you with a consistent focal point around which I&T-related activities and projects orbit, like planets around a star.

It generates the gravity that governance uses to keep things from straying too far away from the goal of achieving relevant value.

  1. Mission & Vision
  2. Business Goals & Success Criteria
  3. Operating Model & Work Practices
  4. Governance Scope
  5. Principles

1.1.1 Document and interpret your strategy, mission, and vision

30 minutes

Input: Business strategy, IT strategy, Mission and vision statements

Output: Updated Governance Workbook, Documented strategic outcomes and organizational aims that governance needs to achieve

Materials: Whiteboard/flip charts, Governance Workbook

Participants: IT senior leadership

  1. Gather your available business, digital, and IT strategy, mission, and vision information and document everything in your Governance Workbook. It’s ok if you don’t have all of it.
  2. Review and your mission and vision as a group. Discuss and document key points, including:
    • Which activities do you perform as an organization that embody your vision?
    • What key decisions and behaviors are required to ensure that your mission and vision are achievable?
    • What do you require from leadership to enable you to govern effectively?
    • What are the implications of the mission and vision on how the organization needs to work? What are the implications on decisions around opportunities and risks?

Download the Governance Workbook

1.1.2 Document and interpret the business and IT goals and outcomes

60 minutes

Input: Business strategy, Business and IT goals and related initiatives

Output: Required success outcomes for goals, Links between IT and business goals that governance needs to align

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Document the business and IT goals that have been created to achieve the mission and vision.
  2. Discuss if there are any gaps between the goals and the mission and vision. Ask yourself – if we accomplish these goals will we have successfully achieved the mission?
  3. For each goal, define what successful achievement of the goal looks like. Starting with one goal or objective, ask:
    • How would I know I am on the right path and how will I know I have gotten there?
    • How would I know if I am not on the right path and what does a bad result look like?
  4. Document your success criteria.
  5. Brainstorm some examples of decisions that support or constrain the achievement of your goals.
  6. Repeat this exercise for your remaining goals.
  7. As a group, map IT goals to business goals.

What is your operating model and why is it important?

An IT operating model is a visual representation of the way your IT organization needs to be designed and the capabilities it requires to deliver on the business mission, strategic objectives, and technological ambitions.

The model is critical in the optimization and alignment of the IT organization’s structure in order to deliver the capabilities required to achieve business goals. It is a key determinant of how governance needs to be designed and where it is implemented.

Little visualizations of different operating models: 'Centralized', 'Decentralized', and 'Hybrid'.

1.1.3 Identify your operating model and work practices

60 minutes

Input: Organizational structure, Operating model (if available)

Output: Confirmed operating approach, Defined work practices

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Identify the way your organization functions:
    • How do we currently operate? Are we centralized, decentralized or a hybrid? Are we focused on delivering products and services? Do we provide service ourselves or do we use vendors for delivery?
    • Can we achieve our mission, goals, and strategies, if we continue to operate this way? What would we have to change in how we operate to be successful in the future?
  2. Identify your governance needs. Do we need to be more structured or more flexible to support our future ways of working?
    • If you operate in a more traditional way, consider whether you are implementing or moving toward more modern practices (e.g. Agile, DevOps, enterprise service management). Do you need to make more frequent but lower-risk decisions?
    • Is your organization ready to delegate governance culturally and in terms of business understanding? Is there enough available information to support adaptive decisions and actions?
  3. Document your operating style, expected changes in work style, and cultural readiness. You will need to consider the implications on design.

Step 1.2

Define Scope and Principles

Activities
  • 1.2.1 Determine the proper scope for your governance
  • 1.2.2 Confirm your determining governing principles
  • 1.2.3 Develop your specific governing principles

This step will walk you through the following activities:

Identify what is included and excluded within the scope of your governance.

Develop the determining and specific principles that provide guardrails for governance activities and decisions.

This step involves the following participants:

  • Senior IT leadership
  • Governance leads

Outcomes of this step

Documented governance scope and principles to apply

Identify Your Governance Needs

Step 1.1 – Define your Guiding Star Step 1.2 – Define Scope and Principles Step 1.3 – Adjust for Culture and Finalize Context

Define the context for governance

Based on the goals and principles you defined and the operating model you selected, confirm where oversight will be necessary and at what level. Focus on the necessity to expedite and clear barriers to the achievement of goals and on the ownership of risks and compliance. Some key considerations:

  • Where in the organization will you need to decide on work that needs to be done?
  • What type of work will you need to do?
  • In what areas could there be conflicts in prioritization/resource allocation to address?
  • Who is accountable for risks to the organization and its objectives?
  • Where are your regional or business-unit-specific concerns that require focused local attention?
  • Are we using more agile, rapid delivery methods to produce work?

Understand your governance scope

Your governance scope helps you define the boundaries of what your governance model and practices will cover. This includes key characteristics of your organization that impact what governance needs to address.

Sample Considerations

  • Organizational Span
    • The geographical area the organization operates within. Regional laws and requirements will affect governance delegation and standards/policy development.
  • Level of Regulation
    • Higher levels of regulation create more standards and controls for risk and compliance, impacting how authority can be delegated or automated.
  • Sourcing Model
    • Changing technology sourcing introduces additional vendor governance requirements and may impact compliance and audit.
  • Risk Posture
    • The appetite for risk organizationally, and in pockets, impacts the level of uncertainty you are willing to work within and impact decision-making authority positioning.
  • Size
    • The size of your organization impacts the approach to governance, practice implementation, and delegation of authority.
  • What Is Working Today?
    • Which elements of your current governance approach should be retained, and what are the biggest pain points that need to be addressed?
(Source: COBIT 2019)

1.2.1 Determine the proper scope for your governance

60 minutes

Input: Context information from Activity 1.1, Scoping areas

Output: Defined scope and span of control

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Determine the scope/span of control required for your governance by:
    • Reviewing your key IT capabilities. Identify the ones where the responsibilities and decisions require oversight to ensure they meet the needs of the organization.
    • Identify what works well or poorly in your current governance approach.
    • Discuss and document the level and type of knowledge and business understanding required.
    • Identify and document any regulations, standards, or laws that apply to your organization/industry and how broadly they have to be applied.
    • Identify the organization’s risk appetite, where known, and areas where acceptable thresholds of risk have been defined. Where are key risk and opportunity decisions made? Who owns risk in your organization?
    • Identify and document the perceived role of the IT group in your organization (e.g. support, innovator, partner) and sourcing model (e.g. insource, outsource).
    • Is there sufficient information and data available in your organization to support effective decision making?

How should your governance be structured?

Organizations often have too many governance bodies, creating friction without value. Where that isn’t the case, the bodies are often inefficient, with gaps or overlaps in accountability and authority. Structure your governance to optimize its effectiveness, designing with the intent to have the fewest number of governing bodies to be effective, but no less than is necessary.

Start with your operating model.

  • Understand what’s different about your governance based on whether your organization in centralized, distributed, or a different model (e.g. hybrid, product).
  • Identify and include governance structures that are mandatory due to regulation or industry.
  • Based on your context, identify how many of your governance activities should be performed together.

Determine whether your governance should be controlled or adaptive.

  • Do you have the capability to distribute governance and is your organization empowered enough culturally?
  • Do you have sufficient standards and data to leverage? Do you have the tools and capabilities?
  • Identify governance structures that are required due to regulation or industry.

Info-Tech Insight

Your approach to governance needs to be designed and structured, even if your execution of governance is adaptable and delegated.

Identify and Refine your Principles

Confirm your defining principles based on your selection of controlled or adaptive governance. Create specific principles to clarify boundaries or provide specific guidance for teams within the organization.

Controlled Adaptive
Disentangle governance and management Delegate and empower
Govern toward value Deliver to defined outcomes
Make risk-informed decisions Embed risk into decision making
Measure to drive improvement Trust though real-time reporting
Enforce standards and behavior Automate decision making though established standards

Determining Principle: Delegate and empower.

Specific Principle: Decisions should be made at the lowest reasonable level of the organization with clarity.

Rationale: To govern effectively with the velocity required to address business needs, governance needs to be executed deeper into the organization and organizational goals need to be clearly understood everywhere.

Implication: Decision making needs to be delegated throughout the organization, so information and data requirements need to be identified, decision-making approach and principles need to be shared, and authority needs to be delegated clearly.

1.2.2 Confirm your determining governance principles

30-45 minutes

Input: Governance Framework Model– Governance Principles

Output: Governance workbook - Finalized list of determining principles

Materials: Whiteboard/flip charts, Governance Workbook

Participants: IT senior leadership

  1. Review the IT governance principles in your Governance Workbook.
  2. Within your IT senior leadership team (or IT governance working group) assign one or two principles to teams of two to three participants. Have each team identify what this would mean for your organization. Answering the questions:
    • In what ways do our current governance practices support this?
    • What are some examples of changes that would need to be made to make this a reality?
    • How would applying this principle improve your governance?
  3. Have each team present their results and compile the findings and implications in the Governance Workbook to use for future communication of the change.

Specific governing principles

Specific governing principles are refined principles derived from a determining principle, when additional specificity and detail is necessary. It allows you to define an approach for specific behaviors and activities. Multiple specific principles may underpin the determining one.

A visualization of a staircase with stairs labelled, bottom to top, 'Determining Principle', 'Rationale', 'Implications', 'Specific Principles'.

Specific Principles – Related principles that may be required to ensure the implications of the determining principal are addressed within the organization. They may be specific to individual areas and may be addressed in policies.

Implications – The implications of this principle on the organization, specific to how and where governance is executed and the level of information and authority that would be necessary.

Rationale – The reason(s) driving the determining principle.

Determining Principle – A core overarching principle – a defining aspect of your governance model.

1.2.3 Develop your specific governing principles

30 minutes

Input: Updated determining principles

Output: List of specific principles linked to determining principles

Materials: Whiteboard/flip charts, Governance Workbook

Participants: IT senior leadership

  1. Confirm the determining principles for your governance model based on your previous discussions.
  2. Identify where to apply the principles. This is based on:
    1. Your governance scope (how much is within your span of control)
    2. The amount of data you have available
    3. Your cultural readiness for delegation
  3. Create specific principles to support the determining principles:
    1. Document the rationale driving the determining principles.
    2. Identify the implications.
    3. Create specific principles that will support the success in achieving the goals of each determining principle.
  4. Document all information on the “Governance guiding star” slide in the Governance Workbook.

Download the Governance Workbook

Step 1.3

Adjust for Culture and Finalize Context

Activities
  • 1.3.1 Identify and address the impact of attitude, behavior, and culture
  • 1.3.2 Finalize your context

This step will walk you through the following activities:

Identify your organizational attitude, behavior, and culture related to governance.

Identify positives that can be leveraged and develop means to address negatives.

Finalize the context that your model will leverage and align to.

This step involves the following participants:

  • Senior IT leadership
  • Governance leads

Outcomes of this step

Downloaded tool ready to select the base governance model for your organization

Identify Your Governance Needs

Step 1.1 – Define your Guiding Star Step 1.2 – Define Scope and Principles Step 1.3 – Adjust for Culture and Finalize Context

Understanding attitude, behavior, and culture

A

ttitude

What people think and feel. It can be seen in their demeanor and how they react to change initiatives, colleagues, and users. This manifests in the belief that governance is a constraint that needs to be avoided or ignored – often with unintended consequences.

A stock photo of a lightbulb over a person's head and a blackboard behind them reading 'New Mindset - data-verified= New Results'.">

Any form of organizational change involves adjusting people’s attitudes to create buy-in and commitment.

You need to identify and address attitudes that can lead to negative behaviors and actions or that are counter-productive.

Understanding attitude, behavior, and culture

B

ehavior

What people do. This is influenced by attitude and the culture of the organization. In governance, this manifests as people’s willingness to be governed, who pushes back, and who tries to bypass it.

A stock photo of someone walking up a set of stairs into the distant sunlight.

To implement change within IT, especially at a tactical and strategic level, organizational behavior needs to change.

This is relevant because people gravitate toward stability and will resist change in an active or passive way unless you can sell the need, value, and benefit of changing their behavior and way of working.

Understanding attitude, behavior, and culture

C

ulture

The accepted and understood ways of working in an organization. The values and standards that people find normal and what would be tacitly identified to new resources. In governance terms, this is how decisions are really made and where responsibility really exists rather than what is identified formally.

A stock photo of a compass pointing to 'VALUES'.

The impact of the organizational or corporate “attitude” on employee behavior and attitude is often not fully understood.

Culture is an invisible element, which makes it difficult to identify, but it has a strong impact and must be addressed to successfully embed governance models. In the case of automating governance, cultural readiness for automation is a critical success factor.

1.3.1 Identify and address the impact of attitude, behavior, and culture

45 minutes

Input: Senior leadership knowledge

Output: Updated Governance Workbook

Materials: Governance Workbook

Participants: IT senior leadership

  1. Break into three groups. Each group will discuss and document the positive and negative aspects of one of attitude, behavior, or culture related to governance in your organization.
  2. Each group will present and explain their list to the group.
  3. Add any additional suggestions in each area that are identified by the other groups.
  4. Identify the positive elements of attitude, behavior, and culture that would help with changing or implementing your updated governance model.
  5. Identify any challenges that will need to be addressed for the change to be successful.
  6. As a group, brainstorm some mitigations or solutions to these challenges. Document them in the Governance Workbook to be incorporated into the implementation plan.

Download the Governance Workbook

Attitude, behavior, and culture

Evaluate the organization across the three contexts. The positive items represent opportunities for leveraging these characteristics with the implementation of the governance model, while the negative items must be considered and/or mitigated.

Attitude Behavior Culture
Positive
Negative
Mitigation

1.3.2 Finalize your governance context

30 minutes

Input: Documented governance principles and scope from previous exercises

Output: Finalized governance context in the Governance Workbook

Materials: Whiteboard/flip charts, Governance Workbook

Participants: IT senior leadership

  1. Use the information that has been gathered throughout this section to update and finalize your IT governance context.
  2. Document it in your Governance Workbook.

Download the Governance Workbook

Make Your IT Governance Adaptable

Phase 2

Select and Refine Your Governance Model

Phase 1

  • 1.1 Define Your Guiding Star
  • 1.2 Define Scope and Principles
  • 1.3 Adjust for Culture and Finalize Context

Phase 2

  • 2.1 Choose and Adapt Your Model
  • 2.2. Identify and Document Your Governance Triggers
  • 2.3 Build Your Implementation Approach

Phase 3

  • 3.1 Identify Decisions to Embed and Automate
  • 3.2 Plan Validation and Verification
  • 3.3 Update Implementation Plan

This phase will walk you through the following activities:

Select a base governance model and refine it to suit your organization.

Identify scenarios and changes that will trigger updates to your governance model.

Build your implementation plan.

This phase involves the following participants:

  • Senior IT leadership
  • Governance resources

Step 2.1

Choose and Adapt Your Model

Activities
  • 2.1.1 Choose your base governance model
  • 2.1.2 Confirm and adjust the structure of your model
  • 2.1.3 Define the governance responsibilities
  • 2.1.4 Validate the governance mandates and membership
  • 2.1.5 Update your committee processes
  • 2.1.6 Adjust your associated policies
  • 2.1.7 Adjust and confirm your governance model

This step will walk you through the following activities:

Review and selecting your base governance model.

Adjust the structure, responsibilities, policies, mandate, and membership to best support your organization.

This step involves the following participants:

  • Senior IT leadership
  • Governance leads

Outcomes of this step

Downloaded tool ready to select the base governance model for your organization

Select and Refine Your Governance Model

Step 2.1 – Choose and Adapt Your Model Step 2.2 – Identify and Document Your Governance Triggers Step 2.3 – Build Implementation Approach

Your governance framework has six key components

GOVERNANCE FRAMEWORK

  • GUIDELINES
    The key behavioral factors that ground your governance framework
  • MEMBERSHIP
    Formalization of who has authority and accountability to make specific governance decisions
  • RESPONSIBILITIES
    The definition of which decisions and outcomes your governance structure and each governance body is accountable for
  • STRUCTURE
    Which governance bodies and roles are in place to articulate where decisions are made in the organization
  • PROCESS
    Identification of the how your governance will be executed, how decisions are made, and the inputs, outputs, and connections to related processes
  • POLICY
    Set of principles established to address risk and drive expected and required behavior

4 layers of governance bodies

There are traditionally 4 layers of governance in an enterprise, and organizations have governing bodies or individuals at each level

RESPONSIBILITIES AND TYPICAL MEMBERSHIP
ENTERPRISE Defines organizational goals. Directs or regulates the performance and behavior of the enterprise, ensuring it has the structure and capabilities to achieve its goals.

Membership: Business executives, Board

STRATEGIC Ensures IT initiatives, products, and services are aligned to organizational goals and strategy and provide expected value. Ensure adherence to key principles.

Membership: Business executives, CIO, CDO

TACTICAL Ensures key activities and planning are in place to execute strategic initiatives.

Membership: Authorized division leadership, related IT leadership

OPERATIONAL Ensures effective execution of day-to-day functions and practices to meet their key objectives.

Membership: Service/product owners, process owners, architecture leadership, directors, managers

2.1.1 Choose your base governance model

30 minutes

Input: Governance models templates

Output: Selected governance model

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Download Info-Tech’s base governance models (Controlled Governance Models Template and IT Governance Program Overview) and review them to find a template that most closely matches your context from Phase 1. You can start with a centralized, decentralized, or product/service hybrid IT organization. Remove unneeded models.
  2. If you do not have documented governance today, start with a controlled model as your foundation. Continue working through this phase if you have a documented governance framework you wish to optimize using our best practices or move to Phase 3 if you are looking to automate or embed your governance activities.

Controlled Governance Models Template

Adaptive Governance Models Template

2.1.2 Confirm and adjust the structure of your model

30-45 minutes

Input: Selected base governance model, Governance context/scope

Output: Updated governance bodies and relationships

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Validate your selected governance body structural model.
    • Are there any governing bodies you must maintain that should replace the ones listed? In part or in full?
    • Are there any missing bodies? Look at alternative committees for examples.
    • Document the adjustments.
  2. Are there any governing bodies that are not required?
    • Based on your size and needs, can they be done within one committee?
    • Is the capability or data not in place to perform the work?
    • Document the required changes.

There are five key areas of governance responsibility

A cyclical visualization of the five keys areas of governance responsibility, 'Strategic Alignment', 'Value Delivery', 'Risk Management', 'Resource Management', and 'Performance Measurement'.

STRATEGIC ALIGNMENT
Ensures that technology investments and portfolios are aligned with the organization’s needs.

VALUE DELIVERY
Reviews the outcomes of technology investments and portfolios to ensure benefits realization.

RISK MANAGEMENT
Defines and owns the risk thresholds and register to ensure that decisions made are in line with the posture of the organization.

RESOURCE MANAGEMENT
Ensures that people, financial knowledge, and technology resources are appropriately allocated across the organization.

PERFORMANCE MEASUREMENT
Monitors and directs the performance or technology investments to determine corrective actions and understand successes.

2.1.3 Define the governance responsibilities

Ensure you have the right responsibilities in the right place

45-60 minutes

Input: Selected governance base model, Governance context

Output: Updated responsibilities and activities, Updated activities for selected governance bodies, New or removed governing bodies

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Based on your context and model, review the responsibilities identified for each committee and confirm that they align with the mandate and the stated outcome.
  2. Identify and highlight any responsibilities and activities that would not be involved in informing and enabling the mandate of the committee.
  3. Adjust the wording of confirmed responsibilities and activities to reflect your organizational language.
  4. Review each highlighted “bad fit” activity and move it to a committee whose mandate it would support or remove it if it’s not performed in your organization.
  5. If an additional committee is required, define the mandate and scope, then include any additional responsibilities that might have been a bad fit elsewhere

2.1.4 Validate the governance mandates and membership

30 minutes

Input: Selected governance base model, Updated structure and responsibilities

Output: Adjusted mandates and refined committee membership

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Review the mandate and membership slides in your selected governance model.
  2. Adjust the mandate to ensure that it aligns to and conveys:
    1. The outcome that the committee is meant to generate for the organization.
    2. Its scope/span of control.
  3. Discuss the type of information members would require for the committee to be successful in achieving its mandate.
  4. Document the member knowledge requirement in the mandate slide of the model template.

Determine the right membership for your governance

One of the biggest benefits of governance committees is the perspective provided by people from various parts of the organization, which helps to ensure technology investments are aligned with strategic goals. However, having too many people – or the wrong people – involved prevents the committee from being effective. Avoid this by following these principles.

Three principles for selecting committee membership

  1. Determine membership based on responsibilities and required knowledge.
    Organizations often make the mistake of creating committees and selecting members before defining what they will do. This results in poor governance because members don’t have the knowledge required to make decisions. Define the mandate of the committee to determine which members are the right fit.
  2. Ensure members are accountable and authorized to make the decisions.
    Effective governance requires the members to have the authority and accountability to make decisions. This ensures meetings achieve their outcome and produce value, which improves the committee’s chances of survival.
  3. Select leaders who see the big picture.
    Often committee decisions and responsibilities become tangled in the web of organizational politics. Include people, often C-level, whose attendance is critical and who have the requisite knowledge, mindset, and understanding to put business needs ahead of their own.

2.1.5 Update your committee processes

20 minutes

Input: Selected governance base model, Updated structure and responsibilities

Output: Updated committee processes

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Review the committee details based on the changes you have made in goals, mandate, and responsibilities.
  2. Identify and document changes required to the committee outputs (outcomes) and adjust the consumer of the outputs to match.
  3. Review the high-level process steps required to get to the modified output. Add required activities or remove unnecessary ones. Review the process flow. Does it make sense? Are there unnecessary steps?
  4. Review and update inputs required for the process steps and update the information/data sources.
  5. Adjust the detailed process steps to reflect the work that needs to be done to support each high-level process step that changed.

2.1.6 Adjust your associated policies

20 minutes

Input: Selected governance base model, Updated structure and responsibilities

Output: Adjusted mandates and refined committee membership

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Review the policies associated with the governing bodies in your base model. Identify the policies that apply to your organization, those that are missing, and those that are not necessary.
  2. Confirm the policies that you require.
  3. Make sure the policies and policy purposes (or risks and related behaviors the policy addresses) are matched to the governance committee that has responsibilities in that area. Move policies to the right committee.

2.1.7 Adjust and confirm your governance model

  1. Confirm the adjustment of governance bodies, structure, and input/output linkages.
  2. Confirm revisions to decisions and responsibilities.
  3. Confirm policy and regulation/standards associations.
  4. Select related governance committee charters from the provided set and revise the charters to reflect the elements defined in your updated model.
  5. Finalize your governance model.

Samples of slides related to adjusting and confirming governance models in the Governance Workbook.

Step 2.2

Identify and Document Your Governance Triggers

Activities
  • 2.2.1 Identify and document update triggers
  • 2.2.2 Embed triggers into the review cycle

This step will walk you through the following activities:

Identify scenarios that will create a need to review or change your governance model.

Update your review/update approach to receiving trigger notifications.

This step involves the following participants:

  • Senior IT leadership
  • Governance leads

Outcomes of this step

Downloaded tool ready to select the base governance model for your organization

Select and Refine Your Governance Model

Step 2.1 – Choose and Adapt Your Model Step 2.2 – Identify and Document Your Governance Triggers Step 2.3 – Build Implementation Approach

What are governance triggers

Governance triggers are organizational or environmental changes within or around an organization that are inflection points that start the review and revision of governance models to maintain their fit with the organization. This is the key to adaptive governance design.

A target with five arrows sticking out of the bullseye, 'Operating Model', 'Business Strategy', 'Mandate Change', 'Management Practices', and 'Digital Transformation'.

2.2.1 Identify and document update triggers

30 minutes

Input: Governance Workbook

Output: Updated workbook with defined and documented governance triggers, points of origin, and integration

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Open the Governance Workbook to the “Triggers” slides.
  2. Review the list of governance triggers. Retain the ones that apply to your organization, remove those you feel are unnecessary, and add any change scenarios you feel should be included.
  3. Identify where you would receive notifications of these changes and the related processes or activities that would generate these notifications, if applicable.
  4. Document any points of integration required between governance processes and the source process. Highlight any where the integration is not currently in place.

Sample of the 'Triggers' slide in the Governance Workbook.

2.2.2 Embed triggers into the review cycle

30 minutes

Input: Governance model

Output: Review cycle update

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. Identify which triggers impact the entire governance model and which impact specific committees.
  2. Add an activity for triggered review of the impacted governance model into your governance committee process.

Step 2.3

Build Your Implementation Approach

Activities
  • 2.3.1 Identify and document your implementation plan
  • 2.3.2 Build your roadmap
  • 2.3.3 Build your sunshine diagram

This step will walk you through the following activities:

Transfer changes to the Governance Implementation Plan Template.

Determine the timing for the implementation phases.

This step involves the following participants:

  • Senior IT leadership
  • Governance process owner

Outcomes of this step

Implementation plan for adaptive governance framework model

Select and Refine Your Governance Model
Step 2.1 – Choose and Adapt Your Model Step 2.2 – Identify and Document Your Governance Triggers Step 2.3 – Build Implementation Approach

2.3.1 Identify and document your implementation plan

60 minutes

Input: Governance model, Guiding principles, Update triggers, Cultural factors and mitigations

Output: Implementation roadmap

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. As a group, discuss the changes required to implement the governance model, the cultural items that need to be addressed, and the anticipated timing.
  2. Document the implementation activities and consolidate them into groupings/themes based on similarities or shared outcomes.
  3. Name the grouped themes for clarity and identify key dependencies between activities in each area and across themes.
  4. Identify and document your approach (e.g. continuous, phased) and high-level timeline for implementation.
  5. Document the themes and initiatives in the Governance Implementation Plan.

Download the Governance Implementation Plan

Illustrate the implementation plan using roadmaps

Info-Tech recommends two different methods to roadmap the initiatives in your Governance Implementation Plan.

Gantt Chart
Sample of a Gantt Chart.

This type of roadmap depicts themes, related initiatives, the associated goals, and exact start and end dates for each initiative. This diagram is useful for outlining a larger number of activities and initiatives and has an easily digestible and repeatable format.

Sunshine Diagram
Sample of a Sunshine Diagram.

This type of roadmap depicts themes and their associated initiatives. The start and end dates for the initiatives are approximated based on years or phases. This diagram is useful for highlighting key initiatives on one page.

2.3.2 Build your roadmap

30 minutes

Input: Governance themes and initiatives

Output: roadmap visual

Materials: Governance Roadmap Workbook, Governance Workbook

Participants: CIO, IT senior leadership

  1. Open the Governance Implementation Plan and review themes and initiatives.
  2. Open the Governance Roadmap Workbook.
  3. Discuss whether the implementation roadmap should be developed as a Gantt chart, a sunshine diagram, or both.
    For the Gantt chart:
    • Input the roadmap start year and date.
    • Change the months and year in the Gantt chart to reflect the same roadmap start year.
    • Input and populate the planned start and end dates for the list of high-priority initiatives.

Develop your Gantt chart in the Governance Roadmap Workbook

2.3.3 Build your sunshine diagram

30 minutes

Input: Governance themes and initiatives

Output: Sunshine diagram visual

Materials: Whiteboard/flip charts, Markers, Governance Implementation Plan

Participants: CIO, IT senior leadership

  1. Review your list of themes and initiatives.
  2. Build a model with “rays” radiating out from a central theme or objective.
  3. Using curved arcs, break the grid into timeline periods or phases.
  4. Complete your sunshine diagram in the Governance Implementation Plan.

Customize your sunshine diagram in the Governance Implementation Plan

Make Your IT Governance Adaptable

Phase 3

Embed and Automate

Phase 1

  • 1.1 Define Your Guiding Star
  • 1.2 Define Scope and Principles
  • 1.3 Adjust for Culture and Finalize Context

Phase 2

  • 2.1 Choose and Adapt Your Model
  • 2.2. Identify and Document Your Governance Triggers
  • 2.3 Build Your Implementation Approach

Phase 3

  • 3.1 Identify Decisions to Embed and Automate
  • 3.2 Plan Validation and Verification
  • 3.3 Update Implementation Plan

This phase will walk you through the following activities:

Identify which decisions you are ready to automate.

Identify standards and policies that can be embedded and automated.

Identify integration points.

Confirm data requirements to enable success.

This phase involves the following participants:

  • IT senior leadership
  • Governance process owner
  • Product and service owners
  • Policy owners

Step 3.1

Identify Decisions to Embed and Automate

Activities
  • 3.1.1 Review governance decisions and standards and the required level of authority
  • 3.1.2 Build your decision logic
  • 3.1.3 identify constraints and mitigation approaches
  • 3.1.4 Develop decision rules and principles

This step will walk you through the following activities:

Identify your key decisions.

Develop your decision logic.

Confirm decisions that could be automated.

Identify and address constraints.

Develop decision rules and principles.

This step involves the following participants:

  • IT senior leadership

Outcomes of this step

Developed decision rules, rulesets, and principles that can be leveraged to automate governance

Defined integration points

Embed and Automate

Step 3.1 – Identify Decisions to Embed and Automate Step 3.2 – Plan Validation and Verification Step 3.3 – Update Implementation Plan

What is decision automation?

Decision automation is the codifying of rules that connect the logic of how decisions are made with the data required to make those decisions. This is then embedded and automated into processes and the design of products and services.

  • It is well suited to governance where the same types of decisions are made on a recurring basis, using the same set of data. It requires clean, high-quality data to be effective.
  • Improvements in artificial intelligence (AI) and machine learning (ML) have allowed the creation of scenarios where a hybrid of rules and learning can improve decision outcomes.

Key Considerations

  • Data Availability
  • Legality
  • Contingencies
  • Decision Transparency
  • Data Quality
  • Auditability

How complexity impacts decisions

Decision complexity impacts the type of rule(s) you create and the amount of data required. It also helps define where or if decisions can be automated.

  1. SIMPLE
    Known and repeatable with consistent and familiar outcomes – structured, causal, and easy to standardize and automate.
  2. COMPLICATED
    Less known and outcomes are not consistently repeatable. Expertise can drive standards and guidelines that can be used to automate decisions.
  3. COMPLEX
    Unknown and new, highly uncertain in terms of outcomes, impact, and data. Requires more exploration and data. Difficult to automate but can be built into the design of products and services.
  4. CHAOTIC
    Unstructured and unknown situation. Requires adaptive and immediate action without active data – requires retained human governance
  5. (Based on Dave Snowden’s Cynefin framework)

Governance Automation Criteria Checklist

The Governance Automation Criteria Checklist provides a view of key considerations for determining whether a governing activity or decision is a good candidate for automation.

The criteria identify key qualifiers/disqualifiers to make it easier to identify eligibility.

Sample of the Governance Automation Criteria Checklist.

Download the Governance Automation Criteria Checklist

Governance Automation Worksheet

Sample of the Governance Automation Worksheet.

The Governance Automation Worksheet provides a way to document your governance and systematically identify information about the decisions to help determine if automation is possible.

From there, decision rules, logic, and rulesets can be designed in support of building a structure flow to allow for automation.

Download the Governance Automation Worksheet

3.1.1 Review governance decisions and standards and the required level of authority

30 minutes

Input: Automation Criteria Checklist, Governance Automation Worksheet, Updated governance model

Output: Documented decisions and related authority, Selected options for automation, Updated Governance Automation Worksheet

Materials: Whiteboard/flip charts, Governance Automation Worksheet

Participants: IT senior leadership

  1. Identify the decisions that are made within each committee in your updated governance model and document them in the Governance Automation Worksheet.
  2. Confirm the level of authority required to make each decision.
  3. Review the automation checklist to confirm whether each decision is positioned well for automation.
  4. Select and document the decisions that are the strongest options for automation/embedding and document them in the Governance Automation Worksheet.

What are decision rules?

Decision rules provide specific instructions and constraints that must be considered in making decisions and are critical for automating governance.

They provide the logical path to assess governance inputs to make effective decisions with positive business outputs.

Inputs would include key information such as known risks, your defined prioritization matrix, portfolio value scoring, and compliance controls.

Individual rules can be leveraged in different places.

Some decision rule types are listed here.

  1. Statement Rules
    Natural expression of logical progression, written through logical elements
  2. Decision Tree Rules
    Decision tree with two axes that overlap to generate a decision
  3. Sequential Rules
    A sequence of decisions that move from one step to the next
  4. Expression Rule
    A particular set of rules triggered by a particular rule condition being met
  5. Truth table rules
    Combines many decision factors into one place; produces different outputs

What are decision rulesets

Rulesets are created to make complex decisions. Individual rule types are combined to create rulesets that are applied together to generate effective decisions. One rule will provide contextual information required for additional rules to execute in a Rule-Result-Rule-Result-Rule-Decision flow.

A visualization of two separate rulesets made up of the decision rules on the previous slide. 'Ruleset 1' contains '1) Statement Rules', '2) Decision Tree Rules', and 5) Truth Table Rules'. 'Ruleset 2' contains '3) Sequential Rules' and '4) Expression Rule'.

3.1.2 Build your decision logic

30 minutes

Input: Governance Automation Worksheet

Output: Documented decision logic to support selected decision types and data requirements

Materials: Whiteboard/flip charts

Participants: IT senior leadership

  1. For each selected decision, identify the principles that drive the considerations around the decision.
  2. For each decision, develop the decision logic by defining the steps and information inputs involved in making the decision and documenting the flow from beginning to end.
  3. Determine whether this is one specific decision or a combination of different decisions (in sequence or based on decisions).
  4. Name your decision rule.

Sample of the Governance Automation Worksheet.

3.1.3 Identify constraints and mitigation approaches

60 minutes
  1. Document constraints to automation of decisions related to:
    • Availability of decision automation tools
    • Decision authority change requirements
    • Data constraints
    • Knowledge requirements
    • Process adjustment requirements
    • Product/service design levels
  2. Brainstorm and identify approaches to mitigate constraints and score based on likelihood of success.
  3. Identify mitigation owners and initial timeline expectations.
  4. Document the constraints and mitigations in the Governance Workbook on the constraints and mitigations slide.

Sample of the 'Constraints and mitigations' slide of the 'Governance Workbook'.

3.1.4 Develop decision rules and principles

1.5-2 hours

Input: Governance Automation Worksheet

Output: Defined decision integration points, Confirmed data availability sets, Decision rules, rulesets, and principles with control indicators

Materials: Whiteboard/flip charts, Governance Automation Worksheet

Participants: IT senior leadership

  1. Review the decision logic for those decisions that you have confirmed for automation. Identify the processes where the decision should be executed.
  2. Associate each decision with specific process steps or stages or how it would be included in software/product design.
  3. For each selected decision, identify the availability of data required to support the decision logic and the level of complexity and apply governing principles.
  4. Create the decision rules and identify data gaps.
  5. Define the decision flow and create rulesets as needed.
  6. Confirm automation requirements and define control indicators.

Step 3.2

Plan Validation and Verification

Activities
  • 3.2.1 Define verification approach for embedded and automated governance
  • 3.2.2 Define validation approach for embedded and automated governance

This step will walk you through the following activities:

Define how decision outcomes will be measured.

Determine how the effectiveness of automated governance will be reported.

This step involves the following participants:

  • IT senior leadership

Outcomes of this step

Tested and verified automation of decisions

Embed and Automate

Step 3.1 – Identify Decisions to Embed and Automate Step 3.2 – Plan Validation and Verification Step 3.3 – Update Implementation Plan

Decision rule relationship through to verification

1. Rules

Focus on clear decision logic

Often represented in simple statement types and supported by data:

IF – THEN

IF – AND – THEN

IF – AND NOT – THEN

2. Rulesets

Aggregate rules for more complex decisions

Integrated flows between different required rules:
Rule 1:
(Output 1) – Rule 2
(Output 2) – Rule 6
Rule 6: (Output 1) – Rule 7
3. Rule Attestation

Verify success of automated decisions

Attestation of embedded and automated rules with key control indicators embedded within process and products.

Principles embedded into automated software controls.

3.2.1 Define verification approach for embedded and automated governance

60 minutes

Input: Governance rules and rulesets as defined in the Governance Automation Worksheet, Defined decision outcomes

Output: A defined measurement of effective decision outcomes, Approach to automate and/or report the effectiveness of automated governance

Materials: Whiteboard/flip charts

Participants: IT senior leadership

Verify

  1. Confirm expected outcome of rules.
  2. Select a sampling of new required decisions or recently performed decisions related to areas of automation.
  3. Run the decisions through the decision rules or rule groupings that were developed and compare to parallel decisions made using the traditional approach. (These must be segregated activities.)
  4. Review the outcome of the rules and adjust based on the output. Identify areas of adjustment. Confirm that the automation meets your requirements.

3.2.2 Define validation approach for embedded and automated governance

60 minutes

Input: Governance rules and rulesets as defined in the Governance Automation Worksheet, Defined decision outcomes

Output: Defined assurance and attestation requirements, Key control indicators that can be automated

Materials: Whiteboard/flip charts

Participants: IT senior leadership

Validate

  1. Develop an approach to measure automated decisions. Align success criteria to current governance KPIs and metrics.
  2. If no such metrics exist, define expected outcome. Define key risk indicators based on the expected points of automation.
  3. Establish quality assurance checkpoints within the delivery lifecycles to adjust for variance.
  4. Create triggers back to rule owners to drive changes and improvements to rules and rule groupings.

Step 3.3

Update Implementation Plan

Activities
  • 3.3.1 Finalize the implementation plan

This step will walk you through the following activities:

Review implications and mitigations to make sure all have been considered.

Finalize the implementation plan and roadmap.

This step involves the following participants:

  • Senior IT leadership

Outcomes of this step

Completed Governance implementation plan and roadmap

Embed and Automate

Step 3.1 – Identify Decisions to Embed and Automate Step 3.2 – Plan Validation and Verification Step 3.3 – Update Implementation Plan

3.3.1 Finalize the implementation plan

30 minutes

Input: Governance workbook, Updated governance model, Draft implementation plan and roadmap

Output: Finalized implementation plan and roadmap

Materials: Whiteboard/flip charts, Governance Implementation Plan

Participants: IT senior leadership

  1. Document automation activities within phases in a governance automation theme in the Governance Implementation Plan.
  2. Review timelines in the implementation plan and where automation fits within the roadmap.
  3. Updated the implementation plan and roadmap.

Governance Implementation Plan

Summary of Accomplishment

Problem Solved

Through this project we have:

  • Improved your governance model to ensure a better fit for your organization, while creating adaptivity for the future.
  • Ensured your governance operates as an enabler of success with the proper bodies and levels of authority established.
  • Established triggers to ensure your governance model is actively adjusted to maintain its fit.
  • Developed a plan to embed and automate governance.
  • Created decision rules and principles and identified where to embed them within your practices.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Photo of Valence Howden.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

Related Info-Tech Research

Improve IT Governance to Drive Business Results

Avoid bureaucracy and achieve alignment with a minimalist approach. Align with your organizational context.

Establish Data Governance

Establish data trust and accountability with strong governance.

Maximize Business Value From IT Through Benefits Realization

Embed value and alignment confirmation into your governance to ensure you optimize IT value achievement for resource spend.

Build a Better Product Owner

Strengthen the product/service owner role in your organization by focusing on core capabilities and proper alignment.

Research contributors and experts

Photo of Sidney Hodgson, Senior Director, Industry, Info-Tech Research Group. Sidney Hodgson
Senior Director, Industry
Info-Tech Research Group
  • Sidney has over 30 years of experience in IT leadership roles as CIO of three organizations in Canada and the US as well as international consulting experience in the US and Asia.
  • Sid has a breadth of knowledge in IT governance, project management, strategic and operational planning, enterprise architecture, business process re-engineering, IT cost reduction, and IT turnaround management.
Photo of David Tomljenovic, Principal Research Advisor, Industry, Info-Tech Research Group. David Tomljenovic
Principal Research Advisor, Industry
Info-Tech Research Group
  • David brings extensive experience from the Financial Services sector, having worked 25 years on Bay Street. Most recently he was a Corporate Finance and Strategy Advisor for Infiniti Labs (Toronto/Hong Kong), Automotive, and Smart City Accelerator, where he provided financial and mergers & acquisitions advisory services to accelerator participants with a focus on early-stage fundraising activities.

Research contributors and experts

Photo of Cole Cioran, Practice Lead, Applications and Agile Development, Info-Tech Research Group. Cole Cioran
Practice Lead, Applications and Agile Development
Info-Tech Research Group
  • Over the past 25 years, Cole has developed software; designed data, infrastructure, and software solutions; defined systems and enterprise architectures; delivered enterprise-wide programs; and managed software development, infrastructure, and business systems analysis practices.
Photo of Crystal Singh, Research Director, Applications – Data and Information Management, Info-Tech Research Group. Crystal Singh
Research Director, Applications – Data and Information Management
Info-Tech Research Group
  • Crystal brings a diverse and global perspective to her role, drawing from her professional experiences in various industries and locations. Prior to joining Info-Tech, Crystal led the Enterprise Data Services function at Rogers Communications, one of Canada’s leading telecommunications companies.

Research contributors and experts

Photo of Carlene McCubbin, Practice Lead, CIO, Info-Tech Research Group. Carlene McCubbin
Practice Lead, CIO
Info-Tech Research Group
  • Carlene covers key topics in organization and leadership and specializes in governance, organizational design, relationship management, and human capital development. She led the development of Info-Tech’s Organization and Leadership practice.
Photo of Denis Goulet, Senior Workshop Director, Info-Tech Research Group. Denis Goulet
Senior Workshop Director
Info-Tech Research Group
  • Denis is a transformational leader and experienced strategist who focuses on helping clients communicate, relate, and adapt for success. Having developed Governance Model and IT strategies in organizations ranging from small to billion-dollar multi-nationals, he firmly believes in a collaborative value-driven approach to work.

Bibliography

“2020 State of Data Governance and Automation Report.” Erwin.com, 28 Jan. 2020. Web.

“Adaptive IT Governance.” Google search, 15 Nov. 2020.

“Adaptive IT Governance Framework.” CIO Index, 3 Nov. 2011. Accessed 15 Nov. 2020.

“Agile Governance Made Easy.” Agilist, n.d. Accessed 15 Nov. 2020.

“Automating Governance — Our Work.” Humanising Machine Intelligence, n.d. Accessed 15 Nov. 2020.

“Automation – Decisions.” IBM, 2020. Accessed 15 Oct. 2020.

Chang, Charlotte. “Accelerating Agile through effective governance.” Medium, 22 Sept. 2020. Web.

“COBIT 5: Enabling Processes.” ISACA, 2012. Web. Oct. 2016.

COBIT 2019. ISACA, Dec. 2018. Web.

Curtis, Blake. “The Value of IT Governance.” ISACA, 29 June 2020. Accessed 15 Nov. 2020.

De Smet, Aaron. “Three Keys to Faster, Better Decisions.” McKinsey & Company, 1 May 2019. Accessed 15 Nov. 2020.

“Decision Rules and Decision Analysis.” Navex Global, 2020. Web.

“Decisions Automation with Business Rules Management Solution.” Sumerge, 4 Feb. 2020. Accessed 15 Nov. 2020.

“DevGovOps – Key factors for IT governance for enterprises in a DevOps world.” Capgemini, 27 Sept. 2019. Web.

Eisenstein, Lena. “IT Governance Checklist.” BoardEffect, 19 Feb. 2020. Accessed 15 Nov. 2020.

“Establishing Effective IT and Data Governance.” Chartered Professional Accountants Canada, n.d. Accessed 15 Nov. 2020.

Gandzeichuk, Ilya. “Augmented Analytics: From Decision Support To Intelligent Decision-Making.” Forbes, 8 Jan. 2020. Accessed 15 Nov. 2020.

Georgescu, Vlad. “What Is IT Governance? Understanding From First Principles.” Plutora, 18 Oct. 2019. Web.

Goodwin, Bill. “IT Governance in the Era of Shadow IT.” ComputerWeekly, 5 Aug. 2014. Accessed 15 Nov. 2020.

“Governance of IT, OT and IOT.” ISACA Journal, 2019. Web.

Gritsenko, Daria, and Matthew Wood. “Algorithmic Governance: A Modes of Governance Approach.” Regulation & Governance, 10 Nov. 2020. Web.

Hansert, Philipp. “Adaptive IT Governance with Clausmark’s Bee4IT.” Bee360, 25 Oct. 2019. Accessed 15 Nov. 2020.

Havelock, Kylie. “What Does Good Product Governance Look Like?” Medium. 8 Jan. 2020. Web.

Haven, Dolf van der. “Governance of IT with ISO 38500 - A More Detailed View” LinkedIn article, 24 Oct. 2016. Accessed 15 Nov. 2020.

Hong, Sounman, and Sanghyun Lee. “Adaptive Governance and Decentralization: Evidence from Regulation of the Sharing Economy in Multi-Level Governance.” Government Information Quarterly, vol. 35, no. 2, April 2018, pp. 299–305. Web.

ISACA. “Monthly Seminar & Networking Dinner: CIO Dashboard.” Cvent, Feb. 2012. Accessed 15 Nov. 2020.

ISO/IEC 38500, ISO, 2018 and ongoing.

“IT Governance.” Kenway Consulting, n.d. Accessed 15 Nov. 2020.

“IT Governance in the Age of COVID 19.” Union of Arab Banks Webinar, 19-21 Oct. 2020. Accessed 15 Nov. 2020.

Jaffe, Dennis T. “Introducing the Seven Pillars of Governance.” Triple Pundit, 15 Nov. 2011. Accessed 15 Nov. 2020.

Janssen, Marijn, and Haiko van der Voort. “Agile and Adaptive Governance in Crisis Response: Lessons from the COVID-19 Pandemic.” International Journal of Information Management, vol. 55, December 2020. Web.

Jodya, Tiffany. “Automating Enterprise Governance within Delivery Pipelines.” Harness.io, 14 May 2020. Web.

Kumar, Sarvesh. “AI-Based Decision-Making Automation.” Singular Intelligence, 17 June 2019. Web.

“Lean IT Governance.” Disciplined Agile, n.d. Accessed 15 Nov. 2020.

Lerner, Mark. “Government Tech Projects Fail by Default. It Doesn’t Have to Be This Way.” Belfer Center for Science and International Affairs, 21 Oct. 2020. Accessed 15 Nov. 2020.

Levstek, Aleš, Tomaž Hovelja, and Andreja Pucihar. “IT Governance Mechanisms and Contingency Factors: Towards an Adaptive IT Governance Model.” Organizacija, vol. 51, no. 4, Nov. 2018. Web.

Maccani, Giovanni, et al. “An Emerging Typology of IT Governance Structural Mechanisms in Smart Cities.” Government Information Quarterly, vol. 37, no. 4, Oct. 2020. Web.

Magowan, Kirstie. “IT Governance vs IT Management: Mastering the Differences.” BMC Blogs, 18 May 2020. Accessed 15 Nov. 2020.

Mazmanian, Adam. “Is It Time to Rethink IT Governance? ” Washington Technology, 26 Oct. 2020. Accessed 15 Nov. 2020.

Mukherjee, Jayanto. “6 Components of an Automation (DevOps) Governance Model.” Sogeti, n.d. Accessed 15 Nov. 2020.

Ng, Cindy. “The Difference Between Data Governance and IT Governance.” Inside Out Security, updated 17 June 2020. Web.

Pearson, Garry. “Agile or Adaptive Governance Required?” Taking Care of the Present (blog), 30 Oct. 2020. Accessed 15 Nov. 2020.

Peregrine, Michael, et al. “The Long-Term Impact of the Pandemic on Corporate Governance.” Harvard Law School Forum on Corporate Governance, 16 July 2020. Web.

Raymond, Louis, et al. “Determinants and Outcomes of IT Governance in Manufacturing SMEs: A Strategic IT Management Perspective.” International Journal of Accounting Information Systems, vol. 35, December 2019. Web.

Rentrop, Christopher. “Adaptive IT Governance – Foundation of a Successful Digitalization.” Business IT Cooperation Coordination Controlling (blog). May 2, 2018. Web.

Schultz, Lisen, et al. “Adaptive Governance, Ecosystem Management, and Natural Capital.” Proceedings of the National Academy of Sciences, vol. 112, no. 24, 2015, pp. 7369–74. Web.

Selig, Gad J. Implementing IT Governance: A Practical Guide to Global Best Practices in IT Management. Van Haren Publishing, 2008. Accessed 15 Nov. 2020.

Sharma, Chiatan. “Rule Governance for Enterprise-Wide Adoption of Business Rules: Why Does a BRMS Implementation Need a Governance Framework?” Business Rules Journal, vol. 13, no. 4, April 2012. Accessed 15 Nov. 2020.

Smallwood, Robert. “Information Governance, IT Governance, Data Governance – What’s the Difference?” The Data Administration Newsletter, 3 June 2020. Accessed 15 Nov. 2020.

Snowden, Dave. "Cynefin – weaving sense-making into the fabric of our world", Cognitive Edge, 20 October 2020.

“The Place of IT Governance in the Enterprise Governance.” Institut de la Gouvernance des Systemes d’Information, 2005. Accessed 15 Nov. 2020.

Thomas, Mark. “Demystifying IT Governance Roles in a Dynamic Business Environment.” APMG International, 29 Oct. 2020. Webinar. Accessed 15 Nov. 2020.

“The Four Pillars of Governance Best Practice.” The Institute of Directors in New Zealand, 4 Nov. 2019. Web.

Wang, Cancan, Rony Medaglia, and Lei Zheng. “Towards a Typology of Adaptive Governance in the Digital Government Context: The Role of Decision-Making and Accountability.” Government Information Quarterly, vol. 35, no. 2, April 2018, pp. 306–22.

Westland, Jason. “IT Governance: Definitions, Frameworks and Planning.” ProjectManager.com, 17 Dec. 2019. Web.

Wilkin, Carla L., and Jon Riddett. “IT Governance Challenges in a Large Not-for-Profit Healthcare Organization: The Role of Intranets.” Electronic Commerce Research vol. 9, no. 4, 2009, pp. 351-74. Web.

Zalnieriute, Monika, et al. “The Rule of Law and Automation of Government Decision Making.” Modern Law Review, 25 Feb. 2019. Web.

Develop an IT Asset Management Strategy

  • Buy Link or Shortcode: {j2store}295|cart{/j2store}
  • member rating overall impact (scale of 10): 8.5/10 Overall Impact
  • member rating average dollars saved: $52,211 Average $ Saved
  • member rating average days saved: 31 Average Days Saved
  • Parent Category Name: Asset Management
  • Parent Category Link: /asset-management

You have a mandate to create an accurate and actionable database of the IT assets in your environment, but:

  • The data you have is often incomplete or wrong.
  • Processes are broken or non-existent.
  • Your tools aren’t up to the task of tracking ever more hardware, software, and relevant metadata.
  • The role of stakeholders outside the core ITAM team isn’t well defined or understood.

Our Advice

Critical Insight

ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there’s no value in data for data’s sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service providers.

Impact and Result

  • Develop an approach and strategy for ITAM that is sustainable and aligned with your business priorities.
  • Clarify the structure for the ITAM program, including scope, responsibility and accountability, centralization vs. decentralization, outsourcing vs. insourcing, and more.
  • Create a practical roadmap to guide improvement.
  • Summarize your strategy and approach using Info-Tech’s templates for review with stakeholders.

Develop an IT Asset Management Strategy Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Develop an IT Asset Management Strategy – A methodology to create a business-aligned, coherent, and durable approach to ITAM.

This two-phase, step-by-step methodology will guide you through the activities to build a business-aligned, coherent, and durable approach to ITAM. Review the executive brief at the start of the slide deck for an overview of the methodology and the value it can provide to your organization.

  • Develop an IT Asset Management Strategy – Phases 1-2

2. ITAM Strategy Template – A presentation-ready repository for the work done as you define your ITAM approach.

Use this template to document your IT asset management strategy and approach.

  • ITAM Strategy Template

3. IT Asset Estimations Tracker – A rough-and-ready inventory exercise to help you evaluate the work ahead of you.

Use this tool to estimate key data points related to your IT asset estate, as well as your confidence in your estimates.

  • IT Asset Estimations Tracker

Infographic

Workshop: Develop an IT Asset Management Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Identify ITAM Priorities & Goals, Maturity, Metrics and KPIs

The Purpose

Align key stakeholders to the potential strategic value of the IT asset management practice.

Ensure the ITAM practice is focused on business-aligned goals.

Key Benefits Achieved

Define a business-aligned direction and expected outcomes for your ITAM program.

Activities

1.1 Brainstorm ITAM opportunities and challenges.

1.2 Conduct an executive alignment working session.

1.3 Set ITAM priorities, goals and tactics.

1.4 Identify target and current state ITAM maturity.

Outputs

ITAM opportunities and challenges

Align executive priorities with ITAM opportunities.

ITAM metrics and KPIs

ITAM maturity

2 Identify Your Approach to Support ITAM Priorities and Goals

The Purpose

Translate goals into specific and coherent actions to enable your ITAM practice to deliver business value.

Key Benefits Achieved

A business-aligned approach to ITAM, encompassing scope, structure, tools, audits, budgets, documentation and more.

A high-level roadmap to achieve your vision for the ITAM practice.

Activities

2.1 Define ITAM scope.

2.2 Acquire ITAM services (outsourcing and contracting).

2.3 Centralize or decentralize ITAM capabilities.

2.4 Create a RACI for the ITAM practice.

2.5 Align ITAM with other service management practices.

2.6 Evaluate ITAM tools and integrations.

2.7 Create a plan for internal and external audits.

2.8 Improve your budget processes.

2.9 Establish a documentation framework.

2.10 Create a roadmap and communication plan.

Outputs

Your ITAM approach

ITAM roadmap and communication plan

Further reading

Develop an IT Asset Management Strategy

Define your business-aligned approach to ITAM.

Table of Contents

4 Analyst Perspective

5 Executive Summary

17 Phase 1: Establish Business-Aligned ITAM Goals and Priorities

59 Phase 2: Support ITAM Goals and Priorities

116 Bibliography

Develop an IT Asset Management Strategy

Define your business-aligned approach to ITAM.

EXECUTIVE BRIEF

Analyst Perspective

Track hardware and software. Seems easy, right?

It’s often taken for granted that IT can easily and accurately provide definitive answers to questions like “how many laptops do we have at Site 1?” or “do we have the right number of SQL licenses?” or “how much do we need to budget for device replacements next year?” After all, don’t we know what we have?

IT can’t easily provide these answers because to do so you must track hardware and software throughout its lifecycle – which is not easy. And unfortunately, you often need to respond to these questions on very short notice because of an audit or to support a budgeting exercise.

IT Asset Management (ITAM) is the solution. It’s not a new solution – the discipline has been around for decades. But the key to success is to deploy the practice in a way that is sustainable, right-sized, and maximizes value.

Use our practical methodology to develop and document your approach to ITAM that is aligned with the goals of your organization.

Photo of Andrew Sharp, Research Director, Infrastructure & Operations Practice, Info-Tech Research Group.

Andrew Sharp
Research Director
Infrastructure & Operations Practice
Info-Tech Research Group

Realize the value of asset management

Cost optimization, application rationalization and reduction of technical debt are all considered valuable to right-size spending and improve service outcomes. Without access to accurate data, these activities require significant investments of time and effort, starting with creation of point-in-time inventories, which lengthens the timeline to reaching project value and may still not be accurate.

Cost optimization and reduction of technical debt should be part of your culture and technical roadmap rather than one-off projects. Why? Access to accurate information enables the organization to quickly make decisions and pivot plans as needed. Through asset management, ongoing harvest and redeployment of assets improves utilization-to-spend ratios. We would never see any organization saying, “We’ve closed our year end books, let’s fire the accountants,” but often see this valuable service relegated to the back burner. Similar to the philosophy that “the best time to plant a tree is 20 years ago and the next best time is now,” the sooner you can start to collect, validate, and analyze data, the sooner you will find value in it.

Photo of Sandi Conrad, Principal Research Director, Infrastructure & Operations Practice, Info-Tech Research Group.

Sandi Conrad
Principal Research Director
Infrastructure & Operations Practice
Info-Tech Research Group

Executive Summary

Your Challenge

You have a mandate to create an accurate and actionable database of the IT assets in your environment, but:

  • The data you have is often incomplete or wrong.
  • Processes are broken or non-existent.
  • Your tools aren’t up to the task of tracking ever more hardware, software, and relevant metadata.
  • The role of stakeholders outside the core ITAM team isn’t well defined or understood.
Common Obstacles

It is challenging to make needed changes because:

  • There’s cultural resistance to asset tracking, it’s seen as busywork that doesn’t clearly create value.
  • Decentralized IT teams aren’t generating the data required to track hardware and licenses.
  • ITAM can’t direct needed tool improvements because the admins don’t report to ITAM.
  • It’s hard to find time to improve processes given the day-to-day demands on your time.
Info-Tech’s Approach
  • Develop an approach and strategy for ITAM that is sustainable and aligned with your business priorities.
  • Clarify the structure for the ITAM program, including scope, responsibility and accountability, centralization vs. decentralization, outsourcing vs. insourcing, and more.
  • Create a practical roadmap to guide improvement.
  • Summarize your strategy and approach using Info-Tech’s templates for review with stakeholders.

Info-Tech Insight

ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there’s no value in data for data’s sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service providers.

Unlock business value with IT asset management

  • IT asset management (ITAM) is the practice of maintaining accurate, accessible, and actionable data on the assets within the organization’s IT estate. Each IT asset will have a record that tracks it across its lifecycle from purchase to disposal.
  • ITAM’s value is realized through other processes and practice areas that can leverage ITAM data to manage risk, improve IT services, and control costs.
  • Develop an approach to ITAM that maximizes the value delivered to the business and IT. ITAM succeeds when its partners succeed at delivering business value, and it fails when it doesn’t show value to those partners.

This blueprint will help you develop your approach for the management of IT hardware and software, including cloud services. Leverage other Info-Tech methodologies to dive directly into developing hardware asset management procedures, software asset management procedures, or to implement configuration management best practices.

Info-Tech Members report significant savings from implementing our hardware and software asset management frameworks. In order to maximize value from the process-focused methodologies below, develop your ITAM strategy first.

Implement Hardware Asset Management (Based on Info-Tech Measured Value Surveys results from clients working through these blueprints, as of February 2022.)

9.6/10

$23k

32

Overall Impact Average $ Saved Average Days Saved
Implement Software Asset Management (Based on Info-Tech Measured Value Surveys results from clients working through these blueprints, as of February 2022.)

9.0/10

$12k

5

Overall Impact Average $ Saved Average Days Saved

ITAM provides both early and ongoing value

ITAM isn’t one-and-done. Properly supported, your ITAM practice will deliver up-front value that will help demonstrate the value ongoing ITAM can offer through the maintenance of an accurate, accessible, and actionable ITAM database.

Example: Software Savings from ITAM



This chart shows the money saved between the first quote and the final price for software and maintenance by a five-person ITAM team. Over a year and a half, they saved their organization a total of $7.5 million from a first quote total of $21 million over that period.

This is a perfect example of the direct value that ITAM can provide on an ongoing basis to the organization, when properly supported and integrated with IT and the business.

Examples of up-front value delivered in the first year of the ITAM practice:

  • Save money by reviewing and renegotiating critical, high-spend, and undermanaged software and service contracts.
  • Redeploy or dispose of clearly unused hardware and software.
  • Develop and enforce standards for basic hardware and software.
  • Improve ITAM data quality and build trust in the results.

Examples of long-term value from ongoing governance, management, and operational ITAM activities:

  • Optimize spend: Reallocate unused hardware and software, end unneeded service agreements, and manage renewals and audits.
  • Reduce risk: Provide comprehensive asset data for security controls development and incident management; manage equipment disposal.
  • Improve IT service: Support incident, problem, request, and change management with ITAM data. Develop new solutions with an understanding of what you have already.

Common obstacles

The rulebook is available, but hard to follow
  • ITAM takes a village, but stakeholders aren’t aware of their role. ITAM processes rely on technicians to update asset records, vendors to supply asset data, administrators to manage tools, leadership to provide direction and support, and more.
  • Constant change in the IT and business environment undermines the accuracy of ITAM records (e.g. licensing and contract changes, technology changes that break discovery tools, personnel and organizational changes).
  • Improvement efforts are overwhelmed by day-to-day activities. One study found that 83% of SAM teams’ time is consumed by audit-related activities. (Flexera State of ITAM Report 2022) A lack of improvement becomes a vicious cycle when stakeholders who don’t see the value of ITAM decline to dedicate resources for improvement.
  • Stakeholders expect ITAM tools to be a cure-all, but even at their best, they can’t provide needed answers without some level of configuration, manual input, and supervision.
  • There’s often a struggle to connect ITAM to value. For example, respondents to Info-Tech’s Management & Governance Diagnostic consistently rank ITAM as less important than other processes that ITAM directly supports (e.g. budget management and budget optimization). (Info-Tech MGD Diagnostic (n=972 unique organizations))
ITAM is a mature discipline with well-established standards, certifications, and tools, but we still struggle with it.
  • Only 28% of SAM teams track IaaS and PaaS spend, and only 35% of SAM teams track SaaS usage.
  • Increasing SAM maturity is a challenge for 76% of organizations.
  • 10% of organizations surveyed have spent more than $5 million in the last three years in audit penalties and true-ups.
  • Half of all of organizations lack a viable SAM tool.
  • Seventy percent of SAM teams have a shortfall of qualified resources.
  • (Flexera State of ITAM Report 2022)

Info-Tech's IT Asset Management Framework (ITAM)

Adopt, manage, and mature activities to enable business value thorugh actionable, accessible, and accurate ITAM data

Logo for Info-Tech Research Group. Enable Business Value Logo for #iTRG.
Business-Aligned Spend
Optimization and Transparency
Facilitate IT Services
and Products
Actionable, Accessible,
and Accurate Data
Context-Aware Risk Management
and Security Controls

Plan & Govern

Business Goals, Risks, and Structure
  • ITAM Goals & Priorities
  • Roles, Accountability, Responsibilities
  • Scope
Ongoing Management Commitment
  • Resourcing & Funding
  • Policies & Enforcement
  • Continuous Improvement
Culture
  • ITAM Education, Awareness & Training
  • Organizational Change Management
Section title 'Operate' with a cycle surrounding key components of Operate: 'Data Collection & Validation', 'Tool Administration', 'License Management', and 'Lease Management'. The cycle consists of 'Request', 'Procure', 'Receive', 'Deploy', 'Manage', 'Retire & Dispose', and back to 'Request'.

Build & Manage

Tools & Data
  • ITAM Tool Selection & Deployment
  • Configuration Management Synchronization
  • IT Service Management Integration
Process
  • Process Management
  • Data & Process Audits
  • Document Management
People, Policies, and Providers
  • Stakeholder Management
  • Technology Standardization
  • Vendor & Contract Management

Info-Tech Insight

ITAM is a foundational IT service that provides actionable, accessible, and accurate data on IT assets. But there's no value in data for data's sake. Use this methodology to enable collaboration between ITAM, the business, and IT to develop an approach to ITAM that maximizes the value the ITAM team can deliver as service providers.

Key deliverable

IT asset management requires ongoing practice – you can’t just implement it and walk away.

Our methodology will help you build a business-aligned strategy and approach for your ITAM practice with the following outputs:

  • Business-aligned ITAM priorities, opportunities, and goals.
  • Current and target state ITAM maturity.
  • Metrics and KPIs.
  • Roles, responsibilities, and accountability.
  • Insourcing, outsourcing, and (de)centralization.
  • Tools and technology.
  • A documentation framework.
  • Initiatives, a roadmap, and a communication plan.
Each step of this blueprint is designed to help you create your IT asset management strategy:
Sample of Info-Tech's key deliverable 'IT Asset Management' blueprint.

Info-Tech’s methodology to develop an IT asset management strategy

1. Establish business-aligned ITAM goals and priorities 2. Identify your approach to support ITAM priorities and goals
Phase Steps
  • 1.1 Define ITAM and brainstorm opportunities and challenges.
  • Executive Alignment Working Session:
  • 1.2 Review organizational priorities, strategy, and key initiatives.
  • 1.3 Align executive priorities with ITAM opportunities and priorities.
  • 1.4 Identify business-aligned ITAM goals and target maturity.
  • 1.5 Write mission and vision statements.
  • 1.6 Define ITAM metrics and KPIs.
  • 2.1 Define ITAM scope.
  • 2.2 Acquire ITAM services (outsourcing and contracting).
  • 2.3 Centralize or decentralize ITAM capabilities.
  • 2.4 Create a RACI for the ITAM practice.
  • 2.5 Align ITAM with other service management practices.
  • 2.6 Evaluate ITAM tools and integrations.
  • 2.7 Create a plan for internal and external audits.
  • 2.8 Improve your budget processes.
  • 2.9 Establish a documentation framework.
  • 2.10 Create a roadmap and communication plan.
Phase Outcomes Defined, business-aligned goals and priorities for ITAM. Establish an approach to achieving ITAM goals and priorities including scope, structure, tools, service management integrations, documentation, and more.
Project Outcomes Develop an approach and strategy for ITAM that is sustainable and aligned with your business priorities.

Insight Summary

There’s no value in data for data’s sake

ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an approach to ITAM that maximizes the value they can deliver as service providers.

Service provider to a service provider

ITAM is often viewed (when it’s viewed at all) as a low-value administrative task that doesn’t directly drive business value. This can make it challenging to build a case for funding and resources.

Your ITAM strategy is a critical component to help you define how ITAM can best deliver value to your organization, and to stop creating data for the sake of data or just to fight the next fire.

Collaboration over order-taking

To align ITAM practices to deliver organizational value, you need a very clear understanding of the organization’s goals – both in the moment and as they change over time.

Ensure your ITAM team has clear line of sight to business strategy, objectives, and decision-makers, so you can continue to deliver value as priorities change

Embrace dotted lines

ITAM teams rely heavily on staff, systems, and data beyond their direct area of control. Identify how you will influence key stakeholders, including technicians, administrators, and business partners.

Help them understand how ITAM success relies on their support, and highlight how their contributions have created organizational value to encourage ongoing support.

Project benefits

Benefits for IT
  • Set a foundation and direction for an ITAM practice that will allow IT to manage risk, optimize spend, and enhance services in line with business requirements.
  • Establish accountability and responsibility for essential ITAM activities. Decide where to centralize or decentralize accountability and authority. Identify where outsourcing could add value.
  • Create a roadmap with concrete, practical next steps to develop an effective, right-sized ITAM practice.
Stock image of a trophy. Benefits for the business
  • Plan and control technology spend with confidence based on trustworthy ITAM data.
  • Enhance IT’s ability to rapidly and effectively support new priorities and launch new projects. Effective ITAM can support more streamlined procurement, deployment, and management of assets.
  • Implement security controls that reflect your total technology footprint. Reduce the risk that a forgotten device or unmanaged software turns your organization into the next Colonial Pipeline.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI around 12 calls over the course of 6 months.

What does a typical GI on this topic look like?

Call #1: Scope requirements, objectives, and your specific challenges.

Call #2: Review business priorities.

Call #3: Identify ITAM goals & target maturity.

Call #4: Identify metrics and KPIs. Call #5: Define ITAM scope.

Call #6: Acquire ITAM services.

Call #7: ITAM structure and RACI.

Call #8: ITAM and service management.

Tools and integrations.

Call #10: Internal and external audits.

Call #11: Budgets & documentation

Call #12: Roadmap, comms plan. Wrap-up.

Phase 1 Phase 2

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 Day 2 Day 3 Day 4 Day 5
Identify ITAM priorities & goals, maturity, metrics and KPIs
Identify your approach to support ITAM priorities and goals
Next Steps and wrap-Up (offsite)
Activities

1.1 Define ITAM.

1.2 Brainstorm ITAM opportunities and challenges.

Conduct an executive alignment working session:

1.3 Review organizational priorities, strategy, and key initiatives.

1.4 Align executive priorities with ITAM opportunities.

1.5 Set ITAM priorities.

2.1 Translate opportunities into ITAM goals and tactics.

2.2 Identify target and current state ITAM maturity.

2.3 Create mission and vision statements.

2.4 Identify key ITAM metrics and KPIs.

3.1 Define ITAM scope.

3.2 Acquire ITAM services (outsourcing and contracting)

3.3 Centralize or decentralize ITAM capabilities.

3.4 Create a RACI for the ITAM practice.

3.5 Align ITAM with other service management practices.

3.6 Evaluate ITAM tools and integrations.

4.1 Create a plan for internal and external audits.

4.2 Improve your budget processes.

4.3 Establish a documentation framework and identify documentation gaps.

4.4 Create a roadmap and communication plan.

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables
  1. ITAM opportunities and challenges.
  2. Align executive priorities with ITAM opportunities.
  3. Set ITAM priorities.
  1. ITAM goals and tactics.
  2. Current and target ITAM maturity.
  3. Mission and vision statements.
  4. ITAM metrics and KPIs.
  1. Decisions that will shape your ITAM approach, including:
    1. What’s in scope (hardware, software, and cloud services).
    2. Where to centralize, decentralize, or outsource ITAM activities.
    3. Accountability, responsibility, and structure for ITAM activities.
    4. Service management alignment, tooling gaps, audit plans, budget processes, and required documentation.
  2. A roadmap and communication plan.
  1. Your completed ITAM strategy template.
Develop an IT Asset Management Strategy

Phase 1:

Establish business-aligned ITAM goals and priorities

Phase 1

1.1 Define ITAM and brainstorm opportunities and challenges.

Executive Alignment Working Session:

1.2 Review organizational priorities, strategy, and key initiatives.

1.3 Align executive priorities with ITAM opportunities & priorities.

1.4 Identify business-aligned ITAM goals and target maturity.

1.5 Write mission and vision statements.

1.6 Define ITAM metrics and KPIs.

Phase 2

2.1 Define ITAM scope.

2.2 Acquire ITAM services (outsourcing and contracting).

2.3 Centralize or decentralize ITAM capabilities.

2.4 Create a RACI for the ITAM practice.

2.5 Align ITAM with other service management practices.

2.6 Evaluate ITAM tools and integrations.

2.7 Create a plan for internal and external audits.

2.8 Improve your budget processes.

2.9 Establish a documentation framework.

2.10 Create a roadmap and communication plan.

Phase Outcomes:

Defined, business-aligned goals, priorities, and KPIs for ITAM. A concise vision and mission statement. The direction you need to establish a practical, right-sized, effective approach to ITAM for your organization.

Before you get started

Set yourself up for success with these three steps:
  • This methodology and the related slides are intended to be executed via intensive, collaborative working sessions using the rest of this slide deck.
  • Ensure the working sessions are a success by working through these steps before you start work on your IT asset management strategy.

1. Identify participants

Review recommended roles and identify who should participate in the development of your ITAM strategy.

2. Estimate assets managed today

Work through an initial assessment to establish ease of access to ITAM data and your level of trust in the data available to you.

3. Create a working folder

Create a repository to house your notes and any work in progress, including your copy of the ITAM Strategy Template.

0.1 Identify participants

30 minutes

Output: List of key roles for the strategy exercises outlined in this methodology

Participants: Project sponsor, Lead facilitator, ITAM manager and SMEs

This methodology relies on having the right stakeholders in the room to identify ITAM goals, challenges, roles, structure, and more. On each activity slide in this deck, you’ll see an outline of the recommended participants. Use the table below to translate the recommended roles into specific people in your organization. Note that some people may fill multiple roles.

Role Expectations People
Project Sponsor Accountable for the overall success of the methodology. Ideally, participates in all exercises in this methodology. May be the asset manager or whoever they report to. Jake Long
Lead Facilitator Leads, schedules, and manages all working sessions. Guides discussions and ensures activity outputs are completed. Owns and understands the methodology. Has a working knowledge of ITAM. Robert Loblaw
Asset Manager(s) SME for the ITAM practice. Provides strategic direction to mature ITAM practices in line with organizational goals. Supports the facilitator. Eve Maldonado
ITAM Team Hands-on ITAM professionals and SMEs. Includes the asset manager. Provide input on tactical ITAM opportunities and challenges. Bruce Wayne, Clark Kent
IT Leaders & Managers Leaders of key stakeholder groups from across the IT department – the CIO and direct reports. Provide input on what IT needs from ITAM, and the role their teams should play in ITAM activities. May include delegates, particularly those familiar with day-to-day processes relevant to a particular discussion or exercise. Marcelina Hardy, Edmund Broughton
ITAM Business Partners Non-IT business stakeholders for ITAM. This could include procurement, vendor management, accounting, and others. Zhang Jin, Effie Lamont
Business Executives Organizational leaders and executives (CFO, COO, CEO, and others) or their delegates. Will participate in a mini-workshop to identify organizational goals and initiatives that can present opportunities for the ITAM practice. Jermaine Mandar, Miranda Kosuth

0.2 Estimate asset numbers

1 hour

Output: Estimates of quantity and spend related to IT assets, Confidence/margin of error on estimates

Participants: IT asset manager, ITAM team

What do you know about your current IT environment, and how confident are you in that knowledge?

This exercise will help you evaluate the size of the challenge ahead in terms of the raw number of assets in your environment, the spend on those assets, and the level of trust your organization has in the ITAM data.

It is also a baseline snapshot your ability to relay key ITAM metrics quickly and confidently, so you can measure progress (in terms of greater confidence) over time.

  1. Download the estimation tracker below. Add any additional line items that are particularly important to the organization.
  2. Time-box this exercise to an hour. Use your own knowledge and existing data repositories to identify count/spend for each line item, then add a margin of error to your guess. Larger margins of error on larger counts will typically indicate larger risks.
  3. Track any assumptions, data sources used, or SMEs consulted in the comments.

Download the IT Asset Estimation Tracker

“Any time there is doubt about the data and it doesn’t get explained or fixed, then a new spreadsheet is born. Data validation and maintenance is critical to avoid the hidden costs of having bad data”

Allison Kinnaird,
Operations Practice Lead,
Info-Tech Research Group

0.3 Create a working folder

15 minutes

Output: A repository for templates and work in progress

Participants: Lead facilitator

Create a central repository for collaboration – it seems like an obvious step, but it’s one that gets forgotten about
  1. Download a copy of the ITAM Strategy Template.
    1. This will be the repository for all the work you do in the activities listed in this blueprint; take a moment to read it through and familiarize yourself with the contents.
  2. House the template in a shared repository that can house other related work in progress. Share this folder with participants so they can check in on your progress.
  3. You’ll see this callout box: Add your results to your copy of the ITAM Strategy Template as you work through activities in this blueprint. Copy the output to the appropriate slide in the ITAM Strategy Template.
Stock image of a computer screen with a tiny person putting likes on things.

Collect action items as you go

Don’t wait until the end to write down your good ideas.
  • The last exercise in this methodology is to gather everything you’ve learned and build a roadmap to improve the ITAM practice.
  • The output of the exercises will inform the roadmap, as they will highlight areas with opportunities for improvement.
  • Write them down as you work through the exercises, or you risk forgetting valuable ideas.
  • Keep an “idea space” – a whiteboard with sticky notes or a shared document – to which any of your participants can post an idea for improvement and that you can review and consolidate later.
  • Encourage participants to add their ideas at any time during the exercises.
Pad of sticky notes, the top of which reads 'Good ideas go here!'

Step 1.1: Brainstorm ITAM opportunities and challenges

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • ITAM business partners

Outcomes

  • Rally the working group around a collection of ideas that, when taken together, create a vision for the future ITAM practice.
  • Identify your organization’s current ITAM challenges.

“ITAM is a cultural shift more than a technology shift.” (Rory Canavan, SAM Charter)

What is an IT Asset?

Any piece of technology can be considered an asset, but it doesn’t mean you need to track everything. Image of three people building a computer from the inside.
Icon of a power button.

According to the ISO 19770 standard on ITAM, an IT Asset is “[an] item, thing, or entity that can be used to acquire, process, store and distribute digital information and has potential or actual value to an organization.”
These are all things that IT is expected to support and manage, or that have the potential to directly impact services that IT supports and manages.

Icon of a half-full battery.

IT assets are distinct from capital assets. Some IT assets will also be capital assets, but not all will be. And not all capital assets are IT assets, either.

Icon of a microphone.

IT assets are typically tracked by IT, not by finance or accounting.
IT needs more from their IT asset tracking system than the typical finance department can deliver.
This can include end-user devices, software, IT infrastructure, cloud-based resources, third-party managed IT services, Internet-of-Things devices, embedded electronics, SCADA equipment, “smart” devices, and more.

Icon of a fingerprint.

It’s important to track IT assets in a way that enables IT to deliver value to the business – and an important part of this is understanding what not to track. This list should be aligned to the needs of your organization.

What is IT asset management?

  • IT asset management is the practice of maintaining accurate, accessible, and actionable data on IT hardware, software, and cloud assets from procurement to disposal.
  • Trustworthy data maintained by an IT asset management practice will help your business meet its goals by managing risk, controlling costs, and enabling IT services and products.
  • ITAM tends to focus on the asset itself – its technical, financial, contractual, lifecycle, and ownership attributes – rather than its interactions or connections to other IT assets, which tends to be part of configuration management.

What IT Asset Management is NOT:

Configuration Management: Configuration management databases (CMDBs) often draw from the same data pool as ITAM (many configuration items are assets, and vice versa), but they focus on the interaction, interconnection, and interoperation of configuration items within the IT estate.

In practice, many configuration items will be IT assets (or parts of assets) and vice versa. Configuration and asset teams should work closely together as they develop different but complementary views of the IT environment. Use Info-Tech’s methodology to harness configuration management superpowers.

Organizational Data Management: Leverage a different Info-Tech methodology to develop a digital and data asset management program within Info-Tech’s DAM framework.

“Asset management’s job is not to save the organization money, it’s not to push back on software audits.

It’s to keep the asset database as up-to-date and as trustworthy as possible. That’s it.” (Jeremy Boerger, Consultant & Author)

“You can’t make any real decisions on CMDB data that’s only 60% accurate.

You start extrapolating that out, you’re going to get into big problems.” (Mike Austin, Founder & CEO, MetrixData 360)

What is an ITAM strategy?

Our strategy document will outline a coherent, sustainable, business-aligned approach to ITAM.

No single approach to ITAM fits all organizations. Nor will the same approach fit the same organization at different times. A world-leading research university, a state government, and a global manufacturer all have very different goals and priorities that will be best supported by different approaches to ITAM.

This methodology will walk you through these critical decisions that will define your approach to ITAM:

  • Business-aligned priorities, opportunities, and goals: What pressing opportunities and challenges do we face as an organization? What opportunities does this create that ITAM can seize?
  • Current and future state maturity, challenges: What is the state of the practice today? Where do we need to improve to meet our goals? What challenges stand in the way of improvement?
  • Responsibility, accountability, sourcing and (de)centralization: Who does what? Who is accountable? Where is there value to outsourcing? What authority will be centralized or decentralized?
  • Tools, policies, and procedures: What technology do we need? What’s our documentation framework?
  • Initiatives, KPIs, communication plan, and roadmap: What do we need to do, in what order, to build the ITAM practice to where we need it to be? How long do we expect this to take? How will we measure success?

“A good strategy has coherence, coordinating actions, policies, and resources so as to accomplish an important end. Most organizations, most of the time, don’t have this.

Instead, they have multiple goals and initiatives that symbolize progress, but no coherent approach to accomplish that progress other than ‘spend more and try harder.’” (Good Strategy, Bad Strategy, Richard Rumelt)

Enable business value with IT asset management

If you’ve never experienced a mature ITAM program before, it is almost certainly more rewarding than you’d expect once it’s functioning as intended.

Each of the below activities can benefit from accessible, actionable, and accurate ITAM data.

  • Which of the activities, practices, and initiatives below have value to your organization?
  • Which could benefit most from ITAM data?
Manage Risk: Effective ITAM practices provide data and processes that help mitigate the likelihood and impact of potentially damaging IT risks.

ITAM supports the following practices that help manage organizational risk:

  • Security Controls Development
  • Security Incident Response
  • Security Audit Reports
  • Regulatory Compliance Reports
  • IT Risk Management
  • Technical Debt Management
  • M&A Due Diligence
Optimize Spend: Asset data is essential to maintaining oversight of IT spend, ensuring that scarce resources are allocated where they can have the most impact.

ITAM supports these activities that help optimize spend:

  • Vendor Management & Negotiations
  • IT Budget Management & Variance Analysis
  • Asset Utilization Analysis
  • FinOps & Cloud Spend Optimization
  • Showback & Chargeback
  • Software Audit Defense
  • Application Rationalization
  • Contract Consolidation
  • License and Device Reallocation
Improve IT Services: Asset data can help inform solutions development and can be used by service teams to enhance and improve IT service practices.

Use ITAM to facilitate these IT services and initiatives:

  • Solution and Enterprise Architecture
  • Service Level Management
  • Technology Procurement
  • Technology Refresh Projects
  • Incident & Problem Management
  • Request Management
  • Change Management
  • Green IT

1.1 Brainstorm ideas to create a vision for the ITAM practice

30 minutes

Input: Stakeholders with a vision of what ITAM could provide, if resourced and funded adequately

Output: A collection of ideas that, when taken together, create a vision for the future ITAM practice

Materials: ITAM strategy template, Whiteboard or virtual whiteboard

Participants: ITAM team, IT leaders and managers, ITAM business partners

It can be easy to lose sight of long-term goals when you’re stuck in firefighting mode. Let’s get the working group into a forward-looking mindset with this exercise.

Think about what ITAM could deliver with unlimited time, money, and technology.

  1. Provide three sticky notes to each participant.
  2. Add the headings to a whiteboard, or use a blank slide as a digital whiteboard
  3. On each sticky note, ask participants to outline a single idea as follows:
    1. We could: [idea]
    2. Which would help: [stakeholder]
    3. Because: [outcome]
  4. Ask participants to present their sticky notes and post them to the whiteboard. Ask later participants to group similar ideas together.

As you hear your peers describe what they hope and expect to achieve with ITAM, a shared vision of what ITAM could be will start to emerge.

1.1 Identify structural ITAM challenges

30 minutes

Input: The list of common challenges on the next slide, Your estimated visibility into IT assets from the previous exercise, The experience and knowledge of your participants

Output: Identify current ITAM challenges

Materials: Your working copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, ITAM business partners

What’s standing in the way today of delivering the ITAM practices you want to achieve?

Review the list of common challenges on the next slide as a group.

  1. Delete any challenges that don’t apply to your organization.
  2. Modify any challenges as required to reflect your organization.
  3. Add further challenges that aren’t on the list, as required.
  4. Highlight challenges that are particularly painful.

Add your results to your copy of the ITAM Strategy Template

“The problem – the reason why asset management initiatives keep falling on their face – is that people attack asset management as a problem to solve, instead of a practice and epistemological construct.” (Jeremy Boerger, Consultant & Author)

1.1 Identify structural ITAM challenges

Review and update the list of common challenges below to reflect your own organization.

  • Leadership and executives don’t understand the value of asset management and don’t fund or resource it.
  • Tools aren’t fit for purpose, don’t scale, or are broken.
  • There’s a cultural tendency to focus on tools over processes.
  • ITAM data is fragmented across multiple repositories.
  • ITAM data is widely viewed as untrustworthy.
  • Stakeholders respond to vendor audits before consulting ITAM, which leads to confusion and risks penalties.
  • No time for improvement; we’re always fighting fires.
  • We don’t audit our own ITAM data for accuracy.
  • End-user equipment is shared, re-assigned, or disposed without notifying or involving IT.
  • No dedicated resources.
  • Lack of clarity on roles and responsibilities.
  • Technicians don’t track assets consistently; ITAM is seen as administrative busywork.
  • Many ITAM tasks are manual and prone to error.
  • Inconsistent organizational policies and procedures.
  • We try to manage too many hardware types/software titles.
  • IT is not involved in the procurement process.
  • Request and procurement is seen as slow and excessively bureaucratic.
  • Hardware/software standards don’t exist or aren’t enforced.
  • Extensive rogue purchases/shadow IT are challenging to manage via ITAM tools and processes.
What Else?

Copy results to your copy of the ITAM Strategy Template

Step 1.2: Review organizational priorities, strategy, initiatives

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • Business executives or their delegates

Outcomes

  • Review organizational priorities and strategy.
  • Identify key initiatives.

Enter the executives

Deliver on leadership priorities

  • Your business’ major transformative projects and executive priorities might seem far removed from hardware and software tracking. Why would we start with business strategy and executive priorities as we’re setting goals for the ITAM program?
  • While business executives have (likely) no interest in how software and hardware is tracked, they are accountable for the outcomes ITAM can enable. They are the most likely to understand why and how ITAM can deliver value to the organization.
  • ITAM succeeds by enabling its stakeholders to achieve business outcomes. The next three activities are designed to help you identify how you can enable your stakeholders, and what outcomes are most important from their point of view. Specifically:
    • What are the business’ planned transformational initiatives?
    • What are your highest priority goals?
    • What should the priorities of the ITAM practice be?
  • The answers to these questions will shape your approach to ITAM. Direct input from your leadership and executives – or their delegates – will help ensure you’re setting a solid foundation for your ITAM practice.

“What outcomes does the organization want from IT asset management? Often, senior managers have a clear vision for the organization and where IT needs to go, and the struggle is to communicate that down.” (Kylie Fowler, ITAM Intelligence)

Stock image of many hands with different puzzle pieces.

Executive Alignment Session Overview

ITAM Strategy Working Sessions

  • Discover & Brainstorm
  • Executive Alignment Working Session
    • 1.2 Review organizational strategy, priorities, and key initiatives
    • 1.3 Align executive priorities with ITAM opportunities, set ITAM priorities
  • ITAM Practice Maturity, Vision & Mission, Metrics & KPIs
  • Scope, Outsourcing, (De)Centralization, RACI
  • Service Management Integration
  • ITAM Tools
  • Audits, Budgets, Documents
  • Roadmap & Comms Plan

A note to the lead facilitator and project sponsor:
Consider working through these exercises by yourself ahead of time. As you do so, you’ll develop your own ideas about where these discussions may go, which will help you guide the discussion and provide examples to participants.

1.2 Review organizational strategy and priorities

30 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template

Participants: Asset manager, IT leadership, Business executives or delegates

Welcome your group to the working session and outline the next few exercises using the previous slide.

Ask the most senior leader present to provide a summary of the following:

  1. What is the vision for the organization?
  2. What are our priorities and what must we absolutely get right?
  3. What do we expect the organization to look like in three years?

The facilitator or a dedicated note-taker should record key points on a whiteboard or flipchart paper.

1.2 Identify transformational initiatives

30 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template

Participants: Asset manager, IT leadership, Business executives or delegates

Ask the most senior leader present to provide a summary of the following: What transformative business and IT initiatives are planned? When will they begin and end?

Using one box per initiative, draw the initiatives in a timeline like the one below.

Sample timeline for ITAM initiatives.

Add your results to your copy of the ITAM Strategy Template

Step 1.3: Set business-aligned ITAM priorities

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • Business executives

Outcomes

  • Connect executive priorities to ITAM opportunities.
  • Set business-aligned priorities for the ITAM practice.

1.3 Align executive priorities with ITAM opportunities

45 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template

Participants: Asset manager, IT leaders and managers, Business executives or delegates

In this exercise, we’ll use the table on the next slide to identify the top priorities of key business and IT stakeholders and connect them to opportunities for the ITAM practice.

  1. Ask your leadership or executive delegates – what are their goals? What are they trying to accomplish? List roles and related goals in the table.
  2. Brainstorm opportunities for IT asset management to support listed goals:
    1. Can ITAM provide an enhanced level of service, access, or insight?
    2. Can ITAM address an existing issue or mitigate an existing risk?

Add your results to your copy of the ITAM Strategy Template

1.3 Align executive priorities with ITAM opportunities (example)

ITAM is for the… Who wants to… Which presents these ITAM opportunities
CEO Deliver transformative business initiatives Acquire the right tech at the right time to support transformational initiatives.
Establish a data-driven culture of stewardship Improve data to increase IT spend transparency.
COO Improve organizational efficiency Increase asset use.
Consolidate major software contracts to drive discounts.
CFO Accurately forecast spending Track and anticipate IT asset spending.
Control spending Improve data to increase IT spend transparency.
Consolidate major software contracts to drive discounts.
CIO Demonstrate IT value Use data to tell a story about value delivered by IT assets.
Govern IT use Improve data to increase IT spend transparency.
CISO Manage IT security and compliance risks Identify abandoned or out-of-spec IT assets.
Provide IT asset data to support controls development.
Respond to security incidents Support security incident teams with IT asset data.
Apps Leader Build, integrate, and support applications Identify opportunities to retire applications with redundant functionality.
Connect applications to relevant licensing and support agreements.
IT Infra Leader Build and support IT infrastructure. Provide input on opportunities to standardize hardware and software.
Provide IT asset data to technicians supporting end users.

1.3 Categorize ITAM opportunities

10-15 minutes

Input: The outputs from the previous exercise

Output: Executive priorities, sorted into the three categories at the right

Materials: The table in this slide, The outputs from the previous exercise

Participants: Lead facilitator

Give your participants a quick break. Quickly sort the identified ITAM opportunities into the three main categories below as best you can.

We’ll use this table as context for the next exercise.

Example: Optimize Spend Enhance IT Services Manage Risk
ITAM Opportunities
  • Improve data to increase IT spend transparency.
  • Consolidate major software contracts to drive discounts.
  • Increase asset utilization.
  • Identify opportunities to retire applications with redundant functionality
  • Acquire the right tech at the right time to support transformational initiatives.
  • Provide IT asset data to technicians supporting end users.
  • Identify abandoned or out-of-spec IT assets.
  • Provide IT asset data to support controls development.
  • Support security incident teams with IT asset data.

Add your results to your copy of the ITAM Strategy Template

1.3 Set ITAM priorities

30 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: Whiteboard, The template on the next slide, Your copy of the ITAM Strategy Template

Participants: Asset manager, IT leaders and managers, Business executives or delegates

The objective of this exercise is to prioritize the outcomes your organization wants to achieve from its ITAM practice, given the context from the previous exercises.

Review the image below. The three points of the triangle are the three core goals of ITAM: Enhance IT Service, Manage Risk, and Optimize Spend. This exercise was first developed by Kylie Fowler of ITAM Intelligence. It is an essential exercise to understand ITAM priorities and the tradeoffs associated with those priorities. These priorities aren’t set in stone and should be revisited periodically as technology and business priorities change.

Draw the diagram on the next slide on a whiteboard. Have the most senior leader in the room place the dot on the triangle – the closer it is to any one of the goals, the more important that goal is to the organization. Note: The center of the triangle is off limits! It’s very rarely possible to deliver on all three at once.
Track notes on what’s being prioritized – and why – in the template on the next slide.
Triangle with the points labelled 'Enhance IT Service', 'Manage Risk', and 'Optimize Spend'.

Add your results to your copy of the ITAM Strategy Template

1.3 Set ITAM Priorities

The priorities of the ITAM practice are to:
  • Optimize Spend
  • Manage Risk
Why?
  • We believe there is significant opportunity right now to rationalize spend by consolidating key software contracts.
  • Major acquisitions are anticipated in the near future. Effective ITAM processes are expected to mitigate acquisition risk by supporting due diligence and streamlined integration of acquired organizations.
  • Ransomware and supply chain security threats have increased demands for a comprehensive accounting of IT assets to support security controls development and security incident response.
(Update this section with notes from your discussion.)
Triangle with the points labelled 'Enhance IT Service', 'Manage Risk', and 'Optimize Spend'. There is a dot close to the 'Optimize Spend' corner, a legend labelling the dot as 'Our Target', and a note reading 'Move this dot to reflect your priorities'.

Step 1.4: Identify ITAM goals, target maturity

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers

Outcomes

  • Connect executive priorities to ITAM opportunities.
  • Set business-aligned priorities for the ITAM practice.

“ITAM is really no different from the other ITIL practices: to succeed, you’ll need some ratio of time, treasure, and talent… and you can make up for less of one with more of the other two.” (Jeremy Boerger, Consultant and Author)

1.4 Identify near- and medium-term goals

15-30 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

Narrow down the list of opportunities to identify specific goals for the ITAM practice.

  1. Use one color to highlight opportunities you will seize in the next year.
  2. Use a second color to highlight opportunities you plan to address in the next three years.
  3. Leave blank anything you don’t intend to address in this timeframe.

The highlighted opportunities are your near- and medium-term objectives.

Optimize Spend Enhance IT Services Manage Risk
Priority Critical Normal High
ITAM Opportunities
  • Improve data to increase IT spend transparency.
  • Increase asset utilization.
  • Consolidate major software contracts to drive discounts.
  • Identify opportunities to retire applications with redundant functionality
  • Acquire the right tech at the right time to support transformational initiatives.
  • Provide IT asset data to technicians supporting end users.
  • Identify abandoned or out-of-spec IT assets.
  • Provide IT asset data to support controls development.
  • Support security incident teams with IT asset data.

1.4 Connect ITAM goals to tactics

30 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

Let’s dig down a little deeper. Connect the list of opportunities from earlier to specific ITAM tactics that allow the team to seize those opportunities.

Add another row to the earlier table for ITAM tactics. Brainstorm tactics with your participants (e.g. sticky notes on a whiteboard) and align them with the priorities they’ll support.

Optimize SpendEnhance IT ServicesManage Risk
PriorityCriticalNormalHigh
ITAM Opportunities
  • Improve data to increase IT spend transparency.
  • Increase asset utilization.
  • Consolidate major software contracts to drive discounts.
  • Identify opportunities to retire applications with redundant functionality
  • Acquire the right tech at the right time to support transformational initiatives.
  • Provide IT asset data to technicians supporting end users.
  • Identify abandoned or out-of-spec IT assets.
  • Provide IT asset data to support controls development.
  • Support security incident teams with IT asset data.
ITAM Tactics to Seize Opportunities
  • Review and improve hardware budgeting exercises.
  • Reallocate unused licenses, hardware.
  • Ensure ELP reports are up to date.
  • Validate software usage.
  • Data to support software renewal negotiations.
  • Use info from ITAM for more efficient adds, moves, changes.
  • Integrate asset records with the ticket intake system, so that when someone calls the service desk, the list of their assigned equipment is immediately available.
  • Find and retire abandoned devices or services with access to the organization’s network.
  • Report on lost/stolen devices.
  • Develop reliable disposal processes.
  • Report on unpatched devices/software.

Add your results to your copy of the ITAM Strategy Template

1.4 Identify current and target state

20 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

We’ll use this exercise to identify the current and one-year target state of ITAM using Info-Tech’s ITAM maturity framework.

  1. Review the maturity framework on the next slide as a group.
  2. In one color, highlight statements that reflect your organization today. Summarize your current state. Are you in firefighter mode? Between “firefighter” and “trusted operator”?
  3. In a second color, highlight statements that reflect where you want to be one year from today, taking into consideration the goals and tactics identified in the last exercise.
  4. During a break, copy the highlighted statements to the table on the slide after next, then add this final slide to your working copy of the ITAM Strategy Template.

Add your results to your copy of the ITAM Strategy Template

Establish current and target ITAM maturity

IT maturity ladder with five color-coded levels. Innovator – Optimized Asset Management
  • All items from Business & Technology Partner, plus:
  • Business and IT stakeholders collaborate regularly with the ITAM team to identify new opportunities to leverage or deploy ITAM practices and data to mitigate risks, optimize spend, and improve service. The ITAM program scales with the business.
Business & Technology Partner – Proactive Asset Management
  • All items from Trusted Operator, plus:
  • The ITAM data is integral to decisions related to budget, project planning, IT architecture, contract renewal, and vendor management. Software and cloud assets are reviewed as frequently as required to manage costs. ITAM data consumers have self-serve access to ITAM data.
  • Continuous improvement practices strengthen ITAM efficiency and effectiveness.
  • ITAM processes, standards, and related policies are regularly reviewed and updated. ITAM teams work closely with SMEs for key tools/systems integrated with ITAM (e.g. AD, ITSM, monitoring tools) to maximize the value and reliability of integrations.
Trusted Operator – Controls Assets
  • ITAM data for deployed hardware and software is regularly audited for accuracy.
  • Sufficient staff and skills to support asset tracking, including a dedicated IT asset management role. Teams responsible for ITAM data collection cooperate effectively. Policies and procedures are documented and enforced. Key licenses and contracts are available to the ITAM team. Discovery, tracking, and analysis tools support most important use cases.
Firefighter – Reactive Asset Tracking
  • Data is often untrustworthy, may be fragmented across multiple repositories, and typically requires significant effort to translate or validate before use.
  • Insufficient staff, fragmented or incomplete policies or documentation. Data tracking processes are extremely highly manual. Effective cooperation for ITAM data collection is challenging.
  • ITAM tools are in place, but additional configuration or tooling is needed.
Unreliable - Struggles to Support
  • No data, or data is typically unusable.
  • No allocated staff, no cooperation between parties responsible for ITAM data collection.
  • No related policies or documentation.
  • Tools are non-existent or not fit-for-purpose.

Current and target ITAM maturity

Today:
Firefighter
  • Data is often untrustworthy, is fragmented across multiple repositories, and typically requires significant effort to translate or validate before use.
  • Insufficient staff, fragmented or incomplete policies or documentation.
  • Tools are non-existent.
In One Year:
Trusted Operator
  • ITAM data for deployed hardware and software is regularly audited for accuracy.
  • Sufficient staff and skills to support asset tracking, including a dedicated IT asset management role.
  • Teams responsible for ITAM data collection cooperate effectively.
  • Discovery, tracking, and analysis tools support most important use cases.
IT maturity ladder with five color-coded levels.

Innovator – Optimized Asset Management

Business & Technology Partner – Proactive Asset Management

Trusted Operator – Controls Assets

Firefighter – Reactive Asset Tracking

Unreliable - Struggles to Support

Step 1.5: Write mission and vision statements

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers

Outcomes

  • Write a mission statement that encapsulates the purpose and intentions of the ITAM practice today.
  • Write a vision statement that describes what the ITAM practice aspires to become and achieve.

Write vision and mission statements

Create two statements to summarize the role of the ITAM practice today – and where you want it to be in the future.

Create two short, compelling statements that encapsulate:
  • The vision for what we want the ITAM practice to be in the future; and
  • The mission – the purpose and intentions – of the ITAM practice today.

Why bother creating mission and vision statements? After all, isn’t it just rehashing or re-writing all the work we’ve just done? Isn’t that (at best) a waste of time?

There are a few very important reasons to create mission and vision statements:

  • Create a compass that can guide work today and your roadmap for the future.
  • Focus on the few things you must do, rather than the many things you could do.
  • Concisely communicate a compelling vision for the ITAM practice to a larger audience who (let’s face it) probably won’t read the entire ITAM Strategy deck.

“Brevity is the soul of wit.” (Hamlet, Act 2, Scene 2)

“Writing is easy. All you have to do is cross out the wrong words.” (Mark Twain)

1.5 Write an ITAM vision statement

30 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: A whiteboard, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT Leaders and managers

Your vision statement describes the ITAM practice as it will be in the far future. It is a target to aspire to, beyond your ability to achieve in the near or medium term.

Examples of ITAM vision statements:

Develop the single accurate view of IT assets, available to anyone who needs it.

Indispensable data brokers that support strategic decisions on the IT environment.

Provide sticky notes to participants. Write out the three questions below on a whiteboard side by side. Have participants write their answers to the questions and post them below the appropriate question. Give everyone 10 minutes to write and post their ideas.

  1. What’s the desired future state of the ITAM practice?
  2. What needs to be done to achieved this desired state?
  3. How do we want ITAM to be perceived in this desired state?

Review the answers and combine them into one focused vision statement. Use the 20x20 rule: take no more than 20 minutes and use no more than 20 words. If you’re not finished after 20 minutes, the ITAM manager should make any final edits offline.

Document your vision statement in your ITAM Strategy Template.

Add your results to your copy of the ITAM Strategy Template

1.5 Write an ITAM mission statement

30 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

Your ITAM mission statement is an expression of what your IT asset management function brings to your organization today. It should be presented in straightforward language that is compelling, easy to understand, and sharply focused.

Examples of ITAM mission statements:

Maintain accurate, actionable, accessible on data on all IT assets.

Support IT and the business with centralized and integrated asset data.

Provide sticky notes to participants. Write out the questions below on a whiteboard side by side. Have participants write their answers to the questions and post them below the appropriate question. Give everyone 10 minutes to write and post their ideas.

  1. What is our role as the asset management team?
  2. How do we support the IT and business strategies?
  3. What does our asset management function offer that no one else can?

Review the answers and combine them into one focused vision statement. Use the 20x20 rule: take no more than 20 minutes and use no more than 20 words. If you’re not finished after 20 minutes, the ITAM manager should make any final edits offline.

Document your vision statement in your ITAM Strategy Template.

Add your results to your copy of the ITAM Strategy Template

Step 1.6: Define ITAM metrics and KPIs

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers

Outcomes

  • Identify metrics, data, or reports that may be of interest to different consumers of ITAM data.
  • Identify the key performance indicators (KPIs) for the ITAM practice, based on the goals and priorities established earlier.

Navigate a universe of ITAM metrics

When you have the data, how will you use it?

  • There’s a dizzying array of potential metrics you can develop and track across your ITAM environment.
  • Different stakeholders will need different data feeds, metrics, reports, and dashboards.
  • Different measures will be useful at different times. You will often need to filter or slice the data in different ways (by department, timeframe, equipment type, etc.)
  • We’ll use the next few exercises to identify the types of metrics that may be useful to different stakeholders and the KPIs to measure progress towards ITAM goals and priorities.

ITAM Metrics

  • Quantity
    e.g. # of devices or licenses
  • Cost
    e.g. average laptop cost
  • Compliance
    e.g. effective license position reports
  • Progress
    e.g. ITAM roadmap items completed
  • Quality
    e.g. ITAM data accuracy rate
  • Time
    e.g. time to procure/ deploy

Drill down by:

  • Vendor
  • Date
  • Dept.
  • Product
  • Location
  • Cost Center

Develop different metrics for different teams

A few examples:

  • CIOs — CIOs need asset data to govern technology use, align to business needs, and demonstrate IT value. What do we need to budget for hardware and software in the next year? Where can we find money to support urgent new initiatives? How many devices and software titles do we manage compared to last year? How has IT helped the business achieve key goals?
  • Asset Managers — Asset managers require data to help them oversee ITAM processes, technology, and staff, and to manage the fleet of IT assets they’re expected to track. What’s the accuracy rate of ITAM data? What’s the state of integrations between ITAM and other systems and processes? How many renewals are coming up in the next 90 days? How many laptops are in stock?
  • IT Leaders — IT managers need data that can support their teams and help them manage the technology within their mandate. What technology needs to be reviewed or retired? What do we actually manage?
  • Technicians — Service desk technicians need real-time access to data on IT assets to support service requests and incident management – for example, easy access to the list of equipment assigned to a particular user or installed in a particular location.
  • Business Managers and Executives — Business managers and executives need concise, readable dashboards to support business decisions about business use of IT assets. What’s our overall asset spend? What’s our forecasted spend? Where could we reallocate spend?

1.6 Identify useful ITAM metrics and reports

60 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

Use this exercise to identify as many potentially useful ITAM metrics and reports as possible, and narrow them down to a few high-priority metrics. Leverage the list of example metrics on the next slide for your own exercise. If you have more than six participants, consider splitting into two or more groups, and divide the table between groups to minimize overlap.

  1. List potential consumers of ITAM data in the column on the left.
  2. What type of information do we think this role needs? What questions about IT assets do we get on a regular basis from this role or team?
  3. Review and consolidate the list as a group. Discuss and highlight any metrics the group thinks are a particularly high priority for tracking.
Role Compliance Quality Quantity Cost Time Progress
IT Asset Manager Owned devices not discovered in last 60 days Discrepancies between discovery data and ITAM DB records # of corporate-owned devices Spend on hardware (recent and future/ planned) Average time, maximum time to deploy end-user devices Number of ITAM roadmap items in progress
Service Desk

Add your results to your copy of the ITAM Strategy Template

Examples of ITAM metrics

Compliance Quality Quantity Cost Time/Duration/Age Progress
Owned devices not discovered in last 60 days Discrepancies between discovery data and ITAM DB records # of corporate-owned devices Spend on hardware (recent and future/planned) Average time, maximum time to deploy end-user devices Number of ITAM roadmap items in progress or completed
Disposed devices without certificate of destruction Breakage rates (in and out of warranty) by vendor # of devices running software title X, # of licenses for software title X Spend on software (recent and future/planned) Average time, maximum time to deploy end user software Number of integrations between ITAM DB and other sources
Discrepancies between licenses and install count, by software title RMAs by vendor, model, equipment type Number of requests by equipment model or software title Spend on cloud (recent and future/planned) Average & total time spent on software audit responses Number of records in ITAM database
Compliance reports (e.g. tied to regulatory compliance or grant funding) Tickets by equipment type or software title Licenses issued from license pool in the last 30 days Value of licenses issued from license pool in the last 30 days (cost avoidance) Devices by age Software titles with an up-to-date ELP report
Reports on lost and stolen devices, including last assigned, date reported stolen, actions taken User device satisfaction scores, CSAT scores Number of devices retired or donated in last year Number of IT-managed capital assets Number of hardware/software request tickets beyond time-to-fulfil targets Number of devices audited (by ITAM team via self-audit)
Number of OS versions, unpatched systems Number of devices due for refresh in the next year Spend saved by harvesting unused software Number of software titles, software vendors managed by ITAM team
Audit accuracy rate Equipment in stock Cost savings from negotiations
# of users assigned more than one device Number of non-standard devices or requests Dollars charged during audit or true-up

Differentiate between metrics and KPIs

Key performance indicators (KPIs) are metrics with targets aligned to goals.

Targets could include one or more of:

  • Target state (e.g. completed)
  • Target magnitude (e.g. number, percent, rate, dollar amount)
  • Target direction (e.g. trending up or down)

You may track many metrics, but you should have only a few KPIs (typically 2-3 per objective).

A breached KPI should be a trigger to investigate and remediate the root cause of the problem, to ensure progress towards goals and priorities can continue.

Which KPIs you track will change over the life of the practice, as ITAM goals and priorities shift. For example, KPIs may initially track progress towards maturing ITAM practices. Once you’ve reached target maturity, KPIs may shift to track whether the key service targets are being met.

1.6 Identify ITAM KPIs

20 minutes

Input: Organizational strategy documents

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

Good KPIs are a more objective measure of whether you’re succeeding in meeting the identified priorities for the ITAM practice.

Identify metrics that can measure progress or success against the priorities and goals set earlier. Aim for around three metrics per goal. Identify targets for the metric you think are SMART (specific, measurable, achievable, relevant, and timebound). Track your work using the example table below.

Goal Metric Target
Consolidate major software contracts to drive discounts Amount spent on top 10 software contracts Decrease by 10% by next year
Customer satisfaction scores with enterprise software Satisfaction is equal to or better than last year
Value of licenses issued from license pool 30% greater than last year
Identify abandoned or out-of-spec IT assets # of security incidents involving undiscovered assets Zero
% devices with “Deployed” status in ITAM DB but not discovered for 30+ days ‹1% of all records in ITAM DB
Provide IT asset data to technicians for service calls Customer satisfaction scores Satisfaction is equal to or better than last year
% of end-user devices meeting minimum standards 97%

Add your results to your copy of the ITAM Strategy Template

Develop an IT Asset Management Strategy

Phase 2:

Identify your approach to support ITAM priorities and goals

Phase 1

1.1 Define ITAM and brainstorm opportunities and challenges.

Executive Alignment Working Session:

1.2 Review organizational priorities, strategy, and key initiatives.

1.3 Align executive priorities with ITAM opportunities & priorities.

1.4 Identify business-aligned ITAM goals and target maturity.

1.5 Write mission and vision statements.

1.6 Define ITAM metrics and KPIs.

Phase 2

2.1 Define ITAM scope.

2.2 Acquire ITAM services (outsourcing and contracting).

2.3 Centralize or decentralize ITAM capabilities.

2.4 Create a RACI for the ITAM practice.

2.5 Align ITAM with other service management practices.

2.6 Evaluate ITAM tools and integrations.

2.7 Create a plan for internal and external audits.

2.8 Improve your budget processes.

2.9 Establish a documentation framework.

2.10 Create a roadmap and communication plan.

Phase Outcomes:

Establish an approach to achieving ITAM goals and priorities, including scope, structure, tools, service management integrations, documentation, and more.

Create a roadmap that enables you to realize your approach.

Step 2.1: Define ITAM Scope

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • ITAM business partners

Outcomes

  • Establish what types of equipment and software you’ll track through the ITAM practice.
  • Establish which areas of the business will be in scope of the ITAM practice.

Determine ITAM Scope

Focus on what’s most important and then document it so everyone understands where they can provide the most value.

Not all categories of assets require the same level of tracking, and some equipment and software should be excluded from the ITAM practice entirely.

In some organizations, portions of the environment won’t be tracked by the asset management team at all. For example, some organizations will choose to delegate tracking multi-function printers (MFPs) or proprietary IoT devices to the department or vendor that manages them.

Due to resourcing or technical limitations, you may decide that certain equipment or software is out of scope for the moment.

What do other organizations typically track in detail?
  • Installs and entitlements for major software contracts that represent significant spend and/or are highly critical to business goals.
  • Equipment managed directly by IT that needs to be refreshed on a regular cycle:
    • End-user devices such as laptops, desktops, and tablets.
    • Server, network, and telecoms devices.
  • High value equipment that is not regularly refreshed may also be tracked, but in less detail – for example, you may not refresh large screen TVs, but you may need to track date of purchase, deployed location, vendor, and model for insurance or warranty purposes.

2.1 Establish scope for ITAM

45 minutes

Input: Organizational strategy documents

Output: ITAM scope, in terms of types of assets tracked and not tracked

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, ITAM business partners

Establish the hardware and software that are within the scope of the ITAM program by updating the tables below to reflect your own environment. The “out of scope” category will include asset types that may be of value to track in the future but for which the capability or need don’t exist today.

Hardware Software Out of Scope
  • End-user devices housing data or with a dollar value of more than $300, which will be replaced through lifecycle refresh.
  • Infrastructure devices, including network, telecom, video conferencing, servers and more
  • End-user software purchased under contract
  • Best efforts on single license purchases
  • Infrastructure software, including solutions used by IT to manage the infrastructure
  • Enterprise applications
  • Cloud (SaaS, IaaS, PaaS)
  • Departmental applications
  • Open-source applications
  • In-house developed applications
  • Freeware & shareware
  • IoT devices

The following locations will be included in the ITAM program: All North and South America offices and retail locations.

Add your results to your copy of the ITAM Strategy Template

Step 2.2: Acquire ITAM Services

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • ITAM business partners

Outcomes

  • Define the type of work that may be more effectively or efficiently delivered by an outsourcer or contractor.

“We would like our clients to come to us with an idea of where they want to get to. Why are you doing this? Is it for savings? Because you want to manage your security attack surface? Are there digital initiatives you want to move forward? What is the end goal?” (Mike Austin, MetrixData 360)

Effectively acquire ITAM services

Allow your team to focus on strategic, value-add activities by acquiring services that free them from commodity tasks.
  • When determining which asset capabilities and activities are best kept in-house and which ones are better handled by a supplier, it is imperative to keep the value to the business in mind.
  • Activities/capabilities that are challenging to standardize and are critical to enabling business goals are better kept in-house.
  • Activities/capabilities that are (or should be) standardized and automated are ideal candidates for outsourcing.
  • Outsourcing can be effective and successful with a narrow scope of engagement and an alignment to business outcomes.
  • Organizations that heavily weigh cost reduction as a significant driver for outsourcing are far less likely to realize the value they expected to receive.
Business Enablement
  • Supports business-aligned ITAM opportunities & priorities
  • Highly specialized
  • Offers competitive advantages
Map with axes 'Business Enablement' and 'Vendor's Performance Advantage' for determining whether or not to outsource.
Vendor’s Performance Advantage
  • Talent or access to skills
  • Economies of scale
  • Access to technology
  • Does not require deep knowledge of your business

Decide what to outsource

It’s rarely all or nothing.

Ask yourself:
  • How important is this activity or capability to ITAM, IT, and business priorities and goals?
  • Is it a non-commodity IT service that can improve customer satisfaction?
  • Is it a critical service to the business and the specialized knowledge must remain in-house?
  • Does the function require access to talent or skills not currently available in-house, and is cost-prohibitive to obtain?
  • Are there economies of scale that can help us meet growing demand?
  • Does the vendor provide access to best-of-breed tools and solutions that can handle the integration, management, maintenance and support of the complete system?

You may ultimately choose to engage a single vendor or a combination of multiple vendors who can best meet your ITAM needs.

Establishing effective vendor management processes, where you can maximize the amount of service you receive while relying on the vendor’s expertise and ability to scale, can help you make your asset management practice a net cost-saver.

ITAM activities and capabilities
  • Contract review
  • Software audit management
  • Asset tagging
  • Asset disposal and recycling
  • Initial ITAM record creation
  • End-user device imaging
  • End-user device deployment
  • End-user software provisioning
  • End-user image management
  • ITAM database administration
  • ELP report creation
  • ITAM process management
  • ITAM report generation
ITAM-adjacent activities and capabilities
  • Tier 1 support/service desk
  • Deskside/field support
  • Tier 3 support
  • IT Procurement
  • Device management/managed IT services
  • Budget development
  • Applications development, maintenance
  • Infrastructure hosting (e.g. cloud or colocation)
  • Infrastructure management and support
  • Discovery/monitoring tools management and support

2.2 Identify outsourcing opportunities

1-2 hours

Input: Understanding of current ITAM processes and challenges

Output: Understanding of potential outsourcing opportunities

Materials: The table in this slide, and insight in previous slides, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, ITAM business partners

At a high level, discuss which functions of ITAM are good candidates for outsourcing.

Start with the previous slide for examples of outsourcing activities or capabilities directly related to or adjacent to the ITAM practice. Categorize these activities as follows:

Outsource Potentially Outsource Insource
  • Asset disposal/recycling
  • ELP report creation
  • ITAM process management

Go through the list of activities to potentially or definitely outsource and confirm:

  1. Will outsourcing solve a resourcing need for an existing process, or can you deliver this adequately in-house?
  2. Will outsourcing improve the effectiveness and efficiency of current processes? Will it deliver more effective service channels or improved levels of reliability and performance consistency?
  3. Will outsourcing provide or enable enhanced service capabilities that your IT customers could use, and which you cannot deliver in-house due to lack of scale or capacity?

Answering “no” to more than one of these questions suggests a need to further review options to ensure the goals are aligned with the potential value of the service offerings available.

Add your results to your copy of the ITAM Strategy Template

Step 2.3: Centralize or decentralize ITAM capabilities

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • ITAM business partners

Outcomes

  • Outline where the team(s) responsible for ITAM sit across the organization, who they report to, and who they need to work with across IT and the business.

Align ITAM with IT’s structure

ITAM’s structure will typically align with the larger business and IT structure. The wrong structure will undermine your ability to meet ITAM goals and lead to frustration, missed work, inefficiency, and loss of value.

Which of the four archetypes below reflects the structure you need?

  1. Centralized — ITAM is entirely centralized in a single function, which reports into a central IT department.
  2. Decentralized — Local IT groups are responsible and accountable for ITAM. They may coordinate informally but do not report to any central team.
  3. Hybrid-Shared Services — Local IT can opt in to shared services but must follow centrally set ITAM practices to do so, usually with support from a shared ITAM function.
  4. Hybrid-Federated — Local IT departments are free to develop their own approach to ITAM outside of core, centrally set requirements.

Centralized ITAM

Total coordination, control, and oversight

  • ITAM accountability, policies, tools, standards, and expertise – in this model, they’re all concentrated in a single, specialized IT asset management practice. Accountability, authority, and oversight are concentrated in the central function as well.
  • A central ITAM team will benefit from knowledge sharing and task specialization opportunities. They are a visible single point of contact for ITAM-related questions
  • The central ITAM team will coordinate ITAM activities across the organization to optimize spend, manage risk, and enhance service. Any local IT teams are supported by and directly answerable to the central ITAM team for ITAM activities.
  • There is a single, centrally managed ITAM database. Wherever possible, this database should be integrated with other tools to support cross-solution automation (e.g. integrate AD to automatically reflect user identity changes in the ITAM database).
  • This model drives cross-organization coordination and oversight, but it may not be responsive to specific and nuanced local requirements.
Example: Centralized
Example of a Centralized ITAM.

Solid line. Direct reporting relationship

Dotted line. Dotted line working or reporting relationship

Decentralized ITAM

Maximize choice

  • ITAM accountability and oversight are entirely devolved to local or regional IT and/or ITAM organizations, which are free to set their own priorities, goals, policies, and standards. This model maximizes the authority of local groups to build practices that meet local requirements.
  • It may be challenging to resource and mature local practices. ITAM maturity will vary from one local organization to the next.
  • It is more likely that ITAM managers are a part-time role, and sometimes even a non-IT role. Local ITAM teams or coordinators may coordinate and share knowledge informally, but specialization can be challenging to build or leverage effectively across the organization.
  • There is likely no central ITAM tool. Local tools may be acquired, implemented, and integrated by local IT departments to suit their own needs, which can make it very difficult to report on assets organization-wide – for example, to establish compliance on an enterprise software contract.
Example: Decentralized


Example of a Decentralized ITAM.

Solid line. Direct reporting relationship

Dotted line. Dotted line working or reporting relationship

Blue dotted line. Informal working relationships, knowledge sharing

Hybrid: Federation

Centralization with a light touch

  • A middle ground between centralized and decentralized ITAM, this model balances centralized decision making, specialization, and governance with local autonomy.
  • A central team will define organization-wide ITAM goals, develop capabilities, policies, and standards, and monitor compliance by local and central teams. All local teams must comply with centrally defined requirements, but they can also develop further capabilities to meet local goals.
  • For example, there will typically be a central ITAM database that must be used for at least a subset of assets, but other teams may build their own databases for day-to-day operations and export data to the central database as required.
  • There are often overlapping responsibilities in this model. A strong collaborative relationship between central and local ITAM teams is especially important here, particularly after major changes to requirements, processes, tools, or staffing when issues and breakdowns are more likely.
Example: Federation


Example of a Federation ITAM.

Solid line. Direct reporting relationship

Purple solid line. Oversight/governance

Dotted line. Dotted line working or reporting relationship

Hybrid: Shared Services

Optional centralization

  • A special case of federated ITAM that balances central control and local autonomy, but with more power given to local IT to opt out of centralized shared services that come with centralized ITAM requirements.
  • ITAM requirements set by the shared services team will support management, allocation, and may have showback or chargeback implications. Following the ITAM requirements is a condition of service. If a local organization chooses to stop using shared services, they are (naturally) no longer required to adhere to the shared services ITAM requirements.
  • As with the federated model, local teams may develop further capabilities to meet local goals.
Example: Shared Services


Example of a Shared Services ITAM.

Solid line. Direct reporting relationship

Dotted line. Dotted line working relationship

Blue dotted line. Informal working relationships, knowledge sharing

Structure data collection & analysis

Consider the implications of structure on data.

Why centralize?
  • There is a need to build reports that aggregate data on assets organization-wide, rather than just assets within a local environment.
  • Decentralized ITAM tracking isn’t producing accurate or usable data, even for local purposes.
  • Tracking tools have overlapping functionality. There’s an opportunity to rationalize spend, management and support for ITAM tools.
  • Contract centralization can optimize spend and manage risks, but only with the data required to manage those contracts.
Why decentralize?
  • Tracking and reporting on local assets is sufficient to meet ITAM goals; there is limited or no need to track assets organization-wide.
  • Local teams have the skills to track and maintain asset data; subsidiaries have appropriate budgets and tools to support ITAM tracking.
  • Decentralized ITSM/ITAM tools are in place, populated, and accurate.
  • The effort to consolidate tools and processes may outweigh the benefits to data centralization.
  • Lots of variability in types of assets and the environment is stable.
Requirements for success:
  • A centralized IT asset management solution is implemented and managed.
  • Local teams must understand the why and how of centralized data tracking and be held accountable for assigned responsibilities.
  • The asset tool should offer both centralized and localized views of the data.
Requirements for success:
  • Guidelines and expectations for reporting to centralized asset management team will be well defined and supported.
  • Local asset managers will have opportunity to collaborate with others in the role for knowledge transfer and asset trading, where appropriate.

Structure budget and contract management

Contract consolidation creates economies of scale for vendor management and license pooling that strengthen your negotiating position with vendors and optimize spend.

Why centralize?
  • Budgeting, governance, and accountability are already centralized. Centralized ITAM practices can support the existing governance practices.
  • Centralizing contract management and negotiation can optimize spend and/or deliver access to better service.
  • Centralize management for contracts that cover most of the organization, are highly complex, involve large spend and/or higher risk, and will benefit from specialization of asset staff.
Why decentralize?
  • Budgeting, governance, and accountability rest with local organizations.
  • There may be increased need for high levels of customer responsiveness and support.
  • Decentralize contract management for contracts used only by local groups (e.g. a few divisions, a few specialized functions), and that are smaller, low risk, and come with standard terms and conditions.
Requirements for success:
  • A centralized IT asset management solution is implemented and managed.
  • Contract terms must be harmonized across the organization.
  • Centralized fulfillment is as streamlined as possible. For example, software contracts should include the right to install at any time and pay through a true-up process.
Requirements for success:
  • Any expectations for harmonization with the centralized asset management team will be well defined and supported.
  • Local asset managers can collaborate with other local ITAM leads to support knowledge transfer, asset swapping, etc.

Structure technology management

Are there opportunities to centralize or decentralize support functions?

Why centralize?
  • Standard technologies are deployed organization-wide.
  • There are opportunities to improve service and optimize costs by consolidating knowledge, service contracts, and support functions.
  • Centralizing data on product supply allows for easier harvest and redeployment of assets by a central support team.
  • A stable, central support function can better support localized needs during seasonal staffing changes, mergers and acquisitions.
Why decentralize?
  • Technology is unique to a local subset of users or customers.
  • Minimal opportunity for savings or better support by consolidating knowledge, service contracts, or support functions.
  • Refresh standards are set at a local level; new tech adoption may be impeded by a reliance on older technologies, local budget shortfalls, or other constraints.
  • Hardware may need to be managed locally if shipping costs and times can’t reasonably be met by a distant central support team.
Requirements for success:
  • Ensure required processes, technologies, skills, and knowledge are in place to enable centralized support.
  • Keep a central calendar of contract renewals, including reminders to start work on the renewal no less than 90 days prior. Prioritize contracts with high dollar value or high risk.
  • The central asset management solution should be configured to provide data that can enable the central support team.
Requirements for success:
  • Ensure required processes, technologies, skills, and knowledge are in place to enable decentralized support.
  • Decentralized support teams must understand and adhere to ITAM activities that are part of support work (e.g. data entry, data audits).
  • The central asset management solution should be configured to provide data that can enable the central support team, or decentralized asset solutions must be funded, and teams trained on their use.

2.3 Review ITAM Structure

1-2 hours

Input: Understanding of current organizational structure, Understanding of challenges and opportunities related to the current structure

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, ITAM business partners

Outline the current model for your organization and identify opportunities to centralize or decentralize ITAM-related activities.

  1. What model best describes how ITAM should be structured in your organization? Modify the slide outlining structure as a group to outline your own organization, as required.
  2. In the table below, outline opportunities to centralize or decentralize data tracking, budget and contract management, and technology management activities.
Centralize Decentralize
Data collection & analysis
  • Make better use of central ITAM database.
  • Support local IT departments building runbooks for data tracking during lifecycle activities (create templates, examples)
Budget and contract management
  • Centralize Microsoft contracts.
  • Create a runbook to onboard new companies to MSFT contracts.
  • Create tools and data views to support local department budget exercises.
Technology management
  • Ensure all end-user devices are visible to centrally managed InTune, ConfigMgr.
  • Enable direct shipping from vendor to local sites.
  • Establish disposal/pickup at local sites.

Add your results to your copy of the ITAM Strategy Template

Step 2.4: Create a RACI

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • ITAM business partners

Outcomes

  • Review the role of the IT asset manager.
  • Identify who’s responsible, accountable, consulted, and informed for key ITAM activities.

Empower your asset manager

The asset manager is the critical ITAM role. Ensure they’re positioned to succeed.

There’s too much change in the technology and business environment to expect ITAM to be “a problem to solve.” It is a practice that requires care and feeding through regular iteration to achieve success. At the helm of this practice is your asset manager, whose approach and past experience will have a significant impact on how you approach ITAM.

The asset manager role requires a variety of skills, knowledge, and abilities including:

  • Operations, process, and practice management.
  • An ability to communicate, influence, negotiate, and facilitate.
  • Organizational knowledge and relationship management.
  • Contract and license agreement analysis, attention to detail.
  • Natural curiosity and a willingness to learn.
  • A strong understanding of technologies in use by the organization, and how they fit into the asset management program.
Where the asset manager sits in the organization will also have an impact on their focus and priorities. When the asset manager reports into a service team, their focus will often reflect their team’s focus: end-user devices and software, customer satisfaction, request fulfillment. Asset teams that report into a leadership or governance function will be more likely to focus on organization-wide assets, governance, budget management, and compliance.

“Where your asset manager sits, and what past experience they have, is going to influence how they do asset management.” (Jeremy Boerger, Consultant & Author)

“It can be annoying at times, but a good IT asset manager will poke their nose into activities that do not obviously concern them, such as programme and project approval boards and technical design committees. Their aim is to identify and mitigate ITAM risks BEFORE the technology is deployed as well as to ensure that projects and solutions ‘bake in’ the necessary processes and tools that ensure IT assets can be managed effectively throughout their lifecycle.” (Kylie Fowler, ITAM by Design, 2017)

IT asset managers must have a range of skills and knowledge

  • ITAM Operations, Process, and Practice Management
    The asset manager is typically responsible for managing and improving the ITAM practice and related processes and tools. The asset manager may administer the ITAM tool, develop reports and dashboards, evaluate and implement new technologies or services to improve ITAM maturity, and more.
  • Organizational Knowledge
    An effective IT asset manager has a good understanding of your organization and its strategy, products, stakeholders, and culture.
  • Technology & Product Awareness
    An IT asset manager must learn about new and changing technologies and products adopted by the organization (e.g. IoT, cloud) and develop recommendations on how to track and manage them via the ITAM practice.
A book surrounded by icons corresponding to the bullet points.
  • People Management
    Asset managers often manage a team directly and have dotted-line reports across IT and the business.
  • Communication
    Important in any role, but particularly critical where learning, listening, negotiation, and persuasion are so critical.
  • Finance & Budgeting
    A foundational knowledge of financial planning and budgeting practices is often helpful, where the asset manager is asked to contribute to these activities.
  • Contract Review & Analysis
    Analyze new and existing contracts to evaluate changes, identify compliance requirements, and optimize spend.

Assign ITAM responsibilities and accountabilities

Align authority and accountability.
  • A RACI exercise will help you discuss and document accountability and responsibility for critical ITAM activities.
  • When responsibility and accountability are not currently well documented, it’s often useful to invite a representative of the roles identified to participate in this alignment exercise. The discussion can uncover contrasting views on responsibility and governance, which can help you build a stronger management and governance model.
  • The RACI chart can help you identify who should be involved when making changes to a given activity. Clarify the variety of responsibilities assigned to each key role.
  • In the future, you may need to define roles in more detail as you change your hardware and software asset management procedures.

R

Responsible: The person who actually gets the job done.

Different roles may be responsible for different aspects of the activity relevant to their role.

A

Accountable: The one role accountable for the activity (in terms completion, quality, cost, etc.)

Must have sufficient authority to be held accountable; responsible roles are often accountable to this role.

C

Consulted: Must have the opportunity to provide meaningful input at certain points in the activity.

Typically, subject matter experts or stakeholders. The more people you must consult, the more overhead and time you’ll add to a process.

I

Informed: Receives information regarding the task, but has no requirement to provide feedback.

Information might relate to process execution, changes, or quality.

2.4 Conduct a RACI Exercise

1-2 hours

Input: An understanding of key roles and activities in ITAM practices, An understanding of your organization, High-level structure of your ITAM program

Output: A RACI diagram for IT asset management

Materials: The table in the next slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, ITAM business partners

Let’s face it – RACI exercises can be dry. We’ve found that the approach below is more collaborative, engaging, and effective compared to filling out the table as a large group.

  1. Create a shared working copy of the RACI charts on the following slides (e.g. write it out on a whiteboard or provide a link to this document and work directly in it).
  2. Review the list of template roles and activities as a group. Add, change, or remove roles and activities from the table as needed.
  3. Divide into small groups. Assign each group a set of roles, and have them define whether that role is accountable, responsible, consulted, or informed for each activity in the chart. Refer to the previous slide for context on RACI. Give everyone 15 minutes to update their section of the chart.
  4. Come back together as a large group to review the chart. First, check for accountability – there should generally be just one role accountable for each activity. Then, have each small group walk through their section, and encourage participants to ask questions. Is there at least one role responsible for each task, and what are they responsible for? Does everyone listed as consulted or informed really need to be? Make any necessary adjustments.

Add your results to your copy of the ITAM Strategy Template

Define ITAM governance activities

RACI Chart for ITAM governance activities. In the first column is a list of governance activities, and the row headers are positions within a company. Fields are marked with an R, A, C, or I.

Document asset management responsibilities and accountabilities

RACI Chart for ITAM asset management responsibilities and accountabilities. In the first column is a list of responsibilities and accountabilities, and the row headers are positions within a company. Fields are marked with an R, A, C, or I.

Step 2.5: Align ITAM with other Service Management Practices

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers

Outcomes

  • Establish shared and separate responsibilities for asset and configuration management.
  • Identify how ITAM can support other practices, and how other practices can support ITAM.

Asset vs. Configuration

Asset and configuration management look at the same world through different lenses.
  • IT asset management tends to focus on each IT asset in its own right: assignment or ownership, its lifecycle, and related financial obligations and entitlements.
  • Configuration management is focused on configuration items (CIs) that must be managed to deliver a service and the relationships and integrations to other CIs.
  • ITAM and configuration management teams and practices should work closely together. Though asset and configuration management focus on different outcomes, they tend use overlapping tools and data sets. Each practice, when working effectively, can strengthen the other.
  • Many objects will exist in both the CMDB and AMDB, and the data on those shared objects will need to be kept in sync.
Asset and Configuration Management: An Example

Configuration Management Database (CMDB)

A database of uniquely identified configuration items (CIs). Each CI record may include information on:
Service Attributes

Supported Service(s)
Service Description, Criticality, SLAs
Service Owners
Data Criticality/Sensitivity

CI Relationships

Physical Connections
Logical Connections
Dependencies

Arrow connector.

Discovery, Normalization, Dependency Mapping, Business Rules*

Manual Data Entry

Arrow connector.
This shared information could be attached to asset records, CI records, or both, and it should be synchronized between the two databases where it’s tracked in both.
Hardware Information

Serial, Model and Specs
Network Address
Physical Location

Software Installations

Hypervisor & OS
Middleware & Software
Software Configurations

Arrow connector.

Asset Management Database (AMDB)

A database of uniquely identified IT assets. Each asset record may include information on:
Procurement/Purchasing

Purchase Request/Purchase Order
Invoice and Cost
Cost Center
Vendor
Contracts and MSAs
Support/Maintenance/Warranties

Asset Attributes

Model, Title, Product Info, License Key
Assigned User
Lifecycle Status
Last ITAM Audit Date
Certificate of Disposal

Arrows connecting multiple fields.

IT Security Systems

Vulnerability Management
Threat Management
SIEM
Endpoint Protection

IT Service Management (ITSM) System

Change Tickets
Request Tickets
Incident Tickets
Problem Tickets
Project Tickets
Knowledgebase

Financial System/ERP

General Ledger
Accounts Payable
Accounts Receivable
Enterprise Assets
Enterprise Contract Database

(*Discovery, dependency mapping, and data normalization are often features or modules of configuration management, asset management, or IT service management tools.)

2.5 Integrate ITAM and configuration practices

45 minutes

Input: Knowledge of the organization’s configuration management processes

Output: Define how ITAM and configuration management will support one another

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, Configuration manager

Work through the table below to identify how you will collaborate and synchronize data across ITAM and configuration management practices and tools.

What are the goals (if any currently exist) for the configuration management practice? Connect configuration items to services to support service management.
How will configuration and asset management teams collaborate? Weekly status updates. As-needed working sessions.
Shared visibility on each others’ Kanban tracker.
Create tickets to raise and track issues that require collaboration or attention from the other team.
How can config leverage ITAM? Connect CIs to financial, contractual, and ownership data.
How can ITAM leverage config? Connect assets to services, changes, incidents.
What key fields will be primarily tracked/managed by ITAM? Serial number, unique ID, user, location, PO number, …
What key fields will be primarily tracked/managed by configuration management? Supported service(s), dependencies, service description, service criticality, network address…

Add your results to your copy of the ITAM Strategy Template

ITAM supports service management

Decoupling asset management from other service management practices can result in lost value. Establish how asset management can support other service management practices – and how those practices can support ITAM.

Incident Management

What broke?
Was it under warranty?
Is there a service contract?
Was it licensed?
Who was it assigned to?
Is it end-of-life?

ITAM
Practice

Request Management

What can this user request or purchase?
What are standard hardware and software offerings?
What does the requester already have?
Are there items in inventory to fulfil the request?
Did we save money by reissuing equipment?
Is this a standard request?
What assets are being requested regularly?

What IT assets are related to the known issue?
What models and vendors are related to the issue?
Are the assets covered by a service contract?
Are other tickets related to this asset?
What end-of-life assets have been tied to incidents recently?

Problem Management

What assets are related to the change?
Is the software properly licensed?
Has old equipment been properly retired and disposed?
Have software licenses been returned to the pool?
Is the vendor support on the change part of a service contract?

Change Enablement

2.5. Connect with other IT service practices

45 minutes

Input: Knowledge of existing organizational IT service management processes

Output: Define how ITAM will help other service management processes, and how other service management processes will help ITAM

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, Service leads

Complete the table below to establish what ITAM can provide to other service management practices, and what other practices can provide to ITAM.

Practice ITAM will help Will help ITAM
Incident Management Provide context on assets involved in an incident (e.g. ownership, service contracts). Track when assets are involved in incidents (via incident tickets).
Request Management Oversee request & procurement processes. Help develop asset standards. Enter new assets in ITAM database.
Problem Management Collect information on assets related to known issues. Report back on models/titles that are generating known issues.
Change Enablement Provide context on assets for change review. Ensure EOL assets are retired and licenses are returned during changes.
Capacity Management Identify ownership, location for assets at capacity. Identify upcoming refreshes or purchases.
Availability Management Connect uptime and reliability to assets. Identify assets that are causing availability issues.
Monitoring and Event Management Provide context to events with asset data. Notify asset of unrecognized software and hardware.
Financial Management Establish current and predict future spending. Identify upcoming purchases, renewals.

Add your results to your copy of the ITAM Strategy Template

Step 2.6: Evaluate ITAM tools and integrations

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers

Outcomes

  • Create a list of the ITAM tools currently in use, how they’re used, and their current limitations.
  • Identify new tools that could provide value to the ITAM practice, and what needs to be done to acquire and implement them.

“Everything is connected. Nothing is also connected.” (Dirk Gently’s Holistic Detective Agency)

Establish current strengths and gaps in your ITAM toolset

ITAM data quality relies on tools and integrations that are managed by individuals or teams who don’t report directly to the ITAM function.

Without direct line of sight into tools management, the ITAM team must influence rather than direct improvement initiatives that are in some cases critical to the performance of the ITAM function. To more effectively influence improvement efforts, you must explicitly identify what you need, why you need it, from which tools, and from which stakeholders.

Data Sources
Procurement Tools
Discovery Tools
Active Directory
Purchase Documents
Spreadsheets
Input To Asset System(s) of Record
ITAM Database
ITSM Tool
CMDB
Output To Asset Data Consumption
ITFM Tools
Security Tools
TEM Tools
Accounting Tools
Spreadsheets
“Active Directory plays a huge role in audit defense and self-assessment, but no-one really goes out there and looks at Active Directory.

I was talking to one organization that has 1,600,000 AD records for 100,000 employees.” (Mike Austin, Founder, MetrixData 360)

2.6 Evaluate ITAM existing technologies

30 minutes

Input: Knowledge of existing ITAM tools

Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

Identify the use, limitations, and next steps for existing ITAM tools, including those not directly managed by the ITAM team.

  1. What tools do we have today?
  2. What are they used for? What are their limitations?
  3. Who manages them?
  4. What actions could we take to maximize the value of the tools?
Existing Tool Use Constraints Owner Proposed Action?
ITAM Module
  • Track HW/SW
  • Connect assets to incident, request
  • Currently used for end-user devices only
  • Not all divisions have access
  • SAM capabilities are limited
ITAM Team/Service Management
  • Add license for additional read/write access
  • Start tracking infra in this tool
Active Directory
  • Store user IDs, organizational data
Major data quality issues IT Operations
  • Work with AD team to identify issues creating data issues

Add your results to your copy of the ITAM Strategy Template

2.6 Identify potential new tools

30 minutes

Input: Knowledge of tooling gaps, An understanding of available tools that could remediate gaps

Output: New tools that can improve ITAM capabilities, including expected value and proposed next steps

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers

Identify tools that are required to support the identified goals of the ITAM practice.

  1. What types of tools do we need that we don’t have?
  2. What could these tools help us do?
  3. What needs to be done next to investigate or acquire the appropriate tool?
New Tool Expected Value Proposed Next Steps
SAM tool
  • Automatically calculate licensing entitlements from contract data.
  • Automatically calculate licensing requirements from discovery data.
  • Support gap analyses.
  • Further develop software requirements.
  • Identify vendors in the space and create a shortlist.

Add your results to your copy of the ITAM Strategy Template

Step 2.7: Create a plan for internal and external audits

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • ITAM business partners

Outcomes

  • Establish your approach to internal data audits.
  • Create a high-level response plan for external audits.

Validate ITAM data via internal audits

Data audits provide assurance that the records in the ITAM database are as accurate as possible. Consider these three approaches:

Compare Tool Records

Audit your data by comparing records in the ITAM system to other discovery sources.

  • Ideally, use three separate data sources (e.g. ITAM database, discovery tool, security tool). Use a common field, such as the host name, to compare across fields. (To learn more about discovery tool analysis, see Jeremy Boerger’s book, Rethinking IT Asset Management.)
  • Run reports to compare records and identify discrepancies. This could include assets missing from one system or metadata differences such as different users or installed software.
  • Over time, discrepancies between tools should be well understood and accepted; otherwise, they should be addressed and remediated.
IT-led Audit

Conduct a hands-on investigation led by ITAM staff and IT technicians.

  • In-person audits require significant effort and resources. Each audit should be scoped and planned ahead of time to focus on known problem areas.
  • Provide the audit team with exact instructions on what needs to be verified and recorded. Depending on the experience and attention to detail of the audit team, you may need to conduct spot checks to ensure you’re catching any issues in the audit process itself.
  • Automation should be used wherever possible (e.g. through barcodes, scanners, and tables for quick access to ITAM records).
User-led audit

Have users validate the IT assets assigned to them.

  • Even more than IT-led audits: don’t use this approach too frequently; keep the scope as narrow as possible and the process as simple as possible.
  • Ensure users have all the information and tools they’ll need readily available to complete this task, or the result will be ineffective and will only frustrate your users.
  • Consider a process integrated with your ITSM tool: once a year, when a user logs in to the portal, they will be asked to enter the asset code for their laptop (and provided with instructions on where to find that code). Investigate discrepancies between assignments and ITAM records.

2.7 Set an approach to internal data audits

30 minutes

Input: An understanding of current data audit capabilities and needs

Output: An outline of how you’ll approach data audits, including frequency, scope, required resources

Materials: Your copy of the ITAM Strategy Template

Participants: ITAM team

Review the three internal data audit approaches outlined on the previous slide, and identify which of the three approaches you’ll use. For each approach, complete the fields in the table below.

Audit Approach How often? What scope? Who’s involved? Comments
Compare tool records Monthly Compare ITAM DB, Intune/ConfigMgr, and Vulnerability Scanner Data; focus on end-user devices to start Asset manager will lead at first.
Work with tool admins to pull data and generate reports.
IT-led audit Annual End-user devices at a subset of locations Asset manager will work with ITSM admins to generate reports. In-person audit to be conducted by local techs.
User-led audit Annual Assigned personal devices (start with a pilot group) Asset coordinator to develop procedure with ITSM admin. Run pilot with power users first.

Add your results to your copy of the ITAM Strategy Template

Prepare for and respond to external audits and true-ups

Are you ready when software vendors come knocking?

  • Vendor audits are expensive.
  • If you’re out of compliance, you will at minimum be required to pay the missing license fees. At their discretion, vendors may choose to add punitive fees and require you to cover the hourly cost of their audit teams. If you choose not to pay, the vendor could secure an injunction to cut off your service, which in many cases will be far more costly than the fines. And this is aside from the intangible costs of the disruption to your business and damaged relationships between IT, ITAM, your business, and other partners.
  • Having a plan to respond to an audit is critical to reducing audit risk. Preparation will help you coordinate your audit response, ensure the audit happens on the most favorable possible terms, and even prevent some audits from happening in the first place.
  • The best defense, as they say, is a good offense. Good ITAM and SAM processes will allow you to track acquisition, allocation, and disposal of software licenses; understand your licensing position; and ensure you remain compliant whenever possible. The vendor has no reason to audit you when there’s nothing to find.
  • Know when and where your audit risk is greatest, so you can focus your resources where they can deliver the most value.
“If software audits are a big part of your asset operations, you have problems. You can reduce the time spent on audits and eliminate some audits by having a proactive ITAM practice.” (Sandi Conrad, Principal Research Director)

Info-Tech Insight

Audit defense starts long before you get audited. For an in-depth review of your audit approach, see Info-Tech’s Prepare and Defend Against a Software Audit.

Identify areas of higher audit risk

Watch for these warning signs
  • Your organization is visibly fighting fires. Signs of disorder may signal to vendors that there are opportunities to exploit via an audit. Past audit failures make future audits more likely.
  • You are looking for ways to decrease spend. Vendors may counter attempts to true-down licensing by launching an audit to try to find unlicensed software that provides them leverage to negotiate maintained or even increased spending.
  • Your license/contract terms with the vendor are particularly complex or highly customized. Very complex terms may make it harder to validate your own compliance, which may present opportunities to the vendor in an audit.
  • The vendor has earned a reputation for being particularly aggressive with audits. Some vendors include audits as a standard component of their business model to drive revenue. This may include acquiring smaller vendors or software titles that may not have been audit-driven in the past, and running audits on their new customer base.

“The reality is, software vendors prey on confusion and complication. Where there’s confusion, there’s opportunity.” (Mike Austin, Founder, MetrixData 360)

Develop an audit response plan

You will be on the clock once the vendor sends you an audit request. Have a plan ready to go.
  • Don’t panic: Resist knee-jerk reactions. Follow the plan.
  • Form an audit response team and centralize your response: This team should be led by a member of the ITAM group, and it should include IT leadership, software SMEs, representatives from affected business areas, vendor management, contract management, and legal. You may also need to bring on a contractor with deep expertise with the vendor in question to supplement your internal capabilities. Establish clearly who will be the point of contact with the vendor during the audit.
  • Clarify the scope of the audit: Clearly establish what the audit will cover – what products, subsidiaries, contracts, time periods, geographic regions, etc. Manage the auditors to prevent scope creep.
  • Establish who covers audit costs: Vendors may demand the auditee cover the hourly cost of their audit team if you’re significantly out of compliance. Consider asking the vendor to pay for your team’s time if you’re found to be compliant.
  • Know your contract: Vendors’ contracts change over time, and it’s no guarantee that even your vendor’s licensing experts will be aware of the rights you have in your contract. You must know your entitlements to negotiate effectively.
  1. Bring the audit request received to the attention of ITAM and IT leadership. Assemble the response team.
  2. Acknowledge receipt of audit notice.
  3. Negotiate timing and scope of the audit.
  4. Direct staff not to remove or acquire licenses for software under audit without directly involving the ITAM team first.
  5. Gather installation data and documentation to establish current entitlements, including original contract, current contract, addendums, receipts, invoices.
  6. Compare entitlements to installed software.
  7. Investigate any anomalies (e.g. unexpected or non-compliant software).
  8. Review results with the audit response team.

2.7 Clarify your vendor audit response plan

1 hour

Input: Organizational knowledge on your current audit response procedures

Output: Audit response team membership, High-level audit checklist, A list of things to start, stop, and continue doing as part of the audit response

Materials: Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, ITAM business partners

  1. Who’s on the audit response team, and what’s their role? Who will lead the team? Who will be the point of contact with the auditor?
  2. What are the high-level steps in our audit response workflow? Use the example checklist below as a starting point.
  3. What do we need to start, stop, and continue doing in response to audit requests?

Example Audit Checklist

  • Bring the audit request received to the attention of ITAM and IT leadership. Assemble the response team.
  • Acknowledge receipt of audit notice.
  • Negotiate timing and scope of the audit.
  • Direct staff not to remove or acquire licenses for software under audit without directly involving the ITAM team first.
  • Gather installation data and documentation to establish current entitlements, including original contract, current contract, addendums, receipts, invoices.
  • Compare entitlements to installed software.
  • Investigate any anomalies (e.g. unexpected or non-compliant software).
  • Review results with the audit response team.

Add your results to your copy of the ITAM Strategy Template

Step 2.8: Improve budget processes

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers
  • ITAM business partners

Outcomes

  • Identify what you need to start, stop, and continue to do to support budgeting processes.

Improve budgeting and forecasting

Insert ITAM into budgeting processes to deliver significant value.

Some examples of what ITAM can bring to the budgeting table:
  • Trustworthy data on deployed assets and spending obligations tied to those assets.
  • Projections of hardware due for replacement in terms of quantity and spend.
  • Knowledge of IT hardware and software contract terms and pricing.
  • Lists of unused or underused hardware and software that could be redeployed to avoid spend.
  • Comparisons of spend year-over-year.

Being part of the budgeting process positions ITAM for success in other ways:

  • Helps demonstrate the strategic value of the ITAM practice.
  • Provides insight into business and IT strategic projects and priorities for the year.
  • Strengthens relationships with key stakeholders, and positions the ITAM team as trusted partners.

“Knowing what you have [IT assets] is foundational to budgeting, managing, and optimizing IT spend.” (Dave Kish, Info-Tech, Practice Lead, IT Financial Management)

Stock image of a calculator.

2.8 Build better budgets

20 minutes

Input: Context on IT budgeting processes

Output: A list of things to start, stop, and continue doing as part of budgeting exercises

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, ITAM business partners

What should we start, stop, and continue doing to support organizational budgeting exercises?

Start Stop Continue
  • Creating buckets of spend and allocating assets to those buckets.
  • Zero-based review on IaaS instances quarterly.
  • Develop dashboards plugged into asset data for department heads to view allocated assets and spend.
  • Create value reports to demonstrate hard savings as well as cost avoidance.
  • Waiting for business leaders to come to us for help (start reaching out with reports proactively, three months before budget cycle).
  • % increases on IT budgets without further review.
  • Monthly variance budget analysis.
  • What-if analysis for asset spend based on expected headcount increases.

Add your results to your copy of the ITAM Strategy Template

Step 2.9: Establish a documentation framework

Participants

  • Project sponsor and lead facilitator
  • ITAM team

Outcomes

  • Identify key documentation and gaps in your documentation.
  • Establish where documentation should be stored, who should own it, who should have access, and what should trigger a review.

Create ITAM documentation

ITAM documentation will typically support governance or operations.

Long-term planning and governance
  • ITAM policy and/or related policies (procurement policy, security awareness policy, acceptable use policy, etc.)
  • ITAM strategy document
  • ITAM roadmap or burndown list
  • Job descriptions
  • Functional requirements documents for ITAM tools

Operational documentation

  • ITAM SOPs (hardware, software) and workflows
  • Detailed work instructions/knowledgebase articles
  • ITAM data/records
  • Contracts, purchase orders, invoices, MSAs, SOWs, etc.
  • Effective Licensing Position (ELP) reports
  • Training and communication materials
  • Tool and integration documentation
  • Asset management governance, operations, and tools typically generate a lot of documentation.
  • Don’t create documentation for the sake of documentation. Prioritize building and maintaining documentation that addresses major risks or presents opportunities to improve the consistency and reliability of key processes.
  • Maximize the value of ITAM documentation by ensuring it is as current, accessible, and usable as it needs to be.
  • Clearly identify where documentation is stored and who should have access to it.
  • Identify who is accountable for the creation and maintenance of key documentation, and establish triggers for reviews, updates, and changes.

Consider ITAM policies

Create policies that can and will be monitored and enforced.
  • Certain requirements of the ITAM practice may need to be backed up by corporate policies: formal statements of organizational expectations that must be recognized by staff, and which will lead to sanctions/penalties if breached.
  • Some organizations will choose to create one or more ITAM-specific policies. Others will include ITAM-related statements in other existing policies, such as acceptable use policies, security training and awareness policies, procurement policies, configuration policies, e-waste policies, and more.
  • Ensure that you are prepared to monitor compliance with policies and evenly enforce breaches of policy. Failing to consistently enforce your policies exposes you and your organization to claims of negligence or discriminatory conduct.
  • For a template for ITAM-specific policies, see Info-Tech’s policy templates for Hardware Asset Management and Software Asset Management.

2.9 Establish documentation gaps

15-30 minutes

Input: An understanding of existing documentation gaps and risks

Output: Documentation gaps, Identified owners, repositories, access rights, and review/update protocols

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, Optional: IT managers, ITAM business partners

Discuss and record the following:

  • What planning/governance, operational, and tooling documentation do we still need to create? Who is accountable for the creation and maintenance of these documents?
  • Where will the documentation be stored? Who can access these documents?
  • What will trigger reviews or changes to the documents?
Need to Create Owner Stored in Accessible by Trigger for review
Hardware asset management SOP ITAM manager ITAM SharePoint site › Operating procedures folder
  • All IT staff
  • Annual review
  • As-needed for major tooling changes that require a documentation update

Add your results to your copy of the ITAM Strategy Template

Step 2.10: Create a roadmap and communication plan

Participants

  • Project sponsor and lead facilitator
  • ITAM team
  • IT leaders and managers

Outcomes

  • A timeline of key ITAM initiatives.
  • Improvement ideas aligned to key initiatives.
  • A communication plan tailored to key stakeholders.
  • Your ITAM Strategy document.

“Understand that this is a journey. This is not a 90-day project. And in some organizations, these journeys could be three or five years long.” (Mike Austin, MetrixData 360)

2.10 Identify key ITAM initiatives

30-45 minutes

Input: Organizational strategy documents

Output: A roadmap that outlines next steps

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, Project sponsor

  1. Identify key initiatives that are critical to improving practice maturity and meeting business goals.
  2. There should only be a handful of really key initiatives. This is the work that will have the greatest impact on your ability to deliver value. Too many initiatives muddy the narrative and can distract from what really matters.
  3. Plot the target start and end dates for each initiative in the business and IT transformation timeline you created in Phase 1.
  4. Review the chart and consider – what new capabilities should the ITAM practice have once the identified initiatives are complete? What transformational initiatives will you be better positioned to support?

Add your results to your copy of the ITAM Strategy Template

Transformation Timeline

Example transformation timeline with row headers 'Business Inititiaves', 'IT Initiatives', and 'ITAM Initiatives'. Each initiative is laid out along the timeline appropriately.

2.10 Align improvement ideas to initiatives

45 minutes

Input: Key initiatives, Ideas for ITAM improvement collected over the course of previous exercises

Output: Concrete action items to support each initiative

Materials: The table in the next slide, Your copy of the ITAM Strategy Template

Participants: ITAM team, IT leaders and managers, Project sponsor

As you’ve been working through the previous exercises, you have been tracking ideas for improvement – now we’ll align them to your roadmap.

  1. Review the list of ideas for improvement you’ve produced over the working sessions. Consolidate the list – are there any ideas that overlap or complement each other? Record any new ideas. Frame each idea as an action item – something you can actually do.
  2. Connect the action items to initiatives. It may be that not every action item becomes part of a key initiative. (Don’t lose ideas that aren’t part of key initiatives – track them in a separate burndown list or backlog.)
  3. Identify a target completion date and owner for each action item that’s part of an initiative.

Add your results to your copy of the ITAM Strategy Template

Example ITAM initiatives

Initiative 1: Develop hardware/software standards
Task Target Completion Owner
Laptop standards Q1-2023 ITAM manager
Identify/eliminate contracts for unused software using scan tool Q2-2023 ITAM manager
Review O365 license levels and standard service Q3-2023 ITAM manager

Initiative 2: Improve ITAM data quality
Task Target Completion Owner
Implement scan agent on all field laptops Q3-2023 Desktop engineer
Conduct in person audit on identified data discrepancies Q1-2024 ITAM team
Develop and run user-led audit Q1-2024 Asset manager

Initiative 3: Acquire & implement a new ITAM tool
Task Target Completion Owner
Select an ITAM tool Q3-2023 ITAM manager
Implement ITAM tool, incl. existing data migration Q1-2024 ITAM manager
Training on new tool Q1-2024 ITAM manager
Build KPIs, executive dashboards in new tool Q2-2024 Data analyst
Develop user-led audit functionality in new tool Q3-2024 ITAM coordinator

2.10 Create a communication plan

45 minutes

Input: Proposed ITAM initiatives, Stakeholder priorities and goals, and an understanding of how ITAM can help them meet those goals

Output: A high-level communication plan to communicate the benefits and impact of proposed changes to the ITAM program

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: IT asset manager, Project sponsor

Develop clear, consistent, and targeted messages to key ITAM stakeholders.

  1. Modify the list of stakeholders in the first column.
  2. What benefits should those stakeholders realize from ITAM? What impact may the proposed improvements have on them? Refer back to exercises from Phase 1, where you identified key stakeholders, their priorities, and how ITAM could help them.
  3. Identify communication channels (in-person, email, all-hands meeting, etc.) and timing – when you’ll distribute the message. You may choose to use more than one channel, and you may need to convey the message more than once.
Group ITAM Benefits Impact Channel(s) Timing
CFO
  • More accurate IT spend predictions
  • Better equipment utilization and value for money
  • Sponsor integration project between ITAM DB and financial system
  • Support procurement procedures review
Face-to-face – based on their availability Within the next month
CIO
  • Better oversight into IT spend
  • Data to help demonstrate IT value
  • Resources required to support tool and ITAM process improvements
Standing bi-monthly 1:1 meetings Review strategy at next meeting
IT Managers
Field Techs

Add your results to your copy of the ITAM Strategy Template

2.10 Put the final touches on your ITAM Strategy

30 minutes

Input: Proposed ITAM initiatives, Stakeholder priorities and goals, and an understanding of how ITAM can help them meet those goals

Output: A high-level communication plan to communicate the benefits and impact of proposed changes to the ITAM program

Materials: The table in this slide, Your copy of the ITAM Strategy Template

Participants: IT asset manager, Project sponsor

You’re almost done! Do a final check of your work before you send a copy to your participants.

  1. Summarize in three points the key findings from the activities you’ve worked through. What have you learned? What are your priorities? What key message do you need to get across? Add these to the appropriate slide near the start of the ITAM Strategy Template.
  2. What are your immediate next steps? Summarize no more than five and add them to the appropriate slide near the start of the ITAM Strategy Template.
    1. Are you asking for something? Approval for ITAM initiatives? Funding? Resources? Clearly identify the ask as part of your next steps.
  3. Are the KPIs identified in Phase 1 still valid? Will they help you monitor for success in the initiatives you’ve identified in Phase 2? Make any adjustments you think are required to the KPIs to reflect the additional completed work.

Add your results to your copy of the ITAM Strategy Template

Research Contributors and Experts

Kylie Fowler
Principal Consultant
ITAM Intelligence

Kylie is an experienced ITAM/FinOps consultant with a track record of creating superior IT asset management frameworks that enable large companies to optimize IT costs while maintaining governance and control.

She has operated as an independent consultant since 2009, enabling organizations including Sainsbury's and DirectLine Insurance to leverage the benefits of IT asset management and FinOps to achieve critical business objectives. Recent key projects include defining an end-to-end SAM strategy, target operating model, policies and processes which when implemented provided a 300% ROI.

She is passionate about supporting businesses of all sizes to drive continuous improvement, reduce risk, and achieve return on investment through the development of creative asset management and FinOps solutions.

Rory Canavan
Owner and Principal Consultant
SAM Charter

Rory is the founder, owner, and principal consultant of SAM Charter, an internationally recognized consultancy in enterprise-wide Software & IT Asset Management. As an industry leader, SAM Charter is uniquely poised to ensure your IT & SAM systems are aligned to your business requirements.

With a technical background in business and systems analysis, Rory has a wide range of first-hand experience advising numerous companies and organizations on the best practices and principles pertaining to software asset management. This experience has been gained in both military and civil organizations, including the Royal Navy, Compaq, HP, the Federation Against Software Theft (FAST), and several software vendors.

Research Contributors and Experts

Jeremy Boerger
Founder, Boerger Consulting
Author of Rethinking IT Asset Management

Jeremy started his career in ITAM fighting the Y2K bug at the turn of the 21st century. Since then, he has helped companies in manufacturing, healthcare, banking, and service industries build and rehabilitate hardware and software asset management practices.

These experiences prompted him to create the Pragmatic ITAM method, which directly addresses and permanently resolves the fundamental flaws in current ITAM and SAM implementations.

In 2016, he founded Boerger Consulting, LLC to help business leaders and decision makers fully realize the promises a properly functioning ITAM can deliver. In his off time, you will find him in Cincinnati, Ohio, with his wife and family.

Mike Austin
Founder and CEO
MetrixData 360

Mike Austin leads the delivery team at MetrixData 360. Mike brings more than 15 years of Microsoft licensing experience to his clients’ projects. He assists companies, from Fortune 500 to organizations with as few as 500 employees, with negotiations of Microsoft Enterprise Agreements (EA), Premier Support Contracts, and Select Agreements. In addition to helping negotiate contracts, he helps clients build and implement software asset management processes.

Previously, Mike was employed by Microsoft for more than 8 years as a member of the global sales team. With Microsoft, Mike successfully negotiated more than a billion dollars in new and renewal EAs. Mike has also negotiated legal terms and conditions for all software agreements, developed Microsoft’s best practices for global account management, and was awarded Microsoft’s Gold Star Award in 2003 and Circle of Excellence in 2008 for his contributions.

Bibliography

“Asset Management.” SFIA v8. Accessed 17 March 2022.

Boerger, Jeremy. Rethinking IT Asset Management. Business Expert Press, 2021.

Canavan, Rory. “C-Suite Cheat Sheet.” SAM Charter, 2021. Accessed 17 March 2022.

Fisher, Matt. “Metrics to Measure SAM Success.” Snow Software, 26 May 2015. Accessed 17 March 2022.

Flexera (2021). “State of ITAM Report.” Flexera, 2021. Accessed 17 March 2022.

Fowler, Kylie. “ITAM by design.” BCS, The Chartered Institute for IT, 2017. Accessed 17 March 2022.

Fowler, Kylie. “Ch-ch-ch-changes… Is It Time for an ITAM Transformation?” ITAM Intelligence, 2021. Web. Accessed 17 March 2022.

Fowler, Kylie. “Do you really need an ITAM policy?” ITAM Accelerate, 15 Oct. 2021. Accessed 17 March 2022.

Hayes, Chris. “How to establish a successful, long-term ITAM program.” Anglepoint, Sept. 2021. Accessed 17 March 2022.

ISO/IEC 19770-1-2017. IT Asset Management Systems – Requirements. Third edition. ISO, Dec 2017.

Joret, Stephane. “IT Asset Management: ITIL® 4 Practice Guide”. Axelos, 2020.

Jouravlev, Roman. “IT Service Financial Management: ITIL® 4 Practice Guide”. Axelos, 2020.

Pagnozzi, Maurice, Edwin Davis, Sam Raco. “ITAM Vs. ITSM: Why They Should Be Separate.” KPMG, 2020. Accessed 17 March 2022.

Rumelt, Richard. Good Strategy, Bad Strategy. Profile Books, 2013.

Stone, Michael et al. “NIST SP 1800-5 IT Asset Management.” Sept, 2018. Accessed 17 March 2022.

Master Contract Review and Negotiation for Software Agreements

  • Buy Link or Shortcode: {j2store}170|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • Internal stakeholders usually have different – and often conflicting – needs and expectations that require careful facilitation and management.
  • Vendors have well-honed negotiating strategies. Without understanding your own position and leverage points, it’s difficult to withstand their persuasive – and sometimes pushy – tactics.
  • Software – and software licensing – is constantly changing, making it difficult to acquire and retain subject matter expertise.

Our Advice

Critical Insight

  • Conservatively, it’s possible to save 5% of the overall IT budget through comprehensive software contract review.
  • Focus on the terms and conditions, not just the price.
  • Learning to negotiate is crucial.

Impact and Result

  • Look at your contract holistically to find cost savings.
  • Guide communication between vendors and your organization for the duration of contract negotiations.
  • Redline the terms and conditions of your software contract.
  • Prioritize crucial terms and conditions to negotiate.

Master Contract Review and Negotiation for Software Agreements Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how to redline and negotiate your software agreement, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Gather requirements

Build and manage your stakeholder team, then document your business use case.

  • Master Contract Review and Negotiation for Software Agreements – Phase 1: Gather Requirements
  • RASCI Chart
  • Vendor Communication Management Plan
  • Software Business Use Case Template
  • SaaS TCO Calculator

2. Redline contract

Redline your proposed software contract.

  • Master Contract Review and Negotiation for Software Agreements – Phase 2: Redline Contract
  • Software Terms & Conditions Evaluation Tool
  • Software Buyer's Checklist

3. Negotiate contract

Create a thorough negotiation plan.

  • Master Contract Review and Negotiation for Software Agreements – Phase 3: Negotiate Contract
  • Controlled Vendor Communications Letter
  • Key Vendor Fiscal Year End Calendar
  • Contract Negotiation Tactics Playbook
[infographic]

Workshop: Master Contract Review and Negotiation for Software Agreements

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Collect and Review Data

The Purpose

Assemble documentation.

Key Benefits Achieved

Understand current position before going forward.

Activities

1.1 Assemble existing contracts.

1.2 Document their strategic and tactical objectives.

1.3 Identify current status of the vendor relationship and any historical context.

1.4 Clarify goals for ideal future state.

Outputs

Business Use Case

2 Define Business Use Case and Build Stakeholder Team

The Purpose

Define business use case and build stakeholder team.

Key Benefits Achieved

Create business use case to document functional and nonfunctional requirements.

Build internal cross-functional stakeholder team to negotiate contract.

Activities

2.1 Establish negotiation team and define roles.

2.2 Write communication plan.

2.3 Complete business use case.

Outputs

RASCI Chart

Vendor Communication Management Plan

SaaS TCO Calculator

Software Business Use Case

3 Redline Contract

The Purpose

Examine terms and conditions and prioritize for negotiation.

Key Benefits Achieved

Discover cost savings.

Improve agreement terms.

Prioritize terms for negotiation.

Activities

3.1 Review general terms and conditions.

3.2 Review license- and application-specific terms and conditions.

3.3 Match to business and technical requirements.

3.4 Redline agreement.

Outputs

Software Terms & Conditions Evaluation Tool

Software Buyer’s Checklist

4 Build Negotiation Strategy

The Purpose

Create a negotiation strategy.

Key Benefits Achieved

Establish controlled communication.

Choose negotiation tactics.

Plot negotiation timeline.

Activities

4.1 Review vendor- and application-specific negotiation tactics.

4.2 Build negotiation strategy.

Outputs

Contract Negotiation Tactics Playbook

Controlled Vendor Communications Letter

Key Vendor Fiscal Year End Calendar

Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk

  • Buy Link or Shortcode: {j2store}140|cart{/j2store}
  • member rating overall impact (scale of 10): 9.8/10 Overall Impact
  • member rating average dollars saved: $73,994 Average $ Saved
  • member rating average days saved: 9 Average Days Saved
  • Parent Category Name: Licensing
  • Parent Category Link: /licensing
  • SAP has strict audit practices, which, in combination with 50+ types of user classifications and manual accounting for some licenses, make maintaining compliance difficult.
  • Mapping and matching SAP products to the environment can be highly complex, leading to overspending and an inability to reduce spend later.
  • Beware of indirect access to SAP applications from third-party applications (e.g. Salesforce).
  • Products that have been acquired by SAP may have altered licensing terms that are innocuously referred to in support renewal documents.

Our Advice

Critical Insight

  • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating SAP licensing and negotiating your agreement.
  • Examine indirect access possibilities. Understanding how in-house or third-party applications may be accessing the SAP software is critical.
  • Know whats in the contract. Each customer agreement is different and there may be terms that are beneficial. Older agreements may provide both benefits and challenges when evaluating your SAP license position.

Impact and Result

  • Conduct an analysis to remove inactive and duplicate users as multiple logins may exist and could end up costing the organization license fees when audited.
  • Adopt a cyclical approach to reviewing your SAP licensing and create a reference document to track your software needs, planned licensing, and purchase negotiation points.
  • Learn the “SAP way” of conducting business, which includes a best-in-class sales structure, unique contracts and license use policies, and a hyper-aggressive compliance function. Conducting business with SAP is not typical compared to other vendors, and you will need different tools to emerge successfully from a commercial transaction.
  • Manage SAP support and maintenance spend and policies. Once an agreement has been signed, it can be very difficult to decrease spend, as SAP will reprice products if support is dropped.

Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you need to understand and document your SAP licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Establish licensing requirements

Begin your proactive SAP licensing journey by understanding which information to gather and assessing the current state and gaps.

  • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 1: Establish Licensing Requirements
  • SAP License Summary and Analysis Tool

2. Evaluate licensing options

Review current licensing models and determine which licensing models will most appropriately fit your environment.

  • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 2: Evaluate Licensing Options

3. Evaluate agreement options

Review SAP’s contract types and assess which best fit the organization’s licensing needs.

  • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 3: Evaluate Agreement Options

4. Purchase and manage licenses

Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

  • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 4: Purchase and Manage Licenses
[infographic]

Develop and Deploy Security Policies

  • Buy Link or Shortcode: {j2store}256|cart{/j2store}
  • member rating overall impact (scale of 10): 9.5/10 Overall Impact
  • member rating average dollars saved: $19,953 Average $ Saved
  • member rating average days saved: 19 Average Days Saved
  • Parent Category Name: Governance, Risk & Compliance
  • Parent Category Link: /governance-risk-compliance
  • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
  • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
  • Data breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
  • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

Our Advice

Critical Insight

  • Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.
  • Policies must be reasonable, auditable, enforceable, and measurable. If the policy items don’t meet these requirements, users can’t be expected to adhere to them. Focus on developing policies to be quantified and qualified for them to be relevant.

Impact and Result

  • Save time and money using the templates provided to create your own customized security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

Develop and Deploy Security Policies Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Develop and Deploy Security Policies Deck – A step-by-step guide to help you build, implement, and assess your security policy program.

Our systematic approach will ensure that all identified areas of security have an associated policy.

  • Develop the security policy program.
  • Develop and implement the policy suite.
  • Communicate the security policy program.
  • Measure the security policy program.
    • Develop and Deploy Security Policies – Phases 1-4

    2. Security Policy Prioritization Tool – A structured tool to help your organization prioritize your policy suite to ensure that you are addressing the most important policies first.

    The Security Policy Prioritization Tool assesses the policy suite on policy importance, ease to implement, and ease to enforce. The output of this tool is your prioritized list of policies based on our policy framework.

    • Security Policy Prioritization Tool

    3. Security Policy Assessment Tool – A structured tool to assess the effectiveness of policies within your organization and determine recommended actions for remediation.

    The Security Policy Assessment Tool assesses the policy suite on policy coverage, communication, adherence, alignment, and overlap. The output of this tool is a checklist of remediation actions for each individual policy.

    • Security Policy Assessment Tool

    4. Security Policy Lifecycle Template – A customizable lifecycle template to manage your security policy initiatives.

    The Lifecycle Template includes sections on security vision, security mission, strategic security and policy objectives, policy design, roles and responsibilities for developing security policies, and organizational responsibilities.

    • Security Policy Lifecycle Template

    5. Policy Suite Templates – A best-of-breed templates suite mapped to the Info-Tech framework you can customize to reflect your organizational requirements and acquire approval.

    Use Info-Tech's security policy templates, which incorporate multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA), to ensure that your policies are clear, concise, and consistent.

    • Acceptable Use of Technology Policy Template
    • Application Security Policy Template
    • Asset Management Policy Template
    • Backup and Recovery Policy Template
    • Cloud Security Policy Template
    • Compliance and Audit Management Policy Template
    • Data Security Policy Template
    • Endpoint Security Policy Template
    • Human Resource Security Policy Template
    • Identity and Access Management Policy Template
    • Information Security Policy Template
    • Network and Communications Security Policy Template
    • Physical and Environmental Security Policy Template
    • Security Awareness and Training Policy Template
    • Security Incident Management Policy Template
    • Security Risk Management Policy Template
    • Security Threat Detection Policy Template
    • System Configuration and Change Management Policy Template
    • Vulnerability Management Policy Template

    6. Policy Communication Plan Template – A template to help you plan your approach for publishing and communicating your policy updates across the entire organization.

    This template helps you consider the budget time for communications, identify all stakeholders, and avoid scheduling communications in competition with one another.

    • Policy Communication Plan Template

    7. Security Awareness and Training Program Development Tool – A tool to help you identify initiatives to develop your security awareness and training program.

    Use this tool to first identify the initiatives that can grow your program, then as a roadmap tool for tracking progress of completion for those initiatives.

    • Security Awareness and Training Program Development Tool

    Infographic

    Workshop: Develop and Deploy Security Policies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Security Policy Program

    The Purpose

    Define the security policy development program.

    Formalize a governing security policy lifecycle.

    Key Benefits Achieved

    Understanding the current state of policies within your organization.

    Prioritizing list of security policies for your organization.

    Being able to defend policies written based on business requirements and overarching security needs.

    Leveraging an executive champion to help policy adoption across the organization.

    Formalizing the roles, responsibilities, and overall mission of the program.

    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    Outputs

    Security Policy Prioritization Tool

    Security Policy Prioritization Tool

    Security Policy Lifecycle Template

    2 Develop the Security Policy Suite

    The Purpose

    Develop a comprehensive suite of security policies that are relevant to the needs of the organization.

    Key Benefits Achieved

    Time, effort, and money saved by developing formally documented security policies with input from Info-Tech’s subject-matter experts.

    Activities

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    Outputs

    Understanding of the risks and drivers that will influence policy development.

    Up to 14 customized security policies (dependent on need and time).

    3 Implement Security Policy Program

    The Purpose

    Ensure policies and requirements are communicated with end users, along with steps to comply with the new security policies.

    Improve compliance and accountability with security policies.

    Plan for regular review and maintenance of the security policy program.

    Key Benefits Achieved

    Streamlined communication of the policies to users.

    Improved end user compliance with policy guidelines and be better prepared for audits.

    Incorporate security policies into daily schedule, eliminating disturbances to productivity and efficiency.

    Activities

    3.1 Plan the communication strategy of new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies and processes into your security awareness and training program.

    3.4 Assess the effectiveness of security policies.

    3.5 Understand the need for regular review and update.

    Outputs

    Policy Communication Plan Template

    Understanding of how myPolicies can help policy management and implementation.

    Security Awareness and Training Program Development Tool

    Security Policy Assessment Tool

    Action plan to regularly review and update the policies.

    Further reading

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Analyst Perspective

    A policy lifecycle can be the secret sauce to managing your policies.

    A policy for policy’s sake is useless if it isn’t being used to ensure proper processes are followed. A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant.

    Policies should be developed based on the use cases that enable the business to run securely and smoothly. Ensure they are aligned with the corporate culture. Rather than introducing hindrances to daily operations, policies should reflect security practices that support business goals and protection.

    No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep your organization secure.

    Photo of Danny Hammond, Research Analyst, Security, Risk, Privacy & Compliance Practice, Info-Tech Research Group. Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Security breaches are damaging and costly. Trying to prevent and respond to them without robust, enforceable policies makes a difficult situation even harder to handle.
    • Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities and compliance requirements, and they are rarely comprehensive.
    • Without a strong lifecycle to keep policies up to date and easy to use, end users will ignore or work around poorly understood policies.
    • Time and money is wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy program.
    Common Obstacles

    InfoSec leaders will struggle to craft the right set of policies without knowing what the organization actually needs, such as:

    • The security policies needed to safeguard infrastructure and resources.
    • The scope the security policies will cover within the organization.
    • The current compliance and regulatory obligations based on location and industry.
    InfoSec leaders must understand the business environment and end-user needs before they can select security policies that fit.
    Info-Tech’s Approach

    Info-Tech’s Develop and Deploy Security Policies takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Assess what security policies currently exist within the organization and consider additional secure policies.
    • Develop a policy lifecycle that will define the needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Draft a set of security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Info-Tech Insight

    Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.

    Your Challenge

    This research is designed to help organizations design a program to develop and deploy security policies

    • A security policy is a formal document that outlines the required behavior and security controls in place to protect corporate assets.
    • The development of policy documents is an ambitious task, but the real challenge comes with communication and enforcement.
    • A good security policy allows employees to know what is required of them and allows management to monitor and audit security practices against a standard policy.
    • Unless the policies are effectively communicated, enforced, and updated, employees won’t know what’s required of them and will not comply with essential standards, making the policies powerless.
    • Without a good policy lifecycle in place, it can be challenging to illustrate the key steps and decisions involved in creating and managing a policy.

    The problem with security policies

    29% Of IT workers say it's just too hard and time consuming to track and enforce.

    25% Of IT workers say they don’t enforce security policies universally.

    20% Of workers don’t follow company security policies all the time.

    (Source: Security Magazine, 2020)

    Common obstacles

    The problem with security policies isn’t development; rather, it’s the communication, enforcement, and maintenance of them.

    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Date breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.
    Bar chart of the 'Average cost of a data breach' in years '2019-20', '20-21', and '21-22'.
    (Source: IBM, 2022 Cost of a Data Breach; n=537)

    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s approach

    The right policy for the right audience. Generate a roadmap to guide the order of policy development based on organizational policy requirements and the target audience.

    Actions

    1. Develop policy lifecycle
    2. Identify compliance requirements
    3. Understand which policies need to be developed, maintained, or decommissioned
    I. Define Security Policy Program

    a) Security policy program lifecycle template

    b) Policy prioritization tool
    Clockwise cycle arrows at the centre of the table. II. Develop & Implement Policy Suite

    a) Policy template set

    Policies must be reasonable, auditable, enforceable, and measurable. Policy items that meet these requirements will have a higher level of adherence. Focus on efficiently creating policies using pre-developed templates that are mapped to multiple compliance frameworks.

    Actions

    1. Differentiate between policies, procedures, standards, and guidelines
    2. Draft policies from templates
    3. Review policies, including completeness
    4. Approve policies
    Gaining feedback on policy compliance is important for updates and adaptation, where necessary, as well as monitoring policy alignment to business objectives.

    Actions

    1. Enforce policies
    2. Measure policy effectiveness
    IV. Measure Policy Program

    a) Security policy tracking tool

    III. Communicate Policy Program

    a) Security policy awareness & training tool

    b) Policy communication plan template
    Awareness and training on security policies should be targeted and must be relevant to the employees’ jobs. Employees will be more attentive and willing to incorporate what they learn if they feel that awareness and training material was specifically designed to help them.

    Actions

    1. Identify any changes in the regulatory and compliance environment
    2. Include policy awareness in awareness and training programs
    3. Disseminate policies
    Build trust in your policy program by involving stakeholder participation through the entire policy lifecycle.

    Blueprint benefits

    IT/InfoSec Benefits

    • Reduces complexity within the policy creation process by using a single framework to align multiple compliance regimes.
    • Introduces a roadmap to clearly educate employees on the do’s and don’ts of IT usage within the organization.
    • Reduces costs and efforts related to managing IT security and other IT-related threats.

    Business Benefits

    • Identifies and develops security policies that are essential to your organization’s objectives.
    • Integrates security into corporate culture while maximizing compliance and effectiveness of security policies.
    • Reduces security policy compliance risk.

    Key deliverable:

    Security Policy Templates

    Templates for policies that can be used to map policy statements to multiple compliance frameworks.

    Sample of Security Policy Templates.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Policy Prioritization Tool

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    Sample of the Security Policy Prioritization Tool.
    Sample of the Security Policy Assessment Tool.

    Security Policy Assessment Tool

    Info-Tech's Security Policy Assessment Tool helps ensure that your policies provide adequate coverage for your organization's security requirements.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Define Security Policy Program Understand the value in formal security policies and determine which policies to prepare to update, eliminate, or add to your current suite. Time, value, and resources saved with guidance and templates:
    1 FTE*3 days*$80,000/year = $1,152
    Time, value, and resources saved using our recommendations and tools:
    1 FTE*2 days*$80,000/year = $768
    Develop and Implement the Policy Suite Select from an extensive policy template offering and customize the policies you need to optimize or add to your own policy program. Time, value, and resources saved using our templates:
    1 consultant*15 days*$150/hour = $21,600 (if starting from scratch)
    Communicate Security Policy Program Use Info-Tech’s methodology and best practices to ensure proper communication, training, and awareness. Time, value, and resources saved using our training and awareness resources:
    1 FTE*1.5 days*$80,000/year = $408
    Measure Security Policy Program Use Info-Tech’s custom toolkits for continuous tracking and review of your policy suite. Time, value, and resources saved by using our enforcement recommendations:
    2 FTEs*5 days*$160,000/year combined = $3,840
    Time, value, and resources saved by using our recommendations rather than an external consultant:
    1 consultant*5 days*$150/hour = $7,200

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact

    9.5 /10

    Overall Average $ Saved

    $29,015

    Overall Average Days Saved

    25

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of two to four months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope security policy requirements, objectives, and any specific challenges.

    Call #2: Review policy lifecycle; prioritize policy development.

    Call #3: Customize the policy templates.

    Call #4: Gather feedback on policies and get approval.

    Call #5: Communicate the security policy program.

    Call #6: Develop policy training and awareness programs.

    Call #7: Track policies and exceptions.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Define the security policy program
    Develop the security policy suite
    Develop the security policy suite
    Implement security policy program
    Finalize deliverables and next steps
    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies (continued).

    2.2 Develop and customize security policies (continued).

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    3.1 Plan the communication strategy for new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies into your security awareness and training program.

    3.4 Assess the effectiveness of policies.

    3.5 Understand the need for regular review and update.

    4.1 Review customized lifecycle and policy templates.

    4.2 Discuss the plan for policy roll out.

    4.3 Schedule follow-up Guided Implementation calls.

    Deliverables
    1. Security Policy Prioritization Tool
    2. Security Policy Lifecycle
    1. Security Policies (approx. 9)
    1. Security Policies (approx. 9)
    1. Policy Communication Plan
    2. Security Awareness and Training Program Development Tool
    3. Security Policy Assessment Tool
    1. All deliverables finalized

    Develop and Deploy Security Policies

    Phase 1

    Define the Security Policy Program

    Phase 1

    1.1 Understand the current state

    1.2 Align your security policies to the Info-Tech framework

    1.3 Document your policy hierarchy

    1.4 Prioritize development of security policies

    1.5 Leverage stakeholders

    1.6 Develop the policy lifecycle

    Phase 2

    2.1 Customize policy templates

    2.2 Gather feedback from users on policy feasibility

    2.3 Submit policies to upper management for approval

    Phase 3

    3.1 Understand the need for communicating policies

    3.2 Use myPolicies to automate the management of your security policies

    3.3 Design, build, and implement your communications plan

    3.4 Incorporate policies and processes into your training and awareness programs

    Phase 4

    4.1 Assess the state of security policies

    4.2 Identify triggers for regular policy review and update

    4.3 Develop an action plan to update policies

    This phase will walk you through the following activities:

    • Understand the current state of your organization’s security policies.
    • Align your security policies to the Info-Tech framework for compliance.
    • Prioritize the development of your security policies.
    • Leverage key stakeholders to champion the policy initiative.
    • Inform all relevant stakeholders of the upcoming policy program.
    • Develop the security policy lifecycle.

    1.1 Understand the current state of policies

    Scenario 1: You have existing policies

    1. Use the Security Policy Prioritization Tool to identify any gaps between the policies you already have and those recommended based on your changing business needs.
    2. As your organization undergoes changes, be sure to incorporate new requirements in the existing policies.
    3. Sometimes, you may have more specific procedures for a domain’s individual security aspects instead of high-level policies.
    4. Group current policies into the domains and use the policy templates to create overarching policies where there are none and improve upon existing high-level policies.

    Scenario 2: You are starting from scratch

    1. To get started on new policies, use the Security Policy Prioritization Tool to identify the policies Info-Tech recommends based on your business needs. See the full list of templates in the Appendix to ensure that all relevant topics are addressed.
    2. Whether you’re starting from scratch or have incomplete/ad hoc policies, use Info-Tech’s policy templates to formalize and standardize security requirements for end users.
    Info-Tech Insight

    Policies are living, evolving documents that require regular review and update, so even if you have policies already written, you’re not done with them.

    1.2 Align your security policies to the Info-Tech framework for compliance

    You have an opportunity to improve your employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating your corporate culture into a policy-based compliance culture.

    Align your security policies to the Info-Tech Security Framework by using Info-Tech’s policy templates.

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:
    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    Info-Tech Security Framework

    Info-Tech Security Framework with policies grouped into categories which are then grouped into 'Governance' and 'Management'.

    1.3 Document your policy hierarchy

    Structuring policy components at different levels allows for efficient changes and direct communication depending on what information is needed.

    Policy hierarchy pyramid with 'Security Policy Lifecycle' on top, then 'Security Policies', then 'IT and/or Supporting Documentation'.

    Defines the cycle for the security policy program and what must be done but not how to do it. Aligns the business, security program, and policies.
    Addresses the “what,” “who,” “when,” and “where.”

    Defines high-level overarching concepts of security within the organization, including the scope, purpose, and objectives of policies.
    Addresses the high-level “what” and “why.”
    Changes when business objectives change.

    Defines enterprise/technology – specific, detailed guidelines on how to adhere to policies.
    Addresses the “how.”
    Changes when technology and processes change.

    Info-Tech Insight

    Design separate policies for different areas of focus. Policies that are written as single, monolithic documents are resistant to change. A hierarchical top-level document supported by subordinate policies and/or procedures can be more rapidly revised as circumstances change.

    1.3.1 Understand the relationship between policies and other documents

    Policy:
    • Provides emphasis and sets direction.
    • Standards, guidelines, and procedures must be developed to support an overarching policy.
    Arrows stemming from the above list, connecting to the three lists below.

    Standard:

    • Specifies uniform method of support for policy.
    • Compliance is mandatory.
    • Includes process, frameworks, methodologies, and technology.
    Two-way horizontal arrow.

    Procedure:

    • Step-by-step instructions to perform desired actions.
    Two-way horizontal arrow.

    Guideline:

    Recommended actions to consider in absence of an applicable standard, to support a policy.
    This model is adapted from a framework developed by CISA (Certified Information Systems Auditor).

    Supporting Documentation

    Considerations for standards

    Standards. These support policies by being much more specific and outlining key steps or processes that are necessary to meet certain requirements within a policy document. Ideally standards should be based on policy statements with a target of detailing the requirements that show how the organization will implement developed policies.

    If policies describe what needs to happen, then standards explain how it will happen.

    A good example is an email policy that states that emails must be encrypted; this policy can be supported by a standard such as Transport Layer Security (TLS) encryption that specifically ensures that all email communication is encrypted for messages “in transit” from one secure email server that has TLS enabled to another.

    There are numerous security standards available that support security policies/programs based on the kind of systems and controls that an organization would like to put in place. A good selection of supporting standards can go a long way to further protect users, data, and other organizational assets
    Key Policies Example Associated Standards
    Access Control Policy
    • Password Management User Standard
    • Account Auditing Standard
    Data Security Policy
    • Cryptography Standard
    • Data Classification Standard
    • Data Handling Standard
    • Data Retention Standard
    Incident Response Policy
    • Incident Response Plan
    Network Security Policy
    • Wireless Connectivity Standard
    • Firewall Configuration Standard
    • Network Monitoring Standard
    Vendor Management Policy
    • Vendor Risk Management Standard
    • Third-Party Access Control Standard
    Application Security Policy
    • Application Security Standard

    1.4 Prioritize development of security policies

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    • The tool allows you to prioritize your policies based on:
      • Importance: How relevant is this policy to organizational security?
      • Ease to implement: What is the effort, time, and resources required to write, review, approve, and distribute the policy?
      • Ease to enforce: How much effort, time, and resources are required to enforce the policy?
    • Additionally, the weighting or priority of each variable of prioritization can be adjusted.

    Align policies to recent security concerns. If your organization has recently experienced a breach, it may be crucial to highlight corresponding policies as immediately necessary.

    Info-Tech Insight

    If you have an existing policy that aligns with one of the Info-Tech recommended templates weight Ease to Implement and Ease to Enforce as HIGH (4-5). This will decrease the priority of these policies.

    Sample of the Security Policy Prioritization Tool.

    Download the Security Policy Prioritization Tool

    1.5 Leverage stakeholders to champion policies

    Info-Tech Insight

    While management support is essential to initiating a strong security posture, allow employees to provide input on the development of security policies. This cooperation will lead to easier incorporation of the policies into the daily routines of workers, with less resistance. The security team will be less of a police force and more of a partner.

    Executive champion

    Identify an executive champion who will ensure that the security program and the security policies are supported.

    Focus on risk and protection

    Security can be viewed as an interference, but the business is likely more responsive to the concepts of risk and protection because it can apply to overall business operations and a revenue-generating mandate.

    Communicate policy initiatives

    Inform stakeholders of the policy initiative as security policies are only effective if they support the business requirements and user input is crucial for developing a strong security culture.

    Current security landscape

    Leveraging the current security landscape can be a useful mechanism to drive policy buy-in from stakeholders.

    Management buy-in

    This is key to policy acceptance; it indicates that policies are accurate, align with the business, and are to be upheld, that funds will be made available, and that all employees will be equally accountable.

    Assess the Viability of M365-O365 Security Add-Ons

    • Buy Link or Shortcode: {j2store}251|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    The technical side of IT security demands the best security possible, but the business side of running IT demands that you determine what is cost-effective and can still do the job. You likely shrugged off the early iterations of Microsoft’s security efforts, but you may have heard that things have changed. Where do you start in evaluating Microsoft’s security products in terms of effectiveness? The value proposition sounds tremendous to the CFO, “free” security as part of your corporate license, but how does it truly measure up and how do you articulate your findings to the business?

    Our Advice

    Critical Insight

    Microsoft’s security products have improved to the point where they are often ranked competitively with mainstream security products. Depending on your organization’s licensing of Office 365/Microsoft 365, some of these products are included in what you’re already paying for. That value proposition is hard to deny.

    Impact and Result

    Determine what is important to the business, and in what order of priority.

    Take a close look at your current solution and determine what are table stakes, what features you would like to have in its replacement, and what your current solution is missing.

    Consider Microsoft’s security solutions using an objective methodology. Sentiment will still be a factor, but it shouldn’t dictate the decision you make for the good of the business.

    Assess the Viability of M365/O365 Security Add-Ons Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to assess the viability of M365/O365 security add-ons. Review Info-Tech’s methodology and understand the four key steps to completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your current state

    Examine what you are licensed for, what you are paying, what you need, and what your constraints are.

    • Microsoft 365/Office 365 Security Add-Ons Assessment Tool

    2. Assess your needs

    Determine what is “good enough” security and assess the needs of your organization.

    3. Select your path

    Decide what you will go with and start planning your next steps.

    [infographic]

    Ransomware Cyber Attack. The real Disaster Recovery Scenario

    Cyber-ransomware criminals need to make sure that you cannot simply recover your encrypted data via your backups. They must make it look like paying is your only option. And if you do not have a strategy that takes this into account, unfortunately, you may be up the creek without a paddle. because how do they make their case? Bylooking for ways to infect your backups, way before you find out you have been compromised. 

    That means your standard disaster recovery scenarios provide insufficient protection against this type of event. You need to think beyond DRP and give consideration to what John Beattie and Michael Shandrowski call "Cyber Incident Recovery Risk management" (CIR-RM).  

    incident, incident management, cybersecurity, cyber, disaster recovery, drp, business continuity, bcm, recovery

    Register to read more …

    Select a Security Outsourcing Partner

    • Buy Link or Shortcode: {j2store}246|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $13,739 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partners’ systems and processes integrate seamlessly with existing systems can be a challenge for most organizations in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • You can outsource your responsibilities but not your accountability.
    • Be aware that in most cases, the traditional approach is more profitable to MSSPs, and they may push you toward one, so make sure you get the service you want, not what they prescribe.

    Impact and Result

    • Determine which security responsibilities can be outsourced and which should be insourced and the right procedure to outsourcing to gain cost savings, improve resource allocation, and boost your overall security posture.

    Select a Security Outsourcing Partner Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Security Outsourcing Partner Storyboard – A guide to help you determine your requirements and select and manage your security outsourcing partner.

    Our systematic approach will ensure that the correct procedure for selecting a security outsourcing partner is implemented. This blueprint will help you build and implement your security policy program by following our three-phase methodology: determine what to outsource, select the right MSSP, and manage your MSSP.

    • Select a Security Outsourcing Partner – Phases 1-3

    2. MSSP RFP Template – A customizable template to help you choose the right security service provider.

    This modifiable template is designed to introduce consistency and outline key requirements during the request for proposal phase of selecting an MSSP.

    • MSSP RFP Template

    Infographic

    Further reading

    Select a Security Outsourcing Partner

    Outsource the right functions to secure your business.

    Analyst Perspective

    Understanding your security needs and remaining accountable is the key to selecting the right partner.

    The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.

    Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.

    And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.

    Photo of Danny Hammond
    Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.

    A lack of time and resources prevents your organization from being able to enable security internally.

    Due to a lack of key information on the subject, you are unsure which functions should be outsourced versus which functions should remain in-house.

    Having 24/7/365 monitoring in-house is not feasible for most firms.

    There is difficulty measuring the effectiveness of managed security service providers (MSSPs).

    Common Obstacles

    InfoSec leaders will struggle to select the right outsourcing partner without knowing what the organization needs, such as:

    • How to start the process to select the right service provider that will cover your security needs. With so many service providers and technology tools in this field, who is the right partner?
    • Where to obtain guidance on externalization of resources or maintaining internal posture to enable to you confidently select an outsourcing partner.

    InfoSec leaders must understand the business environment and their own internal security needs before they can select an outsourcing partner that fits.

    Info-Tech’s Approach

    Info-Tech’s Select a Security Outsourcing Partner takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Determine which security responsibilities can be insourced and which should be outsourced, and the right procedure to outsourcing in order to gain cost savings, improve resource allocation, and boost your overall security posture.
    • Understand the current landscape of MSSPs that are available today and the features they offer.
    • Highlight the future financial obligations of outsourcing vs. insourcing to explain which method is the most cost-effective.

    Info-Tech Insight

    Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.

    Your Challenge

    This research is designed to help organizations select an effective security outsourcing partner.

    • A security outsourcing partner is a third-party service provider that offers security services on a contractual basis depending on client needs and requirements.
    • An effective outsourcing partner can help an organization improve its security posture by providing access to more specialized security experts, tools, and technologies.
    • One of the main challenges with selecting a security outsourcing partner is finding a partner that is a good fit for the organization's unique security needs and requirements.
    • Security outsourcing partners typically have access to sensitive information and systems, so proper controls and safeguards must be in place to protect all sensitive assets.
    • Without careful evaluation and due diligence to ensure that the partner is a good fit for the organization's security needs and requirements, it can be challenging to select an outsourcing partner.

    Outsourcing is effective, but only if done right

    • 83% of decision makers with in-house cybersecurity teams are considering outsourcing to an MSP (Syntax, 2021).
    • 77% of IT leaders said cyberattacks were more frequent (Syntax, 2021).
    • 51% of businesses suffered a data breach caused by a third party (Ponemon, 2021).

    Common Obstacles

    The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.

    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partner's systems and processes integrate seamlessly with existing systems can be a challenge for most organizations. This is in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users, as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    A diagram that shows Average cost of a data breach from 2019 to 2022.
    Source: IBM, 2022 Cost of a Data Breach; N=537.


    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from 2021, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s methodology for selecting a security outsourcing partner

    Determine your responsibilities

    Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?

    Scope your requirements

    Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.

    Manage your outsourcing program

    Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.

    Select a Security Outsourcing Partner

    A diagram that shows your organization responsibilities & accountabilities, framework for selecting a security outsourcing partner, and benefits.

    Blueprint benefits

    IT/InfoSec Benefits

    Reduces complexity within the MSSP selection process by highlighting all the key steps to a successful selection program.

    Introduces a roadmap to clearly educate about the do’s and don’ts of MSSP selection.

    Reduces costs and efforts related to managing MSSPs and other security partners.

    Business Benefits

    Assists with selecting outsourcing partners that are essential to your organization’s objectives.

    Integrates outsourcing into corporate culture, leveraging organizational requirements while maximizing value of outsourcing.

    Reduces security outsourcing risk.

    Insight summary

    Overarching insight: You can outsource your responsibilities but not your accountability.

    Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.

    Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization

    Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.

    Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Determine what to outsource Understand the value in outsourcing and determining what responsibilities can be outsourced. Cost of determining what you can/should outsource:
    • 120 FTE hours at $90K per year = $5,400
    Cost of determining the savings from outsourcing vs. insourcing:
    • 120 FTE hours at $90K per year = $5,400
    Select the right partner Select an outsourcing partner that will have the right skill set and solution to identified requirements. Cost of ranking and selecting your MSSPs:
    • 160 FTE hours at $90K per year = $7,200
    Cost of creating and distributing RFPs:
    • 200 FTE hours at $90K per year = $9,000
    Manage your third-party service security outsourcing Use Info-Tech’s methodology and best practices to manage the MSSP to get the best value. Cost of creating and implementing a metrics program to manage the MSSP:
    • 80 FTE hours at $90K per year = $3,600

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact: 8.9 /10

    Overall Average Cost Saved: $22,950

    Overall Average Days Saved: 9

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Manage the Active Directory in the Service Desk

    • Buy Link or Shortcode: {j2store}489|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Actively maintaining the Active Directory is a difficult task that only gets more difficult with issues like stale accounts and privilege creep.
    • Adding permissions without removing them in lateral transfers creates access issues, especially when regulatory requirements like HIPAA require tight controls.
    • With the importance of maintaining and granting permissions within the Active Directory, organizations are hesitant to grant domain admin access to Tier 1 of the service desk. However, inundating Tier 2 analysts with requests to grant permissions takes away project time.

    Our Advice

    Critical Insight

    • Do not treat the Active Directory like a black box. Strive for accurate data and be proactive by managing your monitoring and audit schedules.
    • Catch outage problems before they happen by splitting monitoring tasks between daily, weekly, and monthly routines.
    • Shift left to save resourcing by employing workflow automation or scripted authorization for Tier 1 technicians.
    • Design actionable metrics to monitor and manage your Active Directory.

    Impact and Result

    • Consistent and right-sized monitoring and updating of the Active Directory is key to clean data.
    • Split monitoring activities between daily, weekly, and monthly checklists to raise efficiency.
    • If need be, shift-left strategies can be implemented for identity and access management by scripting the process so that it can be done by Tier 1 technicians.

    Manage the Active Directory in the Service Desk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should manage your Active Directory in the service desk, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Maintain your Active Directory with clean data

    Building and maintaining your Active Directory does not have to be difficult. Standardized organization and monitoring with the proper metrics help you keep your data accurate and up to date.

    • Active Directory Standard Operating Procedure
    • Active Directory Metrics Tool

    2. Structure your service desk Active Directory processes

    Build a comprehensive Active Directory workflow library for service desk technicians to follow.

    • Active Directory Process Workflows (Visio)
    • Active Directory Process Workflows (PDF)
    [infographic]

    Identify and Manage Security Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}221|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
    • A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Impact and Result

    • Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Identify and Manage Security Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Security Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your security.

    Use this research to identify and quantify the potential security impacts caused by vendors. Use Info-Tech’s approach to look at the security impacts from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Security Risk Impacts on Your Organization Storyboard

    2. Security Risk Impact Tool – Use this tool to help identify and quantify the security impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Security Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Security Risk Impacts on Your Organization

    Know where the attacks are coming from so you know where to protect.

    Analyst perspective

    It is time to start looking at risk realistically and move away from “trust but verify” toward zero trust.

    Frank Sewell, Research Director, Vendor Management

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    We are inundated with a barrage of news about security incidents on what seems like a daily basis. In such an environment, it is easy to forget that there are ways to help prevent such things from happening and that they have actual costs if we relax our diligence.

    Most people are aware of defense strategies that help keep their organization safe from direct attack and inside threats. Likewise, they expect their trusted partners to perform the same diligence. Unfortunately, as more organizations use cloud service vendors, the risks with n-party vendors are increasing.

    Over the last few years, we have learned the harsh lesson that downstream attacks affect more businesses than we ever expected as suppliers, manufacturers of base goods and materials, and rising transportation costs affect the global economy.

    “Trust but verify” – while a good concept – should give way to the more effective zero-trust model in favor of knowing it’s not a matter of if an incident happens but when.

    Executive Summary

    Your Challenge

    More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Info-Tech Insight
    Organizations must evolve their security risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of third-party vendor risks and holding those vendors accountable throughout the vendor lifecycle are critical to preventing disastrous impacts.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Multi-blueprint series on vendor risk assessment

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Security risk impacts

    Potential losses to the organization due to security incidents

    • In this blueprint we’ll explore security risks, particularly from third-party vendors, and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct security plans.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62% 83% 84%
    Ransomware attacks spiked 62% globally (and 158% in North America alone). 83% of companies increased organizational focus on third-party risk management in 2020. In a 2020 survey, 84% of organizations reported having experienced a third-party incident in the last three years.
    One Trust, 2022 Help Net Security, 2021 Deloitte, 2020

    Identify and manage security risk impacts on your organization

    Identify and manage security risk impacts on your organization

    Due diligence will enable successful outcomes.

    What is third-party risk?

    Third-Party Vendor: Anyone who provides goods or services to a company or individual in exchange for payment transacted with electronic instructions (Law Insider).

    Third-Party Risk: The potential threat presented to organizations’ employee and customer data, financial information, and operations from the organization’s supply chain and other outside parties that provide products and/or services and have access to privileged systems (Awake Security).

    It is essential to know not only who your vendors are but also who their vendors are (n-party vendors). Organizations often overlook that their vendors rely on others to support their business, and those layers can add risk to your organization.

    Identify and manage security risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their security planning and ongoing monitoring moving forward.

    Vendor Breaches

    The IT market is an ever-shifting environment; more organizations are relying on cloud service vendors, staff augmentation, and other outside resources. Organizations should hold these vendors (and their downstream vendors) to the same levels of security and standards of conduct that they hold their internal resources.

    Resource Shortages

    A lack of resources is often overlooked, but it’s easily recognized as a reason for a security incident. All too often, companies are unwilling to dedicate resources to their vendors’ security risk assessment and ongoing monitoring needs. Only once an incident occurs do companies decide it is time to reprioritize.

    Implement Hardware Asset Management

    • Buy Link or Shortcode: {j2store}312|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $29,447 Average $ Saved
    • member rating average days saved: 25 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Executives are often aware of the benefits asset management offers, but many organizations lack a defined program to manage their hardware.
    • Efforts to implement hardware asset management (HAM) are stalled because organizations feel overwhelmed navigating the process or under use the data, failing to deliver value.

    Our Advice

    Critical Insight

    • Organizations often implement an asset management program as a one-off project and let it stagnate.
    • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
    • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underutilized. Departments within IT become data siloes, preventing effective use of the data.

    Impact and Result

    • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
    • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
    • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
    • Build and involve an ITAM team in the process from the beginning to help embed the change.
    • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

    Implement Hardware Asset Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should Implement Hardware Asset Management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lay foundations

    Build the foundations for the program to succeed.

    • Implement Hardware Asset Management – Phase 1: Lay Foundations
    • HAM Standard Operating Procedures
    • HAM Maturity Assessment Tool
    • IT Asset Manager
    • IT Asset Administrator

    2. Procure & receive

    Define processes for requesting, procuring, receiving, and deploying hardware.

    • Implement Hardware Asset Management – Phase 2: Procure and Receive
    • HAM Process Workflows (Visio)
    • HAM Process Workflows (PDF)
    • Non-Standard Hardware Request Form
    • Purchasing Policy

    3. Maintain & dispose

    Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

    • Implement Hardware Asset Management – Phase 3: Maintain and Dispose
    • Asset Security Policy
    • Hardware Asset Disposition Policy

    4. Plan implementation

    Plan the hardware budget, then build a communication plan and roadmap to implement the project.

    • Implement Hardware Asset Management – Phase 4: Plan Implementation 
    • HAM Budgeting Tool
    • HAM Communication Plan
    • HAM Implementation Roadmap
    [infographic]

    Workshop: Implement Hardware Asset Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Foundations

    The Purpose

    Build the foundations for the program to succeed.

    Key Benefits Achieved

    Evaluation of current challenges and maturity level

    Defined scope for HAM program

    Defined roles and responsibilities

    Identified metrics and reporting requirements

    Activities

    1.1 Outline hardware asset management challenges.

    1.2 Conduct HAM maturity assessment.

    1.3 Classify hardware assets to define scope of the program.

    1.4 Define responsibilities.

    1.5 Use a RACI chart to determine roles.

    1.6 Identify HAM metrics and reporting requirements.

    Outputs

    HAM Maturity Assessment

    Classified hardware assets

    Job description templates

    RACI Chart

    2 Procure & Receive

    The Purpose

    Define processes for requesting, procuring, receiving, and deploying hardware.

    Key Benefits Achieved

    Defined standard and non-standard requests for hardware

    Documented procurement, receiving, and deployment processes

    Standardized asset tagging method

    Activities

    2.1 Identify IT asset procurement challenges.

    2.2 Define standard hardware requests.

    2.3 Document standard hardware request procedure.

    2.4 Build a non-standard hardware request form.

    2.5 Make lease vs. buy decisions for hardware assets.

    2.6 Document procurement workflow.

    2.7 Select appropriate asset tagging method.

    2.8 Design workflow for receiving and inventorying equipment.

    2.9 Document the deployment workflow(s).

    Outputs

    Non-standard hardware request form

    Procurement workflow

    Receiving and tagging workflow

    Deployment workflow

    3 Maintain & Dispose

    The Purpose

    Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

    Key Benefits Achieved

    Policies and processes for hardware maintenance and asset security

    Documented workflows for hardware disposal and recovery/redeployment

    Activities

    3.1 Build a MAC policy, request form, and workflow.

    3.2 Design process and policies for hardware maintenance, warranty, and support documentation handling.

    3.3 Revise or create an asset security policy.

    3.4 Identify challenges with IT asset recovery and disposal and design hardware asset recovery and disposal workflows.

    Outputs

    User move workflow

    Asset security policy

    Asset disposition policy, recovery and disposal workflows

    4 Plan Implementation

    The Purpose

    Select tools, plan the hardware budget, then build a communication plan and roadmap to implement the project.

    Key Benefits Achieved

    Shortlist of ITAM tools

    Hardware asset budget plan

    Communication plan and HAM implementation roadmap

    Activities

    4.1 Generate a shortlist of ITAM tools that will meet requirements.

    4.2 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget.

    4.3 Build HAM policies.

    4.4 Develop a communication plan.

    4.5 Develop a HAM implementation roadmap.

    Outputs

    HAM budget

    Additional HAM policies

    HAM communication plan

    HAM roadmap tool

    Further reading

    Implement Hardware Asset Management

    Build IT services value on the foundation of a proactive asset management program.

    ANALYST PERSPECTIVE

    IT asset data impacts the entire organization. It’s time to harness that potential.

    "Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.

    A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.

    As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • Asset Managers and Service Delivery Managers tasked with developing an asset management program who need a quick start.
    • CIOs and CFOs who want to reduce or improve budgeting of hardware lifecycle costs.
    • Information Security Officers who need to mitigate the risk of sensitive data loss due to insecure assets.

    This Research Will Help You:

    • Develop a hardware asset management (HAM) standard operating procedure (SOP) that documents:
      • Process roles and responsibilities.
      • Data classification scheme.
      • Procurement standards, processes, and workflows for hardware assets.
      • Hardware deployment policies, processes, and workflows.
      • Processes and workflows for hardware asset security and disposal.
    • Identify requirements for an IT asset management (ITAM) solution to help generate a shortlist.
    • Develop a hardware asset management implementation roadmap.
    • Draft a communication plan for the initiative.

    Executive summary

    Situation

    • Executives are aware of the numerous benefits asset management offers, but many organizations lack a defined ITAM program and especially a HAM program.
    • Efforts to implement HAM are stalled because organizations cannot establish and maintain defined processes and policies.

    Complication

    • Organizations often implement an asset management program as a one- off project and let it stagnate, but asset management needs to be a dynamic, continually involving process to succeed.
    • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
    • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underused. Departments within IT become data siloes, preventing effective use of the data.

    Resolution

    • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
    • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
    • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
    • Build and involve an ITAM team in the process from the beginning to help embed the change.
    • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.
    • Pace yourself; a staged implementation will make your ITAM program a success.

    Info-Tech Insight

    1. HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
    2. ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
    3. Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

    Implement HAM to reduce and manage costs, gain efficiencies, and ensure regulatory compliance

    Save & Manage Money

    • Companies with effective HAM practices achieve cost savings through redeployment, reduction of lost or stolen equipment, power management, and on-time lease returns.
    • The right HAM system will enable more accurate planning and budgeting by business units.

    Improve Contract Management

    • Real-time asset tracking to vendor terms and conditions allows for more effective negotiation.

    Inform Technology Refresh

    • HAM provides accurate information on hardware capacity and compatibility to inform upgrade and capacity planning

    Gain Service Efficiencies

    • Integrating the hardware lifecycle with the service desk will enable efficiencies through Install/Moves/Adds/Changes (IMAC) processes, for larger organizations.

    Meet Regulatory Requirements

    • You can’t secure organizational assets if you don’t know where they are! Meet governance and privacy laws by knowing asset location and that data is secure.

    Prevent Risk

    • Ensure data is properly destroyed through disposal processes, track lost and stolen hardware, and monitor hardware to quickly identify and isolate vulnerabilities.

    HAM is more than just inventory; 92% of organizations say that it helps them provide better customer support

    Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.

    Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.

    Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.

    A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)

    HAM delivers cost savings beyond only the procurementstage

    HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.

    HAM delivers cost savings in several ways:

    • Use a discovery tool to identify assets that may be retired, redeployed, or reused to cut or reallocate their costs.
    • Enforce power management policies to reduce energy consumption as well as costs associated with wasted energy.
    • Enforce policies to lock down unauthorized devices and ensure that confidential information isn’t lost (and you don’t have to waste money recovering lost data).
    • Know the location of all your assets and which are connected to the network to ensure patches are up to date and avoid costly security risks and unplanned downtime.
    • Scan assets to identify and remediate vulnerabilities that can cause expensive security attacks.
    • Improve vendor and contract management to identify areas of hardware savings.

    The ROI for HAM is significant and measurable

    Benefit Calculation Sample Annual Savings

    Reduced help desk support

    • The length of support calls should be reduced by making it easier for technicians to identify PC configuration.
    # of hardware-related support tickets per year * cost per ticket * % reduction in average call length 2,000 * $40 * 20% = $16,000

    Greater inventory efficiency

    • An ITAM solution can automate and accelerate inventory preparation and tasks.
    Hours required to complete inventory * staff required * hourly pay rate for staff * number of times a year inventory required 8 hours * 5 staff * $33 per hour * 2 times a year = $2,640

    Improved employee productivity

    • Organizations can monitor and detect unapproved programs that result in lost productivity.
    # of employees * percentage of employees who encounter productivity loss through unauthorized software * number of hours per year spent using unauthorized software * average hourly pay rate 500 employees * 10% * 156 hours * $18 = $140,400

    Improved security

    • Improved asset tracking and stronger policy enforcement will reduce lost and stolen devices and data.
    # of devices lost or stolen last year * average replacement value of device + # of devices stolen * value of data lost from device (50 * $1,000) + (50 * $5,000) = $300,000
    Total Savings: $459,040
    1. Weigh the return against the annual cost of investing in an ITAM solution to calculate the ROI.
    2. Don’t forget about the intangible benefits that are more difficult to quantify but still significant, such as increased visibility into hardware, more accurate IT planning and budgeting, improved service delivery, and streamlined operations.

    Avoid these common barriers to ITAM success

    Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:

    Organizational resistance to change

    Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.

    Lack of dedicated resources

    ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.

    Focus on tool over process

    Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.

    Choosing a tool or process that doesn’t scale

    Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.

    Using data only to respond to an audit without understanding root causes

    Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.

    To help you make quick progress, Info-Tech Research Group parses hardware asset management into essential processes

    Focus on hardware asset lifecycle management essentials:

    IT Asset Procurement:

    • Define procurement standards for new hardware along with related warranties and support options.
    • Develop processes and workflows for purchasing and work out financial implications to inform budgeting later.

    IT Asset Intake and Deployment:

    • Define policies, processes, and workflows for hardware and receiving, inventory, and tracking practices.
    • Develop processes and workflows for managing imaging, change and moves, and large-scale rollouts.

    IT Asset Security and Maintenance:

    • Develop processes, policies, and workflows for asset tracking and security.
    • Maintain contracts and agreements.

    IT Asset Disposal or Recovery:

    • Manage the employee termination and equipment recovery cycle.
    • Securely wipe and dispose of assets that have reached retirement stage.

    The image is a circular graphic, with Implement HAM written in the middle. Around the centre circle are four phrases: Recover or Dispose; Plan & Procure; Receive & Deploy; Secure & Maintain. Around that circle are six words: Retire; Plan; Request; Procure; Receive; Manage.

    Follow Info-Tech’s methodology to build a plan to implement hardware asset management

    Phase 1: Assess & Plan Phase 2: Procure & Receive Phase 3: Maintain & Dispose Phase 4: Plan Budget & Build Roadmap
    1.1 Assess current state & plan scope 2.1 Request & procure 3.1 Manage & maintain 4.1 Plan budget
    1.2 Build team & define metrics 2.2 Receive & deploy 3.2 Redeploy or dispose 4.2 Communicate & build roadmap
    Deliverables
    Standard Operating Procedure (SOP)
    HAM Maturity Assessment Procurement workflow User move workflow HAM Budgeting Tool
    Classified hardware assets Non-standard hardware request form Asset security policy HAM Communication Plan
    RACI Chart Receiving & tagging workflow Asset disposition policy HAM Roadmap Tool
    Job Descriptions Deployment workflow Asset recovery & disposal workflows Additional HAM policies

    Asset management is a key piece of Info-Tech's COBIT- inspired IT Management and Governance Framework

    The image shows a graphic which is a large grid, showing Info-Tech's research, sorted into categories.

    Cisco IT reduced costs by upwards of $50 million through implementing ITAM

    CASE STUDY

    Industry IT

    Source Cisco Systems, Inc.

    Cisco Systems, Inc.

    Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.

    Asset Management

    As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.

    Results

    Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.

    This case study continues in phase 1

    The image shows four bars, from bottom to top: 1. Asset Gathering; 2. Asset Distribution; 3. Asset Protection; 4. Asset Data. On the right, there is an arrow pointing upwards labelled ITAM Program Maturity.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    HAM Standard Operating Procedures (SOP)

    HAM Maturity Assessment

    Non-Standard Hardware Request Form

    HAM Visio Process Workflows

    HAM Policy Templates

    HAM Budgeting Tool

    HAM Communication Plan

    HAM Implementation Roadmap Tool

    Measured value for Guided Implementations (GIs)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value
    Phase 1: Lay Foundations
    • Time, value, and resources saved by using Info-Tech’s tools and templates to assess current state and maturity, plan scope of HAM program, and define roles and metrics.
    • For example, 2 FTEs * 14 days * $80,000/year = $8,615
    Phase 2: Procure & Receive
    • Time, value, and resources saved by using Info-Tech’s tools and templates to build processes for hardware request, procurement, receiving, and deployment.
    • For example, 2 FTEs * 14 days * $80,000/year = $8,615
    Phase 3: Maintain & Dispose
    • Time, value, and resources saved by following Info-Tech’s tools and methodology to build processes and policies for managing and maintaining hardware and disposing or redeploying of equipment.
    • For example, 2 FTE * 14 days * $80,000/year = $8,615
    Phase 4: Plan Implementation
    • Time, value, and resources saved by following Info-Tech’s tools and methodology to select tools, plan the hardware budget, and build a roadmap.
    • For example, 2 FTE * 14 days * $80,000/year = $8,615
    Total savings $25,845

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation overview

    1. Lay Foundations 2. Procure & Receive 3. Maintain & Dispose 4. Budget & Implementation
    Best-Practice Toolkit

    1.1 Assess current state & plan scope

    1.2 Build team & define metrics

    2.1 Request & procure

    2.2 Receive & deploy

    3.1 Manage & maintain

    3.2 Redeploy or dispose

    4.1 Plan budget

    4.2 Communicate & build roadmap

    Guided Implementation
    • Assess current state.
    • Define scope of HAM program.
    • Define roles and metrics.
    • Define standard and non-standard hardware.
    • Build procurement process.
    • Determine asset tagging method and build equipment receiving and deployment processing.
    • Define processes for managing and maintaining equipment.
    • Define policies for maintaining asset security.
    • Build process for redeploying or disposing of assets.
    • Discuss best practices for effectively managing a hardware budget.
    • Build communications plan and roadmap.
    Results & Outcomes
    • Evaluation of current maturity level of HAM
    • Defined scope for the HAM program including list of hardware to track as assets
    • Defined roles and responsibilities
    • Defined and documented KPIs and metrics to meet HAM reporting requirements
    • Defined standard and non- standard requests and processes
    • Defined and documented procurement workflow and purchasing policy
    • Asset tagging method and process
    • Documented equipment receiving and deployment processes
    • MAC policies and workflows
    • Policies and processes for hardware maintenance and asset security
    • Documented workflows for hardware disposal and recovery/redeployment
    • Shortlist of ITAM tools
    • Hardware asset budget plan
    • Communication plan and HAM implementation roadmap

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.comfor more information.

    Phases: Teams, Scope & Hardware Procurement Hardware Procurement and Receiving Hardware Maintenance & Disposal Budgets, Roadmap & Communications
    Duration* 1 day 1 day 1 day 1 day
    * Activities across phases may overlap to ensure a timely completion of the engagement
    Projected Activities
    • Outline hardware asset management goals
    • Review HAM maturity and anticipated milestones
    • Define scope and classify hardware assets
    • Define roles and responsibilities
    • Define metrics and reporting requirements
    • Define standard and non-standard hardware requests
    • Review and document procurement workflow
    • Discuss appropriate asset tagging method
    • Design and document workflow for receiving and inventorying equipment
    • Review/create policy for hardware procurement and receiving
    • Identify data sources and methodology for inventory and data collection
    • Define install/moves/adds/changes (MAC) policy
    • Build workflows to document user MAC processes and design request form
    • Design process and policies for hardware maintenance, warranty, and support documentation handling
    • Design hardware asset recovery and disposal workflows
    • Define budgeting process and review Info-Tech’s HAM Budgeting Tool
    • Develop a communication plan
    • Develop a HAM implementation plan
    Projected Deliverables
    • Standard operating procedures for hardware
    • Visio diagrams for all workflows
    • Workshop summary with milestones and task list
    • Budget template
    • Policy draft

    Phase 1

    Lay Foundations

    Implement Hardware Asset Management

    A centralized procurement process helped cut Cisco’s hardware spend in half

    CASE STUDY

    Industry IT

    Source Cisco Systems, Inc.

    Challenge

    Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.

    Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.

    Solution

    The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.

    The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.

    This information had to be centralized, then consolidated and correlated into a meaningful format.

    Results

    The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.

    This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.

    There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.

    This case study continues in phase 2

    Step 1.1: Assess current state and plan scope

    Phase 1: Assess & Plan

    1.1 Assess current state & plan scope

    1.2 Build team & define metrics

    This step will walk you through the following activities:

    1.1.1 Complete MGD (optional)

    1.1.2 Outline hardware asset management challenges

    1.1.3 Conduct HAM maturity assessment

    1.1.4 Classify hardware assets to define scope of the program

    This step involves the following participants:

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security (optional)
    • Operations (optional)

    Step Outcomes

    • Understand key challenges related to hardware asset management within your organization to inform program development.
    • Evaluate current maturity level of hardware asset management components and overall program to determine starting point.
    • Define scope for the ITAM program including list of hardware to track as assets.

    Complete the Management & Governance Diagnostic (MGD) to weigh the effectiveness of ITAM against other services

    1.1.1 Optional Diagnostic

    The MGD helps you get the data you need to confirm the importance of improving the effectiveness of your asset management program.

    The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.

    Use the results to understand the urgency to change asset management and its relevant impact on the organization.

    Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.

    To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).

    Sketch out challenges related to hardware asset management to shape the direction of the project

    Common HAM Challenges

    Processes and Policies:

    • Existing asset management practices are labor intensive and time consuming
    • Manual spreadsheets are used, making collaboration and automation difficult
    • Lack of HAM policies and standard operating procedures
    • Asset management data is not centralized
    • Lack of clarity on roles and responsibilities for ITAM functions
    • End users don’t understand the value of asset management

    Tracking:

    • Assets move across multiple locations and are difficult to track
    • Hardware asset data comes from multiple sources, creating fragmented datasets
    • No location data is available for hardware
    • No data on ownership of assets

    Security and Risk:

    • No insight into which assets contain sensitive data
    • There is no information on risks by asset type
    • Rogue systems need to be identified as part of risk management best practices
    • No data exists for assets that contain critical/sensitive data

    Procurement:

    • No centralized procurement department
    • Multiple quotes from vendors are not currently part of the procurement process
    • A lack of formal process can create issues surrounding employee onboarding such as long lead times
    • Not all procurement standards are currently defined
    • Rogue purchases create financial risk

    Receiving:

    • No formal process exists, resulting in no assigned receiving location and no assigned receiving role
    • No automatic asset tracking system exists

    Disposal:

    • No insight into where disposed assets go
    • Formal refresh and disposal system is needed

    Contracts:

    • No central repository exists for contracts
    • No insight into contract lifecycle, hindering negotiation effectiveness and pricing optimization

    Outline hardware asset management challenges

    1.1.1 Brainstorm HAM challenges

    Participants

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security
    • Operations (optional)

    A. As a group, outline the hardware asset management challenges facing the organization.

    Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:

    • Processes and Policies
    • Tracking
    • Procurement
    • Receiving
    • Security and Risk
    • Disposal
    • Contracts

    B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.

    To be effective with hardware asset management, understand the drivers and potential impact to the organization

    Drivers of effective HAM Results of effective HAM
    Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. Improved access to accurate data on contracts, licensing, warranties, installed hardware and software for new contracts, renewals, and audit requests.
    Increased need to meet compliance requires a formal approach to tracking and managing assets, regardless of device type. Encryption, hardware tracking and discovery, software application controls, and change notifications all contribute to better asset controls and data security.
    Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. Reduction of hardware spend by as much as 5% of the total budget through data for better forecasting and planning.
    Assets with sensitive data are not properly secured, go missing, or are not safely disposed of when retired. Document and enforce security policies for end users and IT staff to ensure sensitive data is properly secured, preventing costs much larger than the cost of only the device.

    Each level of HAM maturity comes with its own unique challenges

    Maturity People & Policies Processes Technology
    Chaos
    • No dedicated staff
    • No policies published
    • Procedures not documented or standardized
    • Hardware not safely secured or tagged
    • Hardware purchasing decisions not based on data
    • Minimal tracking tools in place
    Reactive
    • Semi-focused HAM manager
    • No policies published
    • Reliance on suppliers to provide reports for hardware purchases
    • Hardware standards are enforced
    • Discovery tools and spreadsheets used to manage hardware
    Controlled
    • Full-time HAM manager
    • End-user policies published
    • HAM manager involved in budgeting and planning sessions
    • Inventory tracking is in place
    • Hardware is secured and tagged
    • Discovery and inventory tools used to manage hardware
    • Compliance reports run as needed
    Proactive
    • Extended HAM team, including Help Desk, HR, Purchasing
    • Corporate hardware use policies in place and enforced
    • HAM process integrated with help desk and HR processes
    • More complex reporting and integrated financial information and contracts with asset data
    • Hardware requests are automated where possible
    • Product usage reports and alerts in place to harvest and reuse licenses
    • Compliance and usage reports used to negotiate software contracts
    Optimized
    • HAM manager trained and certified
    • Working with HR, Legal, Finance, and IT to enforce policies
    • Quarterly meetings with ITAM team to review policies, procedures, upcoming contracts, and rollouts; data is reviewed before any financial decisions made
    • Full transparency into hardware lifecycle
    • Aligned with business objectives
    • Detailed savings reports provided to executive team annually
    • Automated policy enforcement and process workflows

    Conduct a hardware maturity assessment to understand your starting point and challenges

    1.1.3 Complete HAM Maturity Assessment Tool

    Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.

    An effective asset management project has four essential components, with varying levels of management required

    The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.

    Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.

    Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.

    Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.

    Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.

    See Harness Configuration Management Superpowers to learn more about building a CMDB.

    Classify your hardware assets to determine the scope and strategy of the program

    Asset: A unique device or configuration of devices that enables a user to perform productive work tasks and has a defined location and ownership attributes.

    • Hardware asset management involves tracking and managing physical components from procurement through to retirement. It provides the base for software asset management and is an important process that can lead to improved lifecycle management, service request fulfillment, security, and cost savings through harvesting and redeployment.
    • When choosing your strategy, focus on those devices that are high cost and high risk/function such as desktops, laptops, servers, and mobile devices.

    ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.

    INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.

    COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.

    Classify your hardware assets to define the scope of the program

    1.1.4 Define the assets to be tracked within your organization

    Participants

    • Participants
    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security (optional)
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 1 – Overview & Scope

    1. Determine value/risk threshold at which items should be tracked (e.g. over $1,000 and holding data).
    2. Divide a whiteboard or flip chart into three columns: commodity, asset, and inventory.
    3. Divide participants into groups by functional role to brainstorm devices in use within the organization. Write them down on sticky notes.
    4. Place the sticky notes in the column that best describes the role of the product in your organization.

    Align the scope of the program with business requirements

    CASE STUDY

    Industry Public Administration

    Source Client Case Study

    Situation

    A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.

    The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.

    However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.

    Complication

    The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.

    What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.

    Resolution

    The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.

    Step 1.2: Build team and define metrics

    Phase 1: Assess & Plan

    1.1 Assess current state & plan scope

    1.2 Build team and define metrics

    This step will walk you through the following activities:

    1.2.1 Define responsibilities for Asset Manager and Asset Administrator

    1.2.2 Use a RACI chart to determine roles within HAM team

    1.2.3 Further clarify HAM responsibilities for each role

    1.2.4 Identify HAM reporting requirements

    This step involves the following participants:

    • CIO/CFO
    • IT Director
    • IT Managers
    • Asset Manager
    • Asset Coordinators
    • ITAM Team
    • Service Desk
    • End-User Device Support Team

    Step Outcomes:

    • Defined responsibilities for Asset Manager and Asset Administrator
    • Documented RACI chart assigning responsibility and accountability for core HAM processes
    • Documented responsibilities for ITAM/HAM team
    • Defined and documented KPIs and metrics to meet HAM reporting requirements

    Form an asset management team to lead the project

    Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.

    Delegate the following roles to team members and grow your team accordingly.

    Asset Manager

    • Responsible for setting policy and governance of process and data accuracy
    • Support budget process
    • Support asset tracking processes in the field
    • Train employees in asset tracking processes

    Asset Administrator

    • The front-lines of asset management
    • Communicates with and supports asset process implementation teams
    • Updates and contributes information to asset databases
    Service Desk, IT Operations, Applications
    • Responsible for advising asset team of changes to the IT environment, which may impact pricing or ability to locate devices
    • Works with Asset Coordinator/Manager to set standards for lifecycle stages
    • The ITAM team should visit and consult with each component of the business as well as IT.
    • Engage with leaders in each department to determine what their pain points are.
    • The needs of each department are different and their responses will assist the ITAM team when designing goals for asset management.
    • Consultations within each department also communicates the change early, which will help with the transition to the new ITAM program.

    Info-Tech Insight

    Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.

    Define the responsibilities for core ITAM/HAM roles of Asset Manager and Asset Administrator

    1.2.1 Use Info-Tech’s job description templates to define roles

    The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:

    • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
    • Forming procurement strategies to optimize technology spend across the organization.
    • Developing and implementing procedures for tracking company assets to oversee quality control throughout their lifecycles.

    The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:

    • Updating and maintaining accurate asset records.
    • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
    • Administrative duties within procurement and inventory management.
    • Maintaining records and databases regarding warranties, service agreements, and lifecycle management.
    • Product standardization and tracking.

    Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.

    Organize your HAM team based on where they fit within the strategic, tactical, and operational components

    Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.

    The image shows a flowchart for organizing the HAM team, structured by three components: Strategic (at the top); Tactical (in the middle); and Operational (at the bottom). The chart shows how the job roles flow together within the hierarchy.

    Determine the roles and responsibilities of the team who will support your HAM program

    1.2.2 Complete a RACI

    A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.

    Participants

    • Project Sponsor
    • IT Director, CIO
    • Project Manager
    • IT Managers and Asset Manager(s)
    • ITAM Team

    Document

    Document in the Standard Operating Procedure.

    Instructions:

    1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key initiative steps for the consolidation project along the left side (use this list as a starting point).
    2. For each initiative, identify each team member’s role. Are they:
      • Responsible? The one responsible for getting the job done.
      • Accountable? Only one person can be accountable for each task.
      • Consulted? Involved through input of knowledge and information.
      • Informed? Receive information about process execution and quality.
    3. As you proceed through the initiative, continue to add tasks and assign responsibility to this RACI chart.

    A sample RACI chart is provided on the next slide

    Start with a RACI chart to determine the responsibilities

    1.2.2 Complete a RACI chart for your organization

    HAM Tasks CIO CFO HAM Manager HAM Administrator Service Desk (T1,T2, T3) IT Operations Security Procurement HR Business Unit Leaders Compliance /Legal Project Manager
    Policies and governance A I R I I C I C C I I
    Strategy A R R R R
    Data entry and quality management C I A I C C I I C C
    Risk management and asset security A R C C R C C
    Process compliance auditing A R I I I I I
    Awareness, education, and training I A I I C
    Printer contracts C A C C C R C C
    Hardware contract management A I R R I I R R I I
    Workflow review and revisions I A C C C C
    Budgeting A R C I C
    Asset acquisition A R C C C C I C C
    Asset receiving (inspection/acceptance) I A R R I
    Asset deployment A R R I I
    Asset recovery/harvesting A R R I I
    Asset disposal C A R R I I
    Asset inventory (input/validate/maintain) I I A/R R R R I I I

    Further clarify HAM responsibilities for each role

    1.2.3 Define roles and responsibilities for the HAM team

    Participants

    • Participants IT Asset Managers and Coordinators
    • ITAM Team
    • IT Managers and IT Director

    Document

    1. Discuss and finalize positions to be established within the ITAM/HAM office as well as additional roles that will be involved in HAM.
    2. Review the sample responsibilities below and revise or create responsibilities for each key position within the HAM team.
    3. Document in the HAM Standard Operating Procedures.
    Role Responsibility
    IT Manager
    • Responsible for writing policies regarding asset management and approving final documents
    • Build and revise budget, tracking actual spend vs. budget, seeking final approvals from the business
    • Process definition, communication, reporting and ensuring people are following process
    • Awareness campaign for new policy and process
    Asset Managers
    • Approval of purchases up to $10,000
    • Inventory and contract management including contract review and recommendations based on business and IT requirements
    • Liaison between business and IT regarding software and hardware
    • Monitor and improve workflows and asset related processes
    • Monitor controls, audit and recommend policies and procedures as needed
    • Validate, manage and analyze data as related to asset management
    • Provide reports as needed for decision making and reporting on risk, process effectiveness and other purposes as required
    • Asset acquisition and disposal
    Service Desk
    Desktop team
    Security
    Infrastructure teams

    Determine criteria for success: establish metrics to quantify and demonstrate the results and value of the HAM function

    HAM metrics fall in the following categories:

    HAM Metrics

    • Quantity e.g. inventory levels and need
    • Cost e.g. value of assets, budget for hardware
    • Compliance e.g. contracts, policies
    • Quality e.g. accuracy of data
    • Duration e.g. time to procure or deploy hardware

    Follow a process for establishing metrics:

    1. Identify and obtain consensus on the organization’s ITAM objectives, prioritized if possible.
    2. For each ITAM objective, select two or three metrics in the applicable categories (not all categories will apply to all objectives); be sure to select metrics that are achievable with reasonable effort.
    3. Establish a baseline measurement for each metric.
    4. Establish a method and accountability for ongoing measurement and analysis/reporting.
    5. Establish accountability for taking action on reported results.
    6. As ITAM expands and matures, change or expand the metrics as appropriate.

    Define KPIs and associated metrics

    • Identify the critical success factors (CSFs) for your hardware asset management program based on strategic goals.
    • For each success factor, identify the key performance indicators (KPIs) to measure success and specific metrics that will be tracked and reported on.
    • Sample metrics are below:
    CSF KPI Metrics
    Improve accuracy of IT budget and forecasting
    • Asset costs and value
    • Average cost of workstation
    • Total asset spending
    • Total value of assets
    • Budget vs. spend
    Identify discrepancies in IT environment
    • Unauthorized or failing assets
    • Number of unauthorized assets
    • Assets identified as cause of service failure
    Avoid over purchasing equipment
    • Number of unused and underused computers
    • Number of unaccounted-for computers
    • Money saved from harvesting equipment instead of purchasing new
    Make more-effective purchasing decisions
    • Predicted replacement time and cost of assets
    • Deprecation rate of assets
    • Average cost of maintaining an asset
    • Number of workstations in repair
    Improve accuracy of data
    • Accuracy of asset data
    • Accuracy rate of inventory data
    • Percentage improvement in accuracy of audit of assets
    Improved service delivery
    • Time to deploy new hardware
    • Mean time to purchase new hardware
    • Mean time to deploy new hardware

    Identify hardware asset reporting requirements and the data you need to collect to meet them

    1.2.4 Identify asset reporting requirements

    Participants

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 13: Reporting

    1. Discuss the goals and objectives of implementing or improving hardware asset management, based on challenges identified in Step 1.2.
    2. From the goals, identify the critical success factors for the HAM program
    3. For each CSF, identify one to three key performance indicators to evaluate achievement of the success factor.
    4. For each KPI, identify one to three metrics that can be tracked and reported on to measure success. Ensure that the metrics are tangible and measurable and will be useful for decision making or to take action.
    5. Determine who needs this information and the frequency of reporting.
    6. If you have existing ITAM data, record the baseline metric.
    CSF KPI Metrics Stakeholder/frequency

    Phase 1 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Lay Foundations

    Proposed Time to Completion: 4 weeks

    Step 1.1: Assess current state and plan scope

    Start with an analyst kick-off call:

    • Review challenges.
    • Assess current HAM maturity level.
    • Define scope of HAM program.

    Then complete these activities…

    • Complete MGD (optional).
    • Outline hardware asset management challenges.
    • Conduct HAM maturity assessment.
    • Classify hardware assets to define scope of the program.

    With these tools & templates:

    HAM Maturity Assessment

    Standard Operating Procedures

    Step 1.2: Build team and define metrics

    Review findings with analyst:

    • Define roles and responsibilities.
    • Assess reporting requirements.
    • Document metrics to track.

    Then complete these activities…

    • Define responsibilities for Asset Manager and Asset Administrator.
    • Use a RACI chart to determine roles within HAM team.
    • Document responsibilities for HAM roles.
    • Identify HAM reporting requirements.

    With these tools & templates:

    RACI Chart

    Asset Manager and Asset Administrator Job Descriptions

    Standard Operating Procedures

    Phase 1 Results & Insights:

    For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.4 Classify hardware assets to define scope of the program

    Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.

    1.2.2 Build a RACI chart to determine responsibilities

    Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.

    Phase 2

    Procure and Receive

    Implement Hardware Asset Management

    Step 2.1: Request and Procure Hardware

    Phase 2: Procure & Receive

    2.1 Request & Procure

    2.2 Receive & Deploy

    This step will walk you through the following activities:

    2.1.1 Identify IT asset procurement challenges

    2.1.2 Define standard hardware requests

    2.1.3 Document standard hardware request procedure

    2.1.4 Build a non-standard hardware request form

    2.1.5 Make lease vs. buy decisions for hardware assets

    2.1.6 Document procurement workflow

    2.1.7 Build a purchasing policy

    This step involves the following participants:

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Step Outcomes:

    • Definition of standard hardware requests for roles, including core vs. optional assets
    • End-user request process for standard hardware
    • Non-standard hardware request form
    • Lease vs. buy decisions for major hardware assets
    • Defined and documented procurement workflow
    • Documented purchasing policy

    California saved $40 million per year using a green procurement strategy

    CASE STUDY

    Industry Government

    Source Itassetmanagement.net

    Challenge

    Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.

    In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.

    Solution

    A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).

    A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.

    Other changes, including improved software license compliance and data center consolidation, were also enacted.

    Results

    Because of the scale of this hardware refresh, the small changes meant big savings.

    A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.

    Improve your hardware asset procurement process to…

    Asset Procurement

    • Standardization
    • Aligned procurement processes
    • SLAs
    • TCO reduction
    • Use of centralized/ single POC

    Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.

    Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.

    Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.

    Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.

    Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.

    Identify procurement challenges to identify process improvement needs

    2.1.1 Identify IT asset procurement challenges

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    1. As a group, brainstorm existing challenges related to IT hardware requests and procurement.
    2. If you get stuck, consider the common challenges listed below.
    3. Use the results of the discussion to focus on which problems can be resolved and integrated into your organization as operational standards.

    Document hardware standards to speed time to procure and improve communications to users regarding options

    The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:

    • What constitutes a non-standard request?
    • Who is responsible for evaluating each type of request? Will there be one individual or will each division in IT elect a representative to handle requests specific to their scope of work?
    • What additional security measures need to be taken?
    • Are there exceptions made for specific departments or high-ranking individuals?

    If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.

    Once you’ve answered questions like these, you can outline your hardware standards as in the example below:

    Use Case Mobile Standard Mac Standard Mobile Power User
    Asset Lenovo ThinkPad T570 iMac Pro Lenovo ThinkPad P71
    Operating system Windows 10 Pro Mac OSX Windows 10 Pro, 64 bit
    Display 15.6" 21.5" 17.3”

    Memory

    32GB 8GB 64GB
    Processor Intel i7 – 7600U Processor 2.3GHz Xeon E3 v6 Processor
    Drive 500GB 1TB 1TB
    Warranty 3 year 1 year + 2 extended 3 year

    Info-Tech Insight

    Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.

    Document specifications to meet environmental, security, and manageability requirements

    Determine environmental requirements and constraints.

    Power management

    Compare equipment for power consumption and ability to remotely power down machines when not in use.

    Heat and noise

    Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.

    Carbon footprint

    Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.

    Ensure security requirements can be met.

    • Determine if network/wireless cards meet security requirements and if USB ports can be turned off to prevent removal of data.
    • Understand the level of security needed for mobile devices including encryption, remote shut down or wipe of hard drives, recovery software, or GPS tracking.
    • Decide if fingerprint scanners with password managers would be appropriate to enable tighter security and reduce the forgotten-password support calls.

    Review features available to enhance manageability.

    • Discuss manageability goals with your IT team to see if any can be solved with added features, for example:
      • Remote control for troubleshooting and remote management of data security settings.
      • Asset management software or tags for bar coding, radio frequency identification (RFID), or GPS, which could be used in combination with strong asset management practices to inventory, track, and manage equipment.

    If choosing refurbished equipment, avoid headaches by asking the right questions and choosing the right vendor

    • Is the equipment functional and for how long is it expected to last?
    • How long will the vendor stand behind the product and what support can be expected?
      • This is typically two to five years, but will vary from vendor to vendor.
      • Will they repair or replace machines? Many will just replace the machine.
    • How big is the inventory supply?
      • What kind of inventory does the vendor keep and for how long can you expect the vendor to keep it?
      • How does the vendor source the equipment and do they have large quantities of the same make and model for easier imaging and support?
    • How complete is the refurbishment process?
      • Do they test all components, replace as appropriate, and securely wipe or replace hard drives?
      • Are they authorized to reload MS Windows OEM?
    • Is the product Open Box or used?
      • Open Box is a new product returned back to the vendor. Even if it is not used, the product cannot be resold as a new product. Open Box comes with a manufacturer’s warranty and the latest operating system.
      • If used, how old is the product?

    "If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group

    Info-Tech Insight

    Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.

    Define standard hardware requests, including core and optional assets

    2.1.2 Identify standards for hardware procurement by role

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document in the Standard Operating Procedures, Section 7: Procurement.

    1. Divide a whiteboard into columns representing all major areas of the business.
    2. List the approximate number of end users present at each tier and record these totals on the board.
    3. Distribute sticky notes. Use two different sizes: large sizes represent critically important hardware and small sizes represent optional hardware.
    4. Define core hardware assets for each division as well as optional hardware assets.
    5. Focus on the small sticky notes to determine if these optional purchases are necessary.
    6. Finalize the group decision to determine the standard hardware procurement for each role in the organization. Record results in a table similar to the example below:
    Department Core Hardware Assets Optional Hardware Assets
    IT PC, tablet, monitor Second monitor
    Sales PC, monitor Laptop
    HR PC, monitor Laptop
    Marketing PC (iMac) Tablet, laptop

    Document procedures for users to make standard hardware requests

    2.1.3 Document standard hardware request procedure

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document in the Standard Operating Procedures, Section 6: End-User Request Process.

    Discuss and document the end-user request process:

    1. In which cases can users request a primary device?
    2. In which cases can users request a secondary (optional device)?
    3. What justification is needed to approve of a secondary device?
      1. E.g. The request for a secondary device should be via email to the IS Projects and Procurements Officer. This email should outline the business case for why multiple devices are required.
    4. Will a service catalog be available and integrated with an ITAM solution for users to make standard requests? If so, can users also configure their options?
    5. Document the process in the standard operating procedure. Example:

    End-User Request Process

    • Hardware and software will be purchased through the user-facing catalog.
    • Peripherals will be ordered as needed.
    • End-user devices will be routed to business managers for approval prior to fulfillment by IT.
    • Requests for secondary devices must be accompanied by a business case.
    • Equipment replacements due to age will be managed through IT replacement processes.

    Improve the process for ordering non-standard hardware by formalizing the request process, including business needs

    2.1.4 Build a non-standard hardware request form

    • Although the goal should be to standardize as much as possible, this isn’t always possible. Ensure users who are requesting non-standard hardware have a streamlined process to follow that satisfies the justifications for increased costs to deliver.
    • Use Info-Tech’s template to build a non-standard hardware request form that may be used by departments/users requesting non-standard hardware in order to collect all necessary information for the request to be evaluated, approved, and sent to procurement.
    • Ensure that the requestor provides detailed information around the equipment requested and the reason standard equipment does not suffice and includes all required approvals.
    • Include instructions for completing and submitting the form as well as expected turnaround time for the approval process.

    Info-Tech Insight

    Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”

    Identify the information you need to collect to ensure a smooth purchasing process

    Categories Peripherals Desktops/Laptops Servers
    Financial
    • Operational expenses
    • Ordered for inventory with the exceptions of monitors that will be ordered as needed
    • Equipment will be purchased through IT budget
    • Capital expenses
    • Ordered as needed…
    • Inventory kept for…
    • End-user devices will be purchased through departmental budgets
    • Capital expenses
    • Ordered as needed to meet capacity or stability requirements
    • Devices will be purchased through IT budgets
    Request authorization
    • Any user can request
    • Users who are traveling can purchase and expense peripherals as needed, with manager approvals
    • Tier 3 technicians
    Required approvals
    • Manager approvals required for monitors
    • Infrastructure and applications manager up to [$]
    • CIO over [$]
    Warranty requirements
    • None
    • Three years
    • Will be approved with project plan
    Inventory requirements
    • Minimum inventory at each location of 5 of each: mice, keyboards, cables
    • Docking stations will be ordered as needed
    • Laptops (standard): 5
    • Laptops (ultra light): 1
    • Desktops: 5
    • Inventory kept in stock as per DR plan
    Tracking requirements
    • None
    • Added to ITAM database, CMDB
    • Asset tag to be added to all equipment
    • Added to ITAM database, CMDB

    Info-Tech Best Practice

    Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.

    Develop a procurement plan to get everyone in the business on the same page

    • Without an efficient and structured process around how IT purchases are budgeted and authorized, maverick spending and dark procurement can result, limiting IT’s control and visibility into purchases.
    • The challenge many IT departments face is that there is a disconnect between meeting the needs of the business and bringing in equipment according to existing policies and procedures.
    • The asset manager should demonstrate how they can bridge the gaps and improve tracking mechanisms at the same time.

    Improve procurement decisions:

    • Demonstrate how technology is a value-add.
    • Make a clear case for the budget by using the same language as the rest of the business.
    • Quantify the output of technology investments in tangible business terms to justify the cost.
    • Include the refresh cycle in the procurement plan to ensure mission- critical systems will include support and appropriate warranty.
    • Plan technology needs for the future and ensure IT technology will continue to meet changing needs.
    • Synchronize redundant organizational procurement chains in order to lower cost.

    Document the following in your procurement procedure:

    • Process for purchase requests
    • Roles and responsibilities, including requestors and approvers
    • Hardware assets to purchase and why they are needed
    • Timelines for purchase
    • Process for vendors

    Info-Tech Insight

    IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.

    Determine if it makes sense to lease or buy your equipment; weigh the pros and cons of leasing hardware

    Pros

    • Keeps operational costs low in the short term by containing immediate cost.
    • Easy, predictable payments makes it easier to budget for equipment over long term.
    • Get the equipment you need to start doing business right away if you’re just starting out.
    • After the leasing term is up, you can continue the lease and update your hardware to the latest version.
    • Typical leases last 2 or 3 years, meaning your hardware can get upgrades when it needs it and your business is in a better position to keep up with technology.
    • Leasing directly from the vendor provides operational flexibility.
    • Focus on the business and let the vendor focus on equipment service and updates as you don’t have to pay for maintenance.
    • Costs structured as OPEX.

    Cons

    • In the long term, leasing is almost always more expensive than buying because there’s no equity in leased equipment and there may be additional fees and interest.
    • Commitment to payment through the entire lease period even if you’re not using the equipment anymore.
    • Early termination fees if you need to get out of the lease.
    • No option to sell equipment once you’re finished with it to make money back.
    • Maintenance is up to leasing company’s specifications.
    • Product availability may be limited.

    Recommended for:

    • Companies just starting out
    • Business owners with limited capital or budget
    • Organizations with equipment that needs to be upgraded relatively often

    Weigh the pros and cons of purchasing hardware

    Pros

    • Complete control over assets.
    • More flexible and straightforward procurement process.
    • Tax incentives: May be able to fully deduct the cost of some newly purchased assets or write off depreciation for computers and peripherals on taxes.
    • Preferable if your equipment will not be obsolete in the next two or three years.
    • You can resell the asset once you don’t need it anymore to recover some of the cost.
    • Customization and management of equipment is easier when not bound by terms of leasing agreement.
    • No waiting on vendor when maintenance is needed; no permission needed to make changes.

    Cons

    • High initial cost of investment with CAPEX expense model.
    • More paperwork.
    • You (as opposed to vendor) are responsible for equipment disposal in accordance with environmental regulations.
    • You are responsible for keeping up with upgrades, updates, and patches.
    • You risk ending up with out-of-date or obsolete equipment.
    • Hardware may break after terms of warranty are up.

    Recommended for:

    • Established businesses
    • Organizations needing equipment with long-term lifecycles

    Make a lease vs. buy decision for equipment purchases

    2.1.4 Decide whether to purchase or lease

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document policy decisions in the Standard Operating Procedures – Section 7: Procurement

    1. Identify hardware equipment that requires a purchase vs. lease decision.
    2. Discuss with Finance whether it makes sense to purchase or lease each major asset, considering the following:
    • Costs of equipment through each method
    • Tax deductions
    • Potential resale value
    • Potential revenue from using the equipment
    • How quickly the equipment will be outdated or require refresh
    • Size of equipment
    • Maintenance and support requirements
    • Overall costs
  • The leasing vs. buying decision should take considerable thought and evaluation to make the decision that best fits your organizational needs and situation.
  • Determine appropriate warranty and service-level agreements for your organization

    Determine acceptable response time, and weigh the cost of warranty against the value of service.

    • Standard warranties vary by manufacturer, but are typically one or three years.
    • Next-day, onsite service may be part of the standard offering or may be available as an uplift.
    • Four-hour, same-day service can also be added for high availability needs.
    • Extended warranties can be purchased beyond three years, although not many organizations take advantage of this offering.
    • Other organizations lower or remove the warranty and have reported savings of as much as $150 per machine.

    Speak to your partner to see how they can help the process of distributing machines.

    • Internal components change frequently with laptops and desktops. If purchasing product over time rather than buying in bulk, ensure the model will be available for a reasonable term to reduce imaging and support challenges.
    • Determine which services are important to your organization and request these services as part of the initial quote. If sending out a formal RFQ or RFP, document required services and use as the basis for negotiating SLAs.
    • Document details of SLA, including expectations of services for manufacturer, vendor, and internal team.
    • If partner will be providing services, request they stock an appropriate number of hot spares for frequently replaced parts.
    • If self-certifying, review resource capabilities, understand skill and certification requirements; for example, A+ certification may be a pre-requisite.
    • Understand DOA policy and negotiate a “lemon policy,” meaning if product dies within 15 or 30 days it can be classified as DOA. Seek clarity on return processes.

    Consider negotiation strategies, including how and when to engage with different partners during acquisition

    Direct Model

    • Dell’s primary sales model is direct either through a sales associate or through its e-commerce site. Promotions are regularly listed on the website, or if customization is required, desktops and laptops have some flexibility in configuration. Discounts can be negotiated with a sales rep on quantity purchases, but the discount level changes based on the model and configuration.
    • Other tier-one manufacturers typically sell direct only from their e-commerce sites, providing promotions based on stock they wish to move, and providing some configuration flexibility. They rely heavily on the channel for the majority of their business.

    Channel Model

    • Most tier one manufacturers have processes in place to manage a smaller number of partners rather than billing and shipping out to individual customers. Deviating from this process and dealing direct with end customers can create order processing issues.
    • Resellers have the ability to negotiate discounts based on quantities. Discounts will vary based on model, timing (quarter or year end), and quantity commitment.
    • Negotiations on large quantities should involve a manufacturer rep as well as the reseller to clearly designate roles and services, ensure processes are in place to fulfill your needs, and agree on pricing scheme. This will prevent misunderstandings and bring clarity to any commitments.
    • Often the channel partners are authorized to provide repair services under warranty for the manufacturer.
    • Dell also uses the channel model for distribution where customers demand additional services.

    Expect discounts to reflect quantity and method of purchase

    Transaction-based purchases will receive the smallest discounting.

    • Understand requirements to find the most appropriate make and model of equipment.
    • Prepare a forecast of expected purchases for the year and discuss discounting.
    • Typically initial discounts will be 3-5% off suggested retail price.
    • Once a history is in place, and the vendor is receiving regular orders, it may extend deeper discounts.

    Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.

    • Examine shipping options and costs to take advantage of bulk deliveries; in some cases vendors may waive shipping fees as an extension of the discounting.
    • If choosing end-of-line product, ensure appropriate quantity of a single model is available to efficiently roll out equipment.
    • Various pricing models can be used to obtain best price.

    Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.

    • Discuss all required services as part of negotiation to ensure there are no surprise charges.
    • Several pricing models can be used to obtain the best price.
      • Suggested retail price minus as much as 20%.
      • Cost plus 3% up to 10% or more.
      • Fixed price based on negotiating equipment availability with budget requirements.

    If sending out to bid, determine requirements and scoring criteria

    It’s nearly impossible to find two manufacturers with the exact same specifications, so comparisons between vendors is more art than science.

    New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:

    • Define and document minimum technology requirements.
    • Define and document service needs.
    • Compare vendors to see if they’ve met the criteria or not; if yes, compare prices.
    • If the vendors have included additional offerings, see if they make sense for your organization. If they do, include that in the scoring. If not, exclude and score based on price.
    • Recognize that the complexity of the purchase will dictate the complexity of scoring.

    "The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board

    Document and analyze the hardware procurement workflow to streamline process

    The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.

    Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.

    A poorly designed procurement workflow:

    • Includes many bottlenecks, stopping and starting points.
    • May impact project and service requests and requires unrealistic lead times.
    • May lead to lost productivity for users and lost credibility for the IT department.

    A well-designed hardware procurement workflow:

    • Provides reasonable lead times for project managers and service or hardware request fulfillment.
    • Provides predictability for technical resources to plan deployments.
    • Reduces bureaucracy and workload for following up on missing shipments.
    • Enables improved documentation of assets to start lifecycle management.

    Info-Tech Insight

    Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.

    Document and analyze your procurement workflow to identify opportunities for improvement and communicate process

    Determine if you need one workflow for all equipment or multiples for small vs. large purchases.

    Occasionally large rollouts require significant changes from lower dollar purchases.

    Watch for:

    • Back and forth communications
    • Delays in approvals
    • Inability to get ETAs from vendors
    • Too many requests for quotes for small purchases
    • Entry into asset database

    This sample can be found in the HAM Process Workflows.

    The image shows a workflow, titled Procurement-Equipment-Small Quantity. On the left, the chart is separated into categories: IT Procurment; Tier 2 or Tier 3; IT Director; CIO.

    Design the process workflow for hardware procurement

    2.1.6 Illustrate procurement workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 7: Procurement

    1. In a group, distribute sticky notes or cue cards.
    2. Designate a space on the table/whiteboard to plot the workflow.
    3. Determine which individuals are responsible for handling non-standard requests. Establish any exceptions that may apply to your defined hardware standard.
    4. Gather input from Finance on what the threshold will be for hardware purchases that will require further approval.
    5. Map the procurement process for a standard hardware purchase.
    6. If applicable, map the procurement process for a non-standard request separately.
    7. Evaluate the workflow to identify any areas of inefficiency and make any changes necessary to improve the process.
    8. Be sure to discuss and include:
      • All necessary approvals
      • Time required for standard equipment process
      • Time required for non-standard equipment process
      • How information will be transferred to ITAM database

    Document and share an organizational purchasing policy

    2.1.7 Build a purchasing policy

    A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.

    Implement a purchasing policy to prevent or reduce:

    • Costly corporate conflict of interest cases.
    • Unauthorized purchases of non-standard, difficult to support equipment.
    • Unauthorized purchases resulting in non-traceable equipment.
    • Budget overruns due to decentralized, equipment acquisition.

    Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.

    Step 2.2: Receive and Deploy Hardware

    Phase 2: Procure & Receive

    2.1 Request & Procure

    2.2 Receive & Deploy

    This step will walk you through the following activities:

    2.2.1 Select appropriate asset tagging method

    2.2.2 Design workflow for receiving and inventorying equipment

    2.2.3 Document the deployment workflow(s)

    This step involves the following participants:

    • Asset Manager
    • Purchasing
    • Receiver (optional)
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Understanding of the pros and cons of various asset tagging methods
    • Defined asset tagging method, process, and location by equipment type
    • Identified equipment acceptance, testing, and return procedures
    • Documented equipment receiving and inventorying workflow
    • Documented deployment workflows for desktop hardware and large-scale deployments

    Cisco implemented automation to improve its inventory and deployment system

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.

    Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.

    Sharing information with management and end users also required the generation of reports – another manual task.

    Solution

    The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.

    Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.

    Results

    As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.

    The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.

    Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.

    This case study continues in phase 3.

    An effective equipment intake process is critical to ensure product is correct, documented, and secured

    Examine your current process for receiving assets. Typical problems include:

    Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.

    Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.

    Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.

    How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.

    A workflow will help to answer questions such as:

    • How do you deal with damaged shipments? Incorrect shipments?
    • Did you reach an agreement with the vendor to replace damaged/incorrect shipments within a certain timeframe?
    • When does the product get tagged and entered into the system as received?
    • What information needs to get captured on the asset tag?

    Standardize the process for receiving your hardware assets

    The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.

    Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.

    People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.

    Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.

    Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.

    Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.

    Info-Tech Insight

    Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    RFID with barcoding – asset tag with both a barcode and RFID solution $$$$
    • Secure, fast, and robust
    • Track assets in real time
    • Quick and efficient
    • Most expensive option, requiring purchase of barcode scanner with RFID reader and software)
    • Does not work as well in an environment with less control over assets
    • Requires management of asset database
    • Best in a controlled environment with mature processes and requirement for secure assets
    RFID only – small chip with significant data capacity $$$
    • Track assets from remote locations
    • RFID can be read through boxes so you don’t have to unpack equipment
    • Scan multiple RFID-tagged hardware simultaneously
    • Large data capacity on small chip
    • Expensive, requiring purchase of RFID reading equipment and software
    • Ideal if your environment is spread over multiple locations
    Barcoding only – adding tags with unique barcodes $$
    • Reasonable security
    • Report inventory directly to database
    • Relatively low cost
    • Only read one at a time
    • Need to purchase barcode scanners and software
    • Can be labor intensive to deploy with manual scanning of individual assets
    • Less secure
    • Can’t hold as much data
    • Not as secure as barcodes with RFID but works for environments that are more widely distributed and less controlled

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    QR codes – two-dimensional codes that can store text, binary, image, or URL data $$
    • Easily scannable from many angles
    • Save and print on labels
    • Can be read by barcode scanning apps or mobile phones
    • Can encode more data than barcodes
    • QR codes need to be large enough to be usable, which can be difficult with smaller IT assets
    • Scanning on mobile devices takes longer than scanning barcodes
    • Ideal if you need to include additional data and information in labels and want workers to use smartphones to scan labels
    Manual tags – tag each asset with your own internal labels and naming system $
    • Most affordable
    • Manual
    • Tags are not durable
    • Labor intensive and time consuming
    • Leaves room for error, misunderstanding, and process variances between locations
    • As this is the most time consuming and resource intensive with a low payoff, it is ideal for low maturity organizations looking for a low-cost option for tagging assets
    Asset serial numbers – tag assets using their serial number $
    • Less expensive
    • Unique serial numbers identified by vendor
    • Serial numbers have to be added to database manually, which is labor intensive and leaves room for error
    • Serial numbers can rub off over time
    • Hard to track down already existing assets
    • Doesn’t help track location of assets after deployment
    • Potential for duplicates
    • Inconsistent formats of serial numbers by manufacturers makes this method prone to error and not ideal for asset management

    Select the appropriate method for tagging and tracking your hardware assets

    2.2.1 Select asset tagging method

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 8

    1. Define your asset tagging method. For most organizations, asset tracking is done via barcoding or QR codes, either by using one method or a combination of the two. Other methods, including RFID, may be applicable based on cost or tracking complexity. Overall, barcodes embedded with RFID are the most robust and efficient method for asset tagging, but also the most expensive. Choose the best method for your organization, taking into account affordability, labor-intensiveness, data complexity needs, and ease of deployment.
    2. Define the process for tagging assets, including how soon they should receive the tag, whose responsibility it is, and whether the tag type varies depending on the asset type.
    3. Define the location of asset tags according to equipment type. Example:
    Asset Type Asset Tag Location
    PC desktop Right upper front corner
    Laptop Right corner closest to user when laptop is closed
    Server Right upper front corner
    Printer Right upper front corner
    Modems Top side, right corner

    Inspect and test equipment before accepting it into inventory to ensure it’s working according to specifications

    Upon receipt of procured hardware, validate the equipment before accepting it into inventory.

    1. Receive - Upon taking possession of the equipment, stage them for inspection before placing them into inventory or deploying for immediate use.
    2. Inspect - The inspection process should involve at minimum examining the products that have been delivered to determine conformance to purchase specifications.
    3. Test -Depending on the type and cost of hardware, some assets may benefit from additional testing to determine if they perform at a satisfactory level before being accepted.
    4. Accept - If the products conform to the requirements of the purchase order, acknowledge receipt so the supplier may be paid. Most shipments are automatically considered as accepted and approved for payment within a specific timeframe.

    Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:

    • The products conform to purchase order requirements.
    • The quantity ordered is the same as the quantity delivered.
    • There is no damage to equipment.
    • Delivery documentation is acceptable.
    • Products are operable and perform according to specifications.
    • If required, document an acceptance testing process as a separate procedure.

    Build the RMA procedure into the receiving process to handle receipt of defective equipment

    The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.

    If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:

    • Call the vendor to receive a unique RMA number that will be attached to the equipment to be returned, then follow manufacturer specifications for returning equipment within allowable timelines according to the contract where applicable.
    • Establish a lemon policy with vendors, allowing for full returns up to 30 days after equipment is deployed if the product proves defective after initial acceptance.

    Info-Tech Insight

    Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.

    Info-Tech Best Practice

    Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.

    Determine what equipment should be stocked for quick deployment where demand is high or speed is crucial

    The most important feature of your receiving and inventory process should be categorization. A well-designed inventory system should reflect not only the type of asset, but also the usage level.

    A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:

    A

    A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.

    A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.

    B

    B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.

    B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.

    C

    C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.

    C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.

    Info-Tech Insight

    Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.

    Define the process for receiving equipment into inventory

    Define the following in your receiving process:

    • When will equipment be opened once delivered?
    • Who will open and validate equipment upon receipt?
    • How will discrepancies be resolved?
    • When will equipment be tagged and identified in the tracking tool?
    • When will equipment be locked in secure storage?
    • Where will equipment go if it needs to be immediately deployed?

    The image shows a workflow chart titled Receiving and Tagging. The process is split into two sections, labelled on the left as: Desktop Support Team and Procurement.

    Design the workflow for receiving and inventorying equipment

    2.2.2 Illustrate receiving workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Use the sample workflow from this step as a guide if starting from scratch.
    4. Engage the team in refining the process workflow.
    5. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the SOP.

    Improve device deployment by documenting software personas for each role

    • Improve the deployment process for new users by having a comprehensive list of software used by common roles within the organization. With large variations in roles, it may be impossible to build a complete list, but as you start to see patterns in requirements, you may find less distinct personas than anticipated.
    • Consider a survey to business units to determine what they need if this will solve some immediate problems. If this portion of the project will be deferred, use the data uncovered in the discovery process to identify which software is used by which roles.
    • Replacement equipment can have the software footprint created by what was actually utilized by the user, not necessarily what software was installed on the previous device.

    The image shows 4 bubbles, representing software usage. The ARC-GIS bubble is the largest, Auto CAD the second largest, and MS Office and Adobe CS equal in size.

    A software usage snapshot for an urban planner/engineer.

    • Once software needs are determined, use this information to review the appropriate device for each persona.
      • Ensure hardware is appropriate for the type of work the user does and supports required software.
      • If it is more appropriate for a user to have a tablet, ensure the software they use can be used on any device.
    • Review deployment methods to determine if there is any opportunity to improve the imaging or software deployment process with better tools or methodologies.
    • Document the device’s location if it will be static, or if the user may be more mobile, add location information for their primary location.
    • Think about the best place to document – if this information can be stored in Active Directory and imported to the ITAM database, you can update once and use in multiple applications. But this process is built into your add/move/change workflows.

    Maintain a lean library to simplify image management

    Simplify, simplify, simplify. Use a minimal number of desktop images and automate as much as you can.

    • Embrace minimalism. When it comes to managing your desktop image library, your ultimate goal should be to minimize the manual effort involved in provisioning new desktops.
    • Less is more. Try to maintain as few standard desktop images as possible and consider a thin gold image, which can be patched and updated on a regular basis. A thin image with efficient application deployment will improve the provisioning process.
    • Standardize and repeat. System provisioning should be a repeatable process. This means it is ripe for standardization and automation. Look at balancing the imaging process with software provisioning, using group policy and deployment tools to reduce time to provision and deliver equipment.
    • Outsource where appropriate. Imaging is one of the most employed services, where the image is built in-house and deployed by the hardware vendor. As a minimum, quarterly updates should still be provided to integrate the latest patches into the operating system.

    Document the process workflow for hardware deployment

    Define the process for deploying hardware to users.

    Include the following in your workflow:

    • How will equipment be configured and imaged before deployment?
    • Which images will be used for specific roles?
    • Which assets are assigned to specific roles?
    • How will the device status be changed in the ITAM tool once deployed?

    The image shows a workflow chart titled Hardware Deployment. It is divided into two categories, listed on the left: Desktop Support Team and Procurement.

    Large-scale deployments should be run as projects, benefitting from economies of scale in each step

    Large-scale desktop deployments or data center upgrades will likely be managed as projects.

    These projects should include project plans, including resources, timelines, and detailed procedures.

    Define the process for large-scale deployment if it will differ from the regular deployment process.

    The image is a graphic of a flowchart titled Deployment-Equipment-Large Quantity Rollout. It is divided into three categories, listed on the left: IT Procurement; Desktop Rollout Team; Asset Manager.

    Document the deployment workflow(s)

    2.2.3 Document deployment workflows for desktop and large-scale deployment

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 9: Deployment

    Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for it.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If yes, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Look for opportunities to improve the request and deployment process with better communication and tools

    The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.

    • Work with the procurement and the services team to ensure inventory is accessible, and regularly validate that inventory levels in the ITAM database are accurate.
    • Work with the HR department to predict (where possible) anticipated new hires. Plan for inventory ebbs and flows to match the hiring timelines where there are large variations.
    • If service catalogs will be made available for communicating options and SLAs for equipment purchases, work with the service catalog administrators to automate inventory checks and notifications. Work with the end-user device managers to set standards and reduce equipment variations to a manageable amount.
    • Where deployments are part of equipment refresh, ensure data is up to date for the services team to plan the project rollouts and know which software should be redeployed with the devices.
    • Infrastructure and security teams may have specific hardware assets relating to networking, data centers, and security, which may bypass the end-user device workflows but need to be tagged and entered into inventory early in the process. Work with these teams to have their equipment follow the same receiving and inventory processes. Deployment will vary based on equipment type and location.

    Automate hardware deployment where users are dispersed and deployment volume is high

    Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.

    Benefits of using vending machines:

    • Secure equipment until deployed.
    • Equipment can be either purchased by credit card or linked to employee ID cards, enabling secure transactions and reporting.
    • Access rights can be controlled in real time, preventing terminated employees from accessing equipment or managing how many devices can be deployed to each user.
    • Vending machines can be managed through a cellular or wireless network.
    • Technology partners can be tasked with monitoring and refilling vending machines.
    • Employees are able to access technology wherever a vending machine can be located rather than needing to travel to the help desk.
    • Equipment loans and new employee packages can be managed through vending machines.

    Phase 2 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Request, Procure, Receive, and Deploy

    Proposed Time to Completion: 4 weeks

    Step 2.1: Request & Procure

    Start with an analyst kick-off call:

    • Define standard and non-standard hardware.
    • Weigh the pros and cons of leasing vs. buying.
    • Build the procurement process.

    Then complete these activities…

    • Define standard hardware requests.
    • Document standard hardware request procedure.
    • Document procurement workflow.
    • Build a purchasing policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Non-Standard Hardware Request Form
    • Hardware Procurement Workflow
    • Purchasing Policy

    Step 2.2: Receive & Deploy

    Review findings with analyst:

    • Determine appropriate asset tagging method.
    • Define equipment receiving process.
    • Define equipment deployment process.

    Then complete these activities…

    • Select appropriate asset tagging method.
    • Design workflow for receiving and inventorying equipment.
    • Document the deployment workflow(s).

    With these tools & templates:

    • Standard Operating Procedures
    • Equipment Receiving & Tagging Workflow
    • Deployment Workflow

    Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.2 Define standard hardware requests

    Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.

    2.2.1 Select appropriate method for tagging and tracking assets

    Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.

    Phase 3

    Maintain and Dispose

    Implement Hardware Asset Management

    Cisco overcame organizational resistance to change to improve asset security

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.

    Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.

    Solution

    The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.

    Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.

    Results

    Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.

    On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.

    A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.

    This case study continues in phase 4

    Step 3.1: Manage, Maintain, and Secure Hardware Assets

    Phase 3: Maintain & Dispose

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.1.1 Build a MAC policy and request form

    3.1.2 Build workflows to document user MAC processes

    3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.4 Revise or create an asset security policy

    This step involves the following participants:

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    • Security Department

    Step Outcomes

    • Understanding of inventory management process best practices
    • Templates for move/add/change request policy and form
    • Documented process workflows for the user move/add/change process
    • Process and policies for hardware maintenance, warranty, and support documentation handling
    • Defined policies for maintaining asset security

    Determine methods for performing inventory audits on equipment

    Auto-discovery

    • Auto-discovery tools will be crucial to the process of understanding what equipment is connected to the network and in use.
    • The core functionality of discovery tools is to scan the environment and collect configuration data from all connected assets, but most tools can also be used to collect usage data, network monitoring, and software asset management data including software distribution, compliance, and license information.
    • These tools may not connect to peripheral devices such as monitors and external drives, will not scan devices that are turned off or disconnected from the network, may not inventory remote users, and will rarely provide location information. This often results in a need to complete physical audits as well.

    Info-Tech Insight

    One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.

    Physical audit

    • The physical audit can be greatly improved with barcode, RFID, or QR codes, allowing items to be scanned, records opened, then updated.
    • If not everything is tagged or entered into the ITAM database, then searching closets, cabinets, and desk drawers may be required to tag and enter those devices into the database.
    • Provide the inventory team with exact instructions on what needs to be collected, verified, and recorded. Depending on the experience and thoroughness of the team, spot checks early in the process may alleviate quality issues often discovered at the end of the inventory cycle.

    Determine requirements for performing inventory audits on equipment

    Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.

    Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.

    Item Target Stock Levels Estimated $ Value
    Desktop computers
    Standard issue laptops
    Mice
    Keyboards
    Network cables
    Phones

    Info-Tech Insight

    Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.

    Build an inventory management process to maintain an accurate view of owned hardware assets

    • Your inventory should capture which assets are on hand, where they are located, and who owns them, at minimum. Maintaining an accurate, up-to-date view of owned hardware assets allows you to see at any time the actual state of the components that make up your infrastructure across the enterprise.
    • Automated inventory practices save time and effort from doing physical inventories and also reduce the interruption to business users while improving accuracy of data.
    • If you are just starting out, define the process for conducting an inventory of deployed assets, and then define the process for regular upkeep and audit of inventory data.

    Inventory Methods

    • Electronic – captures networked asset information only and can be deployed over the network with no deskside service interaction.
    • Physical – captures environmental detail and must be performed manually by a service technician with possible disruption to users.
    • Full inventory – both physical and electronic inventory of assets.

    Internal asset information to collect electronically

    • Hardware configuration
    • Installed software
    • Operating system
    • System BIOS
    • Network configuration
    • Network drive mappings
    • Printer setups
    • System variables

    External asset information that cannot be detected electronically

    • Assigned user
    • Associated assets
    • Asset/user location
    • Usage of asset
    • Asset tag number

    IMAC (Install, Move, Add, Change) services will form the bulk of asset management work while assets are deployed

    IMAC services are usually performed at a user’s deskside by a services technician and can include:

    • Installing new desktops or peripherals
    • Installing or modifying software
    • Physically moving an end user’s equipment
    • Upgrading or adding components to a desktop

    Specific activities may include:

    Changes

    • Add new user IDs
    • Manage IDs
    • Network changes
    • Run auto-discovery scan

    Moves

    • Perform new location site survey
    • Coordinate with facilities
    • Disconnect old equipment
    • Move to new location
    • Reconnect at new location
    • Test installed asset
    • Obtain customer acceptance
    • Close request

    Installs and Adds

    • Perform site survey
    • Perform final configuration
    • Coordinate with Facilities
    • Asset tagging
    • Transfer data from old desktop
    • Wipe old desktop hard drive
    • Test installed asset
    • Initiate auto-discovery scan
    • Obtain customer acceptance
    • Close request

    A strong IMAC request process will lessen the burden on IT asset managers

    • When assets are actively in use, Asset Managers must also participate in the IMAC (Install-Move-Add-Change) process and ensure that any changes to asset characteristics or locations are updated and tracked in the asset management tool and that the value and usefulness of the asset is monitored.
    • The IMAC process should not only be reactive in response to requests, but proactive to plan for moves and relocations during any organizational change events.

    Recommendations:

    Automate. Wherever possible, use tools to automate the IMAC process.

    E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.

    Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.

    Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.

    Build a MAC request policy and form for end users

    A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:

    • Relocation of PCs and/or peripherals.
    • New account setup.
    • Hardware or software upgrades.
    • Equipment swaps or replacements.
    • User account/access changes.
    • Document generation.
    • User acceptance testing.
    • Vendor coordination.

    Create a request form.

    If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:

    • The name and department of the requester.
    • The date of the request.
    • Severity of the request. For example, severity can be graded on a score of high, medium, or low where high represents a mission-critical change that could compromise business continuity if not addressed immediately, and low represents a more cosmetic change that will not negatively affect operations. The severity of the request can be determined by the service-level agreement (SLA) associated with the service.
    • Date the request must be completed by. Or at least, what would be the ideal date for completion. This will vary greatly depending on the severity of the request. For example, deleting the access of a terminated employee would be very time sensitive.
    • Item or service to be moved, added, or changed. Include location, serial number, or other designated identifier where possible.
    • If the item or service is to be moved, indicated where it is being moved.
    • It is a good idea to include a comments section where the requester can add any additional questions or details.

    Use Info-Tech’s templates to build your MAC policy and request form

    3.1.1 Build a MAC policy and request form

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.

    Move, Add, Change Request Form

    Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.

    Document the process for user equipment moves

    Include the following in your process documentation:

    • How and when will any changes to user or location information be made in the ITAM tool?
    • Will any changes in AD automatically update in the ITAM tool?
    • How should requests for equipment moves or changes be made?
    • How will resources be scheduled?

    The image shows a flowchart titled SErvice Request - User Moves. The chart of processes is split into three categories, listed on the left side of the chart: User Manager; IT Coordinator; and Tier 2 & Facilities.

    Build workflows to document user MAC processes

    3.1.2 Build MAC process workflows

    Participants

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes

    Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for each step.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Define a policy to ensure effective maintenance of hardware assets

    Effective maintenance and support of assets provides longer life, higher employee productivity, and increased user satisfaction.

    • Your asset management documentation and database should store equipment maintenance contract information so that it can be consulted whenever hardware service is required.
    • Record who to contact as well as how, warranty information, and any SLAs that are associated with the maintenance agreement.
    • Record all maintenance that hardware equipment receives, which will be valuable for evaluating asset and supplier performance.
    • In most cases, the Service Desk should be the central point of contact for maintenance calls to all suppliers.

    Sample equipment maintenance policy terms:

    • Maintenance and support arrangements are required for all standard and non-standard hardware.
    • All onsite hardware should be covered by onsite warranty agreements with appropriate response times to meet business continuity needs.
    • Defective items under warranty should be repaired in a timely fashion.
    • Service, maintenance, and support shall be managed through the help desk ticketing system.

    Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.3 Design process for hardware maintenance

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10

    1. Discuss and document the policy for hardware maintenance, warranty, and support.
    2. Key outcomes should include:
    • Who signs off on policies?
    • What is the timeline for documentation review?
    • Where are warranty and maintenance documents stored?
    • How will equipment be assessed for condition during audits?
    • How often will deployed equipment be reimaged?
    • How will equipment repair needs be requested?
    • How will repairs for equipment outside warranty be handled?
  • Document in the Standard Operating Procedure.
  • Use your HAM program to improve security and meet regulatory requirements

    ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.

    It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.

    How does HAM help keep your organization secure?

    • Educating users on best practices for securing their devices, and providing physical security such as cable locks and tracking mechanisms.
    • Best practices for reporting lost or stolen equipment for quickly removing access and remotely wiping devices.
    • Accurate location and disposal records will enable accurate reporting for HIPAA and PCI DSS audits where movement of media or hardware containing data is a requirement. Best practices for disposal will include properly wiping drives, recording information, and ensuring equipment is disposed of according to environmental regulations.
    • Secure access to data through end-user mobile devices. Use accurate records and MDM tools to securely track, remove access, and wipe mobile devices if compromised.
    • Encrypt devices that may be difficult to track such as USB drives or secure ports to prevent data from being copied to external drives.
    • Managed hardware allows software to be managed and patched on a regular basis.

    Best Practices

    1. Educate end users about traveling with equipment. Phones and laptops are regularly stolen from cars; tablets and phones are left on planes. Encourage users to consider how they store equipment on the way home from work.
    2. Cable locks used at unsecured offsite or onsite work areas should be supplied to employees.
    3. Equipment stored in IT must be secured at all times.

    Implement mobile device management (MDM) solutions

    Organizations with a formal mobile management strategy have fewer problems with their mobile devices.

    Develop a secure MDM to:

    • Provide connection and device support when the device is fully subsidized by the organization to increase device control.
    • Have loaner devices for when traveling to limit device theft or data loss.
    • Personal devices not managed by MDM should be limited to internet access on a guest network.
    • Limit personal device access to only internet access or a limited zone for data access and a subset of applications.
    • Advanced MDM platforms provide additional capabilities including containerization.

    The benefits of a deployed MDM solution:

    • Central management of a variety of devices and platforms is the most important advantage of MDM. Administrators can gain visibility into device status and health, set policies to groups of users, and control who has access to what.
    • Security features such as enforcing passcodes and remote wipe are also essential, given the increased risk of mobile devices.
      • Remote wipe should be able to wipe either the whole device or just selected areas.
    • Separation of personal data is becoming increasingly important as BYOD becomes the norm. This is a feature that vendors are approaching radically differently.
    • Device lock: Be able to lock the device itself, its container, or its SIM. Even if the SIM is replaced, the device should still remain locked. Consider remote locking a device if retrieval is possible.

    Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.

    What can be packed into an MDM can vary and be customized in many forms for what your organization needs.

    Secure endpoint devices to protect the data you cannot control

    Endpoint Encryption

    Endpoints Average None
    Desktop 73% 4%
    Laptops 65% 9%
    Smartphones 27% 28%
    Netbooks 26% 48%
    Tablets 16% 59%
    Grand average 41%

    Benefits from endpoint encryption:

    • Reduced risk associated with mobile workers.
    • Enabled sharing of data in secured workspace.
    • Enhanced end-user accountability.
    • Reduced number of data breach incidents.
    • Reduced number of regulatory violations.

    Ways to reduce endpoint encryption costs:

    • Use multiple vendors (multiple platforms): 33%
    • Use a single vendor (one platform): 40%
    • Use a single management console: 22%
    • Outsource to managed service provider: 26%
    • Permit user self-recovery: 26%

    Remote Wiping

    • If all else fails, a device can always be erased of all its data, protecting sensitive data that may have been on it.
    • Selective wipe takes it a step further by erasing only sensitive data.

    Selective wipe is not perfect.

    It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.

    Selective wipe can erase:

    • Corporate profiles, email, and network settings.
    • Data within a corporate container or other sandbox.
    • Apps deployed across the enterprise.

    Know when to perform a remote wipe.

    Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.

    Design an effective asset security policy to protect the business

    Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.

    Organizations often struggle with the following with respect to IT asset security:

    • IT hardware asset removal control.
    • Personal IT hardware assets (BYOD).
    • Data removal from IT hardware assets.
    • Inventory control with respect to leased hardware and software.
    • Unused software.
    • Repetitive versions of software.
    • Unauthorized software.

    Your security policy should seek to protect IT hardware and software that:

    • Have value to the business.
    • Require ongoing maintenance and support.
    • Create potential risk in terms of financial loss, data loss, or exposure.

    These assets should be documented and controlled in order to meet security requirements.

    The asset security policy should encompass the following:

    • Involved parties.
    • Hardware removal policy/documentation procedure.
    • End-user asset security responsibilities.
    • Theft/loss reporting procedure.
    • BYOD standards, procedures, and documentation requirements.
    • Data removal.
    • Software usage.
    • Software installation.

    Info-Tech Insight

    Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.

    Revise or create an asset security policy

    3.1.4 Develop IT asset security policy

    Participants

    • CIO or IT Director
    • Asset Manager
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Asset Security Policy.

    1. Identify asset security challenges within your organization. Record them in a table like the one below.
    Challenge Current Security Risk Target Policy
    Hardware removal Secure access and storage, data loss Designated and secure storage area
    BYOD No BYOD policy in place N/A → phasing out BYOD as an option
    Hardware data removal Secure data disposal Data disposal, disposal vendor
    Unused software Lack of support/patching makes software vulnerable Discovery and retirement of unused software
    Unauthorized software Harder to track, less secure Stricter stance on pirated software
    1. Brainstorm the reasons for why these challenges exist.
    2. Identify target policy details that pertain to each challenge. Record the outcomes in section(s) 5.1, 5.2, or 5.3 of the Asset Security Policy.

    Poor asset security and data protection had costly consequences for UK Ministry of Justice

    CASE STUDY

    Industry Legal

    Source ICO

    Challenge

    The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.

    These hard drives contained information related to health, history of drug use, and past links to organized crime.

    After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.

    Solution

    It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.

    Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.

    When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).

    Results

    The perpetrators were never found and the stolen hard drives were never recovered.

    As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.

    The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.

    Step 3.2: Dispose or Redeploy Assets

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.2.1 Identify challenges with IT asset recovery and disposal

    3.2.2 Design hardware asset recovery and disposal workflows

    3.2.3 Build a hardware asset disposition policy

    This step involves the following participants:

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Defined process to determine when to redeploy vs. dispose of hardware assets
    • Process for recovering and redeploying hardware equipment
    • Process for safely disposing of assets that cannot be redeployed
    • Comprehensive asset disposition policy

    Balance the effort to roll out new equipment against the cost to maintain equipment when building your lifecycle strategy

    The image shows two line graphs. The graph on the left is titled: Desktop Refresh Rate by Company Size (based on Revenue). The graph on the right is titled: Laptop Refresh Rate by Company Size (based on Revenue). Each graph has four lines, defined by a legend in the centre of the image: yellow is small ($25mm); dark blue is Mid ($25-500MM); light blue is large ( data-verified=$500MM); and orange is Overall.">

    (Info-Tech Research Group; N=96)

    Determining the optimal length of time to continue to use equipment will depend on use case and equipment type

    Budget profiles Refresh methods

    Stretched

    Average equipment age: 7+ years

    To save money, some organizations will take a cascading approach, using the most powerful machines for engineers or scientists to ensure processing power, video requirements and drives will meet the needs of their applications and storage needs; then passing systems down to departments who will require standard-use machines. The oldest and least powerful machines are either used as terminals or disposed.

    Generous

    Average equipment age: 3 years

    Organizations that do not want to risk user dissatisfaction or potential compatibility or reliability issues will take a more aggressive replacement approach. These organizations often have less people assigned to end-user device maintenance and will not repair equipment outside of warranty. There is little variation in processing power among devices, with major differences determined by mobility and operating system.

    Cautious

    Average equipment age: 4 to 5 years

    Organizations that fit between the other two profiles will look to stretch the budget beyond warranty years, but will keep a close eye on maintenance requirements. Repairs needed outside of warranty will require an eye to costs, efforts, and subsequent administrative work of loaning equipment to keep the end user productive while waiting on service.

    Recommendations to keep users happy and equipment in prime form is to check condition at the 2-3 year mark, reimage at least once to improve performance, and have backup machines, if equipment starts to become problematic.

    Build a process to determine when and how to redeploy or dispose of hardware assets at end of use

    • When equipment is no longer needed for the function or individual to whom it was assigned, the Hardware Asset Manager needs to use data to ensure the right decision is made as to what to do with the asset.
    • End of use involves evaluating options for either continuing to use the equipment in another capacity or by another individual or determining that the asset has no remaining value to the organization in any capacity and it is time to retire it.
    • If the asset is retired, it may still have capacity for continued use outside of the organization or it may be disposed.

    Redeployment

    • Deliver the asset to a new user if it is no longer needed by the original user but still has value and usability.
    • Redeployment saves money and prevents unnecessary purchases.
    • Common when employees leave the company or a merge or acquisition changes the asset pool.

    VS.

    Disposal

    • When an asset is no longer of use to the organization, it may be disposed of.
    • Need to consider potential financial and public relations considerations if disposal is not done according to environmental legislation.
    • Need to ensure proper documentation and data removal is built into disposition policy.

    Use persistent documentation and communication to improve hardware disposal and recovery

    Warning! Poor hardware disposal and recovery practices can be caused by the following:

    1. Your IT team is too busy and stretched thin. Data disposal is one of many services your IT team is likely to have to deal with, but this service requires undivided attention. By standardizing hardware refreshes, you can instill more predictability with your hardware life cycles and better manage disposal.
    2. Poor inventory management. Outdated data and poor tracking practices can result in lost assets during the disposal phase. It only takes a single lost asset to cause a disastrous data breach in your supply chain.
    3. Obliviousness to disposal regulations. Electronic disposal and electronically stored data are governed by strict regulation.

    How do you improve your hardware disposal and recovery process?

    • A specific, controlled process needs to be in place to wipe all equipment and verify that it’s been wiped properly. Otherwise, companies will continue to spend money to protect data while equipment is in use, but overlook the dangerous implications of careless IT asset disposal. Create a detailed documentation process to track your assets every step of the way to ensure that data and applications are properly disposed of. Detailed documentation can also help bolster sustainability reporting for organizations wishing to track such data.
    • Better communication should be required. Most decommissioning or refresh processes use multiple partners for manufacturing, warehousing, data destruction, product resale, and logistics. Setting up and vetting these networks can take years, and even then, managing them can be like playing a game of telephone; transparency is key.

    Address three core challenges of asset disposal and recovery

    Asset Disposal

    Data Security

    Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.

    Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.

    Environmental

    Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.

    Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.

    Residual value

    Many obsolete IT assets are simply confined to storage at their end of life.

    This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.

    Identify challenges with IT asset recovery and disposal with a triple bottom line scorecard

    3.2.1 Identify challenges with IT asset recovery and disposal

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    1. Divide the whiteboard into three boxes: Social, Economic, and Environmental.
    2. Divide each box into columns like the one shown below:
    Economic
    Challenge Objectives Targets Initiatives
    No data capture during disposal Develop reporting standards 80% disposed assets recorded Work with Finance to develop reporting procedure
    Idle assets Find resale market/dispose of idle assets 50% of idle assets disposed of within the year Locate resale vendor and disposal service
    1. Ask participants to list challenges associated with each area.
    2. Once challenges facing recovery and disposal have been exhausted from the group, assign a significance of 1-5 (1 being the lowest and 5 being the highest) to each challenge.
    3. Discuss the most significant challenges and how they might be addressed through the next steps of building recovery & disposal processes.

    Build a process for recovery and redeployment of hardware

    • Having hardware standards in place makes redeploying easier by creating a larger pool of possible users for a standardized asset.
    • Most redeployment activities will be carried out by the Help Desk as a service request ticket, so it is important to have clear communication and guidelines with the Help Desk as to which tasks need to be carried out as part of the request.

    Ensure the following are addressed:

    • Where will equipment be stored before being redeployed?
    • Will shipping be required and are shipping costs factored into analysis?
    • Ensure equipment is cleaned before it is redeployed.
    • Do repairs and reconfigurations need to be made?
    • How will software be removed and licenses harvested and reported to Software Asset Manager?
    • How will data be securely wiped and protected?

    The image shows a work process in flowchart format titled Equipment Recovery. The chart is divided into two sections, listed on the left: Business Manager/HR and Desktop Support Team.

    Define the process for safely disposing of assets that cannot be redeployed

    Asset Disposal Checklist

    1. Review the data stored on the device.
    2. Determine if there has been any sensitive or confidential information stored.
    3. Remove all sensitive/confidential information.
    4. Determine if software licenses are transferable.
    5. Remove any non- transferable software prior to reassignment.
    6. Update the department’s inventory record to indicate new individual assigned custody.
    7. In the event of a transfer to another department, remove data and licensed software.
    8. If sensitive data has been stored, physically destroy the storage device.
    • Define the process for retiring and disposing of equipment that has reached replacement age or no longer meets minimum conditions or standards.
    • Clearly define the steps that need to be taken both before and after the involvement of an ITAD partner.

    The image shows a flowchart titled Equipment Disposal. It is divided into two sections, labelled on the left as: Desktop Support Team and Asset Manager.

    Design hardware asset recovery and disposal workflows

    3.2.2 Design hardware asset recovery and disposal policies and workflows

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Sections 11 and 12

    Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Keeping in mind current challenges around hardware asset recovery and disposal, design the target state for both the asset recovery and disposal processes.
    2. Outline each step of the process and be as granular as possible.
    3. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    4. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    5. Review the checklists on the previous slides to ensure all critical tasks are accounted for in your process workflows.

    Add equipment disposition to asset lifecycle decisions to meet environmental regulations and mitigate risk

    Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.

    Optimized ITAD solutions:

    1. Protect sensitive or valuable data
    2. Support sustainability
    3. Focus on asset value recovery

    Info-Tech Insight

    A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.

    Partner with an ITAD vendor to support your disposition strategy

    Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.

    • An ITAD vendor knows the repurpose and resale space better than your organization. They know the industry and have access to more potential buyers.
    • ITAD vendors can help your organization navigate costly environmental regulations for improper disposal of IT assets.

    Disposal doesn’t mean your equipment has to go to waste.

    Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.

    Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.

    Before donating:

    • Ensure equipment is needed and useful to the organization.
    • Be prepared for an appraisal requirement. Receipts can only be issued for fair market value.
    • Prevent compromised data by thoroughly wiping or completely replacing drives.
    • Ensure official transfer of ownership to prevent liability if improper disposal practices follow.

    Info-Tech Insight

    Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.

    Protect the organization by sufficiently researching potential ITAD partners

    Research ITAD vendors as diligently as you would primary hardware vendors.

    Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:

    • Are you a full-service vendor or are you connected to a wholesaler?
    • Who are your collectors and processors?
    • How do you handle data wiping? If you erase the data, how many passes do you perform?
    • What do you do with the e-waste? How much is reused? How much is recycled?
    • Do you have errors and omissions insurance in case data is compromised?
    • How much will it cost to recycle or dispose of worthless equipment?
    • How much will I receive for assets that still have useful life?

    ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.

    ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.

    Info-Tech Insight

    To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.

    Work with ITAD partner or equipment supplier to determine most cost-effective method and appropriate time for disposal

    2-4 Two-to-four year hardware refresh cycle

    • Consider selling equipment to an ITAD partner who specializes in sales of refurbished equipment.
    • Consider donating equipment to schools or non-profits, possibly using an ITAD partner who specializes in refurbishing equipment and managing the donation process.

    5-7 Five-to-seven year hardware refresh cycle

    • At this stage equipment may still have a viable life, but would not be appropriate for school or non-profit donations, due to a potentially shorter lifespan. Consider selling equipment to an ITAD partner who has customers interested in older, refurbished equipment.

    7+ Seven or more years hardware refresh cycle

    • If keeping computers until they reach end of life, harvest parts for replacement on existing machines and budget for disposal fees.
    • Ask new computer supplier about disposal services or seek out ITAD partner who will disassemble and dispose of equipment in an environmentally responsible manner.

    Info-Tech Insight

    • In all cases, ensure hard drives are cleansed of data with no option for data recovery. Many ITAD partners will provide a drive erasure at DoD levels as part of their disposal service.
    • Many ITAD partners will provide analysts to help determine the most advantageous time to refresh.

    Ensure data security and compliance by engaging in reliable data wiping before disposition

    Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.

    Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.

    Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.

    Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.

    Info-Tech Best Practice

    Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.

    Make data security a primary driver of asset disposition practices

    It is estimated that 10-15% of data loss cases result from insecure asset disposal. Protect yourself by following some simple disposition rules.

    1. Reconcile your data onsite
    • Verify that bills of landing and inventory records match before assets leave. Otherwise, you must take the receiver’s word on shipment contents.
  • Wipe data at least once onsite
    • Do at least one in-house data wipe before the assets leave the site for greater data security.
  • Transport promptly after data wiping
    • Prompt shipment will minimize involvement with the assets, and therefore, cost. Also, the chance of missing assets will drop dramatically.
  • Avoid third-party transport services
    • Reputable ITAD companies maintain strict chain of custody control over assets. Using a third party introduces unnecessary risk.
  • Keep detailed disposition records
    • Records will protect you in the event of an audit, a data loss incident, or an environmental degradation claim. They could save you millions.
  • Wipe all data-carrying items
    • Don’t forget cell phones, fax machines, USB drives, scanners, and printers – they can carry sensitive information that can put the organization at risk.
  • Only partner with insured ITAD vendors
    • You are never completely out of danger with regards to liability, but partnering with an insured vendor is potent risk mitigation.
  • Work these rules into your disposition policy to mitigate data loss risk.

    Support your HAM efforts with a comprehensive disposition policy

    3.2.3 Build a Hardware Asset Disposition Policy

    Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.

    Use Info-Tech’s Hardware Asset Disposition Policy to:

    1. Establish and define clear standards, procedures, and restrictions surrounding disposition.
    2. Ensure continual compliance with applicable data security and environmental legislation.
    3. Assign specific responsibilities to individuals or groups to ensure ongoing adherence to policy standards and that costs or benefits are in line with expectations.

    Phase 3 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Maintain & Dispose

    Proposed Time to Completion: 4 weeks

    Start with an analyst kick-off call:

    • Discuss inventory management best practices.
    • Build process for moves, adds, and changes.
    • Build process for hardware maintenance.
    • Define policies for maintaining asset security.

    Then complete these activities…

    • Build a MAC policy and request form.
    • Build workflows to document user MAC processes.
    • Design processes and policies for hardware maintenance, warranty, and support documentation handling.
    • Build an asset security policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Security Policy

    Step 3.2: Dispose or Redeploy Assets

    Review findings with analyst:

    • Discuss when to dispose vs. redeploy assets.
    • Build process for redeploying vs. disposing of assets.
    • Review ITAD vendors.

    Then complete these activities…

    • Identify challenges with IT asset recovery and disposal.
    • Design hardware asset recovery and disposal workflows.
    • Build a hardware asset disposition policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Recovery Workflow
    • Asset Disposal Workflow
    • Hardware Asset Disposition Policy

    Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.4 Revise or create an asset security policy

    Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.

    3.2.2 Design hardware asset recovery and disposal workflows

    Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.

    Phase 4

    Plan Budget Process and Build Roadmap

    Implement Hardware Asset Management

    Cisco deployed an enterprise-wide re-education program to implement asset management

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.

    An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.

    Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.

    Solution

    The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.

    These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.

    Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.

    Results

    By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses

    Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.

    A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.

    Step 4.1: Plan Hardware Asset Budget

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    This step involves the following participants:

    • IT Director
    • Asset Manager
    • Finance Department

    Step Outcomes

    • Know where to find data to budget for hardware needs accurately
    • Learn how to manage a hardware budget
    • Plan hardware asset budget with a budgeting tool

    Gain control of the budget to increase the success of HAM

    A sophisticated hardware asset management program will be able to uncover hidden costs, identify targets for downsizing, save money through redistributing equipment, and improve forecasting of equipment to help control IT spending.

    While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:

    • Be more involved in negotiating pricing with suppliers.
    • Build better relationships with stakeholders across the business.
    • Forecast requirements more accurately.
    • Inform benchmarks for hardware performance.
    • Gain more responsibility and have a greater influence on purchasing decisions.
    • Directly impact the reduction in IT spend.
    • Manage the asset database more easily and have a greater understanding of hardware needs.
    • Build a continuous rolling refresh.

    Use ITAM data to forecast hardware needs accurately and realistically

    Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.

    What type of data should I take into account?

    Plan for:

    • New hardware purchases required
      • Planned refreshes based on equipment lifecycle
      • Inventory for break and fix
      • Standard equipment for new hires
      • Non-standard equipment required
      • Hardware for planned projects
      • Implementation and setup costs
      • Routine hardware implementation
      • Large hardware implementation for projects
      • Support and warranty costs

    Take into account:

    • Standard refresh cycle for each hardware asset
    • Amount of inventory to keep on hand
    • Length of time from procurement to inventory
    • Current equipment costs and equipment price increases
    • Equipment depreciation rates and resale profits

    Where do I find the information I need to budget accurately?

    • Work with HR to forecast equipment needs for new hires.
    • Work with the Infrastructure Manager to forecast devices and equipment needed for approved and planned projects.
    • Use the asset management database to forecast hardware refresh and replacement needs based on age and lifecycle.
    • Work with business stakeholders to ensure all new equipment needs are accounted for in the budget.

    Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    4.1.1 Build HAM budget

    This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.

    The hardware budget should serve as a planning and communications tool for the organization

    The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.

    One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.

    There are several things you can do to overcome this barrier:

    • Avoid using technical terms or jargon. Terms many would consider common knowledge, such as “WLAN,” are foreign to many.
    • Don’t assume the business knows how the technology you’re referring to will impact their day-to-day work. You will need to demonstrate it to them.
    • Help the audience understand the business impact of not implementing each initiative. What does this mean for them?
    • Discuss the options on the table in terms of the business value that the hardware can enable. Review how deferring refresh projects can impact user-facing applications, systems, and business unit operations.
    • Present options. If you can’t implement everything on the project list, present what you can do at different levels of funding.

    Info-Tech Insight

    Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.

    Help users understand the importance of regular infrastructure refreshes

    Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.

    Example: Your storage environment is nearing capacity.

    Don’t:

    Explain the project exclusively in technical terms or slang.

    We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”

    Do:

    • Explain impact in terms that the business can understand.

    Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”

    • Be ready to present project alternatives and impacts.

    Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”

    • Connect the project to business initiatives and strategic priorities.

    This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.

    Step 4.2: Build Communication Plan and Roadmap

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.2 Develop a HAM implementation roadmap

    This step involves the following participants:

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Step Outcomes

    • Documented end-user hardware asset management policies
    • Communications plan to achieve support from end users and other business units
    • HAM implementation roadmap

    Educate end users through ITAM training to increase program success

    As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.

    All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.

    ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.

    Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.

    New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.

    Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.

    "The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator

    Info-Tech Insight

    During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.

    Include policy design and enforcement in your communication plan

    • Hardware asset management policies should define the actions to be taken to protect and preserve technology assets from failure, loss, destruction, theft, or damage.
    • Implementing asset management policies enforces the notion that the organization takes its IT assets and the management of them seriously, and will help ensure the benefits of ITAM are achieved.
    • Designing, approving, documenting, and adopting one set of standard ITAM policies for each department to follow will ensure the processes are enforced equally across the organization.
    • Good ITAM policies answer the “what, how, and why” of IT asset management, provide the means for ITAM governance, and provide a basis for strategy and decision making.

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.

    Use Info-Tech’s policy templates to build HAM policies

    4.2.1 Build HAM policies

    Use these HAM policy templates to get started:

    Information Technology Standards Policy

    This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.

    Purchasing Policy

    The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    Hardware Asset Disposition Policy

    This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.

    Additional policy templates

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.

    Create a communication plan to achieve end-user support and adherence to policies

    Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintain the presence of the program throughout the business.
    • Instill ownership throughout the business from top-level management to new hires.

    Use the variety of components as part of your communication plan in order to reach the organization.

    1. Advertise successes.
    • Regularly demonstrate the value of the ITAM program with descriptive statistics focused on key financial benefits.
    • Share data with the appropriate personnel; promote success to obtain further support from senior management.
  • Report and share asset data.
    • Sharing detailed asset-related reports frequently gives decision makers useful data to aid in their strategy.
    • These reports can help your organization prepare for audits, adjust asset budgeting, and detect unauthorized assets.
  • Communicate the value of ITAM.
    • Educate management and end users about how they fit into the bigger picture.
    • Individuals need to know that their behaviors can adversely affect data quality and, ultimately, lead to better decision making.
  • Develop a communication plan to convey the right messages

    4.2.2 Develop a communication plan to convey the right messages

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the HAM Communication Plan

    1. Identify the groups that will be affected by the HAM program as those who will require communication.
    2. For each group requiring a communication plan, identify the following:
    • Benefits of HAM for that group of individuals (e.g. better data, security).
    • The impact the change will have on them (e.g. change in the way a certain process will work).
    • Communication method (i.e. how you will communicate).
    • Timeframe (i.e. when and how often you will communicate the changes).
  • Complete this information in a table like the one below and document in the Communication Plan.
  • Group Benefits Impact Method Timeline
    Service Desk Improve end-user device support Follow new processes Email campaign 3 months
    Executives Mitigate risks, better security, more data for reporting Review and sign off on policies
    End Users Smoother request process Adhere to device security and use policies
    Infrastructure Faster access to data and one source of truth Modified processes for centralized procurement and inventory

    Implement ITAM in a phased, constructive approach

    • One of the most difficult decisions to make when implementing ITAM is: “where do we start?”
    • The pyramid to the right mirrors Maslow’s hierarchy of needs. The base is the absolute bare minimum that should be in place, and each level builds upon the previous one.
    • As you track up the pyramid, your ITAM program will become more and more mature.

    Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.

    • Asset Data
    • Asset Protection: safely protect and dispose of assets once they are mass distributed throughout your organization.
    • Asset Distribution: determine standards for asset provisioning and asset inventory strategy.
    • Asset Gathering: define what assets you will procure, distribute, and track. Classifying your assets by tier will allow you to make decisions as you progress up the pyramid.

    ↑ ITAM Program Maturity

    Integrate your HAM program into the organization to assist its implementation

    The HAM program cannot perform on its own – it must be integrated with other functional areas of the organization in order to maintain its stability and support.

    • Effective IT asset management is supported by a comprehensive set of processes as part of its implementation.
    • For example, integration with the purchasing/procurement team is required to gather hardware and software purchase data to control asset costs and mitigate software license compliance risk.
    • Integration with Finance is required to support internal cost allocations and charge backs.

    To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.

    Short-term goal Long-term goal
    Identify inventory classification and tool (hardware first) Hardware contract data integration (warranty, maintenance, lease)
    Create basic ITAM policies and processes Continual improvement through policy impact review and revision
    Implement ITAM auto-discovery tools Software compliance reports, internal audits

    Info-Tech Insight

    Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.

    Develop an IT hardware asset management implementation roadmap

    4.2.3 Develop a HAM implementation roadmap

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the IT Hardware Asset Management Implementation Roadmap

    1. Identify up to five streams to work on initiatives for the hardware asset management project.
    2. Fill out key tasks and objectives for each process. Assign responsibility for each task.
    3. Select a start date and end date for each task. See tab 1 of the tool for instructions on which letters to input for each stage of the process.
    4. Once your list is complete, open tab 3 of the tool to see your completed sunshine diagram.
    5. Keep this diagram visible for your team and use it as a guide to task completion as you work towards your future-state value stream.

    Focus on continual improvement to sustain your ITAM program

    Periodically review the ITAM program in order to achieve defined goals, objectives, and benefits.

    Act → Plan → Do → Check

    Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:

    • Remain in sync with the business: your asset management program reflects the current and desired future states of your organization at the time of its creation. But the needs of the business change. As mentioned previously, asset management is a dynamic process, so in order for your program to keep pace, a focus on continual improvement is needed.
      • For example, imagine if your organization had designed your ITAM program before cloud-based solutions were an option. What if your asset classification scheme did not include personal devices or tablets or your asset security policy lacked a section on BYOD?
    • Create funding for new projects through ITAM continual improvement: one of the goals is to save money through more efficient use of your assets by “sweating” out underused hardware and software.
      • It may be tempting to simply present the results to Finance as savings, but instead, describe the results as “available funds for other projects.” Otherwise, Finance may view the savings as a nod to restrict IT’s budget and allocate funds elsewhere. Make it clear that any saved funds are still required, albeit in a different capacity.

    Info-Tech Best Practice

    Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Step 4.1: Plan Budget

    Start with an analyst kick-off call:

    • Know where to find data to budget for hardware needs accurately.
    • Learn how to manage a hardware budget.

    Then complete these activities…

    • Plan hardware asset budget.

    With these tools & templates:

    HAM Budgeting Tool

    Step 4.2: Communicate & Roadmap

    Review findings with analyst:

    • Develop policies for end users.
    • Build communications plan.
    • Build an implementation roadmap.

    Then complete these activities…

    • Build HAM policies.
    • Develop a communication plan.
    • Develop a HAM implementation roadmap.

    With these tools & templates:

    HAM policy templates

    HAM Communication Plan

    HAM Implementation Roadmap

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1.1 Build a hardware asset budget

    Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.

    4.2.2 Develop a communication plan

    Identify groups that will be affected by the new HAM program and for each group, document a communications plan.

    Insight breakdown

    Overarching Insights

    HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.

    ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.

    Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

    Phase 1 Insight

    For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

    Phase 2 Insight

    Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    Phase 3 Insight

    Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    Phase 4 Insight

    Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.

    Related Info-Tech research

    Implement Software Asset Management

    Build an End-User Computing Strategy

    Find the Value – and Remain Valuable – With Cloud Asset Management

    Consolidate IT Asset Management

    Harness Configuration Management Superpowers

    IT Asset Management Market Overview

    Bibliography

    Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.

    “CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.

    Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.

    Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.

    Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.

    “How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.

    Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.

    “IT Asset and Software Management.” ECP Media LLC, 2006. Web.

    Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.

    Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.

    “The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.

    DORA Advisory Services by Tymans Group

    As I have been working in financial services for over 30 years, I'll explain it as if this is our company. This is important, because I want you to really understand the impact on the company.

    What is our Advisory Service?

    The DORA advisory service is tailored to your needs. We can focus on the whole DORA regulation versus the IT operations, or on those specific areas that have already analysed to be lacking in the company.

    We look at the existing policies and procedures and analyse where they are compliant with the DORA regulations. We identify the gaps and propose remedial updates. Our updates are verified through earlier work which was vetted by second line and sometimes even regulators (where possible, the regulators themselves are still getting to grips with this.)

    Test of Existence and Design

    With our updates, you can be sure that you are "Test of Existence" ready.  But that is not enough.

    Thus we go further, if you want us to. We sample every required policy and procedure against actual implementation and if the policy or procedure actually protects against the purposed risk. This is called the "Test of Design." If the risk, validated against the DORA requirements is not met, we adjust in alignment with the management the policies and procedures.

    Test of Effectiveness

    In alignment with you, we can then proceed to the actual effectiveness advisory. That is much more of a longer term commitment.
    Here we need to demonstrate that the systems and procedures are effective during normal operations.

    This requires that all critical al important systems and operations can demonstrate that they comply with all DORA regulations and that if any incident were to happen on these systems, that the firm is capable of handling this in a manner consistent with the DORA regulation.

    That will propably require more work, both on legacy systems, and on new systems that were built for delivery of business value, but not necessarily for resilience (for all the right reasons known at the time.

    Bottom Line

    You receive a tailored-made governance and procedure-set, per your needs and our agreement, that will stand up against regulatory audit. More even, It protect your clients, and hence your reputation and bottom line.

    As an aside

     You need to know that the regulatory and political world is changing rapidly in 2025. the European commision is reviewing key pieces of the regulation as of this writing. E.g., the European Commission has rejected the RTS on Third Party outsourcing chain responsibility. While knowing how your subcontractants handle your critical and important function is a good thing, the reality is that this might be hard to enforce. Especially now that the EU Commision has stated that article 5 of that RTS is outside the scope of the EU Commission mandate. last word clearly to be spoken about this.

    TY keeps track of these EU legislative and juridical evolutions and helps you with applying the right balance to your policies, procedures and actual IT operations. And this at a significantly better cost aspect than the big consultancies. How can we do this? Because we have our boots on the ground, TY is connected with the financial industry associations like Assuralia and Febelfin to just name-drop two. 

    We decide on the scope together with you:

    • Is this about of all of DORA, or only certain areas
    • Do you want us to coordinate the implementation or only indentify the gaps?
    • Until what level do you want us to go ?
      • Existence
      • Design
      • Effectiveness (meaning, just fix it)

    What does this cost?

    The answer you hate? It depends.

    If you are a large international enterprise, you will probably have already spent several hundreds of thousands Euro, if not millions on this. 
    If you are an SME and you just realised you provide services to or within the financial industry , you may have not yet spent any or minor funds on this. 

    I also hate open answers on the cost question, so here it goes..

    Full DORA Analysis for a single country company or Business Unit: from €65,000 +VAT


     

    What is DORA?

    DORA—the Digital Operational Resilience Act—is essentially a regulatory framework designed to make sure that financial institutions can withstand, respond to, and quickly recover from all kinds of digital disruptions. It came into full effect on January 17th, 2025.

    In today’s environment, where our operations, customer interactions, and even strategic decisions hinge on technology, having such a robust framework isn’t optional—it has to be part of our DNA.

    What DORA Means for Us:

    • Comprehensive ICT Risk Management:

    DORA requires us to review and reinforce our information and communication technology (ICT) risk management processes. It’s not just about installing firewalls or having backups; it’s about ensuring that from the top down, our entire digital infrastructure is resilient against cyberattacks, system failures, or any unexpected digital incidents. 

    I have seen that many advisors, even from the big four, make the mistake of focusing on cybersecurity and governance only. It goes further. We have to look at our systems, our IT processes and even how we as a business prioritise our business service developments

    • Accountability at the Highest Level:

    One key point is that DORA places significant responsibility on senior management and the board. The board is expected to have an active role in overseeing digital risk management. In practical terms, this means you and your colleagues need to be fully aware of the risks and the measures we’re putting in place to mitigate them. It’s no longer sufficient to delegate all digital security issues to IT—we all have skin in the game.

    That skin is to the tune of personal fines and even jail sentences if it turns out that as a board member, you have not been paying attention. In this respect it is not so different from your obligations under other financial services laws.

    • Third-Party and Vendor Management:

    DORA doesn’t stop at our internal systems. It extends to all third-party ICT service providers we rely on. Whether it’s our cloud services, software vendors, or cybersecurity consultants, we must ensure that they meet rigorous standards. This pushes us to conduct regular due diligence and enforce strict contractual obligations to guarantee that their risk posture aligns with ours.

    • Regular Testing and Incident Reporting:

    The regulation mandates regular, rigorous testing of our digital resilience. This includes stress tests, scenario-based exercises, and penetration tests to identify vulnerabilities before they can be exploited. Additionally, should an incident occur, DORA outlines clear protocols for reporting. This transparency ensures that regulators—and by extension, the market—have confidence in our ability to manage disruptions.

    Why did this law come to pass?:

    Over the past few decades, we’ve seen that a major ICT incident can disrupt not just a single company, but entire financial systems. DORA is a proactive step to mitigate those risks. While it does require us to invest in better systems, stronger oversight, and more robust contingency planning, it also strengthens our reputation with regulators, investors, and customers. Essentially, it turns potential vulnerabilities into competitive advantages by demonstrating that we’re serious about risk management in an increasingly digital world.

    The Bottom Line:

    DORA is more than another regulatory hurdle—it’s a comprehensive approach to ensuring our digital infrastructure is as resilient as our financial operations. By integrating these practices into our business model, we protect not only our bottom line but also the integrity of the entire financial system. As a board, our focus should be on ensuring that the strategies and investments necessary to comply with DORA are prioritized, integrated into our overall risk management framework, and continuously updated as technology evolves.

    I’d be happy to discuss how we can implement these measures and what immediate steps we should consider. This isn’t about ticking boxes; it’s about safeguarding our future in a digital-first economy.

    How TY can help you

    TY started looking at DORA as early as 2020

    Establish a Foresight Capability

    • Buy Link or Shortcode: {j2store}88|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • To be recognized and validated as a forward-thinking CIO, you must establish a structured approach to innovation that considers external trends as well as internal processes.
    • The CEO is expecting an investment in IT innovation to yield either cost reduction or revenue growth, but growth cannot happen without opportunity identification.

    Our Advice

    Critical Insight

    • Technological innovation is disrupting business models – and it’s happening faster than organizations can react.
    • Smaller, more agile organizations have an advantage because they have less resources tied to existing operations and can move faster.

    Impact and Result

    • Be the disruptor, not the disrupted. This blueprint will help you plan proactively and identify opportunities before your competitors.
    • Strategic foresight gives you the tools you need to effectively process the signals in your environment, build an understanding of relevant trends, and turn this understanding into action.

    Establish a Foresight Capability Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to effectively apply strategic foresight, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Signal gathering

    Develop a better understanding of your external environment and build a database of signals.

    • Establish a Foresight Capability – Phase 1: Signal Gathering
    • Foresight Process Tool

    2. Trends and drivers

    Select and analyze trends to uncover drivers.

    • Establish a Foresight Capability – Phase 2: Trends and Drivers

    3. Scenario building

    Use trends and drivers to build plausible scenarios and brainstorm strategic initiatives.

    • Establish a Foresight Capability – Phase 3: Scenario Building

    4. Idea selection

    Apply the wind tunneling technique to assess strategic initiatives and determine which are most likely to succeed in the face of uncertainty.

    • Establish a Foresight Capability – Phase 4: Idea Selection
    [infographic]

    Workshop: Establish a Foresight Capability

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-workshop – Gather Signals and Build a Repository

    The Purpose

    Note: this is preparation for the workshop and is not offered onsite.

    Gather relevant signals that will inform your organization about what is happening in the external competitive environment.

    Key Benefits Achieved

    A better understanding of the competitive landscape.

    Activities

    1.1 Gather relevant signals.

    1.2 Store signals in a repository for quick and easy recall during the workshop.

    Outputs

    A set of signal items ready for analysis

    2 Identify Trends and Uncover Drivers

    The Purpose

    Uncover trends in your environment and assess their potential impact.

    Determine the causal forces behind relevant trends to inform strategic decisions.

    Key Benefits Achieved

    An understanding of the underlying causal forces that are influencing a trend that is affecting your organization.

    Activities

    2.1 Cluster signals into trends.

    2.2 Analyze trend impact and select a key trend.

    2.3 Perform causal analysis.

    2.4 Select drivers.

    Outputs

    A collection of relevant trends with a key trend selected

    A set of drivers influencing the key trend with primary drivers selected

    3 Build Scenarios and Ideate

    The Purpose

    Leverage your understanding of trends and drivers to build plausible scenarios and apply them as a canvas for ideation.

    Key Benefits Achieved

    A set of potential responses or reactions to trends that are affecting your organization.

    Activities

    3.1 Build scenarios.

    3.2 Brainstorm potential strategic initiatives (ideation).

    Outputs

    Four plausible scenarios for ideation purposes

    A potential strategic initiative that addresses each scenario

    4 Apply Wind Tunneling and Select Ideas

    The Purpose

    Assess the various ideas based on which are most likely to succeed in the face of uncertainty.

    Key Benefits Achieved

    An idea that you have tested in terms of risk and uncertainty.

    An idea that can be developed and pitched to the business or stored for later use. 

    Activities

    4.1 Assign probabilities to scenarios.

    4.2 Apply wind tunneling.

    4.3 Select ideas.

    4.4 Discuss next steps and prototyping.

    Outputs

    A strategic initiative (idea) that is ready to move into prototyping

    Modernize Your Applications

    • Buy Link or Shortcode: {j2store}178|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application modernization is essential to stay competitive and productive in today’s digital environment. Your stakeholders have outlined their digital business goals that IT is expected to meet.
    • Your application portfolio cannot sufficiently support the flexibility and efficiency the business needs because of legacy challenges.
    • Your teams do not have a framework to illustrate, communicate, and justify the modernization effort and organizational changes in the language your stakeholders understand.

    Our Advice

    Critical Insight

    • Build your digital applications around continuous modernization. End-user needs, technology, business direction, and regulations rapidly change in today’s competitive and fast-paced industry. This reality will quickly turn your modern applications into shelfware. Build continuous modernization at the center of your digital application vision to keep up with evolving business, end-user, and IT needs.
    • Application modernization is organizational change management. If you build and modernize it, they may not come. The crux of successful application modernization is centered on the strategic, well-informed, and onboarded adoption of changes in key business areas, capabilities, and processes. Organizational change management must be front and center so that applications are fit for purpose and are something that end users want and need to use.
    • Business-IT collaboration is not optional. Application modernization will not be successful if your lines of business (LOBs) and IT are not working together. IT must empathize how LOBs operate and proactively support the underlying operational systems. LOBs must be accountable for all products leveraging modern technologies and be able to rationalize the technical feasibility of their digital application vision.

    Impact and Result

    • Establish the digital application vision. Gain a grounded understanding of the digital application construct and prioritize these attributes against your digital business goals.
    • Define your modernization approach. Obtain a thorough view of your business and technical complexities, risks, and impacts. Employ the right modernization techniques based on your organization’s change tolerance.
    • Build your roadmap. Clarify the organizational changes needed to support modernization and adoption of your digital applications.

    Modernize Your Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should strategically modernize your applications, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your vision

    Describe your application vision and set the right modernization expectations with your stakeholders.

    • Modernize Your Applications – Phase 1: Set Your Vision

    2. Identify your modernization opportunities

    Focus your modernization efforts on the business opportunities that your stakeholders care about.

    • Modernize Your Applications – Phase 2: Identify Your Modernization Opportunities

    3. Plan your modernization

    Describe your modernization initiatives and build your modernization tactical roadmap.

    • Modernize Your Applications – Phase 3: Plan Your Modernization
    [infographic]

    Workshop: Modernize Your Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your Vision

    The Purpose

    Discuss the goals of your application modernization initiatives

    Define your digital application vision and priorities

    List your modernization principles

    Key Benefits Achieved

    Clear application modernization objectives and high priority value items

    Your digital application vision and attributes

    Key principles that will guide your application modernization initiatives

    Activities

    1.1 State Your Objectives

    1.2 Characterize Your Digital Application

    1.3 Define Your Modernization Principles

    Outputs

    Application modernization objectives

    Digital application vision and attributes definitions

    List of application modernization principles and guidelines

    2 Identify Your Modernization Opportunities

    The Purpose

    Identify the value streams and business capabilities that will benefit the most from application modernization

    Conduct a change tolerance assessment

    Build your modernization strategic roadmap

    Key Benefits Achieved

    Understanding of the value delivery improvements modernization can bring

    Recognizing the flexibility and tolerance of your organization to adopt changes

    Select an approach that best fits your organization’s goals and capacity

    Activities

    2.1 Identify the Opportunities

    2.2 Define Your Modernization Approach

    Outputs

    Value streams and business capabilities that are ideal modernization opportunities

    Your modernization strategic roadmap based on your change tolerance and modernization approach

    3 Plan Your Modernization

    The Purpose

    Identify the most appropriate modernization technique and the scope of changes to implement your techniques

    Develop an actionable tactical roadmap to complete your modernization initiatives

    Key Benefits Achieved

    Clear understanding of what must be changed to the organization and application considering your change tolerance

    An achievable modernization plan

    Activities

    3.1 Shortlist Your Modernization Techniques

    3.2 Roadmap Your Modernization Initiatives

    Outputs

    Scope of your application modernization initiatives

    Your modernization tactical roadmap

    Assess Your Readiness to Implement UCaaS

    • Buy Link or Shortcode: {j2store}305|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management
    • Employees no longer work in the office all the time and have adopted a hybrid or remote policy.
    • Security is on your mind when it comes to the risks associated with data and voice across the internet.
    • You are unaware of the technology used by other departments, such as sales and marketing.

    Our Advice

    Critical Insight

    • The importance of doing your due diligence and building out requirements is paramount to deciding on what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you have done your homework.
    • There are five reasons you should migrate to UCaaS: flexibility & scalability, productivity, enhanced security, business continuity, and cost savings. Challenge your selection with these criteria at your foundation and you cannot go wrong.

    Impact and Result

    With features such as messaging, collaboration tools, and video conferencing, UCaaS enables users to be more effective regardless of location and device. This can lead to quicker decision making and reduce communication delays.

    Assess Your Readiness to Implement UCaaS Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your Readiness to Implement UCaaS Storyboard – Research that reviews the business drivers to move to a UCaaS solution.

    In addition to examining the benefits of UCaaS, this deck covers how to drive toward an RFP and convince the C-suite to champion your UCaaS strategy.

    • Assess Your Readiness to Implement UCaaS Storyboard

    2. UCaaS Readiness Questionnaire – Three sets of questions to help determine your organization's readiness to move to a UCaaS platform.

    This questionnaire is a starting point. Sections include: 1) Current State Questionnaire, 2) IT Infrastructure Readiness Questionnaire, and 3) UCaaS Vendor Questionnaire. These questions can also be added to an RFP for UCaaS vendors you may want to work with.

    • UCaaS Readiness Questionnaire
    [infographic]

    Further reading

    Assess Your Readiness to Implement UCaaS

    Unified communication as a service (UCaaS) is already here. Find the right solution for your organization, whether it is Teams Phone or another solution.

    Analyst Perspective

    UCaaS is the solution to the hybrid and remote working world

    Hybrid/remote work is a reality and there is little evidence to prove otherwise despite efforts to return employees to the office. A 2023 survey from Zippia says 74% of US companies are planning to or have implemented hybrid work policies. Given the reality of the new ways people work, there’s a genuine need for a UCaaS solution.

    The days of on-premises private branch exchange (PBX) and legacy voice over internet protocol (VoIP) solutions are numbered, and organizations are examining alternative solutions to redundant desk phones. The stalwarts of voice solutions, Cisco and Avaya, have seen the writing on the wall for some time: the new norm must be a cloud-based solution that integrates via API with content resource management (CRM), email, chat, and collaboration tools.

    Besides remaining agile when accommodating different work locations, it’s advantageous to be able to quickly scale and meet the needs of organizations and their employees. New technology is moving at such a pace that utilizing a UCaaS service is truly beneficial, especially given its AI, analytics, and mobile capabilities. Being held back by an on-premises solution that is capitalized over several years is not a wise option.

    Photo of John Donovan
    John Donovan
    Principle Research Director, I&O Practice
    Info-Tech Research Group

    Insight Summary

    Improved integration and communication in a hybrid world
    Unified communication as a service (UCaaS) integrates several tools into one platform to provide seamless voice, video, chat, collaboration, sharing and much more. The ability to work from anywhere and the ability to use application programming interfaces (APIs) to integrate content resource management (CRM) and other productivity tools into a unified environment is a key component of employee productivity, whether at the office or remote, or even on mobile devices.

    Simplify your maintenance, management, and support
    Communication and voice using a cloud provisioner has many benefits and makes life easier for your IT staff. No more ongoing maintenance, upgrades, patching and managing servers or private branch exchanges (PBXs). UCaaS is easy to deploy, and due to its scalability and flexibility, users can easily be added or removed. Now businesses can retire their legacy technical debt of voice hardware and old desk phones that clutter the office.

    Oversight on security
    The utilization of a software as a service (SaaS) platform in UCaaS form does by design risk data breaches, phishing, and third-party malware. Fortunately, you can safeguard your organization’s security by ensuring the vendor you choose features SOC2 certification, taking care of encryption, firewalls, two-factor authentication and security incident handling, and disaster recovery. The big players in the UCaaS world have these features.

    Executive Summary

    Your Challenge

    So, your legacy PBX is ready to be replaced. It has no support or maintenance contract, and you face a critical decision. You could face these challenges:

    • Employees no longer work in the office all the time and have adopted a hybrid or remote policy
    • Security risks associated with data and voice across the internet
    • Limited awareness of the technology used by some departments, such as sales and marketing

    Common Obstacles

    Businesses may worry about several obstacles when it’s time to choose a voice and collaboration solution. For example:

    • Concern over internet connectivity or disruptions
    • Uncertainty integrating systems with the platform
    • Unsure whether employees will embrace new tools/workflows that completely change how they work, collaborate, and communicate
    • Failure to perform due diligence when trying to choose the right solution for an organization

    Info-Tech’s Approach

    It’s critically important to perform due diligence and build out requirements when deciding what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you will:

    • Determine your business case
    • Evaluate your roadmap for unified communication
    • Ask all the right questions to determine suitability

    In this advisory deck, you will see a set of questions you must ask including whether Teams is suitable for your business.

    Info-Tech Insight

    Determine your communication and collaboration needs. Evaluate your current use of voice, video, chat, collaboration, sharing, and mobility whether for the office or remote work. Evaluate your security and regulatory requirements and needs. Determine the integration requirements when evaluating top vendors.

    The evolution of unified communication

    How we moved from fax machines and desk phones to an integrated set of tools on one platform in the cloud

    A diagram that shows the evolution of unified communication from 1980s to 2020s.

    Business drivers for moving to UCaaS

    What organizations look to gain or save by moving to UCaaS solutions

    Flexibility and scalability
    Ability to add/remove users and services as appropriate for changing business needs, allowing for quick adaptation to changing markets.

    Productivity
    Offering features like messaging, collaboration tools, and video conferencing enables users to be more effective regardless of location and device. May lead to quicker decision making and reduced communication delays.

    Cost savings
    Eliminating the need for on-premises hardware and software, reducing maintenance and support costs. Predictable monthly billing.

    Business continuity
    Reducing risks of disruption or disaster. Allowing users to work from anywhere when the physical office is unavailable. Additional features can include disaster recovery and backup services.

    Enhanced security
    UCaaS providers usually offer advanced security and compliance features including encryption, firewall, intrusion detection, and certifications like HIPAA and SOC 2.

    KPIs to demonstrate success

    What key metrics should businesses measure to demonstrate a successful UCaaS project?
    What improvements are needed?
    What can be optimized?

    KPI Measurement
    User adoption rate
    • % of employees utilizing UCaaS solutions
    • # of users who completed UCaaS training/onboarding
    • # of calls or messages sent per user
    Call quality and reliability
    • % of calls with good to excellent quality
    • # of dropped calls or call disruption
    • Mean opinion score (MOS) for video and voice quality
    Cost savings
    • TCO for UCaaS compared to previous solution
    • Cost per month for UCaaS
    • Reduced hardware/maintenance and communication costs
    Improved productivity
    • Time saved with streamlined comms workflows
    • # of successful collaborative projects or meetings
    • Improved speed and quality for customer service or support
    Customer satisfaction
    • Net promoter score or CSAT
    • Positive customer reviews
    • Time-to-resolution of customer issues
    Scalability
    • Ability to add/remove/change user features as needed
    • Time to deploy new UCaaS features
    • Scalability of network to support increased UCaaS usage

    What are the surveys telling us?

    Different organizations adopt UCaaS solutions for different reasons

    95%

    Collaboration: No Jitter’s study on team collaboration found that 95% of survey respondents think collaborative communication apps are a necessary component of a successful communications strategy.
    Source: No Jitter, 2018.

    95%

    Security: When deploying remote communication solutions, 95% of businesses say they want to use VPN connections to keep data private.
    Source: Mitel, 2018.

    31%

    Flexibility: While there are numerous advantages to cloud-based communications, 31% of companies intend to use UCaaS to eliminate technical debt from legacy systems and processes.
    Source: Freshworks, 2019.

    UCaaS adoption

    While many organizations are widely adopting UCaaS, they still have data security concerns

    UCaaS deployments are growing

    UCaaS is growing at a rate that shows the market for UC is moving toward cloud-based voice and collaboration solutions at a rate of 29% year over year.

    Source: Synergy Research Group, 2017.

    Security is still a big concern

    While it’s increasingly popular to adopt cloud-based unified communication solutions, 70% of those companies are still concerned about their data security.

    Source: Masergy, 2022.


    Concerns around security range from encrypting conversations to controlling who has access to what data in the organization’s network to how video is managed on emerging video communications platforms.

    Info-Tech Insight

    Ensure you maintain a robust security posture with your data regardless of where it is being stored. Security breaches can happen at any location.

    UCaaS vs. on-premises UC

    A diagram that shows UCaaS benefits

    Main benefits of UCaaS

    • Rapid deployment: Cloud hosting provides the ability to deploy quickly.
    • Ease of management: It’s no longer necessary for companies to manage communications across multiple platforms and devices.
    • Better connection: The communication flow across teams and with customers is faster and easier with phone, messaging, audio and video conferencing available in one place.
    • Scalability: Since UCaaS is an on-demand service, companies can scale their communication needs to what’s immediately required at an affordable price.

    Info-Tech Insight

    There are five reasons you should migrate to UCaaS. They are advanced technology, easily scalable, cost efficiencies, highly available, and security. There are always outliers, but these five criteria are a reliable foundation when assessing a vendor/product.

    UCaaS architecture

    The 6 primary elements of UCaaS

    Unified communications as a service (UCaaS) is a cloud-based subscription service primarily for communication tools such as voice, video, messaging, collaboration, content sharing, and other cloud services over the internet. It uses VoIP to process calls.

    The popularity of UCaaS is increasing with the recent trend of users working remotely full or part-time and requiring collaboration tools for their work.

    • The main benefit to businesses is the ability to remove on-premises hardware and reduce technical debt.
    • Additionally, it removes the need for expensive up-front capital costs and reduces communications costs.
    • From a productivity perspective, delivering these services under one platform/service increases effective collaboration and allows instant communication regardless of device or location.

    A diagram that shows protocols

    Features available to UCaaS/UC

    Must-haves vs. nice-to-haves

    A diagram that shows Must-haves vs. nice-to-haves UC features

    Info-Tech Insight

    Decide what matters most to the organization when choosing the UC platform and applications. Divide criteria into must-have vs. nice-to-have categories.

    Security and UCaaS

    • Maintain company integrity
    • Enhance data security
    • Regulatory compliance
    • Reduce risk of fraud
    • Protect data for multiple devices

    What are the concerns? What is at risk?

    • DDoS attacks: Enterprise transactions are paralyzed by flooding of data across the network preventing access
    • Phishing: Users are tricked into clicking a URL and sharing an organization’s sensitive data
    • Ransomware: Malicious attack preventing the business from accessing data and demanding a ransom for access
    • Third-party malware: Software infected with a virus, trojan horse, worms, spyware, or even ransomware with malicious intent

    Security solutions in UCaaS

    End-to-end encryption is critical

    SRTP

    • Secure real-time protocol is a cryptographic protocol used to secure voice & video calls over IP networks
    • SRTP provides encryption, message authentication, and integrity protection for voice and data packets. Using advanced encryption standard (AES) reduces chance of DDoS attacks

    TLS

    • Transport layer security (TLS) is a cryptographic protocol that secures data in transit over the internet, protecting from interception and tampering

    VPNs and firewalls

    • Virtual private networks (VPNs) are used to secure and encrypt connections between remote devices and the network. UCaaS providers can use VPN to secure access from remote locations
    • Firewalls are your primary line of defense against unauthorized traffic entering or leaving the network

    SIP

    • Session initiated protocol (SIP) over TLS is used to initiate and terminate video and voice calls over the internet. UCaaS providers often use SIP over TLS to encrypt and secure SIP messages

    SSH

    • Secure shell (SSH) is a cryptographic network protocol used to secure remote access and communications over the network. SSH is often used by UCaaS providers to secure remote management and configuration of systems

    Info-Tech Insight

    Encryption is a must for securing data and voice packets across the internet. These packets can be vulnerable to eavesdropping techniques and local area network (LAN) breaches. This risk must be mitigated from end to end.

    UCaaS

    Seven vendors competing with Microsoft’s integrated suite of collaboration tools

    Zoom

    A logo of Zoom
    Best for large meetings and webinars

    Key features:

    • Virtual meetings up to 300 users, up to 1,000 with enterprise version
    • Team chat
    • Digital whiteboard
    • Phone

    RingCentral

    A logo of RingCentral
    Best for project management collaboration tools

    Key features:

    • Video conferencing up to 200 users
    • Chat
    • Voice calls
    • Video polls and captioning
    • Digital whiteboard

    Nextiva

    A logo of Nextiva
    Best for CRM support, best-in-class functionality and features

    Key features:

    • Single dashboard
    • Chat
    • Cospace collaboration tool
    • Templates
    • Voice and call pop

    GoTo Connect

    A logo of GoTo Connect
    Best for integration with other business apps

    Key features:

    • Video conferencing up to 250 participants
    • Meeting transcripts
    • Dial plan

    Dialpad

    A logo of Dialpad
    Best for small companies under 15 users

    Key features:

    • Video meetings up to 15 participants
    • AI transcripts with call summary
    • Call controls share screen, switch between devices
    • Channel conversations with calendar app

    WebEx

    A logo of WebEx
    Only vendor offering real-time translation & closed captioning

    Key features:

    • Video meetings up to 200 participants
    • Calling features with noise removal, call recording, and transcripts
    • Live polling and Q&A

    Google Workspace

    A logo of Google Workspace
    Best for whole team collaboration for docs and slides

    Key features:

    • Google meet video
    • Collaboration on docs, sheets, and slides
    • Google chat and spaces
    • Calendars with sync updates with Gmail and auto-reminders

    Avaya and Cisco

    The major players in the VoIP on-premises PBX world have moved to a cloud experience to compete with Microsoft and other UCaaS players

    Avaya offers the OneCloud UC platform. It is one of the last UC vendors to offer on-premises solutions. In a market which is moving to the cloud at a serious pace, Avaya retains a 14% share. It made a strategic partnership with RingCentral in 2019 and in February 2021 they formed a joint venture which is now called Avaya Cloud Office, a UCaaS solution that integrates Avaya’s communication and collaboration solution with the RingCentral cloud platform.

    With around 33% of the UC market, Cisco also has a selection of UC products and services for on-premises deployment and the cloud, including WebEx Calling, Jabber, Unity Connections for voice messaging, and Single Number Reach for extensive telephony features.

    Both vendors support on-premises and cloud-based solutions for UC.

    Services provided by Avaya and Cisco in the UCaaS space

    A logo of Avaya Cloud Office
    Avaya Cloud Office

    • Voice calling: Cloud-based phone system over the internet with call forwarding, call transfer, voice mail, and more
    • Video conferencing: Virtual meetings for real-time collaboration, screen sharing, virtual backgrounds, video layout, meeting recording, whiteboarding and annotation, and virtual waiting room
    • Messaging: A feature that allows users to send and receive instant messages and SMS text messaging on the same platform
    • Collaboration: Work together on documents and projects in real time. File sharing and task management
    • Contact center: Manage customer interactions across voice, email, chat, and social media
    • Mobile app: Allows users to access communication and collaboration features on smartphones and tablets

    A logo of Cisco WebEx
    Cisco WebEx

    • Voice calling: Cisco WebEx calling provides cloud-based phone system over the internet including call forwarding, transfer, and voice mail
    • Video conferencing: Features include virtual meeting and real-time collaboration, screen sharing, and virtual backgrounds and layouts, highly scalable to large audiences
    • Messaging: Features include chat and SMS
    • Collaboration: Allows users to work together on docs and projects in real time, including file sharing and task management
    • Contact center: Multiple contact center solutions offered for small, medium, and large enterprises
    • Mobile app: Software clients for Jabber on cellphones
    • Artificial intelligence: Business insights, automatic transcripts, notes, and highlights to capture the meeting

    Service desk and contact center cloud options

    INDUSTRY: All industries
    SOURCE: Software reviews

    What vendors offer and what they don’t

    RingCentral integrates with some popular contact centers such as Five 9, Talkdesk and Sharpen. They also have a built-in contact center solution that can be integrated with their messaging and video conferencing tools.

    GoToConnect integrates with several leading customer service providers including Zendesk and Salesforce Service Cloud They also offer a built-in contact center solution with advanced call routing and management features.

    WebEx integrates with a variety of contact center and customer service platforms including Five9, Genesys, and ServiceNow.

    Dialpad integrates with contact center platforms such as Talkdesk and ServiceNow as well as CRM tools such as Salesforce and HubSpot.

    Google Workspace integrates with third-party contact center platforms through their Google Cloud Contact Center AI offering.

    SoftwareReviews

    A diagram that shows some top cloud options in Software reviews

    UCaaS comparison table

    A diagram of a UCaaS comparison table
    * Some reported issues around sound and voice quality may be due to network
    **Limited to certain plans

    Differences between UCaaS and CPaaS

    UCaaS

    CPaaS

    Defined

    Unified communication as a service – a cloud-based platform providing a suite of tools like voice, video messaging, file sharing & contact center.

    Communication platform as a service – a cloud-based platform allowing developers to use APIs to integrate real-time communications into their own applications.

    Functionality

    Designed for end users accessing a suite of tools for communication and collaboration through a unified platform.

    Designed for developers to create and integrate comms features into their own applications.

    Use cases

    Replace aging on-premises PBX systems with consolidated voice and collaboration services.

    Embedded communications capabilities into existing applications through SDKs, Java, and .NET libraries.

    Cost

    Often has a higher cost depending on services provided which can be quite comprehensive.

    Can be more cost effective than UCaaS if the business only requires a few communication features Integrated into their apps.

    Customization

    Offers less customization as it provides a predefined suite of tools that are rarely customized.

    Highly flexible and customizable so developers can build and integrate to fit unique use cases.

    Vendors

    Zoom, MS Teams, Cisco WebEx, RingCentral 8x8, GoTo Meeting, Slack, Avaya & many more.

    Twilio, Vonage, Pivo, MessageBird, Nexmo, SignalWire, CloudTalk, Avaya OneCloud, Telnyx, Voximplant, and others.

    Microsoft Teams Phone

    UCaaS for Microsoft 365

    Consider your approach to the telephony question. Microsoft incorporates telephony functionality with their broader collaboration suite. Other providers do the opposite.

    Microsoft’s voice solution

    These options allow you to plan for an all-cloud solution, connect to your own carrier, or use a combination of all cloud with a third-party carrier. Caveat: Calling plans must be available in your country or region.

    How do you connect with the public switched telephone network (PSTN)?

    Microsoft has three options for connecting the phone system to the PSTN:

    Calling Plan

    • Uses Microsoft's phone system and adds a domestic and international calling plan, which enables worldwide calling but depends on your chosen license
    • Since PSTN Calling Plan operates out of Microsoft 365, you are not required to deploy/maintain on-premises hardware
    • Customers can connect a supported session border controller (SBC) via direct routing if it’s necessary to operate with third-party PBX analog devices or other voice solutions supported by the SBC
    • You can assign your phone numbers directly in the Teams Admin Center

    This plan will work for you if:

    • There is a calling plan available in your region
    • You don’t need to maintain your PSTN carrier
    • You want to use Microsoft's managed PSTN
    • No SBC is necessary in your organization
    • Teams provides all the features your business needs

    Operator Connect

    • Leverage existing contracts or find a new operator from a selection of participating operators
    • Operator-managed infrastructure, your operator manages PSTN calling services and SBC
    • Faster, easier deployment, quickly connect to your operator and assign phone numbers directly from Teams Admin Center
    • Enhanced support and reliability, operators provide technical support and shared service level agreements
    • Customers can connect a supported SBC via Direct Routing for interoperability with third-party PBXs, analog devices, and other third-party voice solution equipment supported by SBC

    This plan will work for you if:

    • There is no calling plan available in your region
    • Your preferred carrier participates in the Microsoft operator connect plan
    • You are looking to get a new operator that enables calling in Teams

    Direct Routing

    • Connect your own supported SBC to Microsoft Phone System directly without needing additional on-premises software
    • Use virtually any voice solution carrier with Microsoft Phone System
    • Can be configured and managed by customers or by your carrier or partner (ask if your carrier or partner provides this option)
    • Configure interoperability between your voice solution equipment (e.g., a third-party PBX and analog devices) and Microsoft Phone System
    • Assign phone numbers directly from Teams Admin Center

    This plan will work for you if:

    • You want to use Teams with Phone System
    • You need to retain your current PSTN carrier
    • You want to mix routing – some calls are going via Calling Plans, some via your carrier
    • You need to interoperate with third-party PBXs and/or equipment such as overhead pagers, analog devices
    • Teams has all the features that your organization requires


    For more information, go to Microsoft Teams call flows.

    Teams phone architecture

    Microsoft offers three options that can be deployed based on several factors and questions you must answer.

    Microsoft Teams phone considerations when connecting to a PSTN

    • Do you want to move on-premises users to the cloud?
    • Is Microsoft's PSTN Calling Plan available in your region?
    • Is your preferred operator a participant in the Microsoft Operator Connect Program?
    • Do you want or need to keep your current voice carrier (e.g., does an existing contract require you to do so)?
    • Do you have an existing on-premises legacy PBX that you want or need to keep?
    • Does your current legacy PBX offer unique business-critical features?
    • Do all/any of your users require features not currently offered in Phone System?

    1. Phone System with Calling Plan

    All in the cloud for Teams users
    A diagram that shows Phone System with Calling Plan.

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide* No
    Requires deploying and maintaining a supported session border controller (SBC) No
    Requires contract with third-party carrier No

    *List of countries where calling plans are available: aka.ms/callingplans

    2. Phone System with own carrier via operator connect

    Phone system in the cloud; connectivity to on-premises voice network for Teams users
    A diagram that shows Phone System with own carrier via operator connect

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide* No
    Requires deploying and maintaining a supported session border controller (SBC) No
    Requires contract with third-party carrier Yes

    *List of countries where Operator Connect is available: aka.ms/operatorconnect

    3. Phone System with own carrier via Direct Routing

    Phone system in the cloud; connectivity to on-premises voice network for Teams users
    A diagram that shows Phone System with own carrier via Direct Routing

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide Yes
    Requires deploying and maintaining a supported session border controller (SBC) Yes
    Requires contract with third-party carrier* Yes

    *Unless deployed as an option to provide connection to third-party PBX, analog devices, or other voice equipment for users who are on Phone System with Calling Plans


    A Metrigy study found that 70% of organizations adopting MS Teams are using direct routing to connect to the PSTN
    Note: Complex organizations with varying needs can adopt all three options simultaneously.

    Avoid overpurchasing Microsoft telephony

    Microsoft telephony products on a page

    A diagram that shows Microsoft telephony products

    Pros:

    • The complete package: sole-sourcing your environment for simpler management
    • Users familiar with Microsoft will only have one place to go for telephony
    • You can bring your own provider and manage your own routing, giving you more choice
    • This can keep costs down as you do not have to pay for calling plan services
    • You can choose your own third-party solution while still taking advantage of the integrations that make Microsoft so attractive as a vendor

    Cons:

    • The most expensive option of the three
    • Less control and limited features compared to other pure-play telephony vendors
    • This service requires expertise in managing telephony infrastructure
    • Avoiding the cloud may introduce technical debt in the long term
    • You will have to manage integrations and deal with limited feature functionality (e.g. you may be able to receive inbound calls but not make outbound calls)

    Why does it matter?

    Phone System is Microsoft’s answer to the premises-based private branch exchange (PBX) functionality that has traditionally required a large capital expenditure. The cloud-based Phone System, offered with Microsoft’s highest tier of Microsoft/Office 365 licensing, allows Skype/Teams customers access to the following features (among others):

    • PSTN telephony (inbound and outbound)
    • Auto attendants (a menu system for callers to navigate your company directory)
    • Call forwarding, voice mail, and transferring
    • Caller ID
    • Shared lines
    • Common area phones

    Phone System, especially the Teams version, is a fully-featured telephony solution that integrates natively with a popular productivity solution. Phone System is worth exploring because many organizations already have Teams licenses.

    Key insights

    1. Don’t pay twice for the same service (unless you must). If you already have M/O365 E5 customer, Teams telephony can be a great way to save money and streamline your environment.
    2. Consider your approach to the telephony question. Microsoft incorporates telephony functionality into a broader collaboration suite. Other providers do the opposite. This reflects their relative strengths.
    3. Teams is a platform. You can use it as a front end for other telephone services. This might make sense if you have a preferred cloud PBX provider.

    Sources

    “Plan your Teams voice solution,” Microsoft, 2022.

    “Microsoft Calling Plans for Teams,” Microsoft, 2023.

    “Plan Direct Routing,” Microsoft, 2023.

    “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 2022.

    “Microsoft Teams Phone Systems: 5 Deployment Options in 2020,” AeroCom, 2020.

    Contact Center and Teams integration

    Three Teams integration options

    If you want to use a certified and direct routing solution for Teams Phone, use the Connect model.

    If you want to use Azure bots and the Microsoft Graph Communication APIs that enable solution providers to create the Teams app, use the Extend model.

    If you want to use the SDK that enables solution providers to embed native Teams experiences in their App, use the Power model (under development).

    The Connect model features

    The Extend model features

    The Power model features (TBD)

    Office 365 authN for agents to connect to their MS tenant from their integrated CCaaS client

    Team graph APIs and Cloud Communication APIs for integration with Teams

    Goal: One app, one screen contact center experience

    Use Teams to see when agents are available

    Teams-based app for agent experience Chat and collaboration experience integrated with the Teams Client

    Goal: Adapt using software development kits (SDKs)

    Transfers and groups call support for Teams

    Teams as the primary calling endpoint for the agent

    Goal: One dashboard experience

    Teams Graph APIs and Cloud communication APIs for integration with Teams

    Teams' client calling for the all the call controls. Preserve performance & quality of Teams client experience

    Multi-tenant SIP trunking to support several customers on solution provider’s SBC

    Agent experience apps for both Teams web and mobile client

    Solution providers to use Microsoft certified session border controller (SBC)

    Analytics workflow management role-based experience for agents in the CaaS app in Teams

    Teams phone network assessment

    Useful tools for Microsoft network testing and Microsoft Teams site assessment

    Plan network basics

    • Does your network infrastructure have enough capacity? Consider switch ports, wireless access points, and other coverage.
    • If you use VLANs and DHCP, are your scopes sized accordingly?
    • Evaluate and test network paths from where devices are deployed to Microsoft 365.
    • Open the required firewall ports and URLs for Microsoft 365 as per guidance.
    • Review and test E911 requirements and configuration for location accuracy and compliance.
    • Avoid using a proxy server and optimize media paths for reliability and quality.

    What internet speed do I need for Teams calls?

    • Microsoft Teams uses about 1.2 Mbps for HD video calling (720p), 1.5 Mbps for 1080p, 500 kbps for standard quality video (360p). Group video requires about 1 Mbps, HD group video uses about 2 Mbps.

    Key physical considerations

    • Power: Do you have enough electrical outlets? If the device needs an external power source, how close can you position it to an outlet?
    • Device placement: Where will your device be located? Review desk stands, wall mounts, and other accessories from the original equipment manufacturer (OEM).
    • Security: Does your device need to be locked in certain spaces?
    • Accessibility: Does the device meet the accessibility requirements of its primary user? Consider where it's placed, wire length, and handset or headset usability.

    Prepare your organization's network for Microsoft Teams

    Plan your Teams voice solution

    Check your internet connection for Teams Phone System

    Teams Phone Mobile

    UCaaS Activity

    Questions that must be addressed by your business and the vendor. Site surveys and questionnaires for your assessment

    Activity: Questionnaire

    Input: Evaluate your current state, Network readiness
    Output: Decisions on readiness, Gaps in infrastructure readiness, Develop a project plan
    Materials: UCaaS Readiness Questionnaire
    Participants: Infrastructure Manager, Project Manager, Network Engineer, Voice Engineer

    As a group, read through the questions on Tabs 1 and 2 of the UCaaS Readiness Questionnaire workbook. The answers to the questions will determine if you have gaps to fill when determining your readiness to move forward on a UCaaS solution.

    You may produce additional questions during the session that pertain to your specific business and situation. Please add them to the questionnaire as needed.

    Record your answers to determine next steps and readiness.

    When assessing potential vendors, use Tab 3 to determine suitability for your organization and requirements. This section may be left to a later date when building a request for proposal (RFP).

    Call #1: Review client advisory deck and next steps.

    Call #2: Assess readiness from answers to the Tab 1 questions.

    Download the UCaaS Readiness Questionnaire here

    Critical Path – Teams with Phone System Deployment

    A diagram that shows Critical Path – Teams with Phone System Deployment

    Example Ltd.’s Communications Guide

    A diagram that shows Example Ltd.’s Communications Guide

    [Insert Organization Name]’s Communications Guide

    A diagram that shows [Insert Organization Name]’s Communications Guide

    Related Info-Tech Research

    Photo of Modernize Communications and Collaboration Infrastructure

    Modernize Communications and Collaboration Infrastructure

    Organizations are losing productivity from managing the limitations of yesterday’s technology. The business is changing and the current communications solution no longer adequately connects end users. A new communications and collaboration infrastructure is due to replace or update the legacy infrastructure in place today.

    Photo of Establish a Communication and Collaboration System Strategy

    Establish a Communication and Collaboration System Strategy

    Communication and collaboration portfolios are overburdened with redundant and overlapping services. Between Office 365, Slack, Jabber, and WebEx, IT is supporting a collection of redundant apps. This redundancy takes a toll on IT, and on the user.

    Photo of Implement a Transformative IVR Experience That Empowers Your Customers

    Implement a Transformative IVR Experience That Empowers Your Customers

    Learn the strategies that will allow you to develop an effective interactive voice response (IVR) framework that supports self-service and improves the customer experience.

    Bibliography

    “8 Security Considerations for UCaaS.” Tech Guidance, Feb. 2022. Accessed March 2023.

    “2022 UCaaS & CCaaS market trends snapshot.” Masergy, 2022. Web.

    “All-in-one cloud communications.” Avaya, 2023. Accessed April 2023. Web.

    Carter, Rebekah. “UC Case Study in Focus: Microsoft Teams and GroupM.” UC Today, 9 May 2022. Accessed Feb. 2023.

    “Cisco Unified Communications Manager Cloud (Cisco UCM Cloud) Data Sheet.” Cisco, 15 Sept. 2021. Accessed Jan. 2023.

    “Cloud Adoption as Viewed by European Companies: Assessing the Impact on Public, Hybrid and Private Cloud Communications.” Mitel, 2018. Web.

    De Guzman, Marianne. “Unified Communications Security: The Importance of UCaaS Encryption.” Fit Small Business, 13 Dec. 2022. Accessed March 2023.

    “Evolution of Unified Communications.” TrueConf, n.d. Accessed March 2023. Web.

    Froehlich, Andrew. “Choose between Microsoft Teams vs. Zoom for conference needs.” TechTarget, 7 May 2021. Accessed March 2023.

    Gerwig, Kate. “UCaaS explained: Guide to unified communications as a service.” TechTarget, 29 March 2022. Accessed Jan. 2023.

    Irei, Alissa. “Emerging UCaaS trends include workflow integrations and AI.” TechTarget, 21 Feb 2020. Accessed Feb. 2023.

    Kuch, Mike. “What Is Unified Communications as a Service (UCaaS)?” Avaya, 27 Dec. 2022. Accessed Jan. 2023.

    Lazar, Irwin. “UC vendors extend mobile telephony capabilities.” TechTarget, 10 Feb. 2023. Accessed Mar 2023.

    McCain, Abby. "30 Essential Hybrid Work Statistics [2023]: The Future of Work." Zippia, 20 Feb. 2023. Accessed Mar 2023.

    “Meet the modern CIO: What CEOs expect from their IT leaders.” Freshworks, 2019. Web.

    “A New Era of Workplace Communications: Will You Lead or Be Left Behind.” No Jitter, 2018. Web.

    Plumley, Mike, et al. “Microsoft Teams IT architecture and voice solutions posters.’” Microsoft Teams, Microsoft, 14 Feb. 2023. Accessed March 2023.

    Rowe, Carolyn, et al. “Plan your Teams voice solution” Microsoft Learn, Microsoft, 1 Oct. 2022.

    Rowe, Carolyn, et al. “Microsoft Calling Plans for Teams.” Microsoft Learn, Microsoft, 23 May 2023.

    Rowe, Carolyn, et al. “Plan Direct Routing.” Microsoft Learn, Microsoft, 20 Feb. 2023.

    Scott, Rob. “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 21 April 2022.

    Smith, Mike. “Microsoft Teams Phone Systems: 5 Deployment Options in 2020.” YouTube, uploaded by AeroCom Inc, 23 Oct. 2020.

    “UCaaS - Getting Started With Unified Communications As A Service.” Cloudscape, 10 Nov. 2022. Accessed March 2023.

    “UCaaS Market Accelerating 29% per year; RingCentral, 8x8, Mitel, BroadSoft and Vonage Lead.” Synergy Research Group, 16 Oct. 2017. Web.

    “UCaaS Statistics – The Future of Remote Work.” UC Today, 21 April 2022. Accessed Feb. 2023.

    “Workplace Collaboration: 2021-22.” Metrigy, 27 Jan. 2021. Web.

    Application Maintenance

    • Buy Link or Shortcode: {j2store}30|cart{/j2store}
    • Related Products: {j2store}30|crosssells{/j2store}
    • member rating overall impact (scale of 10): 10.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • If you work with application maintenance or operations teams that handle the "run" of your applications, you may find that the sheer volume and variety of requests create large backlogs.
    • Your business and product owners may want scrum or DevOps teams to work on new functionality rather than spend effort on lifecycle management.
    • Increasing complexity and increasing reliance on technology may create unrealistic expectations for your maintenance teams. Business applications must be available around the clock, and new feature roadmaps cannot be side-tracked by maintenance.

    Our advice

    Insight

    • Improving maintenance focus may mean doing less work but create more value. Your teams need to be realistic about what commitments they take—balance maintenance with business value and risk levels.
    • Treat maintenance the same as any other development practice. Use the same intake and prioritization practices. Uphold the same quality standards.

    Impact and results 

    • Justify the necessity of streamlined and regular maintenance. Understand each stakeholder's objectives and concerns, validate them against your staff's current state, processes, and technologies involved.
    • Maintenance and risk go hand in hand. And the business wants to move forward all the time as well. Strengthen your prioritization practice. Use a holistic view of the business and technical impacts, risks, urgencies across the maintenance needs and requests. That allows you to justify their respective positions in the overall development backlog. Identify opportunities to bring some requirements and features together.
    • Build a repeatable process with appropriate governance around it. Ensure that people know their roles and responsibilities and are held accountable.
    • Instill development best-practices into your maintenance processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand everyday struggles regarding application maintenance, the root causes, and our methodology to overcome these. We show you how we can support you.

    Understand your maintenance priorities

    Identify your stakeholders and understand their drivers.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape (ppt)
    • Application Maintenance Operating Model Template (doc)
    • Application Maintenance Resource Capacity Assessment (xls)
    • Application Maintenance Maturity Assessment (xls)

    Define and employ maintenance governance

    Identify the right level of governance appropriate to your company and business context for your application maintenance. That ensures that people uphold standards across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule (ppt)

    Enhance your prioritization practices

    Most companies cannot do everything for all applications and systems. Build your maintenance triage and prioritization rules to safeguard your company, maximize business value generation and IT risks and requirements.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery (ppt)
    • Application Maintenance Business Case Presentation Document (ppt)

     

     

    Incident Management for Small Enterprise

    • Buy Link or Shortcode: {j2store}482|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $6,531 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Incident & Problem Management
    • Parent Category Link: /incident-and-problem-management
    • Technical debt and disparate systems are big constraints for most small enterprise (SE) organizations. What may have worked years ago is no longer fit for purpose or the business is growing faster than the current tools in place can handle.
    • Super specialization of knowledge is also a common factor in smaller teams caused by complex architectures. While helpful, if that knowledge isn’t documented it can walk out the door with the resource and the rest of the team is left scrambling.
    • Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.
    • Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Our Advice

    Critical Insight

    • Go beyond the blind adoption of best-practice frameworks. No simple formula exists for improving incident management maturity. Identify the challenges in your incident lifecycle and draw on best-practice frameworks pragmatically to build a structured response to those challenges.
    • Track, analyze, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns you can be susceptible to recurring incidents that increase in damage over time. Make the case for problem management, and successfully reduce the volume of unplanned work by scheduling it into regular IT activity.
    • Recurring incidents will happen; use runbooks for a consistent response each time. Save your organization response time and confusion by developing your own specific incident use cases. Incident response should follow a standard process, but each incident will have its own escalation process or call tree that identifies key participants.

    Impact and Result

    • Effective and efficient management of incidents involves a formal process of identifying, classifying, categorizing, responding, resolving, and closing of each incident. The key for smaller organizations, where technology or resources is a constraint, is to make the best practices usable for your unique environment.
    • Develop a plan that aligns with your organizational needs, and adapt best practices into light, sustainable processes, with the goal to improve time to resolve, cost to serve, and ultimately, end-user satisfaction.
    • Successful implementation of incident management will elevate the maturity of the service desk to a controlled state, preparing you for becoming proactive with problem management.

    Incident Management for Small Enterprise Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement incident management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and log incidents

    This phase will provide an overview of the incident lifecycle and an activity on how to classify the various types of incidents in your environment.

    • Service Desk Standard Operating Procedure
    • Incident Management Workflow Library (Visio)
    • Incident Management Workflow Library (PDF)

    2. Prioritize and define SLAs

    This phase will help you develop a categorization scheme for incident handling that ensures success and keeps it simple. It will also help you identify the most important runbooks necessary to create first.

    • Service Desk Ticket Categorization Schemes
    • IT Incident Runbook Prioritization Tool
    • IT Incident Management Runbook Blank Template

    3. Respond, recover, and close incidents

    This phase will help you identify how to use a knowledgebase to resolve incidents quicker. Identify what needs to be answered during a post-incident review and identify the criteria needed to invoke problem management.

    • Knowledgebase Article Template
    • Root-Cause Analysis Template
    • Post-Incident Review Questions Tracking Tool
    [infographic]

    Workshop: Incident Management for Small Enterprise

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current State

    The Purpose

    Assess the current state of the incident management lifecycle within the organization.

    Key Benefits Achieved

    Understand the incident lifecycle and how to classify them in your environment.

    Identify the roles and responsibilities of the incident response team.

    Document the incident workflows to identify areas of opportunities.

    Activities

    1.1 Outline your incident lifecycle challenges.

    1.2 Identify and classify incidents.

    1.3 Identify roles and responsibilities for incident handling.

    1.4 Design normal and critical incident workflows for target state.

    Outputs

    List of incident challenges for each phase of the incident lifecycle

    Incident classification scheme mapped to resolution team

    RACI chart

    Incident Workflow Library

    2 Define the Target State

    The Purpose

    Design or improve upon current incident and ticket categorization schemes, priority, and impact.

    Key Benefits Achieved

    List of the most important runbooks necessary to create first and a usable template to go forward with

    Activities

    2.1 Improve incident categorization scheme.

    2.2 Prioritize and define SLAs.

    2.3 Understand the purpose of runbooks and prioritize development.

    2.4 Develop a runbook template.

    Outputs

    Revised ticket categorization scheme

    Prioritization matrix based on impact and urgency

    IT Incident Runbook Prioritization Tool

    Top priority incident runbook

    3 Bridge the Gap

    The Purpose

    Respond, recover, and close incidents with root-cause analysis, knowledgebase, and incident runbooks.

    Key Benefits Achieved

    This module will help you to identify how to use a knowledgebase to resolve quicker.

    Identify what needs to be answered during a post-incident review.

    Identify criteria to invoke problem management.

    Activities

    3.1 Build a targeted knowledgebase.

    3.2 Build a post-incident review process.

    3.3 Identify metrics to track success.

    3.4 Build an incident matching process.

    Outputs

    Working knowledgebase template

    Root-cause analysis template and post-incident review checklist

    List of metrics

    Develop criteria for problem management

    Identify Opportunities to Mature the Security Architecture

    • Buy Link or Shortcode: {j2store}385|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Organizations do not have a solid grasp on the complexity of their infrastructure and are unaware of the overall risk to their infrastructure posed by inadequate security.
    • Organizations do not understand how to properly create and deliver value propositions of technical security solutions.

    Our Advice

    Critical Insight

    • The security architecture is a living, breathing thing based on the risk profile of your organization.
    • Compliance and risk mitigation create an intertwined relationship between the business and your security architecture. The security architecture roadmap must be regularly assessed and continuously maintained to ensure security controls align with organizational objectives.

    Impact and Result

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors and therefore cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Identify Opportunities to Mature the Security Architecture Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a right-sized security architecture, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the organization’s ideal security architecture

    Complete three unique assessments to define the ideal security architecture maturity for your organization.

    • Identify Opportunities to Mature the Security Architecture – Phase 1: Identify the Organization's Ideal Security Architecture
    • Security Architecture Recommendation Tool
    • None

    2. Create a security program roadmap

    Use the results of the assessments from Phase 1 of this research to create a roadmap for improving the security program.

    • Identify Opportunities to Mature the Security Architecture – Phase 2: Create a Security Program Roadmap
    [infographic]

    The Resilience Pack

    The Resilience Pack

    All items you need to become resilient.

    Resilience results from a clear set of governance, mindset, attitudes and actions.

    If you have not yet read "What is resilience?" I can recommend it. This pack contains the elements to start your resilience journey.

    Contact us to get started

    With this pack, we give you the right direction to become resilient. Please contact us to discuss the options.
    Tymans Group also offers consulting, as well as an extension to EU DORA compliance. 

    Continue reading

    Embed Privacy and Security Culture Within Your Organization

    • Buy Link or Shortcode: {j2store}379|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    Engagement with privacy and security within organizations has not kept pace with the increasing demands from regulations. As a result, organizations often find themselves saying they support privacy and security engagement but struggling to create behavioral changes in their staff.

    However, with new privacy and security requirements proliferating globally, we can’t help but wonder how much longer we can carry on with this approach.

    Our Advice

    Critical Insight

    To truly take hold, privacy and security engagement must be supported by senior leadership, aligned with business objectives, and embedded within each of the organization’s operating groups and teams.

    Impact and Result

    • Develop a defined structure for privacy and security in the context of your organization, your obligations, and your objectives.
    • Align your business goals and strategy with privacy and security to obtain support from your senior leadership team.
    • Identify and implement a set of metrics to monitor the success of each of the six engagement enablers amongst your team.

    Embed Privacy and Security Culture Within Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a culture of privacy and security at your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define privacy and security in the context of the organization

    Use the charter template to document the primary outcomes and objectives for the privacy and security engagement program within the organization and map the organizational structure to each of the respective roles to help develop a culture of privacy and security.

    • Privacy and Security Engagement Charter

    2. Map your privacy and security enablers

    This tool maps business objectives and key strategic goals to privacy and security objectives and attributes identified as a part of the overall engagement program. Leverage the alignment tool to ensure your organizational groups are mapped to their corresponding enablers and supporting metrics.

    • Privacy and Security Business Alignment Tool

    3. Identify and track your engagement indicators

    This document maps out the organization’s continued efforts in ensuring employees are engaged with privacy and security principles, promoting a strong culture of privacy and security. Use the playbook to document and present the organization’s custom plan for privacy and security culture.

    • Privacy and Security Engagement Playbook

    Infographic

    Workshop: Embed Privacy and Security Culture Within Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Drivers and Engagement Objectives

    The Purpose

    Understand the current privacy and security landscape in the organization.

    Key Benefits Achieved

    Targeted set of drivers from both a privacy and security perspective

    Activities

    1.1 Discuss key drivers for a privacy and security engagement program.

    1.2 Identify privacy requirements and objectives.

    1.3 Identify security requirements and objectives.

    1.4 Review the business context.

    Outputs

    Understanding of the role and requirements of privacy and security in the organization

    Privacy drivers and objectives

    Security drivers and objectives

    Privacy and security engagement program objectives

    2 Align Privacy and Security With the Business

    The Purpose

    Ensure that your privacy and security engagement program is positioned to obtain the buy-in it needs through business alignment.

    Key Benefits Achieved

    Direct mappings between a culture of privacy and security and the organization’s strategic and business objectives

    Activities

    2.1 Review the IT/InfoSec strategy with IT and the InfoSec team and map to business objectives.

    2.2 Review the privacy program and privacy strategic direction with the Privacy/Legal/Compliance team and map to business objectives.

    2.3 Define the four organizational groupings and map to the organization’s structure.

    Outputs

    Privacy and security objectives mapped to business strategic goals

    Mapped organizational structure to Info-Tech’s organizational groups

    Framework for privacy and security engagement program

    Initial mapping assessment within Privacy and Security Business Alignment Tool

    3 Map Privacy and Security Enablers to Organizational Groups

    The Purpose

    Make your engagement plan tactical with a set of enablers mapped to each of the organizational groups and privacy and security objectives.

    Key Benefits Achieved

    Measurable indicators through the use of targeted enablers that customize the organization’s approach to privacy and security culture

    Activities

    3.1 Define the privacy enablers.

    3.2 Define the security enablers.

    3.3 Map the privacy and security enablers to organizational structure.

    3.4 Revise and complete Privacy and Security Business Alignment Tool inputs.

    Outputs

    Completed Privacy and Security Engagement Charter.

    Completed Privacy and Security Business Alignment Tool.

    4 Identify and Select KPIs and Metrics

    The Purpose

    Ensure that metrics are established to report on what the business wants to see and what security and privacy teams have planned for.

    Key Benefits Achieved

    End-to-end, comprehensive program that ensures continued employee engagement with privacy and security at all levels of the organization.

    Activities

    4.1 Segment KPIs and metrics based on categories or business, technical, and behavioral.

    4.2 Select KPIs and metrics for tracking privacy and security engagement.

    4.3 Assign ownership over KPI and metric tracking and monitoring.

    4.4 Determine reporting cadence and monitoring.

    Outputs

    KPIs and metrics identified at a business, technical, and behavioral level for employees for continued growth

    Completed Privacy and Security Engagement Playbook

    Become a Strategic CIO

    • Buy Link or Shortcode: {j2store}80|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a CIO, you are currently operating in a stable and trusted IT environment, but you would like to advance your role to strategic business partner.
    • CIOs are often overlooked as a strategic partner by their peers, and therefore face the challenge of proving they deserve a seat at the table.

    Our Advice

    Critical Insight

    • To become a strategic business partner, you must think and act as a business person that works in IT, rather than an IT person that works for the business.
    • Career advancement is not a solo effort. Building relationships with your executive business stakeholders will be critical to becoming a respected business partner.

    Impact and Result

    • Create a personal development plan and stakeholder management strategy to accelerate your career and become a strategic business partner. For a CIO to be considered a strategic business partner, he or she must be able to:
      • Act as a business person that works in IT, rather than an IT person that works for the business. This involves meeting executive stakeholder expectations, facilitating innovation, and managing stakeholder relationships.
      • Align IT with the customer. This involves providing business stakeholders with information to support stronger decision making, keeping up with disruptive technologies, and constantly adapting to the ever-changing end-customer needs.
      • Manage talent and change. This involves performing strategic workforce planning, and being actively engaged in identifying opportunities to introduce change in your organization, suggesting ways to improve, and then acting on them.

    Become a Strategic CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should become a strategic CIO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Analyze strategic CIO competencies and assess business stakeholder satisfaction with IT using Info-Tech's CIO Business Vision Diagnostic and CXO-CIO Alignment Program.

    • Become a Strategic CIO – Phase 1: Launch

    2. Assess

    Evaluate strategic CIO competencies and business stakeholder relationships.

    • Become a Strategic CIO – Phase 2: Assess
    • CIO Strategic Competency Evaluation Tool
    • CIO Stakeholder Power Map Template

    3. Plan

    Create a personal development plan and stakeholder management strategy.

    • Become a Strategic CIO – Phase 3: Plan
    • CIO Personal Development Plan
    • CIO Stakeholder Management Strategy Template

    4. Execute

    Develop a scorecard to track personal development initiatives.

    • Become a Strategic CIO – Phase 4: Execute
    • CIO Strategic Competency Scorecard
    [infographic]

    Workshop: Become a Strategic CIO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Competencies & Stakeholder Relationships

    The Purpose

    Gather and review information from business stakeholders.

    Assess strategic CIO competencies and business stakeholder relationships.

    Key Benefits Achieved

    Gathered information to create a personal development plan and stakeholder management strategy.

    Analyzed the information from diagnostics and determined the appropriate next steps.

    Identified and prioritized strategic CIO competency gaps.

    Evaluated the power, impact, and support of key business stakeholders.

    Activities

    1.1 Conduct CIO Business Vision diagnostic

    1.2 Conduct CXO-CIO Alignment program

    1.3 Assess CIO competencies

    1.4 Assess business stakeholder relationships

    Outputs

    CIO Business Vision results

    CXO-CIO Alignment Program results

    CIO competency gaps

    Executive Stakeholder Power Map

    2 Take Control of Your Personal Development

    The Purpose

    Create a personal development plan and stakeholder management strategy.

    Track your personal development and establish checkpoints to revise initiatives.

    Key Benefits Achieved

    Identified personal development and stakeholder engagement initiatives to bridge high priority competency gaps.

    Identified key performance indicators and benchmarks/targets to track competency development.

    Activities

    2.1 Create a personal development plan

    2.2 Create a stakeholder management strategy

    2.3 Establish key performance indicators and benchmarks/targets

    Outputs

    Personal Development Plan

    Stakeholder Management Strategy

    Strategic CIO Competency Scorecard

    Sprint Toward Data-Driven Culture Using DataOps

    • Buy Link or Shortcode: {j2store}199|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Data teams do not have a mechanism to integrate with operations teams and operate in a silo.
    • Significant delays in the operationalization of analytical/algorithms due to lack of standards and a clear path to production.
    • Raw data is shared with end users and data scientists due to poor management of data, resulting in more time spent on integration and less on insight generation and analytics.

    Our Advice

    Critical Insight

    • Data and analytics teams need a clear mechanism to separate data exploratory work and repetitive data insights generation. Lack of such separation is the main cause of significant delays, inefficiencies, and frustration for data initiatives.
    • Access to data and exploratory data analytics is critical. However, the organization must learn to share insights and reuse analytics.
    • Once analytics finds wider use in the organization, they need to adopt a disciplined approach to ensure its quality and continuous integration in the production environment.

    Impact and Result

    • Use a metrics-driven approach and common framework across silos to enable the rapid development of data initiatives using Agile principles.
    • Implement an approach that allows business, data, and operation teams to collaboratively work together to provide a better customer experience.
    • Align DataOps to an overall data management and governance program that promotes collaboration, transparency, and empathy across teams, establishes the appropriate roles and responsibilities, and ensures alignment to a common set of goals.
    • Assess the current maturity of the data operations teams and implement a roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the desired DataOps target state.

    Sprint Toward Data-Driven Culture Using DataOps Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the operational challenges associated with productizing the organization's data-related initiative. Review Info-Tech’s methodology for enabling the improved practice to operationalize data analytics and how we will support you in creating an agile data environment.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover benefits of DataOps

    Understand the benefits of DataOps and why organizations are looking to establish agile principles in their data practice, the challenges associated with doing so, and what the new DataOps strategy needs to be successful.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 1: Discover Benefits of DataOps

    2. Assess your data practice for DataOps

    Analyze DataOps using Info-Tech’s DataOps use case framework, to help you identify the gaps in your data practices that need to be matured to truly realize DataOps benefits including data integration, data security, data quality, data engineering, and data science.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 2: Assess Your Data Practice for DataOps
    • DataOps Roadmap Tool

    3. Mature your DataOps practice

    Mature your data practice by putting in the right people in the right roles and establishing DataOps metrics, communication plan, DataOps best practices, and data principles.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 3: Mature Your DataOps Practice
    [infographic]

    Workshop: Sprint Toward Data-Driven Culture Using DataOps

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for DataOps

    The Purpose

    Understand the DataOps approach and value proposition.

    Key Benefits Achieved

    A clear understanding of organization data priorities and metrics along with a simplified view of data using Info-Tech’s Onion framework.

    Activities

    1.1 Explain DataOps approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need for DataOps.

    1.3 Understand Info-Tech’s DataOps Framework.

    Outputs

    Organization's data priorities and metrics

    Data Onion framework

    2 Assess DataOps Maturity in Your Organization

    The Purpose

    Assess the DataOps maturity of the organization.

    Key Benefits Achieved

    Define clear understanding of organization’s DataOps capabilities.

    Activities

    2.1 Assess current state.

    2.2 Develop target state summary.

    2.3 Define DataOps improvement initiatives.

    Outputs

    Current state summary

    Target state summary

    3 Develop Action Items and Roadmap to Establish DataOps

    The Purpose

    Establish clear action items and roadmap.

    Key Benefits Achieved

    Define clear and measurable roadmap to mature DataOps within the organization.

    Activities

    3.1 Continue DataOps improvement initiatives.

    3.2 Document the improvement initiatives.

    3.3 Develop a roadmap for DataOps practice.

    Outputs

    DataOps initiatives roadmap

    4 Plan for Continuous Improvement

    The Purpose

    Define a plan for continuous improvements.

    Key Benefits Achieved

    Continue to improve DataOps practice.

    Activities

    4.1 Create target cross-functional team structures.

    4.2 Define DataOps metrics for continuous monitoring.

    4.3 Create a communication plan.

    Outputs

    DataOps cross-functional team structure

    DataOps metrics

    Modernize Your Microsoft Licensing for the Cloud Era

    • Buy Link or Shortcode: {j2store}304|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $102,414 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Microsoft licensing is complicated. Often, the same software can be licensed a number of ways. It’s difficult to know which edition and licensing model is best.
    • Licensing and features often change with the release of new software versions, compounding the problem by making it difficult to stay current.
    • In tough economic times, IT is asked to reduce capital and operating expenses wherever possible. As one of the top five expense items in most enterprise software budgets, Microsoft licensing is a primary target for cost reduction.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented needs will be your best asset in navigating Microsoft licensing and negotiating your agreement.
    • Beware the bundle. Be aware when purchasing the M365 suite that there is no way out. Negotiating a low price is critical, as all leverage swings to Microsoft once it is on your agreement.
    • If the cloud doesn’t fit, be ready to pay up or start making room. Microsoft has drastically reduced discounting for on-premises products, support has been reduced, and product rights have been limited. If you are planning to remain on premises, be prepared to pay up.

    Impact and Result

    • Understand what your organization needs and what your business requirements are. It’s always easier to purchase more later than try to reduce your spend.
    • Complete cost calculations carefully, as the cloud might end up costing significantly more for the desired feature set. However, in some scenarios, it may be more cost efficient for organizations to license in the cloud.
    • If there are significant barriers to cloud adoption, discuss and document them. You’ll need this documentation in three years when it’s time to renew your agreement.

    Modernize Your Microsoft Licensing for the Cloud Era Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Modernize Your Microsoft Licensing Deck – A deck to help you build a strategy for your Microsoft licensing renewal.

    This storyboard will help you build a strategy for your Microsoft licensing renewal from conducting a thorough needs assessment to examining your licensing position, evaluating Microsoft's licensing options, and negotiations.

    • Modernize Your Microsoft Licensing for the Cloud Era – Phases 1-4

    2. Microsoft Cloud Products Cost Modeler – A tool to model estimated costs for Microsoft's cloud products.

    The Microsoft Cloud Products Cost Modeler will provide a rough estimate of what you can expect to pay for Office 365 or Dynamics CRM licensing, before you enter into negotiations. This is not your final cost, but it will give you an idea.

    • Microsoft Cloud Products Cost Modeler

    3. Microsoft Licensing Purchase Reference Guide - A template to capture licensing stakeholder information, proposed changes to licensing, and negotiation items.

    The Microsoft Licensing Purchase Reference Guide can be used throughout the process of licensing review: from initial meetings to discuss compliance state and planned purchases, to negotiation meetings with resellers. Use it in conjunction with Info-Tech's Microsoft Licensing Effective License Position Template.

    • Microsoft Licensing Purchase Reference Guide

    4. Negotiation Timeline for Microsoft – A template to navigate your negotiations with Microsoft.

    This tool will help you plot out your negotiation timeline, depending on where you are in your contract negotiation process.

  • 6-12 months
  • Less than 3 months
    • Negotiation Timeline for Microsoft – Visio
    • Negotiation Timeline for Microsoft – PDF

    5. Effective Licensing Position Tool – A template to help you create an effective licensing position and determine your compliance position.

    This template helps organizations to determine the difference between the number of software licenses they own and the number of software copies deployed. This is known as the organization’s effective license position (ELP).

    • Effective Licensing Position Tool
    [infographic]

    Industry-Specific Digital Transformation

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Infographic

    Bring Visibility to Your Day-to-Day Projects

    • Buy Link or Shortcode: {j2store}444|cart{/j2store}
    • member rating overall impact (scale of 10): 9.8/10 Overall Impact
    • member rating average dollars saved: $9,649 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As an IT leader, you are responsible for getting new things done while keeping the old things running. These “new things” can come in many forms, e.g. service requests, incidents, and officially sanctioned PMO projects, as well as a category of “unofficial” projects that have been initiated through other channels.
    • These unofficial projects get called many things by different organizations (e.g. level 0 projects,BAU projects, non-PMO projects, day-to-day projects), but they all have the similar characteristics: they are smaller and less complex than larger projects or officially sanctioned projects; they are larger and more risky than operational tasks or incidents; and they are focused on the needs of a specific functional unit and tend to stay within those units to get done.
    • Because these day-to-day projects are small, emergent, team-specific, operationally vital, yet generally perceived as being strategically unimportant, top-level leadership has a limited understanding of them when they are approving and prioritizing major projects. As a result, they approve projects with no insight into how your team’s capacity is already stretched thin by existing demands.

    Our Advice

    Critical Insight

    • Senior leadership cannot contrast the priority of things that are undocumented. As an IT leader, you need to ensure day-to-day projects receive the appropriate amount of documentation without drowning your team in a process that the types of project don’t warrant.
    • Don’t bleed your project capacity dry by leaving the back door open. When executive oversight took over the strategic portfolio, we assumed they’d resource those projects as a priority. Instead, they focused on “alignment,” “strategic vision,” and “go to market” while failing to secure and defend the resource capacity needed. To focus on the big stuff, you need to sweat the small stuff.

    Impact and Result

    • Develop a method to consistently identify and triage day-to-day projects across functional teams in a standard and repeatable way.
    • Establish a way to balance and prioritize the operational necessity of day-to-day projects against the strategic value of major projects.
    • Build a repeatable process to document and report where the time goes across all given pockets of demand your team faces.

    Bring Visibility to Your Day-to-Day Projects Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should put more portfolio management structure around your day-to-day projects, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Uncover your organization’s hidden pockets of day-to-day projects

    Define an organizational standard for identifying day-to-day projects and triaging them in relation to other categories of projects.

    • Bring Visibility to Your Day-to-Day Projects – Phase 1: Uncover Your Organization’s Hidden Pockets of Day-to-Day Projects
    • Day-to-Day Project Definition Tool
    • Day-to-Day Project Supply/Demand Calculator

    2. Establish ongoing day-to-day project visibility

    Build a process for maintaining reliable day-to-day project supply and demand data.

    • Bring Visibility to Your Day-to-Day Projects – Phase 2: Establish Ongoing Day-to-Day Project Visibility
    • Day-to-Day Project Process Document
    • Day-to-Day Project Intake and Prioritization Tool
    [infographic]

    Workshop: Bring Visibility to Your Day-to-Day Projects

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze the Current State of Day-to-Day Projects

    The Purpose

    Assess the current state of project portfolio management and establish a realistic target state for the management of day-to-day projects.

    Key Benefits Achieved

    Realistic and well-informed workshop goals.

    Activities

    1.1 Begin with introductions and workshop expectations activity.

    1.2 Perform PPM SWOT analysis.

    1.3 Assess pain points and analyze root causes.

    Outputs

    Realistic workshop goals and expectations

    PPM SWOT analysis

    Root cause analysis

    2 Establish Portfolio Baselines for Day-to-Day Projects

    The Purpose

    Establish a standard set of baselines for day-to-day projects that will help them to be identified and managed in the same way across different functional teams.

    Key Benefits Achieved

    Standardization of project definitions and project value assessments across different functional teams.

    Activities

    2.1 Formalize the definition of a day-to-day project and establish project levels.

    2.2 Develop a project value scorecard for day-to-day projects.

    2.3 Analyze the capacity footprint of day-to-day projects.

    Outputs

    Project identification matrix

    Project value scorecard

    A capacity overview to inform baselines

    3 Build a Target State Process for Day-to-Day Projects

    The Purpose

    Establish a target state process for tracking and monitoring day-to-day projects at the portfolio level.

    Key Benefits Achieved

    Standardization of how day-to-day projects are managed and reported on across different functional teams.

    Activities

    3.1 Map current state workflows for the intake and resource management practices (small and large projects).

    3.2 Perform a right-wrong-missing-confusing analysis.

    3.3 Draft a target state process for the initiation of day-to-day projects and for capacity planning.

    Outputs

    Current state workflows

    Right-wrong-missing-confusing analysis

    Target state workflows

    4 Prepare to Implement Your New Processes

    The Purpose

    Start to plan the implementation of your new processes for the portfolio management of day-to-day projects.

    Key Benefits Achieved

    An implementation plan, complete with communication plans, timelines, and goals.

    Activities

    4.1 Perform a change impact and stakeholder management analysis.

    4.2 Perform a start-stop-continue activity.

    4.3 Define an implementation roadmap.

    Outputs

    Change impact and stakeholder analyses

    Start-stop-continue retrospective

    Implementation roadmap

    Deliver a Customer Service Training Program to Your IT Department

    • Buy Link or Shortcode: {j2store}484|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $4,339 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • The scope of service that the service desk must provide has expanded. With the growing complexity of technologies to support, it becomes easy to forget the customer service side of the equation. Meanwhile, customer expectations for prompt, frictionless, and exceptional service from anywhere have grown.
    • IT departments struggle to hire and retain talented service desk agents with the right mix of technical and customer service skills.
    • Some service desk agents don’t believe or understand that customer service is an integral part of their role.
    • Many IT leaders don’t ask for feedback from users to know if there even is a customer service problem.

    Our Advice

    Critical Insight

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Impact and Result

    • Good customer service is critical to the success of the service desk. How a service desk treats its customers will determine its customers' satisfaction with not only IT but also the company as a whole.
    • Not every technician has innate customer service skills. IT managers need to provide targeted, practical training on what good customer service looks like at the service desk.
    • One training session is not enough to make a change. Leaders must embed the habits, create a culture of engagement and positivity, provide continual coaching and development, regularly gather customer feedback, and seek ways to improve.

    Deliver a Customer Service Training Program to Your IT Department Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should deliver customer service training to your team, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Deliver a Customer Service Training Program to Your IT Department – Executive Brief
    • Deliver a Customer Service Training Program to Your IT Department Storyboard

    1. Deliver customer service training to your IT team

    Understand the importance of customer service training, then deliver Info-Tech's training program to your IT team.

    • Customer Service Training for the Service Desk – Training Deck
    • Customer Focus Competency Worksheet
    • Cheat Sheet: Service Desk Communication
    • Cheat Sheet: Service Desk Written Communication
    [infographic]

    Select Software With the Right Satisfaction Drivers in Mind

    • Buy Link or Shortcode: {j2store}606|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Software selection needs to provide satisfaction. Across the board, satisfaction is easy to achieve in the short term, but long-term satisfaction is much harder to attain. It’s not clear what leads to long-term satisfaction, and it’s even more difficult to determine which software continuously delivers on key satisfaction drivers to support the business.

    Our Advice

    Critical Insight

    • Software satisfaction drops over time. After the initial purchase, the novelty factor of new software begins to wane, and only long-term satisfaction drivers sustain satisfaction after five years.
    • Surface-level satisfaction has immediate effects, but it only provides satisfaction in the short term. Deep satisfaction has a lasting impact that can shape organizational satisfaction and productivity in meaningful ways.
    • Empower IT decision makers with knowledge about what drives satisfaction in the top five and bottom five software vendors in spotlighted categories.

    Impact and Result

    • Reorient discussion around how software is implemented around satisfaction rather than what’s in fashion.
    • Identify software satisfaction drivers that provide deep satisfaction to get the most out of software over the long term.
    • Appreciate the best from the rest and learn which software categories and brands buck the trend of declining satisfaction.

    Select Software With the Right Satisfaction Drivers in Mind Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand what drives user satisfaction

    Gain insight on the various factors that influence software satisfaction.

    • Select Software With the Right Satisfaction Drivers in Mind Storyboard

    2. Learn what provides deep satisfaction

    Reduce the size of your RFPs or skip them entirely to limit time spent watching vendor dog and pony shows.

    3. Appreciate what separates the best from the rest

    Narrow the field to four contenders prior to in-depth comparison and engage in accelerated enterprise architecture oversight.

    [infographic]

    Next-Generation InfraOps

    • Buy Link or Shortcode: {j2store}457|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
    • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist.

    Our Advice

    Critical Insight

    • By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    Impact and Result

    • Understand the xOps spectrum and what approaches benefit your organization.
    • Make sense of the architectural approaches and enablement tools available to you.
    • Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Next-Generation InfraOps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Next-Generation InfraOps Storyboard – A deck that will help you use Ops methodologies to build a virtuous cycle.

    This storyboard will help you understand the spectrum of different Agile xOps working modes and how best to leverage them and build an architecture and toolset that support rapid continuous IT operations

    • Next-Generation InfraOps Storyboard
    [infographic]

    Further reading

    Next-Generation InfraOps

    Embrace the spectrum of Ops methodologies to build a virtuous cycle.

    Executive summary

    Your Challenge

    IT Operations continue to be challenged by increasing needs for scale and speed, often in the face of constrained resources and time. For most, Agile methodologies have become a foundational part of tackling this problem. Since then, we've seen Agile evolve into DevOps, which started a trend into different categories of "xOps" that are too many to count. How does one make sense of the xOps spectrum? What is InfraOps and where does it fit in?

    Common Obstacles

    Ultimately, all these methodologies and approaches are there to serve the same purpose: increase effectiveness through automation and improve governance through visibility. The key is to understand what tools and methodologies will deliver actual benefits to your IT operation and to the organization as a whole.

    Info-Tech's Approach

    By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    1. Understand the xOps spectrum and what approaches will benefit your organization.
    2. Make sense of the architectural approaches and enablement tools available to you.
    3. Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Info-Tech Insight

    InfraOps, when applied well, should be the embodiment of the governance policies as expressed by standards in architecture and automation.

    Project overview

    Understand the xOps spectrum

    There are as many different types of "xOps" as there are business models and IT teams. To pick the approaches that deliver the best value to your organization and that align to your way of operating, it's important to understand the different major categories in the spectrum and how they do or don't apply to your IT approach.

    How to optimize the Ops in DevOps

    InfraOps is one of the major methodologies to address a key problem in IT at cloud scale: eliminating friction and error from your deliveries and outputs. The good news is there are architectures, tools, and frameworks you can easily leverage to make adopting this approach easier.

    Evolve to integration and build a virtuous cycle

    Ultimately your DevOps and InfraOps approaches should embody your governance needs via architecture and process. As time goes on, however, both your IT footprint and your business environment will shift. Build your tools, telemetry, and governance to anticipate and adapt to change and build a virtuous cycle between development needs and IT Operations tools and governance.

    The xOps spectrum

    This is an image of the xOps spectrum. The three main parts are: Code Acceleration (left), Governance(middle), and Infrastructure Acceleration (right)

    xOps categories

    There is no definitive list of x's in the xOps spectrum. Different organizations and teams will divide and define these in different ways. In many cases, the definitions and domains of various xOps will overlap.

    Some of the commonly adopted and defined xOps models are listed here.

    Shift left? Shift right?

    Cutting through the jargon

    • Shifting left is about focusing on the code and development aspects of a delivery cycle.
    • Shifting right is about remembering that infrastructure and tools still do matter.

    Info-Tech Insight

    Shifting left or right isn't an either/or choice. They're more like opposite sides of the same coin. Like the different xOps approaches, usually more than one shift approach will apply to your IT Operations.

    IT Operations in the left-right spectrum

    Shifting from executing and deploying to defining the guardrails and standards

    This is an image of the left-right spectrum for your XOps position

    Take a middle-out approach

    InfraOps and DevOps aren't enemies; they're opposite sides of the same coin.

    • InfraOps is about the automation and standardization of execution. It's an essential element in any fully automated CI/CD pipeline.
    • Like DevOps, InfraOps is built on similar values (the pillars of DevOps).
    • It builds on the principle of Lean to focus on removing friction, or turn-and-type activities, from the pipeline/process.
    • In InfraOps, one of the key methods for removing friction is through automation of the interstitia between different phases of a DevOps or CI/CD cycle.

    Optimize the Ops in DevOps

    Focus on eliminating friction

    This is an image of an approach to optimizing the ops in DevOps.

    With the shift from execution to governing and validating, the role of deployment falls downstream of IT Operations.

    IT Operations needs to move to a mindset that focuses on creating the guardrails, enforced standards, and compliance rules that need to be used downstream, then apply those standards using automation and tooling to remove friction and error from the interstitia (the white spaces between chevrons) of the various phases.

    InfraOps tools

    Four quadrants in the shape of a human head, in the boxes are the following: Hyperconverged Infrastructure; Composable Infrastructure; Infrastructure as code and; Automation and Orchestration

    Info-Tech Insight

    Your tools can be broken into two categories:

    • Infrastructure Architecture
      • HCI vs. CI
    • Automation Tooling
      • IaC and A&O

    Keep in mind that while your infrastructure architecture is usually an either/or choice, your automation approach should use any and all tooling that helps.

    Infrastructure approach

    • Hyperconverged

    • Composable

    Hyperconverged Infrastructure (HCI)

    Hyperconvergence is the next phase of convergence, virtualizing servers, networks, and storage on a single server/storage appliance. Capacity scales as more appliances are added to a cluster or stack.
    The disruptive departure:

    • Even though servers, networks, and storage were each on their own convergence paths, the three remained separate management domains (or silos). Even single-SKU converged infrastructures like VCE Vblocks are still composed of distinct server, network, and storage devices.
    • In hyperconvergence, the silos collapse into single-software managed devices. This has been disruptive for both the vendors of technology solutions (especially storage) and for infrastructure management.
    • Large storage array vendors are challenged by hyperconvergence alternatives. IT departments need to adapt IT skills and roles away from individual management silos and to more holistic service management.

    A comparison between converged and hyperconverged systems.

    Info-Tech Insight

    HCI follows convergence trends of the past ten years but is also a departure from how IT infrastructure has traditionally been provisioned and managed.

    HCI is at the same time a logical progression of infrastructure convergence and a disruptive departure.

    Hyperconverged (HCI) – SWOT

    HCI can be the foundation block for a fully software defined data center, a prerequisite for private cloud.

    Strengths

    • Potentially lower TCO through further infrastructure consolidation, reducing CapEx and OpEx expenditures through facilities optimization and cost consolidation.
    • Operations in particular can be streamlined, since storage, network connections, and processors/memory are all managed as abstractions via a single control pane.
    • HCI comes with built-in automation and analytics that lead to quicker issue resolution.

    Opportunities

    • Increased business agility by paving the way for a fully software defined infrastructure stack and cloud automation.
    • Shift IT human assets from hardware asset maintainers and controllers to service delivery managers.
    • Better able to compete with external IT service alternatives.
    • Move toward a hybrid cloud service offering where the service catalog contains both internal and external offerings.

    Key attributes of a cloud are automation, resource elasticity, and self-service. This kind of agility is impossible if physical infrastructure needs intervention.

    Info-Tech Insight

    Virtualization alone does not a private cloud make, but complete stack virtualization (software defined) running on a hands-off preconfigured HCI appliance (or group of appliances) provides a solid foundation for building cloud services.

    Hyperconverged (HCI) – SWOT

    Silo-busting and private cloud sound great, but are your people and processes able to manage the change?

    Weaknesses

    • HCI typically scales out linearly (CPU & storage). This does not suit traditional scale-up applications such as high-performance databases and large-capacity data warehouses.
    • Infrastructure stacks are perceived as more flexible for variable growth across segments. For example, if storage is growing but processing is not, storage can scale separately from processing.

    Threats

    • HCI will be disruptive to roles within IT. Internal pushback is a real threat if necessary changes in skills and roles are not addressed.
    • HCI is not a simple component replacement but an adoption of a different kind of infrastructure. Different places in the lifecycles for each of storage, network, and processing devices could make HCI a solution where there is no immediate problem.

    In traditional infrastructure, performance and capacity are managed as distinct though complementary jobs. An all-in-one approach may not work.

    Composable Infrastructure (CI)

    • Composable infrastructure in many ways represents the opposite of an HCI approach. Its focus is on further disaggregating resources and components used to build systems.
      • Unlike traditional cloud virtual systems, composable infrastructure provides virtual bare metal resources, allowing tightly coupled resources like CPU, RAM, and GPU – or any device/card/module – to be released back and forth into the resource pool as required by a given workload.
      • This is enabled by the use of high-speed, low-latency PCI Express (PCI-e) and Compute Express Link (CXL) fabrics that allow these resources to be decoupled.
      • It also supports the ability to present other fabric types critical for building out enterprise systems (e.g. Ethernet, InfiniBand).
    • Accordingly, CI systems are also based on next-generation network architecture that supports moving critical functions to the network layer, which enables more efficient use of the application-layer resources.

    Composable Infrastructure (CI)

    • CI may also leverage network-resident data/infrastructure processing units (DPUs/IPUs), which offload many network, security, and storage functions.
      • As new devices and functions become available, they can be added into the catalog of resources/functions available in a CI pool.

    Use Case Example: Composable AI flow

    Data Ingestion > Data Cleaning/Tagging > Training > Conclusion

    • At each phase of the process, resources, including specialized hardware like memory and GPU cores, can be dynamically allocated and reallocated to the workload on demand

    Composable Infrastructure (CI)

    Use cases and considerations

    Where it's useful

    • Enable even more efficient allocation/utilization of resources for workloads.
    • Very large memory or shared memory requirements can benefit greatly.
    • Decouple purchasing decisions for underlying resources.
    • Leverage the fabric to make it easier to incrementally upgrade underlying resources as required.
    • Build "the Impossible Server."

    Considerations

    • Requires significant footprint/scale to justify in many cases
    • Not necessarily good value for environments that aren't very volatile and heterogeneous in terms of deployment requirements
    • May not be best value for environments where resource-stranding is not a significant issue

    Info-Tech Insight

    Many organizations using a traditional approach report resource stranding as having an impact of 20% or more on efficiency. When focusing specifically on the stranding of memory in workloads, the number can often approach 40%.

    The CI ecosystem

    This is an image of the CI ecosystem.

    • The CI ecosystem has many players, large and small!
    • Note that the CI ecosystem is dependent on a large ecosystem of underlying enablers and component builders to support the required technologies.

    Understanding the differences

    This image shows the similarities and differences between traditional, cloud, hyperconverged, and composable.

    Automation approach

    • Infrastructure as Code
    • Automation & Orchestration
    • Metaorchestration

    Infrastructure as Code (IaC)

    Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

    Before IaC, IT personnel would have to manually change configurations to manage their infrastructure. Maybe they would use throwaway scripts to automate some tasks, but that was the extent of it.

    With IaC, your infrastructure's configuration takes the form of a code file, making it easy to edit, copy, and distribute.

    Info-Tech Insight
    IaC is a critical tool in enabling key benefits!

    • Reduced costs
    • Increased scalability, flexibility, and speed
    • Better consistency and version control
    • Reduced deployment errors

    Infrastructure as Code (IaC)

    1. IaC uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This eliminates the need to manually provision and manage servers, OS, database connections, storage, and other elements every time we want to develop, test, or deploy an application.
    2. IaC allows us to define the computer systems on which code needs to run. Most commonly, we use a framework like Chef, Ansible, Puppet, etc., to define their infrastructure. These automation and orchestration tools focus on the provisioning and configuring of base compute infrastructure.
    3. IaC is also an essential DevOps practice. It enables teams to rapidly create and version infrastructure in the same way they version source code and to track these versions so as to avoid inconsistency among IT environments that can lead to serious issues during deployment.
    • Idempotence is a principle of IaC. This means a deployment command always sets the target environment into the same configuration, regardless of the environment's starting state.
      • Idempotency is achieved by either automatically configuring an existing target or discarding the existing target and recreating a fresh environment.

    Automation/Orchestration

    Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services.

    This usage of orchestration is often discussed in the context of service-oriented architecture, virtualization, provisioning, converged infrastructure, and dynamic data center topics. Orchestration in this sense is about aligning the business request with the applications, data, and infrastructure.

    It defines the policies and service levels through automated workflows,
    provisioning, and change management. This creates an application-aligned infrastructure that can be scaled up or down based on the needs of each application.

    As the requirement for more resources or a new application is triggered, automated tools now can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.

    Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration reduces the time and effort for deploying multiple instances of a single application.

    Info-Tech Insight

    Automation and orchestration tools can be key components of an effective governance toolkit too! Remember to understand what data can be pulled from your various tools and leveraged for other purposes such as cost management and portfolio roadmapping.

    Automation/Orchestration

    There are a wide variety of orchestration and automation tools and technologies.

    Configuration Management

    Configuration Management

    The logos for companies which fall in each of the categories in the column to the left of the image.

    CI/CD
    Orchestration

    Container
    Orchestration

    Cloud-Specific
    Orchestration

    PaaS
    Orchestration

    Info-Tech Insight

    Automation and orchestration tools and software offerings are plentiful, and many of them have a different focus on where in the application delivery ecosystem they provide automation functionality.

    Often there are different tools for different deployment and service models as well as for different functional phases for each service model.

    Automation/Orchestration

    Every tool focuses on different aspects or functions of the deployment of resources and applications.

    • Resources
      • Compute
      • Storage
      • Network
    • Extended Services
      • Platforms
      • Infrastructure Services
      • Web Services
    • Application Assets
      • Images
      • Templates
      • Containers
      • Code

    Info-Tech Insight

    Let the large ecosystem of tools be your ally. Leverage the right tools where needed and then address the complexity of tools using a master orchestration scheme.

    Metaorchestration

    A Flow chart for the approach to metaorchestration.

    Additionally, most tools do not cover all aspects required for most automation implementations, especially in hybrid cloud scenarios.

    As such, often multiple tools must be deployed, which can lead to fragmentation and loss of unified controls.

    Many enterprises address this fragmentation using a cloud management platform approach.

    One method of achieving this is to establish a higher layer of orchestration – an "orchestrator of orchestrators," or metaorchestration.

    In complex scenarios, this can be a challenge that requires customization and development.

    InfraOps tools ecosystem

    Toolkit Pros Cons Tips
    HCI Easy scale out Shift in skills required Good for enabling automation and hybridization with current-gen public cloud services
    CI Maximal workload resource efficiency Investment in new fabrics and technologies Useful for very dynamic or highly scalable workloads like AI
    IaC Error reduction and standardization Managing drift in standards and requirements Leverage a standards and exception process to keep track of drift
    A&O Key enabler of DevOps automation within phases Usually requires multiple toolsets/frameworks Use the right tools and stitch together at the metaorchestration layer
    Metaorchestration Reduces the complexity of a diverse A&O and IaC toolkit Requires understanding of the entire ecosystems of tools used Key layer of visibility and control for governance

    Build a virtuous cycle

    Remember, the goal is to increase speed AND reliability. That's why we focus on removing friction from our delivery pipelines.

    • The first step is to identify the points of friction in your cycle and understand the intensity and frequency of these friction points.
    • Depending on your delivery and project management methodology, you'll have a different posture of the different tools that make sense for your pipeline.
    • For example, if you are focused on delivering raw resources for sysadmins and/or you're in a Waterfall methodology where the friction points are large but infrequent, hyperconverged is likely to delivery good value, whereas tools like IaC and orchestration may not be as necessary.

    Info-Tech Insight

    Remember that, especially in modern and rapid methodologies, your IT footprint can drift unexpectedly. This means you need a real feedback mechanism on where the friction moves to next.

    This is particularly important in more Agile methodologies.

    Activity: Map your IT operations delivery

    Identify your high-friction interstitial points

    • Using the table below, or a table modified to your delivery phases, map out the activities and tasks that are not standardized and automated.
    • For the incoming and outgoing sections, think about what resources and activities need to be (or could be) created, destroyed, or repurposed to efficiently manage each cycle and the spaces between cycles.
    Plan Code Test Deploy Monitor
    Incoming Friction
    In-Cycle Friction
    Outgoing Friction

    Info-Tech Insight

    Map your ops groups to the delivery cycles in your pipeline. How many delivery cycles do you have or need?

    Good InfraOps is a reflection of governance policies, expressed by standards in architecture and automation.

    Related Info-Tech Research

    Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap

    • This Info-Tech note covers evaluation of HCI platforms.

    Design Your Cloud Operations

    • This Info-Tech blueprint covers organization of operations teams for various deployment and Agile modes.

    Bibliography

    Banks, Ethan, host. "Choosing Your Next Infrastructure." Datanauts, episode 094, Packet Pushers, 26 July 2017. Podcast.
    "Composable Infrastructure Solutions." Hewlett Packard Canada, n.d. Web.
    "Composable Infrastructure Technology." Liqid Inc., n.d. Web.
    "DataOps architecture design." Azure Architecture Center, Microsoft Learn, n.d. Web.
    Tan, Pei Send. "Differences: DevOps, ITOps, MLOps, DataOps, ModelOps, AIOps, SecOps, DevSecOps." Medium, 5 July 2021. Web.

    Equip Managers to Effectively Manage Virtual Teams

    • Buy Link or Shortcode: {j2store}600|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $20,240 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Virtual team members must rely upon collaboration technology to communicate and collaborate.
    • Management practices and approaches that work face to face do not always translate effectively in virtual contexts.
    • Managers cannot rely upon spontaneous social interactions that happen organically when people are colocated to build meaningful and trusting relationships. Space and time need to be created in a virtual environment for this to happen.
    • Observing an employee’s performance or development can be more difficult, and relying on others’ feedback becomes more critical for managing performance and development.

    Our Advice

    Critical Insight

    • Managing virtual teams does not require developing new manager competencies. Instead, managers need to “dial up” competencies they already have and adjust their approaches.
    • Setting clear expectations with virtual teams creates the foundation needed to manage them effectively.
    • Virtual employees crave more meaningful interactions about performance and development with their managers.

    Impact and Result

    • Create a solid foundation for managing virtual teams by setting clear expectations and taking a more planful approach to managing performance and employee development.
    • Dial up key management competencies that you already have. Managers do not need to develop new competencies; they just need to adjust and refocus their approaches.

    Equip Managers to Effectively Manage Virtual Teams Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Equip managers to effectively manage virtual teams

    Equip managers to become more effective with managing remote teams.

    The workbook serves as a reference guide participants will use to support formal training.

    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Workbook: Equip Managers to Effectively Manage Virtual Teams
    • Standard Participant Training Session Evaluation Template

    2. Additional Resources

    Many organizations are developing plans to allow employees more flexible work options, including remote work. Use these resources to help managers and employees make the most of remote work arrangements.

    • Work-From-Home Tips for Managers
    • Work-From-Home Tips for Employees
    • Health & Safety at Home Infographic
    • Wellness and Working From Home
    • Ergonomic Workspaces Infographic
    [infographic]

    Further reading

    Equip Managers to Effectively Manage Virtual Teams

    Learning objectives

    Describe the benefits of virtual teams.

    Create a plan for adopting effective management practices and setting clear expectations with virtual teams.

    Identify potential solutions to the challenges of managing performance and developing members of virtual teams.

    Create an action plan to increase effectiveness in managing virtual teams.

    Target audience

    People managers who manage or plan to manage virtual teams.

    Training length

    Two three-hour sessions

    Training material

    • Use the speaker’s notes in the notes pane section of each slide to plan and practice the training session.
    • Activity slides are scattered throughout this training deck and are clearly numbered in the slide title.
    • Notes in italics are written to the facilitator and are not meant to be read aloud.
    • Download the Workbook for participants to use.

    Suggested materials for activities:

    • Index cards or sticky notes
    • Markers
    • Whiteboard/large table space/flip chart

    Agenda & activities

    Section 1

    Section 2

    10 min

    Welcome: Overview & Introductions

    • Introductions
    10 min

    Welcome: Overview & Introductions

    • Session 1 Review
    • Session 2 Overview
    50 min

    1.1 Introduction to virtual teams

    • What kind of virtual team do you lead?
    • Virtual team benefits and challenges
    55 min

    2.1 Managing wellbeing in a virtual team context

    • Share current practices and challenges regarding wellbeing in virtual teams
    • Identify and discuss proposed solutions
    • Develop draft action plan for managing wellbeing in a virtual team context
    5 min

    Break

    5 min Break
    45 min

    1.2 Laying the foundation for a virtual team

    • Identify behaviors to better inform, interact with, and involve team members
    60 min

    2.2 Managing performance in a virtual team context

    • Share current performance management practices for virtual teams
    • Identify challenges of current practices and propose solutions
    • Develop draft action plan for managing performance in a virtual team context
    10 min

    Break

    10 min Break
    55 min

    1.2 Laying the foundation for a virtual team

    • Identify and share ways you prefer to communicate for different activities
    • Develop draft action plan for laying the foundation for a virtual team
    40 min

    Action planning & conclusion

    • Refine consolidated action plan (three parts) and commit to implementing it
    • Key takeaways
    5 min

    Session 1 Wrap-Up

    Recommended Customization

    Review all slides and adjust the language or content as needed to suit your organizational context and culture.

    The pencil icon to the left denotes slides requiring customization of the slide and/or the speaker’s notes, e.g. adding in an organization-specific process.

    Customization instructions are found in the notes pane.

    Tips

    • Adjust the speaker’s notes on the slides before (or after) any slides you modify or delete to ensure logical transitions between slides.
    • Update the agenda to reflect new timings if major modifications are made.
    • Even seasoned leaders need to be reminded of the basics now and again. Rather than delete more basic slides, cut back on the amount of time spent covering them and frame the content as a refresher.
    • Participant Workbooks
    • Relevant organization-specific documents (see side panel)
    • Training Session Feedback Form

    Required Information

    • Communication guidelines for managers (e.g. cadence of manager interactions)
    • Performance management process and guidelines
    • Employee development guidelines
    • List of available resources (e.g. social collaboration tools)

    Effectively Manage Virtual Teams

    Section 1.1

    Practical foundations for managing teams in a remote environment

    Feasibility of virtual IT teams

    Most organizations are planning some combination of remote and onsite work in 2022.

    This is an image of a bar graph demonstrating the percentage of companies who have the following plans for return to work: Full work-from-home (All employees WFH permanently) - 4% ; No work-from-home permitted	9% ; Partial work-from-home team (Eligible employees can WFH for a certain portion of their work week)	23% ; Balanced work-from-home team (All employees can WFH for a certain portion of their work week)	28% ; Hybrid work-from-home team (Eligible employees WFH on a full-time basis)	37%

    Source: IT Talent Trends, 2022; n=199

    Speaker’s Notes:

    Most organizations are planning some combination of remote and onsite work in 2022 – the highest reported plans for WFH were hybrid, balanced, and partial work-from-home. This builds on our findings in the IT Talent Trends 2022 report.

    Feasibility of virtual IT teams

    What percentage of roles in IT are capable of being performed remotely permanently?

    Approximately what percentage of roles in IT are capable of being performed remotely permanently?

    0% to less than 10%: 3%; 10% to less than 25%: 5%; 25% to less than 50%: 12%; 50% to less than 75%: 30%; 75% to 100%L 50%.

    IT Talent Trends, 2022; n=207

    Speaker’s Notes:

    80% of respondents estimated that 50 to 100% of IT roles can be performed remotely.

    Virtual teams take all kinds of forms

    A virtual team is any team that has members that are not colocated and relies on technology for communications.

    This image depicts the three levels of virtual teams, Municipal; National; Global.

    Speaker’s Notes:

    Before we start, it will be useful to review what we mean by the term “virtual team.” For our purposes we will be defining a virtual team as any team that has members that are not colocated and relies on technology for communications.

    There are a wide variety of virtual work arrangements and a variety of terms used to describe them. For example, some common terms include:

    • “Flexible work arrangements”: Employees have the option to work where they see fit (within certain constraints). They may choose to work from the office, home, a shared office space, the road, etc.
    • “Remote work,” “work from home,” and “telecommuting”: These are just various ways of describing how or where people are working virtually. They all share the idea that these kinds of employees are not colocated.
    • “Multi-office team”: the team members all work in office environments, but they may not always be in the same office as their team members or manager.

    Our definition of virtual work covers all of these terms. It is also distance neutral, meaning that it applies equally to teams that are dispersed globally or regionally or even those working in the same cities but dispersed throughout different buildings. Our definition also applies whether virtual employees work full time or part time.

    The challenges facing managers arise as soon as some team members are not colocated and have to rely on technology to communicate and coordinate work. Greater distances between employees can complicate challenges (e.g. time zone coordination), but the core challenges of managing virtual teams are the same whether those workers are merely located in different buildings in the same city or in different buildings on different continents.

    1.1 What kind of virtual team do you lead?

    15 Minutes

    Working on your own, take five minutes to figure out what kind of virtual team you lead.

    1. How many people on your team work virtually (all, most, or a small percentage)?
    2. How often and how regularly do they tend to work virtually (full time, part time regularly, or part time as needed)?
    3. What kinds of virtual work arrangements are there on your team (multi-site, work from home, mobile employees)?
    4. Where do your workers tend to be physically located (different offices but in the same city/region or globally dispersed)?
    5. Record this information in your workbook.
    6. Discuss as a group.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Size of virtual team
    • Current remote work practices

    Output

    • Documented list of current state of remote work

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Advantages

    Benefits to the organization

    Benefits to employees

    Operational continuity in disaster situations that prevent employees from coming into the office.

    Cost savings: Employees who WFH half the time can save $2,500 to $4,000 per year (Global Workplace Analytics, 2021).

    Cost savings: Organizations save ~$11,000 annually per employee working from home half the time (Global Workplace Analytics, 2021).

    Time savings: Employees who WFH half the time save on average 11 workdays per year (Global Workplace Analytics, 2021).

    Increased attraction: 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2021).

    Improved wellbeing:

    83% employees agree that WFH would make them happier.

    80% agree that WFH would decrease their stress.

    81% agree that WFH would improve their ability to manage their work-life balance.

    (Owl Labs, 2021)

    Increased retention: 74% of employees would be less likely to leave their employer if they could WFH (Owl Labs, 2021).

    Increased flexibility: 32% of employees rated the “ability to have a flexible schedule” as the biggest benefit of WFH (OWL Labs, 2021).

    Increased productivity: 50% of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).

    Increased engagement: Offsite employees tend to have higher overall engagement than onsite employees (McLean & Company Engagement Survey, 2020).

    Speaker’s Notes:

    Remote work arrangements are becoming more and more common, and for good reason: there are a lot of benefits to the organization – and to employees.

    #1: Save Money

    Perhaps one of the most common reasons for opting for remote-work arrangements is the potential cost savings. One study found that organizations could save about $11,000 per employee working from home half the time (Global Workplace Analytics, 2021).

    #2 Increased Attraction

    In addition, supporting remote-work arrangements can attract employees. One study found that 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2019).

    #3 Improve productivity.

    There are also improvements to productivity. Fifty percent of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).

    Remote work also has benefits to employees.

    #1: Save Money

    As with organizations, employees also benefit financially from remote work arrangements, saving between $2,500 and $4,000 and on average 11 working days while working from home half of the time.

    #2: Improved Wellbeing

    Most employees agree that working from home makes them happier, reduces stress, and provides an improved work-life balance through increased flexibility.

    Challenges

    Organizations

    • Concerns that WFH may stifle innovation (Scientific American, 2021), likely due to the potential lack of collaboration and knowledge sharing.
    • Fewer organic opportunities for informal interaction between employees working from home means active efforts are required to foster organizational culture.

    Leaders

    • 42% of managers believe that monitoring the productivity of their direct reports is a top challenge of WFH (Ultimate Software, 2019).
    • The lack of in-person supervision compounded with a lack of trust in employees leads many leaders to believe that WFH will result in a drop in productivity.

    Employees

    • 20% of employees report collaboration/communication as their top struggle with WFH (Owl Labs, 2021).
    • Employees often experience burnout from working longer hours due to the lack of commute, blurring of work and home life, and the perceived need to prove their productivity.

    Many of these barriers can be addressed by changing traditional mindsets and finding alternative ways of working, but the traditional approach to work is so entrenched that it has been hard to make the shift.

    Speaker’s Notes:

    Many organizations are still grappling with the challenges of remote work. Some are just perceived challenges, while others are quite real.

    Limited innovation and a lack of informal interaction are a potential consequence of failing to properly adapt to the remote-work environment.

    Leaders also face challenges with remote work. Losing in-person supervision has led to the lack of trust and a perceived drop in productivity.

    A study conducted 2021 asked remote workers to identify their biggest struggle with working remotely. The top three struggles remote workers report facing are unplugging after work, loneliness, and collaborating and/or communicating.

    Seeing the struggles remote workers identify is a good reminder that these employees have a unique set of challenges. They need their managers to help them set boundaries around their work; create feelings of connectedness to the organization, culture, and team; and be expert communicators.

    1.2 Virtual teams: benefits and challenges

    20 Minutes

    1. Discuss and list:
      1. Any positives you’ve experienced since managing virtual employees.
      2. Any challenges you’ve had to manage connected to managing virtual employees.
    2. Record information in the workbook.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Personal experiences managing remote teams

    Output

    • List of benefits and challenges of remote work

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 1.2

    Laying the foundations for a virtual team

    The 3i’s: Inform, interact, and involve your way to effective management:

    Inform

    Interact Involve

    ↓ Down

    Connect

    ↑ Up

    Tell employees the whys

    Get to know employees

    Solicit input from employees

    Speaker’s Notes:

    Effectively managing a virtual team really comes down to adopting management approaches that will engage virtual employees.

    Managing a virtual team does not actually require a new management style. The basics of effective management are the same in both colocated and virtual teams; however, the emphasis on certain behaviors and actions we take often differs. Managing a virtual team requires much more thoughtfulness and planning in our everyday interactions with our teams as we cannot rely on the relative ease of face-to-face interactions available to colocated teams.

    The 3i’s Engaging Management Model is useful when interacting with all employees and provides a handy framework for more planful interactions with virtual employees.

    Think of your management responsibilities in these three buckets – they are the most important components of being an effective manager. We’re first going to look at inform and involve before moving on to interact.

    Inform: Relay information down from senior management and leaders to employees. Communicate the rationale behind decisions and priorities, and always explain how they will directly affect employees.

    Why is this important? According to McLean & Company’s Engagement Survey data, employees who say their managers keep them well informed about decisions that affect them are 3.4 times more likely to be engaged (Source: McLean & Company, 2020; N=77,363). Your first reaction to this might be “I already do this,” which may very well be the case. Keep in mind, though, we sometimes tend to communicate on a “need-to-know basis,” especially when we are stressed or short on time. Engaging employees takes more. Always focus on explaining the “why?” or the rationale behind business decisions.

    It might seem like this domain should be the least affected, since important company announcements probably continue in a remote environment. But remember that information like that also flows informally. And even in formal settings, there are question-and-answer opportunities. Or maybe your employee might come to your office to ask for more details. Virtual team members can’t gather around the watercooler. They don’t have the same opportunities to hear information in passing as people who are colocated do, so managers need to make a concerted effort to share information with virtual team members in a clear and timely way.

    Swinging over to the other end, we have involve: Involve your employees. Solicit information and feedback from employees and collaborate with them.

    However, it’s not enough to just solicit their feedback and input; you also need to act on it.

    Make sure you involve your employees in a meaningful way. Such collaboration makes employees feel like a valued part of the team. Not to mention that they often have information and perspectives that can help make your decisions stronger!

    Employees who say their department leaders act on feedback from them are 3.9 times more likely to be engaged than those whose leaders don’t. (Source: McLean & Company, 2020; N=59,779). That is a huge difference!

    Keeping virtual employees engaged and feeling connected and committed to the organization requires planful and regular application of the 3i’s model.

    Finally, Interact: Connect with employees on a personal level; get to know them and understand who they are on a personal and professional level.

    Why? Well, over and above the fact that it can be rewarding for you to build stronger relationships with your team, our data shows that human connection makes a significant difference with employees. Employees who believe their managers care about them as a person are 3.8 times more likely to be engaged than those who do not (Source: McLean & Company, 2017; N=70,927).

    And you might find that in a remote environment, this is the area that suffers the most, since a lot of these interactions tend to be unscripted, unscheduled, and face to face.

    Typically, if we weren’t in the midst of a pandemic, we’d emphasize the importance of allocating some budget to travel and get some face-to-face time with your staff. Meeting and interacting with team members face to face is crucial to building trusting relationships, and ultimately, an effective team, so given the context of our current circumstances, we recommend the use of video when interacting with your employees who are remote.

    Relay information down from senior management to employees.

    Ensure they’ve seen and understand any organization-wide communication.

    Share any updates in a timely manner.

    Connect with employees on a personal level.
    Ask how they’re doing with the new work arrangement.
    Express empathy for challenges (sick family member, COVID-19 diagnosis, etc.).
    Ask how you can support them.
    Schedule informal virtual coffee breaks a couple of times a week and talk about non-work topics.

    Get information from employees and collaborate with them.
    Invite their input (e.g. have a “winning remotely” brainstorming session).
    Escalate any challenges you can’t address to your VP.
    Give them as much autonomy over their work as possible – don’t micromanage.

    1.3 Identify behaviors to inform, interact with, and involve team members

    20 Minutes

    Individually:

    1. Identify one behavior for each of Inform, Interact, and Involve to improve.
    2. Record information in the workbook.

    As a group:

    1. Discuss behaviors to improve for each of Inform, Interact, and Involve and record new ideas to incorporate into your leadership practice.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • 3i's Model
    • Current leadership behaviors to improve

    Output

    • List of behaviors to better inform, interact, and involve team members

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Laying the foundation: Set clear expectations

    Tasks

    • What are the daily and weekly team activities? How do they affect one another?

    Goals

    • Clarify any adjustments to strategy based on the situation; clarify metrics.

    Communication

    • How often and when will you check in? What should they come to you for? What modalities will you use and when?

    Roadblocks

    • Involve your team in deciding how to handle roadblocks and challenges.

    Speaker’s Notes:

    Clear expectations are important in any environment, remote or not. But it is much harder to do in a remote environment. The barrier to seeking clarification is so much higher (For example, email vs. catching someone in hallway, or you can’t notice that a colleague is struggling without them asking).

    Communication – This is one area where the importance actually changes in a remote context. We’ve been talking about a lot of practices that are the same in importance whether you’re in an office or remote, and maybe you just enact them differently. But clarity around communication processes is actually tremendously more important in a remote environment.

    Adopt a five-step process to set specific and documented expectations

    1. Check in with how your team member is doing on a daily basis. Don’t forget to ask how they are doing personally.
    2. Follow up on previously set expectations. Ask how things are going. Discuss if priorities or expectations have changed and update expectations accordingly.
    3. Ask if they are experiencing any roadblocks and collaborate to find solutions.
    4. Provide feedback and recognition as appropriate.
    5. Document newly set expectations – either through a collaboration tool or through email.

    Speaker’s Notes:

    Suggested best practices: Hold daily team check-ins and hold separate individual check-ins. Increase frequency of these.

    During Check-in
    1. Set up a running Teams chat for your team.
    • This is your community. You must be the biggest cheerleader and keep the team feeling like they are contributing. Make sure everyone is involved.
  • Start each workday with a video scrum to discuss what’s coming today for your team.
    • Ask: What are you planning to work on today? Are there any roadblocks I can help with? Technology working OK?
  • Right after your team meeting, set up an “every morning video call” one-on-one meeting with each team member (5-10 minutes max).
    • Ask: What are you working on today? What will your momentum metrics be? What do you need from me?
  • Set up a separate video call at the end of the afternoon to review what everyone did (5 minutes max).
    • Ask: What went well? What went poorly? How can we improve?
  • After a Check-in
    1. Be accessible:
      • Ensure your team knows the best way to get in touch with you.
      • Email is not ideal for informal, frequent contact – use messaging instead.
    2. Be available:
      • Keep a running conversation going in Teams.
      • Respond in a timely manner; address issues quickly so that your team has what they need to succeed.
      • Let your team know if you’ll be away/offline for longer than an hour during the workday and ask them to do the same (e.g. for an appointment).
      • Help address roadblocks, answer questions, clarify priorities, etc.

    Define communication requirements

    • Set up an ongoing communication with your team.
      • E.g. a running conversation on Slack or Teams
    • Schedule daily virtual meetings and check-ins.
      • This can help to maintain a sense of normalcy and conduct a pulse check on your team.
    • Use video for important conversations.
      • Video chat creates better rapport, shows body language, and lessens feelings of isolation, but it can be taxing.
    • Set expectations about communication.
      • Differentiate between day-to-day communication and updates on the state of events.
    • Clearly communicate the collaboration toolkit.
      • What do we have available? What is the purpose of each?

    Speaker’s Notes:

    With organizational expectations set, we need to establish team expectations around how we collaborate and communicate.

    Today there is no lack of technology available to support our virtual communication. We can use the phone, conference calls, videoconferencing, Skype, instant messaging, [insert organization-specific technological tools.], etc.

    However, it is important to have a common understanding of which tools are most appropriate when and for what.

    What are some of the communication channel techniques you’ve found useful in your informal interactions with employees or that you’ve seen work well between employees?

    [Have participants share any technological tools they find useful and why.]

    Check in with your team on communication requirements

    • Should we share our calendars, hours of availability, and/or IM status?
    • How often should we meet as a team and one on one? Should we institute a time when we should not communicate virtually?
    • Which communication channel should we use in what context? How should we decide which communication method to use?
    • Should I share guidelines for email and meeting etiquette (or any other communication methods)?
    • Should we establish a new team charter?
    • What feedback does the team have regarding how we’ve been communicating?

    Speaker’s Notes:

    Whenever we interact, we make the following kinds of social exchanges. We exchange:

    • Information: Data or opinions
    • Emotions: Feelings and evaluations about the data or opinions
    • Motivations: What we feel like doing in response to data or opinions

    We need to make sure that these exchanges are happening as each team member intends. To do this, we have to be sensitive to what information is being conveyed, what emotions are involved in the interaction, and how we are motivating each other to act through the interaction. Every interaction will have intended and unintended effects on others. No one can pay attention to all of these aspects of communication all the time, but if we develop habits that are conducive to successful exchanges in all three areas, we can become more effective.

    In addition to being mindful of the exchange in our communication, as managers it is critical to build trusting relationships and rapport with employees as we saw in the 3i's model. However, in virtual teams we cannot rely on running into someone in the kitchen or hallway to have an informal conversation. We need to be thoughtful and deliberate in our interactions with employees. We need to find alternative ways to build these relationships with and between employees that are both easy and accepted by ourselves and employees. Because of that, it is important to set communication norms and really understand each other’s preferences. For example:

    • Timing of responses. Set the expectation that emails should be responded to within X hours/days unless otherwise noted in the actual email.
    • When it’s appropriate to send an email vs. using instant messaging.
    • A team charter – the team’s objectives, individual roles and responsibilities, and communication and collaboration guidelines.

    1.4 Identify and share ways you prefer to communicate for different activities

    20 Minutes

    1. Brainstorm and list the different types of exchanges you have with your virtual employees and they have with each other.
    2. List the various communication tools in use on your team.
    3. Assign a preferred communication method for each type of exchange

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current types of exchanges on team
    • Communication methods used

    Output

    • Defined ways to communicate for each communication method

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 2.1
    Balancing wellbeing and performance in a virtual team context

    The pandemic has taken a significant toll on employees’ mental wellbeing

    44% of employees reported declined mental wellbeing since the start of the pandemic.

    • 44% of those who work from home.
    • 34% of those who have other work arrangements (i.e. onsite).
      (Qualtrics, 2020)

    "If one of our colleagues were to fall, break their leg, and get a cast, colleagues would probably rally around that person signing their cast. But, really, we don’t view the health of our brain the same as we do the health of our body."
    – Centre for Addiction and Mental Health (CAMH) Employee

    Speaker’s Notes:

    Despite being over two years into the pandemic, we are still seeing its effect on the physical and mental health of employees.

    The mental health aspect has been often overlooked by organizations, but in order to have a safe, happy, and productive team, you need to give mental health the same level of focus as physical heath. This requires a change in mindset in order for you as a leader to support your team's mental wellbeing during the pandemic and beyond.

    Employees are reporting several key mental wellbeing challenges

    Stress: 67%

    Employees report increasingly high levels of stress from the onset of COVID-19, stating that it has been the most stressful time in their careers.
    (Qualtrics, 2020)

    Anxiety: 57%

    Similarly, employees’ anxiety levels have peaked because of the pandemic and the uncertainty it brings.
    (Qualtrics, 2020)

    Four main themes surrounding stress & anxiety

    • Fear of contracting COVID-19
    • Financial pressures
    • Job security and uncertainty
    • Loneliness caused by social isolation

    Speaker’s Notes:

    The stress and uncertainty about the future caused by the pandemic and its fallout are posing the biggest challenges to employees.

    Organizations shutting down operations, moving to fully remote, or requiring some of their employees to be on site based on the current situation causes a lot of anxiety as employees are not able to plan for what is coming next.

    Adding in the loss of social networks and in-person interactions exacerbates the problem employees are facing. As leaders, it is your job to understand and mitigate these challenges wherever possible.

    Re-examine your workplace barriers to mental wellbeing

    New Barriers

    Old Barriers

    • Childcare/eldercare responsibilities
    • Fear of workplace health risks
    • Work location
    • Lost support networks
    • Changed work schedules
    • Social distancing
    • Workload
    • Fear of stigma
    • Benefits limits
    • Limits to paid time off
    • Lack of manager knowledge

    Key considerations:

    • Work Environment
      • Accessibility of mental wellbeing programs and initiatives
    • Organizational Culture
      • Modeling of wellbeing
      • Paid time off
      • Discussions around mental wellbeing
    • Total Rewards
      • Benefits coverage
      • Employee assistance programs (EAPs)
      • Manager knowledge

    Speaker’s Notes:

    Organizational barriers to mental wellbeing are sadly not new. Workloads, stigma around mental health, lack of sick days, and limits to benefits for mental health supports were challenges before the pandemic. Adding in the new barriers can very easily result in a tipping point for many employees who are simply not equipped to deal with or supported in dealing with the added burden of remote work in a post-pandemic world.

    To provide the needed support to your employees, it’s important to be mindful of the key considerations.

    Holistic employee wellbeing has never been more critical than it is right now

    Employee Wellbeing

    Physical

    The physical body; ensuring a person has the freedom, opportunities, and resources needed to sustainably maintain bodily health.

    Mental

    The psychological ability to cope with information, emotions, desires, and stressors (e.g. change, threats, etc.) in a healthy and balanced way. Essential for day-to-day living and functioning.

    Social

    The state of personal and professional relationships, including personal and community engagement. The capability for genuine, authentic, and mutually affirming interactions with others.

    Financial

    The state of a person’s finances; ensuring that a person feels capable to handle their financial situation and behaviors. The ability to live productively without the weight of financial stress.

    Speaker’s Notes:

    As a manager, you need to be mindful of all of these. Create an atmosphere where people are able to come to you for help if they are struggling in one of these areas. For example, some people might be more comfortable raising physical safety or comfort concerns (personal protective equipment, ergonomics) than concerns about mental health. Or they might feel like their feelings of loneliness are not appropriate to bring into their professional life.

    Wellbeing is a delicate subject, and most of the time, people are reluctant to talk about it. It requires vulnerability. And here’s the thing about it: Your staff will not drive a change in your team around making these topics more acceptable. It has to be the manager. You have to be the one to not just tell but show them that it’s OK to talk about this

    Encourage human-centered workplace behaviors

    Promote empathy as a focus value

    • Listen and show compassion.
    • Allow room for emotions.

    Encourage social connection

    • Leverage networks.
    • Infuse fun where possible.
    • Encourage community and sense of joint purpose.

    Cultivate a growth mindset

    • Encourage mindfulness and resilience.
    • Express gratitude.

    Empower others

    • Ask employees what they need and co-create solutions.
    • Integrate needs of personal and family life with work life.
    • Be clear on accountability.

    Speaker’s Notes:

    As a leader, your focus should be on encouraging the right behaviors on your team and in yourself.
    Show empathy; allowing room for emotion and showing you are willing and able to listen goes a long way to establishing trust.

    A growth mindset applies to resilience too. A person with a growth mindset is more likely to believe that even though they’re struggling now, they will get through it.

    Infuse fun – schedule social check-ins. This is not wasted time, or time off work – it is an integral part of the workday. We have less of it now organically, so you must bring it back deliberately. Remember that theme? We are deliberately reinfusing important organic elements into the workday.

    The last item, empowerment, is interesting – being clear on accountability. Have clear performance expectations. It might sound like telling people what to do would be disempowering, but it’s the opposite. By clarifying the goals of what they need to achieve, you empower them to invent their own “how,” because you and they are both sure they will arrive at the place that you agreed on. We will talk more about this in performance management.

    Emphasize the importance of wellbeing by setting the tone for the team

    Managers must…

    • LEAD BY EXAMPLE
      • Employees look to their managers for cues about how to react in a crisis. If the manager reacts with stress and fear, the team will follow.
    • ENCOURAGE OPEN COMMUNICATION
      • Frequent check-ins and transparent communication are essential during a time of crisis, especially when working remotely.
    • ACKNOWLEDGE THE SITUATION
      • Recognizing the stress that teams may be facing and expressing confidence in them goes a long way.
    • PROMOTE WELLBEING
      • Managers who take care of themselves can better support their teams and encourage them to practice good self-care too.
    • REDUCE STIGMA
      • Reducing stigma around mental health encourages people to come forward with their struggles and get the support they need.

    Speaker’s Notes:

    Emphasize the importance of wellbeing with what you do. If you do not model self-care behavior, people will follow what you do, not what you say.

    Lead by example – Live the behaviors you want to see in your employees. If you show confidence, positivity, and resiliency, it will filter down to your team.

    Encourage open communication – Have regular meetings where your team is able to set the agenda, or allow one-on-ones to be guided by the employee. Make sure these are scheduled and keep them a priority.

    Acknowledge the situation – Pretending things are normal doesn’t help the situation. Talk about the stress that the team is facing and express confidence that you will get through it together.

    Promote wellbeing – Take time off, don’t work when you’re sick, and you will be better able to support your team!

    Reduce stigma – Call it out when you see it and be sure to remind people of and provide access to any supports that the organization has.

    Conduct dedicated conversations around wellbeing

    1. Check in with how each team member is doing frequently and ask how they are doing personally.
    2. Discuss how things are going. Ask: “How is your work situation working out for you so far? Do you feel supported? How are you taking care of yourself in these circumstances?”
    3. Ask if there are any stressors or roadblocks that they have experienced and collaborate to find solutions.
    4. Provide reassurance of your support and confidence in them.
    5. Document the plan for managing stressors and roadblocks – either through a collaboration tool or through email.

    Speaker’s Notes:

    Going back to the idea of a growth mindset – this may be uncomfortable for you as a manager. So here’s a step-by-step guide that over time you can morph into your own style.

    With your team – be prepared to share first and to show it is OK to be vulnerable and address wellbeing seriously.

    1. Make sure you make time for the personal. Ask about their lives and show compassion.
    2. Give opportunities for them to bring up things that might stay hidden otherwise. Ask questions that show you care.
    3. Help identify areas they are struggling with and work with them to move past those areas.
    4. Make sure they feel supported in what they are going through and reassured of their place on the team.
    5. Roll wellbeing into your planning process. This signals to team that you see wellbeing as important, not just a checklist to cover during a team meeting, and are ready to follow through on it.

    Recognize when professional help is needed

    SIGNS OF BURNOUT: Overwhelmed; Frequent personal disclosure; Trouble sleeping and focusing; Frequent time off; Strained relationships; Substance abuse; Poor work performance

    Speaker’s Notes:

    As a leader, it is important to be on the lookout for warning signs of burnout and know when to step in and direct individuals to professional help.

    Poor work performance – They struggle to maintain work performance, even after you’ve worked with them to create coping strategies.

    Overwhelmed – They repeatedly tell you that they feel overwhelmed, very stressed, or physically unwell.

    Frequent personal disclosure – They want to discuss their personal struggles at length on a regular basis.

    Trouble sleeping and focusing – They tell you that they are not sleeping properly and are unable to focus on work.

    Frequent time off – They feel the need to take time off more frequently.

    Strained relationships – They have difficulty communicating effectively with coworkers; relationships are strained.

    Substance abuse – They show signs of substance abuse (e.g. drunk/high while working, social media posts about drinking during the day).

    Keeping an eye out for these signs and being able to step in before they become unmanageable can mean the difference between keeping and losing an employee experiencing burnout.

    Remember: Managers also need support

    • Added burden
    • Lead by example
    • Self-care

    Speaker’s Notes:

    If you’ve got managers under you, be mindful of their unique stressors. Don’t forget to check in with them, too.

    If you are a manager, remember to take care of yourself and check in with your own manager about your own wellbeing.

    2.1 Balance wellbeing and performance in a virtual team context

    30 Minutes

    1. Brainstorm and list current practices and challenges connected to wellbeing on your teams.
    2. Choose one or two wellbeing challenges that are most relevant for your team.
    3. Discuss as a group and identify one solution for each challenge that you can put into action with your own virtual team. Document this under “Action plan to move forward” on the workbook slide “2.1 Balancing wellbeing and performance in a virtual team context.”

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current practices and challenges connected to wellbeing

    Output

    • Action plan for each challenge listed

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 2.2

    Managing performance in a virtual team context

    Virtual employees are craving more meaningful interactions with their managers

    A survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees.

    1. 16% less likely to strongly agree their manager involves them in setting goals at work.
    2. 28% less likely to strongly agree they continually work with their manager to clarify work priorities.
    3. 29% less likely to strongly agree they have reviewed their greatest successes with their manager in the last six months.
    4. 30% less likely to strongly agree they have talked with their manager about progress toward goals in the last six months.

    Speaker’s Notes:

    In many cases, we have put people into virtual roles because they are self-directed and self-motivated workers who can thrive with the kind of autonomy and flexibility that comes with virtual work. As managers, we should expect many of these workers to be proactively interested in how they are performing and in developing their careers.

    It would be a mistake to take a hands-off approach when managing virtual workers. A recent survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees. It was also one of the aspects of their work experience they were least satisfied with overall (Gallup, State of the American Workplace, 2017). Simply put, virtual employees are craving more meaningful conversations with their managers.

    While conversations about performance and development are important for all employees (virtual or non-virtual), managers of remote teams can have a significant positive impact on their virtual employees’ experience and engagement at work by making efforts to improve their involvement and support in these areas.

    During this module we will work together to identify ways that each of us can improve how we manage the performance of our virtual employees. At the end of the module everyone will create an action plan that they can put in place with their own teams. In the next module, we go through a similar set of activities to create an action plan for our interactions with employees about their development.

    Building blocks of performance management

    • Goal Setting

    • Setting Expectations

    • Measuring Progress

    • Feedback & Coaching

    Speaker’s Notes:

    [Include a visualization of your existing performance management process in the slide. Walk the participants through the process to remind them of what is expected. While the managers participating in the training should know this, there may be different understandings of it, or it might just be the case that it’s been a while since people looked at the official process. The intention here is merely to ensure everyone is on the same page for the purposes of the activities that follow.]

    Now that we’ve reviewed performance management at a high level, let’s dive into what is currently happening with the performance management of virtual teams.

    I know that you have some fairly extensive material at your organization around how to manage performance. This is fantastic. And we’re going to focus mainly on how things change in a virtual context.

    When measuring progress, how do you as a manager make sure that you are comfortable not seeing your team physically at their desks? This is the biggest challenge for remote managers.

    2.2 Share current performance management practices for virtual teams

    30 Minutes

    1. Brainstorm and list current high-level performance management practices connected to each building block. Record in your workbook.
    2. Discuss current challenges connected to implementing the building blocks with virtual employees.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current performance management practices
    • Challenges surrounding performance management

    Output

    • Current state of virtual performance management defined

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Communicate the “why”: Cascade organizational goals

    This image depicts the Cascade of Why- organizational goals. Organizational Mission; Organizational Values; Organizational Goals; Department Goals; Team Goals; Individual Goals

    Speaker’s Notes:

    When assisting your employees with their goals, think about the organization’s overall mission and goals to help you determine team and individual goals.

    • Organizational goals: Employee goals should align with organizational goals. Goals may cascade down through the organization.
    • Department or team goals: Create a clear strategy based on high-level goals for the year so employees can link short-term goals to the larger picture.
    • Individual goals: Employees should draw on their individual development plan to help set performance goals.

    Sometimes it’s difficult to get employees thinking about goals and they need assistance from managers. It’s also important to be clear on team goals to help guide employees in setting individual ones.

    The basic idea is to show people how their individual day-to-day work contributes to the overall success of the organization. It gives them a sense of purpose and a rationale, which translates to motivation. And also helps them problem solve with more autonomy.

    You’re giving people a sense of the importance of their own contribution.

    How to set clear expectations for job performance

    Ensure employees have a clear understanding of what’s expected for their role:

    1. Review their metrics so they understand how they’re being evaluated.
    2. Outline daily, weekly, monthly, and quarterly goals.
    3. If needed, help them plan when and how each part of their job should be done and what to prioritize.
    4. Ask them to come to you early if they experience a roadblock so that you can help rather than having them flounder on their own.
    5. Document instances where employees aren’t meeting role or performance expectations.

    Speaker’s Notes:

    Tailor performance goals to address any root causes of poor performance.

    For example:

    • If personal factors are getting in the way, work with the employee (and HR if necessary) to create a strategy to address any impediments to performing in the role.

    Tips for managing performance remotely

    • Reflect on one key question: What needs to happen for my direct reports to continue their work while working remotely?
    • Manage for results – not employee visibility at the office.
    • Use metrics to measure performance. If you don’t have any, define tasks and deliverables as clearly as possible and conduct regular check-ins.
    • Work with the employee to set goals and metrics to measure progress.

    Focus on results: Be flexible about how and when work gets done, as long as team members are hitting their targets.

    • For example, if they have childcare duties from 3 to 5pm during school closures and want to work later in the evening to make up the time, that’s fine – as long as the work gets done.
    • Set clear expectations about which work must be done during normal work hours (e.g. attend team meetings, client calls) and which can be done at other hours.
    • Team members must arrange with you any nonstandard working hours before they start using an altered schedule. It is your responsibility to keep track of hours and any alternate arrangements.
    • Don’t make team members feel constantly monitored (i.e. “Where were you from 10 to 11am?”); trust them until you have reason not to.

    Encourage your team members to unplug: If they’re sending you emails late at night and they haven’t made an alternate work hours agreement with you, encourage them to take time away from work.

    • It’s harder to unplug when working at home, and everyone needs a break to stay productive.

    Avoid micromanagement with holistic performance measures

    Quality

    How well tasks are accomplished

    Behavior

    Related to specific employee actions, skills, or attitudes

    Quantity

    How much work gets done

    Holistic measures demonstrate all the components required for optimal performance. This is the biggest driver in having comfort as a manager of a remote team and avoiding micromanagement. Typically these are set at the organizational level. You may need to adjust for individual roles, etc.

    Speaker's Notes:

    Metrics come in different types. One way to ensure your metrics capture the full picture is to use a mix of different kinds of metrics.

    Some metrics are quantitative: they describe quantifiable or numerical aspects of the goal. This includes timeliness. On the other hand, qualitative metrics have to do with the final outcome or product. And behavioral metrics have to do with employees' actions, skills, or attitudes. Using different kinds of metrics together helps you set holistic measures, which capture all the components of optimal performance toward your goal and prevent gaming the system.

    Let's take an example:

    A courier might have an objective to do a good job delivering packages. An example of a quantitative measure might be that the courier is required to deliver X number of packages per day on time. The accompanying metrics would be the number of packages delivered per day and the ratio of packages delivered on time vs. late.

    Can you see a problem if we use only these quantitative measures to evaluate the courier's performance?

    Wait to see if anyone volunteers an answer. Discuss suggestions.

    That's right, if the courier's only goal is to deliver more packages, they might start to rush, may ruin the packages, and may offer poor customer service. We can help to guard against this by implementing qualitative and behavioral measures as well. For example, a qualitative measure might be that the courier is required to deliver the packages in mint condition. And the metric would be the number of customer complaints about damaged packages or ratings on a satisfaction survey related to package condition.

    For the behavioral aspect, the courier might be required to provide customer-centric service with a positive attitude. The metrics could be ratings on customer satisfaction surveys related to the courier's demeanor or observations by the manager.

    Managing poor performance virtually: Look for key signs

    It’s crucial to acknowledge that an employee might have an “off week” or need time to balance work and life – things that can be addressed with performance management (PM) techniques. Managers should move into the process for performance improvement when:

    1. Performance fluctuates frequently or significantly.
    2. Performance has dropped for an extended period of time.
    3. Expectations are consistently not being met.

    Key signs to look for:

    • PM data/performance-related assessments
    • Continual absences
    • Decreased quality or quantity of output
    • Frequent excuses (e.g. repeated internet outages)
    • Lack of effort or follow-through
    • Missed deadlines
    • Poor communication or lack of responsiveness
    • Failure to improve

    Speaker’s notes:

    • Let’s talk more about identifying low performance.
    • Everybody has off days or weeks. And what if they are new to the role or new to working remotely? Their performance may be low because they need time to adjust. These sort of situations should be managed, but they don’t require moving into the process for performance improvement.
    • When managing employees who are remote or working in a hybrid situation, it is important to be alert to these signs and check in with your employees on a regular basis. Aim to identify and work with employees on addressing performance issues as they arise rather than waiting until it’s too late. Depending on your availability, the needs of the employee, and the complexity of their role, check-ins could occur daily, weekly, and/or monthly. As I mentioned, for remote employees, it’s often better to check-in more frequently but for a shorter period of time.
    • You want to be present in their work life and available to help them manage through roadblocks and stay on track, but try to avoid over-monitoring employees. Micromanaging can impact the manager-employee relationship and lead to the employee feeling that there is a lack of trust. Remember, the employee needs to be responsible for their own performance and improvement.
    • Check-ins should not just be about the work either. Take some time to check in personally. This is particularly important when managing remotely. It enables you to build a personal relationship with the employee and also keeps you aware if there are other personal issues at play that are impacting their work.
    • So, how do you know what does require performance improvement? There are three key things that you should look for that are clear signals that performance improvement is necessary:
      1. Their performance is fluctuating frequently or significantly.
      2. Their performance has dropped for an extended period of time.
      3. Expectations are consistently not being met.
    • What do you think are some key signs to look for that indicate a performance issue is occurring?

    Managing poor performance virtually: Conducting remote performance conversations

    Video calling

    Always use video calls instead of phone calls when possible so that you don’t lose physical cues and body language.

    Meeting invitations

    Adding HR/your leader to a meeting invite about performance may cause undue stress. Think through who needs to participate and whether they need to be included in the invite itself.

    Communication

    Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate the takeaways back to you.

    Focus on behavior

    Don’t assume the intent behind the behavior(s) being discussed. Instead, just focus on the behavior itself.

    Policies

    Be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure none are overlooked.

    Speaker’s notes:

    There are a few best practices you should follow when having performance conversations:

    • First, if you are in a different work environment than your employee, always use video calls instead of phone calls whenever possible so that you don’t miss out on physical cues and body language. If videoconferencing isn’t the norm, encourage them to turn on their video. Be empathic that it can feel awkward but explain the benefits, and you will both have an easier time communicating and understanding each other.
    • As I’ve mentioned, be considerate of the environment they are in. If they are in the office and you are working remotely, be sure to book a private meeting room for them to go to for the conversation. If they are working from home, be sure to check that they are prepared and able to focus on the conversation.
    • Next, carefully consider who you are adding to the meeting invite and whether it’s necessary for them to be there. Adding HR or your leader to a meeting invite may cause undue stress for the employee.
    • Consider the timing of the invite. Don’t send it out weeks in advance. When a performance problem exists, you’ll want to address it as soon as possible. A day or two of notice would be an ideal approach because it gives them a heads up but will not cause them extended stress or worrying.
    • Be considerate about the timing of the meeting and what else they may have scheduled. For example, a Friday afternoon before they are heading off on vacation or right before they are leading an important client call would not be appropriate timing.
    • As we just mentioned clear communication is critical. Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate takeaways back to you.
    • Focus on the behavior and don’t assume their intent. It can be tempting to say, “I know you didn’t mean to miss the deadline,” but you don’t know what they intended. Often people are not aware of the impact their behavior can have on others.
    • Lastly, be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure nothing is overlooked.

    2.3 Identify challenges of current practices and propose solutions

    30 Minutes

    1. Select one or two challenges from the previous activity.
    2. Identify one solution for each challenge that you can put into action with your own virtual team. Document in the workbook.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current performance management practices
    • Challenges surrounding performance management

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Optional Section

    Employee development in a virtual team setting

    There are three main development approaches for both colocated and virtual employees

    Formal Training; Relational Learning; Experimental Learning

    Speaker’s Notes:

    As we have seen, our virtual employees crave more meaningful interactions with their managers. In addition to performance conversations, managers should also be having regular discussions with their employees about their employee development plans. One key component of these discussions is career planning. Whether you are thinking shorter term – how to become better at their current role – or longer term – how to advance beyond their current role – discussions about employee development are a great way to engage employees. Employees are ultimately responsible for creating and executing their own development plans, but managers are responsible for making sure that employees have thought through these plans and helping employees identify opportunities for executing those plans.

    To help us think about our own employee development practices, identify challenges they pose when working with virtual employees, and create solutions to these challenges, it is useful to think about employee development opportunities according to three types:

    1. The first kind of development opportunity is formal training. Formal training is organized and has a clearly defined curriculum and desired outcome. It usually takes the form of a group training session (like this one) or training videos or materials that employees can watch individually and on their own time. These opportunities usually end with a test or assignment that can be used to evaluate the degree to which the participant achieved the desired learning outcomes.
    2. The second kind of development opportunity is relational learning. Perhaps the most common form of this type of learning is coaching or mentoring. By establishing a long-term work relationship, checking in with employees about their daily work and development goals, and sharing their own experiences and knowledge, mentors help employees reflect and draw out learning from everyday, on-the-job development activities. Other examples include a peer support group or communities of practice. In these group settings peers share best practices and work together to overcome challenges.
    3. The third kind of development opportunity is experiential learning. This kind of opportunity provides employees the chance to work on real work problems, and the output of the development work can directly benefit the organization. Most people learn best by doing. On-the-job experiences that are challenging or new can force people to use and develop new skills and knowledge based on what worked effectively and what failed. Examples of experiential learning are on-the-job learning for new hires, stretch assignments, or special projects that take the employee beyond their daily routine and allow them to try new activities and develop competencies that they would not have the chance to develop as part of their regular job.

    According to McLean & Company, organizations should use the “70-20-10” rule as a rough guideline when working with employees to create their development plans: 10% of the plan should be dedicated to formal training opportunities, 20% to relational learning, and 70% to experiential learning. Managers should work with employees to identify their performance and career goals, ensure that their development plans are aligned with these goals, and include an appropriate mixture of all three kinds of development opportunities.

    To help identify challenges and solutions, think about how virtual work arrangements will impact the employee’s ability to leverage each type of opportunity at our organization.

    Here are some examples that can help us start thinking about the kinds of challenges virtual employees on our team face:

    Career Planning

    • One challenge can be identifying a career path that is consistent with working virtually. If switching from a virtual arrangement to an onsite arrangement is not a viable option for an employee, some career paths may not feasibly be open to them (at least as the company is currently organized). For example, if an employee would eventually like to be promoted to a senior leadership role in their business function but all senior leaders are required to work onsite at corporate headquarters, the employee will need to consider whether such a move is possible for them. In some cases employees may be willing to do this, but in others they may not. The important thing is to have these conversations with virtual employees and avoid the assumption that all career paths can be done virtually, since that might not be the case

    Formal Training

    • This is probably the least problematic form of employee development for virtual employees. In many cases this kind of training is scheduled well in advance, so virtual employees may be able to join non-virtual employees in person for some group training. When this is not possible (due to distance, budget, or time zone), many forms of group training can be recorded and watched by virtual employees later. Training videos and training materials can also easily be shared with virtual employees using existing collaboration software.

    Relational Learning

    • One major challenge here is developing a mentoring relationship virtually. As we discussed in the module on performance management, developing relationships virtually can be challenging because people cannot rely upon the kind of informal and spontaneous interactions that occur when people are located in the same office. Mentors and mentees will have to put in more effort and planning to get to know each other and they will have to schedule frequent check-ins so that employees can reflect upon their progress and experience (with the help of their mentors) more often.
    • Time zones and technology may pose potential barriers for certain candidates to be mentors. In some cases, employees that are best qualified to be mentors may not be as comfortable with collaborative software as other mentors or their mentees. If there are large time zone differences, some people who would otherwise be interested in acting as a mentor may be dissuaded. Managers need to take this into consideration if they are connecting employees with mentors or if they are thinking of taking on the mentor role themselves.

    Experiential Learning

    • Virtual employees risk being overlooked for special projects due to the “out of sight, out of mind” bias: When special projects come up, the temptation is to look around the room and see who is the best fit. The problem is, however, that in some cases the highest performers or best fit may not physically be in the room. In these cases it is important for managers to take on an advocate role for their employees and remind other managers that they have good virtual employees on their team that should be included or contacted. It is also important for managers to keep their team informed about these opportunities as often as possible.
    • Sometimes certain projects or certain kinds of work just cannot be done virtually in a company for a variety of reasons. The experiential learning opportunities will not be open to virtual employees. If such opportunities are open to the majority of other workers in this role (potentially putting virtual employees’ career development at a disadvantage relative to their peers), managers should work with their virtual employees to identify alternative experiences. Managers may also want to consider advocating for more or for higher quality experiential learning opportunities at the organization.

    Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.

    Employee development basics

    • Career planning & performance improvement
    • Formal training
    • Relational learning
    • Experiential learning

    Speaker’s Notes:

    [Customize this slide according to your organization’s own policies and processes for employee development. Provide useful images that outline this on the slide, and in these notes describe the processes/policies that are in place. Note: In some cases policies or processes may not be designed with virtual employees or virtual teams in mind. That is okay for the purposes of this training module. In the following activities participants will discuss how they apply these policies and processes with their virtual teams. If your organization is interested in adapting its policies/processes to better support virtual workers, it may be useful to record those conversations to supplement existing policies later.]

    Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.

    2.4 Share current practices for developing employees on a virtual team

    30 Minutes

    1. Brainstorm and list current high-level employee development practices. Record in your workbook.
    2. Discuss current challenges connected to developing virtual employees. Record in your workbook.
    3. Identify one solution for each challenge that you can put into action with your own virtual team.
    4. Discuss as a group.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current employee development practices
    • Challenges surrounding employee development

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Refine Action Plans

    2.5 Refine your action plan and commit to implementing it

    30 Minutes

    1. Review your action plans for consistency and overlap. Highlight any parts you may struggle to complete.
    2. Meeting with your group, summarize your plans to each other. Provide feedback and discuss each other’s action plans.
    3. Discuss how you can hold each other accountable.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Action items from previous activities.

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Summary of Accomplishment

    • We do not need to go out and learn a new set of manager responsibilities to better manage our virtual teams; rather, we have to “dial up” certain responsibilities we already have or adjust certain approaches that we already take.
    • It is important to set clear expectations. While managers are ultimately responsible for making sure expectations are set and are clearly communicated, they are not the only ones with responsibilities. Employees and managers need to work together to overcome the challenges that virtual work involves.
    • Virtual employees crave meaningful interactions with their managers and team. Managers must take charge in fostering an atmosphere of openness around wellbeing and establish effective performance management strategies. By being proactive with our virtual teams’ wellness and mindful of our performance management habits, we can take significant steps toward keeping these employees engaged and productive.
    • Effective management in virtual contexts requires being more deliberate than is typical in non-virtual contexts. By working as a group to identify challenges and propose solutions, we have helped each other create action plans that we can use going forward to continually improve our management practices.

    If you would like additional support, have our analysts guide you through an info-tech workshop or guided implementation.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Speaker’s Notes:

    First, let’s take a moment to summarize the key things we have learned today:

    1. We do not need to go out and learn a new set of manager competencies to better manage our virtual teams; rather, we have to “dial up” certain competencies we already have or adjust certain approaches that we already take. In many cases we just need to be more aware of the challenges that virtual communication poses and be more planful in our approaches.
    2. It is important to set clear expectations. While managers are ultimately responsible for making sure expectations are set and clearly communicated, they are not the only ones with responsibilities. Employees and managers need to work together to overcome the challenges that virtual work involves. Making sure that teams have meaningful conversations about expectations, come to a shared understanding of them, and record them will create a firm foundation for all other interactions on the virtual team.
    3. Virtual employees crave meaningful interactions with their managers related to performance and employee development. By creating action plans for improving these kinds of interactions with our teams, we can take significant steps toward keeping these employees engaged and productive.
    4. Effective performance management and employee development in virtual contexts require more planfulness than is required in non-virtual contexts. By working as a group to identify challenges and propose solutions, we have helped each other create action plans that we can use going forward to continually improve our management practices.

    Is there anything that anyone has learned that is not on this list and that they would like to share with the group?

    Finally, were there any challenges identified today that were not addressed?

    [Note to facilitator: Take note of any challenges not addressed and commit to getting back to the participants with some suggested solutions.]

    Additional resources

    Manager Training: Lead Through Change

    Train managers to navigate the interpersonal challenges associated with change management and develop their communication and leadership skills. Upload this LMS module into your learning management system to enable online training.

    Manager Training: Build a Better Manager: Manage Your People

    Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers use in their day to day.

    Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Blueprint: Manage Poor Performance While Working From Home

    Assess and improve remote work performance with our ready-to-use tools.

    Works Cited

    April, Richard. “10 KPIs Every Sales Manager Should Measure in 2019.” HubSpot, 24 June 2019. Web.

    Banerjea, Peter. “5 Powerful Strategies for Managing a Remote Sales Team.” Badger - Maps for field sales, n.d. Web.

    Bibby, Adrianne. “5 Employers’ Awesome Quotes about Work Flexibility.” FlexJobs, 9 January 2017. Web.

    Brogie, Frank. “The 14 KPIs every field sales rep should strive to improve.” Repsly, 2018. Web.

    Dunn, Julie. “5 smart tips for leading field sales teams.” LevelEleven, March 2015. Web.

    Edinger, Scott. “How great sales leaders coach.” Forbes, 2013. Web.

    “Employee Outlook: Employee Views on Working Life.” CIPD, April 2016. Web.

    Hall, Becki. “The 5 biggest challenges facing remote workers (and how to solve them).” interact, 7 July 2017. Web.

    Hofstede, Geert. “National Cultural Dimensions.” Hofstede Insights, 2012. Web.

    “Inventory of U.S. Greenhouse Gas Emissions and Sinks: 1990-2014 (EPA 430-R-16-002).” Environmental Protection Agency (EPA), 15 April 2016.

    “Latest Telecommuting Statistics.” Global Workplace Analytics, June 2021. Web.

    Knight, Rebecca. “How to manage remote direct reports.” Harvard Business Review, 2015. Web.

    “Rewards and Recognition: 5 ways to show remote worker appreciation.” FurstPerson, 2019. Web.

    Palay, Jonathan. "How to build your sales management cadence." CommercialTribe, 22 March 2018. Web.

    “Sales Activity Management Matrix.” Asian Sales Guru, 2019. Web.

    Smith, Simone. “9 Things to Consider When Recognizing Remote Employees.” hppy, 2018. Web.

    “State of Remote Work 2017.” OWL Labs, 2021. Web.

    “State of the American Workplace.” Gallup, 2017. Web.

    “Telework Savings Potential.” Global Workplace Analytics, June 2021. Web.

    “The Future of Jobs Employment Trends.” World Economic Forum, 2016. Web.

    “The other COVID-19 crisis: Mental health.” Qualtrics, 14 April 2020. Web.

    Thompson, Dan. “The straightforward truth about effective sales leadership.” Sales Hacker, 2017. Web.

    Tsipursky, Gleb. “Remote Work Can Be Better for Innovation Than In-Person Meetings.” Scientific American, 14 Oct. 2021. Web.

    Walsh, Kim. “New sales manager? Follow this guide to crush your first quarter.” HubSpot, May 2019. Web.

    “What Leaders Need to Know about Remote Workers: Surprising Differences in Workplace Happiness and Relationships.” TINYpulse, 2016.

    Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015.

    Contributors

    Anonymous CAMH Employee

    Engineer Your Event Management Process

    • Buy Link or Shortcode: {j2store}461|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Build an event management practice that is situated in the larger service management environment. Purposefully choose valuable events to track and predefine their associated actions to cut down on data clutter.

    Our Advice

    Critical Insight

    Event management is useless in isolation. The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

    Impact and Result

    Create a repeatable framework to define monitored events, their root cause, and their associated action. Record your monitored events in a catalog to stay organized.

    Engineer Your Event Management Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Engineer Your Event Management Deck – A step-by-step document that walks you through how to choose meaningful, monitored events to track and action.

    Engineer your event management practice with tracked events informed by the business impact of the related systems, applications, and services. This storyboard will help you properly define and catalog events so you can properly respond when alerted.

    • Engineer Your Event Management Process – Phases 1-3

    2. Event Management Cookbook – A guide to help you walk through every step of scoping event management and defining every event you track in your IT environment.

    Use this tool to define your workflow for adding new events to track. This cookbook includes the considerations you need to include for every tracked event as well as the roles and responsibilities of those involved with event management.

    • Event Management Cookbook

    3. Event Management Catalog – Using the Event Management Cookbook as a guide, record all your tracked events in the Event Management Catalog.

    Use this tool to record your tracked events and alerts in one place. This catalog allows you to record the rationale, root-cause, action, and data governance for all your monitored events.

    • Event Management Catalog

    4. Event Management Workflow – Define your event management handoffs to other service management practices.

    Use this template to help define your event management handoffs to other service management practices including change management, incident management, and problem management.

    • Event Management Workflow (Visio)
    • Event Management Workflow (PDF)

    5. Event Management Roadmap – Implement and continually improve upon your event management practice.

    Use this tool to implement and continually improve upon your event management process. Record, prioritize, and assign your action items from the event management blueprint.

    • Event Management Roadmap
    [infographic]

    Workshop: Engineer Your Event Management Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Situate Event Management in Your Service Management Environment

    The Purpose

    Determine goals and challenges for event management and set the scope to business-critical systems.

    Key Benefits Achieved

    Defined system scope of Event Management

    Roles and responsibilities defined

    Activities

    1.1 List your goals and challenges

    1.2 Monitoring and event management RACI

    1.3 Abbreviated business impact analysis

    Outputs

    Event Management RACI (as part of the Event Management Cookbook)

    Abbreviated BIA (as part of the Event Management Cookbook)

    2 Define Your Event Management Scope

    The Purpose

    Define your in-scope configuration items and their operational conditions

    Key Benefits Achieved

    Operational conditions, related CIs and dependencies, and CI thresholds defined

    Activities

    2.1 Define operational conditions for systems

    2.2 Define related CIs and dependencies

    2.3 Define conditions for CIs

    2.4 Perform root-cause analysis for complex condition relationships

    2.5 Set thresholds for CIs

    Outputs

    Event Management Catalog

    3 Define Thresholds and Actions

    The Purpose

    Pre-define actions for every monitored event

    Key Benefits Achieved

    Thresholds and actions tied to each monitored event

    Activities

    3.1 Set thresholds to monitor

    3.2 Add actions and handoffs to event management

    Outputs

    Event Catalog

    Event Management Workflows

    4 Start Monitoring and Implement Event Management

    The Purpose

    Effectively implement event management

    Key Benefits Achieved

    Establish an event management roadmap for implementation and continual improvement

    Activities

    4.1 Define your data policy for event management

    4.2 Identify areas for improvement and establish an implementation plan

    Outputs

    Event Catalog

    Event Management Roadmap

    Further reading

    Engineer Your Event Management Process

    Track monitored events purposefully and respond effectively.

    EXECUTIVE BRIEF

    Analyst Perspective

    Event management is useless in isolation.

    Event management creates no value when implemented in isolation. However, that does not mean event management is not valuable overall. It must simply be integrated properly in the service management environment to inform and drive the appropriate actions.

    Every step of engineering event management, from choosing which events to monitor to actioning the events when they are detected, is a purposeful and explicit activity. Ensuring that event management has open lines of communication and actions tied to related practices (e.g. problem, incident, and change) allows efficient action when needed.

    Catalog your monitored events using a standardized framework to allow you to know:

    1. The value of tracking the event.
    2. The impact when the event is detected.
    3. The appropriate, right-sized reaction when the event is detected.
    4. The tool(s) involved in tracking the event.

    Properly engineering event management allows you to effectively monitor and understand your IT environment and bolster the proactivity of the related service management practices.

    Benedict Chang

    Benedict Chang
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Strive for proactivity. Implement event management to reduce response times of technical teams to solve (potential) incidents when system performance degrades.

    Build an integrated event management practice where developers, service desk, and operations can all rely on event logs and metrics.

    Define the scope of event management including the systems to track, their operational conditions, related configuration items (CIs), and associated actions of the tracked events.

    Common Obstacles

    Managed services, subscription services, and cloud services have reduced the traditional visibility of on- premises tools.

    System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

    Info-Tech’s Approach

    Clearly define a limited number of operational objectives that may benefit from event management.

    Focus only on the key systems whose value is worth the effort and expense of implementing event management.

    Understand what event information is available from the CIs of those systems and map those against your operational objectives.

    Write a data retention policy that balances operational, audit, and debugging needs against cost and data security needs.

    Info-Tech Insight

    More is NOT better. Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

    Your challenge

    This research is designed to help organizations who are facing these challenges or looking to:

    • Build an event management practice that is situated in the larger service management environment.
    • Purposefully choose events and to track as well as their related actions based on business-critical systems, their conditions, and their related CIs.
    • Cut down on the clutter of current events tracked.
    • Create a framework to add new events when new systems are onboarded.

    33%

    In 2020, 33% of organizations listed network monitoring as their number one priority for network spending. 27% of organizations listed network monitoring infrastructure as their number two priority.
    Source: EMA, 2020; n=350

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Many organizations have multiple tools across multiple teams and departments that track the current state of infrastructure, making it difficult to consolidate event management into a single practice.
    • Managed services, subscription services, and cloud services have reduced the traditional visibility of on-premises tools
    • System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

    Build event management to bring value to the business

    33%

    33% of all IT organizations reported that end users detected and reported incidents before the network operations team was aware of them.
    Source: EMA, 2020; n=350

    64%

    64% of enterprises use 4-10 monitoring tools to troubleshoot their network.
    Source: EMA, 2020; n=350

    Info-Tech’s approach

    Choose your events purposefully to avoid drowning in data.

    A funnel is depicted. along the funnel are the following points: Event Candidates: 1. System Selection by Business Impact; 2. System Decomposition; 3. Event Selection and Thresholding; 4. Event Action; 5. Data Management; Valuable, Monitored, and Actioned Events

    The Info-Tech difference:

    1. Start with a list of your most business-critical systems instead of data points to measure.
    2. Decompose your business-critical systems into their configuration items. This gives you a starting point for choosing what to measure.
    3. Choose your events and label them as notifications, warnings, or exceptions. Choose the relevant thresholds for each CI.
    4. Have a pre-defined action tied to each event. That action could be to log the datapoint for a report or to open an incident or problem ticket.
    5. With your event catalog defined, choose how you will measure the events and where to store the data.

    Event management is useless in isolation

    Define how event management informs other management practices.

    Logging, Archiving, and Metrics

    Monitoring and event management can be used to establish and analyze your baseline. The more you know about your system baselines, the easier it will be to detect exceptions.

    Change Management

    Events can inform needed changes to stay compliant or to resolve incidents and problems. However, it doesn’t mean that changes can be implemented without the proper authorization.

    Automatic Resolution

    The best use case for event management is to detect and resolve incidents and problems before end users or IT are even aware.

    Incident Management

    Events sitting in isolation are useless if there isn’t an effective way to pass potential tickets off to incident management to mitigate and resolve.

    Problem Management

    Events can identify problems before they become incidents. However, you must establish proper data logging to inform problem prioritization and actioning.

    Info-Tech’s methodology for Engineering Your Event Management Process

    1. Situate Event Management in Your Service Management Environment 2. Define Your Monitoring Thresholds and Accompanying Actions 3. Start Monitoring and Implement Event Management

    Phase Steps

    1.1 Set Operational and Informational Goals

    1.2 Scope Monitoring and States of Interest

    2.1 Define Conditions and Related CIs

    2.2 Set Monitoring Thresholds and Alerts

    2.3 Action Your Events

    3.1 Define Your Data Policy

    3.2 Define Future State

    Event Cookbook

    Event Catalog

    Phase Outcomes

    Monitoring and Event Management RACI

    Abbreviated BIA

    Event Workflow

    Event Management Roadmap

    Insight summary

    Event management is useless in isolation.

    The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

    Start with business intent.

    Trying to organize a catalog of events is difficult when working from the bottom up. Start with the business drivers of event management to keep the scope manageable.

    Keep your signal-to-noise ratio as high as possible.

    Defining tracked events with their known conditions, root cause, and associated actions allows you to be proactive when events occur.

    Improve slowly over time.

    Start small if need be. It is better and easier to track a few items with proper actions than to try to analyze events as they occur.

    More is NOT better. Avoid drowning in data.

    Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

    Add correlations in event management to avoid false positives.

    Supplement the predictive value of a single event by aggregating it with other events.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    This is a screenshot of the Event Management Cookbook

    Event Management Cookbook
    Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.

    This is a screenshot of the Event Management RACI

    Event Management RACI
    Define the roles and responsibilities needed in event management.

    This is a screenshot of the event management workflow

    Event Management Workflow
    Define the lifecycle and handoffs for event management.

    This is a screenshot of the Event Catalog

    Event Catalog
    Consolidate and organize your tracked events.

    This is a screenshot of the Event Roadmap

    Event Roadmap
    Roadmap your initiatives for future improvement.

    Blueprint benefits

    IT Benefits

    • Provide a mechanism to compare operating performance against design standards and SLAs.
    • Allow for early detection of incidents and escalations.
    • Promote timely actions and ensure proper communications.
    • Provide an entry point for the execution of service management activities.
    • Enable automation activity to be monitored by exception
    • Provide a basis for service assurance, reporting and service improvements.

    Business Benefits

    • Less overall downtime via earlier detection and resolution of incidents.
    • Better visibility into SLA performance for supplied services.
    • Better visibility and reporting between IT and the business.
    • Better real-time and overall understanding of the IT environment.

    Case Study

    An event management script helped one company get in front of support calls.

    INDUSTRY - Research and Advisory

    SOURCE - Anonymous Interview

    Challenge

    One staff member’s workstation had been infected with a virus that was probing the network with a wide variety of usernames and passwords, trying to find an entry point. Along with the obvious security threat, there existed the more mundane concern that workers occasionally found themselves locked out of their machine and needed to contact the service desk to regain access.

    Solution

    The system administrator wrote a script that runs hourly to see if there is a problem with an individual’s workstation. The script records the computer's name, the user involved, the reason for the password lockout, and the number of bad login attempts. If the IT technician on duty notices a greater than normal volume of bad password attempts coming from a single account, they will reach out to the account holder and inquire about potential issues.

    Results

    The IT department has successfully proactively managed two distinct but related problems: first, they have prevented several instances of unplanned work by reaching out to potential lockouts before they receive an incident report. They have also successfully leveraged event management to probe for indicators of a security threat before there is a breach.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Introduce the Cookbook and explore the business impact analysis.

    Call #4: Define operational conditions.

    Call #6: Define actions and related practices.

    Call #8: Identify and prioritize improvements.

    Call #3: Define system scope and related CIs/ dependencies.

    Call #5: Define thresholds and alerts.

    Call #7: Define data policy.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Situate Event Management in Your Service Management Environment Define Your Event Management Scope Define Thresholds and Actions Start Monitoring and Implement Event Management Next Steps and Wrap-Up (offsite)

    Activities

    1.1 3.1 Set Thresholds to Monitor

    3.2 Add Actions and Handoffs to Event Management

    Introductions

    1.2 Operational and Informational Goals and Challenges

    1.3 Event Management Scope

    1.4 Roles and Responsibilities

    2.1 Define Operational Conditions for Systems

    2.2 Define Related CIs and Dependencies

    2.3 Define Conditions for CIs

    2.4 Perform Root-Cause Analysis for Complex Condition Relationships

    2.4 Set Thresholds for CIs

    3.1 Set Thresholds to Monitor

    3.2 Add Actions and Handoffs to Event Management

    4.1 Define Your Data Policy for Event Management

    4.2 Identify Areas for Improvement and Future Steps

    4.3 Summarize Workshop

    5.1 Complete In-Progress Deliverables From Previous Four Days

    5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps

    Deliverables
    1. Monitoring and Event Management RACI (as part of the Event Management Cookbook)
    2. Abbreviated BIA (as part of the Event Management Cookbook)
    3. Event Management Cookbook
    1. Event Management Catalog
    1. Event Management Catalog
    2. Event Management Workflows
    1. Event Management Catalog
    2. Event Management Roadmap
    1. Workshop Summary

    Phase 1

    Situate Event Management in Your Service Management Environment

    Phase 1 Phase 2 Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    1.1.1 List your goals and challenges

    1.1.2 Build a RACI chart for event management

    1.2.1 Set your scope using business impact

    This phase involves the following participants:

    Infrastructure management team

    IT managers

    Step 1.1

    Set Operational and Informational Goals

    Activities

    1.1.1 List your goals and challenges

    1.1.2 Build a RACI chart for event management

    Situate Event Management in Your Service Management Environment

    This step will walk you through the following activities:

    Set the overall scope of event management by defining the governing goals. You will also define who is involved in event management as well as their responsibilities.

    This step involves the following participants:

    Infrastructure management team

    IT managers

    Outcomes of this step

    Define the goals and challenges of event management as well as their data proxies.

    Have a RACI matrix to define roles and responsibilities in event management.

    Situate event management among related service management practices

    This image depicts the relationship between Event Management and related service management practices.

    Event management needs to interact with the following service management practices:

    • Incident Management – Event management can provide early detection and/or prevention of incidents.
    • Availability and Capacity Management – Event management helps detect issues with availability and capacity before they become an incident.
    • Problem Management – The data captured in event management can aid in easier detection of root causes of problems.
    • Change Management – Event management can function as the rationale behind needed changes to fix problems and incidents.

    Consider both operational and informational goals for event management

    Event management may log real-time data for operational goals and non-real time data for informational goals

    Event Management

    Operational Goals (real-time)

    Informational Goals (non-real time)

    Incident Response & Prevention

    Availability Scaling

    Availability Scaling

    Modeling and Testing

    Investigation/ Compliance

    • Knowing what the outcomes are expected to achieve helps with the design of that process.
    • A process targeted to fewer outcomes will generally be less complex, easier to adhere to, and ultimately, more successful than one targeted to many goals.
    • Iterate for improvement.

    1.1.1 List your goals and challenges

    Gather a diverse group of IT staff in a room with a whiteboard.

    Have each participant write down their top five specific outcomes they want from improved event management.

    Consolidate similar ideas.

    Prioritize the goals.

    Record these goals in your Event Management Cookbook.

    Priority Example Goals
    1 Reduce response time for incidents
    2 Improve audit compliance
    3 Improve risk analysis
    4 Improve forecasting for resource acquisition
    5 More accurate RCAs

    Input

    • Pain points

    Output

    • Prioritized list of goals and outcomes

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • Infrastructure management team
    • IT managers

    Download the Event Management Cookbook

    Event management is a group effort

    • Event management needs to involve multiple other service management practices and service management roles to be effective.
    • Consider the roles to the right to see how event management can fit into your environment.

    Infrastructure Team

    The infrastructure team is accountable for deciding which events to track, how to track, and how to action the events when detected.

    Service Desk

    The service desk may respond to events that are indicative of incidents. Setting a root cause for events allows for quicker troubleshooting, diagnosis, and resolution of the incident.

    Problem and Change Management

    Problem and change management may be involved with certain event alerts as the resultant action could be to investigate the root cause of the alert (problem management) or build and approve a change to resolve the problem (change management).

    1.1.2 Build a RACI chart for event management

    1. As a group, complete the RACI chart using the template to the right. RACI stands for the following:
      • Responsible. The person doing the work.
      • Accountable. The person who ensures the work is done.
      • Consulted. Two-way communication.
      • Informed. One-way communication
      • There must be one and only one accountable person for each task. There must also be at least one responsible person. Depending on the use case, RACI letters may be combined (e.g. AR means the person who ensures the work is complete but also the person doing the work).
    2. Start with defining the roles in the first row in your own environment.
    3. Look at the tasks on the first column and modify/add/subtract tasks as necessary.
    4. Populate the RACI chart as necessary.

    Download the Event Management Cookbook

    Event Management Task IT Manager SME IT Infrastructure Manager Service Desk Configuration Manager (Event Monitoring System) Change Manager Problem Manager
    Defining systems and configuration items to monitor R C AR R
    Defining states of operation R C AR C
    Defining event and event thresholds to monitor R C AR I I
    Actioning event thresholds: Log A R
    Actioning event thresholds: Monitor I R A R
    Actioning event thresholds: Submit incident/change/problem ticket R R A R R I I
    Close alert for resolved issues AR RC RC

    Step 1.2

    Scope Monitoring and Event Management Using Business Impact

    Activities

    1.2.1 Set your scope using business impact

    Situate Event Management in Your Service Management Environment

    This step will walk you through the following activities:

    • Set your scope of event management using an abbreviated business impact analysis.

    This step involves the following participants:

    • Infrastructure manager
    • IT managers

    Outcomes of this step

    • List of systems, services, and applications to monitor.

    Use the business impact of your systems to set the scope of monitoring

    Picking events to track and action is difficult. Start with your most important systems according to business impact.

    • Business impact can be determined by how costly system downtime is. This could be a financial impact ($/hour of downtime) or goodwill impact (internal/external stakeholders affected).
    • Use business impact to determine the rating of a system by Tier (Gold, Silver, or Bronze):
      • GOLD: Mission-critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.
      • SILVER: Important to daily operations but not mission critical. Example: email services at any large organization.
      • BRONZE: Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.
    • Align a list of systems to track with your previously selected goals for event management to determine WHY you need to track that system. Tracking the system could inform critical SLAs (performance/uptime), vulnerability, compliance obligations, or simply system condition.

    More is not better

    Tracking too many events across too many tools could decrease your responsiveness to incidents. Start tracking only what is actionable to keep the signal-to-noise ratio of events as high as possible.

    % of Incidents Reported by End Users Before Being Recognized by IT Operations

    A bar graph is depicted. It displays the following Data: All Organizations: 40%; 1-3 Tools: 29; 4-10 Tools: 36%; data-verified=11 Tools: 52">

    Source: Riverbed, 2016

    1.2.1 Set your scope using business impact

    Collating an exhaustive list of applications and services is onerous. Start small, with a subset of systems.

    1. Gather a diverse group of IT staff and end users in a room with a whiteboard.
    2. List 10-15 systems and services. Solicit feedback from the group. Questions to ask:
      • What services do you regularly use? What do you see others using?
        (End users)
      • Which service comprises the greatest number of service calls? (IT)
      • What services are the most critical for business operations? (Everybody)
      • What is the cost of downtime (financial and goodwill) for these systems? (Business)
      • How does monitoring these systems align with your goals set in Step 1.1?
    3. Assign an importance to each of these systems from Gold (most important) to Bronze (least important).
    4. Record these systems in your Event Management Cookbook.
    Systems/Services/Applications Tier
    1 Core Infrastructure Gold
    2 Internet Access Gold
    3 Public-Facing Website Gold
    4 ERP Silver
    15 PaperSave Bronze

    Include a variety of services in your analysis

    It might be tempting to jump ahead and preselect important applications. However, even if an application is not on the top 10 list, it may have cross-dependencies that make it more valuable than originally thought.

    For a more comprehensive BIA, see Create a Right-Sized Disaster Recovery Plan
    Download the Event Management Cookbook

    Phase 2

    Define Your Monitoring Thresholds and Accompanying Actions

    Phase 1Phase 2Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    • 2.1.1 Define performance conditions
    • 2.1.2 Decompose services into Related CIs
    • 2.2.1 Verify your CI conditions with a root-cause analysis
    • 2.2.2 Set thresholds for your events
    • 2.3.1 Set actions for your thresholds
    • 2.3.2 Build your event management workflow

    This phase involves the following participants:

    • Business system owners
    • Infrastructure manager
    • IT managers

    Step 2.1

    Define Conditions and Related CIs

    Activities

    2.1.1 Define performance conditions

    2.1.2 Decompose services into related CIs

    Define Your Monitoring Thresholds and Accompanying Actions

    This step will walk you through the following activities:

    For each monitored system, define the conditions of interest and related CIs.

    This step involves the following participants:

    Business system owners

    Infrastructure manager

    IT managers

    Outcomes of this step

    List of conditions of interest and related CIs for each monitored system.

    Consider the state of the system that is of concern to you

    Events present a snapshot of the state of a system. To determine which events you want to monitor, you need to consider what system state(s) of importance.

    • Systems can be in one of three states:
      • Up
      • Down
      • Degraded
    • What do these states mean for each of your systems chosen in your BIA?
    • Up and Down are self-explanatory and a good place to start.
    • However, degraded systems are indicative that one or more component systems of an overarching system has failed. You must uncover the nature of such a failure, which requires more sophisticated monitoring.

    2.1.1 Define system states of greatest importance for each of your systems

    1. With the system business owners and compliance officers in the room, list the performance states of your systems chosen in your BIA.
    2. If you have too many systems listed, start only with the Gold Systems.
    3. Use the following proof approaches if needed:
      • Positive Proof Approach – every system when it has certain technical and business performance expectations. You can use these as a baseline.
      • Negative Proof Approach – users know when systems are not performing. Leverage incident data and end-user feedback to determine failed or degraded system states and work backwards.
    4. Focus on the end-user facing states.
    5. Record your critical system states in the Event Management Cookbook.
    6. Use these states in the next several activities and translate them into measurable infrastructure metrics.

    Input

    • Results of business impact analysis

    Output

    • Critical system states

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Markers

    Participants

    • Infrastructure manager
    • Business system owners

    Download the Event Management Cookbook

    2.1.2 Decompose services into relevant CIs

    Define your system dependencies to help find root causes of degraded systems.

    1. For each of your systems identified in your BIA, list the relevant CIs.
    2. Identify dependencies and relationship of those CIs with other CIs (linkages and dependencies).
    3. Starting with the Up/Down conditions for your Gold systems, list the conditions of the CIs that would lead to the condition of the system. This may be a 1:1 relationship (e.g. Core Switches down = Core Infrastructure down) or a many:1 relationship (some virtualization hosts + load balancers down = Core Infrastructure down). You do not need to define specific thresholds yet. Focus on conditions for the CIs.
    4. Repeat step 3 with Degraded conditions.
    5. Repeat step 3 and 4 with Silver and Bronze systems.
    6. Record the results in the Event Management Cookbook.

    Core Infrastructure Example

    An iceberg is depicted. below the surface, are the following terms in order from shallowest to deepest: MPLS Connection, Core Switches, DNS; DHCP, AD ADFS, SAN-01; Load Balancers, Virtualization Hosts (x 12); Power and Cooling

    Download the Event Management Cookbook

    Step 2.2

    Set Monitoring Thresholds and Alerts

    Activities

    2.2.1 Verify your CI conditions with a root-cause analysis

    2.2.2 Set thresholds for your events

    Define Your Monitoring Thresholds and Accompanying Actions

    This step will walk you through the following activities:

    Set monitoring thresholds for each CI related to each condition of interest.

    This step involves the following participants:

    Business system managers

    Infrastructure manager

    IT managers

    Service desk manager

    Outcomes of this step

    List of events to track along with their root cause.

    Event management will involve a significant number of alerts

    Separate the serious from trivial to keep the signal-to-noise ratio high.

    Event Categories: Exceptions: Alarms Indicate Failure; Alerts indicate exceeded thresholds; Normal Operation. Event Alerts: Informational; Exceptional; Warning

    Set your own thresholds

    You must set your own monitoring criteria based on operational needs. Events triggering an action should be reviewed via an assessment of the potential project and associated risks.

    Consider the four general signal types to help define your tracked events

    Latency – time to respond

    Examples:

    • Web server – time to complete request
    • Network – roundtrip ping time
    • Storage – read/write queue times

    Traffic – amount of activity per unit time

    Web sever – how many pages per minute

    Network – Mbps

    Storage – I/O read/writes per sec

    Errors – internally tracked erratic behaviors

    Web Server – page load failures

    Network – packets dropped

    Storage – disk errors

    Saturation – consumption compared to theoretical maximum

    Web Server – % load

    Network – % utilization

    Storage – % full

    2.2.1 Verify your CI conditions with a root-cause analysis

    RCAs postulate why systems go down; use the RCA to inform yourself of the events leading up to the system going down.

    1. Gather a diverse group of IT staff in a room with a whiteboard.
    2. Pick a complex example of a system condition (many:1 correlation) that has considerable data associated with it (e.g. recorded events, problem tickets).
    3. Speculate on the most likely precursor conditions. For example, if a related CI fails or is degraded, which metrics would you likely see before the failure?
    4. If something failed, imagine what you’d most likely see before the failure.
    5. Extend that timeline backward as far as you can be reasonably confident.
    6. Pick a value for that event.
    7. Write out your logic flow from event recognition to occurrence.
    8. Once satisfied, program the alert and ideally test in a non-prod environment.

    Public Website Example

    Dependency CIs Tool Metrics
    ISP WAN SNMP Traps Latency
    Telemetry Packet Loss
    SNMP Pooling Jitter
    Network Performance Web Server Response Time
    Connection Stage Errors
    Web Server Web Page DOM Load Time
    Performance
    Page Load Time

    Let your CIs help you

    At the end of the day, most of us can only monitor what our systems let us. Some (like Exchange Servers) offer a crippling number of parameters to choose from. Other (like MPLS) connections are opaque black boxes giving up only the barest of information. The metrics you choose are largely governed by the art of the possible.

    Case Study

    Exhaustive RCAs proved that 54% of issues were not caused by storage.

    This is the Nimble Storage Logo

    INDUSTRY - Enterprise IT
    SOURCE - ESG, 2017

    Challenge

    Despite a laser focus on building nothing but all-flash storage arrays, Nimble continued to field a dizzying number of support calls.

    Variability and complexity across infrastructure, applications, and configurations – each customer install being ever so slightly different – meant that the problem of customer downtime seemed inescapable.

    Solution

    Nimble embedded thousands of sensors into its arrays, both at a hardware level and in the code. Thousands of sensors per array multiplied by 7,500 customers meant millions of data points per second.

    This data was then analyzed against 12,000 anonymized app-data gap-related incidents.

    Patterns began to emerge, ones that persisted across complex customer/array/configuration combinations.

    These patterns were turned into signatures, then acted on.

    Results

    54% of app-data gap related incidents were in fact related to non-storage factors! Sub-optimal configuration, bad practices, poor integration with other systems, and even VM or hosts were at the root cause of over half of reported incidents.

    Establishing that your system is working fine is more than IT best practice – by quickly eliminating potential options the right team can get working on the right system faster thus restoring the service more quickly.

    Gain an even higher SNR with event correlation

    Filtering:

    Event data determined to be of minimal predictive value is shunted aside.

    Aggregation:

    De-duplication and combination of similar events to trigger a response based on the number or value of events, rather than for individual events.

    Masking:

    Ignoring events that occur downstream of a known failed system. Relies on accurate models of system relationships.

    Triggering:

    Initiating the appropriate response. This could be simple logging, any of the exception event responses, an alert requiring human intervention, or a pre-programmed script.

    2.2.2 Set thresholds for your events

    If the event management team toggles the threshold for an alert too low (e.g. one is generated every time a CPU load reaches 60% capacity), they will generate too many false positives and create far too much work for themselves, generating alert fatigue. If they go the other direction and set their thresholds too high, there will be too many false negatives – problems will slip through and cause future disruptions.

    1. Take your list of RCAs from the previous activity and conduct an activity with the group. The goal of the exercise is to produce the predictive event values that confidently predict an imminent event.
    2. Questions to ask:
      • What are some benign signs of this incident?
      • Is there something we could have monitored that would have alerted us to this issue before an incident occurred?
      • Should anyone have noticed this problem? Who? Why? How?
      • Go through this for each of the problems identified and discuss thresholds. When complete, include the information in the Event Management Catalog.

    Public Website Example

    Dependency Metrics Threshold
    Network Performance Latency 150ms
    Packet Loss 10%
    Jitter >1ms
    Web Server Response Time 750ms
    Performance
    Connection Stage Errors 2
    Web Page Performance DOM Load time 1100ms
    Page Load time 1200ms

    Download the Event Management Cookbook

    Step 2.3

    Action Your Events

    Activities

    2.3.1 Set actions for your thresholds

    2.3.2 Build your event management workflow

    Define Your Monitoring Thresholds and Associated Actions

    This step will walk you through the following activities:

    With your list of tracked events from the previous step, build associated actions and define the handoff from event management to related practices.

    This step involves the following participants:

    Event management team

    Infrastructure team

    Change manager

    Problem manager

    Incident manager

    Outcomes of this step

    Event management workflow

    Set actions for your thresholds

    For each of your thresholds, you will need an action tied to the event.

    • Review the event alert types:
      • Informational
      • Warning
      • Exception
    • Your detected events will require one of the following actions if detected.
    • Unactioned events will lead to a poor signal-to-noise ratio of data, which ultimately leads to confusion in the detection of the event and decreased response effectiveness.

    Event Logged

    For informational alerts, log the event for future analysis.

    Automated Resolution

    For a warning or exception event or a set of events with a well-known root cause, you may have an automated resolution tied to detection.

    Human Intervention

    For warnings and exceptions, human intervention may be needed. This could include manual monitoring or a handoff to incident, change, or problem management.

    2.3.1 Set actions for your thresholds

    Alerts generated by event management are useful for many different ITSM practitioners.

    1. With the chosen thresholds at hand, analyze the alerts and determine if they require immediate action or if they can be logged for later analysis.
    2. Questions to ask:
      1. What kind of response does this event warrant?
      2. How could we improve our event management process?
      3. What event alerts would have helped us with root-cause analysis in the past?
    3. Record the results in the Event Management Catalog.

    Public Website Example

    Outcome Metrics Threshold Response (s)
    Network Performance Latency 150ms Problem Management Tag to Problem Ticket 1701
    Web Page Performance DOM Load time 1100ms Change Management

    Download the Event Management Catalog

    Input

    • List of events generated by event management

    Output

    • Action plan for various events as they occur

    Materials

    • Whiteboard/flip charts
    • Pens
    • Paper

    Participants

    • Event Management Team
    • Infrastructure Team
    • Change Manager
    • Problem Manager
    • Incident Manager

    2.3.2 Build your event management workflow

    1. As a group, discuss your high-level monitoring, alerting, and actioning processes.
    2. Define handoff processes to incident, problem, and change management. If necessary, open your incident, problem, and change workflows and discuss how the event can further pass onto those practices. Discuss the examples below:
      • Incident Management: Who is responsible for opening the incident ticket? Can the incident ticket be automated and templated?
      • Change Management: Who is responsible for opening an RFC? Who will approve the RFC? Can it be a pre-approved change?
      • Problem Management : Who is responsible for opening the problem ticket? How can the event data be useful in the problem management process?
    3. Use and modify the example workflow as needed by downloading the Event Management Workflow.

    Example Workflow:

    This is an image of an example Event Management Workflow

    Download the Event Management Workflow

    Common datapoints to capture for each event

    Data captured will help related service management practices in different ways. Consider what you will need to record for each event.

    • Think of the practice you will be handing the event to. For example, if you’re handing the event off to incident or problem management, data captured will have to help in root-cause analysis to find and execute the right solution. If you’re passing the event off to change management, you may need information to capture the rationale of the change.
    • Knowing the driver for the data can help you define the right data captured for every event.
    • Consider the data points below for your events:

    Data Fields

    Device

    Date/time

    Component

    Parameters in exception

    Type of failure

    Value

    Download the Event Management Catalog

    Start Monitoring and Implement Event Management

    Phase 1Phase 2Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    3.1.1 Define data policy needs

    3.2.1 Build your roadmap

    This phase involves the following participants:

    Business system owners

    Infrastructure manager

    IT managers

    Step 3.1

    Define Your Data Policy

    Activities

    3.1.1 Define data policy needs

    Start Monitoring and Implement Event Management

    This step will walk you through the following activities:

    Your overall goals from Phase 1 will help define your data retention needs. Document these policy statements in a data policy.

    This step involves the following participants:

    CIO

    Infrastructure manager

    IT managers

    Service desk manager

    Outcomes of this step

    Data retention policy statements for event management

    Know the difference between logs and metrics

    Logs

    Metrics

    A log is a complete record of events from a period:

    • Structured
    • Binary
    • Plaintext
    Missing entries in logs can be just as telling as the values existing in other entries. A metric is a numeric value that gives information about a system, generally over a time series. Adjusting the time series allows different views of the data.

    Logs are generally internal constructs to a system:

    • Applications
    • DB replications
    • Firewalls
    • SaaS services

    Completeness and context make logs excellent for:

    • Auditing
    • Analytics
    • Real-time and outlier analysis
    As a time series, metrics operate predictably and consistently regardless of system activity.

    This independence makes them ideal for:

    • Alerts
    • Dashboards
    • Profiling

    Large amounts of log data can make it difficult to:

    • Store
    • Transmit
    • Sift
    • Sort

    Context insensitivity means we can apply the same metric to dissimilar systems:

    • This is especially important for blackbox systems not fully under local control.

    Understand your data requirements

    Amount of event data logged by a 1000 user enterprise averages 113GB/day

    Source: SolarWinds

    Security Logs may contain sensitive information. Best practice is to ensure logs are secure at rest and in transit. Tailor your security protocol to your compliance regulations (PCI, etc.).
    Architecture and Availability When production infrastructure goes down, logging tends to go down as well. Holes in your data stream make it much more difficult to determine root causes of incidents. An independent secondary architecture helps solve problems when your primary is offline. At the very least, system agents should be able to buffer data until the pipeline is back online.
    Performance Log data grows: organically with the rest of the enterprise and geometrically in the event of a major incident. Your infrastructure design needs to support peak loads to prevent it from being overwhelmed when you need it the most.
    Access Control Events have value for multiple process owners in your enterprise. You need to enable access but also ensure data consistency as each group performs their own analysis on the data.
    Retention Near-real time data is valuable operationally; historic data is valuable strategically. Find a balance between the two, keeping in mind your obligations under compliance frameworks (GDPR, etc.).

    3.1.1 Set your data policy for every event

    1. Given your event list in the Event Management Catalog, include the following information for each event:
      • Retention Period
      • Data Sensitivity
      • Data Rate
    2. Record the results in the Event Management Catalog.

    Public Website Example

    Metrics/Log Retention Period Data Sensitivity Data Rate
    Latency 150ms No
    Packet Loss 10% No
    Jitter >1ms No
    Response Time 750ms No
    HAProxy Log 7 days Yes 3GB/day
    DOM Load time 1100ms
    Page Load time 1200ms
    User Access 3 years Yes

    Download the Event Management Catalog

    Input

    • List of events generated by event management
    • List of compliance standards your organization adheres to

    Output

    • Data policy for every event monitored and actioned

    Materials

    • Whiteboard/flip charts
    • Pens
    • Paper

    Participants

    • Event management team
    • Infrastructure team

    Step 3.2

    Set Your Future of Event Monitoring

    Activities

    3.2.1 Build your roadmap

    Start Monitoring and Implement Event Management

    This step will walk you through the following activities:

    Event management maturity is slowly built over time. Define your future actions in a roadmap to stay on track.

    This step involves the following participants:

    CIO

    Infrastructure manager

    IT managers

    Outcomes of this step

    Event management roadmap and action items

    Practice makes perfect

    For every event that generates an alert, you want to judge the predictive power of said event.

    Engineer your event management practice to be predictive. For example:

    • Up/Down Alert – Expected Consequence: Service desk will start working on the incident ticket before a user reports that said system has gone down.
    • SysVol Capacity Alert – Expected Consequence: Change will be made to free up space on the volume prior to the system crashing.

    If the expected consequence is not observed there are three places to look:

    1. Was the alert received by the right person?
    2. Was the alert received in enough time to do something?
    3. Did the event triggering the alert have a causative relationship with the consequence?

    While impractical to look at every action resulting from an alert, a regular review process will help improve your process. Effective alerts are crafted with specific and measurable outcomes.

    Info-Tech Insight

    False positives are worse than missed positives as they undermine confidence in the entire process from stakeholders and operators. If you need a starting point, action your false positives first.

    Mind Your Event Management Errors

    Two Donut charts are depicted. The first has a slice which is labeled 7% False Positive. The Second has a slice which is labeled 33% False Negative.

    Source: IEEE Communications Magazine March 2012

    Follow the Cookbook for every event you start tracking

    Consider building event management into new, onboarded systems as well.

    You now have several core systems, their CIs, conditions, and their related events listed in the Event Catalog. Keep the Catalog as your single reference point to help manage your tracked events across multiple tools.

    The Event Management Cookbook is designed to be used over and over. Keep your tracked events standard by running through the steps in the Cookbook.

    An additional step you could take is to pull the Cookbook out for event tracking for each new system added to your IT environment. Adding events in the Catalog during application onboarding is a good way to manage and measure configuration.

    Event Management Cookbook

    This is a screenshot of the Event Management Cookbook

    Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.

    3.2.1 Build an event management roadmap

    Increase your event management maturity over time by documenting your goals.

    Add the following in-scope goals for future improvement. Include owner, timeline, progress, and priority.

    • Add additional systems/applications/services to event management
    • Expand condition lists for given systems
    • Consolidate tracking tools for easier data analysis and actioning
    • Integrate event management with additional service management practices

    This image contains a screenshot of a sample Event Management Roadmap

    Summary of Accomplishment

    Problem Solved

    You now have a structured event management process with a start on a properly tracked and actioned event catalog. This will help you detect incidents before they become incidents, changes needed to the IT environment, and problems before they spread.

    Continue to use the Event Management Cookbook to add new monitored events to your Event Catalog. This ensures future events will be held to the same or better standard, which allows you to avoid drowning in too much data.

    Lastly, stay on track and continually mature your event management practice using your Event Management Roadmap.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    This is an example of a RACI Chart for Event Management

    Build a RACI Chart for Event Management

    Define and document the roles and responsibilities in event management.

    This is an example of a business impact chart

    Set Your Scope Using Business Impact

    Define and prioritize in-scope systems and services for event management.

    Related Info-Tech Research

    Standardize the Service Desk

    Improve customer service by driving consistency in your support approach and meeting SLAs.

    Improve Incident and Problem Management

    Don’t let persistent problems govern your department

    Harness Configuration Management Superpowers

    Build a service configuration management practice around the IT services that are most important to the organization.

    Select Bibliography

    DeMattia, Adam. “Assessing the Financial Impact of HPE InfoSight Predictive Analytics.” ESG, Softchoice, Sept. 2017. Web.

    Hale, Brad. “Estimating Log Generation for Security Information Event and Log Management.” SolarWinds, n.d. Web.

    Ho, Cheng-Yuan, et al. “Statistical Analysis of False Positives and False Negatives from Real Traffic with Intrusion Detection/Prevention Systems.” IEEE Communications Magazine, vol. 50, no. 3, 2012, pp. 146-154.

    ITIL Foundation ITIL 4 Edition = ITIL 4. The Stationery Office, 2019.

    McGillicuddy, Shamus. “EMA: Network Management Megatrends 2016.” Riverbed, April 2016. Web.

    McGillicuddy, Shamus. “Network Management Megatrends 2020.” Enterprise Management Associates, APCON, 2020. Web.

    Rivas, Genesis. “Event Management: Everything You Need to Know about This ITIL Process.” GB Advisors, 22 Feb. 2021. Web.

    “Service Operations Processes.” ITIL Version 3 Chapters, 21 May 2010. Web.

    Build a Robust and Comprehensive Data Strategy

    • Buy Link or Shortcode: {j2store}120|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $46,734 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The volume and variety of data that organizations have been collecting and producing have been growing exponentially and show no sign of slowing down.
    • At the same time, business landscapes and models are evolving, and users and stakeholders are becoming more and more data centric, with maturing expectations and demands.

    Our Advice

    Critical Insight

    • As the CDO or equivalent data leader in your organization, a robust and comprehensive data strategy is the number one tool in your toolkit for delivering on your mandate of creating measurable business value from data.
    • A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.
    • Building and fostering a data-driven culture will accelerate and sustain adoption of, appetite for, and appreciation for data and hence drive the ROI on your various data investments.

    Impact and Result

    • Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data:
      • Establish the business context and value: Identify key business drivers for executing on an optimized data strategy, build compelling and relevant use cases, understand your organization’s culture and appetite for data, and ensure you have well-articulated vision, principles, and goals for your data strategy
      • Ensure you have a solid data foundation: Understand your current data environment, data management enablers, people, skill sets, roles, and structure. Know your strengths and weakness so you can optimize appropriately.
      • Formulate a sustainable data strategy: Round off your strategy with effective change management and communication for building and fostering a data-driven culture.

    Build a Robust and Comprehensive Data Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data Strategy Research – A step-by-step document to facilitate the formulation of a data strategy that brings together the business context, data management foundation, people, and culture.

    Data should be at the foundation of your organization’s evolution. The transformational insights that executives and decision makers are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, trusted, and relevant data readily available to the users who need it.

    • Build a Robust and Comprehensive Data Strategy – Phases 1-3

    2. Data Strategy Stakeholder Interview Guide and Findings – A template to support you in your meetings or interviews with key stakeholders as you work on understanding the value of data within the various lines of business.

    This template will help you gather insights around stakeholder business goals and objectives, current data consumption practices, the types or domains of data that are important to them in supporting their business capabilities and initiatives, the challenges they face, and opportunities for data from their perspective.

    • Data Strategy Stakeholder Interview Guide and Findings

    3. Data Strategy Use Case Template – An exemplar template to demonstrate the business value of your data strategy.

    Data strategy optimization anchored in a value proposition will ensure that the data strategy focuses on driving the most valuable and critical outcomes in support of the organization’s enterprise strategy. The template will help you facilitate deep-dive sessions with key stakeholders for building use cases that are of demonstrable value not only to their relevant lines of business but also to the wider organization.

    • Data Strategy Use Case Template

    4. Chief Data Officer – A job description template that includes a detailed explication of the responsibilities and expectations of a CDO.

    Bring data to the C-suite by creating the Chief Data Officer role. This position is designed to bridge the gap between the business and IT by serving as a representative for the organization's data management practices and identifying how the organization can leverage data as a competitive advantage or corporate asset.

    • Chief Data Officer

    5. Data Strategy Document Template – A structured template to plan and document your data strategy outputs.

    Use this template to document and formulate your data strategy. Follow along with the sections of the blueprint Build a Robust and Comprehensive Data Strategy and complete the template as you progress.

    • Data Strategy Document Template
    [infographic]

    Workshop: Build a Robust and Comprehensive Data Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value: Understand the Current Business Environment

    The Purpose

    Establish the business context for the business strategy.

    Key Benefits Achieved

    Substantiates the “why” of the data strategy.

    Highlights the organization’s goals, objectives, and strategic direction the data must align with.

    Activities

    1.1 Data Strategy 101

    1.2 Intro to Tech’s Data Strategy Framework

    1.3 Data Strategy Value Proposition: Understand stakeholder’s strategic priorities and the alignment with data

    1.4 Discuss the importance of vision, mission, and guiding principles of the organization’s data strategy

    1.5 Understand the organization’s data culture – discuss Data Culture Survey results

    1.6 Examine Core Value Streams of Business Architecture

    Outputs

    Business context; strategic drivers

    Data strategy guiding principles

    Sample vision and mission statements

    Data Culture Diagnostic Results Analysis

    2 Business-Data Needs Discovery: Key Business Stakeholder Interviews

    The Purpose

    Build use cases of demonstrable value and understand the current environment.

    Key Benefits Achieved

    An understanding of the current maturity level of key capabilities.

    Use cases that represent areas of concern and/or high value and therefore need to be addressed.

    Activities

    2.1 Conduct key business stakeholder interviews to initiate the build of high-value business-data cases

    Outputs

    Initialized high-value business-data cases

    3 Understand the Current Data Environment & Practice: Analyze Data Capability and Practice Gaps and Develop Alignment Strategies

    The Purpose

    Build out a future state plan that is aimed at filling prioritized gaps and that informs a scalable roadmap for moving forward on treating data as an asset.

    Key Benefits Achieved

    A target state plan, formulated with input from key stakeholders, for addressing gaps and for maturing capabilities necessary to strategically manage data.

    Activities

    3.1 Understand the current data environment: data capability assessment

    3.2 Understand the current data practice: key data roles, skill sets; operating model, organization structure

    3.3 Plan target state data environment and data practice

    Outputs

    Data capability assessment and roadmapping tool

    4 Align Business Needs with Data Implications: Initiate Roadmap Planning and Strategy Formulation

    The Purpose

    Consolidate business and data needs with consideration of external factors as well as internal barriers and enablers to the success of the data strategy. Bring all the outputs together for crafting a robust and comprehensive data strategy.

    Key Benefits Achieved

    A consolidated view of business and data needs and the environment in which the data strategy will be operationalized.

    An analysis of the feasibility and potential risks to the success of the data strategy.

    Activities

    4.1 Analyze gaps between current- and target-state

    4.2 Initiate initiative, milestone and RACI planning

    4.3 Working session with Data Strategy Owner

    Outputs

    Data Strategy Next Steps Action Plan

    Relevant data strategy related templates (example: data practice patterns, data role patterns)

    Initialized Data Strategy on-a-Page

    Further reading

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    ANALYST PERSPECTIVE

    Data Strategy: Key to helping drive organizational innovation and transformation

    "In the dynamic environment in which we operate today, where we are constantly juggling disruptive forces, a well-formulated data strategy will prove to be a key asset in supporting business growth and sustainability, innovation, and transformation.

    Your data strategy must align with the organization’s business strategy, and it is foundational to building and fostering an enterprise-wide data-driven culture."

    Crystal Singh,

    Director – Research and Advisory

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • Chief data officers (CDOs), chief architects, VPs, and digital transformation directors and CIOs who are accountable for ensuring data can be leveraged as a strategic asset of the organization.

    This Research Will Help You:

    • Put a strategy in place to ensure data is available, accessible, well integrated, secured, of acceptable quality, and suitably visualized to fuel decision making by the organizations’ executives.
    • Align data management plans and investments with business requirements and the organization’s strategic plans.
    • Define the relevant roles for operationalizing your data strategy.

    This Research Will Also Assist:

    • Data architects and enterprise architects who have been tasked with supporting the formulation or optimization of the organization’s data strategy.
    • Business leaders creating plans for leveraging data in their strategic planning and business processes.
    • IT professionals looking to improve the environment that manages and delivers data.

    This Research Will Help Them:

    • Get a handle on the current situation of data within the organization.
    • Understand how the data strategy and its resulting initiatives will affect the operations, integration, and provisioning of data within the enterprise.

    Executive Summary

    Situation

    • The volume and variety of data that organizations have been collecting and producing have been growing exponentially and show no sign of slowing down. At the same time, business landscapes and models are evolving, and users and stakeholders are becoming more and more data centric, with maturing and demanding expectations.

    Complication

    • As organizations pivot in response to industry disruptions and changing landscapes, a reactive and piecemeal approach leads to data architectures and designs that fail to deliver real and measurable value to the business.
    • Despite the growing focus on data, many organizations struggle to develop a cohesive business-driven strategy for effectively managing and leveraging their data assets.

    Resolution

    Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data:

    • Establish the business context and value: Identify key business drivers for executing on an optimized data strategy, build compelling and relevant use cases, understand your organization’s culture and appetite for data, and ensure you have well-articulated vision, principles, and goals for your data strategy.
    • Ensure you have a solid data foundation: Understand your current data environment, data management enablers, people, skill sets, roles, and structure. Know your strengths and weakness so you can optimize appropriately.
    • Formulate a sustainable data strategy: Round off your strategy with effective change management and communication for building and fostering a data-driven culture.

    Info-Tech Insight

    1. As the CDO or equivalent data leader in your organization, a robust and comprehensive data strategy is the number one tool in your toolkit for delivering on your mandate of creating measurable business value from data.
    2. A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.
    3. Building and fostering a data-driven culture will accelerate and sustain adoption of, appetite for, and appreciation for data and hence drive the ROI on your various data investments.

    Why do you need a data strategy?

    Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.

    The dynamic marketplace of today requires organizations to be responsive in order to gain or maintain their competitive edge and place in their industry.

    Organizations need to have that 360-degree view of what’s going on and what’s likely to happen.

    Disruptive forces often lead to changes in business models and require organizations to have a level of adaptability to remain relevant.

    To respond, organizations need to make decisions and should be able to turn to their data to gain insights for informing their decisions.

    A well-formulated and robust data strategy will ensure that your data investments bring you the returns by meeting your organization’s strategic objectives.

    Organizations need to be in a position where they know what’s going on with their stakeholders and anticipate what their stakeholders’ needs are going to be.

    Data cannot be fully leveraged without a cohesive strategy

    Most organizations today will likely have some form of data management in place, supported by some of the common roles such as DBAs and data analysts.

    Most will likely have a data architecture that supports some form of reporting.

    Some may even have a chief data officer (CDO), a senior executive who has a seat at the C-suite table.

    These are all great assets as a starting point BUT without a cohesive data strategy that stitches the pieces together and:

    • Effectively leverages these existing assets
    • Augments them with additional and relevant key roles and skills sets
    • Optimizes and fills in the gaps around your current data management enablers and capabilities for the growing volume and variety of data you’re collecting
    • Fully caters to real, high-value strategic organizational business needs

    you’re missing the mark – you are not fully leveraging the incredible value of your data.

    Cross-industry studies show that on average, less than half of an organization’s structured data is actively used in making decisions

    And, less than 1% of its unstructured data is analyzed or used at all. Furthermore, 80% of analysts' time is spent simply discovering and preparing, data with over 70% of employees having access to data they should not. Source: HBR, 2017

    Organizational drivers for a data strategy

    Your data strategy needs to align with your organizational strategy.

    Main Organizational Strategic Drivers:

    1. Stakeholder Engagement/Service Excellence
    2. Product and Service Innovations
    3. Operational Excellence
    4. Privacy, Risk, and Compliance Management

    “The companies who will survive and thrive in the future are the ones who will outlearn and out-innovate everyone else. It is no longer ‘survival of the fittest’ but ‘survival of the smartest.’ Data is the element that both inspires and enables this new form of rapid innovation.– Joel Semeniuk, 2016

    A sound data strategy is the key to unlocking the value in your organization’s data.

    Data should be at the foundation of your organization’s evolution.

    The transformational insights that executives are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, well-integrated, trustworthy, relevant data readily available to the business users who need it.

    Whether hoping to gain a better understanding of your business, trying to become an innovator in your industry, or having a compliance and regulatory mandate that needs to be met, any organization can get value from its data through a well-formulated, robust, and cohesive data strategy.

    According to a leading North American bank, “More than one petabyte of new data, equivalent to about 1 million gigabytes” is entering the bank’s systems every month. – The Wall Street Journal, 2019

    “Although businesses are at many different stages in unlocking the power of data, they share a common conviction that it can make or break an enterprise.”– Jim Love, ITWC CIO and Chief Digital Officer, IT World Canada, 2018

    Data is a strategic organizational asset and should be treated as such

    The expression “Data is an asset” or any other similar sentiment has long been heard.

    With such hype, you would have expected data to have gotten more attention in the boardrooms. You would have expected to see its value reflected on financial statements as a result of its impact in driving things like acquisition, retention, product and service development and innovation, market growth, stakeholder satisfaction, relationships with partners, and overall strategic success of the organization.

    The time has surely come for data to be treated as the asset it is.

    “Paradoxically, “data” appear everywhere but on the balance sheet and income statement.”– HBR, 2018

    “… data has traditionally been perceived as just one aspect of a technology project; it has not been treated as a corporate asset.”– “5 Essential Components of a Data Strategy,” SAS

    According to Anil Chakravarthy, who is the CEO of Informatica and has a strong vantage point on how companies across industries leverage data for better business decisions, “what distinguishes the most successful businesses … is that they have developed the ability to manage data as an asset across the whole enterprise.”– McKinsey & Company, 2019

    How data is perceived in today’s marketplace

    Data is being touted as the oil of the digital era…

    But just like oil, if left unrefined, it cannot really be used.

    "Data is the new oil." – Clive Humby, Chief Data Scientist

    Source: Joel Semeniuk, 2016

    Enter your data strategy.

    Data is being perceived as that key strategic asset in your organization for fueling innovation and transformation.

    Your data strategy is what allows you to effectively mine, refine, and use this resource.

    “The world’s most valuable resource is no longer oil, but data.”– The Economist, 2017

    “Modern innovation is now dependent upon this data.”– Joel Semeniuk, 2016

    “The better the data, the better the resulting innovation and impact.”– Joel Semeniuk, 2016

    What is it in it for you? What opportunities can data help you leverage?

    GOVERNMENT

    Leveraging data as a strategic asset for the benefit of citizens.

    • The strategic use of data can enable governments to provide higher-quality services.
    • Direct resources appropriately and harness opportunities to improve impact.
    • Make better evidence-informed decisions and better understand the impact of programs so that funds can be directed to where they are most likely to deliver the best results.
    • Maintain legitimacy and credibility in an increasingly complex society.
    • Help workers adapt and be competitive in a changing labor market.
    • A data strategy would help protect citizens from the misuse of their data.

    Source: Privy Council Office, Government of Canada, 2018

    What is it in it for you? What opportunities can data help you leverage?

    FINANCIAL

    Leveraging data to boost traditional profit and loss levers, find new sources of growth, and deliver the digital bank.

    • One bank used credit card transactional data (from its own terminals and those of other banks) to develop offers that gave customers incentives to make regular purchases from one of the bank’s merchants. This boosted the bank’s commissions, added revenue for its merchants, and provided more value to the customer (McKinsey & Company, 2017).
    • In terms of enhancing productivity, a bank used “new algorithms to predict the cash required at each of its ATMs across the country and then combined this with route-optimization techniques to save money” (McKinsey & Company, 2017).

    A European bank “turned to machine-learning algorithms that predict which currently active customers are likely to reduce their business with the bank.” The resulting understanding “gave rise to a targeted campaign that reduced churn by 15 percent” (McKinsey & Company, 2017).

    A leading Canadian bank has built a marketplace around their data – they have launched a data marketplace where they have productized the bank’s data. They are providing data – as a product – to other units within the bank. These other business units essentially represent internal customers who are leveraging the product, which is data.

    Through the use of data and advanced analytics, “a top bank in Asia discovered unsuspected similarities that allowed it to define 15,000 microsegments in its customer base. It then built a next-product-to-buy model that increased the likelihood to buy three times over.” Several sets of big data were explored, including “customer demographics and key characteristics, products held, credit-card statements, transaction and point-of-sale data, online and mobile transfers and payments, and credit-bureau data” (McKinsey & Company, 2017).

    What is it in it for you? What opportunities can data help you leverage?

    HEALTHCARE

    Leveraging data and analytics to prevent deadly infections

    The fifth-largest health system in the US and the largest hospital provider in California uses a big data and advanced analytics platform to predict potential sepsis cases at the earliest stages, when intervention is most helpful.

    Using the Sepsis Bio-Surveillance Program, this hospital provider monitors 120,000 lives per month in 34 hospitals and manages 7,500 patients with potential sepsis per month.

    Collecting data from the electronic medical records of all patients in its facilities, the solution uses natural language processing (NLP) and a rules engine to continually monitor factors that could indicate a sepsis infection. In high-probability cases, the system sends an alarm to the primary nurse or physician.

    Since implementing the big data and predictive analytics system, this hospital provider has seen a significant improvement in the mortality and the length of stay in ICU for sepsis patients.

    At 28 of the hospitals which have been on the program, sepsis mortality rates have dropped an average of 5%.

    With patients spending less time in the ICU, cost savings were also realized. This is significant, as sepsis is the costliest condition billed to Medicare, the second costliest billed to Medicaid and the uninsured, and the fourth costliest billed to private insurance.

    Source: SAS, 2019

    What is it in it for you? What opportunities can data help you leverage?

    RETAIL

    Leveraging data to better understand customer preferences, predict purchasing, drive customer experience, and optimize supply and demand planning.

    Netflix is an example of a big brand that uses big data analytics for targeted advertising. With over 100 million subscribers, the company collects large amounts of data. If you are a subscriber, you are likely familiar with their suggestions messages of the next series or movie you should catch up on. These suggestions are based on your past search data and watch data. This data provides Netflix with insights into your interests and preferences for viewing (Mentionlytics, 2018).

    “For the retail industry, big data means a greater understanding of consumer shopping habits and how to attract new customers.”– Ron Barasch, Envestnet | Yodlee, 2019

    The business case for data – moving from platitudes to practicality

    When building your business case, consider the following:

    • What is the most effective way to communicate the business case to executives?
    • How can CDOs and other data leaders use data to advance their organizations’ corporate strategy?
    • What does your data estate look like? Are you looking to leverage and drive value from your semi-structured and unstructured data assets?
    • Does your current organizational culture support a data-driven one? Does the organization have a history of managing change effectively?
    • How do changing privacy and security expectations alter the way businesses harvest, save, use, and exchange data?

    “We’re the converted … We see the value in data. The battle is getting executive teams to see it our way.”– Ted Maulucci, President of SmartONE Solutions Inc. IT World Canada, 2018

    Where do you stack up? What is your current data management maturity?

    Info-Tech’s IT Maturity Ladder denotes the different levels of maturity for an IT department and its different functions. What is the current state of your data management capability?

    Innovator - Transforms the Business. Business Partner - Expands the Business. Trusted Operator - Optimizes the Business. Firefighter - Supports the Business. Unstable - Struggles to Support.

    Info-Tech Insight

    You are best positioned to successfully execute on a data strategy if you are currently at or above the Trusted Operator level. If you find yourself still at the Unstable or Firefighter stage, your efforts are best spent on ensuring you can fulfill your day-to-day data and data management demands. Improving this capability will help build a strong data management foundation.

    Guiding principles of a data strategy

    Value of Clearly Defined Data Principles

    • Guiding principles help define the culture and characteristics of your practice by describing your beliefs and philosophy.
    • Guiding principles act as the heart of your data strategy, helping to shape initiative plans and day-to-day behaviors related to the use and treatment of the organization’s data assets.

    “Organizational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.”– McKinsey, 2018

    Build a Robust and Comprehensive Data Strategy

    Business Strategy and Current Environment connect with the Data Strategy. Data Strategy includes: Organizational Drivers and Data Value, Data Strategy Objectives and Guiding Principles, Data Strategy Vision and Mission, Data Strategy Roadmap, People: Roles and Organizational Structure, Data Culture and Data Literacy, Data Management and Tools, Risk and Feasibility.

    Follow Info-Tech’s methodology for effectively leveraging the value out of your data

    Some say it’s the new oil. Or the currency of the new business landscape. Others describe it as the fuel of the digital economy. But we don’t need platitudes — we need real ways to extract the value from our data. – Jim Love, CIO and Chief Digital Officer, IT World Canada, 2018

    1. Business Context. 2. Data and Resources Foundation. 3. Effective Data Strategy

    Our practical step-by-step approach helps you to formulate a data strategy that delivers business value.

    1. Establish Business Context and Value: In this phase, you will determine and substantiate the business drivers for optimizing the data strategy. You will identify the business drivers that necessitate the data strategy optimization and examine your current organizational data culture. This will be key to ensuring the fruits of your optimization efforts are being used. You will also define the vision, mission, and guiding principles and build high-value use cases for the data strategy.
    2. Ensure You Have a Solid Data and Resources Foundation: This phase will help you ensure you have a solid data and resources foundation for operationalizing your data strategy. You will gain an understanding of your current environment in terms of data management enablers and the required resources portfolio of key people, roles, and skill sets.
    3. Formulate a Sustainable Data Strategy: In this phase, you will bring the pieces together for formulating an effective data strategy. You will evaluate and prioritize the use cases built in Phase 1, which summarize the alignment of organizational goals with data needs. You will also create your strategic plan, considering change management and communication.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks are used throughout all four options.

    Enhance Your Solution Architecture Practices

    • Buy Link or Shortcode: {j2store}157|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $33,359 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices is critical for business value delivery.
    • A mature solution architecture practice is the basic necessity for a business to have technical agility.

    Our Advice

    Critical Insight

    Don’t architect for normal situations. That is a shallow approach and leads to decisions that may seem “right” but will not be able to stand up to system elasticity needs.

    Impact and Result

    • Understand the different parts of a continuous security architecture framework and how they may apply to your decisions.
    • Develop a solution architecture for upcoming work (or if there is a desire to reduce tech debt).

    Enhance Your Solution Architecture Practices Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Solution Architecture Practices Deck – A deck to help you develop an approach for or validate existing solution architecture capability.

    Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life. Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.

    • Enhance Your Solution Architecture Practices – Phases 1-3

    2. Solution Architecture Template – A template to record the results from the exercises to help you define, detail, and make real your digital product vision.

    Identify and detail the value maps that support the business, and discover the architectural quality attribute that is most important for the value maps. Brainstorm solutions for design decisions for data, security, scalability, and performance.

    • Solution Architecture Template
    [infographic]

    Workshop: Enhance Your Solution Architecture Practices

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Vision and Value Maps

    The Purpose

    Document a vision statement for the solution architecture practice (in general) and/or a specific vision statement, if using a single project as an example.

    Document business architecture and capabilities.

    Decompose capabilities into use cases.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Develop a collaborative understanding of business capabilities.

    Develop a collaborative understanding of use cases and personas that are relevant for the business.

    Activities

    1.1 Develop vision statement.

    1.2 Document list of value stream maps and their associated use cases.

    1.3 Document architectural quality attributes needed for use cases using SRME.

    Outputs

    Solution Architecture Template with sections filled out for vision statement canvas and value maps

    2 Continue Vision and Value Maps, Begin Phase 2

    The Purpose

    Map value stream to required architectural attributes.

    Prioritize architecture decisions.

    Discuss and document data architecture.

    Key Benefits Achieved

    An understanding of architectural attributes needed for value streams.

    Conceptual understanding of data architecture.

    Activities

    2.1 Map value stream to required architectural attributes.

    2.2 Prioritize architecture decisions.

    2.3 Discuss and document data architecture.

    Outputs

    Solution Architecture Template with sections filled out for value stream and architecture attribute mapping; a prioritized list of architecture design decisions; and data architecture

    3 Continue Phase 2, Begin Phase 3

    The Purpose

    Discuss security and threat assessment.

    Discuss resolutions to threats via security architecture decisions.

    Discuss system’s scalability needs.

    Key Benefits Achieved

    Decisions for security architecture.

    Decisions for scalability architecture.

    Activities

    3.1 Discuss security and threat assessment.

    3.2 Discuss resolutions to threats via security architecture decisions.

    3.3 Discuss system’s scalability needs.

    Outputs

    Solution Architecture Template with sections filled out for security architecture and scalability design

    4 Continue Phase 3, Start and Finish Phase 4

    The Purpose

    Discuss performance architecture.

    Compile all the architectural decisions into a solutions architecture list.

    Key Benefits Achieved

    A complete solution architecture.

    A set of principles that will form the foundation of solution architecture practices.

    Activities

    4.1 Discuss performance architecture.

    4.2 Compile all the architectural decisions into a solutions architecture list.

    Outputs

    Solution Architecture Template with sections filled out for performance and a complete solution architecture

    Further reading

    Enhance Your Solution Architecture Practice

    Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

    Analyst Perspective

    Application architecture is a critical foundation for supporting the growth and evolution of application systems. However, the business is willing to exchange the extension of the architecture’s life with quality best practices for the quick delivery of new or enhanced application functionalities. This trade-off may generate immediate benefits to stakeholders, but it will come with high maintenance and upgrade costs in the future, rendering your system legacy early.

    Technical teams know the importance of implementing quality attributes into architecture but are unable to gain approval for the investments. Overcoming this challenge requires a focus of architectural enhancements on specific problem areas with significant business visibility. Then, demonstrate how quality solutions are vital enablers for supporting valuable application functionalities by tracing these solutions to stakeholder objectives and conducting business and technical risk and impact assessments through multiple business and technical perspectives.

    this is a picture of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Manager, Applications
    Info-Tech Research Group

    Enhance Your Solution Architecture

    Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    • Most organizations have some form of solution architecture; however, it may not accurately and sufficiently support the current and rapidly changing business and technical environments.
    • To enable quick delivery, applications are built and integrated haphazardly, typically omitting architecture quality practices.

    Common Obstacles

    • Failing to involve development and stakeholder perspectives in design can lead to short-lived architecture and critical development, testing, and deployment constraints and risks being omitted.
    • Architects are experiencing little traction implementing solutions to improve architecture quality due to the challenge of tracing these solutions back to the right stakeholder objectives.

    Info-Tech's Approach

    • Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life.
    • Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.
    • Regularly review and recalibrate your solution architecture so that it accurately reflects and supports current stakeholder needs and technical environments.

    Info-Tech Insight

    Well-received applications can have poor architectural qualities. Functional needs often take precedence over quality architecture. Quality must be baked into design, execution, and decision-making practices to ensure the right tradeoffs are made.

    A badly designed solution architecture is the root of all technical evils

    A well-thought-through and strategically designed solution architecture is essential for the long-term success of any software system, and by extension, the organization because:

    1. It will help achieve quality attribute requirements (security, scalability, performance, usability, resiliency, etc.) for a software system.
    2. It can define and refine architectural guiding principles. A solution architecture is not only important for today but also a vision for the future of the system’s ability to react positively to changing business needs.
    3. It can help build usable (and reusable) services. In a fast-moving environment, the convenience of having pre-made plug-and-play architectural objects reduces the risk incurred from knee-jerk reactions in response to unexpected demands.
    4. It can be used to create a roadmap to an IT future state. Architectural concerns support transition planning activities that can lead to the successful implementation of a strategic IT plan.

    Demand for quick delivery makes teams omit architectural best practices, increasing downstream risks

    In its need for speed, a business often doesn’t see the value in making sure architecture is maintainable, reusable, and scalable. This demand leads to an organizational desire for development practices and the procurement of vendors that favor time-to-market over long-term maintainability. Unfortunately, technical teams are pushed to omit design quality and validation best practices.

    What are the business impacts of omitting architecture design practices?

    Poor quality application architecture impedes business growth opportunities, exposes enterprise systems to risks, and consumes precious IT budgets in maintenance that could otherwise be used for innovation and new projects.

    Previous estimations indicate that roughly 50% of security problems are the result of software design. […] Flaws in the architecture of a software system can have a greater impact on various security concerns in the system, and as a result, give more space and flexibility for malicious users.(Source: IEEE Software)

    Errors in software requirements and software design documents are more frequent than errors in the source code itself according to Computer Finance Magazine. Defects introduced during the requirements and design phase are not only more probable but also more severe and more difficult to remove. (Source: iSixSigma)

    Design a solution architecture that can be successful within the constraints and complexities set before you

    APPLICATION ARCHITECTURE…

    … describes the dependencies, structures, constraints, standards, and development guidelines to successfully deliver functional and long-living applications. This artifact lays the foundation to discuss the enhancement of the use and operations of your systems considering existing complexities.

    Good architecture design practices can give you a number of benefits:

    Lowers maintenance costs by revealing key issues and risks early. The Systems Sciences Institute at IBM has reported that the cost to fix an error found after product release was 4 to 5 times as much as one uncovered during design.(iSixSigma)

    Supports the design and implementation activities by providing key insights for project scheduling, work allocation, cost analysis, risk management, and skills development.(IBM: developerWorks)

    Eliminates unnecessary creativity and activities on the part of designers and implementers, which is achieved by imposing the necessary constraints on what they can do and making it clear that deviation from constraints can break the architecture.(IBM: developerWorks)

    Use Info-Tech’s Continuous Solution Architecture (CSA) Framework for designing adaptable systems

    Solution architecture is not a one-size-fits-all conversation. There are many design considerations and trade-offs to keep in mind as a product or services solution is conceptualized, evaluated, tested, and confirmed. The following is a list of good practices that should inform most architecture design decisions.

    Principle 1: Design your solution to have at least two of everything.

    Principle 2: Include a “kill switch” in your fault-isolation design. You should be able to turn off everything you release.

    Principle 3: If it can be monitored, it should be. Use server and audit logs where possible.

    Principle 4: Asynchronous is better than synchronous. Asynchronous design is more complex but worth the processing efficiency it introduces.

    Principle 5: Stateless over stateful: State data should only be used if necessary.

    Principle 6: Go horizonal (scale out) over vertical (scale up).

    Principle 7: Good architecture comes in small packages.

    Principle 8: Practice just-in-time architecture. Delay finalizing an approach for as long as you can.

    Principle 9: X-ilities over features. Quality of an architecture is the foundation over which features exist. A weak foundation can never be obfuscated through shiny features.

    Principle 10: Architect for products not projects. A product is an ongoing concern, while a project is short lived and therefore only focused on what is. A product mindset forces architects to think about what can or should be.

    Principle 11: Design for rollback: When all else fails, you should be able to stand up the previous best state of the system.

    Principle 12: Test the solution architecture like you test your solution’s features.

    CSA should be used for every step in designing a solution’s architecture

    Solution architecture is a technical response to a business need, and like all complex evolutionary systems, must adapt its design for changing circumstances.

    The triggers for changes to existing solution architectures can come from, at least, three sources:

    1. Changing business goals
    2. Existing backlog of technical debt
    3. Solution architecture roadmap

    A solution’s architecture is cross-cutting and multi-dimensional and at the minimum includes:

    • Product Portfolio Strategy
    • Application Architecture
    • Data Architecture
    • Information Architecture
    • Operational Architecture

    along with several qualitative attributes (also called non-functional requirements).

    This image contains a chart which demonstrates the relationship between changing hanging business goals, Existing backlog of technical debt, Solution architecture roadmap, and Product Portfolio Strategy, Application Architecture, Data Architecture, Information Architecture and, Operational Architecture

    Related Research: Product Portfolio Strategy

    Integrate Portfolios to Create Exceptional Customer Value

    • Define an organizing principle that will structure your projects and applications in a way that matters to your stakeholders.
    • Bridge application and project portfolio data using the organizing principle that matters to communicate with stakeholders across the organization.
    • Create a dashboard that brings together the benefits of both project and application portfolio management to improve visibility and decision making.

    Deliver on Your Digital Portfolio Vision

    • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented ; define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Related Research: Data, Information & Integration Architecture

    Build a Data Architecture Roadmap

    • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
    • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit and determine the corresponding data architecture tiers that need to be addressed.
    • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
    • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Build a Data Pipeline for Reporting and Analytics

    • Understand your high-level business capabilities and interactions across them – your data repositories and flows should be just a digital reflection thereof.
    • Divide your data world in logical verticals overlaid with various speed data progression lanes, i.e. build your data pipeline – and conquer it one segment at a time.
    • Use the most appropriate database design pattern for a given phase/component in your data pipeline progression.

    Related Research:Operational Architecture

    Optimize Application Release Management

    • Acquire release management ownership. Ensure there is appropriate accountability for the speed and quality of the releases passing through the entire pipeline.
    • A release manager has oversight over the entire release process and facilitates the necessary communication between business stakeholders and various IT roles.
    • Instill holistic thinking. Release management includes all steps required to push release and change requests to production along with the hand-off to Operations and Support. Increase the transparency and visibility of the entire pipeline to ensure local optimizations do not generate bottlenecks in other areas.
    • Standardize and lay a strong release management foundation. Optimize the key areas where you are experiencing the most pain and continually improve.

    Build Your Infrastructure Roadmap

    • Increased communication. More information being shared to more people who need it.
    • Better planning. More accurate information being shared.
    • Reduced lead times. Less due diligence or discovery work required as part of project implementations.
    • Faster delivery times. Less low-value work, freeing up more time for project work.

    Related Research:Security Architecture

    Identify Opportunities to Mature the Security Architecture

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors, and therefore, cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Key deliverable:

    Solution Architecture Template
    Record the results from the exercises to help you define, detail, and make real your digital product vision.

    Blueprint Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    This image contains screenshots of the deliverables which will be discussed later in this blueprint

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

    Guided Implementation

    Our team knows that we need to fix a process, but we need assistance to determine where to focus. some check-ins along the way would help keep us on track

    Workshop

    We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place

    Consulting

    Our team does not have the time or the knowledge to take this project on. we need assistance through the entirety of this project.

    Diagnostics and consistent frameworks are used throughout all four options

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Exercises
    1. Articulate an architectural vision
    2. Develop dynamic value stream maps
    1. Create a conceptual map between the value stream, use case, and required architectural attribute
    2. Create a prioritized list of architectural attributes
    3. Develop a data architecture that supports transactional and analytical needs
    1. Document security architecture risks and mitigations
    2. Document scalability architecture
    1. Document performance-enhancing architecture
    2. Bring it all together
    Outcomes
    1. Architecture vision
    2. Dynamic value stream maps (including user stories/personas)
    1. List of required architectural attributes
    2. Architectural attributes prioritized
    3. Data architecture design decisions
    1. Security threat and risk analysis
    2. Security design decisions
    3. Scalability design decisions
    1. Performance design decisions
    2. Finalized decisions

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    This GI is between 8 to 10 calls over the course of approximately four to six months.

    Phase 1 Phase 2 Phase 2
    Call #1:
    Articulate an architectural vision.
    Call #4:
    Continue discussion on value stream mapping and related use cases.
    Call #6:
    Document security design decisions.
    Call #2:
    Discuss value stream mapping and related use cases.
    Call #5:
    • Map the value streams to required architectural attribute.
    • Create a prioritized list of architectural attributes.
    Call #7:
    • Document scalability design decisions.
    • Document performance design decisions.
    Call #3:
    Continue discussion on value stream mapping and related use cases.
    Call #8:
    Bring it all together.

    Phase 1: Visions and Value Maps

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Determine a vision for architecture outcomes
    • Draw dynamic value stream maps
    • Derive architectural design decisions
    • Prioritize design decisions

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    Let’s get this straight: You need an architectural vision

    If you start off by saying I want to architect a system, you’ve already lost. Remember what a vision is for!

    An architectural vision...

    … is your North Star

    Your product vision serves as the single fixed point for product development and delivery.

    … aligns stakeholders

    It gets everyone on the same page.

    … helps focus on meaningful work

    There is no pride in being a rudderless ship. It can also be very expensive.

    And eventually...

    … kick-starts your strategy

    We know where to go, we know who to bring along, and we know the steps to get there. Let’s plan this out.

    An architectural vision is multi-dimensional

    Who is the target customer (or customers)?

    What is the key benefit a customer can get from using our service or product?

    Why should they be engaged with you?

    What makes our service or product better than our competitors?

    (Adapted from Crossing the Chasm)

    Info-Tech Insight

    It doesn’t matter if you are delivering value to internal or external stakeholders, you need a product vision to ensure everyone understands the “why.”

    Use a canvas as the dashboard for your architecture

    The solution architecture canvas provides a single dashboard to quickly define and communicate the most important information about the vision. A canvas is an effective tool for aligning teams and providing an executive summary view.

    This image contains a sample canvas for you to use as the dashboard for your architecture. The sections are: Solution Name, Tracking Info, Vision, Business Goals, Metrics, Personas, and Stakeholders.

    Leverage the solution architecture canvas to state and inform your architecture vision

    This image contains the sample canvas from the previous section, with annotations explaining what to do for each of the headings.

    1.1 Craft a vision statement for your solution’s architecture

    1. Use the product canvas template provided for articulating your solution’s architecture.

    *If needed, remove or add additional data points to fit your purposes.

    There are different statement templates available to help form your product vision statements. Some include:

    • For [our target customer], who [customer’s need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators].
    • We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    • To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    • Our vision is to [verb: build, design, provide] the [goal, future state] to [verb: help, enable, make it easier to...] [persona].

    (Adapted from Crossing the Chasm)

    Download the Solution Architecture Template and document your vision statement.

    Input

    • Business Goals
    • Product Portfolio Vision

    Output

    • Solution Architecture Vision

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • IT Leadership
    • Business Leadership

    Solution Architecture Canvas: Refine your vision statement

    This image contains a screenshot of the canvas from earlier in the blueprint, with only the annotation for Solution Name: Vision, unique value proposition, elevator pitch, or positioning statement.

    Understand your value streams before determining your solution’s architecture

    Business Strategy

    Sets and communicates the direction of the entire organization.

    Value Stream

    Segments, groups, and creates a coherent narrative as to how an organization creates value.

    Business Capability Map

    Decomposes an organization into its component parts to establish a common language across the organization.

    Execution

    Implements the business strategy through capability building or improvement projects.

    Identify your organization’s goals and define the value streams that support them

    Goal

    Revenue Growth

    Value Streams

    Stream 1- Product Purchase
    Stream 2- Customer Acquisition
    stream 3- Product Financing

    There are many techniques that help with constructing value streams and their capabilities.

    Domain-driven design is a technique that can be used for hypothesizing the value maps, their capabilities, and associated solution architecture.

    Read more about domain-driven design here.

    Value streams can be external (deliver value to customers) or internal (support operations)

      External Perspective

    1. Core value streams are mostly externally facing: they deliver value to either an external/internal customer and they tie to the customer perspective of the strategy map.
    • E.g. customer acquisition, product purchase, product delivery

    Internal Perspective

  • Support value streams are internally facing: they provide the foundational support for an organization to operate.
    • E.g. employee recruitment to retirement

    Key Questions to Ask While Evaluating Value Streams

    • Who are your customers?
    • What benefits do we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?
    This image contains an example of value streams. The main headings are: Customer Acquisitions, Product Purchase, Product Delivery, Confirm Order, Product Financing, and Product Release.

    Value streams highlight the what, not the how

    Value chains set a high-level context, but architectural decisions still need to be made to deal with the dynamism of user interaction and their subsequent expectations. User stories (and/or use cases) and themes are great tools for developing such decisions.

    Product Delivery

    1. Order Confirmation
    2. Order Dispatching
    3. Warehouse Management
    4. Fill Order
    5. Ship Order
    6. Deliver Order

    Use Case and User Story Theme: Confirm Order

    This image shows the relationship between confirming the customer's order online, and the Online Buyer, the Online Catalog, the Integrated Payment, and the Inventory Lookup.

    The use case Confirming Customer’s Online Order has four actors:

    1. An Online Buyer who should be provided with a catalog of products to purchase from.
    2. An Online Catalog that is invoked to display its contents on demand.
    3. An Integrated Payment system for accepting an online form of payment (credit card, Bitcoins, etc.) in a secure transaction.
    4. An Inventory Lookup module that confirms there is stock available to satisfy the Online Buyer’s order.

    Info-Tech Insight

    Each use case theme links back to a feature(s) in the product backlog.

    Related Research

    Deliver on Your Digital Portfolio Vision

    • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented – define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Document Your Business Architecture

    • Recognize the opportunity for architecture work, analyze the current and target states of your business strategy, and identify and engage the right stakeholders.
    • Model the business in the form of architectural blueprints.
    • Apply business architecture techniques such as strategy maps, value streams, and business capability maps to design usable and accurate blueprints of the business.
    • Drive business architecture forward to promote real value to the organization.
    • Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and to prioritize projects.

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example for Phase 1.3

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    Value Stream Component Use Case Required Architectural Attribute
    Loan Application UC1: Submit Loan Application
    UC2: Review Loan Application
    UC3: Approve Loan Application
    UCn: ……..
    UC1: Resilience, Data Reliability
    UC2: Data Reliability
    UC3: Scalability, Security, Performance
    UCn: …..
    Disbursement of Funds UC1: Deposit Funds Into Applicant’s Bank Account
    UCn: ……..
    UC1: Performance, Scalability, Data Reliability
    Risk Management ….. …..
    Service Accounts ….. …..

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Prioritize architectural quality attributes to ensure a right-engineered solution

    Trade-offs are inherent in solution architecture. Scaling systems may impact performance and weaken security, while fault-tolerance and redundancy may improve availability but at higher than desired costs. In the end, the best solution is not always perfect, but balanced and right-engineered (versus over- or under-engineered).

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    1. Map architecture attributes against the value stream components.
    • Use individual use cases to determine which attributes are needed for a value stream component.
    This image contains a screenshot of the table showing the importance of scalability, resiliance, performance, security, and data reliability for loan application, disbursement of funds, risk management, and service accounts.

    In our example, the prioritized list of architectural attributes are:

    • Security (4 votes for Very Important)
    • Data Reliability (2 votes for Very Important)
    • Scalability (1 vote for Very Important and 1 vote for Fairly Important) and finally
    • Resilience (1 vote for Very Important, 0 votes for Fairly Important and 1 vote for Mildly Important)
    • Performance (0 votes for Very Important, 2 votes for Fairly Important)

    1.4 Create a prioritized list of architectural attributes (from 1.3)

    1. Using the tabular structure shown on the previous slide:
    • Map each value stream component against architectural quality attributes.
    • For each mapping, indicate its importance using the green, blue, and yellow color scheme.

    Download the Solution Architecture Template and document the list of architectural attributes by priority.

    Input

    • List of Architectural Attributes From 1.3

    Output

    • Prioritized List of Architectural Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    End of Phase 1

    At the end of this Phase, you should have completed the following activities:

    • Documented a set of dynamic value stream maps along with selected use cases.
    • Using the SRME framework, identified quality attributes for the system under investigation.
    • Prioritized quality attributes for system use cases.

    Phase 2: Multi-Purpose Data and Security Architecture

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Understand the scalability, performance, resilience, and security needs of the business.

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    Fragmented data environments need something to sew them together

    • A full 93% of enterprises have a multi-cloud strategy, with 87% having a hybrid-cloud environment in place.
    • On average, companies have data stored in 2.2 public and 2.2 private clouds as well as in various on-premises data repositories.
    This image contains a breakdown of the cloud infrastructure, including single cloud versus multi-cloud.

    Source: Flexera

    In addition, companies are faced with:

    • Access and integration challenges (Who is sending the data? Who is getting it? Can we trust them?)
    • Data format challenges as data may differ for each consumer and sender of data
    • Infrastructure challenges as data repositories/processors are spread out over public and private clouds, are on premises, or in multi-cloud and hybrid ecosystems
    • Structured vs. unstructured data

    A robust and reliable integrated data architecture is essential for any organization that aspires to be relevant and impactful in its industry.

    Data’s context and influence on a solution’s architecture cannot be overestimated

    Data used to be the new oil. Now it’s the life force of any organization that has serious aspirations of providing profit-generating products and services to customers. Architectural decisions about managing data have a significant impact on the sustainability of a software system as well as on quality attributes such as security, scalability, performance, and availability.

    Storage and Processing go hand in hand and are the mainstay of any data architecture. Due to their central position of importance, an architecture decision for storage and processing must be well thought through or they become the bottleneck in an otherwise sound system.

    Ingestion refers to a system’s ability to accept data as an input from heterogenous sources, in different formats, and at different intervals.

    Dissemination is the set of architectural design decisions that make a system’s data accessible to external consumers. Major concerns involve security for the data in motion, authorization, data format, concurrent requests for data, etc.

    Orchestration takes care of ensuring data is current and reliable, especially for systems that are decentralized and distributed.

    Data architecture requires alignment with a hybrid data management plan

    Most companies have a combination of data. They have data they own using on-premises data sources and on the cloud. Hybrid data management also includes external data, such as social network feeds, financial data, and legal information amongst many others.

    Data integration architectures have typically been put in one of two major integration patterns:

    Application to Application Integration (or “speed matters”) Analytical Data Integrations (or “send it to me when its all done”)
    • This domain is concerned with ensuring communication between processes.
    • Examples include patterns such as Service-Oriented Architecture, REST, Event Hubs and Enterprise Service Buses.
    • This domain is focused on integrating data from transactional processes towards enterprise business intelligence. It supports activities that require well-managed data to generate evidence-based insights.
    • Examples of this pattern are ELT, enterprise data warehouses, and data marts.

    Sidebar

    Difference between real-time, batch, and streaming data movements

    Real-Time

    • Reacts to data in seconds or even quicker.
    • Real-time systems are hard to implement.

    Batch

    • Batch processing deals with a large volume of data all at once and data-related jobs are typically completed simultaneously in non-stop, sequential order.
    • Batch processing is an efficient and low-cost means of data processing.
    • Execution of batch processing jobs can be controlled manually, providing further control over how the system treats its data assets.
    • Batch processing is only useful if there are no requirements for data to be fresh and current. Real-time systems are suited to processing data that requires these attributes.

    Streaming

    • Stream processing allows almost instantaneous analysis of data as it streams from one device to another.
    • Since data is analyzed quickly, storage may not be a concern (since only computed data is stored while raw data can be dispersed).
    • Streaming requires the flow of data into the system to equal the flow of data computing, otherwise issues of data storage and performance can rise.

    Modern data ingestion and dissemination frameworks keep core data assets current and accessible

    Data ingestion and dissemination frameworks are critical for keeping enterprise data current and relevant.

    Data ingestion/dissemination frameworks capture/share data from/to multiple data sources.

    Factors to consider when designing a data ingestion/dissemination architecture

    What is the mode for data movement?

    • The mode for data movement is directly influenced by the size of data being moved and the downstream requirements for data currency.
    • Data can move in real-time, as a batch, or as a stream.

    What is the ingestion/dissemination architecture deployment strategy?

    • Outside of critical security concerns, hosting on the cloud vs. on premises leads to a lower total cost of ownership (TCO) and a higher return on investment (ROI).

    How many different and disparate data sources are sending/receiving data?

    • Stability comes if there is a good idea about the data sources/recipient and their requirements.

    What are the different formats flowing through?

    • Is the data in the form of data blocks? Is it structured, semi-unstructured, or unstructured?

    What are expected performance SLAs as data flow rate changes?

    • Data change rate is defined as the size of changes occurring every hour. It helps in selecting the appropriate tool for data movement.
    • Performance is a derivative of latency and throughput, and therefore, data on a cloud is going to have higher latency and lower throughput then if it is kept on premises.
    • What is the transfer data size? Are there any file compression and/or file splits applied on the data? What is the average and maximum size of a block object per ingestion/dissemination operation?

    What are the security requirements for the data being stored?

    • The ingestion/dissemination framework should be able to work through a secure tunnel to collect/share data if needed.

    Sensible storage and processing strategy can improve performance and scalability and be cost-effective

    The range of options for data storage is staggering...

    … but that’s a good thing because the range of data formats that organizations must deal with is also richer than in the past.

    Different strokes for different workloads.

    The data processing tool to use may depend upon the workloads the system has to manage.

    Expanding upon the Risk Management use case (as part of the Loan Provision Capability), one of the outputs for risk assessment is a report that conducts a statistical analysis of customer profiles and separates those that are possibly risky. The data for this report is spread out across different data systems and will need to be collected in a master data management storage location. The business and data architecture team have discussed three critical system needs, noted below:

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    Keep every core data source on the same page through orchestration

    Data orchestration, at its simplest, is the combination of data integration, data processing, and data concurrency management.

    Data pipeline orchestration is a cross-cutting process that manages the dependencies between your data integration tasks and scheduled data jobs.

    A task or application may periodically fail, and therefore, as a part of our data architecture strategy, there must be provisions for scheduling, rescheduling, replaying, monitoring, retrying, and debugging the entire data pipeline in a holistic way.

    Some of the functionality provided by orchestration frameworks are:

    • Job scheduling
    • Job parametrization
    • SLAs tracking, alerting, and notification
    • Dependency management
    • Error management and retries
    • History and audit
    • Data storage for metadata
    • Log aggregation
    Data Orchestration Has Three Stages
    Organize Transform Publicize
    Organizations may have legacy data that needs to be combined with new data. It’s important for the orchestration tool to understand the data it deals with. Transform the data from different sources into one standard type. Make transformed data easily accessible to stakeholders.

    2.1 Discuss and document data architecture decisions

    1. Using the value maps and associated use cases from Phase 1, determine the data system quality attributes.
    2. Use the sample tabular layout on the next slide or develop one of your own.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Value Maps and Use Cases

    Output

    • Initial Set of Data Design Decisions

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Data Architecture

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    There is no free lunch when making the most sensible security architecture decision; tradeoffs are a necessity

    Ensuring that any real system is secure is a complex process involving tradeoffs against other important quality attributes (such as performance and usability). When architecting a system, we must understand:

    • Its security needs.
    • Its security threat landscape.
    • Known mitigations for those threats to ensure that we create a system with sound security fundamentals.

    The first thing to do when determining security architecture is to conduct a threat and risk assessment (TRA).

    This image contains a sample threat and risk assessment. The steps are Understand: Until we thoroughly understand what we are building, we cannot secure it. Structure what you are building, including: System boundary, System structure, Databases, Deployment platform; Analyze: Use techniques like STRIDE and attack trees to analyze what can go wrong and what security problems this will cause; Mitigate: The security technologies to use, to mitigate your concerns, are discussed here. Decisions about using single sign-on (SSO) or role-based access control (RBAC), encryption, digital signatures, or JWT tokens are made. An important part of this step is to consider tradeoffs when implementing security mechanisms; validate: Validation can be done by experimenting with proposed mitigations, peer discussion, or expert interviews.

    Related Research

    Optimize Security Mitigation Effectiveness Using STRIDE

    • Have a clear picture of:
      • Critical data and data flows
      • Organizational threat exposure
      • Security countermeasure deployment and coverage
    • Understand which threats are appropriately mitigated and which are not.
    • Generate a list of initiatives to close security gaps.
    • Create a quantified risk and security model to reassess program and track improvement.
    • Develop measurable information to present to stakeholders.

    The 3A’s of strong security: authentication, authorization, and auditing

    Authentication

    Authentication mechanisms help systems verify that a user is who they claim to be.

    Examples of authentication mechanisms are:

    • Two-Factor Authentication
    • Single Sign-On
    • Multi-Factor Authentication
    • JWT Over OAUTH

    Authorization

    Authorization helps systems limit access to allowed features, once a user has been authenticated.

    Examples of authentication mechanisms are:

    • RBAC
    • Certificate Based
    • Token Based

    Auditing

    Securely recording security events through auditing proves that our security mechanisms are working as intended.

    Auditing is a function where security teams must collaborate with software engineers early and often to ensure the right kind of audit logs are being captured and recorded.

    Info-Tech Insight

    Defects in your application software can compromise privacy and integrity even if cryptographic controls are in place. A security architecture made after thorough TRA does not override security risk introduced due to irresponsible software design.

    Examples of threat and risk assessments using STRIDE and attack trees

    STRIDE is a threat modeling framework and is composed of:

    • Spoofing or impersonation of someone other than oneself
    • Tampering with data and destroying its integrity
    • Repudiation by bypassing system identity controls
    • Information disclosure to unauthorized persons
    • Denial of service that prevents system or parts of it from being used
    • Elevation of privilege so that attackers get rights they should not have
    Example of using STRIDE for a TRA on a solution using a payment system This image contains a sample attack tree.
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds.
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds.
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize.
    Disclosure PayPal Private service database has details leaked and made public.
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times.

    2.2 Document security architecture risks and mitigations

    1. Using STRIDE, attack tree, or any other framework of choice:
    • Conduct a TRA for use cases identified in Phase 1.2
  • For each threat identified through the TRA, think through the implications of using authentication, authorization, and auditing as a security mechanism.
  • Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Dynamic Value Stream Maps

    Output

    • Security Architecture Risks and Mitigations

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Security Team
    • Application Architect
    • Integration Architect

    Examples of threat and risk assessments using STRIDE

    Example of using STRIDE for a TRA on a solution using a payment system
    Threat System Component Description Quality Attribute Impacted Resolution
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds. Confidentiality Authorization
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds. Integrity Authorization
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize. Integrity Authentication and Logging
    Disclosure PayPal Private service database has details leaked and made public. Confidentiality Authorization
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests Availability N/A
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times. Confidentiality, Integrity, and Availability Authorization

    Phase 3: Upgrade Your System’s Availability

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Examine architecture for scalable and performant system designs
    • Integrate all design decisions made so far into a solution design decision log

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    In a cloud-inspired system architecture, scalability takes center stage as an architectural concern

    Scale and scope of workloads are more important now than they were, perhaps, a decade and half back. Architects realize that scalability is not an afterthought. Not dealing with it at the outset can have serious consequences should an application workload suddenly exceed expectations.

    Scalability is …

    … the ability of a system to handle varying workloads by either increasing or decreasing the computing resources of the system.

    An increased workload could include:

    • Higher transaction volumes
    • A greater number of users

    Architecting for scalability is …

    … not easy since organizations may not be able to accurately judge, outside of known circumstances, when and why workloads may unexpectedly increase.

    A scalable architecture should be planned at the:

    • Application Level
    • Infrastructure Level
    • Database Level

    The right amount and kind of scalability is …

    … balancing the demands of the system with the supply of attributes.

    If demand from system > supply from system:

    • Services and products are not useable and deny value to customers.

    If supply from system > demand from system:

    • Excess resources have been paid for that are not being used.

    When discussing the scalability needs of a system, investigate the following, at a minimum:

    • In case workloads increase due to higher transaction volumes, will the system be able to cope with the additional stress?
    • In situations where workloads increase, will the system be able to support the additional stress without any major modifications being made to the system?
    • Is the cost associated with handling the increased workloads reasonable for the benefit it provides to the business?
    • Assuming the system doesn’t scale, is there any mechanism for graceful degradation?

    Use evidence-based decision making to ensure a cost-effective yet appropriate scaling strategy

    The best input for an effective scaling strategy is previously gathered traffic data mapped to specific circumstances.

    In some cases, either due to lack of monitoring or the business not being sure of its needs, scalability requirements are hard to determine. In such cases, use stated tactical business objectives to design for scalability. For example, the business might state its desire to achieve a target revenue goal. To accommodate this, a certain number of transactions would need to be conducted, assuming a particular conversion rate.

    Scaling strategies can be based on Vertical or Horizontal expansion of resources.
    Pros Cons
    Vertical
    Scale up through use of more powerful but limited number of resources
    • May not require frequent upgrades.
    • Since data is managed through a limited number of resources, it is easier to share and keep current.
    • Costly upfront.
    • Application, database, and infrastructure may not be able to make optimal use of extra processing power.
    • As the new, more powerful resource is provisioned, systems may experience downtime.
    • Lacks redundancy due to limited points of failure.
    • Performance is constrained by the upper limits of the infrastructure involved.
    Horizontal
    Scale out through use of similarly powered but larger quantity of resources
    • Cost-effective upfront.
    • System downtime is minimal, when scaling is being performed.
    • More redundance and fault-tolerance is possible since there are many nodes involved, and therefore, can replace failed nodes.
    • Performance can scale out as more nodes are added.
    • Upgrades may occur more often than in vertical scaling.
    • Increases machine footprints and administrative costs over time.
    • Data may be partitioned on multiple nodes, leading to administrative and data currency challenges.

    Info-Tech Insight

    • Scalability is the one attribute that sparks a lot of trade-off discussions. Scalable solutions may have to compromise on performance, cost, and data reliability.
    • Horizontal scalability is mostly always preferable over vertical scalability.

    Sidebar

    The many flavors of horizontal scaling

    Traffic Shard-ing

    Through this mechanism, incoming traffic is partitioned around a characteristic of the workload flowing in. Examples of partitioning characteristics are user groups, geo-location, and transaction type.

    Beware of:

    • Lack of data currency across shards.

    Copy and Paste

    As the name suggests, clone the compute resources along with the underlying databases. The systems will use a load balancer as the first point of contact between itself and the workload flowing in.

    Beware of:

    • Though this is a highly scalable model, it does introduce risks related to data currency across all databases.
    • In case master database writes are frequent, it could become a bottleneck for the entire system.

    Productization Through Containers

    This involves breaking up the system into specific functions and services and bundling their business rules/databases into deployable containers.

    Beware of:

    • Too many containers introduce the need to orchestrate the distributed architecture that results from a service-oriented approach.

    Start a scalability overview with a look at the database(s)

    To know where to go, you must know where you are. Before introducing architectural changes to database designs, use the right metrics to get an insight into the root cause of the problem(s).

    In a nutshell, the purpose of scaling solutions is to have the technology stack do less work for the most requested services/features or be able to effectively distribute the additional workload across multiple resources.

    For databases, to ensure this happens, consider these techniques:

    • Reuse data through caching on the server and/or the client. This eliminates the need for looking up already accessed data. Examples of caching are:
      • In-memory caching of data
      • Caching database queries
    • Implement good data retrieval techniques like indexes.
    • Divide labor at the database level.
      • Through setting up primary-secondary distribution of data. In such a setup, the primary node is involved in writing data to itself and passes on requests to secondary nodes for fulfillment.
      • Through setting up database shards (either horizontally or vertically).
        • In a horizontal shard, a data table is broken into smaller pieces with the same data model but unique data in it. The sum total of the shared databases contains all the data in the primary data table.
        • In a vertical shard, a data table is broken into smaller pieces, but each piece may have a subset of the data columns. The data’s corresponding columns are put into the table where the column resides.

    Info-Tech Insight

    A non-scalable architecture has more than just technology-related ramifications. Hoping that load balancers or cloud services will manage scalability-related issues is bound to have economic impacts as well.

    Sidebar

    Caching Options

    CSA PRINCIPLE 5 applies to any decision that supports system scalability.
    “X-ilities Over Features”

    Database Caching
    Fetches and stores result of database queries in memory. Subsequent requests to the database for the same queries will investigate the cache before making a connection with the database.
    Tools like Memcached or Redis are used for database caching.

    Precompute Database Caching
    Unlike database caching, this style of caching precomputes results of queries that are popular and frequently used. For example, a database trigger could execute several predetermined queries and have them ready for consumption. The precomputed results may be stored in a database cache.

    Application Object Caching
    Stores computed results in a cache for later retrieval. For data sources, which are not changing frequently and are part of a computation output, application caching will remove the need to connect with a database.

    Proxy Caching
    Caches retrieved web pages on a proxy server and makes them available for the next time the page is requested.

    The intra- and inter-process communication of the systems middle tier can become a bottleneck

    To synchronize or not to synchronize?

    A synchronous request (doing one thing at a time) means that code execution will wait for the request to be responded to before continuing.

    • A synchronous request is a blocking event and until it is completed, all following requests will have to wait for getting their responses.
    • An increasing workload on a synchronous system may impact performance.
    • Synchronous interactions are less costly in terms of design, implementation, and maintenance.
    • Scaling options include:
    1. Vertical scale up
    2. Horizontal scale out of application servers behind a load balancer and a caching technique (to minimize data retrieval roundtrips)
    3. Horizonal scale out of database servers with data partitioning and/or data caching technique

    Use synchronous requests when…

    • Each request to a system sets the necessary precondition for a following request.
    • Data reliability is important, especially in real-time systems.
    • System flows are simple.
    • Tasks that are typically time consuming, such as I/O, data access, pre-loading of assets, are completed quickly.

    Asynchronous requests (doing many things at the same time) do not block the system they are targeting.

    • It is a “fire and forget” mechanism.
    • Execution on a server/processor is triggered by the request, however, additional technical components (callbacks) for checking the state of the execution must be designed and implemented.
    • Asynchronous interactions require additional time to be spent on implementation and testing.
    • With asynchronous interactions, there is no guarantee the request initiated any processing until the callbacks check the status of the executed thread.

    Use asynchronous requests when…

    • Tasks are independent in nature and don’t require inter-task communication.
    • Systems flows need to be efficient.
    • The system is using event-driven techniques for processing.
    • Many I/O tasks are involved.
    • The tasks are long running.

    Sidebar

    Other architectural tactics for inter-process communication

    STATELESS SERVICES VERSUS STATEFUL SERVICES
    • Does not require any additional data, apart from the bits sent through with the request.
    • Without implementing a caching solution, it is impossible to access the previous data trail for a transaction session.
    • In addition to the data sent through with the request, require previous data sent to complete processing.
    • Requires server memory to store the additional state data. With increasing workloads, this could start impacting the server’s performance.
    It is generally accepted that stateless services are better for system scalability, especially if vertical scaling is costly and there is expectation that workloads will increase.
    MICROSERVICES VERSUS SERVERLESS FUNCTIONS
    • Services are designed as small units of code with a single responsibility and are available on demand.
    • A microservices architecture is easily scaled horizontally by adding a load balancer and a caching mechanism.
    • Like microservices, these are small pieces of code designed to fulfill a single purpose.
    • Are provided only through cloud vendors, and therefore, there is no need to worry about provisioning of infrastructure as needs increase.
    • Stateless by design but the life cycle of a serverless function is vendor controlled.
    Serverless function is an evolving technology and tightly controlled by the vendor. As and when vendors make changes to their serverless products, your own systems may need to be modified to make the best use of these upgrades.

    A team that does not measure their system’s scalability is a team bound to get a 5xx HTTP response code

    A critical aspect of any system is its ability to monitor and report on its operational outcomes.

    • Using the principle of continuous testing, every time an architectural change is introduced, a thorough load and stress testing cycle should be executed.
    • Effective logging and use of insightful metrics helps system design teams make data-driven decisions.
    • Using principle of site reliability engineering and predictive analytics, teams can be prepared for any unplanned exaggerated stimulus on the system and proactively set up remedial steps.

    Any system, however well architected, will break one day. Strategically place kill-switches to counter any failures and thoroughly test their functioning before releasing to production.

    • Using Principles 2 and 9 of the CSA, (include kill-switches and architect for x-ilities over features), introduce tactics at the code and higher levels that can be used to put a system in its previous best state in case of failure.
    • Examples of such tactics are:
      • Feature flags for turning on/off code modules that impact x-ilities.
      • Implement design patterns like throttling, autoscaling, and circuit breaking.
      • Writing extensive log messages that bubble up as exceptions/error handling from the code base. *Logging can be a performance drag. Use with caution as even logging code is still code that needs CPU and data storage.

    Performance is a system’s ability to satisfy time-bound expectations

    Performance can also be defined as the ability for a system to achieve its timing requirements, using available resources, under expected full-peak load:

    (International Organization for Standardization, 2011)

    • Performance and scalability are two peas in a pod. They are related to each other but are distinct attributes. Where scalability refers to the ability of a system to initiate multiple simultaneous processes, performance is the system’s ability to complete the processes within a mandated average time period.
    • Degrading performance is one of the first red flags about a system’s ability to scale up to workload demands.
    • Mitigation tactics for performance are very similar to the tactics for scalability.

    System performance needs to be monitored and measured consistently.

    Measurement Category 1: System performance in terms of end-user experience during different load scenarios.

    • Response time/latency: Length of time it takes for an interaction with the system to complete.
    • Turnaround time: Time taken to complete a batch of tasks.
    • Throughput: Amount of workload a system is capable of handling in a unit time period.

    Measurement Category 2: System performance in terms of load managed by computational resources.

    • Resource utilization: The average usage of a resource (like CPU) over a period. Peaks and troughs indicate excess vs. normal load times.
    • Number of concurrent connections: Simultaneous user requests that a resource like a server can successfully deal with at once.
    • Queue time: The turnaround time for a specific interaction or category of interactions to complete.

    Architectural tactics for performance management are the same as those used for system scalability

    Application Layer

    • Using a balanced approach that combines CSA Principle 7 (Good architecture comes in small packages) and Principle 10 (Architect for products, not projects), a microservices architecture based on domain-driven design helps process performance. Microservices use lightweight HTTP protocols and have loose coupling, adding a degree of resilience to the system as well. *An overly-engineered microservices architecture can become an orchestration challenge.
    • The code design must follow standards that support performance. Example of standards is SOLID*.
    • Serverless architectures can run application code from anywhere – for example, from edge servers close to an end user – thereby reducing latency.

    Database Layer

    • Using the right database technologies for persistence. Relational databases have implicit performance bottlenecks (which get exaggerated as data size grows along with indexes), and document store database technologies (key-value or wide-column) can improve performance in high-read environments.
    • Data sources, especially those that are frequently accessed, should ideally be located close to the application servers. Hybrid infrastructures (cloud and on premises mixed) can lead to latency when a cloud-application is accessing on-premises data.
    • Using a data partitioning strategy, especially in a domain-driven design architecture, can improve the performance of a system.

    Performance modeling and continuous testing makes the SRE a happy engineer

    Performance modeling and testing helps architecture teams predict performance risks as the solution is being developed.
    (CSA Principle 12: Test the solution architecture like you test your solution’s features)

    Create a model for your system’s hypothetical performance testing by breaking an end-to-end process or use case into its components. *Use the SIPOC framework for decomposition.

    This image contains an example of modeled performance, showing the latency in the data flowing from different data sources to the processing of the data.

    In the hypothetical example of modeled performance above:

    • The longest period of latency is 15ms.
    • The processing of data takes 30ms, while the baseline was established at 25ms.
    • Average latency in sending back user responses is 21ms – 13ms slower than expected.

    The model helps architects:

    • Get evidence for their assumptions
    • Quantitatively isolate bottlenecks at a granular level

    Model the performance flow once but test it periodically

    Performance testing measures the performance of a software system under normal and abnormal loads.

    Performance testing process should be fully integrated with software development activities and as automated as possible. In a fast-moving Agile environment, teams should attempt to:

    • Shift-left performance testing activities.
    • Use performance testing to pinpoint performance bottlenecks.
    • Take corrective action, as quickly as possible.

    Performance testing techniques

    • Normal load testing: Verifies the system’s behavior under the expected normal load to ensure that its performance requirements are met. Load testing can be used to measure response time, responsiveness, turnaround time, and throughput.
    • Expected maximum load testing: Like the normal load testing process, ensures system meets its performance requirements under expected maximum load.
    • Stress testing: Evaluates system behavior when processing loads beyond the expected maximum.

    *In a real production scenario, a combination of these tests are executed on a regular basis to monitor the performance of the system over a given period.

    3.1-3.2 Discuss and document initial decisions made for architecture scalability and performance

    1. Use the outcomes from either or both Phases 1.3 and 1.4.
    • For each value stream component, list the architecture decisions taken to ensure scalability and performance at client-facing and/or business-rule layers.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4

    Output

    • Initial Set of Design Decisions Made for System Scalability and Performance

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Architecture decisions for scalability and performance

    Value Stream Component Design Decision for User Interface Layer Design Decisions for Middle Processing Layer
    Loan Application Scalability: N/A
    Resilience: Include circuit breaker design in both mobile app and responsive websites.
    Performance: Cache data client.
    Scalability: Scale vertically (up) since loan application processing is very compute intensive.
    Resilience: Set up fail-over replica.
    Performance: Keep servers in the same geo-area.
    Disbursement of Funds *Does not have a user interface Scalability: Scale horizontal when traffic reaches X requests/second.
    Resilience: Create microservices using domain-driven design; include circuit breakers.
    Performance: Set up application cache; synchronous communication since order of data input is important.
    …. …. ….

    3.3 Combine the different architecture design decisions into a unified solution architecture

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4
    • Output From Phase 2.1
    • Output From Phase 2.2
    • Output From 3.1 and 3.2

    Output

    • List of Design Decisions for the Solution

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Putting it all together is the bow that finally ties this gift

    This blueprint covered the domains tagged with the yellow star.

    This image contains a screenshot of the solution architecture framework found earlier in this blueprint, with stars next to Data Architecture, Security, Performance, and Stability.

    TRADEOFF ALERT

    The right design decision is never the same for all perspectives. Along with varying opinions, comes the “at odds with each other set” of needs (scalability vs. performance, or access vs. security).

    An evidence-based decision-making approach using a domain-driven design strategy is a good mix of techniques for creating the best (right?) solution architecture.

    This image contains a screenshot of a table that summarizes the themes discussed in this blueprint.

    Summary of accomplishment

    • Gained understanding and clarification of the stakeholder objectives placed on your application architecture.
    • Completed detailed use cases and persona-driven scenario analysis and their architectural needs through SRME.
    • Created a set of design decisions for data, security, scalability, and performance.
    • Merged the different architecture domains dealt with in this blueprint to create a holistic view.

    Bibliography

    Ambysoft Inc. “UML 2 Sequence Diagrams: An Agile Introduction.” Agile Modeling, n.d. Web.

    Bass, Len, Paul Clements, and Rick Kazman. Software Architecture in Practices: Third Edition. Pearson Education, Inc. 2003.

    Eeles, Peter. “The benefits of software architecting.” IBM: developerWorks, 15 May 2006. Web.

    Flexera 2020 State of the Cloud Report. Flexera, 2020. Web. 19 October 2021.

    Furdik, Karol, Gabriel Lukac, Tomas Sabol, and Peter Kostelnik. “The Network Architecture Designed for an Adaptable IoT-based Smart Office Solution.” International Journal of Computer Networks and Communications Security, November 2013. Web.

    Ganzinger, Matthias, and Petra Knaup. “Requirements for data integration platforms in biomedical research networks: a reference model.” PeerJ, 5 February 2015. (https://peerj.com/articles/755/).

    Garlan, David, and Mary Shaw. An Introduction to Software Architecture. CMU-CS-94-166, School of Computer Science Carnegie Mellon University, January 1994.

    Gupta, Arun. “Microservice Design Patterns.” Java Code Geeks, 14 April 2015. Web.

    How, Matt. The Modern Data Warehouse in Azure. O’Reilly, 2020.

    ISO/IEC 17788:2014: Information technology – Cloud computing, International Organization for Standardization, October 2014. Web.

    ISO/IEC 18384-1:2016: Information technology – Reference Architecture for Service Oriented Architecture (SOA RA), International Organization for Standardization, June 2016. Web.

    ISO/IEC 25010:2011(en) Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models. International Organization for Standardization, March 2011. Web.

    Kazman, R., M. Klein, and P. Clements. ATAM: Method for Architecture Evaluation. S Carnegie Mellon University, August 2000. Web.

    Microsoft Developer Network. “Chapter 16: Quality Attributes.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 2: Key Principles of Software Architecture.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 3: Architectural Patterns and Styles.” Microsoft Application Architecture Guide. 2nd Ed., 14 January 2010. Web.

    Microsoft Developer Network. “Chapter 5: Layered Application Guidelines.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Mirakhorli, Mehdi. “Common Architecture Weakness Enumeration (CAWE).” IEEE Software, 2016. Web.

    Moore, G. A. Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers (Collins Business Essentials) (3rd ed.). Harper Business, 2014.

    OASIS. “Oasis SOA Reference Model (SOA RM) TC.” OASIS Open, n.d. Web.

    Soni, Mukesh. “Defect Prevention: Reducing Costs and Enhancing Quality.” iSixSigma, n.d. Web.

    The Open Group. TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views. TOGAF, 2006. Web.

    The Open Group. Welcome to the TOGAF® Standard, Version 9.2, a standard of The Open Group. TOGAF, 2018. Web.

    Watts, S. “The importance of solid design principles.” BMC Blogs, 15 June 2020. 19 October 2021.

    Young, Charles. “Hexagonal Architecture–The Great Reconciler?” Geeks with Blogs, 20 Dec 2014. Web.

    APPENDIX A

    Techniques to enhance application architecture.

    Consider the numerous solutions to address architecture issues or how they will impact your application architecture

    Many solutions exist for improving the layers of the application stack that may address architecture issues or impact your current architecture. Solutions range from capability changes to full stack replacement.

    Method Description Potential Benefits Risks Related Blueprints
    Business Capabilities:
    Enablement and enhancement
    • Introduce new business capabilities by leveraging unused application functionalities or consolidate redundant business capabilities.
    • Increase value delivery to stakeholders.
    • Lower IT costs through elimination of applications.
    • Increased use of an application could overload current infrastructure.
    • IT cannot authorize business capability changes.
    Use Info-Tech’s Document Your Business Architecture blueprint to gain better understanding of business and IT alignment.
    Removal
    • Remove existing business capabilities that don’t contribute value to the business.
    • Lower operational costs through elimination of unused and irrelevant capabilities.
    • Business capabilities may be seen as relevant or critical by different stakeholder groups.
    • IT cannot authorize business capability changes.
    Use Info-Tech’s Build an Application Rationalization Framework to rationalize your application portfolio.
    Business Process:
    Process integration and consolidation
    • Combine multiple business processes into a single process.
    • Improved utilization of applications in each step of the process.
    • Reduce business costs through efficient business processes.
    • Minimize number of applications required to execute a single process.
    • Significant business disruption if an application goes down and is the primary support for business processes.
    • Organizational pushback if process integration involves multiple business groups.
    Business Process (continued):
    Process automation
    • Automate manual business processing tasks.
    • Reduce manual processing errors.
    • Improve speed of delivery.
    • Significant costs to implement automation.
    • Automation payoffs are not immediate.
    Lean business processes
    • Eliminate redundant steps.
    • Streamline existing processes by focusing on value-driven steps.
    • Improve efficiency of business process through removal of wasteful steps.
    • Increase value delivered at the end of the process.
    • Stakeholder pushback from consistently changing processes.
    • Investment from business is required to fit documentation to the process.
    Outsource the process
    • Outsource a portion of or the entire business process to a third party.
    • Leverage unavailable resources and skills to execute the business process.
    • Loss of control over process.
    • Can be costly to bring the process back into the business if desired in the future.
    Business Process (continued):
    Standardization
    • Implement standards for business processes to improve uniformity and reusability.
    • Consistently apply the same process across multiple business units.
    • Transparency of what is expected from the process.
    • Improve predictability of process execution.
    • Process bottlenecks may occur if a single group is required to sign off on deliverables.
    • Lack of enforcement and maintenance of standards can lead to chaos if left unchecked.
    User Interface:
    Improve user experience (UX)
    • Eliminate end-user emotional, mechanical, and functional friction by improving the experience of using the application.
    • UX encompasses both the interface and the user’s behavior.
    • Increase satisfaction and adoption rate from end users.
    • Increase brand awareness and user retention.
    • UX optimizations are only focused on a few user personas.
    • Current development processes do not accommodate UX assessments
    Code:
    Update coding language
    Translate legacy code into modern coding language.
    • Coding errors in modern languages can have lesser impact on the business processes they support.
    • Modern languages tend to have larger pools of coders to hire.
    • Increase availability of tools to support modern languages.
    • Coding language changes can create incompatibilities with existing infrastructure.
    • Existing coding translation tools do not offer 100% guarantee of legacy function retention.
    Code (continued):
    Open source code
    • Download pre-built code freely available in open source communities.
    • Code is rapidly evolving in the community to meet current business needs.
    • Avoid vendor lock-in from proprietary software
    • Community rules may require divulgence of work done with open source code.
    • Support is primarily provided through community, which may not address specific concerns.
    Update the development toolchain
    • Acquire new or optimize development tools with increased testing, build, and deployment capabilities.
    • Increase developer productivity.
    • Increase speed of delivery and test coverage with automation.
    • Drastic IT overhauls required to implement new tools such as code conversion, data migration, and development process revisions.
    Update source code management
    • Optimize source code management to improve coding governance, versioning, and development collaboration.
    • Ability to easily roll back to previous build versions and promote code to other environments.
    • Enable multi-user development capabilities.
    • Improve conflict management.
    • Some source code management tools cannot support legacy code.
    • Source code management tools may be incompatible with existing development toolchain.
    Data:
    Outsource extraction
    • Outsource your data analysis and extraction to a third party.
    • Lower costs to extract and mine data.
    • Leverage unavailable resources and skills to translate mined data to a usable form.
    • Data security risks associated with off-location storage.
    • Data access and control risks associated with a third party.
    Update data structure
    • Update your data elements, types (e.g. transactional, big data), and formats (e.g. table columns).
    • Standardize on a common data definition throughout the entire organization.
    • Ease data cleansing, mining, analysis, extraction, and management activities.
    • New data structures may be incompatible with other applications.
    • Implementing data management improvements may be costly and difficult to acquire stakeholder buy-in.
    Update data mining and data warehousing tools
    • Optimize how data is extracted and stored.
    • Increase the speed and reliability of the data mined.
    • Perform complex analysis with modern data mining and data warehousing tools.
    • Data warehouses are regularly updated with the latest data.
    • Updating data mining and warehousing tools may create incompatibilities with existing infrastructure and data sets.
    Integration:
    Move from point-to-point to enterprise service bus (ESB)
    • Change your application integration approach from point-to-point to an ESB.
    • Increase the scalability of enterprise services by exposing applications to a centralized middleware.
    • Reduce the number of integration tests to complete with an ESB.
    • Single point of failure can cripple the entire system.
    • Security threats arising from centralized communication node.
    Leverage API integration
    • Leverage application programming interfaces (APIs) to integrate applications.
    • Quicker and more frequent transfers of lightweight data compared to extract, load, transfer (ETL) practices.
    • Increase integration opportunities with other modern applications and infrastructure (including mobile devices).
    • APIs are not as efficient as ETL when handling large data sets.
    • Changing APIs can break compatibility between applications if not versioned properly.

    Prepare for Cognitive Service Management

    • Buy Link or Shortcode: {j2store}335|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • The evolution of natural language processing and machine learning applications has led to specialized AI-assisted toolsets that promise to improve the efficiency and timeliness of IT operations.

    Our Advice

    Critical Insight

    • These are early days. These AI-assisted toolsets are generating a considerable amount of media attention, but most of them are relatively untested. Early adopters willing to absorb experimentation costs are in the process of deploying the first use cases. Initial lessons are showing that IT operations in most organizations are not yet mature enough to take advantage of AI-assisted toolsets.
    • Focus on the problem, not the tool. Explicit AI questions should be at the end of the list. Start by asking what business problem you want to solve.
    • Get your house in order. The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Impact and Result

    • Don’t fall prey to the AI-bandwagon effect. AI-assisted innovations will support shift-left service support strategies through natural language processing and machine learning applications. However, the return on your AI investment will depend on whether it helps you meet an actual business goal.
    • AI-assisted tools presuppose the existence of mature IT operations functions, including standardized processes, high-quality structured content focused on the incidents and requests that matter, and a well-functioning ITSM web portal.
    • The success of AI ITSM projects hinges on adoption. If your vision is to power end-user interactions with chatbots and deploy intelligent agents on tickets coming through the web portal, be sure to develop a self-service culture that empowers end users to help themselves and experiment with new tools and technologies. Without end-user adoption, the promised benefits of AI projects will not materialize.

    Prepare for Cognitive Service Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prepare for cognitive service management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review emerging AI technology

    Get an overview of emerging AI applications to understand how they will strengthen a shift-left service support strategy.

    2. Sort potential IT operations AI use cases

    Review potential use cases for AI applications to prioritize improvement initiatives and align them to organizational goals.

    • Disruptive Technology Shortlisting Tool
    • Disruptive Technology Value-Readiness and SWOT Analysis Tool

    3. Prepare for a cognitive service management project

    Develop an ITSM AI strategy to prepare your organization for the coming of cognitive service management, and build a roadmap for implementation.

    • Customer Journey Map (PDF)
    • Customer Journey Map (Visio)
    • Infrastructure Roadmap Technology Assessment Tool
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Get the Most Out of Your CRM

    • Buy Link or Shortcode: {j2store}537|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $31,749 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Application optimization is essential to stay competitive and productive in today’s digital environment.
    • Enterprise applications often involve large capital outlay, unquantified benefits, and high risk of failure.
    • Customer relationship management (CRM) application portfolios are often messy with multiple integration points, distributed data, and limited ongoing end-user training.
    • User dissatisfaction is common.

    Our Advice

    Critical Insight

    A properly optimized CRM ecosystem will reduce costs and increase productivity.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.
    • Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy.
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Your CRM Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize your CRM, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Map current-state capabilities

    Gather information around the application:

    • Get the Most Out of Your CRM Workbook

    2. Assess your current state

    Assess CRM and related environment. Perform CRM process assessment. Assess user satisfaction across key processes, applications, and data. Understand vendor satisfaction

    • CRM Application Inventory Tool

    3. Build your optimization roadmap

    Build your optimization roadmap: process improvements, software capability improvements, vendor relationships, and data improvement initiatives.

    Infographic

    Workshop: Get the Most Out of Your CRM

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your CRM Application Vision

    The Purpose

    Define your CRM application vision.

    Key Benefits Achieved

    Develop an ongoing application optimization team.

    Realign CRM and business goals.

    Understand your current system state capabilities.

    Explore CRM and related costs.

    Activities

    1.1 Determine your CRM optimization team.

    1.2 Align organizational goals.

    1.3 Inventory applications and interactions.

    1.4 Define business capabilities.

    1.5 Explore CRM-related costs (optional).

    Outputs

    CRM optimization team

    CRM business model

    CRM optimization goals

    CRM system inventory and data flow

    CRM process list

    CRM and related costs

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Complete a CRM process gap analysis to understand where the CRM is underperforming.

    Review the CRM application portfolio assessment to understand user satisfaction and data concerns.

    Undertake a software review survey to understand your satisfaction with the vendor and product.

    Activities

    2.1 Conduct gap analysis for CRM processes.

    2.2 Perform an application portfolio assessment.

    2.3 Review vendor satisfaction.

    Outputs

    CRM process gap analysis

    CRM application portfolio assessment

    CRM software reviews survey

    3 Assess CRM

    The Purpose

    Assess CRM.

    Key Benefits Achieved

    Learn which processes you need to focus on.

    Uncover underlying user satisfaction issues to address these areas.

    Understand where data issues are occurring so that you can mitigate this.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Explore process gaps.

    3.2 Analyze user satisfaction.

    3.3 Assess data quality.

    3.4 Understand product satisfaction and vendor management.

    3.5 Look for CRM cost optimization opportunities (optional).

    Outputs

    CRM process optimization priorities

    CRM vendor optimization opportunities

    CRM cost optimization

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.

    Activities

    4.1 Identify key optimization areas.

    4.2 Build your CRM optimization roadmap and next steps.

    Outputs

    CRM optimization roadmap

    Further reading

    Get the Most Out of Your CRM

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    Get the Most Out of Your CRM

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    Customer relationship management (CRM) systems are at the core of a customer-centric strategy to drive business results. They are critical to supporting marketing, sales, and customer service efforts.

    CRM systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into the selection of replacement systems without understanding the health of their current systems. IT leaders need to stop reacting and take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization roadmap that will drive a cohesive technology strategy that delivers results.

    This is a picture of Lisa Highfield

    Lisa Highfield
    Research Director,
    Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    Enterprise applications often involve large capital outlay and unquantified benefits.

    CRM application portfolios are often messy. Add to that poor processes, distributed data, and lack of training – business results and user dissatisfaction is common.

    Technology owners are often distributed across the business. Consolidation of optimization efforts is key.

    Common Obstacles

    Enterprise applications involve large numbers of processes and users. Without a clear focus on organizational needs, decisions about what and how to optimize can become complicated.

    Competing and conflicting priorities may undermine optimization value by focusing on the approaches that would only benefit one line of business rather than the entire organization.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    Info-Tech’s Approach

    Build an ongoing optimization team to conduct application improvements.

    Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy

    Pull this all together to develop a prioritized optimization roadmap.

    Info-Tech Insight

    CRM implementation should not be a one-and-done exercise. A properly optimized CRM ecosystem will reduce costs and increase productivity.

    This is an image of the thought model: Get the Most Out of Your CRM

    Insight Summary

    Continuous assessment and optimization of customer relationship management (CRM) systems is critical to their success.

    • Applications and the environments in which they live are constantly evolving.
    • Get the Most Out of Your CRM provides business and application managers a method to complete a health assessment on their CRM systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying CRM process classification, and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data fits.
      • Pulling it all together into an optimization roadmap.

    CRM platforms are the applications that provide functional capabilities and data management around the customer experience (CX).

    Marketing, sales, and customer service are enabled through CRM technology.

    CRM technologies facilitate an organization’s relationships with customers, service users, employees, and suppliers.

    CRM technology is critical to managing the lifecycle of these relationships, from lead generation, to sales opportunities, to ongoing support and nurturing of these relationships.

    Customer experience management (CXM)

    CRM platforms sit at the core of a well-rounded customer experience management ecosystem.

    Customer Relationship Management

    • Web Experience Management Platform
    • E-Commerce & Point-of-Sale Solutions
    • Social Media Management Platform
    • Customer Intelligence Platform
    • Customer Service Management Tools
    • Marketing Management Suite

    Customer relationship management suites are one piece of the overall customer experience management ecosystem, alongside tools such as customer intelligence platforms and adjacent point solutions for sales, marketing, and customer service. Review Info-Tech’s CXM blueprint to build a complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis.

    CRM by the numbers

    1/3

    Statistical analysis of CRM projects indicate failures vary from 18% to 69%. Taking an average of those analyst reports, about one-third of CRM projects are considered a failure.
    Source: CIO Magazine, 2017

    85%

    Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin.
    Source: Gallup, 2012

    40%

    In 2019, 40% of executives name customer experience the top priority for their digital transformation.
    Source: CRM Magazine, 2019

    CRM dissatisfaction

    Drivers of Dissatisfaction

    Business Data People and Teams Technology
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    • Systems integration
    • Multichannel complexity
    • Capability shortfall
    • Lack of product support

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    Marketing, Sales, and Customer Service, along with IT, can only optimize CRM with the full support of each other. The cooperation of the departments is crucial when trying to improve CRM technology capabilities and customer interaction.

    Application optimization is risky without a plan

    Avoid the common pitfalls.

    • Not considering application optimization as a business and IT partnership that requires continuous formal engagement of all participants.
    • Not having a good understanding of current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization effort, and not incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject matter experts to facilitate the organizational change digital applications bring.

    “A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”
    – Ernese Norelus, Sreeni Pamidala, and Oliver Senti
    Medium, 2020

    Info-Tech’s methodology for Get the Most Out of Your CRM

    1. Map Current-State Capabilities 2. Assess Your Current State 3. Build Your Optimization Roadmap
    Phase Steps
    1. Identify stakeholders and build your CRM optimization team
    2. Build a CRM strategy model
    3. Inventory current system state
    4. Define business capabilities
    1. Conduct a gap analysis for CRM processes
    2. Assess user satisfaction
    3. Review your satisfaction with the vendor and product
    1. Identify key optimization areas
    2. Compile optimization assessment results
    Phase Outcomes
    1. Stakeholder map
    2. CRM optimization team
    3. CRM business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key CRM processes list
    1. Gap analysis for CRM-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into CRM data quality
    4. Quantified satisfaction with the vendor and product
    1. Application optimization plan

    Get the Most Out of Your CRM Workbook

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Key deliverable:

    CRM Optimization Roadmap (Tab 8)

    This image contains a screenshot from Tab 9 of the Get the most out of your CRM WorkshopThis image contains a screenshot from Tab 9 of the Get the most out of your CRM Workshop

    Complete an assessment of processes, user satisfaction, data quality, and vendor management using the Workbook or the APA diagnostic.

    CRM Business Model (Tab 2)

    This image contains a screenshot from Tab 2 of the Get the most out of your CRM Workshop

    Align your business and technology goals and objectives in the current environment.

    Prioritized CRM Optimization Goals (Tab 3)

    This image contains a screenshot from Tab 3 of the Get the most out of your CRM Workshop

    Identify and prioritize your CRM optimization goals.

    Application Portfolio Assessment (APA)

    This image contains a screenshot of the Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your CRM portfolio.

    Prioritized Process Assessment (Tab 5)

    This image contains a screenshot from Tab 5 of the Get the most out of your CRM Workshop

    Understand areas for improvement.

    Case Study

    Align strategy and technology to meet consumer demand.

    INDUSTRY - Entertainment
    SOURCE - Forbes, 2017

    Challenge

    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience

    Solution

    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    Results

    Netflix’s disruptive innovation is built on the foundation of great customer experience management. Netflix is now a $28-billion company, which is tenfold what Blockbuster was worth.

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time, video rental industry leader, Blockbuster.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2:

    Build the CRM team.

    Align organizational goals.

    Call #4:

    Conduct gap analysis for CRM processes.

    Prepare application portfolio assessment.

    Call #5:

    Understand product satisfaction and vendor management.

    Look for CRM cost optimization opportunities (optional).

    Call #7:

    Identify key optimization areas.

    Build out optimization roadmap and next steps.

    Call #3:

    Map current state.

    Inventory CRM processes.

    Explore CRM-related costs.

    Call #6:

    Review APA results.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Define Your CRM Application Vision Map Current-State Capabilities Assess CRM Build the Optimization Roadmap Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Determine your CRM optimization team

    1.2 Align organizational goals

    1.3 Inventory applications and interactions

    1.4 Define business capabilities

    1.5 Explore CRM-related costs

    2.1 Conduct gap analysis for CRM processes

    2.2 Perform an application portfolio assessment

    2.3 Review vendor satisfaction

    3.1 Explore process gaps

    3.2 Analyze user satisfaction

    3.3 Assess data quality

    3.4 Understand product satisfaction and vendor management

    3.5 Look for CRM cost optimization opportunities (optional)

    4.1 Identify key optimization areas

    4.2 Build your CRM optimization roadmap and next steps

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. CRM optimization team
    2. CRM business model
    3. CRM optimization goals
    4. CRM system inventory and data flow
    5. CRM process list
    6. CRM and related costs
    1. CRM process gap analysis
    2. CRM application portfolio assessment
    3. CRM software reviews survey
    1. CRM process optimization priorities
    2. CRM vendor optimization opportunities
    3. CRM cost optimization
    1. CRM optimization roadmap

    Phase 1

    Map Current-State Capabilities

    • 1.1 Identify Stakeholders and Build Your Optimization Team
    • 1.2 Build a CRM Strategy Model
    • 1.3 Inventory Current System State
    • 1.4 Define Business Capabilities
    • 1.5 Understand CRM Costs

    Get the Most Out of Your CRM

    This phase will walk you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory CRM and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • Product Owners
    • CMO
    • Departmental leads – Sales, Marketing, Customer Service, or other
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Inventory of CRM and related systems

    Develop an integration map to specify which applications will interface with each other.

    This is an image of an integration map, integrating the following Terms to CRM: Telephony Systems; Directory Services; Email; Content Management; Point Solutions; ERP

    Integration is paramount: your CRM application often integrates with other applications within the organization. Create an integration map to reflect a system of record and the exchange of data. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).

    CRM plays a key role in the more holistic customer experience framework. However, it is heavily influenced by and often interacts with many other platforms.

    Data is one key consideration that needs to be considered here. If customer information is fragmented, it will be nearly impossible to build a cohesive view of the customer. Points of integration (POIs) are the junctions between the CRM(s) and other applications where data is flowing to and from. They are essential to creating value, particularly in customer insight-focused and omnichannel-focused deployments.

    Customer expectations are on the rise

    CRM strategy is a critical component of customer experience (CX).

    CUSTOMER EXPERIENCE

    1. Thoughtfulness is in
      Connect with customers on a personal level
    2. Service over products
      The experience is more important than the product
    3. Culture is now number one
      Culture is the most overlooked piece of customer experience strategy
    4. Engineering and service finally join forces
      Companies are combining their technology and service efforts to create
      strong feedback loops
    5. The B2B world is inefficiently served
      B2B needs to step up with more tools and a greater emphasis placed on
      customer experience

    Source: Forbes, 2019

    Build a cohesive CRM strategy that aligns business goals with CRM capabilities.

    Info-Tech Insight

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.

    IT is critical to the success of your CRM strategy

    Today’s shared digital landscape of the CIO and CMO

    CIO

    • IT Operations
    • Service Delivery and Management
    • IT Support
    • IT Systems and Application
    • IT Strategy and Governance
    • Cybersecurity

    Collaboration and Partnership

    • Digital Strategy = Transformation
      Business Goals | Innovation | Leadership | Rationalization
    • Customer Experience
      Architecture | Design | Omnichannel Delivery | Management
    • Insight (Market Facing)
      Analytics | Business Intelligence | Machine Learning | AI
    • Marketing Integration + Operating Model
      Apps | Channels | Experiences | Data | Command Center
    • Master Data
      Customer | Audience | Industry | Digital Marketing Assets

    CMO

    • PEO Media
    • Brand Management
    • Campaign Management
    • Marketing Tech
    • Marketing Ops
    • Privacy, Trust, and Regulatory Requirements

    Info-Tech Insight

    Technology is the key enabler of building strong customer experiences: IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify the stakeholders whose support will be critical to success

    1.1.2 Select your CRM optimization team

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Identify CRM drivers and objectives.
    • Explore CRM challenges and pain points.
    • Discover CRM benefits and opportunities.
    • Align the CRM foundation with the corporate strategy.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • CRM optimization team composition

    CRM optimization stakeholders

    Understand the roles necessary to get the most out of your CRM.

    Understand the role of each player within your optimization initiative. Look for listed participants on the activity slides to determine when each player should be involved.

    Info-Tech Insight

    Do not limit input or participation. Include subject matter experts and internal stakeholders at stages within the optimization initiative. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to creating your CRM optimization strategy.

    Title

    Roles Within CRM Optimization Initiative

    Optimization Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP od Marketing, VP of Sales, VP of Customer Care, or similar

    Optimization Initiative Manager

    • Typically IT individual(s) that oversee day-to-day operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar

    Business Leads/
    Product Owners

    • Works alongside the Optimization Initiative Manager to ensure that the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Product Owners
    • Sales Director, Marketing Director, Customer Care Director, or similar

    CRM Optimization Team

    • Comprised of individuals whose knowledge and skills are crucial to optimization success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions
    • Project Manager, Business Lead, CRM Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs

    Steering Committee

    • Comprised of C-suite/management level individuals that act as the CRM optimization decision makers.
    • Responsible for validating goals and priorities, defining the optimization scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CMO, Business Unit SMEs, or similar

    1.1.1 Identify stakeholders critical to success

    1 hour

    1. Hold a meeting to identify the stakeholders that should be included in the project’s steering committee.
    2. Finalize selection of steering committee members.
    3. Contact members to ensure their willingness to participate.
    4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results.

    Input

    • Stakeholder interviews
    • Business process owners list

    Output

    • CRM optimization stakeholders
    • Steering committee members

    Materials

    • N/A

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service (and others)
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    The CRM optimization team

    Consider the core team functions when composing the CRM optimization team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned CRM optimization strategy.

    Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the optimization team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Customer Service.

    Required Skills/Knowledge

    Suggested Optimization Team Members

    Business

    • Understanding of the customer
    • Departmental processes
    • Sales Manager
    • Marketing Manager
    • Customer Service Manager

    IT

    • Product Owner
    • Application developers
    • Enterprise architects
    • CRM Application Manager
    • Business Process Manager
    • Data Stewards
    Other
    • Operations
    • Administrative
    • Change management
    • Operations Manager
    • CFO
    • Change Management Manager

    1.1.2 Select your CRM optimization team

    30 minutes

    1. Have the CMO and other key stakeholders discuss and determine who will be involved in the CRM optimization project.
      • Depending on the initiative and the size of the organization the size of the team will vary.
      • Key business leaders in key areas – Sales, Marketing, Customer Service, and IT – should be involved.
    2. Document the members of your optimization team in the Get the Most Out of Your CRM Workbook, tab “1. Optimization Team.”
      • Depending on your initiative and size of your organization, the size of this team will vary.

    Get the Most Out of Your CRM Workbook

    Input

    • Stakeholders

    Output

    • List of CRM Optimization Team members

    Materials

    • Get the Most Out of Your CRM Workbook

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    Step 1.2

    Build a CRM Strategy Model

    Activities

    • 1.2.1 Explore environmental factors and technology drivers
    • 1.2.2 Discuss challenges and pain points
    • 1.2.3 Discuss opportunities and benefits
    • 1.2.4 Align CRM strategy with organizational goals

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Identify CRM drivers and objectives.
    • Explore CRM challenges and pain points.
    • Discover the CRM benefits and opportunities.
    • Align the CRM foundation with the corporate strategy.

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • CRM business model
    • Strategy alignment

    Align the CRM strategy with the corporate strategy

    Corporate Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.

    Unified Strategy

    • The CRM optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.

    CRM Strategy

    Your CRM Strategy:

    • Communicates the organization’s budget and spending on CRM.
    • Identifies IT initiatives that will support the business and key CRM objectives.
    • Outlines staffing and resourcing for CRM initiatives.

    CRM projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with CRM capabilities. Effective alignment between Sales, Marketing, Customer Service, Operations, IT, and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.

    Sample CRM objectives

    Increase Revenue

    Enable lead scoring

    Deploy sales collateral management tools

    Improve average cost per lead via a marketing automation tool

    Enhance Market Share

    Enhance targeting effectiveness with a CRM

    Increase social media presence via an SMMP

    Architect customer intelligence analysis

    Improve Customer Satisfaction

    Reduce time-to-resolution via better routing

    Increase accessibility to customer service with live chat

    Improve first contact resolution with customer KB

    Increase Customer Retention

    Use a loyalty management application

    Improve channel options for existing customers

    Use customer analytics to drive targeted offers

    Create Customer-Centric Culture

    Ensure strong training and user adoption programs

    Use CRM to provide 360-degree view of all customer interactions

    Incorporate the voice of the customer into product development

    Identifying organizational objectives of high priority will assist in breaking down business needs and CRM objectives. This exercise will better align the CRM systems with the overall corporate strategy and achieve buy-in from key stakeholders.

    CRM business model Template

    This image contains a screenshot of the CRM business model template

    Understand objectives for creating a strong CRM strategy

    Business Needs

    Business Drivers

    Technology Drivers

    Environmental Factors

    Definition A business need is a requirement associated with a particular business process. Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as employee retention, operation excellence, and financial performance. Technology drivers are technological changes that have created the need for a new CRM enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. External considerations are factors taking place outside of the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business.

    Examples

    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Employee engagement
    • Productivity
    • Operational efficiency
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors, the labor market
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    One of the biggest drivers for CRM adoption is the ability to make decisions through consolidated data. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for CRM.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard and markers to capture key findings.
    3. Consider environmental factors: external considerations, organizational drivers, technology drivers, and key functional requirements.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.

    Get the Most Out of Your CRM Workbook

    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  CRM business Needs; Environmental Factors; Technology Drivers

    External Considerations

    Organizational Drivers

    Technology Considerations

    Functional Requirements

    • Funding Constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Information Availability
    • Integration Between Systems
    • Secure Data

    Create a realistic CRM foundation by identifying the challenges and barriers to the project

    There are several different factors that may stifle the success of an CRM portfolio. Organizations creating an CRM foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support

    Organizational Culture

    Organizational Structure

    IT Readiness

    Definition The degree of understanding and acceptance towards CRM technology and systems. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for new CRM system(s.)

    Questions

    • Is a CRM project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Poor implementation
    • Need for reliance on consultants

    1.2.2 Discuss challenges and pain points

    30 minutes

    1. Identify challenges with current systems and processes.
    2. Brainstorm potential barriers to success. Use a whiteboard and markers to capture key findings.
    3. Consider the project barriers: functional gaps, technical gaps, process gaps, and barriers to CRM success.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.

    Get the Most Out of Your CRM Workbook

    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  Barriers

    Functional Gaps

    Technical Gaps

    Process Gaps

    Barriers to Success

    • No sales tracking within core CRM
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    1.2.3 Discuss opportunities and benefits

    30 minutes

    1. Identify opportunities and benefits from an integrated system.
    2. Brainstorm potential enablers for successful CRM enablement and the ideal portfolio.
    3. Consider the project enablers: business benefits, IT benefits, organizational benefits, and enablers of CRM success.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.
    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  Enablers

    Business Benefits

    IT Benefits

    Organizational Benefits

    Enablers of Success

    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Change Management
    • Training
    • Alignment to Strategic Objectives

    1.2.4 Align CRM strategy with organizational goals

    1 hour

    1. Discuss your corporate objectives (organizational goals). Choose three to five corporate objectives that are a priority for the organization in the current year.
    2. Break into groups and assign each group one corporate objective.
    3. For each objective, produce several ways an optimized CRM system will meet the given objective.
    4. Think about the modules and CRM functions that will help you realize these benefits.
    5. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.
    Increase Revenue

    CRM Benefits

    • Increase sales by 5%
    • Expand to new markets
    • Offer new product
    • Identify geographies underperforming
    • Build out global customer strategy
    • Allow for customer segmentation
    • Create targeted marketing campaigns

    Input

    • Organizational goals
    • CRM strategy model

    Output

    • Optimization benefits map

    Materials

    • Get the Most Out of Your CRM Workbook

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    Download the Get the Most Out of Your CRM Workbook

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory applications and interactions

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Inventory applications
    • Map interactions between systems

    This step involves the following participants:

    • CRM Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory applications and interactions

    1-3 hours

    1. Individually list all electronic systems involved in the organization. This includes anything related to customer information and interactions, such as CRM, ERP, e-commerce, finance, email marketing, and social media, etc.
    2. Document data flows into and out of each system to the ERP. Refer to the example on the next slide (CRM data flow).
    3. Review the processes in place (e.g. reporting, marketing, data moving into and out of systems). Document manual processes. Identify integration points. If flowcharts exist for these processes, it may be useful to provide these to the participants.
    4. If possible, diagram the system. Include information direction flow. Use the sample CRM map, if needed.

    This image contains an example of a CRM Data Flow

    CRM data flow

    This image contains an example of a CRM Data Flow

    Be sure to include enterprise applications that are not included in the CRM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    When assessing the current application portfolio that supports CRM, the tendency will be to focus on the applications under the CRM umbrella, relating mostly to Marketing, Sales, and Customer Service. Be sure to include systems that act as input to, or benefit due to outputs from, the CRM or similar applications.

    Sample CRM map

    This image contains an example of a CRM map

    Step 1.4

    Define Business Capabilities

    Activities

    1.4.1 Define business capabilities

    1.4.2 List your key CRM processes

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Define your business capabilities
    • List your key CRM processes

    This step involves the following participants:

    • CRM Optimization Team
    • Business Architect

    Outcomes of this step

    • Business capabilities map
    • Key CRM processes list

    Business capability map (Level 0)

    This image contains a screenshot of a business capability map.  an Arrow labeled CRM points to the Revenue Generation section. Revenue Generation: Marketing; Sales; Customer Service.

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically will have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    Capability vs. process vs. feature

    Understanding the difference

    When examining CRM optimization, it is important we approach this from the appropriate layer.

    Capability:

    • The ability of an entity (e.g. organization or department) to achieve its objectives (APQC, 2017).
    • An ability that an organization, person, or system possesses. Typically expressed in general and high-level terms and typically require a combination of organization, people, processes, and technology to achieve (TOGAF).

    Process:

    • Can be manual or technology enabled. A process is a series of interrelated activities that convert inputs into results (outputs). Processes consume resources, require standards for repeatable performance, and respond to control systems that direct the quality, rate, and cost of performance. The same process can be highly effective in one circumstance and poorly effective in another with different systems, tools, knowledge, and people (APQC, 2017).

    Feature:

    • Is a distinguishing characteristic of a software item (e.g. performance, portability, or functionality) (IEEE, 2005).

    In today’s complex organizations, it can be difficult to understand where inefficiencies stem from and how performance can be enhanced.
    To fix problems and maximize efficiencies business capabilities and processes need to be examined to determine gaps and areas of lagging performance.

    Info-Tech’s CRM framework and industry tools such as the APQC’s Process Classification Framework can help make sense of this.

    1.4.1 Define business capabilities

    1-3 hours

    1. Look at the major functions or processes within the scope of CRM.
    2. Compile an inventory of current systems that interact with the chosen processes. In its simplest form, document your application inventory in a spreadsheet (see tab 3 of the CRM Application Inventory Tool). For large organizations, interview representatives of business domains to help create your list of applications.
    3. Make sure to include any processes that are manual versus automated.
    4. Use your current state drawing from activity 1.3.1 to link processes to applications for further effect.

    CRM Application Inventory Tool

    Input

    • Current systems
    • Key processes
    • APQC Framework
    • Organizational process map

    Output

    • List of key business processes

    Materials

    • CRM Application Inventory Tool
    • CRM APQC Framework
    • Whiteboard, PowerPoint, or flip charts
    • Pens/markers

    Participants

    • CRM Optimization Team

    CRM process mapping

    This image contains two screenshots.  one is of the business capability map seen earlier in this blueprint, and the other includes the following operating model: Objectives; Value Streams; Capabilities; Processes

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of CRM and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.

    The Value Stream

    Value Stream Defined

    Value Streams

    Design Product

    Produce Product

    Sell Product

    Customer Service

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and governmental regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream connecting consumers wants and needs to the product and services offered.
    • Relationships with consumers continue after the sale of a product and services.
    • Continued customer support and mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    APQC Framework

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes

    1. Develop Vision and Strategy
    2. Develop and Manage Products and Services
    3. Market and Sell Products and Services
    4. Deliver Physical Products
    5. Deliver Services

    Management and Support Processes

    1. Manage Customer Service
    2. Develop and Manage Human Capital
    3. Manage Information Technology (IT)
    4. Manage Financial Resources
    5. Acquire, Construct, and Manage Assets
    6. Manage Enterprise Risk, Compliance, Remediation, and Resiliency
    7. Manage External Relationships
    8. Develop and Manage Business Capabilities

    Source: APQC, 2020

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    Go to this link

    Process mapping hierarchy

    This image includes explanations for the following PCF levels:  Level 1 - Category; Level 2 - Process Group; Level 3 - Process; Level 4 - Activity; Level 5 - Task

    APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.

    THE APQC PROCESS CLASSIFICATION FRAMEWORK (PCF)® was developed by non-profit APQC, a global resource for benchmarking and best practices, and its member companies as an open standard to facilitate improvement through process management and benchmarking, regardless of industry, size, or geography. The PCF organizes operating and management processes into 12 enterprise level categories, including process groups and over 1,000 processes and associated activities. To download the full PCF or industry-specific versions of the PCF as well as associated measures and benchmarking, visit www.apqc.org/pcf.

    Cross-industry classification framework

    Level 1 Level Level 3 Level 4

    Market and sell products and services

    Understand markets, customers, and capabilities Perform customer and market intelligence analysis Conduct customer and market research

    Market and sell products and services

    Develop sales strategy Develop sales forecast Gather current and historic order information

    Deliver services

    Manage service delivery resources Manage service delivery resource demand Develop baseline forecasts
    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.

    You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    1.4.2 List your key CRM processes

    1-3 hours

    1. Reflect on your organization’s CRM capabilities and processes.
    2. Refer to tab 4, “Process Importance,” in your Get the Most Out of Your CRM Workbook. You can use your own processes if you prefer. Consult tab 10. “Framework (Reference)” in the Workbook to explore additional capabilities.
    3. Use your CRM goals as a guide.

    Get the Most Out of Your CRM Workbook

    This is a screenshot from the APQC Cross-Industry Process Classification Framework, adapted to list key CRM processes

    *Adapted from the APQC Cross-Industry Process Classification Framework, 2019.

    Step 1.5

    Understand CRM Costs

    Activities

    1.5.1 List CRM-related costs (optional)

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Define your business capabilities
    • List your key CRM processes

    This step involves the following participants:

    • Finance Representatives
    • CRM Optimization Team

    Outcomes of this step

    • Current CRM and related operating costs

    1.5.1 List CRM-related costs (optional)

    3+ hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets
    3. Use the Get the Most Out of Your CRM Workbook, tab “9. Costs (Optional),” to complete this exercise.

    This is a screenshot of an example of a table which lays out CRM and Associated Costs.

    Get the Most Out of Your CRM Workbook

    Phase 2

    Assess Your Current State

    • 2.1 Conduct a Gap Analysis for CRM Processes
    • 2.2 Assess User Satisfaction
    • 2.3 Review Your Satisfaction With the Vendor and Product

    Get the Most Out of Your CRM

    This phase will guide you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • CRM optimization team
    • Users across functional areas of your CRM and related technologies

    Step 2.1

    Conduct a Gap Analysis for CRM Processes

    Activities

    • 2.1.1 Determine process relevance
    • 2.1.2 Perform process gap analysis

    Assess Your Current State

    This step will walk you through the following activities:

    • Determine process relevance
    • Perform a gap analysis

    This step involves the following participants:

    • CRM optimization team

    Outcomes of this step

    • Gap analysis for CRM-related processes (current vs. desired state)

    2.1.1 Determine process relevance

    1-3 hours

    1. Open tab “4. Process Importance,” in the Get the Most Out of Your CRM Workbook.
    2. Rate each process for level of importance to your organization on the following scale:
      • Crucial
      • Important
      • Secondary
      • Unimportant
      • Not applicable

    This image contains a screenshot of tab 4 of the Get the most out of your CRM Workbook.

    Get the Most Out of Your CRM Workbook

    2.1.2 Perform process gap analysis

    1-3 hours

    1. Open tab “5. Process Assessment,” in the Get the Most Out of Your CRM Workbook.
    2. For each line item, identify your current state and your desired state on the following scale:
      • Not important
      • Poor
      • Moderate
      • Good
      • Excellent

    This is a screenshot of Tab 5 of the Get the Most Out of your CRM Workshop

    Get the Most Out of Your CRM Workbook

    Step 2.2

    Assess User Satisfaction

    Activities

    • 2.2.1 Prepare and complete a user satisfaction survey
    • 2.2.2 Enter user satisfaction

    Assess Your Current State

    This step will walk you through the following activities:

    • Preparation and completion of an application portfolio assessment (APA)
    • Entry of the user satisfaction scores into the workbook

    This step involves the following participants:

    • CRM optimization team
    • Users across functional areas of CRM and related technologies

    Outcomes of this step

    • Understanding of user satisfaction across applications and processes
    • Insight into CRM data quality

    Benefits of the Application Portfolio Assessment

    This is a screenshot of the application  Overview tab

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.

    This is a screenshot of the Finance Overview tab

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.

    This is a screenshot of the application  Overview tab

    Insight into the state of data quality

    • Data quality is one of the key issues causing poor CRM user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.2.1 Prepare and complete a user satisfaction survey

    1 hour

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding support they receive from the IT team.

    1. Download the CRM Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each process within the organization as a separate row. Use the processes identified in the process gap analysis as a reference.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Use the method of choice to elicit current user satisfaction for each of the processes identified as important to the organization.

    1. List processes identified as important (from the Get the Most Out of Your CRM Workbook, tab 4, “Process Importance”).
    2. Gather user contact information by department.
    3. Ask users to rate satisfaction: Extremely Satisfied, Satisfied, Neutral, Dissatisfied, and Extremely Dissatisfied (on Get the Most Out of Your CRM Workbook, tab 5. “Process Assessment”).

    This image contains a screenshot of the CRM Application Inventory Tool Tab

    Understand user satisfaction across capabilities and departments within your organization.

    Download the CRM Application Inventory Tool

    2.2.2 Enter user satisfaction

    20 minutes

    Using the results from the Application Portfolio Assessment or your own user survey:

    1. Open your Get the Most Out of Your CRM Workbook, tab “5. Process Assessment.”
    2. For each process, record up to three different department responses.
    3. Enter the answers to the survey for each line item using the drop-down options:
      • Extremely Satisfied
      • Satisfied
      • Neutral
      • Dissatisfied
      • Extremely Dissatisfied

    This is a screenshot of Tab 5 of the Get the most out of your CRM Workbook

    Understand user satisfaction across capabilities and departments within your organization.

    Get the Most Out of Your CRM Workbook

    Step 2.3

    Review Your Satisfaction With the Vendor and Product

    Activities

    2.3.1 Rate your vendor and product satisfaction

    2.3.2 Enter SoftwareReviews scores from your CRM Product Scorecard (optional)

    Assess Your Current State

    This step will walk you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • CRM Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    Use a SoftwareReviews Product Scorecard to evaluate your satisfaction compared to other organizations.

    This is a screenshot of the SoftwareReviews Product Scorecard

    Source: SoftwareReviews, March 2019

    Where effective IT leaders spend their time

    This image contains two lists.  One list is where CIOs with  data-verified=80% satisfaction score, and the other list is CIOs with <80% satisfaction score.">

    Info-Tech Insight

    The data shows that effective IT leaders invest a significant amount of time (8%) on vendor management initiatives.

    Be proactive in managing you calendar and block time for these important tasks.

    CIOs who prioritize vendor management see improved results

    Analysis of CIOs’ calendars revealed that how CIOs spend their time has a correlation to both stakeholder IT satisfaction and CEO-CIO alignment.

    Those CIOs that prioritized vendor management were more likely to have a business satisfaction score greater than 80%.

    This image demonstrates that CIOs who spend time with the team members of their direct reports delegate management responsibilities to direct reports and spend less time micromanaging, and CIOs who spend time on vendor management align rapidly changing business needs with updated vendor offerings.

    2.3.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your CRM product(s) and vendor(s).

    Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.

    Download the Get the Most Out of Your CRM Workbook

    Option 2: Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to review your satisfaction with your software.

    SoftwareReviews’ Customer Relationship Management

    This is a screenshot of tab 6 of the Get the most out of your CRM Workbook.

    2.3.2 Enter SoftwareReviews scores (optional)

    30 minutes

    1. Download the scorecard for your CRM product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to record the scorecard results.
    3. Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Download the Get the Most Out of Your CRM Workbook

    SoftwareReviews’ Customer Relationship Management

    This is a screenshot of the optional vendor optimization scorecard

    Phase 3

    Build Your Optimization Roadmap

    • 3.1 Identify Key Optimization Areas
    • 3.2 Compile Optimization Assessment Results

    Get the Most Out of Your CRM

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • CRM Optimization Team

    Build your optimization roadmap

    Address process gaps

    • CRM and related technologies are invaluable to sales, marketing, and customer service enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work towards.

    Support user satisfaction

    • The best technology in the world won’t deliver business results if it is not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against those of your peers and work towards building a process that is best fit for your organization.

    Info-Tech Insight

    Enabling a high-performing, customer-centric sales, marketing, and customer service operations program requires excellent management practices and continuous optimization efforts.

    Technology portfolio and architecture is important, but we must go deeper. Taking a holistic view of CRM technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results.

    Using a formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Step 3.1

    Identify Key Optimization Areas

    Activities

    • 3.1.1 Explore process gaps
    • 3.1.2 Analyze user satisfaction
    • 3.1.3 Assess data quality
    • 3.1.4 Analyze product satisfaction and vendor management

    Build Your Optimization Roadmap

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • Application optimization plan

    3.1.1 Explore process gaps

    1 hour

    1. Review the compiled CRM Process Assessment in the Get the Most Out of Your CRM Workbook, tab “7. Process Prioritization.”
    2. These are processes you should prioritize.
    • The activities in the rest of Step 3.1 help you create optimization strategies for the different areas of improvement these processes relate to: user satisfaction, data quality, product satisfaction, and vendor management.
  • Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)
  • This image consists of the CRM Process Importance Rankings

    Get the Most Out of Your CRM Workbook

    Plan your product optimization strategy for each area of improvement

    This is a screenshot from the Get the most out of your CRM Workbook, with the Areas of Improvement column  highlighted in a red box.

    3.1.2 Analyze user satisfaction

    1 hour

    1. Use the APA survey results from activity 2.2.1 (or your own internal survey) to identify areas where the organization is performing low in user satisfaction across the CRM portfolio.
      1. Understand application portfolio and IT service satisfaction.
      2. Identify cost savings opportunities from unused or unimportant apps.
      3. Build a roadmap for improving user IT services.
      4. Manage needs by department and seniority.
    2. Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    this is an image of the Business & IT Communications Overview Tab from the Get the Most Out of Your CRM Workbook

    Get the Most Out of Your CRM Workbook

    Plan your user satisfaction optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Next steps in improving your data quality

    Data Quality Management Effective Data Governance Data-Centric Integration Strategy Extensible Data Warehousing
    • Prevention is ten times cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing it by healing it at the source of the problem.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Build your data integration practice with a firm foundation in governance and reference architecture. Ensure your process is scalable and sustainable.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and members of the data governance steering committee.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Ensure buy-in from the business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build Your Data Quality Program

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    3.1.3 Assess data quality

    1 hour

    1. Use your APA survey results (if available) to identify areas where the organization is performing low in data quality initiatives. Common areas for improvement include:
      • Overall data quality management
      • Effective data governance
      • Poor data integration
      • The need to implement extensible data warehousing
    2. Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    This is an image of the Business & IT Communications Overview tab from the Get the most out of your CRM Workbook

    Get the Most Out of Your CRM Workbook

    Plan your data quality optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Use Info-Tech’s vendor management initiative (VMI)

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    A crowd chart is depicted, with quadrants for strategic value, and Vendor spend/switching cost.

    Info-Tech Insight

    A VMI is a formalized process within an organization, responsible for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in this blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.1.4 Analyze product satisfaction and vendor management

    1 hour

    1. Use the Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization.”
    2. Download the SoftwareReviews Vendor Scorecard.
    3. Using the scorecards, compare your results with those of your peers.
    4. Consolidate areas of improvement and optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    See previous slide for help around implementing a vendor management initiative.

    This is a screenshot from the Get the most out of your CRM Workbook, with the Areas for Optimization column  highlighted in a red box.

    Get the Most Out of Your CRM Workbook

    Plan your vendor management optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Step 3.2

    Compile Optimization Assessment Results

    Activities

    • 3.2.1 Identify key optimization areas

    Build Your Optimization Roadmap

    This step will guide you through the following activities:

    • Use your work from previous activities and prioritization to build your list of optimization activities and lay them out on a roadmap

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • Application optimization plan

    3.2.1 Identify key optimization areas

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Consolidate your findings and identify optimization priorities (Step 3.1).
    2. Prioritize those most critical to the organization, easiest to change, and whose impact will be highest.
    3. Use the information gathered from exercise 1.5.1 on Get the Most Out of Your CRM Workbook, tab “9. Costs (Optional).”
    4. These costs could affect the priority or timeline of the initiatives. Consolidate your thoughts on your Get the Most Out of Your CRM Workbook, tab 8, “Optimization Roadmap.” Note: There is no column specific to costs on tab 8.

    This is meant as a high-level roadmap. For formal, ongoing optimization project management, refer to “Build a Better Backlog” (Phase 2 of the Info-Tech blueprint Deliver on Your Digital Product Vision).

    This is a screenshot from the Get the most out of your CRM Workbook, with the Priority; Owner; and Timeline columns highlighted in a red box.

    Next steps: Manage your technical debt

    Use a holistic assessment of the “interest” paid on technical debt to quantify and prioritize risk and enable the business make better decisions.

    • Technical debt is an IT risk, which in turn is a category of business risk.
    • The business must decide how to manage business risk.
    • At the same time, business decision makers may not be aware of technical debt or be able to translate technical challenges into business risk. IT must help the business make decisions around IT risk by describing the risk of technical debt in business terms and by outlining the options available to address risk.
    • Measure the ongoing business impact (the “interest” paid on technical debt) to establish the business risk of technical debt. Consider a range of possible impacts including direct costs, lost goodwill, lost flexibility and resilience, and health, safety, and compliance impacts.
    • When weighing these impacts, the business may choose to accept the risk of technical debt if the cost of addressing the debt outweighs the benefit. But it’s critically important that the business accepts that risk – not IT.

    Manage Your Technical Debt

    Take it a step further…

    Deliver on Your Digital Product Vision

    Phase 2: Build a Better Product Backlog

    Build a structure for your backlog that supports your product vision.

    Deliver on Your Digital Product Vision

    Build a better backlog

    An ongoing CRM optimization effort is best facilitated through a continuous Agile process. Use info-Tech’s developed tools to build out your backlog.

    The key to a better backlog is a common structure and guiding principles that product owners and product teams can align to.

    Info-Tech Insight

    Exceptional customer value begins with a clearly defined backlog focused on items that will create the greatest human and business benefits.

    Activity Participants

    Backlog Activity

    Quality Filter

    Product Manager

    Product Owner

    Dev Team

    Scrum Master

    Business

    Architects

    Sprint

    Sprint Planning

    “Accepted”

    Ready

    Refine

    “Ready”

    Qualified

    Analysis

    “Qualified”

    Ideas

    Intake

    “Backlogged”

    A product owner and the product backlog are critical to realize the benefits of Agile development

    A product owner is accountable for defining and prioritizing the work that will be of the greatest value to the organization and its customers. The backlog is the key to facilitating this process and accomplishing the most fundamental goals of delivery.

    For more information on the role of a product owner, see Build a Better Product Owner.

    Highly effective Agile teams spend 28% of their time on product backlog management and roadmapping (Quantitative Software Management, 2015).

    1. Manage Stakeholders

    • Stakeholders need to be kept up to speed on what the future holds for a product, or at least they should be heard. This task falls to the product owner.

    2. Inform and Protect the Team

    • The product owner is a servant leader of the team. They need to protect the team from all the noise and give them the time they need to focus on what they do best: develop.

    3. Maximize Value to the Product

    • Sifting through all of these voices and determining what is valuable, or what is most valuable, falls to the product owner.

    A backlog stores and organizes PBIs at various stages of readiness.

    Your backlog must give you a holistic understanding of demand for change in the product

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort a PBI requires is estimated at each tier.

    Prioritized: The PBI’s value and priority are determined at each tier.

    Ideas; Qualified; Ready

    3 - IDEAS

    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 - QUALIFIED

    Researched and qualified PBIs awaiting refinement.

    1 - READY

    Discrete, refined PBIs that are ready to be placed in your development teams’ sprint plans.

    Summary of Accomplishment

    Get the Most Out of Your CRM

    CRM technology is critical to facilitate an organization’s relationships with customers, service users, employees, and suppliers. CRM implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your CRM allows organizations to proactively implement continuous assessment and optimization of a customer relationship management system. This includes:

    • Alignment and prioritization of key business and technology drivers
    • Identification of CRM processes including classification and gap analysis
    • Measurement of user satisfaction across key departments
    • Improved vendor relations
    • Data quality initiatives

    This formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process-improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information

    workshops@infotech.com
    1-866-670-8889

    Research Contributors

    Ben Dickie

    Ben Dickie
    Research Practice Lead
    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    Scott Bickley

    Scott Bickley
    Practice Lead & Principal Research Director
    Info-Tech Research Group

    Scott Bickley is a Practice Lead & Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement, along with a deep background in operations, engineering, and quality systems management.

    Andy Neil

    Andy Neil
    Practice Lead, Applications
    Info-Tech Research Group

    Andy is Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry-standard data models.

    Bibliography

    Armel, Kate. “Data-driven Estimation, Management Lead to High Quality.” Quantitative Software Management Inc. 2015. Web.

    Chappuis, Bertil, and Brian Selby. “Looking beyond Technology to Drive Sales Operations.” McKinsey & Company, 24 June 2016. Web.

    Cross-Industry Process Classification Framework (PCF) Version 7.2.1. APQC, 26 Sept. 2019. Web.

    Fleming, John, and Hater, James. “The Next Discipline: Applying Behavioral Economics to Drive Growth and Profitability.” Gallup, 22 Sept. 2012. Accessed 6 Oct. 2020.

    Hinchcliffe, Dion. “The evolving role of the CIO and CMO in customer experience.” ZDNet, 22 Jan. 2020. Web.

    Karlsson, Johan. “Backlog Grooming: Must-Know Tips for High-Value Products.” Perforce. 18 May 2018. Web. Feb. 2019.

    Klie, L. “CRM Still Faces Challenges, Most Speakers Agree: CRM systems have been around for decades, but interoperability and data siloes still have to be overcome.” CRM Magazine, vol. 23, no. 5, 2019, pp. 13-14.

    Kumar, Sanjib, et al. “Improvement of CRM Using Data Mining: A Case Study at Corporate Telecom Sector.” International Journal of Computer Applications, vol. 178, no. 53, 2019, pp. 12-20, doi:10.5120/ijca2019919413.

    Morgan, Blake. “50 Stats That Prove The Value Of Customer Experience.” Forbes, 24 Sept. 2019. Web.

    Norelus, Ernese, et al. “An Approach to Application Modernization: Discovery and Assessment Phase.” IBM Garage, Medium, 24 Feb 2020. Accessed 4 Mar. 2020.

    “Process Frameworks.” APQC, 4 Nov. 2020. Web.

    “Process vs. Capability: Understanding the Difference.” APCQ, 2017. Web.

    Rubin, Kenneth S. "Essential Scrum: A Practical Guide to the Most Popular Agile Process." Pearson Education, 2012.

    Savolainen, Juha, et al. “Transitioning from Product Line Requirements to Product Line Architecture.” 29th Annual International Computer Software and Applications Conference (COMPSAC'05), IEEE, vol. 1, 2005, pp. 186-195, doi: 10.1109/COMPSAC.2005.160

    Smith, Anthony. “How To Create A Customer-Obsessed Company Like Netflix.” Forbes, 12 Dec. 2017. Web.

    “SOA Reference Architecture – Capabilities and the SOA RA.” The Open Group, TOGAF. Web.

    Taber, David. “What to Do When Your CRM Project Fails.” CIO Magazine, 18 Sept. 2017. Web.

    “Taudata Case Study.” Maximizer CRM Software, 17 Jan. 2020. Web.

    Requirements Gathering

    • Buy Link or Shortcode: {j2store}49|cart{/j2store}
    • Related Products: {j2store}49|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $33,901
    • member rating average days saved: 23
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects

    The challenge

    • The number reason projects fail because from the outset, what people wanted was not clear.
    • Without proper due diligence, IT will deliver projects that fail to meet business expectations and fail to provide business value.
    • If you failed to accurately capture the needs and desires, your projects are set up for costly rework. That will hurt your business's financial performance and result in damage to your relationship with your business partners.
    • Even with requirements gathering processes in place, your business analysts may not have the required competencies to execute them.

    Our advice

    Insight

    • You need to gather requirements with your organizations' end-state in mind. That requires IT and business alignment.
    • You would be good to create a set of standard operating procedures around requirements gathering. But many companies fail to do so.
    • Bring standardization and conformity to your requirements gathering processes via a centralized center of excellence. That brings cohesion and uniformity to your practice.
    • It is critical that your business analysts have the necessary competencies to execute your processes and that they ask the right questions.

    Impact and results 

    • Better requirements analysis will result in shorter cycle timed and reduced project rework and overhead.
    • You will enjoy better relationships with your business partners, greater stakeholder satisfaction, and gradually a better standing of IT.
    • Most importantly, the applications and systems you deliver will contain all must-haves and some nice-to-haves. Your minimal viable deliverable will start to create business value immediately.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should invest in optimizing requirements gathering in your company. We show you how we can support you.

    Build the target state

    Fully understand the target needs of the requirements gathering process.

    • Build a Strong Approach to Business Requirements Gathering – Phase 1: Build the Target State for the Requirements Gathering Process (ppt)
    • Requirements Gathering SOP and BA Playbook (doc)
    • Requirements Gathering Maturity Assessment (xls)
    • Project Level Selection Tool (xls)
    • Business Requirements Analyst (doc)
    • Requirements Gathering Communication Tracking Template (xls)

    Develop best practices to gather business requirements

    • Build a Strong Approach to Business Requirements Gathering – Phase 2: Define the Elicitation Process (ppt)
    • Business Requirements Document Template (xls)
    • Scrum Documentation Template (doc)

    Analyze and validate requirements

    Standardize your frameworks for analysis and validation of the business requirements

    • Build a Strong Approach to Business Requirements Gathering – Phase 3: Analyze and Validate Requirements (ppt)
    • Requirements Gathering Documentation Tool (xls)
    • Requirements Gathering Testing Checklist (doc)

    Build your requirements gathering governance action plan

    Formalize governance.

    • Build a Strong Approach to Business Requirements Gathering – Phase 4: Create a Requirements Governance Action Plan (ppt)
    • Requirements Traceability Matrix (xls)

     

     

    CIO Priorities 2022

    • Buy Link or Shortcode: {j2store}328|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $31,499 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Understand how to respond to trends affecting your organization.
    • Determine your priorities based on current state and relevant internal factors.
    • Assign the right amount of resources to accomplish your vision.
    • Consider what new challenges outside of your control will demand a response.

    Our Advice

    Critical Insight

    A priority is created when external factors hold strong synergy with internal goals and an organization responds by committing resources to either avert risk or seize opportunity. These are the priorities identified in the report:

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Impact and Result

    Update your strategic roadmap to include priorities that are critical and relevant for your organization based on a balance of external and internal factors.

    CIO Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2022 – A report on the key priorities for competing in the digital economy.

    Discover Info-Tech’s five priorities for CIOs in 2022.

    • CIO Priorities Report for 2022

    2. Listen to the podcast series

    Hear directly from our contributing experts as they discuss their case studies with Brian Jackson.

    • Frictionless hybrid working: How the Harvard Business School did it
    • Close call with ransomware: A CIO recounts a near security nightmare
    • How a financial services company dodged "The Great Resignation"
    • How Allianz took a blockchain platform from pilot to 1 million transactions
    • CVS Health chairman David Dorman on healthcare's hybrid future

    Infographic

    Further reading

    CIO Priorities 2022

    A jumble of business-related words. Info-Tech’s 2022 Tech Trends survey asked CIOs for their top three priorities. Cluster analysis of their open-ended responses shows four key themes:
    1. Business process improvements
    2. Digital transformation or modernization
    3. Security
    4. Supporting revenue growth or recovery

    Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

    2022 Tech Trends Survey CIO Demographic N=123

    Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

    2022 IT Talent Trends Survey CIO Demographic N=44

    Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

    Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

    Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

    CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

    Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

    Build IT alignment

    IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

    Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

    Assess your IT processes

    The CIO priorities are informed by Info-Tech’s trends research reports and surveys

    Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

    Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

    A sequence of processes beginning with 'Sensing', 'Hypothesis', 'Validation', and ending with 'Trends, 'Priorities'. Under Sensing is Technology Research, Interviews & Insights, Gathering, and PESTLE. Under Hypothesis is Near-Future Probabilities, Identify Patterns, Identify Uncertainties, and Identify Human Benefits. Under Validation is Test Hypothesis, Case Studies, and Data-Driven Insights. Under Trends is Technology, Talent, and Industry. Under Priorities is CIO, Applications, Infrastructure, and Security.

    Visit Info-Tech’s Trends & Priorities Research Center

    Image called 'Defining the CIO Priorities for 2022'. Image shows 4 columns, Implications, Resource Investment, Amplifiers, and Actions and Outcomes, with 2 dotted lines, labeled External Context and Internal Context, running through all 4 columns and leading to bottom-right label called CIO Priorities Formed

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Reduce friction in the hybrid operating model

    Priority 01 | APO07 Human Resources Management

    Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

    Hybrid work is here to stay

    CIOs must deal with new pain points related to friction of collaboration

    In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

    Most popular technologies already invested in to facilitate better collaboration

    • 24% Web Conferencing
    • 23% Instant Messaging
    • 20% Document Collaboration

    In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

    • Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
    • Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
    • Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

    Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

    In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

    Elizabeth Clark

    CIO, Harvard Business School

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Listen to the Tech Insights podcast:
    Frictionless hybrid working: How the Harvard Business School did it

    Internal interpretation: Harvard Business School

    • March 2020
      The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.
    • May 2020
      A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.
    • October 2020
      Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.
    • September 2021
      Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.
    • November 2021
      HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

    Photo of a renovated classroom with Zoom participants integrated with the in-person students.
    The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

    Implications: Organization, Process, Technology

    External

    • Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
    • Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
    • Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

    Internal

    • Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
    • Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
    • Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

    Resources Applied

    Appetite for Technology

    CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

    Intent to Invest

    Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

    “We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

    Harvard Business School

    • IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
    • The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
    • Employees were hired to the media services team at a time when other areas of the organization were frozen.

    Outcomes at Harvard Business School

    The new normal at Harvard Business School

    New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

    Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

    Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

    Photo of a custom Zoom room bringing together multiple view of the classroom as well as all remote students.
    A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

    From Priorities to Action

    Make hybrid collaboration a joy

    Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

    Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

    “We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

    Take the next step

    Run Better Meetings
    Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

    Prepare People Leaders for the Hybrid Work Environment
    Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

    Hoteling and Hot-Desking: A Primer
    What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

    “Human Resources Management” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the Human Resources Management gap between importance and effectiveness. The difference is marked as Delta 2.3.

    Improve your ransomware readiness

    Priority 02 | APO13 Security Strategy

    Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

    The ransomware crisis threatens every organization

    Prevention alone won’t be enough against the forces behind ransomware.

    Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

    Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

    CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

    Most popular ways for organizations to prepare for the event of a successful ransomware attack:

    • 25% Created offline backups
    • 18% Purchased cyberinsurance
    • 19% New tech to eradicate ransomware

    Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

    CIOs can plan to mitigate ransomware attacks in several constructive ways:

    • Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
    • Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
    • Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

    50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

    John Doe

    CIO, mid-sized manufacturing firm in the US

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Blank photo.

    Listen to the Tech Insights podcast:
    Close call with ransomware: a CIO recounts a near security nightmare

    Internal interpretation: US-based, mid-sized manufacturing firm

    • May 1, 2021
      A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.
    • May 2, 2021
      The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.
    • May 4, 2021
      The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.
    • May 10, 2021
      The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.
    • November 2021
      The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

    “Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

    Implications: Organization, Process, Technology

    External

    • Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
    • Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
    • Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

    Internal

    • Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
    • Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
    • Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

    Resources Applied

    Consider the Alternative

    Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

    Ask for ID

    Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

    “You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

    “The Firm” (Mid-Sized Manufacturer)

    • During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
    • New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
    • One more full-time employee on the security team.
    • Doubled investment in security in 2021 and will spend more in 2022.

    Outcomes at “The Firm” (Mid-Sized Manufacturer)

    The new cost of doing business

    Real-time security: While The Firm is still investing in prevention-based security, it is also developing its real-time detection and response capabilities. When ransomware makes it through the cracks, it wants to know as soon as possible and stop it.

    Leadership commitment: The C-suite is taking the experience as a wake-up call that more investment is required in today’s threat landscape. The Firm rates security more highly as an overall organizational goal, not just something for IT to worry about.

    Stock photo of someone using their phone while sitting at a computer, implying multi-factor authentication.
    The Firm now uses multi-factor authentication as part of its employee sign-on process. For employees, authenticating is commonly achieved by using a mobile app that receives a secret code from the issuer.

    From Priorities to Action

    Cybersecurity is everyone’s responsibility

    In Info-Tech’s CEO-CIO Alignment Benchmark for 2021, the business goal of “Manage Risk” was the single biggest point of disagreement between CIOs and their direct supervisors. CIOs rank it as the second-most important business goal, while CEOs rank it as sixth-most important.

    Organizations should align on managing risk as a top priority given the severity of the ransomware threat. The threat actors and nature of the attacks are such that top leadership must prepare for when ransomware hits. This includes halting operations quickly to contain damage, engaging third-party security forensics experts, and coordinating with government regulators.

    Cybersecurity strategies may be challenged to be effective without creating some friction for users. Organizations should look beyond multi-layer prevention strategies and lean toward quick detection and response, spending evenly across prevention, detection, and response solutions.

    Take the next step

    Create a Ransomware Incident Response Plan
    Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

    Simplify Identity and Access Management
    Select and implement IAM and produce vendor RFPs that will contain the capabilities you need, including multi-factor authentication.

    Cybersecurity Series Featuring Sandy Silk
    More from Info-Tech’s Senior Workshop Director Sandy Silk in this video series created while she was still at Harvard University.

    Gap between CIOs and CEOs in points allocated to “Manage risk” as a top business goal

    A bar chart illustrating the gap between CIOs and CEOs in points allocated to 'Manage risk' as a top business goal. The difference is marked as Delta 1.5.

    Support an employee-centric retention strategy

    Priority 03 | ITRG02 Leadership, Culture & Values

    Avoid being a victim of “The Great Resignation” by putting employees at the center of an experience that will engage them with clear career path development, purposeful work, and transparent feedback.

    Defining an employee-first culture that improves retention

    The Great resignation isn’t good for firms

    In 2021, many workers decided to leave their jobs. Working contexts were disrupted by the pandemic and that saw non-essential workers sent home to work, while essential workers were asked to continue to come into work despite the risks of COVID-19. These disruptions may have contributed to many workers reevaluating their professional goals and weighing their values differently. At the same time, 2021 saw a surging economy and many new job opportunities to create a talent-hungry market. Many workers could have been motivated to take a new opportunity to increase their salary or receive other benefits such as more flexibility.

    Annual turnover rate for all us employees on the rise

    • 20% – Jan.-Aug. 2020, Dipped from 22% in 2019
    • 25% Jan.-Aug. 2021, New record high
    • Data from Visier Inc.

    When you can’t pay them, develop them

    IT may be less affected than other departments by this trend. Info-Tech’s 2022 IT Talent Trends Report shows that on average, estimated turnover rate in IT is lower than the rest of the organization. Almost half of respondents estimated their organization’s voluntary turnover rate was 10% or higher. Only 30% of respondents estimate that IT’s voluntary turnover rate is in the same range. However, CIOs working in industries with the highest turnover rates will have to work to keep their workers engaged and satisfied, as IT skills are easily transferred to other industries.

    49% ranked “enabling learning & development within IT” as high priority, more than any other single challenge. (IT Talent Trends 2022 Survey, N=227)

    A bar chart of 'Industries with highest turnover rates (%)' with 'Leisure and Hospitality' at 6.4%, 'Trade, Transportation & Utilities' at 3.6%, 'Professional and Business' at 3.3%, and 'Other Services' at 3.1%. U.S. Bureau of Labor Statistics, 2022.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage

    “We have to get to know the individual at a personal level … Not just talking about the business, but getting to know the person."

    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Listen to the Tech Insights podcast:
    How a financial services company dodged ‘The Great Resignation’

    Internal interpretation: CrossCountry Mortgage

    • May 2019
      Jeff Previte joins Cleveland, Ohio-based CrossCountry Mortgage in the CIO role. The company faces a challenge with employee turnover, particularly in IT. The firm is a sales-focused organization and saw its turnover rate reach as high as 60%. Yet Previte recognized that IT had some meaningful goals to achieve and would need to attract – and retain – some higher caliber talent. His first objective in his new role was to meet with IT employees and business leadership to set priorities.
    • July 2019
      Previte takes a “people-first” approach to leadership and meets his staff face-to-face to understand their personal situations. He sets to work on defining roles and responsibilities in the organization, spending about a fifth of his time on defining the strategy.
    • June 2020
      Previte assigned his leadership team to McLean & Company’s Design an Impactful Employee Development Program. From there, the team developed a Salesforce tool called the Career Development Workbook. “We had some very passionate developers and admins that wanted to build a home-grown tool,” he says. It turns McLean & Company’s process into a digital tool employees can use to reflect on their careers and explore their next steps. It helps facilitate development conversations with managers.
    • January 2021
      CrossCountry Mortgage changes its approach to career development activities. Going to external conferences and training courses is reduced to just 30% of that effort. The rest is by doing hands-on work at the company. Previte aligned with his executives and road-mapped IT projects annually. Based on employee’s interests, opportunities are found to carve out time from usual day-to-day activities to spend time on a project in a new area. When there’s a business need, someone internally can be ready to transition roles.
    • June 2021
      In the two years since joining the company, Previte has reduced the turnover rate to just 12%. The IT department has grown to more adequately meet the needs of the business and employees are engaged with more opportunities to develop their careers. Instead of focusing on compensation, Previte focused more on engaging employees with a developmentally dedicated environment and continuous hands-on learning.

    “It’s come down to a culture shift. Folks have an idea of where we’re headed as an organization, where we’re headed as an IT team, and how their role contributes to that.” (Jeff Previte, EVP of IT, CrossCountry Mortgage)

    Implications: Organization, Process, Technology

    External

    • Organization – A high priority is being placed on improving IT’s maturity through its talent. Enabling learning and development in IT, enabling departmental innovation, and recruiting are the top three highest priorities according to IT Talent Trends 2022 survey responses.
    • Process – Recruiting is more challenging for industries that operate primarily onsite, according to McLean & Company's 2022 HR Trends Report. They face more challenges attracting applications, more rejected offers, and more candidate ghosting compared to remote-capable industries.
    • Technology – Providing a great employee experience through digital tools is more important as many organizations see a mix of workers in the office and at home. These tools can help connect colleagues, foster professional development, and improve the candidate experience.

    Internal

    • Organization – CrossCountry Mortgage faced a situation where IT employees did not have clarity on their roles and responsibilities. In terms of salary, it wasn’t offering at the high end compared to other employers in Cleveland.
    • Process – To foster a culture of growth and development, CrossCountry Mortgage put in place a performance assessment system that encouraged reflection and goal setting, aided by collaboration with a manager.
    • Technology – The high turnover rate was limiting CrossCountry Mortgage from achieving the level of maturity it needed to support the company’s goals. It ingrained its new PA process with a custom build of a Salesforce tool.

    Resources Applied

    Show me the money

    Almost six in ten Talent Trends survey respondents identified salary and compensation as the reason that employees resigned in the past year. Organizations looking to engage employees must first pay a fair salary according to market and industry conditions.

    Build me up

    Professional development and opportunity for innovative work are the next two most common reasons for resignations. Organizations must ensure they create enough capacity to allow workers time to spend on development.

    “Building our own solution created an element of engagement. There was a sense of ownership that the team had in thinking through this.” (Jeff Previte, CrossCountry Mortgage)

    CrossCountry Mortgage

    • Executive time: CIO spends 10-20% of his time on activities related to designing the approach.
    • Leveraged memberships with Info-Tech Research Group and McLean & Company to define professional development process.
    • Internal IT develops automated workflow in Salesforce.
    • Hired additional IT staff to build out overall capacity and create time for development activities.

    Outcomes at CrossCountry Mortgage

    Engaged IT workforce

    The Great Maturation: IT staff turnover rate dropped to 10-12% and IT talent is developing on the job to improve the department’s overall skill level. More IT staff on hand and more engaged workers mean IT can deliver higher maturity level results.

    Alignment achieved: Connecting IT’s initiatives to the vision of the C-suite creates a clear purpose for IT in its initiatives. Staff understand what they need to achieve to progress their careers and can grow while they work.

    Photo of employees from CrossCountry Mortgage assisting with a distribution event.
    Employees from CrossCountry Mortgage headquarters assist with a drive-thru distribution event for the Cleveland Food Bank on Dec. 17, 2021. (Image courtesy of CrossCountry Mortgage.)

    From Priorities to Action

    Staff retention is a leadership priority

    The Great Resignation trend is bringing attention to employee engagement and staff retention. IT departments are busier than ever during the pandemic as they work overtime to keep up with a remote workforce and new security threats. At the same time, IT talent is among the most coveted on the market.

    CIOs need to develop a people-first approach to improve the employee experience. Beyond compensation, IT workers need clarity in terms of their career paths, a direct connection between their work and the goals of the organization, and time set aside for professional development.

    Info-Tech’s 2021 benchmark for “Leadership, Culture & Values” shows that most organizations rate this capability very highly (9) but see room to improve on their effectiveness (6.9).

    Take the next step

    IT Talent Trends 2022
    See how IT talent trends are shifting through the pandemic and understand how themes like The Great Resignation has impacted IT.

    McLean & Company’s Modernize Performance Management
    Customize the building blocks of performance management to best fit organizational needs to impact individual and organizational performance, productivity, and engagement.

    Redesign Your IT Organizational Structure
    Define future-state work units, roles, and responsibilities that will enable the IT organization to complete the work that needs to be done.

    “Leadership, Culture & Values” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Leadership, Culture & Values' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Design an automation platform

    Priority 04 | APO04 Innovation

    Position yourself to buy or build a platform that will enable new automation opportunities through seamless integration.

    Build it or buy it, but platform integration can yield great benefits

    Necessity is the mother of innovation

    When it’s said that digital transformation accelerated during the pandemic, what’s really meant is that processes that were formerly done manually became automated through software. In responses to the Tech Trends survey, CIOs say digital transformation was more of a focus during the pandemic, and eight in ten CIOs also say they shifted more than 20% of their organization’s processes to digital during the pandemic. Automating tasks through software can be called digitalization.

    Most organizations became more digitalized during the pandemic. But how they pursued it depends on their IT maturity. For digital laggards, partnering with a technology services platform is the path of least resistance. For sophisticated innovators, they can consider building a platform to address the specific needs of their business process. Doing so requires the foundation of an existing “digital factory” or innovation arm where new technologies can be tested, proofs of concept developed, and external partnerships formed. Patience is key with these efforts, as not every investment will yield immediate returns and some will fail outright.

    Build it or buy it, platform participants integrate with their existing systems through application programming interfaces (APIs). Organizations should determine their platform strategies based on maturity, then look to integrate the business processes that will yield the most gains.

    What role should you play in the platform ecosystem?

    A table with levels on the maturity ladder laid out as a sprint. Column headers are maturity levels 'Struggle', 'Support', 'Optimize', 'Expand', and 'Transform', row headers are 'Maturity' and 'Role'. Roles are assigned to one or many levels. 'Improve' is solely under Struggle. 'Integrate' spans from Support to Transform. 'Buy' spans Support to Expand. 'Build' begins midway through Expand and all of Transform. 'Partner' spans from Optimize to halfway through Transform.

    68% of CIOs say digital transformation became much more of a focus for their organization during the pandemic (Info-Tech Tech Trends 2022 Survey)

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE

    "Smart contracts are really just workflows between counterparties."

    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    Listen to the Tech Insights podcast:
    How Allianz took a blockchain platform from pilot to 1 million transactions

    Internal interpretation: Allianz Technology

    • 2015
      After smart contracts are demonstrated on the Ethereum blockchain, Allianz and other insurers recognize the business value. There is potential to use the capability to administer a complex, multi-party contract where the presence of the reinsurer in the risk transfer ecosystem is required. Manual contracts could be turned into code and automated. Allianz organized an early proof of concept around a theoretical pandemic excessive loss contract.
    • 2018
      Allianz Chief Architect Bob Crozier is leading the Global Blockchain Center of Competence for Allianz. They educate Allianz on the value of blockchain for business. They also partner with a joint venture between the Technology University of Munich and the state of Bavaria. A cohort of Masters students is looking for real business problems to solve with open-source distributed ledger technology. Allianz puts its problem statement in front of the group. A student team presents a proof of concept for an international motor insurance claims settlement and it comes in second place at a pitch day competition.
    • 2019
      Allianz brings the concept back in-house, and its business leaders return to the concept. Startup Luther Systems is engaged to build a minimum-viable product for the solution, with the goal being a pilot involving three or four subsidiaries in different countries. The Blockchain Center begins communicating with 25 Allianz subsidiaries that will eventually deploy the platform.
    • 2020
      Allianz is in build mode on its international motor insurance claims platform. It leverages its internal Dev/SecOps teams based in Munich and in India.
    • May 2021
      Allianz goes live with its new platform on May 17, decommissioning its old system and migrating all live claims data onto the new blockchain platform. It sees 400 concurrent users go live across Europe.
    • January 2022
      Allianz mines its one-millionth block to its ledger on Jan. 19, with each block representing a peer-to-peer transaction across its 25 subsidiaries in different countries. The platform has settled hundreds of millions of dollars.

    Stock photo of two people arguing over a car crash.

    Implications: Organization, Process, Technology

    External

    • Organization – To explore emerging technologies like blockchain, organizations need staff that are accountable for innovation and have leeway to develop proofs of concept. External partners are often required to bring in fresh ideas and move quickly towards an MVP.
    • Process – According to the Tech Trends 2022 survey, 84% of CIOs consider automation a high-value digital capability, and 77% say identity verification is a high-value capability. A blockchain platform using smart contracts can deliver those.
    • Technology – The Linux Foundation’s Hyperledger Fabric is an open-source blockchain technology that’s become popular in the financial industry for its method of forming consensus and its modular architecture. It’s been adopted by USAA, MasterCard, and PayPal. It also underpins the IBM Blockchain Platform and is supported by Azure Blockchain.

    Internal

    • Organization – Allianz is a holding company that owns Allianz Technology and 25 operating entities across Europe. It uses the technology arm to innovate on the business process and creates shared platforms that its entities can integrate with to automate across the value chain.
    • Process – Initial interest in smart contracts on blockchain were funneled into a student competition, where a proof of concept was developed. Allianz partnered with a startup to develop an MVP, then developed the platform while aligning with its business units ahead of launch.
    • Technology – Allianz built its blockchain platform on Hyperledger Fabric because it was a permissioned system, unlike other public permissionless blockchains such as Ethereum, and because its mining mechanism was much more energy efficient compared to other blockchains using Proof of Work consensus models.

    Resources Applied

    Time to innovate

    Exploring emerging technology for potential use cases is difficult for staff tasked with running day-to-day operations. Organizations serious about innovation create a separate team that can focus on “moonshot” projects and connect with external partners.

    Long-term ROI

    Automation of new business processes often requires a high upfront initial investment for a long-term efficiency gain. A proof of concept should demonstrate clear business value that can be repeated often and for a long period.

    “My next project has to deliver in the tens of millions of value in return. The bar is high and that’s what it should be for a business of our size.” (Bob Crozier, Allianz)

    Allianz

    • Several operating entities from different countries supplied subject matter expertise and helped with the testing process.
    • Allianz Technology team has eight staff members. It is augmented by Luther Systems and the team at industry group B3i.
    • Funding of less than $5 million to develop. Dev team continues to add improvements.
    • Operating requires just one full-time employee plus infrastructure costs, mostly for public cloud hosting.

    Outcomes at Allianz

    From insurer to platform provider

    Deliver your own SaaS: Allianz Technology built its blockchain-based claims settlement platform and its subsidiaries consume it as software as a service. The platform runs on a distributed architecture across Europe, with each node running the same version of the software. Operating entities can also integrate their own systems to the platform via APIs and further automate business processes such as billing.

    Ready to scale: After processing one million transactions, the international claims settlement platform is proven and ready to add more participants. Crozier sees auto repair shops and auto manufacturers as the next logical users.

    Stock photo of Blockchain.
    Allianz is a shareholder of the Blockchain Insurance Industry Initiative (B3i). It is providing a platform used by a group of insurance companies in the commercial and reinsurance space.

    When should we use blockchain? THREE key criteria:

    • Redundant processes
      Different entities follow the same process to achieve the desired outcome.
    • Audit trail
      Accountability in the decision making must be documented.
    • Reconciliation
      Parties need to be able to resolve disputes by tracing back to the truth.

    From Priorities to Action

    It’s a build vs. buy question for platforms

    Allianz was able to build a platform for its group of European subsidiaries because of its established digital factory and commitment to innovation. Allianz Technology is at the “innovate” level of IT maturity, allowing it to create a platform that subsidiaries can integrate with via APIs. For firms that are lower on the IT maturity scale, buying a platform solution is the better path to automation. These firms will be concerned with integrating their legacy systems to platforms that can reduce the friction of their operating environments and introduce modern new capabilities.

    From Info-Tech’s Build a Winning Business Process Automation Playbook

    An infographic comparing pros and cons of Build versus Buy. On the 'Build: High Delivery Capacity & Capability' side is 'Custom Development', 'Data Integration', 'AI/ML', 'Configuration', 'Native Workflow', and 'Low & No Code'. On the 'Buy: Low Delivery Capacity & Capability' side is 'Outsource Development', 'iPaaS', 'Chatbots', 'iBPMS & Rules Engines', 'RPA', and 'Point Solutions'.

    Take the next step

    Accelerate Your Automation Processes
    Integrate automation solutions and take the first steps to building an automation suite.

    Build Effective Enterprise Integration on the Back of Business Process
    From the backend to the frontlines – let enterprise integration help your business processes fly.

    Evolve Your Business Through Innovation
    Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.

    “Innovation” gap between importance and effectiveness Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Innovation' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Prepare to report on new environmental, social, and governance (ESG) metrics

    Priority 05 | ITRG06 Business Intelligence and Reporting

    Be ready to either lead or support initiatives to meet the criteria of new ESG reporting mandates and work toward disclosure reporting solutions.

    Time to get serious about ESG

    What does CSR or ESG mean to a CIO?

    Humans are putting increasing pressure on the planet’s natural environment and creating catastrophic risks as a result. Efforts to mitigate these risks have been underway for the past 30 years, but in the decade ahead regulators are likely to impose more strict requirements that will be linked to the financial value of an organization. Various voluntary frameworks exist for reporting on environmental, social, and governance (ESG) or corporate social responsibility (CSR) metrics. But now there are efforts underway to unify and clarify those standards.

    The most advanced effort toward a global set of standards is in the environmental area. At the United Nations’ COP26 summit in Scotland last November, the International Sustainability Standards Board (ISSB) announced its headquarters (Frankfurt) and three other international office locations (Montreal, San Francisco, and London) and its roadmap for public consultations. It is working with an array of voluntary standards groups toward a consensus.

    In Info-Tech’s 2022 Tech Trends survey, two-thirds of CIOs say their organization is committed to reducing greenhouse gas emissions, yet only 40% say their organizational leadership is very concerned with reducing those emissions. CIOs will need to consider how to align organizational concern with internal commitments and new regulatory pressures. They may investigate new real-time reporting solutions that could serve as a competitive differentiator on ESG.

    Standards informing the ISSB’s global set of climate standards

    A row of logos of organizations that inform ISSB's global set of climate standards.

    67% of CIOs say their organization is committed to reducing greenhouse gases, with one-third saying that commitment is public. (Info-Tech Tech Trends 2022 Survey)

    40% of CIOs say their organizational leadership is very concerned with reducing greenhouse gas emissions.

    David W. Dorman

    Chairman of the board, CVS Health

    “ESG is a question of what you do in the microcosm of your company to make sure there is a clear, level playing field – that there is a color-blind, gender-blind meritocracy available – that you are aware that not in every case can you achieve that without really focusing on it. It’s not going to happen on its own. That’s why our commitments have real dollars behind them and real focus behind them because we want to be the very best at doing them.”

    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Listen to the Tech Insights podcast:
    CVS Health chairman David Dorman on healthcare's hybrid future

    Internal interpretation: CVS Health

    CVS Health established a new steering committee of senior leaders in 2020 to oversee ESG commitments. It designs its corporate social responsibility strategy, Transform Health 2030, by aligning company activities in four key areas: healthy people, healthy business, healthy planet, and healthy community. The strategy aligns with the United Nations’ Sustainable Development Goals. In alignment with these goals, CVS identifies material topics where the company has the most ability to make an impact. In 2020, its top three topics were:

    1. Access to quality health care
    2. Patient and customer safety
    3. Data protection and privacy
    Material Topic
    Access to quality health care
    Material Topic
    Patient and customer safety
    Material Topic
    Data protection and privacy
    Technology Initiative
    MinuteClinic’s Virtual Collaboration for Nurses

    CVS provided Apple iPads compliant with the Health Insurance Portability and Accountability Act (HIPAA) to clinics in a phased approach, providing training to more than 700 providers in 26 states by February 2021. Nurses could use the iPads to attend virtual morning huddles and access clinical education. Nurses could connect virtually with other healthcare experts to collaborate on delivering patient care in real-time. The project was able to scale across the country through a $50,000 American Nurses Credentialing Center Pathway Award. (Wolters Kluwer Health, Inc.)

    Technology Initiative
    MinuteClinic’s E-Clinic

    MinuteClinics launched this telehealth solution in response to the pandemic, rolling it out in three weeks. The solution complemented video visits delivered in partnership with the Teladoc platform. Visits cost $59 and are covered by Aetna insurance plans, a subsidiary of CVS Health. It hosted more than 20,000 E-Clinic visits through the end of 2020. CVS connected its HealthHUBs to the solution to increase capacity in place of walk-in appointments and managed patients via phone for medication adherence and care plans. CVS also helped behavioral health providers transition patients to virtual visits. (CVS Health)

    Technology Initiative
    Next Generation Authentication Platform

    CVS patented this solution to authenticate customers accessing digital channels. It makes use of the available biometrics data and contextual information to validate identity without the need for a password. CVS planned to extend the platform to voice channels as well, using voiceprint technology. The solution prevents unauthorized access to sensitive health data while providing seamless access for customers. (LinkedIn)

    Implications: Organization, Process, Technology

    External

    • Organization – Since the mid-2010s, younger investors have demonstrated reliance on ESG data when making investment decisions, resulting in the creation of voluntary standards that offered varied approaches. Organizations in ESG exchange-traded funds are outperforming the overall S&P 500 (S&P Global Market Intelligence).
    • Process – Organizations are issuing ESG reports today despite the absence of clear rules to follow for reporting results. With regulators expected to step in to establish more rigid guidelines, many organizations will need to revisit their approach to ESG reports.
    • Technology – Real-time reporting of ESG metrics will become a competitive advantage before 2030. Engineering a solution that can alert organizations to poor performance on ESG measures and allow them to respond could avert losing market value.

    Internal

    • Organization – CVS Health established an ESG Steering Committee in 2020 composed of senior leaders including its chief governance officers, chief sustainability officer, chief risk officer, and controller and SVP of investor relations. It is supported by the ESG Operating Committee.
    • Process – CVS conducts a materiality assessment in accordance with Global Reporting Initiative standards to determine the most significant ESG impacts it can make and what topics most influence the decisions of stakeholders. It engages with various stakeholder groups on CSR topics.
    • Technology – CVS technology initiatives during the pandemic focused on supporting patients and employees in collaborating on health care delivery using virtual solutions, providing rich digital experiences that are easily accessible while upholding high security and privacy standards.

    Resources Applied

    Lack of commitment

    While 83% of businesses state support for the Sustainable Development Goals outlined by the Global Reporting Initiative (GRI), only 40% make measurable commitments to their goals.

    Show your work

    The GRI recommends organizations not only align their activities with sustainable development goals but also demonstrate contributions to specific targets in reporting on the positive actions they carry out. (GRI, “State of Progress: Business Contributions to the SDGS.”)

    “We end up with a longstanding commitment to diversity because that’s what our customer base looks like.” (David Dorman, CVS Health)

    CVS Health

    • The MinuteClinic Virtual Collaboration solution was piloted in Houston, demonstrated success, and won additional $50,000 funding from the Pathway to Excellence Award to scale the program across the country (Wolters Kluwer Health, Inc.).
    • The Next-Gen Authentication solution is provided by the vendor HYPR. It is deployed to ten million users and looking to scale to 30 million more. Pricing for enterprises is quoted at $1 per user, but volume pricing would apply to CVS (HYPR).

    Outcomes at CVS Health

    Delivering on hybrid healthcare solutions

    iPads for collaboration: Healthcare practitioners in the MinuteClinic Virtual Collaboration initiative agreed that it improved the use of interprofessional teams, working well virtually with others, and improved access to professional resources (Wolters Kluwer Health, Inc.)

    Remote healthcare: Saw a 400% increase in MinuteClinic virtual visits in 2020 (CVS Health).

    Verified ID: The Next Generation Authentication platform allowed customers to register for a COVID-19 vaccination appointment. CVS has delivered more than 50 million vaccines (LinkedIn).

    Stock photo of a doctor with an iPad.
    CVS Health is making use of digital channels to connect its customers and health practitioners to a services platform that can supplement visits to a retail or clinic location to receive diagnostics and first-hand care.

    From Priorities to Action

    Become your organization’s ESG Expert

    The risks posed to organizations and wider society are becoming more severe, driving a transition from voluntary frameworks for ESG goals to a mandatory one that’s enforced by investors and governments. Organizations will be expected to tie their core activities to a defined set of ESG goals and maintain a balance sheet of their positive and negative impacts. CIOs should become experts in ESG disclosure requirements and recommend the steps needed to meet or exceed competitors’ efforts. If a leadership vacuum for ESG accountability exists, CIOs can either seek to support their peers that are likely to become accountable or take a leadership role in overseeing the area. CIOs should start working toward solutions that deliver real-time reporting on ESG goals to make reporting frictionless.

    “If you don’t have ESG oversight at the highest levels of the company, it won’t wind up getting the focus. That’s why we review it at the Board multiple times per year. We have an annual report, we compare how we did, what we intended to do, where did we fall short, where did we exceed, and where we can run for daylight to do more.” (David Dorman, CVS Health)

    Take the next step

    ESG Disclosures: How Will We Record Status Updates on the World We Are Creating?
    Prepare for the era of mandated environmental, social, and governance disclosures.

    Private Equity and Venture Capital Growing Impact of ESG Report
    Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

    “Business Intelligence and Reporting” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'BI and Reporting' gap between importance and effectiveness. The difference is marked as Delta 2.4.

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Contributing Experts

    Elizabeth Clark

    CIO, Harvard Business School
    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage
    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE
    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    David W. Dorman

    Chairman of the Board, CVS Health
    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Info-Tech’s internal CIO panel contributors

    • Bryan Tutor
    • John Kemp
    • Mike Schembri
    • Janice Clatterbuck
    • Sandy Silk
    • Sallie Wright
    • David Wallace
    • Ken McGee
    • Mike Tweedie
    • Cole Cioran
    • Kevin Tucker
    • Angelina Atkins
    • Yakov Kofner
    Photo of an internal CIO panel contributor. Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.

    Thank you for your support

    Logo for the Blockchain Research Institute.
    Blockchain Research Institute

    Bibliography – CIO Priorities 2022

    “2020 Corporate Social Responsibility Report.” CVS Health, 2020, p. 127. Web.

    “Adversary: Doppel Spider - Threat Actor.” Crowdstrike Adversary Universe, 2021. Accessed 29 Dec. 2021.

    “Aetna CVS Health Success Story.” HYPR, n.d. Accessed 6 Feb. 2022.

    Baig, Aamer. “The CIO agenda for the next 12 months: Six make-or-break priorities.” McKinsey Digital, 1 Nov. 2021. Web.

    Ball, Sarah, Kristene Diggins, Nairobi Martindale, Angela Patterson, Anne M. Pohnert, Jacinta Thomas, Tammy Todd, and Melissa Bates. “2020 ANCC Pathway Award® winner.” Wolters Kluwer Health, Inc., 2021. Accessed 6 Feb. 2022.

    “Canadian Universities Propose Designs for a Central Bank Digital Currency.” Bank of Canada, 11 Feb. 2021. Accessed 14 Dec. 2021.

    “Carbon Sequestration in Wetlands.” MN Board of Water and Soil Resources, n.d. Accessed 15 Nov. 2021.

    “CCM Honored as a NorthCoast 99 Award Winner.” CrossCountry Mortgage, 1 Dec. 2021. Web.

    Cheek, Catherine. “Four Things We Learned About the Resignation Wave–and What to Do Next.” Visier Inc. (blog), 5 Oct. 2021. Web.

    “Companies Using Hyperledger Fabric, Market Share, Customers and Competitors.” HG Insights, 2022. Accessed 25 Jan. 2022.

    “IFRS Foundation Announces International Sustainability Standards Board, Consolidation with CDSB and VRF, and Publication of Prototype Disclosure Requirements.” IFRS, 3 Nov. 2021. Web.

    “IT Priorities for 2022: A CIO Report.” Mindsight, 28 Oct. 2021. Web.

    “Job Openings and Labor Turnover Survey.” Databases, Tables & Calculators by Subject, U.S. Bureau of Labor Statistics, 2022. Accessed 9 Feb. 2022.

    Kumar, Rashmi, and Michael Krigsman. “CIO Planning and Investment Strategy 2022.” CXOTalk, 13 Sept. 2021. Web.

    Leonhardt, Megan. “The Great Resignation Is Hitting These Industries Hardest.” Fortune, 16 Nov. 2021. Accessed 7 Jan. 2022.

    “Most companies align with SDGs – but more to do on assessing progress.” Global Reporting Initiative (GRI), 17 Jan. 2022. Web.

    Navagamuwa, Roshan. “Beyond Passwords: Enhancing Data Protection and Consumer Experience.” LinkedIn, 15 Dec. 2020.

    Ojo, Oluwaseyi. “Achieving Digital Business Transformation Using COBIT 2019.” ISACA, 19 Aug. 2019. Web.

    “Priority.” Lexico.com, Oxford University Press, 2021. Web.

    Riebold, Jan, and Yannick Bartens. “Reinventing the Digital IT Operating Model for the ‘New Normal.’” Capgemini Worldwide, 3 Nov. 2020. Web.

    Samuels, Mark. “The CIO’s next priority: Using the tech budget for growth.” ZDNet, 1 Sept. 2021. Accessed 1 Nov. 2021.

    Sayer, Peter. “Exclusive Survey: CIOs Outline Tech Priorities for 2021-22.” CIO, 5 Oct. 2021. Web.

    Shacklett, Mary E. “Where IT Leaders Are Likely to Spend Budget in 2022.” InformationWeek, 10 Aug. 2021. Web.

    “Table 4. Quits Levels and Rates by Industry and Region, Seasonally Adjusted - 2021 M11 Results.” U.S. Bureau of Labor Statistics, Economic News Release, 1 Jan. 2022. Accessed 7 Jan. 2022.

    “Technology Priorities CIOs Must Address in 2022.” Gartner, 19 Oct. 2021. Accessed 1 Nov. 2021.

    Thomson, Joel. Technology, Talent, and the Future Workplace: Canadian CIO Outlook 2021. The Conference Board of Canada, 7 Dec. 2021. Web.

    “Trend.” Lexico.com, Oxford University Press, 2021. Web.

    Vellante, Dave. “CIOs signal hybrid work will power tech spending through 2022.” SiliconANGLE, 25 Sept. 2021. Web.

    Whieldon, Esther, and Robert Clark. “ESG funds beat out S&P 500 in 1st year of COVID-19; how 1 fund shot to the top.” S&P Global Market Intelligence, April 2021. Accessed Dec. 2021.

    Build an ITSM Tool Implementation Plan

    • Buy Link or Shortcode: {j2store}486|cart{/j2store}
    • member rating overall impact (scale of 10): 7.5/10 Overall Impact
    • member rating average dollars saved: $9,246 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Selecting the Wrong Resources: You need ITSM technology and process experts, because this is not just a technology project, but also a process improvement opportunity.
    • Over-Reliance on the Vendor to Optimize Your Tool: Yes, the vendor will typically install and set up the tool, but they will not fix your processes for you.
    • Not Preparing for Data Migration: Data migration is complex. You need to determine what data to migrate, if any, and how that data will be mapped to the new environment.
    • Insufficient IT and End-User Training: A link to the ITSM tool manual is not enough. Staff and users need training on how your processes will be executed in the new tool.

    Our Advice

    Critical Insight

    • Start with the assumption you don’t need to migrate old data.
    • ITSM tools are designed to support ITIL best practices.
    • Implement your new tool in stages to manage scope.

    Impact and Result

    • Ability to plan and scope the project to avoid or reduce last-minute chaos.
    • Opportunity to review and optimize processes as part of the ITSM tool implementation project.
    • Improved project management, and therefore, better cost and effort estimates, by identifying required tasks upfront.

    Build an ITSM Tool Implementation Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an ITSM Tool Implementation Plan Deck – An implementation guide that walks you through the steps to ensure the tool delivers business value.

    There may be hundreds of parameters to define and decisions to make, so identifying the full list of tasks early is critical for the success of the implementation project.

    • Build an ITSM Tool Implementation Plan – Phases 1-3

    2. ITSM Tool Project Charter Template – A charter to document your project scope, milestones, stakeholders, risks etc. to kick-off and manage your project.

    This project charter document summarizes the Project Overview (Description, background, drivers, and objectives), Governance and Management (Project stakeholders/roles, budget, and dependencies), and Risk, Assumptions, and Constraints (Known and potential risks and mitigation strategy).

    • ITSM Tool Implementation Project Charter Template

    3. ITSM Tool Implementation Checklist – A tool to help identify the most common decisions you will need to make and prepare for your implementation project.

    The checklists in this tool identify the most common decisions and preparation you will need to make to support the implementation for the ITSM modules that we recommend are set up first: incident management and service requests; change management; and asset management. Use these checklists as a model to follow for any additional ITSM modules you plan to implement, and refer to Info-Tech's blueprints for each service management topic for additional guidance.

    • ITSM Tool Implementation Checklist

    4. ITSM Tool Deployment Plan Template – A tool to help prioritize and prepare for tool rollout plan.

    This deployment plan documents the strategy and decisions made for making the transition to the new ITSM tool, and the details to execute the cutover to a live environment, including how, when, where.

    • ITSM Tool Deployment Plan Template

    5. ITSM Tool Training Schedule – Use the tool to create your new tool training roadmap.

    This template is a guide for creating a training and communication plan as part of the implementation project for your ITSM tool. Use the template to document and plan the communications and training needs prior to deployment of the new tool.

    • ITSM Tool Training Schedule

    Infographic

    Further reading

    Build an ITSM Tool Implementation Plan

    Plan ahead with a step-by-step approach to ensure the tool delivers business value.

    EXECUTIVE BRIEF

    Analyst perspective

    Take control of the wheel or you might end up in a ditch.

    The image contains a picture of Frank Trovato.

    An ITSM tool implementation is a complex project with direct impact on IT’s ability to support the business. With that level of risk, you need to take control early on.

    Yes, your vendor will support or execute the technical implementation, but they depend on you to tell them how to configure ITSM parameters and workflows that affect user interface, the ability to manage incidents, and governance over assets and IT changes.

    If you leave the configuration completely to the vendor, at best you might get the same setup as in your old tool (and not realize the benefits that leadership is expecting). At worst you end up with default values that don’t fit your process needs, i.e., confusion and not realizing expected benefits.

    A successful implementation requires early planning from a wide range of resources including ITSM tool experts (supported by the vendor), process experts, and a project manager to methodically step through the hundreds of parameters you will need to define before implementation.

    Frank Trovato
    Research Director, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Leadership has invested significantly in a new ITSM tool and expects to see the benefits they were promised by the vendor and the procurement team.

    The ITSM project team needs to balance leadership expectations with the direct impact this project will have on IT staff and end users.

    Implementing an ITSM tool is a large project that is often highly complex in part because it requires input from a wide range of stakeholders: IT staff, end users, senior management, and vendors.

    A new ITSM tool will change how IT staff work and how users are serviced, and change is always difficult.

    Finally, implementing the new tool requires a migration from an existing tool without a pause in IT service availability. Incidents don’t take a week off while you execute the final product rollout.

    There may be hundreds of parameters to define and decisions to make, so identifying the full list of tasks early is critical to:

    • Identify the necessary stakeholders to provide input into implementation decisions.
    • Properly define scope and timelines.
    • Take advantage of the opportunity to review and improve processes as part of defining what will need to be configured in the new ITSM tool.

    Info-Tech Insight

    As with any large project, a key step is tackling it one bite at a time – but also understanding the size of the whole meal. This is where organizations often fail with ITSM implementations: not understanding upfront the volume of work required for a successful implementation.

    Your Challenge

    Organizations implementing a new ITSM tool often face these pitfalls:

    • Selecting the Wrong Resources: You need ITSM technology and process experts, because this is not just a technology project but also a process improvement opportunity. You will need to configure ITSM parameters and workflows in the new tool – which directly affects processes. Take advantage of that opportunity to fix pain points. For example, if your existing ticket categories are not effective, implement a better categorization scheme rather than just configure the same old, ineffective scheme.
    • Over-Reliance on the Vendor to Optimize Your Tool: Yes, the vendor will typically install and set up the tool but they will not fix your processes for you. On installation day, if you are not prepared with the categories, ticket templates, and so on that you wish to configure, your vendor will just go with the default or migrate your old parameters from your old ITSM tool.
    • Not Preparing for Data Migration: Data migration is complex. You need to determine what data to migrate, if any, and how that data will be mapped to the new environment. That takes planning and must be defined well before the vendor is ready to implement your tool.
    • Insufficient IT and End-User Training: A link to the ITSM tool manual is not enough. Staff and users need training on how your processes will be executed in the new tool.

    A survey of implementation challenges for ServiceNow’s customers

    26% Resistance to change

    43% Lacked a clear roadmap

    38% Planning for resources

    Source: Acorio, 2019

    Info-Tech’s approach

    Divide the implementation project into controllable phases for an effective implementation.

    Plan

    Define the scope of your project, identify and get buy-in from your stakeholders, and establish a timeframe for the implementation.

    Design & Build

    Identify existing process challenges and design workflows and ticket management to improve processes. Make decisions on data migrations and integrations for your new tool.

    Deploy & Train

    Create a rollout plan and communicate changes and improvements to users. Plan for the new tool deployment and monitor your solution.

    STOP: Use this blueprint after you have selected an ITSM solution

    Leverage our SoftwareReviews service and related blueprints to assist with ITSM tool selection, and then use this blueprint to plan the implementation.

    1. Evaluate solutions

    2. Select and purchase

    3. Implement (use this blueprint)

    Use our SoftwareReviews resources to evaluate solutions and vendors based on criteria such as features and customer service. Below are links to our ITSM software reviews:

    Use the following resources to help you make the case for funding and execute the purchase process:

    Your ITSM vendor or systems integrator will lead the technical implementation (e.g. software install and integration).

    As a result, your implementation plan needs to focus on preparing the information needed for implementation (e.g. ticket categories, workflow requirements) and organizational change management.

    This blueprint provides a methodology, checklist, and supporting templates to prepare for the implementation.

    Info-Tech’s methodology to build an ITSM Tool Implementation Plan

    1. Identify Scope, Stakeholders, and Preliminary Timeline

    2. Prepare to Implement Incident Management and Service Request Modules

    3. Create a Deployment Plan (Communication, Training, Rollout)

    Phase Steps

    1.1 Document define scope

    1.2 Define roles and responsibilities

    1.3 Identify preliminary timeline

    2.1 Review your existing solution and challenges

    2.2 Plan ticket management and workflow implementation

    2.3 Plan data migration, knowledgebase setup, and integrations

    2.4 Plan the module rollout

    3.1 Create a communication plan (for IT, users, and business leaders)

    3.2 Create a training plan

    3.3 Plan how you will deploy, monitor, and maintain the solution

    Phase Outcomes

    • RACI chart outlining high-level accountability and responsibilities for the project
    • Documenting timeline and team for the implementation project
    • ITSM tool implementation checklist
    • Strategy and identified opportunities to implement incident and service request modules
    • Documented communications and targeted training plan
    • Completed rollout plan and prepared to monitor your success metrics

    Insight summary

    Start with the assumption you don’t need to migrate old data

    ITSM tools are designed to support ITIL best practices

    Implement your new tool in stages to manage scope

    We all love data. We love being able to run reports showing trends, measuring changes over time, and highlighting pain points – but is your data from five years ago relevant to those assessments? Can you get by with just migrating open tickets and perhaps just the last year of critical tickets?

    Be ruthless in deciding what really needs to be in your active system to support incident matching, troubleshooting, or ongoing reporting.

    If you can’t make a strong case, don’t waste your time on old data. Remember, you can still save an exported copy or report of your old data if the need arises to search historical records.

    For organizations lacking process maturity, the tool’s default settings will often provide a good starting point. For example, a good ITSM tool will typically already be configured to follow best practices such as:

    • Separating incidents from service requests
    • Assigning resolution codes to solved tickets
    • Enabling routing based on categories

    Within those defaults, you will still need to decide your specific parameters – e.g. what your categories and resolution codes should be – so don’t blindly follow default settings but use them as a starting point.

    Start with the incident management and service requests modules. Those are typically the core of IT service management operations, so that should help realize benefits from the new tool sooner. In addition, incident management and service requests processes will support other ITSM processes such as asset management and problem management.

    Once those modules are implemented successfully (from a technology and process perspective), then start to implement your next core module (e.g. asset or change management), and continue to build from there.

    Blueprint deliverables

    This blueprint includes tools and templates to help you accomplish your goals:

    ITSM Tool Implementation Checklist

    Identify the most common decisions you will need to make and prepare for your implementation project.

    ITSM Tool Project Charter Template

    Review and edit the template to suit your project requirements

    The image contains a screenshot of the ITSM Tool Project Charter Template.
    The image contains screenshots of the ITSM Tool Implementation Checklist.

    ITSM Tool Deployment Plan Template

    Prioritize and prepare tool rollout plan

    The image contains a screenshot of the ITSM Tool Deployment Plan Template.

    ITSM Tool Training Schedule

    Use the checklist to create your new tool training roadmap

    The image contains a screenshot of the ITSM Tool Training Schedule.

    Blueprint benefits

    Benefits for IT

    Benefits for the business

    • Checklists and templates to support a smoother transition to the new ITSM tool.
    • Opportunity to review and optimize processes as part of the ITSM tool implementation project. A new tool with the same old processes will not achieve expected benefits.
    • Ability to plan and scope the project to avoid or reduce last-minute chaos.
    • Better planning means better results – specifically, ensuring that the implementation takes into account targeted business benefits.
    • Improved project management, and therefore better cost and effort estimates, by identifying required tasks upfront. This also provides the opportunity to re-scope or adjust timelines based on estimated effort.
    • Higher end-user satisfaction by executing a well-organized ITSM tool implementation.

    Measured value from using this blueprint

    Use this guide as an example to calculate your total cost savings from the ITSM tool implementation project.

    Phase 1

    Identify Scope, Stakeholders, and Preliminary Timeline

    Time, value, and resources saved by using Info-Tech’s methodology to define scope and plan your project

    E.g. 2 FTEs * 6 days * $80,000/year = $4,000/-

    Phase 2

    Prepare to Implement Incident Management and Service Request Modules

    Time, value, and resources saved by using Info-Tech’s methodology to build your solution strategy and determine configurations

    E.g. 2 FTEs * 8 days * $80,000/year = $5,400/-

    Phase 3

    Create a Deployment Plan (Communication, Training, Rollout)

    Time, value, and resources saved by using Info-Tech’s methodology to establish an effective communications roadmap and deploy tool

    E.g. 2 FTEs * 6 days * $80,000/year = $4,000/-

    Total Savings

    Total Savings

    Phase 1 + Phase 2 + Phase 3 = $13,400

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    Phase 1 Phase 2 Phase 3

    Call #1: Define scope, roles, responsibilities and timeline.

    Call #2: Review your existing solution and challenges.

    Call #3: Plan ticket management and workflow implementation.

    Call #4: Plan data migration, knowledgebase setup, and integrations.

    Call #5: Plan the module rollout.

    Call #6: Create a communication plan.

    Call #7: Create a training plan.

    Call #8: Plan how you will deploy, monitor, and maintain the solution.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 6 to 8 calls over the course of 3 to 6 months.

    Phase 1

    Identify Stakeholders, Scope, and Preliminary Timeline

    Phase 1 Phase 2 Phase 3

    Identify Stakeholders, Scope, and Preliminary Timeline

    Prepare to Implement Incident Management and Service Request Modules

    Create a Deployment Plan (Communication, Training, Rollout)

    This phase will walk you through the following steps:

    1. Define scope
    2. Define roles and responsibilities
    3. Identify preliminary timeline

    Step 1.1

    Define scope

    Activities

    1.1.1

    Use the Project Charter Template to capture project parameters

    1.1.2

    Leverage the Implementation Checklist to guide your preparation

    1.1.3

    Review goals that drove the ITSM tool purchase

    1.1.4

    Interview ITSM staff to identify current tool challenges and support organizational change management

    1.1.5

    Identify the modules and features you will plan to implement

    1.1.6

    Determine if data migration is required

    This step will walk you through the following activities:

    • Define the scope of the implementation project
    • Establish the future processes and functionalities the tool will support

    This step involves the following participants:

    • CIO
    • IT Director/Manager
    • Service Manager
    • Project Manager and the project team

    Outcomes of this step

    • Specifying the implementation project
    • Identifying the business units that are needed to support the project
    • Defining the ongoing and future service management processes the tool will support

    1.1.1 Use the Project Charter Template to capture scope, stakeholders, and timeline as outlined in Phase 1

    Follow the instructions in Phase 1 (step 1.1, 1.2, and 1.3) to gather information needed to create a project charter to define project parameters.

    Specific subsections are listed below and described in more detail in the remainder of this phase.

    1. Project Overview: Includes deliverables, scope, milestones, and success metrics.
    2. Governance and Management: Includes roles, responsibilities, and resource requirements.
    3. Project Risks, Assumptions, and Constraints: Includes risks and mitigation strategies as well as any assumptions and constraints.
    4. Project Sign-Off: Includes IT and executive sign-off (if required).

    The image contains a screenshot of the Project Charter Template.

    Download the ITSM Tool Implementation Project Charter Template

    1.1.2 Leverage the Implementation Checklist to guide your preparation

    The checklist tabs align to each phase of this blueprint.

    • Phase 1 (Tab 1) – Identify Stakeholders, Scope, and Preliminary Timeline
    • Phase 2 (Tab 2) – Prepare to Implement Incident Management and Service Request Modules
    • Phase 3 (Tabs 3+4) – Prepare to Implement Additional ITSM Modules (e.g. Change Management)
    • Phase 4 (deployment section in each tab) – Create a Deployment Plan (Communication, Training, Rollout)

    The image contains screenshots from the Implementation Checklist.

    Download the ITSM Tool Implementation Checklist

    1.1.3 Review goals that drove the ITSM tool purchase

    Identify the triggers for the selection and implementation of your new ITSM tool.

    Whether this is your first ITSM tool or a replacement for your old tool, the project was likely triggered by pain points that must be addressed by the new tool to improve your service desk. Having a clear understanding of these pain points throughout the implementation of your new tool will help to prevent them from reoccurring.

    Common ITSM pain points include:

    1. Poor communication with end users on ticket status.
    2. Lack of SLA automation to escalate issues to the appropriate channels.
    3. Poor self-service options for end users to perform simple requests on their own.
    4. Undeveloped knowledgebase for users to find answers to common issues.
    5. Lack of reporting or mistrust in reporting data.
    6. Lack of automation, including ticket templates.
    7. Overcomplicated ticket categories resulting in categories being misused.
    8. Overconfiguration prevents future upgrades.
    9. Lack of integration with other tools.

    If you haven't already selected an ITSM tool, leverage the IT Service Management Selection Guide to select the right tool.

    Download the IT Service Management Selection Guide

    1.1.4 Plan to interview staff to support organizational change management

    Identify challenges with the existing tool and processes as well as potential objections to the new tool.

    Incorporate this feedback in the implementation to drive buy-in and a successful rollout.

    Implementing a new ITSM tool will force changes in how IT staff do their work:

    • At a minimum, it means learning a new interface.
    • It could also mean leveraging features that improve IT operations but could change the process or tasks for the staff.
    • Their input on the current tool and process challenges can be critical for the project.
    • Solving at least some of their challenges can help bring them onboard to use this tool properly and follow associated process changes.

    Info-Tech Insight

    Keep management in the loop through every stage of the implementation process. They are the ones who are paying for the software, so they need to be informed throughout implementation and feel that their needs and feedback are being heard to prevent pushback further into the implementation.

    1.1.5 Identify the modules and features you will plan to implement

    Consider these factors when deciding what modules and features you want to implement:

    • Specific ITSM modules based on the recommended order and any unique business requirements
    • Key features that drove the tool purchase and address key issues
    • High-level process changes needed to address challenges and realize expected benefits from the new ITSM tool (e.g. if a key goal was automated ticket routing based on categories, then the project needs to include developing a good categorization scheme)

    Recommended order for implementation:

    1. Incident Management and Service Request
    2. This is the core of service management and typically has the highest impact on the organization. Include knowledgebase development as part of this implementation.

    3. Change Management
    4. A foundational component of service management, it allows organizations to minimize disruptions to IT services when making changes to services and critical systems.

    5. Asset Management
    6. A foundational component of service management, it allows organizations to track their assets’ locations, how they are used, and when changes are made to them.

    1.1.6 Determine if data migration is required

    If you are switching from a previous ITSM tool, carefully weigh the pros and cons as well as the necessity of migrating historical transactional data before deciding to import it into the new tool.

    Importing your old transactional data will allow you to track metrics over time, which can be valuable for data analysis and reporting purposes.

    However, ask yourself what the true value of your data is before you import it.

    You will not get value out of migrating the old data if:

    • You have incomplete or inaccurate data (a high percentage of incidents did not have tickets created in the old system).
    • The categorization of your old tickets was not useful or was used inconsistently.
    • You plan on changing the ticket categorization in the new system.

    “Don’t debate whether you can import your old data until you’ve made sure that you should.”

    – Barry Cousins, Practice Lead at Info-Tech Research Group

    Info-Tech Insight

    If you decide to migrate your data, keep in mind that it can be a complex process and proper time should be budgeted for planning, structuring the data, and importing and testing it.

    Step 1.2

    Define roles and responsibilities

    Activities

    1.2.1

    Key internal roles and responsibilities

    1.2.2

    Key external roles and responsibilities

    This step involves the following participants:

    • CIO
    • IT Director/Manager
    • Service Manager
    • Project Manager and the project team

    Outcomes of this step

    • Decision on whether to hire professional services for the implementation
    • Clearly defined roles and responsibilities for the project

    1.2.1 Identify key internal roles and responsibilities

    Review the tasks outlined in the Implementation Checklist to help you identify appropriate roles and specific staff that will be needed to execute this project.

    Project Role

    Description

    RACI

    Assigned To

    Executive Sponsor

    Liaison with the executive team (the CIO would be a good candidate for this role).

    Accountable for project completion.

    Approves resource allocation and funding.

    A, C

    Name(s)

    Project Manager

    Manages the project schedule, tasks, and budget.

    May act as a liaison between executives and the project-level team.

    R

    Name(s)

    Product Owner

    Liaison with the vendor.

    SME for the new tool.

    Provides input to tool configuration decisions.

    Manages the tool post-implementation.

    R

    Name(s)

    Process Owners

    Define current processes.

    Provide input to identifying current-state process challenges to address and potential changes as part of the new tool implementation.

    R

    Name(s)

    Service Desk Manager

    Provides input to tool configuration decisions.

    Manages and trains service desk agents to use new tool and processes.

    R

    Name(s)

    ITSM Tool Core Users (e.g. Service Desk Technicians)

    Provide input to identifying current-state process challenges to address.

    Provide input to tool configuration decisions.

    C

    Name(s)

    RACI = Responsible, Accountable, Consulted, and Informed

    Assign individuals to roles through each step of the implementation project in the governance and management chart in the Project Charter Template.

    Download the Project Charter Template

    1.2.2 Key external roles and responsibilities

    Determine whether you will engage professional services for the implementation.

    There are three main ways to implement your ITSM tool

    Implemented in-house by own staff

    Implemented using a combination of your own staff and your ITSM tool vendor

    Implemented by professional services and your ITSM tool vendor

    DIY Implementation

    Adopting a DIY implementation approach can save money but could draw out your implementation timeline and increase the likelihood of errors. Carefully consider your integration environment to determine your resourcing capabilities and maturity.

    Vendor Implementation

    In most cases, your vendor will support or execute the technical implementation based on your requirements. Use this blueprint to help you define those requirements.

    Professional Services

    Opting for professional services may result in a shorter implementation period and fewer errors but may also deny your IT staff the opportunity to develop the skills necessary to maintain and configure the solution in the future.

    Clarify the role of the professional services vendor before acquiring their services to make sure your expectations are aligned. For example, are you hiring the vendor for tool installation, tool configuration, or tool customization or for training your end users?

    Step 1.3

    Identify preliminary timeline

    Activities

    1.3.1

    Identify preliminary internal target dates

    1.3.2

    Identify target dates for vendor involvement

    This step involves the following participants:

    • CIO
    • IT Director/Manager
    • Service Manager
    • Project Manager and the project team

    Outcomes of this step

    • Specifying the target dates for the implementation project

    1.3.1 Identify preliminary internal target dates

    Identify high-level start and end dates based on the following:

    • Existing process maturity
    • Process changes required (to address process issues or to realize targeted benefits from the new tool)
    • Data migration requirements (if any)
    • Information to prepare for the implementation (review the Checklist Tool)
    • Vendor availability to support implementation
    • Executive mandates that have established specific milestone dates

    Create an initial project schedule:

    • Review the remaining phases of this blueprint for more details on the implementation planning steps.
    • Review and update the Checklist Tool to suit your implementation goals and requirements.
    • Assign task owners and target dates in the Checklist Tool.

    Note: This is a preliminary schedule. Monitor progress as well as requirement changes, and adjust the scope or schedule as needed.

    Update the columns in the Checklist Tool to plan and keep track of your implementation project.

    1.3.2 Identify target dates for vendor involvement

    Plan when you'll be ready for the vendor and identify the key points for when the vendor will come in.

    Are dates already scheduled for tool installation/configuration/customization?

    If yes:

    • Clarify vendor expectations for those target dates (i.e. what do you have to have prepared in advance?).
    • Determine options to adjust dates if needed.

    If no:

    • Defer scheduling until you have reviewed and updated the Implementation Checklist. The checklist will help you determine your readiness for vendor involvement.

    Consider if the vendor will implement the ITSM tool in one go or if they will help setup the tool in stages. Keep in mind that ITSM implementation projects typically take anywhere from 9 weeks to 16 months and plan accordingly depending on the maturity of your processes and the modules and features you plan to implement.

    Use your internal target dates to estimate when you'll be ready for the vendor to set up the tool and implement the setting that you've defined.

    Phase 2

    Prepare to Implement Incident Management and Service Request Modules

    Phase 1Phase 2Phase 3

    Identify Stakeholders, Scope, and Preliminary Timeline

    Prepare to Implement Incident Management and Service Request Modules

    Create a Deployment Plan (Communication, Training, Rollout)

    This phase will walk you through the following steps:

    • Review your existing solution and challenges
    • Plan ticket management and workflow implementation
    • Plan data migration, knowledgebase setup, and integrations
    • Plan the module rollout

    Additional Info-Tech Research

    The Implementation Checklist Tool summarizes what you need to prepare for the implementation. If you need more assistance with developing the underlying ITSM processes, use the tools, templates, and guidance in these blueprints.

    Standardize the Service Desk

    Build core elements of service desk operations, including incident management and service request workflows, ticket categorization schemes, and ticket prioritization rules.

    Optimize the Service Desk With a Shift-Left Strategy

    Implement tools such as an improved knowledgebase and self-service portal to enable lower tier support staff and end users to resolve incidents or fulfill service requests.

    Incident and Problem Management

    Develop a critical incident management workflow and create standard operating procedures for problem management.

    Step 2.1

    Review your existing solution and challenges

    Activities

    2.1.1

    Configure, don’t customize, your solution to minimize risk

    2.1.2

    Review your existing process and solution challenges for opportunities for improvement

    This step involves the following participants:

    1. Service Manager and Service Desk Team
    2. Project Manager and Core Project Team
    3. Subject Matter Experts and Tool Administrator, if applicable

    2.1.1 Configure your tool, don’t customize it

    Your tool may require at least some basic configurations to align with your processes, but in most cases customization of the tool is not recommended.

    Configuration

    Customization

    • Creating settings and recording reference data in the tool within the normal functionality of the tool.
    • Does not require changes to source code.

    Documentation of configurations is key.

    Failure to document configurations and the reasons for specific configurations will lead to:

    • Difficulty diagnosing incidents and problems.
    • Difficulty reconstructing the tool in the case of disaster recovery.
    • One administrator having all of the knowledge of configurations and taking it with them if they leave the organization.
    • Configurations that become useless in the future are maintained and lead to unnecessary work if documentation is not regularly reviewed.
    • Extending the functionality of the tool beyond what it was originally intended to do.
    • Requires manual changes to source code.

    Carefully consider whether a customization is necessary.

    • Over-customization of your ITSM tool code may lock you into your current version of the software by preventing future patches and upgrades, leaving you with outdated software.
    • Over-customization becomes particularly risky when your ITSM solution is integrated with other tools, as a loss in functionality of your ITSM tool resulting from over-customization may cause disruptions across the business.
    • If your selected ITSM solution doesn’t do something you think you need it to do, carefully evaluate whether you really need that customization and if the trade-off of potentially limiting future innovation is worth it.

    Case Study

    Consider the consequences of over-customizing your solution.

    INDUSTRY: Education

    SOURCE: IT Director

    Situation

    Challenge

    Resolution

    A few years ago, the service management office at the university decided to switch ITSM tools, from Computer Associates to ServiceNow.

    They wanted the new tool to behave similarly to what they had previously, so they made a lot of customized code changes to ServiceNow during implementation.

    As a result of the customizations, much of the functionality of the tool was restricted, and the upgrades were not compatible with the solution.

    The external consultants who performed the customizations and backend work did not document their changes, leaving the service management team without an understanding of why they did what they did.

    The service management team is working with ServiceNow to slowly unravel the custom code to try to get the solution back to having out-of-the-box functionality, with the ability to be upgraded.

    It has been challenging to do this work without disrupting the functionality of the tool.

    Over-customization led to the organization paying for features they couldn’t use and spending more time and resources down the road to try to reverse the changes.

    2.1.2 Review your existing process to identify opportunities for improvement

    Documenting your existing processes is an effective method for also reviewing those processes and identifying inefficiencies. Take advantage of this project to fix your process issues.

    1. Document your existing workflows for incident management and service requests.
    2. Review your workflows to identify opportunities to optimize through process refinement (e.g. clarifying escalation guidelines) or by leveraging features in your new ITSM tool (e.g. improved workflow automation).
    3. Similarly, review the challenges identified through stakeholder interviews: is there an opportunity address those challenges through process changes or leveraging your new ITSM tool?
    4. Address those challenge and issues as you execute the tasks outlined in the Implementation Checklist Tool. For example, if inconsistent ticket routing was identified as a challenge due to a vague categorization scheme, that’s a driver to review and update your scheme rather than just carry forward your existing scheme.

    Regardless of your existing ITSM maturity, this is an opportunity to review and optimize existing processes. Even the most-mature organizations can typically find an area to improve.

    Case Study

    Reviewing and defining processes before the implementation can be a project in itself.

    INDUSTRY: Defense

    SOURCE: Anonymous

    Situation

    Challenge

    Resolution

    The organization was switching to a new ITSM tool. To prepare for the implementation, they gathered stakeholders, held steering committee meetings, and broke down key processes, teams, and owners before even meeting with the larger group.

    They used a software tool called InDesign to visibly map service requests and incidents and determine who owned each process and where the handoffs were.

    The service catalog also needed to be built out as they were performing certain services that didn’t relate to anything in the catalog.

    The goal for the implementation was to have it completed within a year, but it ended up going over, taking 15 to 16 months to complete.

    Most of the time was spent identifying processes upfront before configuring the tool. There were difficulties defining processes as well as agreeing on who owned a process or service.

    There were also difficulties agreeing upon who the valid stakeholders were for processes, as groups were siloed.

    The major obstacles to implementation were therefore people and process, not the product.

    New processes were introduced, and boundaries were placed around processes that were being done in the past that weren’t necessary.

    Once the groups were able to agree upon process owners, the tool configuration and implementation itself did not pose any major difficulties.

    After the implementation, the tool was continually improved and sharpened to adapt to processes.

    Step 2.2

    Plan ticket management and workflow implementation

    Activities

    2.2.1

    Define ticket classification values

    2.2.2

    Define ticket templates for common incident types and service requests

    2.2.3

    Plan your ticket intake channels

    2.2.4

    Design a self-service portal

    2.2.5

    Plan your knowledgebase implementation in the new tool

    2.2.6

    Design your ticket status notification processes and templates

    2.2.7

    Identify required user accounts, access levels, and skills/ service groups

    2.2.8

    Review and update your workflows and escalation rules

    2.2.9

    Identify desired reporting and relevant metrics to track

    This step involves the following participants:

    1. Service Manager and Service Desk Team
    2. Project Manager and Core Project Team
    3. Subject Matter Experts and Tool Administrator, if applicable

    Outcomes of this step

    Tool is designed and configured to support service desk processes and organization needs.

    Checklist overview

    The ITSM Tool Implementation Checklist will help you estimate resources required to support demand, based on your ticket volume.

    TAB 2

    TAB 3

    TAB 4

    Incident and Service Modules Checklist

    Change Management Modules

    Asset Management Modules

    The image contains a screenshot of the ITSM Tool Implementation Checklist, tab 2. The image contains a screenshot of the ITSM Tool Implementation Checklist, tab 3. The image contains a screenshot of the ITSM Tool Implementation Checklist, tab 4.

    How to follow this section:

    The following slides contain a table that explains why each task in the module matters and what needs to be considered. Complete the checklist modules referring to this section.

    2.2.1 Define ticket classification values

    Ticket classification improves reporting, workflow automation, and problem identification.

    Review your existing ticket classification values to identify what to carry forward, drop, or change. For example, if your categorization scheme has become too complex, this is your opportunity to fix it; don’t perpetuate ineffective classification in the new tool.

    Task

    Why this matters

    Ticket Types (e.g. incident, service request, change)

    In particular, separating incidents from service requests supports appropriate ticket prioritization and resourcing; for example, an incident typically should be prioritized, and service requests can be scheduled.

    Categories (e.g. network, servers)

    An effective categorization scheme can help identify ticket assignment and escalation (e.g. network tickets would be escalated to the network team), and potentially automate ticket routing.

    Resolution Codes

    Indicates how the ticket was resolved (e.g. configuration change). Supports another layer of trends reporting and data to support problem identification.

    Status Values

    Shows what status the ticket is currently in (e.g. if the ticket has been opened or assigned to an agent, if it is in progress or has been resolved).

    2.2.2 Define ticket templates for common incident types and service requests

    Ticket templates are the backbone of automation. A common complaint is that tickets take too much time. However, a little planning can reduce the time it takes to create a ticket to less than a minute.

    Task

    Why this matters

    Identify common recurring tickets that would be good candidates for using ticket templates (e.g. common service requests and incidents).

    Some common recurring tickets such as password reset, new laptop, and login requests would be great candidates to create ticket templates for. Building a deck of standard rules to follow for common tickets saves time and reduces the number of tickets generated.

    Design ticket templates and workflows for common tickets (e.g. fields to auto-populate as well as routing and secondary tickets for onboarding requests).

    Differentiating between recurring ticket types and building pre-defined templates not just saves time but can also have major impact on how service is delivered as this will also help separate tickets. Creating these templates beforehand will also let you communicate effectively with the users at a time when all hands need to be on deck.

    2.2.3 Plan your ticket intake channels

    Consider possible ticket intake channels and evaluate their relevance to your organization.

    Task

    Why this matters

    Decide on ticket intake channels (e.g. phone, email, portal, walk-ups).

    Each standard intake channel serves its own purposes and can be extremely valuable under different circumstances. For example, walk-ins may be inefficient but necessary for critical incidents.

    If using email, identify/create the email account and appropriate permissions.

    Email works well if it automatically creates a ticket in your ticketing system, but users often don’t provide enough information in unstructured emails. Use required fields and ticket templates to ensure the ticket is properly categorized.

    If using phone, identify/create the phone number and appropriate integrations.

    Maintain the phone for users from other locations and for critical incidents but encourage users who call in to submit a ticket through the portal.

    If using a portal, determine if you will leverage the tool's portal or an existing portal.

    The web portal is the most efficient intake method, but ensure it is user friendly before promoting it.

    If using chat, determine whether you will use the tool's chat or an existing chat mechanism and whether integrations are needed.

    Another way to improve support experience for your customers is through live chat. This gives your customers an easy way to reach you at the exact moment they have questions or issues they can't fix.

    2.2.4 Design a self-service portal

    Map your processes to the tool by defining your ticket input, categories, escalations, and workflows.

    Don’t forget about the client-facing side of the solution. It is important to build a self-serve portal that has an easy-to-use interface where the user can easily find the category for the help they’re looking for. It is also necessary to educate the users on where to find the portal or how to access it.

    Task

    Why this matters

    Identify components to include (e.g. service request, incident, knowledgebase).

    Identify the categories you want the users to be able to access in the portal. Finding the right balance of components to include is very important to make it easy for your users to find all the relevant information they are looking for. This could mean fewer tickets.

    Plan the input form for service requests and incidents (e.g. mandatory fields, optional fields, drop-down lists).

    Having relevant and specific fields helps to narrow down your user’s issues and provides more information on how to allocate these tasks among the service desk resources and reduce time to further investigate the issues.

    If service catalog will be attached to the ITSM tool, define routing and workflows; if there is no existing service catalog, start a separate project to define it (e.g. services, SLAs).

    A centrally defined guide enables a uniform quality in service and clarifies the responsible tier for the ticket. Identify services that will be included in the catalog, and if the information is attached to the ITSM tool, plan for how will the routing and workflows be structured.

    Plan design requirements (e.g. company branding).

    Ensure that the portal is aligned with the company’s theme and access format. Work with the vendor to customize the branding on the tool, design requirements, images.

    2.2.5 Plan your knowledgebase (KB) implementation in the new tool

    Evaluate how onerous KB migration will be for you. Is this an opportunity to improve how the KB is organized?

    Task

    Why this matters

    Define knowledgebase categories and structure.

    Establishing knowledgebase structures or having them separated into categories makes it easy for your clients to find them (e.g. do they align with ticket categories?).

    Identify existing knowledgebase articles to add to the new tool.

    Review existing knowledgebase articles at a high level (e.g. Do you carry forward all existing articles? Take an opportunity to retire old articles?).

    Define knowledgebase article templates.

    Having standardized templates makes it an easy read and will increase its usage (e.g. all knowledgebase articles for recurring incidents will follow the same template).

    Build knowledgebase article creation, usage, and revision workflows.

    Decide how new knowledgebase articles will be built and added to the tool, how it will be accessed and used, and also any steps necessary to update the articles.

    Plan a knowledgebase feedback system.

    For example, include a comments section, like buttons, and who will get notified about feedback.

    2.2.6 Design your ticket status notification processes and templates

    Task

    Why this matters

    Identify triggers for status notifications. Balance the need for keeping users informed versus notifications being treated as spam.

    Identify when and where the users are informed to make sure you are not under or over communicating with them. Status notifications and alerts are a great way to set or reset expectations to your users on the delivery or resolution on their tickets. For example, auto-response for a new ticket, or status updates to users when the ticket is assigned, solved, and closed.

    If using email notifications, design email templates for each type of notification.

    Creating notification templates is a great way to provide standardized service to your clients and it saves time when a ticket is raised. For example, email templates for new ticket, ticket updated, or ticket closed.

    Plan how you will enable users to validate the ticket or resolve request without causing the ticket to reopen.

    For example, in the ticket solved template, provide a link to close the ticket, and ask the user to reply only if they wish to re-open the ticket (i.e. if it's not resolved). May require consulting with the ITSM tool vendor.

    Decide if customer satisfaction surveys will be sent to end users after their ticket has been closed.

    Discuss if this data would be useful to you if captured to improve/modify your service.

    If customer satisfaction surveys will be used, design the survey.

    Discuss what data would be useful to you if captured and create survey questionnaires to capture that data from your clients. For example, how many questions, types of questions, whether sent for every ticket or randomly.

    2.2.7 Identify required user accounts, access levels, and skills/service groups

    Task

    Why this matters

    Define Tier 1, 2, and 3 roles and their associated access levels.

    Having pre-established roles for different tiers and teams is a great way to boost accountability and also helps identify training requirements for each tier. For example, knowledgebase training for tier 1 & 2, reporting/analytics for IT manager.

    Identify skill groups or support teams.

    Establishing accountability for all the support practices in the service desk is important for the tickets to be effectively distributed among the functional individuals and teams. Identifying the responsibilities of groups help execute shift-left strategy.

    Identify required email permissions for each role.

    For example, define which roles get permissions to include status updates or other ticket information in their emails or to support automated notifications and other integrations with email.

    Determine how you will import users into the new tool.

    Identify the best way to migrate your users to the new tool whether it be by importing from Active Directory or the old ITSM tool, etc.

    2.2.8 Review and update your workflows and escalation rules

    Task

    Why this matters

    Document your future-state incident and service request workflows that will incorporate the above planning as well as improvements supported by the new tool.

    Document your workflows and review it to make sure it’s accurate and also to help you with communicating process expectations to all the stakeholders.

    Review the future-state workflows.

    This helps you validate that the planned changes meet your goals and identify any additional required changes.

    Update ticket classification values, templates, and ticket intake as needed based on the future-state workflows.

    Documenting your process might uncover additional requirements for classification, templates, etc. Ensure that the classification templates and related parameters align with the workflows.

    Identify opportunities to further automate workflows by leveraging the new tool.

    The process of reviewing the workflows often helps identify manual processes, labor intensive processes, very repetitive processes, etc. These can be opportunities to further automate your processes.

    2.2.9 Identify desired reporting and relevant metrics to track

    Documentation of key metrics of service desk performance and end-user satisfaction that you wish to improve through the new solution is key to evaluate the success of your implementation.

    Task

    Why this matters

    Define the metrics you will track in the new ITSM tool.

    It is critical to ensure that your tool will be able to track necessary metrics on KPIs from the start and that this data is accurate and reliable so that reporting will be relevant and meaningful to the business. Whether you use your own tool for tracking metrics or an external tool, ensure that you can get the internal data you need from the ITSM tool. This may include measures of Productivity (e.g. time to respond, time to resolve), Service (e.g. incident backlog, customer satisfaction), and Proactiveness (e.g. number of knowledgebase articles per week).

    Determine what reports you want to generate from data collected through the tool.

    It’s not enough to simply set up metrics, you have to actually use the information. Reports should be analyzed regularly and used to manage costs and productivity, improve services, and identify issues. Ensure that your service desk team contributes to the usefulness of reporting by following processes such as creating tickets for every incident and request, categorizing it properly, and closing it after it’s resolved with the proper resolution code.

    Identify the information and metrics to include in the ITSM tool's dashboards.

    A dashboard helps drive accountability across the team through greater visibility. Decide what will be reported on the dashboard. For example, average time to resolution, number of open tickets with subtotals for each priority, problem ticket aging.

    Step 2.3

    Plan data migration and integrations

    Activities

    2.3.1

    Create a data migration and archiving plan

    2.3.2

    Identify and plan required integrations

    This step involves the following participants:

    1. Service Manager and Service Desk Team
    2. Project Manager and Core Project Team
    3. Subject Matter Experts and Tool Administrator, if applicable

    Outcomes of this step

    • Decisions made around data migration, integrations, automation, and reporting.
    • ITSM Tool Implementation Checklist

    2.3.1 Create a data migration and archiving plan

    Task

    Why this matters

    Document your future-state incident and service request workflows that will incorporate the above planning as well as improvements supported by the new tool.

    Document your workflows and review them to make sure they’re accurate and also to help you with communicating process expectations to all the stakeholders.

    Review the future-state workflows.

    This helps you validate that the planned changes meet your goals and identify any additional required changes.

    Update ticket classification values, templates, and ticket intake as needed based on the future-state workflows.

    Documenting your process might uncover additional requirements for classification, templates, etc. Ensure that the classification templates and related parameters align with the workflows.

    Identify opportunities to further automate workflows leveraging the new tool.

    The process of reviewing the workflows often helps identify manual processes, labor-intensive processes, very repetitive processes, etc. These can be opportunities to further automate your processes.

    2.3.2 Identify and plan required integrations

    Consider and plan for any necessary integrations with other systems.

    A major component of the implementation that should be carefully considered throughout is if and how to integrate your ITSM tool with other applications in the environment.

    Task

    Why this matters

    Identify the systems you need to integrate with your ITSM tool (e.g. asset discovery tools, reporting systems).

    Regardless of whether your solution will be configured and installed on-premises or as a SaaS, you need to consider the underlying technology to determine how you will integrate it with other tools where necessary.

    Businesses may need to integrate their ITSM tool with other systems including asset management, network monitoring, and reporting systems to make the organization more efficient.

    Determine how data will flow between systems.

    Carefully evaluate the purpose of each integration. Clients often want their ITSM tool to be integrated with all of the available data in another application when they only need a subset of that data to be integrated.

    Consider not only which systems you need to integrate with your ITSM tool but also who the owners of those systems are and which way the data needs to flow.

    Plan the development, configuration, and testing of integrations.

    As with other aspects of the implementation, configure and test the integrations before going live with the tool.

    Step 2.4

    Plan the module rollout

    Activities

    2.4.1

    Repeat the methodology for additional ITSM modules, using the Checklists as a guide

    2.4.2

    Leverage these blueprints to help you implement change and asset management modules

    This step involves the following participants:

    1. Service Manager and Service Desk Team
    2. Project Manager and Core Project Team
    3. Subject Matter Experts and Tool Administrator, if applicable

    Outcomes of this step

    Identify and plan for additional modules and features to be implemented

    2.4.1 Repeat the methodology for additional ITSM modules, using the Checklists as a guide

    The preparation completed in Phase 1 and 2 to this point provide a foundation for additional ITSM modules.

    This blueprint starts with the incident management and service request modules as those are typically implemented first since they are the most impactful to day-to-day IT service management.

    In addition, the methodology outlined in Phase 1 and 2 to this point provides a model to follow for additional ITSM modules:

    • If you did not already account for additional modules in Phase 1, then repeat the steps in Phase 1 to define scope, stakeholders, and timeline.
    • The Implementation Checklist Tool provides tabs for Change Management and Asset Management to outline the specific details for those topic areas, but they follow the same high-level steps as Phase 2 (e.g. review existing processes, design relevant workflows).
    • If you are planning to implement other modules (e.g. Problem Management), create additional tabs in the Implementation Checklist Tool as needed, using the existing tabs as a base.
    The image contains screenshots of the ITSM checklists.

    2.4.2 Leverage these blueprints to help you implement change and asset management modules

    The Implementation Checklist Tool summarizes what you need to prepare for the implementation. If you need more assistance with developing the underlying ITSM processes, use the tools, templates, and guidance in the blueprints below.

    Optimize IT Change Management

    Define change management workflows, key roles, and supporting elements such as request-for-change forms based on best practices.

    Implement Hardware Asset Management

    Create an SOP and associated process workflows to streamline and standardize hardware asset management.

    Implement Software Asset Management

    Build on a strong hardware asset management program to also properly track and manage software assets. This includes managing software licensing, finding opportunities to reduce costs, and improving your software audit readiness.

    Phase 3

    Create a Deployment Plan (Communication, Training, Rollout)

    Phase 1Phase 2Phase 3

    Identify Stakeholders, Scope, and Preliminary Timeline

    Prepare to Implement Incident Management and Service Request Modules

    Create a Deployment Plan (Communication, Training, Rollout)

    This phase will walk you through the following steps:

    1. Create a communication plan (for IT, users, and business leaders)
    2. Create a training plan
    3. Plan how you will deploy, monitor, and maintain the solution

    ITSM Tool Training Schedule

    ITSM Tool Deployment Plan Template

    Use the template to document and plan the communications and training needs prior to deployment of the new tool.

    The image contains a screenshot of the ITSM Tool Training Schedule.

    Use the deployment plan template to document the strategy and decisions made for making the transition to the new ITSM tool.

    The image contains a screenshot of the ITSM Tool Deployment Plan Template.

    Download the ITSM Tool Training Schedule

    Download the ITSM Tool Deployment Plan Template

    Step 3.1

    Create a communication plan (for IT, users, and business leaders)

    Activities

    3.1.1

    Ensure there is strong communication from management throughout the implementation and deployment

    3.1.2

    Base your communications timeline on a classic change curve to accommodate natural resistance

    3.1.3

    Communicate new processes with business leaders and end users to improve positive customer feedback

    This step involves the following participants:

    1. CIO/IT Director
    2. IT Manager
    3. Service Manager

    Outcomes of this step

    Plan for communicating the change with business executives, service desk agents, and end users.

    3.1.1 Ensure there is strong communication from management throughout the implementation and deployment

    A common contributing factor for unsuccessful implementation is a lack of communication around training, transitioning, and deploying the new tool.

    Common Pitfall:

    Organizational communication and change management should have been ongoing and tightly monitored throughout the project. However, cut-over is a time in which critical communication regarding deployment and proper user training can be derailed when last-minute preparations take priority. Not only will general user frustration increase, but unintended process workarounds will emerge, eroding system effectiveness.

    Mitigating Actions:

    Deliver training for end users that will be engaged in testing. For all other users, deliver training prior to go-live to avoid the risk of training too early (where materials may not be ready or users are likely to forget what was learned). If possible, host quick refresher training a week or two prior to go-live.

    Aim to communicate the upcoming go-live. The purpose of communication here is to reiterate expectations, complexities, and ramifications on business going forward. Alleviate performance anxiety by clearly stating that temporary drops in productivity are to be expected and that there will be appropriate assistance throughout the transition period.

    Transition: Have the project/program manager remain on the project team for some time after deployment to oversee and assure smooth transition for the organization.

    Complete training: Have a clear plan for training those users that were missed in the first round of training as well as a plan for ongoing training for those that require refresher training, for new joiners to your organization, and for any training requirements that result from subsequent upgrades.

    3.1.2 Base your communications timeline on a classic change curve

    It’s important to communicate the change ahead of the implementation, but also to reinforce that communication after implementation to recover from any resistance that occurs through the implementation itself.

    Stages in a typical change curve:

    1. Change is announced. Some people are skeptical and resistant, but others are enthusiastic. Most people are fence sitters; if they trust senior leadership, they will give the benefit of the doubt and expect change to be good.
    2. Positive sentiment declines as implementation approaches. Training and other disruptions take people’s time and energy away from their work. Project setbacks and delays take credibility away from project leaders and seem to validate the efforts of saboteurs and skeptics.
    3. Overall sentiment begins to improve as people adjust and see real progress made. Ideally, early successes or quick wins neutralize saboteurs and convert skeptics. At the very least, people will begin to accept and adapt to new realities.
    4. If the project is successful and communication is reinforced after implementation, sentiment will peak and level out over time as people move on to other projects.

    The image contains a diagram of a change curve.

    1. Honeymoon of “Uninformed Optimism”: Tentative support and enthusiasm for change before people have really felt or understood what it involves.
    2. Backlash of “Informed Pessimism” (leading to “Valley of Despair”): People realize they’ve overestimated the benefits (or how soon they’ll be achieved) and underestimated the difficulty of change.
    3. Valley of Despair and beginning of “Hopeful Realism”: Sentiment bottoms out and people begin to accept the difficulty (or inevitability) of change.
    4. Bounce of “Informed Optimism”: More optimism and support when people begin to see bright spots and early successes.
    5. Contentment of “Completion”: Change has been successfully adopted and benefits are being realized.

    3.1.3 Communicate new processes

    1. Communicate with business unit leaders and users:
    • Focus on the benefits for end users to encourage buy-in for the change.
    • Include preliminary instructions with a date for training sessions.
  • Train users:
    • Teach users how to contact the service desk and submit a ticket.
    • Set expectations for IT’s response.
    • Record all your training sessions so it can used for recursive training.
  • Enforce:
    • IT must point users toward the new process, but ad hoc requests should still be expected at first. Deal with these politely but encourage all employees to use the new service desk ticketing process, if applicable.
  • Measure success:
    • Continue to adjust communications if processes aren’t being followed to ensure SLAs can be met and improved.

    “Communicate with your end users in phase 1 to let them know what will be changing, get feedback and buy-in, and inform them that training will be happening, then ensure you train them once the tool is installed. A lot of times we’ll get our tool set up but people don’t know how to use it."

    – Director of ITSM Tools

    Info-Tech Insight

    If there is a new process for ticket input, consider using a reward system for users who submit a ticket through the proper channel ;(e.g. email or self-serve portal) instead of their old method (e.g. phone). However, if a significant cultural change is required, don’t expect it to happen right away.

    Step 3.2

    Create a training plan

    Activities

    3.2.1

    Target training session(s) to the specific needs of your service desk, service groups, IT managers

    3.3.1

    Provide training (tool/portal and process changes)

    3.4.1

    Choose an appropriate training delivery method that will focus on both process and tool

    This step involves the following participants:

    • IT Director
    • Project Manager
    • Service Desk Manager

    Outcomes of this step

    • Training modules for different users of the tool.
    • Assignment of training modules to users and schedule for completion.

    3.2.1 Target training session(s) to the specific needs of your service desk and IT staff

    Create targeted role-based training programs for your service desk analysts; they care about the portion of the solution they are responsible for, not the functionality that is irrelevant to their job.

    Create and execute a role-based training program by conducting training sessions for targeted groups of users, training them on the functions they require to perform their jobs.

    Use a table like this one to help identify which roles should be trained on which tasks within the ITSM tool.

    The image contains a table as an example of identifying which roles should be trained within the ITSM tool.

    The need for targeted training:

    • IT personnel may challenge the need for training. They may feel they don’t require training on the use of tools or that they don’t have time to dedicate to training when there is so much work to be done.
    • Providing targeted training focused on only the functions of the solution that each tier is responsible for can help to overcome that resistance.
    • Targeted training may include basic training for level 1 technicians and more advanced in-depth training for administrators, power users, or level 2/3 technicians.

    Info-Tech Insight:

    Properly trained users promote adoption and improve results. Always keep training materials updated and available. New employees, new software integration, and internal promotions create opportunities for training employees to align the ITSM tool with their roles and responsibilities.

    3.2.2 Provide training

    Training must take place before deployment to ensure that both your service desk agents and end users will use the tool in the way it was intended and improve end-user satisfaction.

    • Implementing a new ITSM tool will likely bring with it at least some degree of organizational and cultural change. It’s important to manage that change through proper training. Your training needs will vary depending on the maturity of the organization and the amount of cultural and process change being implemented.
    • If this is your first ITSM solution with many new changes for staff to take on board, it will be important to dedicate training time not only before deployment but also several months after the initial installation, to allow staff to gain more experience with the new tool and processes and formulate questions they may not think to ask during implementation.
    • A training plan should take into account not only training needs for the implementation project but also any ongoing training requirements that may be required. This may include:
      • Training for new personnel.
      • Training on any changes to the tool.
      • Training on any new processes the tool will support.
    • Better agent training will lead to better performance and improved end-user satisfaction.

    The image contains a screenshot of a graph to demonstrate training hours and first contact resolution.

    The blue graph line charts new-agent training hours against first contact resolution and the orange graph line charts the trendline for the dataset.

    Source: MetricNet, 2012

    3.2.3 Choose an appropriate training delivery method

    Training should include use cases that focus on not only how the tool’s interface works but also how the tool should be used to support process activities.

    1. Training through use cases highlights how the tool will support the user in role-based tasks.
    2. If new processes are being introduced along with the tool, training should cover both in an integrated way.
    3. Team leadership and management commitment ensures that all agents take their training seriously and are prepared for all use cases by the deployment date.

    Trainer-led sessions:

    Self-taught sessions:

    • May take the form of onsite or video training.
    • Vendor may train administrators or managers, who will later train remaining staff.
    • Allows for interaction with the trainer and greater opportunity to ask questions.
    • Difficult for large organizations with many users to be trained.
    • Delivered via computer-based training applications, typically through a web browser.
    • May include voice training sessions combined with exercises and quizzes.
    • More feasible for large, distributed organizations with less flexible schedules.

    Info-Tech Insight:

    Ensure that the training demonstrates not only how the tool should be used, but also the benefits it will provide your staff in terms of improved efficiency and productivity. Users who can clearly see the benefits the tool will provide for their daily work will accept the tool more readily and promote it across the organization.

    Step 3.3

    Plan how you will deploy, monitor, and maintain the solution

    Activities

    3.3.1

    Plan the transition from your old tool to ensure continual functionality

    3.3.2

    Choose a cut-over approach that works for you

    3.3.3

    Deploy the solution and any new processes simultaneously to ease the transition

    3.3.4

    Have a post-deployment support plan in place

    3.3.5

    Monitor success metrics defined in Phase 1

    This step involves the following participants:

    • IT Director
    • Project Manager
    • Service Desk Manager

    Outcomes of this step

    Deployment plan, including a plan for cut-over from the old tool (if applicable), release of the new tool, and post-deployment support and maintenance of the tool.

    3.3.1 Plan the transition from your old tool to ensure continual functionality

    If you will have a transitional period during which the current tool will be used alongside the new tool, develop a clear plan for the transition to ensure continued service for your end users.

    • If there will be an interim period during which only some aspects of the new ITSM tool are functional, you will need to determine how the new system and old systems will work together for that period of time. This may require creating interfaces as well as providing user documentation and/or SOPs on how the business processes will operate during the interim period.
    • Cut-over is the period during which the changeover to the new system occurs. Cut-over activities need to be tightly choreographed for a successful deployment. If improperly planned, chaos may erupt when unforeseen issues are encountered during deployment, the deployment may be jeopardized, and the organization may encounter costly interruptions to its daily operations.
    • Many organizations may leave any open tickets in the old tool until they are closed, which requires that tool run alongside the new tool for a transitional period. In this case, it is necessary to create guidelines around how long the open tickets will remain in the old system and ensure there is clear communication around these processes.

    Be prepared for the transition:

    1. Create a robust cut-over plan that includes when the old tool will be decommissioned, what activities are necessary during the cut-over, and what the contingency plan is in case of unforeseen issues.
    2. Plan for and perform mock cut-overs to establish the timeline and dependencies for all steps that need to be performed to successfully complete the changeover. Do this to avoid any surprises or delays during the true cut-over period.
    3. Establish cut-over logistics: Create a schedule for resources to work in shifts to avoid burn-out during cut-over, which can lead to lapses in judgment and easily avoidable mistakes. Allocate dedicated workspaces for cut-over activities, e.g. “war rooms” for the triage of issues.

    3.3.2 Choose a cut-over approach that works for you

    Approaches and insights from three case studies

    Case Study #1

    Case Study #2

    Case Study #3

    On day one we started recording all new incidents in the new tool, and everything that was open in the old tool remained open for about one month. At that point we transferred over some open incidents but closed old incidents with the view that if anyone really wanted something done that hadn’t been yet, they could re-submit a ticket.

    – Brett Andrews,

    Managing Director at BAPTISM Consultancy

    It made sense for us to start fresh with the new system. We left all of the old tickets in the old system and started the new system with ticket #1. We only had about a dozen open tickets in the old system so we left them there and ran the two tools side by side until those were closed.

    – CIO, Publishing

    It depends on the client and the size of their service desk as well as the complexity of their data and whether they need their old data for reporting. If there are only a dozen open tickets, they can manually move those over easily, and decide whether they want to migrate their historical data for reporting purposes.

    – Scott Walling,

    Co-Founder at Monitor 24-7 Inc.

    3.3.3 Deploy the solution and any new processes simultaneously to ease the transition

    Follow a deployment plan for introducing new processes alongside the new tool to ensure changes to both process and technology are adopted simultaneously.

    If you’re introducing new processes alongside the new tool, it’s important to maintain the link between process and tool. Typically, the processes and tool should be deployed simultaneously unless there is a strong reason not to do so.

    Deployment can be done as a big-bang or phased approach. The decision to employ a phased deployment depends on the number and size of business units the tool will support, as well as the organization’s geography and infrastructure (deployment locations).

    Before deployment, conduct readiness assessments to understand whether:

    The people are ready to accept the new system (have received the proper training and communications and understand how their jobs will change when the switch is flipped).

    The technology is ready (test results are favorable, workarounds and a plan for closure have been identified for any open defects, and the system is performing as expected).

    The data is ready (data for final conversion has been cleansed, and all conversions have been rehearsed).

    The post-deployment support model is ready (infrastructure and technical support is in place, sites are ready, knowledge transfer has been conducted with the support organization, and end users understand procedures for escalation of issues).

    3.3.4 Have a post-deployment support plan in place

    Ensure that strong internal support for the project and tool will continue after deployment.

    The stabilization period after a new software deployment can last between three and nine months, during which there may be continued training needs and fine-tuning of processes. Internal support from project leaders within your organization will be critical to recover from any dip in operational efficiency and deliver the benefits of the tool.

    Consider the following to prepare better for your support plan:

    What are the roles and responsibilities for ongoing tool administration support?

    What level of support will exist to assist service desk staff after deployment?

    How much time will project team resources devote to tackling upcoming issues and assisting with ongoing support?

    Who will be responsible for ongoing training needs and documentation?

    If your organization is spread across multiple locations, what level of support/assistance will be available at each site?

    How will new code releases or system upgrades be managed and communicated?

    Info-Tech Insight:

    Deployment is only the first step in the system lifecycle. Full benefit realization from the tool requires ongoing investment and learning to be sustained. Unless processes and training are updated on an ongoing basis, benefits gained will start to decrease over time. If your service desk efficiency stagnates at the level it was at prior to implementation, the tool has failed to serve its objective.

    Establish ongoing tool maintenance, improvement structures, and processes

    People, processes, and organizations change over time, and your ITSM tool will need to change to meet expectations.

    Develop and execute a plan for the maintenance of the solution and its infrastructure components.

    Include periodic reviews against business needs and operational requirements (e.g. patches, upgrades, and risk and security requirements).

    For maintenance updates, use the change management process and assess how an activity will impact solution design, functionality, and business processes.

    For major changes that result in significant change in current designs, functionality, and/or business processes, follow the development process used for new systems.

    Ensure that maintenance activities are periodically analyzed for abnormal trends indicating underlying quality or performance problems, cost/benefit of major upgrade, or replacement in lieu of maintenance.

    Assign responsibility for ongoing maintenance. Hold regular meetings for the following activities:

    1. Inspect data and reports.
    2. Assess whether you’re meeting SLAs.
    3. Predict any upcoming changes that may impact ticket volume (e.g. a new operating system or security patch).
    4. Create new ticket templates for recurring or upcoming issues.
    5. Create new knowledgebase articles.
    6. Determine whether ticket categories are being used correctly.
    7. Ask team if there are any problems with the tool.

    3.3.5 Monitor success metrics defined in Project Charter

    Revisit your goals for the solution and assess if they are being met by evaluating current metrics. If your goals have not yet been met, re-evaluate how to ensure the tool will deliver value.

    Sample High-Level Goals:

    1. Improved service desk efficiency
    2. Improved end-user satisfaction
    3. Improved self-service options for end users
    4. Improved data and reporting capabilities

    Sample Metric Descriptions

    Baseline Metric

    Goal

    Current Metric

    Increased ticket input through email versus phone

    50% of tickets submitted through phone

    10% of tickets submit through phone

    Reduced ticket volume (through improved self-serve capabilities)

    1,500 tickets per month

    1,200 tickets per month

    Improved first call resolution (through increased efficiency and automation)

    50% FCR

    60% FCR

    Improved ability to meet SLAs (through automated escalations and prioritization)

    5 minutes to log a ticket

    1 minute to log a ticket

    Improved time to produce reports

    3 business days

    1 business day

    Improved end-user satisfaction

    60% satisfied with services

    75% satisfied

    Related Info-Tech Research

    Optimize IT Change Management

    Define change management workflows, key roles, and supporting elements such as request-for-change forms based on best practices.

    Standardize the Service Desk

    Build core elements of service desk operations, including incident management and service request workflows, ticket categorization schemes, and ticket prioritization rules.

    Optimize the Service Desk With a Shift-Left Strategy

    Implement tools such as an improved knowledgebase and self-service portal to enable lower tier support staff and end users to resolve incidents or fulfill service requests.

    Incident and Problem Management

    Develop a critical incident management workflow and create standard operating procedures for problem management.

    IT Service Management Selection Guide

    Identify the best-of-breed solution to make the most of your investment and engage the right stakeholders to define success.

    Analyze Your Service Desk Ticket Data

    Develop a framework to track metrics, clean data, and put your data to use for pre-defined timelines.

    Bibliography

    Adiga, Siddanth. “10 Reasons Why ITSM Implementations Fail.” Could Strategy, 6 May 2015. Web.

    Hastie, Shane, and Stéphane Wojewoda. “Standish Group 2015 Chaos Report.” InfoQ, 4 October 2015. Web.

    “How to Manage Change in the Implementation of an ITSM Software.” C2, 20 April 2015. Web.

    Lockwood, Meghan. “First Look: Annual ServiceNow Insight and Vision Executive Summary [eBook].” Acorio, 31 October 2019. Web.

    Mainville, David. “7 Steps to a Successful ITSM Tool Implementation.” Navvia, 2012. Web.

    Rae, Barclay. “Preparing for ITSM Tool Implementation.” Joe the IT Guy, 24 June 2015. Web.

    Rae, Barclay. “Successful ITSM Tool Implementation.” BrightTALK, 9 May 2013. Webcast.

    Rumburg, Jeffrey. “Metric of the Month: Agent Training Hours.” MetricNet, 2012. Web.

    2024 Tech Trends

    • Buy Link or Shortcode: {j2store}289|cart{/j2store}
    • member rating overall impact (scale of 10): 10
    • Parent Category Name: Innovation
    • Parent Category Link: /improve-your-core-processes/strategy-and-governance/innovation

    AI has revolutionized the landscape, placing the spotlight firmly on the generative enterprise.

    The far-reaching impact of generative AI across various sectors presents fresh prospects for organizations to capitalize on and novel challenges to address as they chart their path for the future. AI is more than just a fancy auto-complete. At this point it may look like that, but do not underestimate the evolutive power.

    In this year's Tech Trends report, we explore three key developments to capitalize on these opportunities and three strategies to minimize potential risks.

    Generative AI will take the lead.

    As AI transforms industries and business processes, IT and business leaders must adopt a deliberate and strategic approach across six key domains to ensure their success.

    Seize Opportunities:

    • Business models driven by AI
    • Automation of back-office functions
    • Advancements in spatial computing

    Mitigate Risks:

    • Ethical and responsible AI practices
    • Incorporating security from the outset
    • Ensuring digital sovereignty

    Mitigate Key IT Employee Knowledge Loss

    • Buy Link or Shortcode: {j2store}511|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $12,314 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge - which, when lost, results in decreased productivity, increased risk, and money out the door.

    Our Advice

    Critical Insight

    • Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge – which, when lost, results in decreased productivity, increased risk, and money out the door. It’s estimated that Fortune 500 companies lose approximately $31.5 billion each year by failing to share knowledge.
    • Don’t follow a one-size-fits-all approach to knowledge transfer strategy! Right-size your approach based on your business goals.
    • Prioritize knowledge transfer candidates based on their likelihood of departure and the impact of losing that knowledge.
    • Select knowledge transfer tactics based on the type of knowledge that needs to be captured – explicit or tacit.

    Impact and Result

    Successful completion of the IT knowledge transfer project will result in the following outcomes:

    1. Approval for IT knowledge transfer project obtained.
    2. Knowledge and stakeholder risks identified.
    3. Effective knowledge transfer plans built.
    4. Knowledge transfer roadmap built.
    5. Knowledge transfer roadmap communicated and approval obtained.

    Mitigate Key IT Employee Knowledge Loss Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Mitigate Key IT Employee Knowledge Loss Deck – A step-by-step document that walks you through how to transfer knowledge on your team to mitigate risks from employees leaving the organization.

    Minimize risk and IT costs resulting from attrition through effective knowledge transfer.

    • Mitigate Key IT Employee Knowledge Loss Storyboard

    2. Project Stakeholder Register Template – A template to help you identify and document project management stakeholders.

    Use this template to document the knowledge transfer stakeholder power map by identifying the stakeholder’s name and role, and identifying their position on the power map.

    • Project Stakeholder Register Template

    3. IT Knowledge Transfer Project Charter Template – Define your project and lay the foundation for subsequent knowledge transfer project planning

    Use this template to communicate the value and rationale for knowledge transfer to key stakeholders.

    • IT Knowledge Transfer Project Charter Template

    4. IT Knowledge Transfer Risk Assessment Tool – Identify the risk profile of knowledge sources and the knowledge they have

    Use this tool to identify and assess the knowledge and individual risk of key knowledge holders.

    • IT Knowledge Transfer Risk Assessment Tool

    5. IT Knowledge Transfer Plan Template – A template to help you determine the most effective knowledge transfer tactics to be used for each knowledge source by listing knowledge sources and their knowledge, identifying type of knowledge to be transferred and choosing tactics that are appropriate for the knowledge type

    Use this template to track knowledge activities, intended recipients of knowledge, and appropriate transfer tactics for each knowledge source.

    • IT Knowledge Transfer Plan Template

    6. IT Knowledge Identification Interview Guide Template – A template that provides a framework to conduct interviews with knowledge sources, including comprehensive questions that cover what type of knowledge a knowledge source has and how unique the knowledge is

    Use this template as a starting point for managers to interview knowledge sources to extract information about the type of knowledge the source has.

    • IT Knowledge Identification Interview Guide Template

    7. IT Knowledge Transfer Roadmap Presentation Template – A presentation template that provides a vehicle used to communicate IT knowledge transfer recommendations to stakeholders to gain buy-in

    Use this template as a starting point to build your proposed IT knowledge transfer roadmap presentation to management to obtain formal sign-off and initiate the next steps in the process.

    • IT Knowledge Transfer Roadmap Presentation Template
    [infographic]

    Workshop: Mitigate Key IT Employee Knowledge Loss

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    Further reading

    Mitigate Key IT Employee Knowledge Loss

    Transfer IT knowledge before it’s gone.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge1 which, when lost, results in decreased productivity, increased risk, and money out the door. You need to:

    • Build a strategic roadmap to retain and share knowledge.
    • Build a knowledge transfer strategy based on your organization’s business goals.
    • Increase departmental efficiencies through increased collaboration.
    • Retain key IT knowledge
    • Improve junior employee engagement by creating development opportunities.
    • Don’t follow a one-size fits all approach. Right-size your approach based on your organizational goals.
    • Prioritize knowledge transfer candidates based on their likelihood of departure and the impact of losing that knowledge.
    • What you’re transferring impacts how you should transfer it. Select knowledge transfer tactics based on the type of knowledge that needs to be captured – explicit or tacit.

    Our client-tested methodology and project steps allow you to tailor your knowledge transfer plan to any size of organization, across industries. Successful completion of the IT knowledge transfer project will result in the following outcomes:

    • Approval for IT knowledge transfer project obtained.
    • Knowledge and stakeholder risks identified.
    • Effective knowledge transfer plans built.
    • Knowledge transfer roadmap built.
    • Knowledge transfer roadmap communicated.

    Info-Tech Insight

    Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge which, when lost, results in decreased productivity, increased risk, and money out the door.1

    1 McLean & Company, 2016, N=120

    Stop your knowledge from walking out the door

    Today, the value of an organization has less to do with its fixed assets and more to do with its intangible assets. Intangible assets include patents, research and development, business processes and software, employee training, and employee knowledge and capability.

    People (and their knowledge and capabilities) are an organization’s competitive advantage and with the baby boomer retirement looming, organizations need to invest in capturing employee knowledge before the employees leave. Losing employees in key roles without adequate preparation for their departure has a direct impact on the bottom line in terms of disrupted productivity, severed relationships, and missed opportunities.

    Knowledge Transfer (KT) is the process and tactics by which intangible assets – expertise, knowledge, and capabilities – are transferred from one stakeholder to another. A well-devised knowledge transfer plan will mitigate the risk of knowledge loss, yet as many as 74%2 of organizations have no formal approach to KT – and it’s costing them money, reputation, and time.

    84%of all enterprise value on the S&P 500 is intangibles.3

    $31.5 billion lost annually by Fortune 500 companies failing to share knowledge. 1

    74% of organizations have no formal process for facilitating knowledge transfer. 2

    1 Shedding Light on Knowledge Management, 2004, p. 46

    2 McLean & Company, 2016, N=120

    3 Visual Capitalists, 2020

    Losing knowledge will undermine your organization’s strategy in four ways

    In a worst-case scenario, key employees leaving will result in the loss of valuable knowledge, core business relationships, and profits.

    1

    Inefficiency due to “reinvention of the wheel.” When older workers leave and don’t effectively transfer their knowledge, younger generations duplicate effort to solve problems and find solutions.

    2

    Loss of competitive advantage. What and who you know is a tremendous source of competitive edge. Losing knowledge and/or established client relationships hurts your asset base and stifles growth, especially in terms of proprietary or unique knowledge.

    3

    Reduced capacity to innovate. Older workers know what works and what doesn’t, as well as what’s new and what’s not. They can identify the status quo faster, to make way for novel thinking.

    4

    Increased vulnerability. One thing that comes with knowledge is a deeper understanding of risk. Losing knowledge can impede your organizational ability to identify, understand, and mitigate risks. You’ll have to learn through experience all over again.

    Are you part of the 74% of organizations with no knowledge transfer planning in place? Can you afford not to have it?

    Consider this:

    55-60

    67%

    78%

    $14k / minute

    the average age of mainframe workers – making close to 50% of workers over 60.2

    of Fortune 100 companies still use mainframes3 requiring. specialized skills and knowledge

    of CIOs report mainframe applications will remain a key asset in the next decade.1

    is the cost of mainframe outages for an average enterprise.1

    A system failure to a mainframe could be disastrous for organizations that haven’t effectively transferred key knowledge. Now think past the mainframe to key processes, customer/vendor relationships, legal requirements, home grown solutions etc. in your organization.

    What would knowledge loss cost you in terms of financial and reputational loss?

    Source: 1 Big Tech Problem as Mainframes Outlast Workforce

    Source: 2 IT's most wanted: Mainframe programmers

    Source: 3The State of the Mainframe, 2022

    Case Study

    Insurance organization fails to mitigate risk of employee departure and incurs costly consequences – in the millions

    INDUSTRY: Insurance

    SOURCE: ITRG Member

    Challenge

    Solution

    Results

    • A rapidly growing organization's key Senior System Architect unexpectedly fell ill and needed to leave the organization.
    • This individual had been with the organization for more than 25 years and was the primary person in IT responsible for several mission-critical systems.
    • Following this individual’s departure, one of the systems unexpectedly went down.
    • As this individual had always been the go-to person for the system, and issues were few and far between, no one had thought to document key system elements and no knowledge transfer had taken place.
    • The failed system cost the organization more than a million dollars in lost revenue.
    • The organization needed to hire a forensic development team to reverse engineer the system.
    • This cost the organization another $200k in consulting fees plus the additional cost of training existing employees on a system which they had originally been hoping to upgrade.

    Forward thinking organizations use knowledge transfer not only to avoid risks, but to drive IT innovation

    IT knowledge transfer is a process that, at its most basic level, ensures that essential IT knowledge and capabilities don’t leave the organization – and at its most sophisticated level, drives innovation and customer service by leveraging knowledge assets.

    Knowledge Transfer Risks:

    Knowledge Transfer Opportunities:

    ✗ Increased training and development costs when key stakeholders leave the organization.

    ✗ Decreased efficiency through long development cycles.

    ✗ Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget.

    ✗ Lost relationships with key stakeholders within and outside the organization.

    ✗ Inconsistent project/task execution, leading to inconsistent outcomes.

    ✗ IT losing its credibility due to system or project failure from lost information.

    ✗ Customer dissatisfaction from inconsistent service.

    ✓ Mitigated risks and costs from talent leaving the organization.

    ✓ Business continuity through redundancies preventing service interruptions and project delays.

    ✓ Operational efficiency through increased productivity by never having to start projects from scratch.

    ✓ Increased engagement from junior staff through development planning.

    ✓ Innovation by capitalizing on collective knowledge.

    ✓ Increased ability to adapt to change and save time-to-market.

    ✓ IT teams that drive process improvement and improved execution.

    Common obstacles

    In building your knowledge transfer roadmap, the size of your organization can present unique challenges

    How you build your knowledge transfer roadmap will not change drastically based on the size of your organization; however, the scope of your initiative, tactics you employ, and your communication plan for knowledge transfer may change.


    How knowledge transfer projects vary by organization size:

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    ✓ Project scope is much more manageable.

    ✓ Communication and planning can be more manageable.

    ✓ Fewer knowledge sources and receivers can clarify prioritization needs.

    ✓ Project scope is more manageable.

    ✓ Moderate budget for knowledge transfer activities.

    ✓ Communication and enforcement is easier.

    ✓ Budget available to knowledge transfer initiatives.

    ✓ In-house expertise may be available.

    Project Risks

    ✗ Limited resources for the project.

    ✗ In-house expertise is unlikely.

    ✗ Knowledge transfer may be informal and not documented.

    ✗ Limited overlap in responsibilities, resulting in fewer redundancies.

    ✗ Limited staff with knowledge transfer experience for the project.

    ✗ Knowledge assets are less likely to be documented.

    ✗ Knowledge transfer may be a lower priority and difficult to generate buy-in.

    ✗ More staff to manage knowledge transfer for, and much larger scope for the project.

    ✗ Impact of poor knowledge transfer can result in much higher costs.

    ✗Geographically dispersed business units make collaboration and communication difficult.

    ✗ Vast amounts of historical knowledge to capture.

    Capture both explicit and tacit knowledge

    Explicit

    Tacit

    • “What knowledge” – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • “How knowledge” – intangible knowledge from an individual’s experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information

    • Specialized technical knowledge.
    • Unique design capabilities/ methods/ models.
    • Legacy systems, details, passwords.
    • Special formulas/algorithms/ techniques/contacts.

    Process

    • Specialized research and development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.

    Skills

    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.

    Expertise

    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    Examples: reading music, building a bike, knowing the alphabet, watching a YouTube video on karate.

    Examples: playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Knowledge transfer is not a one-size-fits-all project

    The image contains a picture of Info-Tech's Knowledge Transfer Maturity Model. Level 0: Accidental, goal is not prioritized. Level 1: Stabilize, goal is risk mitigation. Level 2: Proactive, goal is operational efficiency. Level 3: Knowledge Culture, goal is innovation & customer service.

    No formal knowledge transfer program exists; knowledge transfer is ad hoc, or may be conducted through an exit interview only.

    74% of organizations are at level 0.1

    At level one, knowledge transfer is focused around ensuring that high risk, explicit knowledge is covered for all high-risk stakeholders.

    Organizations have knowledge transfer plans for all high-risk knowledge to ensure redundancies exist and leverage this to drive process improvements, effectiveness, and employee engagement.

    Increase end-user satisfaction and create a knowledge value center by leveraging the collective knowledge to solve repeat customer issues and drive new product innovation.

    1 Source: McLean & Company, 2016, N=120

    Assess your fit for this blueprint by considering the following statements

    I’m an IT Leader who…

    Stabilize

    …has witnessed that new employees have recently left or are preparing to leave the organization, and worries that we don’t have their knowledge captured anywhere.

    …previously had to cut down our IT department, and as a result there is a lack of redundancy for tasks. If someone leaves, we don’t have the information we need to continue operating effectively.

    …is worried that the IT department has no succession planning in place and that we’re opening ourselves up to risk.

    Proactive

    …feels like we are losing productivity because the same problems are being solved differently multiple times.

    …worries that different employees have unique knowledge which is critical to performance and that they are the only ones who know about it.

    …has noticed that the processes people are using are different from the ones that are written down.

    …feels like the IT department is constantly starting projects from scratch, and employees aren’t leveraging each other’s information, which is causing inefficiencies.

    …feels like new employees take too long to get up to speed.

    …knows that we have undocumented systems and more are being built each day.

    Knowledge Culture

    …feels like we’re losing out on opportunities to innovate because we’re not sharing information, learning from others’ mistakes, or capitalizing on their successes.

    …notices that staff don’t have a platform to share information on a regular basis, and believes if we brought that information together, we would be able to improve customer service and drive product innovation.

    …wants to create a culture where employees are valued for their competencies and motivated to learn.

    …values knowledge and the contributions of my team.

    This blueprint can help you build a roadmap to resolve each of these pain points. However, not all organizations need to have a knowledge culture. In the next section, we will walk you through the steps of selecting your target maturity model based on your knowledge goals.

    Case Study

    Siemens builds a knowledge culture to drive customer service improvements and increases sales by $122 million

    INDUSTRY: Electronics Engineering

    SOURCE: KM Best Practices

    Challenge

    Solution

    Results

    • As a large electronics and engineering global company, Siemens was facing increased global competition.
    • There was an emphasized need for agility and specialized knowledge to remain competitive.
    • The new company strategy to address competitive forces focused on becoming a knowledge enterprise and improving knowledge-sharing processes.
    • New leadership roles were created to develop a knowledge management culture.
    • “Communities of practice” were created with the goal of “connecting people to people” by allowing them to share best practices and information across departments.
    • An internal information-sharing program was launched that combined chat, database, and search engine capabilities for 12,000 employees.
    • Employees were able to better focus on customer needs based on offering services and products with high knowledge content.
    • With the improved customer focus, sales increased by $122 million and there was a return of $10-$20 per dollar spent on investment in the communities of practice.

    Info-Tech’s approach

    Five steps to future-proof your IT team

    The five steps are in a cycle. The five steps are: Obtain approval for IT knowledge transfer project, Identify your  knowledge and stakeholder risks, Build knowledge transfer plans, Build your knowledge transfer roadmap, Communicate your knowledge transfer roadmap to stakeholders.

    The Info-Tech difference:

    1. Successfully build a knowledge transfer roadmap based on your goals, no matter what market segment or size of business.
    2. Increase departmental efficiencies through increased collaboration.
    3. Retain key IT knowledge.
    4. Improve junior employee engagement by creating development opportunities.

    Use Info-Tech tools and templates

    Project outcomes

    1. Approval for IT knowledge transfer project obtained

    2. Knowledge and stakeholder risks identified

    3. Tactics for individuals’ knowledge transfer identified

    4. Knowledge transfer roadmap built

    5. Knowledge transfer roadmap approved

    Info-Tech tools and templates to help you complete your project deliverables

    Project Stakeholder Register Template

    IT Knowledge Transfer Risk Assessment Tool

    IT Knowledge Identification Interview Guide Template

    Project Planning and Monitoring Tool

    IT Knowledge Transfer Roadmap Presentation Template

    IT Knowledge Transfer Project Charter Template

    IT Knowledge Transfer Plan Template

    Your completed project deliverables

    IT Knowledge Transfer Plans

    IT Knowledge Transfer Roadmap Presentation

    IT Knowledge Transfer Roadmap

    Info-Tech’s methodology to mitigate key IT employee knowledge loss

    1. Initiate

    2. Design

    3. Implement

    Phase Steps

    1. Obtain approval for IT knowledge transfer project.
    2. Identify your knowledge and stakeholder risks.
    1. Build knowledge transfer plans.
    2. Build your knowledge transfer roadmap.
    1. Communicate your knowledge transfer roadmap to stakeholders.

    Phase Outcomes

    • Approval for IT knowledge transfer project obtained.
    • Knowledge and stakeholder risks identified.
    • IT knowledge transfer project charter created.
    • Tactics for individuals’ knowledge transfer identified.
    • Knowledge transfer roadmap built.
    • IT knowledge transfer plans established.
    • IT Knowledge transfer roadmap presented.
    • Knowledge transfer roadmap approved.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    IT Knowledge Transfer Project Charter

    Establish a clear project scope, decision rights, and executive sponsorship for the project.

    The image contains a screenshot of the IT Knowledge Transfer Project Charter.

    IT Knowledge Transfer Risk Assessment Tool

    Identify and assess the knowledge and individual risk of key knowledge holders.

    The image contains a screenshot of the IT Knowledge Transfer Risk Assessment Tool.

    IT Knowledge Identification Interview Guide

    Extract information about the type of knowledge sources have.

    The image contains a screenshot of the IT Knowledge Identification Interview Guide.

    IT Knowledge Transfer Roadmap Presentation

    Communicate IT knowledge transfer recommendations to stakeholders to gain buy-in.

    The image contains a screenshot of the IT Knowledge Transfer Roadmap Presentation.

    Key deliverable:

    IT Knowledge Transfer Plan

    Track knowledge activities, intended recipients, and appropriate transfer tactics for each knowledge source.

    The image contains a screenshot of the IT Knowledge Transfer Plan.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Business continuity through redundancies preventing service interruptions and project delays.
    • Operational efficiency through increased productivity by never having to start projects from scratch.
    • Increased engagement from junior staff through development planning.
    • IT teams that drive process improvement and improved execution.
    • Mitigated risks and costs from talent leaving the organization.
    • Innovation by capitalizing on collective knowledge.
    • Increased ability to adapt to change and save time-to-market.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “ Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Structure the project. Discuss transfer maturity goal and metrics.

    Call #2: Build knowledge transfer plans.

    Call #3: Identify priorities & review risk assessment tool.

    Call #4: Build knowledge transfer roadmap. Determine logistics of implementation.

    Call #5: Determine logistics of implementation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is five to six calls.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Define the Current and Target State

    Identify Knowledge Priorities

    Build Knowledge Transfer Plans

    Define the Knowledge Transfer Roadmap

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Have knowledge transfer fireside chat.

    1.2 Identify current and target maturity.

    1.3 Identify knowledge transfer metrics

    1.4 Identify knowledge transfer project stakeholders

    2.1 Identify your knowledge sources.

    2.2 Complete a knowledge risk assessment.

    2.3 Identify knowledge sources’ level of knowledge risk.

    3.1 Build an interview guide.

    3.2 Interview knowledge holders.

    4.1 Prioritize the sequence of initiatives.

    4.2 Complete the project roadmap.

    4.3 Prepare communication presentation.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Organizational benefits and current pain points of knowledge transfer.
    2. Identification of target state of maturity.
    3. Metrics for knowledge transfer.
    4. Project stakeholder register.
    1. List of high risk knowledge sources.
    2. Departure analysis.
    3. Knowledge risk analysis.
    1. Knowledge transfer interview guide.
    2. Itemized knowledge assets.
    1. Prioritized sequence based on target state maturity goals.
    2. Project roadmap.
    3. Communication deck.

    Phase #1

    Initiate your IT knowledge transfer project

    Phase 1

    Phase 2

    Phase 3

    1.1 Obtain approval for project

    1.2 Identify knowledge and stakeholder risks

    2.1 Build knowledge transfer plans

    2.2 Build knowledge transfer roadmap

    3.1 Communicate your roadmap

    This phase will walk you through the following activities:

    • Hold a working session with key stakeholders.
    • Identify your current state of maturity for knowledge transfer.
    • Identify your target state of maturity for knowledge transfer.
    • Define key knowledge transfer metrics.
    • Identify your project team and their responsibilities.
    • Build the project charter and obtain approval.

    This phase involves the following participants:

    • IT Leadership
    • Other key stakeholders

    Step 1.1

    Obtain Approval for Your IT Knowledge Transfer Project

    Activities

    1.1.1 Hold a Working Session With Key Stakeholders

    1.1.2 Conduct a Current and Target State Analysis.

    1.1.3 Identify Key Metrics

    1.1.4 Identify Your Project Team

    1.1.5 Populate an RACI

    1.1.6 Build the Project Charter and Obtain Approval

    Initiate Your IT Knowledge Transfer Project

    The primary goal of this section is to gain a thorough understanding of the reasons why your organization should invest in knowledge transfer and to identify the specific challenges to address.

    Outcomes of this step

    Organizational benefits and current pain points of knowledge transfer

    Hold a working session with the key stakeholders to structure the project

    Don’t build your project charter in a vacuum. Involve key stakeholders to determine the desired knowledge transfer goals, target maturity and KPIs, and ultimately build the project charter.

    Building the project charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders up-front, which is key.

    In order to execute on the knowledge transfer project, you will need significant involvement from your IT leadership team. The trouble is that knowledge transfer can be inherently stressful for employees as it can cause concerns around job security. Members of your IT leadership team will also be individuals who need to participate in knowledge transfer, so get them involved upfront. The working session will help stakeholders feel more engaged in the project, which is pivotal for success.

    You may feel like a full project charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important regardless. No matter your current climate, some level of socializing the value and plans for knowledge transfer will be necessary.

    Meeting Agenda

    1. Short project introduction
    2. Led by: Project Sponsor

    • Why the project was initiated.
  • Make the case for the project
  • Led by: Project Manager

    • Current state: What project does the project address?
    • Future state: What is our target state of maturity?
  • Success criteria
  • Led by: Project Manager

    • How will success be measured?
  • Define the project team
  • Led by: Project Manager

    • Description of planned project approach.
    • Stakeholder assessment.
    • What is required of the sponsor and stakeholders?
  • Determine next steps
  • Led by: Project Manager

    1.1.1 Key Stakeholder Working Session

    Identify the pain points you’re experiencing with knowledge transfer and some of the benefits which you’d like to see from a program to determine the key objectives By doing so, you’ll get a holistic view of what you need to achieve.

    Collect this information by:

    1. Asking the working group participants (as a whole or in smaller groups) to discuss pain points created by ineffective knowledge transfer practices.
    • Challenges related to stakeholders.
    • Challenges created by process issues.
    • Issues achieving the intended outcome due to ineffective knowledge transfer.
    • Difficulties improving knowledge transfer practices.
  • Discussing opportunities to be gained from improving these practices.
  • Having participants write these down on sticky notes and place them on a whiteboard or flip chart.
  • Reviewing all the points as a group and grouping challenges and benefits into themes.
  • Having the group prioritize the risks and benefits in terms of what the solution “must have,” “should have,” “could have,” and “won’t have.”
  • Documenting this in the IT Knowledge Transfer Charter template.
  • Input Output
    • Reasons for the project
    • Stakeholder requirements
    • Pain point and risks
    • Identified next steps
    • Target state
    • Completed IT Knowledge Transfer Charter
    Materials Participants
    • Agenda (see previous slide)
    • Sticky notes (optional)
    • Pens (optional)
    • Whiteboard (optional
    • Markers (optional)
    • IT leadership

    Examples of Possible Pain Points

    • Employees have recently left or are preparing to leave the organization, and we worry that we don’t have their knowledge captured anywhere.
    • We previously had to cut down our IT department, and as a result there is a lack of redundancy for tasks. If someone leaves, we don’t have the information we need to continue operating effectively.
    • We’re worried that the IT department has no succession planning in place and that we’re opening ourselves up to risk.
    • It feels like we are losing productivity because the same problems are being solved multiple times, differently.
    • We’re worried that different employees have unique knowledge which is critical to performance, and that they are the only ones who know about it.
    • We’ve noticed that the processes people are using are different from the ones that are written down.
    • It feels like the IT department is constantly starting projects from scratch and employees aren’t leveraging each other’s information, which is causing inefficiencies.
    • It feels like new employees take too long to get up to speed.
    • We know that we have undocumented systems and more are being built each day.
    • We feel like we’re losing out on opportunities to innovate because we’re not sharing information, learning from others’ mistakes, or capitalizing on their successes.
    • We’ve noticed that staff don’t have a platform to share information on a regular basis. We believe if we brought that information together, we would be better able to improve customer service and drive product innovation.
    • We want to create a culture where employees are valued for their competencies and motivated to learn.
    • We value knowledge and the contributions of our team.

    1.1.2 Conduct a Current and Target State Analysis

    Identify your current and target state of maturity

    How to determine your current and target state of maturity:

    1. Provide the previous two slides with the details of the maturity assessment to the group, to review.
    2. Ask each participant to individually determine what they think is the IT team’s current state of maturity. After a few minutes, discuss as a group and come to an agreement.
    3. Review each of the benefits and timing for each of the maturity levels. Compare the benefits listed to those that you named in the previous exercise and determine which maturity level best describes your target state.
    4. Discuss as a group and agree on one maturity level.
    5. Review the other levels of maturity and determine what is in and out of scope for the project (hint: higher level benefits would be considered out of scope). Document this in the IT Knowledge Transfer Project Charter template.
    Input Output
    • Knowledge Transfer Maturity Level charts
    • Target maturity level documented in the IT Knowledge Transfer Charter
    Materials Participants
    • Paper and pens
    • Handouts of maturity levels
    • IT Leadership Team

    IT Knowledge Transfer Project Charter Template

    Info-Tech’s Knowledge Transfer Maturity Model

    Depending on the level of maturity you are trying to achieve, a knowledge transfer project could take weeks, months, or even years. Your maturity level depends on the business goal you would like to achieve, and impacts who and what your roadmap targets.

    The image contains a picture of Info-Tech's Knowledge Transfer Maturity Model. Level 0: Accidental, goal is not prioritized. Level 1: Stabilize, goal is risk mitigation. Level 2: Proactive, goal is operational efficiency. Level 3: Knowledge Culture, goal is innovation & customer service.

    Info-Tech Insight

    The maturity levels build on one another; if you start with a project, it is possible to move from a level 0 to a level 1, and once the project is complete, you can advance to a level 2 or 3. However, it’s important to set clear boundaries upfront to limit scope creep, and it’s important to set appropriate expectations for what the project will deliver.

    Knowledge Transfer Maturity Level: Accidental and Stabilize

    Goal

    Description

    Time to implement

    Benefits

    Level 0: Accidental

    Not Prioritized

    • No knowledge transfer process is present.
    • Knowledge transfer is completed in an ad hoc manner.
    • Some transfer may take place through exit interviews.

    N/A

    • Simple to implement and maintain.

    Level 1: Stabilize

    Risk Mitigation

    At level one, knowledge transfer is focused around ensuring that redundancies exist for explicit knowledge for:

    1. ALL high-risk knowledge.
    2. ALL high-risk stakeholders.

    Your high-risk knowledge is any information which is proprietary, unique, or specialized.

    High risk stakeholders are those individuals who are at a higher likelihood of departing the organization due to retirement or disengagement.

    0 – 6 months

    • Mitigates risks from talent leaving the organization.
    • Ensures business continuity through redundancies.
    • Provides stability to sustain high-performing services, and mitigates risks from service interruptions.

    Knowledge Transfer Maturity Level: Proactive and Knowledge Culture

    Goal

    Description

    Time to implement

    Benefits

    Level 2: Proactive

    Operational Efficiency

    Level 2 extends Level 1.

    Once stabilized, you can work on KT initiatives that allow you to be more proactive and cover high risk knowledge that may not be held by those see as high risk individuals.

    Knowledge transfer plans must exist for ALL high risk knowledge.

    3m – 1yr

    • Enhances productivity by reducing need to start projects from scratch.
    • Increases efficiency by tweaking existing processes with best practices.
    • Sees new employees become productive more quickly through targeted development planning.
    • Increases chance that employees will stay at the organization longer, if they can see growth opportunities.
    • Streamlines efficiencies by eliminating redundant or unnecessary processes.

    Level 3: Knowledge Culture

    Drive Innovation Through Knowledge

    Level 3 extends Level 2.

    • Knowledge Transfer covers explicit and tacit information throughout the IT organization.
    • The program should be integrated with leadership development and talent management.
    • Key metrics should be tied to process improvement, innovation, and customer service.

    1-2 years

    • Increases end-user satisfaction by leveraging the collective knowledge to solve repeat customer issues.
    • Drives product innovation through collaboration.
    • Increases employee engagement by recognizing and rewarding knowledge sharing.
    • Increases your ability to adapt to change and save time-to-market through increased learning.
    • Enables the development of new ideas through iteration.
    • Supports faster access to knowledge.

    Select project-specific KPIs

    Use the selected KPIs to track the value of knowledge transfer

    You need to ensure your knowledge transfer initiatives are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.

    Many organizations overlook the creation of KPIs for knowledge transfer because the benefits are often one step removed from the knowledge transfer itself. However, there are several metrics you can use to measure success.

    Hint: Metrics will vary based on your knowledge transfer maturity goals.

    Metrics For Knowledge Transfer

    Creating KPIs for knowledge transfer is a crucial step that many organizations overlook because the benefits are often one step removed from the knowledge transfer itself. However, there are several qualitative and quantitative metrics you can use to measure success depending on your maturity level goals.

    Stabilize

    • Number of high departure risk employees identified.
    • Number of high-risk employees without knowledge transfer plans.
    • Number of post-retirement knowledge issues.

    Be Proactive

    • Number of issues arising from lack of redundancy.
    • Percentage of high-risk knowledge items without transfer plans.
    • Time required to get new employees up to speed.

    Promote Knowledge Culture

    • Percentage of returned deliverables for rework.
    • Percentage of errors repeated in reports.
    • Number of employees mentoring their colleagues.
    • Number of issues solved through knowledge sharing.
    • Percentage of employees with knowledge transfer/development plans.

    1.1.3 Identify Key Metrics

    Identify key metrics the organization will use to measure knowledge transfer success

    How to determine knowledge transfer metrics:

    1. Assign each participant 1-4 of the desired knowledge transfer benefits and pain points which you identified as priorities.
    2. Independently have them brainstorm how they would measure the success of each, and after 10 minutes, present their thoughts to the group.
    3. Write each of the metric suggestions on a whiteboard and agree to 3-5 benefits which you will track. The metrics you choose should relate to the key pain points you have identified and match your desired maturity level.
    InputOutput
    • Knowledge transfer pain points and benefits
    • 3-5 key metrics to track
    MaterialsParticipants
    • Whiteboard
    • IT Leadership Team

    Identify knowledge transfer project team

    Determine Project Participants

    Pick a Project Sponsor

    • The project participants are the IT managers and directors whose day-to-day lives will be impacted by the knowledge transfer roadmap and its implementation.
    • These individuals will be your roadmap ream and will help with planning. Most of these individuals should be in the workshop, but ensure you have everyone covered. Some examples of individuals you should consider for your team are:
      • Director/Manager Level:
        • Applications
        • Infrastructure
        • Operations
      • Service Delivery Managers
      • Business Relationship Managers
    • The project sponsor should be a member of your IT department’s senior executive team whose goals and objectives will be impacted by knowledge transfer implementation.
      • This is the person you will get to sign-off on the project charter document.
    The image contains a triangle that has been split into three parts. The top section is labelled: Project Sponsor, middle section: Project Participants, and the bottom is labelled Project Stakeholders.

    The project sponsor is the main catalyst for the creation of the roadmap. They will be the one who signs off on the project roadmap.

    The Project Participants are the key stakeholders in your organization whose input will be pivotal to the creation of the roadmap.

    The project stakeholders are the senior executives who have a vested interest in knowledge transfer. Following completion of this workshop, you will present your roadmap to these individuals for approval.

    1.1.4 Identify Your Project Team

    How to define the knowledge transfer project team:

    1. Through discussion, generate a complete list of key stakeholders, considering each of the roles indicated in the chart on the Key Project Management Stakeholders slide. Write their names on a whiteboard.
    2. Using the quadrant template on the next slide, draw the stakeholder power map.
    3. Evaluate each stakeholder on the list based on their level of influence and support of the project. Write the stakeholder’s name on a sticky note and place it in the appropriate place on the grid.
    4. Create an engagement plan based on the stakeholder’s placement.
    5. Use Info-Tech’s Project Stakeholder Register Template to identify and document your project management stakeholders.

    Project Stakeholder Register Template

    Input Output
    • Initial stakeholder analysis
    • Complete list of project participants.
    • Complete project stakeholder register.
    Materials Participants
    • Whiteboard / Flip chart
    • Markers / Pens
    • Project Stakeholder Register Template
    • IT Leadership Team
    • Other stakeholders

    Have a strategic approach for engaging stakeholders to help secure buy-in

    If your IT leadership team isn’t on board, you’re in serious trouble! IT leaders will not only be highly involved in the knowledge transfer project, but they also may be participants, so it’s essential that you get their buy-in for the project upfront.

    Document the results in the Project Stakeholder Register Template; use this as a guide to help structure your communication with stakeholders based on where they fall on the grid.

    How to Manage:

    Focus on increasing these stakeholders’ level of support!

    1. Have a one-on-one meeting to seek their views on critical issues and address concerns.
    2. Identify key pain points they have experienced and incorporate these in the project goal statements.
    3. Where possible, leverage KT champions to help encourage support.
    The image contains a small graph to demonstrate the noise makers, the blockers, the changers, and the helpers.

    Capitalize on champions to drive the project/change.

    1. Use them for internal PR of the objectives and benefits.
    2. Ask them what other stakeholders can be leveraged.
    3. Involve them early in creating project documents.

    How to Manage:

    How to Manage:

    Pick your battles – focus on your noise makers first, and then move on to your blockers.

    1. Determine the level of involvement the blockers will have in the project (i.e. what you will need from them in the future) and determine next steps based on this (one-on-one meeting, group meeting, informal communication, or leveraging helpers/ champions to encourage them).

    Leverage this group where possible to help socialize the program and to help encourage dissenters to support.

    1. Mention their support in group settings.
    2. Focus on increasing their understanding via informal communication.

    How to Manage:

    Key Project Management Stakeholders

    Role

    Project Role

    Required

    CIO

    Will often play the role of project sponsor and should be involved in key decision points.

    IT Managers Directors

    Assist in the identification of high-risk stakeholders and knowledge and will be heavily involved in the development of each transfer plan.

    Project Manager

    Should be in charge of leading the development and execution of the project.

    Business Analysts

    Responsible for knowledge transfer elicitation analysis and validation for the knowledge transfer project.

    Situational

    Technical Lead

    Responsible for solution design where required for knowledge transfer tactics.

    HR

    Will aid in the identification of high-risk stakeholders or help with communication and stakeholder management.

    Legal

    Organizations that are subject to knowledge confidentiality, Sarbanes-Oxley, federal rules, etc. may need legal to participate in planning.

    Ensure coverage of all project tasks

    Populate a Project RACI (Responsible, Accountable, Consulted, Informed) chart

    Apps MGR

    Dev. MGR

    Infra MGR

    Build the project charter

    R

    R

    I

    Identify IT stakeholders

    R

    R

    I

    Identify high risk stakeholders

    R

    A

    R

    Identify high risk knowledge

    I C C

    Validate prioritized stakeholders

    I C R

    Interview key stakeholders

    R R A

    Identify knowledge transfer tactics for individuals

    C C A

    Communicate knowledge transfer goals

    C R A

    Build the knowledge transfer roadmap

    C R A

    Approve knowledge transfer roadmap

    C R C

    1.1.5 Populate an RACI

    Populate a RACI chart to identify who should be responsible, accountable, consulted, and informed for each key activity.

    How to define RACI for the project team:

    1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key project steps along the left-hand side (use this list as a starting point).
    2. For each initiative, identify each team member’s role. Are they:
    3. Responsible: The one responsible for getting the job done.

      Accountable: Only one person can be accountable for each task.

      Consulted: Involvement through input of knowledge and information.

      Informed: Receiving information about process execution and quality.

    4. As you proceed through the project, continue to add tasks and assign responsibility to the RACI chart on the next slide.
    InputOutput
    • Stakeholder list
    • Key project steps
    • Project RACI chart
    MaterialsParticipants
    • Whiteboard
    • IT Leadership Team

    1.1.6 Build the Project Charter and Obtain Sign-off

    Complete the IT knowledge transfer project charter.

    Build the project charter and obtain sign-off from your project sponsor. Use your organization’s project charter if one exists. If not, customize Info-Tech’s IT Knowledge Transfer Project Charter Template to suit your needs.

    The image contains a screenshot of the IT knowledge transfer project charter template.

    IT Knowledge Transfer Project Charter Template

    Step 1.2

    Identify Your Knowledge and Stakeholder Risks

    Activities

    1.2.1 Identify Knowledge Sources

    1.2.2 Complete a Knowledge Risk Assessment

    1.2.3 Review the Prioritized List of Knowledge Sources

    The primary goal of this section is to identify who your primary risk targets are for knowledge transfer.

    Outcomes of this step

    • A list of your high-risk knowledge sources
    • Departure analysis
    • Knowledge risk analysis

    Prioritize your knowledge transfer initiatives

    Throughout this section, we will walk through the following 3 activities in the tool to determine where you need to focus attention for your knowledge transfer roadmap based on knowledge value and likelihood of departure.

    1. Identify Knowledge Sources

    Create a list of knowledge sources for whom you will be conducting the analysis, and identify which sources currently have a transfer plan in place.

    2. Value of Knowledge

    Consider the type of knowledge held by each identified knowledge source and determine the level of risk based on the knowledge:

    1. Criticality
    2. Availability

    3. Likelihood of Departure

    Identify the knowledge source’s risk of leaving the organization based on their:

    1. Age cohort
    2. Engagement level

    This tool contains sensitive information. Do not share this tool with knowledge sources. The BA and Project Manager, and potentially the project sponsor, should be the only ones who see the completed tool.

    The image contains screenshots from the Knowledge Risk Assessment Tool.

    Focus on key roles instead of all roles in IT

    Identify Key Roles

    Hold a meeting with your IT Leadership team, or meet with members individually, and ask these questions to identify key roles:

    • What are the roles that have a significant impact on delivering the business strategy?
    • What are the key differentiating roles for our IT organization?
    • Which roles, if vacant, would leave the organization open to non-compliance with regulatory or legal requirements?
    • Which roles have a direct impact on the customer?
    • Which roles, if vacant, would create system, function, or process failure for the organization?

    Key roles include:

    • Strategic roles: Roles that give the greatest competitive advantage. Often these are roles that involve decision-making responsibility.
    • Core roles: Roles that must provide consistent results to achieve business goals.
    • Proprietary roles: Roles that are tied closely to unique or proprietary internal processes or knowledge that cannot be procured externally. These are often highly technical or specialized.
    • Required roles: Roles that support the department and are required to keep it moving forward day-to-day.
    • Influential roles: Positions filled by employees who are the backbone of the organization, i.e. the go-to people who are the corporate culture.

    Info-Tech Insight

    This step is meant to help speed up and simplify the process for large IT organizations. IT organizations with fewer than 30 people, or organizations looking to build a knowledge culture, can opt to skip this step and include all members of the IT team. This way, everyone is considered and you can prioritize accordingly.

    1.2.1 Identify Key Knowledge Sources

    1. Identify key roles, as shown on the previous slide. This can be done by brainstorming names on sticky notes and placing them on a whiteboard.
    2. Document using IT Knowledge Transfer Risk Assessment Tool Tab 2. Input with first name, last name, department/ IT area, and manager of each identified Knowledge Source.
    3. Also answer the question of whether the Knowledge Source currently has a knowledge transfer plan in place.
    • Not in place
    • Partially in place
    • In place
  • Conduct sanity check: once you have identified key roles, ask – “did we miss anybody?”
  • InputOutput
    • Employee list
    • List of knowledge sources for IT
    MaterialsParticipants
    • IT Knowledge Transfer Risk Assessment Tool.
    • IT Leadership Team

    IT Knowledge Transfer Risk Assessment Tool

    Document key knowledge sources (example)

    Use information about the current state of knowledge transfer plans in your organization to understand your key risks and focus areas.

    The image contains a screenshot of the knowledge source.

    Legend:

    1. Document knowledge source information (name, department, and manager).

    2. Select the current state of knowledge transfer plans for each knowledge source.

    Once you have identified key roles, conduct a sanity check and ask – “did we miss anybody?” For example:

    • There are three systems administrators. One of them, Joe, has been with the organization for 15 years.
    • Joe’s intimate systems knowledge and long-term relationship with one of the plant systems vendors has made him a go-to person during times of operational systems crisis and has resulted in systems support discounts.
    • While the systems administrator role by itself is not considered key (partly due to role redundancy), Joe is a key person to flag for knowledge transfer activities as losing him would make achieving core business goals more difficult.

    Case Study

    Municipal government learns the importance of thorough knowledge source identification after losing key stakeholder

    INDUSTRY: Government

    Challenge

    Solution

    Results

    • A municipal government was introducing a new integration project that was led by their controller.
    • The controller left abruptly, and while the HR department conducted an exit interview, they didn’t realize until after the individual had left how much information was lost.
    • Nobody knew the information needed to complete the integration, so they had to make do with what they had.
    • The Director of IT at the time was the most familiar with the process.
    • Even though she would not normally do this type of project, at the time she was the only person with knowledge of the process and luckily was able to complete the integration.
    • The Director of IT had to put other key projects on hold, and lost productivity on other prioritized work.
    • The organization realized how much they were at risk and changed how they approached knowledge. They created a new process to identify “single point of failures” and label people as high risk. These processes started with the support organization’s senior level key people to identify their processes and record everything they do and what they know.

    Identify employees who may be nearing retirement and flag them as high risk

    Risk Parameter

    Description

    How to Collect this Data:

    Age Cohort

    • 60+ years of age or older, or anyone who has indicated they will be retiring within five years (highest risk).
    • Employees in their early 50s: are still many years away from retirement but have a sufficient number of years remaining in their career to make a move to a new role outside of your organization.
    • Employees in their late 50s: are likely more than five years away from retirement but are less likely than younger employees to leave your organization for another role because of increasing risk in making such a move, and persistent employer unwillingness to hire older employees.
    • Employees under 50: should never be considered low risk only based on age – which is why the second component of stakeholder risk is engagement.

    For those people on your shortlist, pull some hard demographic data.

    Compile a report that breaks down employees into age-based demographic groups.

    Flag those over the age of 50 – they’re in the “retirement zone” and could decide to leave at any time.

    Check to see which stakeholders identified fall into the “over 50” age demographic.

    Document this information in the IT Knowledge Transfer Risk Assessment Tool.

    Info-Tech Insight

    150% of an employee’s base salary and benefits is the estimated cost of turnover according to The Society of Human Resource Professionals.1

    1McLean & Company, Make the Case for Employee Engagement

    Identify disengaged employees who may be preparing to leave the organization

    Risk Parameter

    Description

    How to Collect this Data:

    Engagement

    An engaged stakeholder is energized and passionate about their work, leading them to exert discretionary effort to drive organizational performance (lowest risk).

    An almost engaged stakeholder is generally passionate about their work. At times they exert discretionary effort to help achieve organizational goals.

    Indifferent employees are satisfied, comfortable, and generally able to meet minimum expectations. They see their work as “just a job,” prioritizing their needs before organizational goals.

    Disengaged employees have little interest in their job and the organization and often display negative attitudes (highest risk).

    Option 1:

    The optimal approach for determining employee engagement is through an engagement survey. See McLean & Company for more details.

    Option 2:

    Ask the identified stakeholder’s manager to provide an assessment of their engagement either independently or via a meeting.

    Info-Tech Insight

    Engaged employees are five times more likely than disengaged employees to agree that they are committed to their organization.1

    1Source: McLean & Company, N = 13683

    The level of risk of the type of information is defined by criticality and availability

    Risk Parameter

    Description

    How to Collect this Data:

    Criticality

    Roles that are critical to the continuation of business and cannot be left vacant without risking business operations. Would the role, if vacant, create system, function, or process failure for the organization?

    Option 1: (preferred)

    Meet with IT managers/directors over the phone or directly and review each of the identified reports to determine the risk.

    Option 2: Send the IT mangers/directors the list of their direct reports, and ask them to evaluate their knowledge type risk independently and return the information to you.

    Option 3: (if necessary) Review individual job descriptions independently, and use your judgment to come up with a rating for each. Send the assessment to the stakeholders’ managers for validation.

    Availability

    Refers to level of redundancy both within and outside of the organization. Information which is highly available is considered lower risk. Key questions to consider include: does this individual have specialized, unique, or proprietary expertise? Are there internal redundancies?

    1.2.2 Complete a Knowledge Risk Assessment

    Complete a Tab 3 assessment for each of your identified Knowledge Sources. The Knowledge Source tab will pre-populate with information from Tab 2 of the tool. For each knowledge source, you will determine their likelihood of departure and degree of knowledge risk.

    Likelihood of departure:

    1. Document the age cohort risk for each knowledge source on Tab 3 of the IT Knowledge Transfer Risk Assessment Tool. Age Cohort: Under 50, 51-55, 56-60, or over 60.
    2. Document the engagement risk for each knowledge source on Tab 3, “Assessment”, of the IT Knowledge Transfer Risk Assessment Tool. Engagement level: Engaged, Almost engaged, Indifferent employees, Disengaged.
    3. Degree of knowledge risk is based on:

    4. Document the knowledge type risk for each stakeholder on Tab 3, “Assessment” in the IT Knowledge Transfer Risk Assessment Tool.
    • Criticality: Would the role, if vacant, create system, function, or process failure for the organization?
    • Availability: Does this individual have specialized, unique, or proprietary expertise? Are there internal redundancies?
    Input Output
    • Knowledge source list (Tab 2)
    • Employee demographics information
    • List of high-risk knowledge sources
    Materials Participants
    • Sticky notes
    • Pens
    • Whiteboard
    • Marker
    • IT Leadership Team
    • HR

    IT Knowledge Transfer Risk Assessment Tool

    Results matrix

    The image contains a screenshot of risk assessment. The image contains a matrix example from tab 4.

    Determine where to focus your efforts

    The IT Knowledge Transfer Map on Tab 5 helps you to determine where to focus your knowledge transfer efforts

    Knowledge sources have been separated into the three maturity levels (Stabilize, Proactive, and Knowledge Culture) and prioritized within each level.

    Focus first on your stabilize groups, and based on your target maturity goal, move on to your proactive and knowledge culture groups respectively.

    The image contains a screenshot of the IT Knowledge Transfer Map on tab 5.

    Sequential Prioritization

    Orange line Level 1: Stabilize

    Blue Line Level 2: Proactive

    Green Line Level 3: Knowledge Culture

    Each pie chart indicates which of the stakeholders in that risk column currently has knowledge transfer plans.

    Each individual also has their own status ball on whether they currently have a knowledge transfer plan.

    1.2.3 Review the Prioritized List

    Review results

    Identify knowledge sources to focus on for the knowledge transfer roadmap. Review the IT Knowledge Transfer Map on Tab 5 to determine where to focus your knowledge transfer efforts

    1. Show the results from the assessment tool.
    2. Discuss matrix and prioritized list.
    • Does it match with maturity goals?
    • Do prioritizations seem correct?
    InputOutput
    • Knowledge source risk profile
    • Risk Assessment (Tab 3)
    • Prioritized list of knowledge sources to focus on for the knowledge transfer roadmap
    MaterialsParticipants
    • n/a
    • IT Knowledge Transfer Risk Assessment Tool
    • IT Leadership Team

    IT Knowledge Transfer Risk Assessment Tool

    Phase #2

    Design your knowledge transfer plans

    Phase 1

    Phase 2

    Phase 3

    1.1 Obtain approval for project

    1.2 Identify knowledge and stakeholder risks

    2.1 Build knowledge transfer plans

    2.2 Build knowledge transfer roadmap

    3.1 Communicate your roadmap

    This phase will walk you through the following activities:

    • Building knowledge transfer plans for all prioritized knowledge sources.
    • Understanding which transfer tactics are best suited for different knowledge types.
    • Identifying opportunities to leverage collaboration tools for knowledge transfer.

    This phase involves the following participants:

    • IT Leadership
    • Other key stakeholders
    • Knowledge sources

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don’t know what you don’t know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the “knowledge type” (information, process, skills, and expertise), knowledge sources’ engagement level, and the knowledge receiver in mind as you select tactics.

    Determine knowledge transfer tactics

    Determine tactics for each stakeholder based on qualities of their specific knowledge.

    This tool is built to accommodate up to 30 knowledge items; Info-Tech recommends focusing on the top 10-15 items.

    1. Send documents to each manager. Include:
    • a copy of this template.
    • interview guide.
    • tactics booklet.
  • Instruct managers to complete the template for each knowledge source and return it to you.
  • These steps should be completed by the BA or IT Manager. The BA is helpful to have around because they can learn about the tactics and answer any questions about the tactics that the managers might have when completing the template.

    The image contains a screenshot of the Knowledge Source's Name.

    IT Knowledge Transfer Plan Template

    Step 2.1

    Build Your Knowledge Transfer Plans

    Activities

    2.1.1 Interview Knowledge Sources to Uncover Key Knowledge Items

    2.1.2 Identify When to use Knowledge Transfer Tactics

    2.1.3 Build Individual Knowledge Transfer Plans

    The primary goal of this section is to build an interview guide and interview knowledge sources to identify key knowledge assets.

    Outcomes of this step

    • Knowledge Transfer Interview Guide
    • Itemized knowledge assets
    • Completed knowledge transfer plans

    2.1.1 Interview Knowledge Sources

    Determine key knowledge items

    The first step is for managers to interview knowledge sources in order to extract information about the type of knowledge the source has.

    Meet with the knowledge sources and work with them to identify essential knowledge. Use the following questions as guidance:

    1. What are you an expert in?
    2. What do others ask you for assistance with?
    3. What are you known for?
    4. What are key responsibilities you have that no one else has or knows how to do?
    5. Are there any key systems, processes, or applications which you’ve taken the lead on?
    6. When you go on vacation, what is waiting for you in your inbox?
    7. If you went on vacation, would there be any systems that, if there was a failure, you would be the only one who knows how to fix?
    8. Would you say that all the key processes you use, or tools, codes etc. are documented?
    Input Output
    • Knowledge type information
    • Prioritized list of key knowledge sources.
    • Knowledge activity information
    • What are examples of good use cases for the technique?
    • Why would you use this technique over others?
    • Is this technique suitable for all projects? When wouldn’t you use it?
    Materials Participants
    • Interview guide
    • Pen
    • Paper
    • IT Leadership Team
    • Knowledge sources

    IT Knowledge Identification Interview Guide Template

    2.1.2 Understand Knowledge Transfer Tactics

    Understand when and how to use different knowledge transfer tactics

    1. Break the workshop participants into teams. Assign each team two to four knowledge transfer tactics and provide them with the associated handout(s) from the following slides. Using the material provided, have each team brainstorm around the following questions:
      1. What types of information can the technique be used to collect?
      2. What are examples of good use cases for the technique?
      3. Why would you use this technique over others?
      4. Is this technique suitable for all projects? When wouldn’t you use it?
    2. Have each group present their findings from the brainstorming to the group.
    3. Once everyone has presented, have the groups select which tactics they would be interested in using and which ones they would not want to use by putting green and red dots on each.
    4. As a group, confirm the list of tactics you would be interested in using and disqualify the others.
    Input Output
    • List of knowledge tactics to utilize.
    Materials Participants
    • Knowledge transfer tactics handouts
    • Flip chart paper
    • Markers
    • Green and red dot stickers
    • IT Leadership Team
    • Project team

    Knowledge Transfer Tactics:

    Interviews

    Interviews provide an opportunity to meet one-on-one with key stakeholders to document key knowledge assets. Interviews can be used for explicit and tacit information, and in particular, capture processes, rules, coding information, best practices, etc.

    Benefits:

    • Good bang-for-your-buck interviews are simple to conduct and can be used for all types of knowledge.
    • Interviews can obtain a lot of information in a relatively short period of time.
    • Interviews help make tacit knowledge more explicit through effective questioning.
    • They have highly flexible formatting as interviews can be conducted in person, over the phone, or by email.

    How to get started:

    1. Have the business analyst (BA) review the employee’s knowledge transfer plan and highlight the areas to be discussed in the interview.
    2. The BA will then create an interview guide detailing key questions which would need to be asked to ascertain the information.
    3. Schedule a 30-60 minute interview. When complete, document the interview and key lessons learned. Send the information back to the interviewee for validation of what was discussed.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development: Minimal

    Duration: Annual

    Participants

    Business analysts

    Knowledge source

    Materials

    Interview guide

    Notepad

    Pen

    Knowledge Transfer Tactics:

    Process Mapping

    Business process mapping refers to building a flow chart diagram of the sequence of actions which defines what a business does. The flow chart defines exactly what a process does and the specific succession of steps including all inputs, outputs, flows, and linkages. Process maps are a powerful tool to frame requirements in the context of the complete solution.

    Benefits:

    • They are simple to build and analyze; most organizations and users are familiar with flow diagrams, making them highly usable.
    • They provide an end-to-end picture of a process.
    • They’re ideal for gathering full and detailed requirements of a process.
    • They include information around who is responsible, what they do, when, where it occurs, triggers, to what degree, and how often it occurs.
    • They’re great for legacy systems.

    How to get started:

    1. Have the BA prepare beforehand by doing some preliminary research on the purpose of the process, and the beginning and end points.
    2. With the knowledge holder, use a whiteboard and identify the different stakeholders who interact with the process, and draw swim lanes for each.
    3. Together, use sticky notes and/or dry erase markers etc. to draw out the process.
    4. When you believe you’re complete, start again from the beginning and break the process down to more details.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development: Minimal

    Duration: Annual

    Participants

    Business analysts

    Knowledge source

    Materials

    Whiteboard / flip-chart paper

    Marker

    Knowledge Transfer Tactics:

    Use Cases

    Use case diagrams are a common transfer tactic where the BA maps out step-by-step how an employee completes a project or uses a system. Use cases show what a system or project does rather than how it does it. Use cases are frequently used by product managers and developers.

    Benefits:

    • Easy to draw and understand.
    • Simple way to digest information.
    • Can get very detailed.
    • Should be used for documenting processes, experiences etc.
    • Initiation and brainstorming.
    • Great for legacy systems.

    How to get started:

    1. The BA will schedule a 30-60 minute in-person meeting with the employee, draw a stick figure on the left side of the board, and pose the initial question: “If you need to do X, what is your first step?” Have the stakeholder go step-by-step through the process until the end goal. Draw this process across the whiteboard. Make sure you capture the triggers, causes of events, decision points, outcomes, tools, and interactions.
    2. Starting at the beginning of the diagram, go through each step again and ask the employee if the step can be broken down into more granular steps. If the answer is yes, break down the use case further.
    3. Ask the employee if there are any alternative flows that people could use, or any exceptions. If there are, map these out on the board.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development: Minimal

    Duration: Annual

    Participants

    Business analysts

    Knowledge source

    Materials

    Whiteboard / flip-chart paper

    Marker

    Knowledge Transfer Tactics:

    Job Shadow

    Job shadowing is a working arrangement where the “knowledge receiver” learns how to do a job by observing an experienced employee complete key tasks throughout their normal workday.

    Benefits:

    • Low cost and minimal effort required.
    • Helps employees understand different elements of the business.
    • Helps build relationships.
    • Good for knowledge holders who are not great communicators.
    • Great for legacy systems.

    How to get started:

    1. Determine goals and objectives for the knowledge transfer, and communicate these to the knowledge source and receiver.
    2. Have the knowledge source identify when they will be performing a particular knowledge activity and select that day for the job shadow. If the information is primarily experience, select any day which is convenient.
    3. Ask the knowledge receiver to shadow the source and ask questions whenever they have them.
    4. Following the job shadow, have the knowledge receiver document what they learned that day and file that information.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: N/A

    Process Development:Required

    Duration:Ongoing

    Participants

    BA

    IT manager

    Knowledge source and receiver

    Materials

    N/A

    Knowledge Transfer Tactics:

    Peer Assist

    Meeting or workshop where peers from different teams share their experiences and knowledge with individuals or teams that require help with a specific challenge or problem.

    Benefits:

    • Improves productivity through enhanced problem solving.
    • Encourages collaboration between teams to share insight, and assistance from people outside your team to obtain new possible approaches.
    • Promotes sharing and development of new connections among different staff, and creates opportunities for innovation.
    • Can be combined with Action Reviews.

    How to get started:

    1. Create a registry of key projects that different individuals have solved. Where applicable, leverage the existing work done through action reviews.
    2. Create and communicate a process for knowledge sources and receivers to reach out to one another. Email or social collaboration platforms are the most common.
    3. The source may then reply with documentation or a peer can set up an interview to discuss.
    4. Information should be recorded and saved on a corporate share drive with appropriate metadata to ensure ease of search.
    5. See Appendix for further details.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Minimal

    Technology Support: N/A

    Process Development:Required

    Duration:Ongoing

    Participants

    Knowledge sources

    Knowledge receiver

    BA to build a skill repository

    Materials

    Intranet

    Knowledge Transfer Tactics:

    Transition Workshop

    A half- to full-day exercise where an outgoing leader facilitates a knowledge transfer of key insights they have learned along the way and any high-profile knowledge they may have.

    Benefits:

    • Accelerates knowledge transfer following a leadership change.
    • Ensures business continuity.
    • New leader gets a chance to understand the business drivers behind team decisions and skills of each member.
    • The individuals on the team learn about the new leader’s values and communication styles.

    How to get started:

    1. Outgoing leader organizes a one-time session where they share information with the team (focus on tacit knowledge, such as team successes and challenges) and team can ask questions.
    2. Incoming leader and remaining team members share information about norms, priorities, and values.
    3. Document the information.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: Some

    Process Development: Some

    Duration:Ongoing

    Participants

    IT leader

    Incoming IT team

    Key stakeholders

    Materials

    Meeting space

    Video conferencing (as needed)

    Knowledge Transfer Tactics:

    Action Review

    Action Review is a team-based discussion at the end of a project or step to review how the activity went and what can be done differently next time. It is ideal for transferring expertise and skills.

    Benefits:

    • Learning is done during and immediately after the project so that knowledge transfer happens quickly.
    • Results can be shared with other teams outside of the immediate members.
    • Makes tacit knowledge explicit.
    • Encourages a culture where making mistakes is OK, but you need to learn from them.

    How to get started:

    1. Hold an initial meeting with IT teams to inform them of the action reviews. Create an action review goals statement by working with IT teams to discuss what they hope to get out of the initiative.
    2. Ask project teams to present their work and answer the following questions:
      1. What was supposed to happen?
      2. What actually happened?
      3. Why were there differences?
      4. What can we learn and do differently next time?
    3. Have each individual or group present, record the meeting minutes, and send the details to the group for future reference. Determine a share storage place on your company intranet or shared drive for future reference.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training:Minimal

    Technology Support: Minimal

    Process Development: Some

    Duration:Ongoing

    Participants

    IT unit/group

    Any related IT stakeholder impacted by or involved in a project.

    Materials

    Meeting space

    Video conferencing (as needed)

    Knowledge Transfer Tactics:

    Mentoring

    Mentoring can be a formal program where management sets schedules and expectations. It can also be informal through an environment for open dialogue where staff is encouraged to seek advice and guidance, and to share their knowledge with more novice members of the organization.

    Benefits:

    • Speeds up learning curves and helps staff acclimate to the organizational culture.
    • Communicates organizational values and appropriate behaviors, and is an effective way to augment training efforts.
    • Leads to higher engagement by improving communication among employees, developing leadership, and helping employees work effectively.
    • Improves succession planning by preparing and grooming employees for future roles and ensuring the next wave of managers is qualified.

    How to get started:

    1. Have senior management define the goals for a mentorship program. Depending on your goals, the frequency, duration, and purpose for mentorship will change. Create a mission statement for the program.
    2. Communicate the program with mentors and mentees and define what the scope of their roles will be.
    3. Implement the program and measure success.

    Creating a mentorship program is a full project in itself. For full details on how to set up a mentorship program, see McLean & Company’s Build a Mentoring Program.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: N/a

    Process Development:Required

    Duration:Ongoing

    Participants

    IT unit/group

    Materials

    Meeting space

    Video conferencing (as needed)

    Documentation

    Knowledge Transfer Tactics:

    Story Telling

    Knowledge sources use anecdotal examples to highlight a specific point and pass on information, experience, and ideas through narrative.

    Benefits:

    • Provides context and transfers expertise in a simple way between people of different contexts and background.
    • Illustrates a point effectively and makes a lasting impression.
    • Helps others learn from past situations and respond more effectively in future ones.
    • Can be completed in person, through blogs, video or audio recordings, or case studies.

    How to get started:

    1. Select a medium for how your organization will record stories, whether through blogs, video or audio recordings, or case studies. Develop a template for how you’re going to record the information.
    2. Integrate story telling into key activities – project wrap-up, job descriptions, morning meetings, etc.
    3. Determine the medium for retaining and searching stories.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Required

    Technology Support: Some

    Process Development:Required

    Duration:Ongoing

    Participants

    Knowledge source

    Knowledge receiver

    Videographer (where applicable)

    Materials

    Meeting space

    Video conferencing (as needed)

    Documentation

    Knowledge Transfer Tactics:

    Job Share

    Job share exists when at least two people share the knowledge and responsibilities of two job roles.

    Benefits:

    • Reduces the risk of concentrating all knowledge in one person and creating a single point of failure.
    • Increases the number of experts who hold key knowledge that can be shared with others, i.e. “two heads are better than one.”
    • Ensures redundancies exist for when an employee leaves or goes on vacation.
    • Great for getting junior employees up to speed on legacy system functionality.
    • Results in more agile teams.
    • Doubles the amount of skills and expertise.

    How to get started:

    1. Determine which elements of two individuals’ job duties could be shared by two people. Before embarking on a job share, ensure that the two individuals will work well together as a team and individually.
    2. Establish a vision, clear values, and well-defined roles, responsibilities, and reporting relationships to avoid duplication of effort and confusion.
    3. Start with a pilot group of employees who are in support of the initiative, track the results, and make adjustments where needed.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training: Some

    Technology Support: Minimal

    Process Development:Required

    Duration:Ongoing

    Participants

    IT manager

    HR

    Employees

    Materials

    Job descriptions

    Knowledge Transfer Tactics:

    Communities of Practice

    Communities of practice are working groups of individuals who engage in a process of regularly sharing information with each other across different parts of the organization by focusing on common purpose and working practices. These groups meet on a regular basis to work together on problem solving, to gain information, ask for help and assets, and share opinions and best practices.

    Benefits:

    • Supports a collaborative environment.
    • Creates a sense of community and positive working relationships, which is a key driver for engagement.
    • Encourages creative thinking and support of one another.
    • Facilitates transfer of wide range of knowledge between people from different specialties.
    • Fast access to information.
    • Multiple employees hear the answers to questions and discussions, resulting in wider spread knowledge.
    • Can be done in person or via video conference, and is best when supported by social collaboration tools.

    How to get started:

    1. Determine your medium for these communities and ensure you have the needed technology.
    2. Develop training materials, and a rewards and recognition process for communities.
    3. Have a meeting with staff, ask them to brainstorm a list of different key “communities,” and ask staff to self select into communities.
    4. Have the communities determine the purpose statement for each group, and set up guidelines for functionality and uses.

    Knowledge Types

    Information

    Process

    Skills

    Expertise

    Dependencies

    Training:Required

    Technology Support: Required

    Process Development:Required

    Duration:Ongoing

    Participants

    Employees

    BA (to assist in establishing)

    IT managers (rewards and recognition)

    Materials

    TBD

    The effectiveness of each knowledge transfer tactic varies based on the type of knowledge you are trying to transfer

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared to four different knowledge types.

    Not all techniques are effective for types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Very strong = Very effective

    Strong = Effective

    Medium = Somewhat effective

    Weak = Minimally effective

    Very weak = Not effective

    Knowledge Type

    Tactic

    Explicit

    Tacit

    Information

    Process

    Skills

    Expertise

    Interviews

    Very strong

    Strong

    Strong

    Strong

    Process mapping

    Medium

    Very strong

    Very weak

    Very weak

    Use cases

    Medium

    Very strong

    Very weak

    Very weak

    Job shadow

    Very weak

    Medium

    Very strong

    Very strong

    Peer assist

    Strong

    Medium

    Very strong

    Very strong

    Action review

    Medium

    Medium

    Strong

    Weak

    Mentoring

    Weak

    Weak

    Strong

    Very strong

    Transition workshop

    Strong

    Strong

    Strong

    Strong

    Story telling

    Weak

    Weak

    Strong

    Very strong

    Job share

    Weak

    Weak

    Very strong

    Very strong

    Communities of practice

    Strong

    Weak

    Very strong

    Very strong

    Consider your stakeholders’ level of engagement prior to selecting a knowledge transfer tactic

    Level of Engagement

    Tactic

    Disengaged/ Indifferent

    Almost Engaged - Engaged

    Interviews

    Yes

    Yes

    Process mapping

    Yes

    Yes

    Use cases

    Yes

    Yes

    Job shadow

    No

    Yes

    Peer assist

    Yes

    Yes

    Action review

    Yes

    Yes

    Mentoring

    No

    Yes

    Transition workshop

    Yes

    Yes

    Story telling

    No

    Yes

    Job share

    Maybe

    Yes

    Communities of practice

    Maybe

    Yes

    When considering which tactics to employ, it’s important to consider the knowledge holder’s level of engagement. Employees whom you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It’s essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what’s in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk. Their negativity could influence others not to participate as well or negate the work you’re doing to create a positive knowledge sharing culture.

    Consider using collaboration tools as a medium for knowledge transfer

    There is a wide variety of different collaboration tools available to enable interpersonal and team connections for work-related purposes. Familiarize yourself with all types of collaboration tools to understand what is available to help facilitate knowledge transfer.

    Collaboration Tools

    Content Management

    Real Time Communication

    Community Collaboration

    Social Collaboration

    Tools for collaborating around documents. They store content and allow for easy sharing and editing, e.g. content repositories and version control.

    Can be used for:

    • Action review
    • Process maps and use cases
    • Storing interview notes
    • Stories: blogs, video, and case studies

    Tools that enable real-time employee interactions. They permit “on-demand” workplace communication, e.g. IM, video and web conferencing.

    Can be used for:

    • Action review
    • Interviews
    • Mentoring
    • Peer assist
    • Story telling
    • Transition workshops

    Tools that allow teams and communities to come together and share ideas or collaborate on projects, e.g. team portals, discussion boards, and ideation tools.

    Can be used for:

    • Action review
    • Communities of practice
    • Peer assist
    • Story Telling

    Social tools borrow concepts from consumer social media and apply them to the employee-centric context, e.g. employee profiles, activity streams, and microblogging.

    Can be used for:

    • Peer assist
    • Story telling
    • Communities of practice

    For more information on Collaboration Tools and how to use them, see Info-Tech’s Establish a Communication and Collaboration System Strategy.

    Identify potential knowledge receivers

    Hold a meeting with your IT leaders to identify who would be the best knowledge receivers for specific knowledge assets

    • Before deciding on a successor, determine how the knowledge asset will be used in the future. This will impact who the receiver will be and your tactic. That is, if you are looking to upgrade a technology in the future, consider who would be taking on that project and what they would need to know.
    • Prior to the meeting, each manager should send a copy of the knowledge assets they have identified to the other managers.
    • Participants should come equipped with names of members of their teams and have an idea of what their career aspirations are.
    • Don’t assume that all employees want a career change. Be sure to have conversations with employees to determine their career aspirations.

    Ask how effectively the potential knowledge receiver would serve in the role today.

    • Review their competencies in terms of:
      • Relationship-building skills
      • Business skills
      • Technical skills
      • Industry-specific skills or knowledge
    • Consider what competencies the knowledge receiver currently has and what must be learned.
    • Finally, determine how difficult it will be for the knowledge receiver to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It’s likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    Using the IT knowledge transfer plan tool

    The image contains a screenshot of the IT Knowledge Transfer tool.

    We will use the IT Knowledge Transfer Plans as the foundation for building your knowledge transfer roadmap.

    2.1.3 Complete Knowledge Transfer Plans

    Complete one plan template for each of the knowledge sources

    1. Fill in the top with the knowledge source’s name. Remember that one template should be filled out for each source.
    2. List their key knowledge activities as identified through the interview.
    3. For each knowledge activity, identify and list the most appropriate recipient of this knowledge.
    4. For each knowledge activity, use the drop-down options to identify the type of knowledge that it falls under.
    5. Depending on the type of knowledge, different tactic drop-down options are available. Select which tactic would be most appropriate for this knowledge as well as the people involved in the knowledge transfer.

    The Strength Level column will indicate how well matched the tactic is to the type of knowledge.

    Input Output
    • Results of knowledge source interviews
    • A completed knowledge transfer plan for each identified knowledge source.
    Materials Participants
    • A completed knowledge transfer plan for each identified knowledge source.
    • IT leadership team

    IT Knowledge Transfer Plan Template

    Step 2.2

    Build Your Knowledge Transfer Roadmap

    Activities

    2.2.1 Merge Your Knowledge Transfer Plans

    2.2.2 Define Knowledge Transfer Initiatives’ Timeframes

    The goal of this step is to build the logistics of the knowledge transfer roadmap to prepare to communicate it to key stakeholders.

    Outcomes of this step

    • Prioritized sequence based on target state maturity goals.
    • Project roadmap.

    Plan and monitor the knowledge transfer project

    Depending on the desired state of maturity, the number of initiatives your organization has will vary and there could be a lengthy number of tasks and subtasks required to reach your organization knowledge transfer target state. The best way to plan, organize, and manage all of them is with a project roadmap.

    The image contains a screenshot of the Project Planning and Monitoring tool.

    Project Planning & Monitoring Tool

    Steps to use the project planning and monitoring tool:

    1. Begin by identifying all the project deliverables in scope for your organization. Review the previous content pertaining to specific people, process, and technology deliverables that your organization plans on creating.
    2. Identify all the tasks and subtasks necessary to create each deliverable.
    3. Arrange the tasks in the appropriate sequential order.
    4. Assign each task to a member of the project team.
    5. Estimate the day the task will be started and completed.
    6. Specify any significant dependencies or prerequisites between tasks.
    7. Update the project roadmap throughout the project by accounting for injections and entering the actual starting and ending dates.
    8. Use the project dashboard to monitor the project progress and identify risks early.

    Project Planning & Monitoring Tool

    Prioritize your tactics to build a realistic roadmap

    Initiatives should not and cannot be tackled all at once;

    • At this stage, each of the identified stakeholders should have a knowledge transfer plan for each of their reports with rough estimates for how long initiatives will take.
    • Simply looking at this raw list of transition plans can be daunting. Logically bundle the identified needs into IT initiatives to create the optimal IT Knowledge Transfer Roadmap.
    • It’s important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward.

    The image contains a screenshot of the prioritize tactics step.

    Populate the task column of the Project Planning and Monitoring Tool. See the following slides for more details on how to do this.

    Some techniques require a higher degree of effort than others

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    Medium

    N/A

    Low

    Low

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. Stakeholder buy-in is key for success.

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Story Telling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Consider each tactic’s dependencies as you build your roadmap

    Implementation Dependencies

    Tactic

    Training

    Technology Support

    Process Development

    Duration

    Interviews

    Minimal

    N/A

    Minimal

    Annual

    Start your knowledge transfer project here to get quick wins for explicit knowledge.

    Process Mapping

    Minimal

    N/A

    Minimal

    Annual

    Use Cases

    Minimal

    N/A

    Minimal

    Annual

    Job Shadow

    Required

    N/A

    Required

    Ongoing

    Don’t change too much too quickly or try to introduce all of the tactics at once. Focus on 1-2 key tactics and spend a significant amount of time upfront building an effective process and rolling it out. Leverage the effectiveness of the initial tactics to push these initiatives forward.

    Peer Assist

    Minimal

    N/A

    Required

    Ongoing

    Action Review

    Minimal

    Minimal

    Some

    Ongoing

    Mentoring

    Required

    N/A

    Required

    Ongoing

    Transition Workshop

    Required

    Some

    Some

    Ongoing

    Story Telling

    Some

    Required

    Required

    Ongoing

    Job Share

    Some

    Minimal

    Required

    Ongoing

    Communities of Practice

    Required

    Required

    Required

    Ongoing

    2.2.1 Merge Your Knowledge Transfer Plans

    Populate the task column of the Project Planning and Monitoring Tool

    1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
    2. Start your implementation with your highest risk group using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
    3. Proactive and knowledge culture should then move forward to other tactics, the majority of which will require training and process design. Pick one to two other key tactics you would like to employ and build those out.
    4. Once you get more advanced, you can continue to grow the number of tactics you employ, but in the beginning, less is more. Keep growing your implementation roadmap one tactic at a time and track key metrics as you go.
    InputOutput
    • A list of project tasks to be completed.
    MaterialsParticipants
    • Project Planning Monitoring Tool.
    • IT Leadership Team

    Project Planning & Monitoring Tool

    2.2.2 Define Initiatives’ Timeframes

    Populate the estimated start and completion date and task owner columns of the Project Planning and Monitoring Tool.

    1. Define the time frame: time frames will depend on several factors. Consider the following while defining timelines for your knowledge transfer tactics:
    • Tactics you choose to employ
    • Availability of resources to implement the initiative
    • Technology requirements
  • Input the Start Date and End Date for each initiative via the drop-down. (Year 1-M1 = year 1, month 1 of implementation.)
  • Define the status of initiative:
    • Planned
    • In progress
    • Completed
  • The initiative owner will ensure each step of the rollout is executed as planned, and will:
    • Engage all required stakeholders at appropriate stages of the project.
    • Engage all required resources to implement the process and make sure that communication channels are open and available between all relevant parties.
    Input Output
    • Timeframes for all project tasks.
    Materials Participants
    • Project Planning and Monitoring Tool.
    • IT Leadership Team

    Project Planning & Monitoring Tool

    Once you start the implementation, leverage the Project Planning and Monitoring Tool for ongoing status updates

    Track your progress

    • Update your project roadmap as you complete the project and keep track of your progress by completing the “Actual Start Date” and “Actual Completion Date” as you go through your project.
    • Use the Progress Report tab in project team meetings to update stakeholders on which tasks have been completed on schedule, for an analysis of tasks to date, and project time management.
    The image contains screenshots from the Project Planning and Monitoring Tool.

    Phase #3

    Implement your knowledge transfer plans and roadmap

    Phase 1

    Phase 2

    Phase 3

    1.1 Obtain approval for project

    1.2 Identify knowledge and stakeholder risks

    2.1 Build knowledge transfer plans

    2.2 Build knowledge transfer roadmap

    3.1 Communicate your roadmap

    This phase will walk you through the following activities:

    • Preparing a key stakeholder communication presentation.

    This phase involves the following participants:

    • IT Leadership
    • Other key stakeholders

    Step 3.1

    Communicate Your Knowledge Transfer Roadmap to Stakeholders

    Activities

    3.1.1 Prepare IT Knowledge Transfer Roadmap Presentation

    The goal of this step is to be ready to communicate the roadmap with the project team, project sponsor, and other key stakeholders.

    Outcomes of this step

    • Key stakeholder communication deck.

    Use Info-Tech’s template to communicate with stakeholders

    Obtain approval for the IT Knowledge Transfer Roadmap by customizing Info-Tech’s IT Knowledge Transfer Roadmap Presentation Template designed to effectively convey your key messages. Tailor the template to suit your needs.

    It includes:

    • Project Context
    • Project Scope and Objectives
    • Knowledge Transfer Roadmap
    • Next Steps

    The image contains screenshots of the IT Knowledge Transfer Roadmap Presentation Template.

    Info-Tech Insight

    The support of IT leadership is critical to the success of your roadmap roll-out. Remind them of the project benefits and impact them hard with the risks/pain points.

    IT Knowledge Transfer Roadmap Presentation Template

    3.1.1 Prepare a Presentation for Your Project Team and Sponsor

    Now that you have created your knowledge transfer roadmap, the final step of the process is to get sign-off from the project sponsor to begin the planning process to roll-out your initiatives.

    Know your audience:

    1. Revisit your project charter to determine the knowledge transfer project stakeholders who will be included in your presentation audience.
    2. You want your presentation to be succinct and hard-hitting. Management’s time is tight, and they will lose interest if you drag out the delivery. Impact them hard and fast with the pains and benefits of your roadmap.
    3. The presentation should take no more than an hour. Depending on your audience, the actual presentation delivery could be quite short (12-13 slides). However, you want to ensure adequate time for Q & A.
    Input Output
    • Project charter
    • A completed presentation to communicate your knowledge transfer roadmap.
    Materials Participants
    • IT Knowledge Transfer Roadmap Presentation Template
    • IT leadership team
    • Project sponsor
    • Project stakeholders

    IT Knowledge Transfer Roadmap Presentation Template

    Related Info-Tech Research

    Build an IT Succession Plan

    Train Managers to Handle Difficult Conversations

    Lead Staff Through Change

    Bibliography

    Babcock, Pamela. “Shedding Light on Knowledge Management.” HR Magazine, 1 May 2004.

    King, Rachael. "Big Tech Problem as Mainframes Outlast Workforce." Bloomberg, 3 Aug. 2010. Web.

    Krill, Paul. “IT’s Most Wanted: Mainframe Programmers.” IDG Communications, Inc. 1 December 2011.

    McLean & Company. “Mitigate the Risk of Baby Boomer Retirement with Scalable Succession Planning.” 7 March 2016.

    McLean & Company. “Make the Case For Employee Engagement.” McLean and Company. 27 March 2014.

    PwC. “15th Annual Global CEO Survey: Delivering Results Growth and Value in a Volatile World.” PwC, 2012.

    Rocket Software, Inc. “Rocket Software 2022 Survey Report: The State of the Mainframe.” Rocket Software, Inc. January 2022. Accessed 30 April 2022.

    Ross, Jenna. “Intangible Assets: A Hidden but Crucial Driver of Company Value.” Visual Capitalist, 11 February 2020. Accessed 2 May 2022.

    Time Study

    • Buy Link or Shortcode: {j2store}260|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • In ESG’s 2018 report “The Life of Cybersecurity Professionals,” 36% of participants expressed the overwhelming workload was a stressful aspect of their job.
    • Organizations expect a lot from their security specialists. From monitoring the threat environment, protecting business assets, and learning new tools, to keeping up with IT initiatives, cybersecurity teams struggle to balance their responsibilities with the constant emergencies and disruptions that take them away from their primary tasks.
    • Businesses fail to recognize the challenges associated with task prioritization and the time management practices of a security professional.

    Our Advice

    Critical Insight

    • The majority of scheduled calendar meetings include employees and peers.
      • Our research indicates cybersecurity professionals spent the majority of their meetings with employees (28%) and peers (24%). Other stakeholders involved in meetings included by myself (15%), boss (13%), customers (10%), vendors (8%), and board of directors (2%).
    • Calendar meetings are focused on project work, management, and operations.
      • When asked to categorize calendar meetings, the focus was on project work (26%), management (23%), and operations (22%). Other scheduled meetings included ones focused on strategy (15%), innovation (9%), and personal time (5%).
    • Time management scores were influenced by the percentage of time spent with employees and peers.
      • When participants were divided into good and poor time managers, we found good time managers spent less time with their peers and more time with their employees. This may be due to the nature of employee meetings being more directly tied to the project outputs of the manager than their peer meetings. Managers who spend more time in meetings with their employees feel a sense of accomplishment, and hence rate themselves higher in time management.

    Impact and Result

    • Understand how cybersecurity professionals allocate their time.
    • Gain insight on whether perceived time management skills are associated with calendar maintenance factors.
    • Identify common time management pain points among cybersecurity professionals.
    • Identify current strategies cybersecurity professionals use to manage their time.

    Time Study Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read our Time Study

    Read our Time Study to understand how cybersecurity professionals allocate their time, what pain points they endure, and tactics that can be leveraged to better manage time.

    • Time Study Storyboard
    [infographic]

    Create a Game Plan to Implement Cloud Backup the Right Way

    • Buy Link or Shortcode: {j2store}469|cart{/j2store}
    • member rating overall impact (scale of 10): 7.0/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Cloud adoption is frequently driven by hype rather than careful consideration of the best-fit solution.
    • IT is frequently rushed into cloud adoption without appropriate planning.
    • Organizations frequently lack appropriate strategies to deal with cloud-specific backup challenges.
    • Insufficient planning for cloud backup can exacerbate problems rather than solving them, leading to poor estimates of the cost and effort involved, budget overruns, and failure to meet requirements.

    Our Advice

    Critical Insight

    • The cloud isn’t a magic bullet, but it tends to deliver the most value to organizations with specific use cases – frequently smaller organizations who are looking to avoid the cost of building or upgrading a data center.
    • Cloud backup does not necessarily reduce backup costs so much as it moves them around. Cloud backup distributes costs over a longer term. Organizations need to compare the difference in CAPEX and OPEX to determine if making the move makes financial sense.
    • The cloud can deliver a great deal of value for organizations who are looking to reduce the operational effort demanded by an existing tape library for second- or third-tier backups.
    • Data security risks in some cases may be overstated, depending on what on-premises security is available. However, targeting backup to the cloud introduces other risks that need to be considered before implementation is given the green light.

    Impact and Result

    • Understand if cloud backup is the right solution for actual organizational needs.
    • Make an informed decision about targeting backup to the cloud by considering the big picture TCO and effort level involved in adoption.
    • Have a ready strategy to mitigate the most common challenges with cloud adoption projects.
    • Develop a roadmap that lays out the required step-by-step to implement cloud backup.

    Create a Game Plan to Implement Cloud Backup the Right Way Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the benefits and risks of targeting backups to the cloud

    Build a plan to mitigate the risks associated with backing data up in the cloud.

    • Storyboard: Create a Game Plan to Implement Cloud Backup the Right Way

    2. Determine if the cloud can meet the organization's data requirements

    Assess if the cloud is a good fit for your organization’s backup data.

    • Cloud Backup Implementation Game Plan Tool

    3. Mitigate the Challenges of Backing Up to the Cloud

    Build a cloud challenge contingency plan.

    4. Build a Cloud Backup Implementation Roadmap

    Perform a gap analysis to determine cloud backup implementation initiatives.

    Infographic

    Workshop: Create a Game Plan to Implement Cloud Backup the Right Way

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Evaluate the business case for targeting backup at the cloud

    The Purpose

    Understand how cloud backup will affect backup and recovery processes

    Determine backup and recovery objectives

    Assess the value proposition of cloud backup

    Key Benefits Achieved

    A high-level understanding of the benefits of moving to cloud backup

    A best-fit analysis of cloud backup in comparison to organizational needs

    Activities

    1.1 Document stakeholder goals for cloud backup

    1.2 Document present backup processes

    1.3 Document ideal backup processes

    1.4 Review typical benefits of cloud backup

    Outputs

    Documented stakeholder goals

    Current backup process diagrams

    Ideal backup process diagram

    2 Identify candidate data sets and assess opportunities and readiness

    The Purpose

    Identify candidate data sets for cloud-based backup

    Determine RPOs and RTOs for candidate data sets

    Identify potential value specific to each data set for targeting backup at the cloud

    Evaluate organizational readiness for targeting backup at the cloud

    Key Benefits Achieved

    Documented recovery objectives

    Recommendations for cloud backup based on actual organizational needs and readiness

    Activities

    2.1 Document candidate data sets

    2.2 Determine recovery point and recovery time objectives for candidate data sets

    2.3 Identify potential value of cloud-based backup for candidate data sets

    2.4 Discuss the risk and value of cloud-based backup versus an on-premises solution

    2.5 Evaluate organizational readiness for cloud backup

    2.6 Identify data sets to move to the cloud

    Outputs

    Validated list of candidate data sets

    Specific RPOs and RTOs for core data sets

    An assessment of the value of cloud backup for data sets

    A tool-based recommendation for moving backups to the cloud

    3 Mitigate the challenges of backing up to the cloud

    The Purpose

    Understand different cloud provider models and their specific risks

    Identification of how cloud backup will affect IT infrastructure and personnel

    Strategize ways to mitigate the most common challenges of implementing cloud backup

    Understand the client/vendor relationship in cloud backup

    Understand the affect of cloud backup on data security

    Key Benefits Achieved

    Verified best-fit cloud provider model for organizational needs

    Verified strategy for meeting the most common challenges for cloud-based backup

    A strong understanding of how cloud backup will change IT

    Strategies for approaching vendors to ensure a strong footing in negotiations and clear expectations for the client/vendor relationship

    Activities

    3.1 Discuss the impact of cloud backup on infrastructure and IT environment

    3.2 Create a cloud backup risk contingency plan

    3.3 Document compliance and security regulations

    3.4 Identify client and vendor responsibilities for cloud backup

    3.5 Discuss and document the impact of cloud backup on IT roles and responsibilities

    3.6 Compile a list of implementation intiatives

    3.7 Evaluate the financial case for cloud backup

    Outputs

    Cloud risk assessment

    Documented contingency strategies for probabe risks

    Negotiation strategies for dealing with vendors

    A committed go/no-go decision on the value of cloud backup weighted against the effort of implementation

    4 Build a cloud backup implementation roadmap

    The Purpose

    Create a road map for implementing cloud backup

    Key Benefits Achieved

    Determine any remaining gaps between the present state and the ideal state for cloud backup

    Understand the steps and time frame for implementing cloud backup

    Allocate roles and responsibilities for the implementation intitiative

    A validated implementation road map

    Activities

    4.1 Perform a gap analysis to generate a list of implementation intiatives

    4.2 Prioritize cloud backup initiatives

    4.3 Assess risks and dependencies for critical implementation initiatives

    4.4 Assign ownership over implementation tasks

    4.5 Determine road map time frame and structure

    4.6 Populate the roadmap with cloud backup initiatives

    Outputs

    A validated gap analysis

    A prioritized list of cloud backup initiatives

    Documented dependencies and risks associated with implementation tasks

    A roadmap for targeting backups at the cloud

    Assess Infrastructure Readiness for Digital Transformation

    • Buy Link or Shortcode: {j2store}300|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    There are many challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt
    • Skills and talent in the IT team
    • A culture that resists change
    • Fear of job loss

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Our Advice

    Critical Insight

    By using the framework of culture, competencies, collaboration and capabilities, organizations can create dimensions in their I&O structure in order to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence though the effective integration of people, process, and technology.

    Impact and Result

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    Assess Infrastructure Readiness for Digital Transformation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Infrastructure Readiness for Digital Transformation – Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers for success.

  • Be customer centric as opposed to being technology driven.
  • Understanding business needs and pain points is key to delivering solutions.
  • Approach infrastructure digital transformation in iterations and look at this as a journey.
    • Assess Infrastructure Readiness for Digital Transformation Storyboard
    • I&O Digital Transformation Maturity Assessment Tool

    Infographic

    Further reading

    Assess Infrastructure Readiness for Digital Transformation

    Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers to success.

    Analyst Perspective

    It’s not just about the technology!

    Many businesses fail in their endeavors to complete a digital transformation, but the reasons are complex, and there are many ways to fail, whether it is people, process, or technology. In fact, according to many surveys, 70% of digital transformations fail, and it’s mainly down to strategy – or the lack thereof.

    A lot of organizations think of digital transformation as just an investment in technology, with no vision of what they are trying to achieve or transform. So, out of the gate, many organizations fail to undergo a meaningful transformation, change their business model, or bring about a culture of digital transformation needed to be seriously competitive in their given market.

    When it comes to I&O leaders who have been given a mandate to drive digital transformation projects, they still must align to the vision and mission of the organization; they must still train and hire staff that will be experts in their field; they must still drive process improvements and align the right technology to meet the needs of a digital transformation.

    John Donovan

    John Donovan

    Principal Research Director, I&O
    Info-Tech Research Group

    Insight summary

    Overarching insight

    Digital transformation requires I&O teams to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence through effective integration of people, process, and technology.

    Insight 1

    Collaboration is a key component of I&O – Promote strong collaboration between I&O and other business functions. When doing a digital transformation, it is clear that this is a cross-functional effort. Business leaders and IT teams need to align their objectives, prioritize initiatives, and ensure that you are seamlessly integrating technologies with the new business functions.

    Insight 2

    Embrace agility and adaptability as core principles – As the digital landscape continues to evolve, it is paramount that I&O leaders are agile and adaptable to changing business needs, adopting new technology and implementing new innovative solutions. The culture of continuous improvement and openness to experimentation and learning will assist the I&O leaders in their journey.

    Insight 3

    Future-proof your infrastructure and operations – By anticipating emerging technologies and trends, you can proactively plan and organize your team for future needs. By investing in scalable, flexible infrastructure such as cloud services, automation, AI technologies, and continuously upskilling the IT staff, you can stay relevant and forward-looking in the digital space.

    Tactical insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployment of services.

    Tactical insight

    Having a clear strategy, with leadership commitment along with hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Executive Summary

    Your Challenge

    There are a lot of challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt.
    • Skills and talent in the IT team.
    • A culture that resists change.
    • Fear of job loss.

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Common Obstacles

    Many obstacles to digital transformation begin with non-I&O activities, including:

    • Lack of a clear vision and strategy.
    • Siloed organizational structure.
    • Lack of governance and data management.
    • Limited budget and resources.

    By addressing these obstacles, I&O will have a better chance of a successful transformation and delivering the full potential of digital technologies.

    Info-Tech's Approach

    Building a culture of innovation by developing clear goals and creating a vision will be key.

    • Be customer centric as opposed to being technology driven.
    • Understand the business needs and pain points in order to effectively deliver solutions.
    • Approach infrastructure digital transformation in iterations and look at it as a journey.

    By completing the Info-Tech digital readiness questionnaire, you will see where you are in terms of maturity and areas you need to concentrate on.

    Info-Tech Insight

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    The cost of digital transformation

    The challenges that stand in the way of your success, and what is needed to reverse the risk

    What CIOs are saying about their challenges

    26% of those CIOs surveyed cite resistance to change, with entrenched viewpoints demonstrating a real need for a cultural shift to enhance the digital transformation journey.

    Source: Prophet, 2019.

    70% of digital transformation projects fall short of their objectives – even when their leadership is aligned, often with serious consequences.

    Source: BCG, 2020.

    Having a clear strategy and commitment from leadership, hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Info-Tech Insight

    Cultural change, business alignment, skills training, and setting a clear strategy with KPIs to demonstrate success are all key to being successful in your digital journey.

    Small and medium-sized enterprises

    What business owners and CEOs are saying about their digital transformation

    57% of small business owners feel they must improve their IT infrastructure to optimize their operations.

    Source: SMB Story, 2023.

    64% of CEOs believe driving digital transformation at a rapid pace is critical to attracting and retaining talent and customers.

    Source: KPMG, 2022.

    Info-Tech Insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployments.

    Understand the Difference Between Backups and Archives

    • Buy Link or Shortcode: {j2store}506|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • You don’t understand the difference between a backup and an archive or when to use one or the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that was in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?

    Our Advice

    Critical Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks, but recovery and discovery are capabilities the business wants and is willing to pay for.

    Impact and Result

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Understand the Difference Between Backups and Archives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the Difference Between Backups and Archives

    What is the difference between a backup and a data archive? When should I use one over the other? They are not the same and confusing the two concepts could be expensive.

    • Understand the Difference Between Backups and Archives Storyboard
    [infographic]

    Further reading

    Understand the Difference Between Backups and Archives

    They are not the same, and confusing the two concepts could be expensive

    Analyst Perspective

    Backups and archives are not interchangeable, but they can complement each other.

    Photo of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group.

    Backups and archives are two very different operations that are quite often confused or misplaced. IT and business leaders are tasked with protecting corporate data from a variety of threats. They also must conform to industry, geographical, and legal compliance regulations. Backup solutions keep the data safe from destruction. If you have a backup, why do you also need an archive? Archive solutions hold data for a long period of time and can be searched. If you have an archive, why do you also need a backup solution? Backups and archives used to be the same. Remember when you would keep the DAT tape in the same room as the argon gas fire suppression system for seven years? Now that's just not feasible. Some situations require a creative approach or a combination of backups and archives.

    Understand the difference between archives and backups and you will understand why the two solutions are necessary and beneficial to the business.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • You don’t understand the difference between a backup and an archive or when to use one over the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that had been in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?
    Common Obstacles
    • Storage costs can be expensive, as can some backup and archiving solutions.
    • Unclear requirements definition to decide between backups or archives.
    • Historically, people referred to archiving as tossing something into a box and storing it away indefinitely. Data archiving has a different meaning.
    • Executives want retired applications preserved but do not provide reasons or requirements.
    Info-Tech’s Approach
    • Spend wisely. Why spend money on an archive solution when a backup will suffice? Don’t leave money on the table.
    • Be creative and assess each backup or archive situation carefully. A custom solution may be required.
    • Backup your production data for the purpose of restoring it and adhere to the 3-2-1 rule of backups (Naviko.com).
    • Archive your older data to an alternate storge platform to save space, allow for searchability, and provide retention parameters.

    Info-Tech Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks but recovery and discovery are capabilities the business wants and is willing to pay for.

    Archive

    What it IS

    A data archive is an alternate location for your older, infrequently accessed production data. It is indexed and searchable based on keywords. Archives are deleted after a specified period based on your retention policy or compliance directives.

    What it IS NOT

    Archives are not an emergency copy of your production data. They are not any type of copy of your production data. Archives will not help you if you lose your data or accidentally delete a file. Archives are not multiple copies of production data from various recovery points.

    Why use it

    Archives move older data to an alternate location. This frees up storage space for your current data. Archives are indexed and can be searched for historical purposes, compliance reasons, or in the event of a legal matter where specific data must be provided to a legal team.

    Tips & Tricks – Archiving

    • Archiving will move older data to an alternate location. This will free up storage space in the production environment.
    • Archiving solutions index the data to allow for easier searchability. This will aid in common business searches as well as assist with any potential legal searches.
    • Archiving allows companies to hold onto data for historical purposes as well as for specific retention periods in compliance with industry and regional regulations such as SOX, GDPR, FISMA, as well as others (msp360.com).

    Backup

    What it IS

    A backup is a copy of your data from a specific day and time. It is primarily used for recovery or restoration if something happens to the production copy of data. The restore will return the file or folder to the state it was in at the time of the backup.

    Backups occur frequently to ensure the most recent version of data is copied to a safe location.

    A typical backup plan makes a copy of the data every day, once a week, and once a month. The data is stored on tapes, disk, or using cloud storage.

    What it IS NOT

    Backups are not designed for searching or discovery. If you backup your email and must go to that backup in search of all email pertaining to a specific topic, you must restore the full backup and then search for that specific topic or sender. If you kept all the monthly backups for seven years, that will mean repeating that process 84 times to have a conclusive search, assuming you have adequate storage space to restore the email database 84 times.

    Backups do not free up space.

    Why use it

    Backups protect your data in the event of disaster, deletion, or accidental damage. A good backup strategy will include multiple backups on different media and offsite storage of at least one copy.

    Tips & Tricks – Backups

    • Production data should be backed up on a regular basis, ideally once a day or more frequently if possible.
    • Backups are intended to restore data when it gets deleted, over-written, or otherwise compromised. Most restore requests are from the last 24 to 48 hours, so it may be advantageous to keep a backup readily available on disk for a quick restore when needed.
    • Some vendors and industry subject matter experts advocate the use of a 3-2-1 rule when it comes to backups:
      • Keep three copies of your production data
      • In at least two separate locations (some advocate two different formats), and
      • One copy should be offsite (nakivo.com)

    Cold Storage

    • Cold storage refers to a storage option offered by some cloud vendors. In the context of the discussion between backups and archives, it can be an option for a dedicated backup solution for a specific period. Cost is low and the data is protected from destruction.
    • If an app has been replaced and all data transferred to the replacement solution but for some reason the company wishes to hold onto the data, you want a backup, not an archive. Extract the data, convert it into MongoDB or a similar solution, and drop it into cheap cloud storage (cold storage) for less than $5 per TB/month.

    Case Study

    Understanding the difference between archives and backups could save you a lot of time and money

    INDUSTRY: Manufacturing | SOURCE: Info-Tech Research

    Understanding the difference between an archive and a backup was the first step in solving their challenge.

    A leading manufacturing company found themselves in a position where they had to decide between archiving or doing nothing.

    The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies and although the data they held had been migrated to a replacement solution, executives felt they should hold onto these applications for a period of time, just in case.

    Some of the larger applications were archived using a modern archiving solution, but when it came to the smaller applications, the cost to add them to the archiving solution greatly exceeded the cost to just keep them running and maintain the associated infrastructure.

    A research advisor from Info-Tech Research Group joined a call with the manufacturing company and discussed their situation. The difference between archives and backups was explained and through the course of the conversation it was discovered that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment. The requirement to keep the legacy application up and running was not necessary but in compliance with the request to keep the information, the data could be exported from the legacy application into a non-sequential database, compressed, and stored in cloud-based cold storage for less than five dollars per terabyte per month. The manufacturing company’s staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.

    Understand the Difference Between Backups and Archives

    Backups

    Backups are for recovery. A backup is a snapshot copy of production data at a specific point in time. If the production data is lost, destroyed, or somehow compromised, the data can be restored from the backup.

    Archives

    Archives are for discovery. It is production data that is moved to an alternate location to free up storage space, allow the data to be searchable, and still hold onto the data for historical or compliance purposes.

    Info-Tech Insight

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Additional Guidance

    Production data should be backed up.

    The specific backup solution is up to the business.

    Production data that is not frequently accessed should be archived.

    The specific solution to perform and manage the archiving of the data is up to the business

    • Archived data should also be backed up at least once.
    If the app has been replaced and all data transferred, you want a backup not an archive if you want to keep the data.
    • Short term – fence it off.
    • Long term – extract into Mongo then drop it into cheap cloud storage.

    Case Study

    Using tape backups as an archive solution could result in an expensive discovery and retrieval exercise.

    INDUSTRY: Healthcare | SOURCE: Zasio Enterprises Inc.

    “Do not commingle archive data with backup or disaster recovery tapes.”

    A court case in the United States District Court for the District of Nevada involving Guardiola and Renown Health in 2015 is a good example of why using a backup solution to solve an archiving challenge is a bad idea.

    Renown Health used a retention policy that declared any email older than six months of age as inactive and moved that email to a backup tape. Renown Health was ordered by the court to produce emails from a period of time in the past. Renown estimated that it would cost at least $248,000 to produce those emails, based on the effort involved to restore data from each tape and search for the email in question. Renown Health argued that this long and expensive process would result in undue costs.

    The court reviewed the situation and ruled against Renown Health and ordered them to comply with the request (Zasio.com).

    A proper archiving solution would have provided a quick and low-cost method to retrieve the emails in question.

    Backups and archives are complementary to each other

    • Archives are still production data, but the data does not change. A backup is recommended for the archived data, but the frequency of the backups can be lowered.
    • Backups protect you if a disaster strikes by providing a copy of the production data that was compromised or damaged. Archives allow you to access older data that may have just been forgotten, not destroyed or compromised. Archives could also protect you in a legal court case by providing data that is older but may prove your argument in court.

    Archives and backups are not the same.

    Backups copy your data. Archives move your data. Backups facilitate recovery. Archives facilitate discovery.

    Archive Backup
    Definition Move rarely accessed (but still production) data to separate media. Store a copy of frequently used data on a separate media to ensure timely operational recovery.
    Use Case Legal discovery, primary storage reduction, compliance requirements, and audits. Accidental deletion and/or corruption of data, hardware/software failures.
    Method Disk, cloud storage, appliance. Disk, backup appliance, snapshots, cloud.
    Data Older, rarely accessed production data. Current production data.

    Is it a backup or archive?

    • You want to preserve older data for legal and compliance reasons, so you put extra effort into keeping your tape backups safe and secure for seven years. That’s a big mistake that may cost you time and money. You want an archive solution.
    • You replace your older application and migrate all data to the new system, but you want to hold onto the old data, just in case. That’s a backup, not an archive.
    • A long serving senior executive recently left the company. You want to preserve the contents of the executive's laptop in case it is needed in the future. That’s a backup.

    Considerations When Choosing Between Solutions

    1

    Backup or archive?

    2

    What are you protecting?

    3

    Why are you protecting data?

    4

    Solution

    Backup

    Backup and/or archive.
    Additional information required.
    Column 3 may help

    Archive

    Device

    Data

    Application

    Operational Environment

    Operational recovery

    Disaster recovery

    Just in case

    Production storage space reduction

    Retention and preservation

    Governance, risk & compliance

    Backup

    Archive

    Related Info-Tech Research

    Stock image of light grids and flares. Establish an Effective Data Protection Plan

    Give data the attention it deserves by building a strategy that goes beyond backup.

    Stock image of old fuse box switches. Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Logo for 'Software Reviews' and their information on 'Compare and Evaluate: Data Archiving.'
    Sample of Info-Tech's 'Data Archiving Policy'. Data Archiving Policy

    Bibliography

    “Backup vs. archiving: Know the difference.” Open-E. Accessed 05 Mar 2022.Web.

    G, Denis. “How to build retention policy.” MSP360, Jan 3, 2020. Accessed 10 Mar 2022.

    Ipsen, Adam. “Archive vs Backup: What’s the Difference? A Definition Guide.” BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.

    Kang, Soo. “Mitigating the expense of E-discovery; Recognizing the difference between back-ups and archived data.” Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.

    Mayer, Alex. “The 3-2-1 Backup Rule – An Efficient Data Protection Strategy.” Naviko. Accessed 12 Mar 2022.

    “What is Data-Archiving?” Proofpoint. Accessed 07 Mar 2022.

    Monitor IT Employee Experience

    • Buy Link or Shortcode: {j2store}543|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $29,096 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • In IT, high turnover and sub-optimized productivity can have huge impacts on IT’s ability to execute SLAs, complete projects on time, and maintain operations effectively.
    • With record low unemployment rates in IT, retaining top employees and keeping them motivated in their jobs has never been more critical.

    Our Advice

    Critical Insight

    • One bad experience can cost you your top employee. Engagement is the sum total of the day-to-day experiences your employees have with your company.
    • Engagement, not pay, drives results. Engagement is key to your team's productivity and ability to retain top talent. Approach it systematically to learn what really drives your team.
    • It’s time for leadership to step up. As the CIO, it’s up to you to take ownership of your team’s engagement.

    Impact and Result

    • Info-Tech tools and guidance will help you initiate an effective conversation with your team around engagement, and avoid common pitfalls in implementing engagement initiatives.
    • Monitoring employee experience continuously using the Employee Experience Monitor enables you to take a data-driven approach to evaluating the success of your engagement initiatives.

    Monitor IT Employee Experience Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should focus on employee experience to improve engagement in IT, review Info-Tech’s methodology, and understand how our tools will help you construct an effective employee engagement program.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start monitoring employee experience

    Plan out your employee engagement program and launch the Employee Experience Monitor survey for your team.

    • Drive IT Performance by Monitoring Employee Experience – Phase 1: Start Monitoring Employee Experience
    • None
    • None
    • EXM Setup Guide
    • EXM Training Guide for Managers
    • None
    • EXM Communication Template

    2. Analyze results and ideate solutions

    Interpret your Employee Experience Monitor results, understand what they mean in the context of your team, and involve your staff in brainstorming engagement initiatives.

    • Drive IT Performance by Monitoring Employee Experience – Phase 2: Analyze Results and Ideate Solutions
    • EXM Focus Group Facilitation Guide
    • Focus Group Facilitation Guide Driver Definitions

    3. Select and implement engagement initiatives

    Select engagement initiatives for maximal impact, create an action plan, and establish open and ongoing communication about engagement with your team.

    • Drive IT Performance by Monitoring Employee Experience – Phase 3: Measure and Communicate Results
    • Engagement Progress One-Pager
    [infographic]

    Workshop: Monitor IT Employee Experience

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the EXM

    The Purpose

    Set up the EXM and collect a few months of data to build on during the workshop.

    Key Benefits Achieved

    Arm yourself with an index of employee experience and candid feedback from your team to use as a starting point for your engagement program.

    Activities

    1.1 Identify EXM use case.

    1.2 Identify engagement program goals and obstacles.

    1.3 Launch EXM.

    Outputs

    Defined engagement goals.

    EXM online dashboard with three months of results.

    2 Explore Engagement

    The Purpose

    To understand the current state of engagement and prepare to discuss the drivers behind it with your staff.

    Key Benefits Achieved

    Empower your leadership team to take charge of their own team's engagement.

    Activities

    2.1 Review EXM results to understand employee experience.

    2.2 Finalize focus group agendas.

    2.3 Train managers.

    Outputs

    Customized focus group agendas.

    3 Hold Employee Focus Groups

    The Purpose

    Establish an open dialogue with your staff to understand what drives their engagement.

    Key Benefits Achieved

    Understand where in your team’s experience you can make the most impact as an IT leader.

    Activities

    3.1 Identify priority drivers.

    3.2 Identify engagement KPIs.

    3.3 Brainstorm engagement initiatives.

    3.4 Vote on initiatives within teams.

    Outputs

    Summary of focus groups results

    Identified engagement initiatives.

    4 Select and Plan Initiatives

    The Purpose

    Learn the characteristics of successful engagement initiatives and build execution plans for each.

    Key Benefits Achieved

    Choose initiatives with the greatest impact on your team’s engagement, and ensure you have the necessary resources for success.

    Activities

    4.1 Select engagement initiatives with IT leadership.

    4.2 Discuss and decide on the top five engagement initiatives.

    4.3 Create initiative project plans.

    4.4 Build detailed project plans.

    4.5 Present project plans.

    Outputs

    Engagement project plans.

    Maximize Value From Your Value-Added Reseller (VAR)

    • Buy Link or Shortcode: {j2store}215|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Organizations need to understand their value-added reseller (VAR) portfolio and the greater VAR landscape to better:

    • Manage the VAR portfolio.
    • Understand additional value each VAR can provide.
    • Maximize existing VAR commitments.
    • Evaluate the VARs’ performance.

    Our Advice

    Critical Insight

    VARs typically charge more for products because they are in some way adding value. If you’re not leveraging any of the provided value, you’re likely wasting money and should use a basic commodity-type reseller for procurement.

    Impact and Result

    This project will provide several benefits to Vendor Management and Procurement:

    • Defined VAR value and performance tracking.
    • Manageable portfolio of VARs that fully benefit the organization.
    • Added training, licensing advice, faster quoting, and invoicing resolution.
    • Reduced deployment and logistics costs.

    Maximize Value From Your Value-Added Reseller (VAR) Research & Tools

    Start here – read the Executive Brief

    Read our informative Executive Brief to find out why you should maximize value from your value-added reseller, review Info-Tech’s methodology, and understand the three ways to better manage your VARs improve performance and reduce costs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Organize and prioritize

    Organize all your VARs and create a manageable portfolio detailing their value, specific, product, services, and certifications.

    • Maximize Value From Your Value-Added Reseller – Phase 1: Organize and Prioritize
    • VAR Listing and Prioritization Tool

    2. “EvaluRate” your VARs

    Create an in-depth evaluation of the VARs’ capabilities.

    • Maximize Value From Your Value-Added Reseller – Phase 2: EvaluRate Your VARs
    • VAR Features Checklist Tool
    • VAR Profile and EvaluRation Tool

    3. Consolidate and reduce

    Assess each VAR for low performance and opportunity to increase value or consolidate to another VAR and reduce redundancy.

    • Maximize Value From Your Value-Added Reseller – Phase 3: Consolidate and Reduce

    4. Maximize their value

    Micro-manage your primary VARs to ensure performance to commitments and maximize their value.

    • Maximize Value From Your Value-Added Reseller – Phase 4: Maximize Their Value
    • VAR Information and Scorecard Workbook
    [infographic]

    Build a Reporting and Analytics Strategy

    • Buy Link or Shortcode: {j2store}128|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $49,748 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • In respect to business intelligence (BI) matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and analytics strategy and is not a quick solution or a guarantee for long-term success.

    Our Advice

    Critical Insight

    • The BI strategy drives data warehouse and integration strategies and the data needed to support business decisions.
    • The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Impact and Result

    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • BI & analytics informs data warehouse and integration layers for required content, latency, and quality.

    Build a Reporting and Analytics Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create or refresh the BI Strategy and review Info-Tech’s approach to developing a BI strategy that meets business needs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the business context and BI landscape

    Lay the foundation for the BI strategy by detailing key business information and analyzing current BI usage.

    • Build a Reporting and Analytics Strategy – Phase 1: Understand the Business Context and BI Landscape
    • BI Strategy and Roadmap Template
    • BI End-User Satisfaction Survey Framework

    2. Evaluate the current BI practice

    Assess the maturity level of the current BI practice and envision a future state.

    • Build a Reporting and Analytics Strategy – Phase 2: Evaluate the Current BI Practice
    • BI Practice Assessment Tool

    3. Create a BI roadmap for continuous improvement

    Create BI-focused initiatives to build an improvement roadmap.

    • Build a Reporting and Analytics Strategy – Phase 3: Create a BI Roadmap for Continuous Improvement
    • BI Initiatives and Roadmap Tool
    • BI Strategy and Roadmap Executive Presentation Template
    [infographic]

    Workshop: Build a Reporting and Analytics Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Vision and Understand the Current BI Landscape

    The Purpose

    Document overall business vision, mission, and key objectives; assemble project team.

    Collect in-depth information around current BI usage and BI user perception.

    Create requirements gathering principles and gather requirements for a BI platform.

    Key Benefits Achieved

    Increased IT–business alignment by using the business context as the project starting point

    Identified project sponsor and project team

    Detailed understanding of trends in BI usage and BI perception of consumers

    Refreshed requirements for a BI solution

    Activities

    1.1 Gather key business information (overall mission, goals, objectives, drivers).

    1.2 Establish a high-level ROI.

    1.3 Identify ideal candidates for carrying out a BI project.

    1.4 Undertake BI usage analyses, BI user perception survey, and a BI artifact inventory.

    1.5 Develop requirements gathering principles and approaches.

    1.6 Gather and organize BI requirements

    Outputs

    Articulated business context that will guide BI strategy development

    ROI for refreshing the BI strategy

    BI project team

    Comprehensive summary of current BI usage that has quantitative and qualitative perspectives

    BI requirements are confirmed

    2 Evaluate Current BI Maturity and Identify the BI Patterns for the Future State

    The Purpose

    Define current maturity level of BI practice.

    Envision the future state of your BI practice and identify desired BI patterns.

    Key Benefits Achieved

    Know the correct migration method for Exchange Online.

    Prepare user profiles for the rest of the Office 365 implementation.

    Activities

    2.1 Perform BI SWOT analyses.

    2.2 Assess current state of the BI practice and review results.

    2.3 Create guiding principles for the future BI practice.

    2.4 Identify desired BI patterns and the associated BI functionalities/requirements.

    2.5 Define the future state of the BI practice.

    2.6 Establish the critical success factors for the future BI, identify potential risks, and create a mitigation plan.

    Outputs

    Exchange migration strategy

    Current state of BI practice is documented from multiple perspectives

    Guiding principles for future BI practice are established, along with the desired BI patterns linked to functional requirements

    Future BI practice is defined

    Critical success factors, potential risks, and a risk mitigation plan are defined

    3 Build Improvement Initiatives and Create a BI Development Roadmap

    The Purpose

    Build overall BI improvement initiatives and create a BI improvement roadmap.

    Identify supplementary initiatives for enhancing your BI program.

    Key Benefits Achieved

    Defined roadmap composed of robust improvement initiatives

    Activities

    3.1 Create BI improvement initiatives based on outputs from phase 1 and 2 activities. Build an improvement roadmap.

    3.2 Build an improvement roadmap.

    3.3 Create an Excel governance policy.

    3.4 Create a plan for a BI ambassador network.

    Outputs

    Comprehensive BI initiatives placed on an improvement roadmap

    Excel governance policy is created

    Internal BI ambassadors are identified

    Further reading

    Build a Reporting and Analytics Strategy

    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Terminology

    As the reporting and analytics space matured over the last decade, software suppliers used different terminology to differentiate their products from others’. This caused a great deal of confusion within the business communities.

    Following are two definitions of the term Business Intelligence:

    Business intelligence (BI) leverages software and services to transform data into actionable insights that inform an organization’s strategic and tactical business decisions. BI tools access and analyze data sets and present analytical findings in reports, summaries, dashboards, graphs, charts, and maps to provide users with detailed intelligence about the state of the business.

    The term business intelligence often also refers to a range of tools that provide quick, easy-to-digest access to insights about an organization's current state, based on available data.

    CIO Magazine

    Business intelligence (BI) comprises the strategies and technologies used by enterprises for the data analysis of business information. BI technologies provide historical, current, and predictive views of business operations.

    Common functions of business intelligence technologies include reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics, and prescriptive analytics.

    Wikipedia

    This blueprint will use the terms “BI,” “BI and Analytics,” and “Reporting and Analytics” interchangeably in different contexts, but always in compliance to the above definitions.

    ANALYST PERSPECTIVE

    A fresh analytics & reporting strategy enables new BI opportunities.

    We need data to inform the business of past and current performance and to support strategic decisions. But we can also drown in a flood of data. Without a clear strategy for business intelligence, a promising new solution will produce only noise.

    BI and Analytics teams must provide the right quantitative and qualitative insights for the business to base their decisions on.

    Your Business Intelligence and Analytics strategy must support the organization’s strategy. Your strategy for BI & Analytics provides direction and requirements for data warehousing and data integration, and further paves the way for predictive analytics, big data analytics, market/industry intelligence, and social network analytics.

    Dirk Coetsee,

    Director, Data and Analytics Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • A CIO or Business Unit (BU) Leader looking to improve reporting and analytics, reduce time to information, and embrace fact-based decision making with analytics, reporting, and business intelligence (BI).
    • Application Directors experiencing poor results from an initial BI tool deployment who are looking to improve the outcome.

    This Research Will Also Assist:

    • Project Managers and Business Analysts assigned to a BI project team to collect and analyze requirements.
    • Business units that have their own BI platforms and would like to partner with IT to take their BI to an enterprise level.

    This Research Will Help You:

    • Align your reporting and analytics strategy with the business’ strategic objectives before you rebuild or buy your Business Intelligence platform.
    • Identify reporting and analytics objectives to inform the data warehouse and integration requirements gathering process.
    • Avoid common pitfalls that derail BI and analytic deployments and lower their adoption.
    • Identify Business Intelligence gaps prior to deployment and incorporate remedies within your plans.

    This Research Will Help Them:

    • Recruit the right resources for the program.
    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • Assess BI maturity and plan for target state.
    • Develop a BI strategy and roadmap.
    • Track the success of the BI initiative.

    Executive summary

    Situation:

    BI drives a new reality. Uber is the world’s largest taxi company and they own no vehicles; Alibaba is the world’s most valuable retailer and they have no inventory; Airbnb is the world’s largest accommodation provider and they own no real estate. How did they disrupt their markets and get past business entry barriers? A deep understanding of their market through impeccable business intelligence!

    Complication:

    • In respect to BI matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and Analytics strategy and is not a quick solution or a guarantee for long term success.

    Resolution:

    • Drive strategy development by establishing the business context upfront in order to align business intelligence providers with the most important needs of their BI consumers and the strategic priorities of the organization.
    • Revamp or create a BI strategy to update your BI program to make it fit for purpose.
    • Understand your existing BI baggage – e.g. your existing BI program, the artifacts generated from the program, and the users it supports. Those will inform the creation of the strategy and roadmap.
    • Assess current BI maturity and determine your future state BI maturity.
    • BI needs governance to ensure consistent planning, communication, and execution of the BI strategy.
    • Create a network of BI ambassadors across the organization to promote BI.
    • Plan for the future to ensure that required data will be available when the organization needs it.

    Info-Tech Insight

    1. Put the “B” back in BI. Don’t have IT doing BI for IT’s sake; ensure the voice and needs of the business are the primary drivers of your strategy.
    2. The BI strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    3. Go beyond the platform. The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Metrics to track BI & Analytical program progress

    Goals for BI:

    • Understand business context and needs. Identify business processes that can leverage BI.
    • Define the Reporting & Analytics Roadmap. Develop data initiatives, and create a strategy and roadmap for Business Intelligence.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking the BI Program

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Your Enterprise BI and Analytics Strategy is driven by your organization’s Vision and Corporate Strategy

    Formulating an Enterprise Reporting and Analytics Strategy requires the business vision and strategies to first be substantiated. Any optimization to the Data Warehouse, Integration and Source layer is in turn driven by the Enterprise Reporting and Analytics Strategy

    Flow chart showing 'Business Vision Strategies'

    The current state of your Integration and Warehouse platforms determine what data can be utilized for BI and Analytics

    Where we are, and how we got here

    How we got here

    • In the beginning was BI 1.0. Business intelligence began as an IT-driven centralized solution that was highly governed. Business users were typically the consumers of reports and dashboards created by IT, an analytics-trained minority, upon request.
    • In the last five to ten years, we have seen a fundamental shift in the business intelligence and analytics market, moving away from such large-scale, centralized IT-driven solutions focused on basic reporting and administration, towards more advanced user-friendly data discovery and visualization platforms. This has come to be known as BI 2.0.
    • Many incumbent market leaders were disrupted by the demand for more user-friendly business intelligence solutions, allowing “pure-play” BI software vendors to carve out a niche and rapidly expand into more enterprise environments.
    • BI-on-the-cloud has established itself as a solid alternative to in-house implementation and operation.

    Where we are now

    • BI 3.0 has arrived. This involves the democratization of data and analytics and a predominantly app-centric approach to BI, identifiable by an anywhere, anytime, and device-or-platform-independent collaborative methodology. Social workgroups and self-guided content creation, delivery, analysis, and management is prominent.
    • Where the need for reporting and dashboards remains, we’re seeing data discovery platforms fulfilling the needs of non-technical business users by providing easy-to-use interactive solutions to increase adoption across enterprises.
    • With more end users demanding access to data and the tools to extract business insights, IT is looking to meet these needs while continuing to maintain governance and administration over a much larger base of users. The race for governed data discovery is heated and will be a market differentiator.
    • The next kid on the block is Artificial Intelligence that put further demands on data quality and availability.

    RICOH Canada used this methodology to develop their BI strategy in consultation with their business stakeholders

    CASE STUDY

    Industry: Manufacturing and Retail

    Source: RICOH

    Ricoh Canada transforms the way people work with breakthrough technologies that help businesses innovate and grow. Its focus has always been to envision what the future will look like so that it can help its customers prepare for success. Ricoh empowers digital workplaces with a broad portfolio of services, solutions, and technologies – helping customers remove obstacles to sustained growth by optimizing the flow of information and automating antiquated processes to increase workplace productivity. In their commitment towards a customer-centric approach, Ricoh Canada recognized that BI and analytics can be used to inform business leaders in making strategic decisions.

    Enterprise BI and analytics Initiative

    Ricoh Canada enrolled in the ITRG Reporting & Analytics strategy workshop with the aim to create a BI strategy that will allow the business to harvest it strengths and build for the future. The workshop acted as a forum for the different business units to communicate, share ideas, and hear from each other what their pains are and what should be done to provide a full customer 360 view.

    Results

    “This workshop allowed us to collectively identify the various stakeholders and their unique requirements. This is a key factor in the development of an effective BI Analytics tool.” David Farrar

    The Customer 360 Initiative included the following components

    The Customer 360 Initiative includes the components shown in the image

    Improve BI Adoption Rates

    Graph showing Product Adoption Rates

    Sisense

    Reasons for low BI adoption

    • Employees that never used BI tools are slow to adopt new technology.
    • Lack of trust in data leads to lack of trust in the insights.
    • Complex data structures deter usage due to long learning curves and contained nuances.
    • Difficult to translate business requirements into tool linguistics due to lack of training or technical ineptness.
    • Business has not taken ownership of data, which affects access to data.

    How to foster BI adoption

    • Senior management proclaim data as a strategic asset and involved in the promotion of BI
    • Role Requirement that any business decision should be backed up by analytics
    • Communication of internal BI use case studies and successes
    • Exceptional data lineage to act as proof for the numbers
    • A Business Data glossary with clearly defined business terms. Use the Business Data Glossary in conjunction with data lineage and semantic layers to ensure that businesses are clearly defined and traced to sources.
    • Training in business to take ownership of data from inception to analytics.

    Why bother with analytics?

    In today’s ever-changing and global environment, organizations of every size need to effectively leverage their data assets to facilitate three key business drivers: customer intimacy, product/service innovation, and operational excellence. Plus, they need to manage their operational risk efficiently.

    Investing in a comprehensive business intelligence strategy allows for a multidimensional view of your organization’s data assets that can be operationalized to create a competitive edge:

    Historical Data

    Without a BI strategy, creating meaningful reports for business users that highlight trends in past performance and draw relationships between different data sources becomes a more complex task. Also, the ever growing need to identify and assess risks in new ways is driving many companies to BI.

    Data Democracy

    The core purpose of BI is to provide the right data, to the right users, at the right time, and in a format that is easily consumable and actionable. In developing a BI strategy, remember the driver for managed cross-functional access to data assets and features such as interactive dashboards, mobile BI, and self-service BI.

    Predictive and Big Data Analytics

    As the volume, variety, and velocity of data increases rapidly, businesses will need a strategy to outline how they plan to consume the new data in a manner that does not overwhelm their current capabilities and aligns with their desired future state. This same strategy further provides a foundation upon which organizations can transition from ad hoc reporting to using data assets in a codified BI platform for decision support.

    Business intelligence serves as the layer that translates data, information, and organizational knowledge into insights

    As executive decision making shifts to more fact-based, data-driven thinking, there is an urgent need for data assets to be organized and presented in a manner that enables immediate action.

    Typically, business decisions are based on a mix of intuition, opinion, emotion, organizational culture, and data. Though business users may be aware of its potential value in driving operational change, data is often viewed as inaccessible.

    Business intelligence bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed decision making.

    Most organizations realize that they need a BI strategy; it’s no longer a nice-to-have, it’s a must-have.

    – Albert Hui, Principal, Data Economist

    A triangle grapg depicting the layers of business itelligence

    Business intelligence and business analytics: what is the difference and should you care

    Ask 100 people and you will get 100 answers. We like the prevailing view that BI looks at today and backward for improving who we are, while BA is forward-looking to support change decisions.

    The image depicts a chart flowing from Time Past to Future. Business Intelligence joins with Business Analytics over the Present
    • Business intelligence is concerned with looking at present and historical data.
    • Use this data to create reports/dashboards to inform a wide variety of information consumers of the past and current state of affairs.
    • Almost all organizations, regardless of size and maturity, use some level of BI even if it’s just very basic reporting.
    • Business analytics, on the other hand, is a forward-facing use of data, concerned with the present to the future.
    • Analytics uses data to both describe the present, and more importantly, predict the future, enabling strategic business decisions.
    • Although adoption is rapidly increasing, many organizations still do not utilize any advanced analytics in their environment.

    However, establishing a strong business intelligence program is a necessary precursor to an organization’s development of its business analytics capabilities.

    Organizations that successfully grow their BI capabilities are reaping the rewards

    Evidence is piling up: if planned well, BI contributes to the organization’s bottom line.

    It’s expected that there will be nearly 45 billion connected devices and a 42% increase in data volume each year posing a high business opportunity for the BI market (BERoE, 2020).

    The global business intelligence market size to grow from US$23.1 billion in 2020 to US$33.3 billion by 2025, at a compound annual growth rate (CAGR) of 7.6% (Global News Wire, 2020)

    In the coming years, 69% of companies plan on increasing their cloud business intelligence usage (BARC Research and Eckerson Group Study, 2017).

    Call to Action

    Small organizations of up to 100 employees had the highest rate of business intelligence penetration last year (Forbes, 2018).

    Graph depicting business value from 0 months to more than 24 months

    Source: IBM Business Value, 2015

    For the New England Patriots, establishing a greater level of customer intimacy was driven by a tactical analytics initiative

    CASE STUDY

    Industry: Professional Sports

    Source Target Marketing

    Problem

    Despite continued success as a franchise with a loyal fan base, the New England Patriots experienced one of their lowest season ticket renewal rates in over a decade for the 2009 season. Given the numerous email addresses that potential and current season-ticket holders used to engage with the organization, it was difficult for Kraft Sports Group to define how to effectively reach customers.

    Turning to a Tactical Analytics Approach

    Kraft Sports Group turned to the customer data that it had been collecting since 2007 and chose to leverage analytics in order to glean insight into season ticket holder behavior. By monitoring and reporting on customer activity online and in attendance at games, Kraft Sports Group was able to establish that customer engagement improved when communication from the organization was specifically tailored to customer preferences and historical behavior.

    Results

    By operationalizing their data assets with the help of analytics, the Patriots were able to achieve a record 97% renewal rate for the 2010 season. KSG was able to take their customer engagement to the next level and proactively look for signs of attrition in season-ticket renewals.

    We're very analytically focused and I consider us to be the voice of the customer within the organization… Ultimately, we should know when renewal might not happen and be able to market and communicate to change that behavior.

    – Jessica Gelman,

    VP Customer Marketing and Strategy, Kraft Sports Group

    A large percentage of all BI projects fail to meet the organization’s needs; avoid falling victim to common pitfalls

    Tool Usage Pitfalls

    • Business units are overwhelmed with the amount and type of data presented.
    • Poor data quality erodes trust, resulting in a decline in usage.
    • Analysis performed for the sake of analysis and doesn’t focus on obtaining relevant business-driven insights.

    Selection Pitfalls

    • Inadequate requirements gathering.
    • No business involvement in the selection process.
    • User experience is not considered.
    • Focus is on license fees and not total cost.

    Implementation Pitfalls

    • Absence of upfront planning
    • Lack of change management to facilitate adoption of the new platform
    • No quick wins that establish the value of the project early on
    • Inadequate initial or ongoing training

    Strategic Pitfalls

    • Poor alignment of BI goals with organization goals
    • Absence of CSFs/KPIs that can measure the qualitative and quantitative success of the project
    • No executive support during or after the project

    BI pitfalls are lurking around every corner, but a comprehensive strategy drafted upfront can help your organization overcome these obstacles. Info-Tech’s approach to BI has involvement from the business units built right into the process from the start and it equips IT to interact with key stakeholders early and often.

    Only 62% of Big Data and AI projects in 2019 provided measurable results.

    Source: NewVantage Partners LLC

    Business and IT have different priorities for a BI tool

    Business executives look for:

    • Ease of use
    • Speed and agility
    • Clear and concise information
    • Sustainability

    IT professionals are concerned about:

    • Solid security
    • Access controls on data
    • Compliance with regulations
    • Ease of integration

    Info-Tech Insight

    Combining these priorities will lead to better tool selection and more synergy.

    Elizabeth Mazenko

    The top-down BI Opportunity Analysis is a tool for senior executives to discover where Business Intelligence can provide value

    The image is of a top-down BI Opportunity Analysis.

    Example: Uncover BI opportunities with an opportunity analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams (2016)

    Bridge the gap between business drivers and business intelligence features with a three-tiered framework

    Info-Tech’s approach to formulating a fit-for-purpose BI strategy is focused on making the link between factors that are the most important to the business users and the ways that BI providers can enable those consumers.

    Drivers to Establish Competitive Advantage

    • Operational Excellence
    • Client Intimacy
    • Innovation

    BI and Analytics Spectrum

    • Strategic Analytics
    • Tactical Analytics
    • Operational Analytics

    Info-Tech’s BI Patterns

    • Delivery
    • User Experience
    • Deep Analytics
    • Supporting

    This is the content for Layout H3 Tag

    Though business intelligence is primarily thought of as enabling executives, a comprehensive BI strategy involves a spectrum of analytics that can provide data-driven insight to all levels of an organization.

    Recommended

    Strategic Analytics

    • Typically focused on predictive modeling
    • Leverages data integrated from multiple sources (structured through unstructured)
    • Assists in identifying trends that may shift organizational focus and direction
    • Sample objectives:
      • Drive market share growth
      • Identify new markets, products, services, locations, and acquisitions
      • Build wider and deeper customer relationships earning more wallet share and keeping more customers

    Tactical Analytics

    • Often considered Response Analytics and used to react to situations that arise, or opportunities at a department level.
    • Sample objectives:
      • Staff productivity or cost analysis
      • Heuristics/algorithms for better risk management
      • Product bundling and packaging
      • Customer satisfaction response techniques

    Operational Analytics

    • Analytics that drive business process improvement whether internal, with external partners, or customers.
    • Sample objectives:
      • Process step elimination
      • Best opportunities for automation

    Business Intelligence Terminology

    Styles of BI New age BI New age data Functional Analytics Tools
    Reporting Agile BI Social Media data Performance management analytics Scorecarding dashboarding
    Ad hoc query SaaS BI Unstructured data Financial analytics Query & reporting
    Parameterized queries Pervasive BI Mobile data Supply chain analytics Statistics & data mining
    OLAP Cognitive Business Big data Customer analytics OLAP cubes
    Advanced analytics Self service analytics Sensor data Operations analytics ETL
    Cognitive business techniques Real-time Analytics Machine data HR Analytics Master data management
    Scorecards & dashboards Mobile Reporting & Analytics “fill in the blanks” analytics Data Governance

    Williams (2016)

    "BI can be confusing and overwhelming…"

    – Dirk Coetsee,

    Research Director,

    Info-Tech Research Group

    Business intelligence lies in the Information Dimensions layer of Info-Tech’s Data Management Framework

    The interactions between the information dimensions and overlying data management enablers such as data governance, data architecture, and data quality underscore the importance of building a robust process surrounding the other data practices in order to fully leverage your BI platform.

    Within this framework BI and analytics are grouped as one lens through which data assets at the business information level can be viewed.

    The image is the Information Dimensions layer of Info-Tech’s Data Management Framework

    Use Info-Tech’s three-phase approach to a Reporting & Analytics strategy and roadmap development

    Project Insight

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to effectively enable business decision making. Develop a reporting and analytics strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current reporting and analytical capabilities.

    Phase 1: Understand the Business Context and BI Landscape Phase 2: Evaluate Your Current BI Practice Phase 3: Create a BI Roadmap for Continuous Improvement
    1.1 Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    2.1 Assess Your Current BI Maturity
    • BI Practice Assessment
    • Summary of Current State
    3.1 Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • RACI
    • BI Strategy and Roadmap
    1.2 Assess Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    2.2 Envision BI Future State
    • BI Style Requirements
    • BI Practice Assessment
    3.2 Plan for Continuous Improvement
    • Excel/Access Governance Policy
    • BI Ambassador Network Draft
    1.3 Develop BI Solution Requirements
    • Requirements Gathering Principles
    • Overall BI Requirements

    Stand on the shoulders of Information Management giants

    As part of our research process, we leveraged the frameworks of COBIT5, Mike 2.0, and DAMA DMBOK2. Contextualizing business intelligence within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas.

    The DMBOK2 Data Management framework by the Data Asset Management Association (DAMA) provided a starting point for our classification of the components in our IM framework.

    Mike 2.0 is a data management framework that helped guide the development of our framework through its core solutions and composite solutions.

    The Cobit 5 framework and its business enablers were used as a starting point for assessing the performance capabilities of the different components of information management, including business intelligence.

    Info-Tech has a series of deliverables to facilitate the evolution of your BI strategy

    BI Strategy Roadmap Template

    BI Practice Assessment Tool

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Executive Presentation Template

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Reporting and Analytics Strategy – Project Overview

    1. Understand the Business Context and BI Landscape 2. Evaluate the Current BI Practice 3. Create a BI Roadmap for Continuous Improvement
    Best-Practice Toolkit

    1.1 Document overall business vision, mission, industry drivers, and key objectives; assemble a project team

    1.2 Collect in-depth information around current BI usage and BI user perception

    1.3 Create requirements gathering principles and gather requirements for a BI platform

    2.1 Define current maturity level of BI practice

    2.2 Envision the future state of your BI practice and identify desired BI patterns

    3.1 Build overall BI improvement initiatives and create a BI improvement roadmap

    3.2 Identify supplementary initiatives for enhancing your BI program

    Guided Implementations
    • Discuss Info-Tech’s approach for using business information to drive BI strategy formation
    • Review business context and discuss approaches for conducting BI usage and user analyses
    • Discuss strategies for BI requirements gathering
    • Discuss BI maturity model
    • Review practice capability gaps and discuss potential BI patterns for future state
    • Discuss initiative building
    • Review completed roadmap and next steps
    Onsite Workshop Module 1:

    Establish Business Vision and Understand the Current BI Landscape

    Module 2:

    Evaluate Current BI Maturity Identify the BI Patterns for the Future State

    Module 3:

    Build Improvement Initiatives and Create a BI Development Roadmap

    Phase 1 Outcome:
    • Business context
    • Project team
    • BI usage information, user perception, and new BI requirements
    Phase 2 Outcome:
    • Current and future state assessment
    • Identified BI patterns
    Phase 3 Outcome:
    • BI improvement strategy and initiative roadmap

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Understand Business Context and Structure the Project

    1.1 Make the case for a BI strategy refresh.

    1.2 Understand business context.

    1.3 Determine high-level ROI.

    1.4 Structure the BI strategy refresh project.

    Understand Existing BI and Revisit Requirements

    2.1 Understand the usage of your existing BI.

    2.2 Gather perception of the current BI users.

    2.3 Document existing information artifacts.

    2.4 Develop a requirements gathering framework.

    2.5 Gather requirements.

    Revisit Requirements and Current Practice Assessment

    3.1 Gather requirements.

    3.2 Determine BI Maturity Level.

    3.3 Perform a SWOT for your existing BI program.

    3.4 Develop a current state summary.

    Roadmap Develop and Plan for Continuous Improvements

    5.1 Develop BI strategy.

    5.2 Develop a roadmap for the strategy.

    5.3 Plan for continuous improvement opportunities.

    5.4 Develop a re-strategy plan.

    Deliverables
    1. Business and BI Vision, Goals, Key Drivers
    2. Business Case Presentation
    3. High-Level ROI
    4. Project RACI
    1. BI Perception Survey
    2. BI Requirements Gathering Framework
    3. BI User Stories and Requirements
    1. BI User Stories and Requirements
    2. BI SWOT for your Current BI Program
    3. BI Maturity Level
    4. Current State Summary
    1. BI Strategy
    2. Roadmap accompanying the strategy with timeline
    3. A plan for improving BI
    4. Strategy plan

    Phase 2

    Understand the Business Context and BI Landscape

    Build a Reporting and Analytics Strategy

    Phase 1 overview

    Detailed Overview

    Step 1: Establish the business context in terms of business vision, mission, objectives, industry drivers, and business processes that can leverage Business Intelligence

    Step 2: Understand your BI Landscape

    Step 3: Understand business needs

    Outcomes

    • Clearly articulated high-level mission, vision, and key drivers from the business, as well as objectives related to business intelligence.
    • In-depth documentation regarding your organization’s BI usage, user perception, and outputs.
    • Consolidated list of requirements, existing and desired, that will direct the deployment of your BI solution.

    Benefits

    • Align business context and drivers with IT plans for BI and Analytics improvement.
    • Understand your current BI ecosystem’s performance.

    Understand your business context and BI landscape

    Phase 1 Overarching Insight

    The closer you align your new BI platform to real business interests, the stronger the buy-in, realized value, and groundswell of enthusiastic adoption will be. Get this phase right to realize a high ROI on your investment in the people, processes, and technology that will be your next generation BI platform.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Track these metrics to measure your progress through Phase 1

    Goals for Phase 1:

    • Understand the business context. Determine if BI can be used to improve business outcomes by identifying benefits, costs, opportunities, and gaps.
    • Understand your existing BI. Plan your next generation BI based on a solid understanding of your existing BI.
    • Identify business needs. Determine the business processes that can leverage BI and Analytics.

    Info-Tech’s Suggested Metrics for Tracking Phase 1 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Monetary ROI
    • Quality of the ROI
    • # of user cases, benefits, and costs quantified
    Derive the number of the use cases, benefits, and costs in the scoping. Ask business SMEs to verify the quality. High-quality ROI studies are created for at least three use cases
    Response Rate of the BI Perception Survey Sourced from your survey delivery system Aim for 40% response rate
    # of BI Reworks Sourced from your project management system Reduction of 10% in BI reworks

    Intangible Metrics:

    1. Executives’ understanding of the BI program and what BI can do for the organization.
    2. Improved trust between IT and the business by re-opening the dialogue.
    3. Closer alignment with the organization strategy and business plan leading to higher value delivered.
    4. Increased business engagement and input into the Analytics strategy.

    Use advisory support to accelerate your completion of Phase 1 activities

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Understand the Business Context and BI Landscape

    Proposed Time to Completion: 2-4 weeks

    Step 1.0: Assemble Your Project Team

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s viewpoint and definitions of business intelligence.
    • Discuss the project sponsorship, ideal team members and compositions.

    Then complete these activities…

    • Identify a project sponsor and the project team members.

    Step 1.1: Understand Your Business Context

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s approach to BI strategy development around using business information as the key driver.

    Then complete these activities…

    • Detail the business context (vision, mission, goals, objectives, etc.).
    • Establish business–IT alignment for your BI strategy by detailing the business context.

    Step 1.2: Establish the Current BI Landscape

    Review findings with analyst:

    • Review the business context outputs from Step 1.1 activities.
    • Review Info-Tech’s approach for documenting your current BI landscape.
    • Review the findings of your BI landscape.

    Then complete these activities…

    • Gather information on current BI usage and perform a BI artifact inventory.
    • Construct and conduct a user perception survey.

    With these tools & templates:

    BI Strategy and Roadmap Template

    Step 1.0

    Assemble the Project Team

    Select a BI project sponsor

    Info-Tech recommends you select a senior executive with close ties to BI be the sponsor for this project (e.g. CDO, CFO or CMO). To maximize the chance of success, Info-Tech recommends you start with the CDO, CMO, CFO, or a business unit (BU) leader who represents strategic enterprise portfolios.

    Initial Sponsor

    CFO or Chief Risk Officer (CRO)

    • The CFO is responsible for key business metrics and cost control. BI is on the CFO’s radar as it can be used for both cost optimization and elimination of low-value activity costs.
    • The CRO is tasked with the need to identify, address, and when possible, exploit risk for business security and benefit.
    • Both of these roles are good initial sponsors but aren’t ideal for the long term.

    CDO or a Business Unit (BU) Leader

    • The CDO (Chief Data Officer) is responsible for enterprise-wide governance and utilization of information as an asset via data processing, analysis, data mining, information trading, and other means, and is the ideal sponsor.
    • BU leaders who represent a growth engine for a company look for ways to mine BI to help set direction.

    Ultimate Sponsor

    CEO

    • As a the primary driver of enterprise-wide strategy, the CEO is the ideal evangelist and project sponsor for your BI strategy.
    • Establishing a CEO–CIO partnership helps elevate IT to the level of a strategic partner, as opposed to the traditional view that IT’s only job is to “keep the lights on.”
    • An endorsement from the CEO may make other C-level executives more inclined to work with IT and have their business unit be the starting point for growing a BI program organically.

    "In the energy sector, achieving production KPIs are the key to financial success. The CFO is motivated to work with IT to create BI applications that drive higher revenue, identify operational bottlenecks, and maintain gross margin."

    – Yogi Schulz, Partner, Corvelle Consulting

    Select a BI project team

    Create a project team with the right skills, experience, and perspectives to develop a comprehensive strategy aligned to business needs.

    You may need to involve external experts as well as individuals within the organization who have the needed skills.

    A detailed understanding of what to look for in potential candidates is essential before moving forward with your BI project.

    Leverage several of Info-Tech’s Job Description Templates to aid in the process of selecting the right people to involve in constructing your BI strategy.

    Roles to Consider

    Business Stakeholders

    Business Intelligence Specialist

    Business Analyst

    Data Mining Specialist

    Data Warehouse Architect

    Enterprise Data Architect

    Data Steward

    "In developing the ideal BI team, your key person to have is a strong data architect, but you also need buy-in from the highest levels of the organization. Buy-in from different levels of the organization are indicators of success more than anything else."

    – Rob Anderson, Database Administrator and BI Manager, IT Research and Advisory Firm

    Create a RACI matrix to clearly define the roles and responsibilities for the parties involved

    A common project management pitfall for any endeavour is unclear definition of responsibilities amongst the individuals involved.

    As a business intelligence project requires a significant amount of back and forth between business and IT – bridged by the BI Steering Committee – clear guidelines at the project outset with a RACI chart provide a basic framework for assigning tasks and lines of communication for the later stages.

    Responsible Accountable Consulted Informed

    Obtaining Buy-in Project Charter Requirements Design Development Program Creation
    BI Steering Committee A C I I I C
    Project Sponsor - C I I I C
    Project Manager - R A I I C
    VP of BI R I I I I A
    CIO A I I I I R
    Business Analyst I I R C C C
    Solution Architect - - C A C C
    Data Architect - - C A C C
    BI Developer - - C C R C
    Data Steward - - C R C C
    Business SME C C C C C C

    Note: This RACI is an example of how role expectations would be broken down across the different steps of the project. Develop your own RACI based on project scope and participants.

    STEP 1.1

    Understand Your Business Context and Structure the Project

    Establish business–IT alignment for your BI strategy by detailing the business context

    Step Objectives

    • Engage the business units to find out where users need BI enablement.
    • Ideate preliminary points for improvement that will further business goals and calculate their value.

    Step Activities

    1.1.1 Craft the vision and mission statements for the Analytics program using the vision, mission, and strategies of your organization as basis.

    1.1.2 Articulate program goals and objectives

    1.1.3 Determine business differentiators and key drivers

    1.1.4 Brainstorm BI-specific constraints and improvement objectives

    Outcomes

    • Clearly articulated business context that will provide a starting point for formulating a BI strategy
    • High-level improvement objectives and ROI for the overall project
    • Vision, mission, and objectives of the analytics program

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    • Project Manager
    • Project Team
    • Relevant Business Stakeholders and Subject Matter Experts

    Transform the way the business makes decisions

    Your BI strategy should enable the business to make fast, effective, and comprehensive decisions.

    Fast Effective Comprehensive
    Reduce time spent on decision-making by designing a BI strategy around information needs of key decision makers. Make the right data available to key decision makers. Make strategic high-value, impactful decisions as well as operational decisions.

    "We can improve BI environments in several ways. First, we can improve the speed with which we create BI objects by insisting that the environments are designed with flexibility and adaptability in mind. Second, we can produce higher quality deliverables by ensuring that IT collaborate with the business on every deliverable. Finally, we can reduce the costs of BI by giving access to the environment to knowledgeable business users and encouraging a self-service function."

    – Claudia Imhoff, Founder, Boulder BI Brain Trust, Intelligent Solutions Inc.

    Assess needs of various stakeholders using personas

    User groups/user personas

    Different users have different consumption and usage patterns. Categorize users into user groups and visualize the usage patterns. The user groups are the connection between the BI capabilities and the users.

    User groups Mindset Usage Pattern Requirements
    Front-line workers Get my job done; perform my job quickly. Reports (standard reports, prompted reports, etc.) Examples:
    • Report bursting
    • Prompted reports
    Analysts I have some ideas; I need data to validate and support my ideas. Dashboards, self-service BI, forecasting/budgeting, collaboration Examples:
    • Self-service datasets
    • Data mashup capability
    Management I need a big-picture view and yet I need to play around with the data to find trends to drive my business. Dashboards, scorecards, mobile BI, forecasting/budgeting Examples:
    • Multi-tab dashboards
    • Scorecard capability
    Data scientists I need to combine existing data, as well as external or new, unexplored data sources and types to find nuggets in the data. Data mashup, connections to data sources Examples:
    • Connectivity to big data
    • Social media analyses

    The pains of inadequate BI are felt across the entire organization – and land squarely on the shoulders of the CIO

    Organization:

    • Insufficient information to make decisions.
    • Unable to measure internal performance.
    • Losses incurred from bad decisions or delayed decisions.
    • Canned reports fail to uncover key insights.
    • Multiple versions of information exist in silos.

    IT Department

    • End users are completely dependent on IT for reports.
    • Ad hoc BI requests take time away from core duties.
    • Spreadsheet-driven BI is overly manual.
    • Business losing trust in IT.

    CIO

    • Under great pressure and has a strong desire to improve BI.
    • Ad hoc BI requests are consuming IT resources and funds.
    • My organization finds value in using data and having decision support to make informed decisions.

    The overarching question that needs to be continually asked to create an effective BI strategy is:

    How do I create an environment that makes information accessible and consumable to users, and facilitates a collaborative dialogue between the business and IT?

    Pre-requisites for success

    Prerequisite #1: Secure Executive Sponsorship

    Sponsorship of BI that is outside of IT and at the highest levels of the organization is essential to the success of your BI strategy. Without it, there is a high chance that your BI program will fail. Note that it may not be an epic fail, but it is a subtle drying out in many cases.

    Prerequisite #2: Understand Business Context

    Providing the right tools for business decision making doesn’t need to be a guessing game if the business context is laid as the project foundation and the most pressing decisions serve as starting points. And business is engaged in formulating and executing the strategy.

    Prerequisite #3: Deliver insights that lead to action

    Start with understanding the business processes and where analytics can improve outcomes. “Think business backwards, not data forward.” (McKinsey)

    11 reasons BI projects fail

    Lack of Executive support

    Old Technology

    Lack of business support

    Too many KPIs

    No methodology for gathering requirements

    Overly long project timeframes

    Bad user experience

    Lack of user adoption

    Bad data

    Lack of proper human resources

    No upfront definition of true ROI

    Mico Yuk, 2019

    Make it clear to the business that IT is committed to building and supporting a BI platform that is intimately tied to enabling changing business objectives.

    Leverage Info-Tech’s BI Strategy and Roadmap Template to accelerate BI planning

    How to accelerate BI planning using the template

    1. Prepopulated text that you can use for your strategy formulation:
    2. Prepopulated text that can be used for your strategy formulation
    3. Sample bullet points that you can pick and choose from:
    4. Sample bullet points to pick and choose from

    Document the BI program planning in Info-Tech’s

    BI Strategy and Roadmap Template.

    Activity: Describe your organization’s vision and mission

    1.1.1

    30-40 minutes

    Compelling vision and mission statements will help guide your internal members toward your company’s target state. These will drive your business intelligence strategy.

    1. Your vision clearly represents where your organization aspires to be in the future and aligns the entire organization. Write down a future-looking, inspirational, and realizable vision in one concise statement. Consider:
    • “Five years from now, our business will be _______.”
    • What do we want to do tomorrow? For whom? What is the benefit?
  • Your mission tells why your organization currently exists and clearly expresses how it will achieve your vision for the future. Write down a mission statement in one clear and concise paragraph consisting of, at most, five sentences. Consider:
    • Why does the business exist? What problems does it solve? Who are its customers?
    • How does the business accomplish strategic tasks or reach its target?
  • Reconvene stakeholders to share ideas and develop one concise vision statement and mission statement. Focus on clarity and message over wording.
  • Input

    • Business vision and mission statements

    Output

    • Alignment and understanding on business vision

    Materials

    Participants

    • BI project lead
    • Executive business stakeholders

    Info-Tech Insight

    Adjust your statements until you feel that you can elicit a firm understanding of both your vision and mission in three minutes or less.

    Formulating an Enterprise BI and Analytics Strategy: Top-down BI Opportunity analysis

    Top-down BI Opportunity analysis

    Example of deriving BI opportunities using BI Opportunity Analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams 2016

    Get your organization buzzing about BI – leverage Info-Tech’s Executive Brief as an internal marketing tool

    Two key tasks of a project sponsor are to:

    1. Evangelize the realizable benefits of investing in a business intelligence strategy.
    2. Help to shift the corporate culture to one that places emphasis on data-driven insight.

    Arm your project sponsor with our Executive Brief for this blueprint as a quick way to convey the value of this project to potential stakeholders.

    Bolster this presentation by adding use cases and metrics that are most relevant to your organization.

    Develop a business framework

    Identifying organizational goals and how data can support those goals is key to creating a successful BI & Analytical strategy. Rounding out the business model with technology drivers, environmental factors (as described in previous steps), and internal barriers and enablers creates a holistic view of Business Intelligence within the context of the organization as a whole.

    Through business engagement and contribution, the following holistic model can be created to understand the needs of the business.

    business framework holistic model

    Activity: Describe the Industry Drivers and Organization strategy to mitigate the risk

    1.1.2

    30-45 minutes

    Industry drivers are external influencers that has an effect on a business such as economic conditions, competitor actions, trade relations, climate etc. These drivers can differ significantly by industry and even organizations within the same industry.

    1. List the industry drivers that influences your organization:
    • Public sentiment in regards to energy source
    • Rising cost of raw materials due to increase demand
  • List the company strategies, goals, objectives to counteract the external influencers:
    • Change production process to become more energy efficient
    • Win at customer service
  • Identify the value disciplines :
    • Strategic cost management
    • Operational Excellence
  • List the core process that implements the value disciplines :
    • Purchasing
    • Sales
  • Identify the BI Opportunities:
    • Cost and financial analysis
    • Customer service analysis

    Input

    • Industry drivers

    Output

    • BI Opportunities that business can leverage

    Materials

    • Industry driver section in the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive business stakeholders

    Understand BI and analytics drivers and organizational objectives

    Environmental Factors Organizational Goals Business Needs Technology Drivers
    Definition External considerations are factors taking place outside the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business. Organizational drivers can be thought of as business-level metrics. These are tangible benefits the business can measure, such as customer retention, operation excellence, and/or financial performance. A requirement that specifies the behavior and the functions of a system. Technology drivers are technological changes that have created the need for a new BI solution. Many organizations turn to technology systems to help them obtain a competitive edge.
    Examples
    • Economy and politics
    • Laws and regulations
    • Competitive influencers
    • Time to market
    • Quality
    • Delivery reliability
    • Audit tracking
    • Authorization levels
    • Business rules
    • Deployment in the cloud
    • Integration
    • Reporting capabilities

    Activity: Discuss BI/Analytics drivers and organizational objectives

    1.1.3

    30-45 minutes

    1. Use the industry drivers and business goals identified in activity 1.1.2 as a starting point.
    2. Understand how the company runs today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard and markers to capture key findings.
    3. Take into account External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.
    External Considerations Organizational Drivers Technology Considerations Functional Requirements
    • Funding Constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Information Availability
    • Integration Between Systems
    • Secure Data

    Identify challenges and barriers to the BI project

    There are several factors that may stifle the success of a BI implementation. Scan the current environment to identify internal barriers and challenges to identify potential challenges so you can meet them head-on.

    Common Internal Barriers

    Management Support
    Organizational Culture
    Organizational Structure
    IT Readiness
    Definition The degree of management understanding and acceptance towards BI solutions. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for a new BI solution.
    Questions
    • Is a BI project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Poor implementation
    • Reliance on consultants

    Activity: Discuss BI/Analytics challenges and pain points

    1.1.4

    30-45 minutes

    1. Identify challenges with the process identified in step 1.1.2.
    2. Brainstorm potential barriers to successful BI implementation and adoption. Use a whiteboard and marker to capture key findings.
    3. Consider Functional Gaps, Technical Gaps, Process Gaps, and Barriers to BI Success.
    Functional Gaps Technical Gaps Process Gaps Barriers to Success
    • No online purchase order requisition
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Activity: Discuss opportunities and benefits

    1.1.5

    30-45 minutes

    1. Identify opportunities and benefits from an integrated system.
    2. Brainstorm potential enablers for successful BI implementation and adoption. Use a whiteboard and markers to capture key findings.
    3. Consider Business Benefits, IT Benefits, Organizational Benefits, and Enablers of BI success.
    Business Benefits IT Benefits Organizational Benefits Enablers of Success
    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Change management
    • Training
    • Alignment to strategic objectives

    Your organization’s framework for Business Intelligence Strategy

    Blank organization framework for Business Intelligence Strategy

    Example: Business Framework for Data & Analytics Strategy

    The following diagram represents [Client]’s business model for BI and data. This holistic view of [Client]’s current environment serves as the basis for the generation of the business-aligned Data & Analytics Strategy.

    The image is an example of Business Framework for Data & Analytics Strategy.

    Info-Tech recommends balancing a top-down approach with bottom up for building your BI strateg

    Taking a top-down approach will ensure senior management’s involvement and support throughout the project. This ensures that the most critical decisions are supported by the right data/information, aligning the entire organization with the BI strategy. Furthermore, the gains from BI will be much more significant and visible to the rest of the organization.

    Two charts showing the top-down and bottom-up approach.

    Far too often, organizations taking a bottom-up approach to BI will fail to generate sufficient buy-in and awareness from senior management. Not only does a lack of senior involvement result in lower adoption from the tactical and operational levels, but more importantly, it also means that the strategic decision makers aren’t taking advantage of BI.

    Estimate the ROI of your BI and analytics strategy to secure executive support

    The value of creating a new strategy – or revamping an existing one – needs to be conveyed effectively to a high-level stakeholder, ideally a C-level executive. That executive buy-in is more likely to be acquired when effort has been made to determine the return on investment for the overall initiative.

    1. Business Impacts
      New revenue
      Cost savings
      Time to market
      Internal Benefits
      Productivity gain
      Process optimization
      Investment
      People – employees’ time, external resources
      Data – cost for new datasets
      Technology – cost for new technologies
    2. QuantifyCan you put a number or a percentage to the impacts and benefits? QuantifyCan you estimate the investments you need to put in?
    3. TranslateTranslate the quantities into dollar value
    4. The image depicts an equation for ROI estimate

    Example

    One percent increase in revenue; three more employees $225,000/yr, $150,000/yr 50%

    Activity: Establish a high-level ROI as part of an overall use case for developing a fit-for-purpose BI strategy

    1.1.6

    1.5 hours

    Communicating an ROI that is impactful and reasonable is essential for locking in executive-level support for any initiative. Use this activity as an initial touchpoint to bring business and IT perspectives as part of building a robust business case for developing your BI strategy.

    1. Revisit the business context detailed in the previous sections of this phase. Use priority objectives to identify use case(s), ideally where there are easily defined revenue generators/cost reductions (e.g. streamlining the process of mailing physical marketing materials to customers).
    2. Assign research tasks around establishing concrete numbers and dollar values.
    • Have a subject matter expert weigh in to validate your figures.
    • When calculating ROI, consider how you might leverage BI to create opportunities for upsell, cross-sell, or increased customer retention.
  • Reconvene the stakeholder group and discuss your findings.
    • This is the point where expectation management is important. Separate the need-to-haves from the nice-to-haves.

    Emphasize that ROI is not fully realized after the first implementation, but comes as the platform is built upon iteratively and in an integrated fashion to mature capabilities over time.

    Input

    • Vision statement
    • Mission statement

    Output

    • Business differentiators and key drivers

    Materials

    • Benefit Cost Analysis section of the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive IT & business stakeholders

    An effective BI strategy positions business intelligence in the larger data lifecycle

    In an effort to keep users satisfied, many organizations rush into implementing a BI platform and generating reports for their business users. BI is, first and foremost, a presentation layer; there are several stages in the data lifecycle where the data that BI visualizes can be compromised.

    Without paying the appropriate amount of attention to the underlying data architecture and application integration, even the most sophisticated BI platforms will fall short of providing business users with a holistic view of company information.

    Example

    In moving away from single application-level reporting, a strategy around data integration practices and technology is necessary before the resultant data can be passed to the BI platform for additional analyses and visualization.

    BI doesn’t exist in a vacuum – develop an awareness of other key data management practices

    As business intelligence is primarily a presentation layer that allows business users to visualize data and turn information into actionable decisions, there are a number of data management practices that precede BI in the flow of data.

    Data Warehousing

    The data warehouse structures source data in a manner that is more operationally focused. The Reporting & Analytics Strategy must inform the warehouse strategy on data needs and building a data warehouse to meet those needs.

    Data Integration, MDM & RDM

    The data warehouse is built from different sources that must be integrated and normalized to enable Business Intelligence. The Info-Tech integration and MDM blueprints will guide with their implementation.

    Data Quality

    A major roadblock to building an effective BI solution is a lack of accurate, timely, consistent, and relevant data. Use Info-Tech’s blueprint to refine your approach to data quality management.

    Data quality, poor integration/P2P integration, poor data architecture are the primary barriers to truly leveraging BI, and a lot of companies haven’t gotten better in these areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Building consensus around data definitions across business units is a critical step in carrying out a BI strategy

    Business intelligence is heavily reliant on the ability of an organization to mesh data from different sources together and create a holistic and accurate source of truth for users.

    Useful analytics cannot be conducted if your business units define key business terms differently.

    Example

    Finance may label customers as those who have transactional records with the organization, but Marketing includes leads who have not yet had any transactions as customers. Neglecting to note these seemingly small discrepancies in data definition will undermine efforts to combine data assets from traditionally siloed functional units.

    In the stages prior to implementing any kind of BI platform, a top priority should be establishing common definitions for key business terms (customers, products, accounts, prospects, contacts, product groups, etc.).

    As a preliminary step, document different definitions for the same business terms so that business users are aware of these differences before attempting to combine data to create custom reports.

    Self-Assessment

    Do you have common definitions of business terms?

    • If not, identify common business terms.
    • At the very least, document different definitions of the same business terms so the corporate can compare and contrast them.

    STEP 1.2

    Assess the Current BI Landscape

    Establish an in-depth understanding of your current BI landscape

    Step Objectives

    • Inventory and assess the state of your current BI landscape
    • Document the artifacts of your BI environment

    Step Activities

    1.2.1 Analyze the usage levels of your current BI programs/platform

    1.2.2 Perform a survey to gather user perception of your current BI environment

    1.2.3 Take an inventory of your current BI artifacts

    Outcomes

    • Summarize the qualitative and quantitative performance of your existing BI environment
    • Understand the outputs coming from your BI sources

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Understand your current BI landscape before you rationalize

    Relying too heavily on technology as the sole way to solve BI problems results in a more complex environment that will ultimately frustrate business users. Take the time to thoroughly assess the current state of your business intelligence landscape using a qualitative (user perception) and quantitative (usage statistics) approach. The insights and gaps identified in this step will serve as building blocks for strategy and roadmap development in later phases.

    Phase 1

    Current State Summary of BI Landscape

    1.2.1 1.2.2 1.2.3 1.2.4
    Usage Insights Perception Insights BI Inventory Insights Requirements Insights

    PHASE 2

    Strategy and Roadmap Formulation

    Gather usage insights to pinpoint the hot spots for BI usage amongst your users

    Usage data reflects the consumption patterns of end users. By reviewing usage data, you can identify aspects of your BI program that are popular and those that are underutilized. It may present some opportunities for trimming some of the underutilized content.

    Benefits of analyzing usage data:

    • Usage is a proxy for popularity and usability of the BI artifacts. The popular content should be kept and improved in your next generation BI.
    • Usage information provides insight on what, when, where, and how much users are consuming BI artifacts.
    • Unlike methods such as user interviews and focus groups, usage information is fact based and is not subject to peer pressure or “toning down.”

    Sample Sources of Usage Data:

    1. Usage reports from your BI platform Many BI platforms have out-of-the-box usage reports that log and summarize usage data. This is your ideal source for usage data.
    2. Administrator console in your BI platformBI platforms usually have an administrator console that allows BI administrators to configure settings and to monitor activities that include usage. You may obtain some usage data in the console. Note that the usage data is usually real-time in nature, and you may not have access to a historical view of the BI usage.

    Info-Tech Insight

    Don’t forget some of the power users. They may perform analytics by accessing datasets directly or with the help of a query tool (even straight SQL statements). Their usage information is important. The next generation BI should provide consumption options for them.

    Accelerate the process of gathering user feedback with Info-Tech’s Application Portfolio Assessment (APA)

    In an environment where multiple BI tools are being used, discovering what works for users and what doesn’t is an important first step to rationalizing the BI landscape.

    Info-Tech’s Application Portfolio Assessment allows you to create a custom survey based on your current applications, generate a custom report that will help you visualize user satisfaction levels, and pinpoint areas for improvement.

    Activity: Review and analyze usage data

    1.2.1

    2 hours

    This activity helps you to locate usage data in your existing environment. It also helps you to review and analyze usage data to come up with a few findings.

    1. Get to the usage source. You may obtain usage data from one of the below options. Usage reports are your ideal choice, followed by some alternative options:
    2. a. Administrator console – limited to real-time or daily usage data. You may need to track usage data over for several days to identify patterns.

      b. Info-Tech’s Application Portfolio Assessment (APA).

      c. Other – be creative. Some may use an IT usage monitoring system or web analytics to track time users spent on the BI portal.

    3. Develop categories for classifying the different sources of usage data in your current BI environment. Use the following table as starting point for creating these groups:

    This is the content for Layout H4 Tag

    By Frequency Real Time Daily Weekly Yearly
    By Presentation Format Report Dashboard Alert Scorecard
    By Delivery Web portal Excel PDF Mobile application

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Activity: Review and analyze usage (cont.)

    1.2.1

    2 hours

    3. Sort your collection of BI artifacts by usage. Discuss some of the reasons why some content is popular whereas some has no usage at all.

    Popular BI Artifacts – Discuss improvements, opportunities and new artifacts

    Unpopular BI Artifacts – Discuss retirement, improvements, and realigning information needs

    4. Summarize your findings in the Usage Insights section of the BI Strategy and Roadmap Template.

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Gather perception to understand the existing BI users

    In 1.2.1, we gathered the statistics for BI usage; it’s the hard data telling who uses what. However, it does not tell you the rationale, or the why, behind the usage. Gathering user perception and having conversations with your BI consumers is the key to bridging the gap.

    User Perception Survey

    Helps you to:

    1. Get general insights on user perception
    2. Narrow down to selected areas

    User Interviews

    Perception can be gathered by user interviews and surveys. Conducting user interviews takes time so it is a good practice to get some primary insights via survey before doing in-depth interviews in selected areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Define problem statements to create proof-of-concept initiatives

    Info-Tech’s Four Column Model of Data Flow

    Find a data-related problem or opportunity

    Ask open-ended discovery questions about stakeholder fears, hopes, and frustrations to identify a data-related problem that is clear, contained, and fixable. This is then to be written as a problem/opportunity statement.

    1. Fear: What is the number one risk you need to alleviate?
    2. Hope: What is the number one opportunity you wish to realize?
    3. Frustration: What is the number one annoying pet peeve you wish to scratch?
    4. Next, gather information to support a problem/opportunity statement:

    5. What are your challenges in performing the activity or process today?
    6. What does amazing look like if we solve this perfectly?
    7. What other business activities/processes will be impacted/improved if we solve this?
    8. What compliance/regulatory/policy concerns do we need to consider in any solution?
    9. What measures of success/change should we use to prove value of the effort (KPIs/ROI)?
    10. What are the steps in the process/activity?
    11. What are the applications/systems used at each step and from step to step?
    12. What data elements are created, used, and/or transformed at each step?

    Leverage Info-Tech’s BI survey framework to initiate a 360° perception survey

    Info-Tech has developed a BI survey framework to help existing BI practices gather user perception via survey. The framework is built upon best practices developed by McLean & Company.

    1. Communicate the survey
    2. Create a survey
    3. Conduct the survey
    4. Collect and clean survey data
    5. Analyze survey data
    6. Conduct follow-up interviews
    7. Identify and prioritize improvement initiatives

    The survey takes a comprehensive approach by examining your existing BI practices through the following lenses:

    360° Perception

    Demographics Who are the users? From which department?
    Usage How is the current BI being used?
    People Web portal
    Process How good is your BI team from a user perspective?
    Data How good is the BI data in terms of quality and usability?
    Technology How good are your existing BI/reporting tools?
    Textual Feedback The sky’s the limit. Tell us your comments and ideas via open-ended questions.

    Use Info-Tech’s BI End-User Satisfaction Survey Framework to develop a comprehensive BI survey tailored to your organization.

    Activity: Develop a plan to gather user perception of your current BI program

    1.2.2

    2 hours

    This activity helps you to plan for a BI perception survey and subsequent interviews.

    1. Proper communication while conducting surveys helps to boost response rate. The project team should have a meeting with business executives to decide:
    • The survey goals
    • Which areas to cover
    • Which trends and hypotheses you want to confirm
    • Which pre-, during, and post-survey communications should be sent out
  • Have the project team create the first draft of the survey for subsequent review by select business stakeholders. Several iterations may be needed before finalizing.
  • In planning for the conclusion of the survey, the project team should engage a data analyst to:
    1. Organize the data in a useful format
    2. Clean up the survey data when there are gaps
    3. Summarize the data into a presentable/distributable format

    Collectively, the project team and the BI consuming departments should review the presentation and discuss these items:

    Misalignment

    Opportunities

    Inefficiencies

    Trends

    Need detailed interviews?

    INPUT

    • Usage information and analyses

    OUTPUT

    • User-perception survey

    Materials

    • Perception Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM
    • Business SMEs

    Create a comprehensive inventory of your BI artifacts

    Taking an inventory of your BI artifacts allows you to understand what deliverables have been developed over the years. Inventory taking should go beyond the BI content. You may want to include additional information products such as Excel spreadsheets, reports that are coming out of an Access database, and reports that are generated from front-end applications (e.g. Salesforce).

    1. Existing Reports from BI platform

    2. If you are currently using a BI platform, you have some BI artifacts (reports, scorecards, dashboards) that are developed within the platform itself.

    • BI Usage Reports (refer to step 2.1) – if you are getting a comprehensive BI usage reports for all your BI artifacts, there is your inventory report too.
    • BI Inventory Reports – Your BI platform may provide out-of-the-box inventory reports. You can use them as your inventory.
    • If the above options are not feasible, you may need to manually create the BI inventory. You may build that from some of your existing BI documentations to save time.
  • Excel and Access

    • Work with the business units to identify if Excel and Access are used to generate reports.
  • Application Reports

    • Data applications such as Salesforce, CRM, and ERP often provide reports as an out-of-the-box feature.
    • Those reports only include data within their respective applications. However, this may present opportunities for integrating application data with additional data sources.

    Activity: Inventory your BI artifacts

    1.2.3

    2+ hours

    This activity helps you to inventory your BI information artifacts and other related information artifacts.

    1. Define the scope of your inventory. Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpret your Inventory

    Duplicated reports/ dashboards Similar reports/ dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data Classify artifacts by BI Type

    INPUT

    • Current BI artifacts and documents
    • BI Type classification

    OUTPUT

    • Summary of BI artifacts

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    Project sponsor

    1.2.4

    2+ hours

    This activity helps you to inventory your BI by report type.

    1. Classify BI artifacts by type. Use the BI Type tool to classify Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpretation of your Inventory

    Duplicated reports/dashboards Similar reports/dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data

    INPUT

    • The BI Type as used by different business units
    • Business BI requirements

    OUTPUT

    • Summary of BI type usage across the organization

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    STEP 1.3

    Undergo BI Requirements Gathering

    Perform requirements gathering for revamping your BI environment

    Step Objectives

    • Create principles that will direct effective requirements gathering
    • Create a list of existing and desired BI requirements

    Step Activities

    1.3.1 Create requirements gathering principles

    1.3.2 Gather appropriate requirements

    1.3.3 Organize and consolidate the outputs of requirements gathering activities

    Outcomes

    • Requirements gathering principles that are flexible and repeatable
    • List of BI requirements

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Business Users

    Don’t let your new BI platform become a victim of poor requirements gathering

    The challenges in requirements management often have underlying causes; find and eliminate the root causes rather than focusing on the symptoms.

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality and are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • Teams are frustrated within IT and the business.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been, and continues to be, the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle to clear when it is time to optimize the requirements gathering process.

    Define the attributes of a good requirement to help shape your requirements gathering principles

    A good requirement has the following attributes:

    Verifiable It is stated in a way that can be tested.
    Unambiguous It is free of subjective terms and can only be interpreted in one way.
    Complete It contains all relevant information.
    Consistent It does not conflict with other requirements.
    Achievable It is possible to accomplish given the budgetary and technological constraints.
    Traceable It can be tracked from inception to testing.
    Unitary It addresses only one thing and cannot be deconstructed into multiple requirements.
    Accurate It is based on proven facts and correct information.

    Other Considerations

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need.

    Activity: Define requirements gathering principles

    1.3.1

    1 hour

    1. Invite representatives from the project management office, project management team, and BA team, as well as some key business stakeholders.
    2. Use the sample categories and principles in the table below as starting points for creating your own requirements gathering principles.
    3. Document the requirements gathering principles in the BI Strategy and Roadmap Template.
    4. Communicate the requirements gathering principles to the affected BI stakeholders.

    Sample Principles to Start With

    Effectiveness Face-to-face interviews are preferred over phone interviews.
    Alignment Clarify any misalignments, even the tiniest ones.
    Validation Rephrase requirements at the end to validate requirements.
    Ideation Use drawings and charts to explain ideas.
    Demonstration Make use of Joint Application Development (JAD) sessions.

    INPUT

    • Existing requirement principles (if any)

    OUTPUT

    • Requirements gathering principles that can be revisited and reused

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA Team
    • PM
    • Business stakeholders
    • PMO

    Info-Tech Insight

    Turn requirements gathering principles into house rules. The house rules should be available in every single requirements gathering session and the participants should revisit them when there are disagreements, confusion, or silence.

    Right-size your approach to BI requirements management

    Info-Tech suggests four requirements management approaches based on project complexity and business significance. BI projects usually require the Strategic Approach in requirements management.

    Requirements Management Process Explanations

    Approach Definition Recommended Strategy
    Strategic Approach High business significance and high project complexity merits a significant investment of time and resources in requirements gathering. Treat the requirements gathering phase as a project within a project. A large amount of time should be dedicated to elicitation, business process mapping, and solution design.
    Fundamental Approach High business significance and low project complexity merits a heavy emphasis on the elicitation phase to ensure that the project bases are covered and business value is realized. Look to achieve quick wins and try to survey a broad cross-section of stakeholders during elicitation and validation. The elicitation phase should be highly iterative. Do not over-complicate the analysis and validation of a straightforward project.
    Calculated Approach Low business significance and high project complexity merits a heavy emphasis on the analysis and validation phases to ensure that the solution meets the needs of users. Allocate a significant amount of time to business process modeling, requirements categorization, prioritization, and solution modeling.
    Elementary Approach Low business significance and low project complexity does not merit a high amount of rigor for requirements gathering. Do not rush or skip steps, but aim to be efficient. Focus on basic elicitation techniques (e.g. unstructured interviews, open-ended surveys) and consider capturing requirements as user stories. Focus on efficiency to prevent project delays and avoid squandering resources.

    Vary the modes used in eliciting requirements from your user base

    Requirements Gathering Modes

    Info-Tech has identified four effective requirements gathering modes. During the requirements gathering process, you may need to switch between the four gathering modes to establish a thorough understanding of the information needs.

    Dream Mode

    • Mentality: Let users’ imaginations go wild. The sky’s the limit.
    • How it works: Ask users to dream up the ideal future state and ask how analytics can support those dreams.
    • Limitations: Not all dreams can be fulfilled. A variety of constraints (budget, personnel, technical skills) may prevent the dreams from becoming reality.

    Pain Mode

    • Mentality: Users are currently experiencing pains related to information needs.
    • How it works: Vent the pains. Allow end users to share their information pains, ask them how their pains can be relieved, then convert those pains to requirements.
    • Limitations: Users are limited by the current situation and aren’t looking to innovate.

    Decode Mode

    • Mentality: Read the hidden messages from users. Speculate as to what the users really want.
    • How it works: Decode the underlying messages. Be innovative to develop hypotheses and then validate with the users.
    • Limitations: Speculations and hypothesis could be invalid. They may direct the users into some pre-determined directions.

    Profile Mode

    • Mentality: “I think you may want XYZ because you fall into that profile.”
    • How it works: The information user may fall into some existing user group profile or their information needs may be similar to some existing users.
    • Limitations: This mode doesn’t address very specific needs.

    Supplement BI requirements with user stories and prototyping to ensure BI is fit for purpose

    BI is a continually evolving program. BI artifacts that were developed in the past may not be relevant to the business anymore due to changes in the business and information usage. Revamping your BI program entails revisiting some of the BI requirements and/or gathering new BI requirements.

    Three-Step Process for Gathering Requirements

    Requirements User Stories Rapid Prototyping
    Gather requirements. Most importantly, understand the business needs and wants. Leverage user stories to organize and make sense of the requirements. Use a prototype to confirm requirements and show the initial draft to end users.

    Pain Mode: “I can’t access and manipulate data on my own...”

    Decode Mode: Dig deeper: could this hint at a self-service use case?

    Dream Mode: E.g. a sandbox area where I can play around with clean, integrated, well-represented data.

    Profile Mode: E.g. another marketing analyst is currently using something similar.

    ExampleMary has a spreadmart that keeps track of all campaigns. Maintaining and executing that spreadmart is time consuming.

    Mary is asking for a mash-up data set that she can pivot on her own…

    Upon reviewing the data and the prototype, Mary decided to use a heat map and included two more data points – tenure and lifetime value.

    Identify which BI styles best meet user requirements

    A spectrum of Business Intelligence solutions styles are available. Use Info-Tech’s BI Styles Tool to assess which business stakeholder will be best served by which style.

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as on-line analytical processing): Flexible tool-based, user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics. 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods and historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future. 5 3 5

    Activity: Gather BI requirements

    1.3.2

    2-6 hours

    Using the approaches discussed on previous slides, start a dialogue with business users to confirm existing requirements and develop new ones.

    1. Invite business stakeholders to a requirements gathering session.
    2. For existing BI artifacts – Invite existing users of those artifacts.

      For new BI development – Invite stakeholders at the executive level to understand the business operation and their needs and wants. This is especially important if their department is new to BI.

    3. Discuss the business requirements. Systematically switch between the four requirements gathering modes to get a holistic view of the requirements.
    4. Once requirements are gathered, organize them to tell a story. A story usually has these components:
    The Setting The Characters The Venues The Activities The Future
    Example Customers are asking for a bundle discount. CMO and the marketing analysts want to… …the information should be available in the portal, mobile, and Excel. …information is then used in the bi-weekly pricing meeting to discuss… …bundle information should contain historical data in a graphical format to help executives.

    INPUT

    • Existing documentations on BI artifacts

    OUTPUT

    • Preliminary, uncategorized list of BI requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA team
    • Business stakeholders
    • Business SMEs
    • BI developers

    Clarify consumer needs by categorizing BI requirements

    Requirements are too broad in some situations and too detailed in others. In the previous step we developed user stories to provide context. Now you need to define requirement categories and gather detailed requirements.

    Considerations for Requirement Categories

    Category Subcategory Sample Requirements
    Data Granularity Individual transaction
    Transformation Transform activation date to YYYY-MM format
    Selection Criteria Client type: consumer. Exclude SMB and business clients. US only. Recent three years
    Fields Required Consumer band, Region, Submarket…
    Functionality Filters Filters required on the dashboard: date range filter, region filter…
    Drill Down Path Drill down from a summary report to individual transactions
    Analysis Required Cross-tab, time series, pie chart
    Visual Requirements Mock-up See attached drawing
    Section The dashboard will be presented using three sections
    Conditional Formatting Below-average numbers are highlighted
    Security Mobile The dashboard needs to be accessed from mobile devices
    Role Regional managers will get a subset of the dashboard according to the region
    Users John, Mary, Tom, Bob, and Dave
    Export Dashboard data cannot be exported into PDF, text, or Excel formats
    Performance Speed A BI artifact must be loaded in three seconds
    Latency Two seconds response time when a filter is changed
    Capacity Be able to serve 50 concurrent users with the performance expected
    Control Governance Govern by the corporate BI standards
    Regulations Meet HIPPA requirements
    Compliance Meet ISO requirements

    Prioritize requirements to assist with solution modeling

    Prioritization ensures that the development team focuses on the right requirements.

    The MoSCoW Model of Prioritization

    Must Have Requirements that mustbe implemented for the solution to be considered successful.
    Should Have Requirements that are high priority and should be included in the solution if possible.
    Could Have Requirements that are desirable but not necessary and could be included if resources are available.
    Won't Have Requirements that won’t be in the next release but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure that efforts are targeted towards the proper requirements and the plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    Activity: Finalize the list of BI requirements

    1.3.3

    1-4 hours

    Requirement Category Framework

    Category Subcategory
    Data Granularity
    Transformation
    Selection Criteria
    Fields Required
    Functionality Filters
    Drill Down Path
    Analysis Required
    Visual Requirements Mock-up
    Section
    Conditional Formatting
    Security Mobile
    Role
    Users
    Export
    Performance Speed
    Latency
    Capacity
    Control Governance
    Regulations
    Compliance

    Create requirement buckets and classify requirements.

    1. Define requirement categories according to the framework.
    2. Review the user story and requirements you collected in Step 1.3.2. Classify the requirements within requirement categories.
    3. Review the preliminary list of categorized requirements and look for gaps in this detailed view. You may need to gather additional requirements to fill the gaps.
    4. Prioritize the requirements according to the MoSCoW framework.
    5. Document your final list of requirements in the BI Strategy and Roadmap Template.

    INPUT

    • Existing requirements and new requirements from step 1.3.2

    OUTPUT

    • Prioritized and categorized requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Business stakeholders
    • PMO

    Translate your findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    As you progress through each phase, document findings and ideas as they arise. At phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translating findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 1 findings, ideas, and action items

    1.3.4

    1-2 hours

    1. Reconvene as a group to review findings, ideas, and actions harvested in Phase 1. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 1

      Sample Phase 1 Findings Found two business objectives that are not supported by BI/analytics
      Some executives still think BI is reporting
      Some confusion around operational reporting and BI
      Data quality plays a big role in BI
      Many executives are not sure about the BI ROI or asking for one
    4. Select the top findings and document them in the “Other Phase 1 Findings” section of the BI Strategy and Roadmap Template. The findings will be used again in Phase 3.

    INPUT

    • Phase 1 activities
    • Business context (vision, mission, goals, etc.

    OUTPUT

    • Other Phase 1 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1-1.1.5

    Establish the business context

    To begin the workshop, your project team will be taken through a series of activities to establish the overall business vision, mission, objectives, goals, and key drivers. This information will serve as the foundation for discerning how the revamped BI strategy needs to enable business users.

    1.2.1- 1.2.3

    Create a comprehensive documentation of your current BI environment

    Our analysts will take your project team through a series of activities that will facilitate an assessment of current BI usage and artifacts, and help you design an end-user interview survey to elicit context around BI usage patterns.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts

    1.3.1-1.3.3

    Establish new BI requirements

    Our analysts will guide your project team through frameworks for eliciting and organizing requirements from business users, and then use those frameworks in exercises to gather some actual requirements from business stakeholders.

    Phase 2

    Evaluate Your Current BI Practice

    Build a Reporting and Analytics Strategy

    Revisit project metrics to track phase progress

    Goals for Phase 2:

    • Assess your current BI practice. Determine the maturity of your current BI practice from different viewpoints.
    • Develop your BI target state. Plan your next generation BI with Info-Tech’s BI patterns and best practices.
    • Safeguard your target state. Avoid BI pitfalls by proactively monitoring BI risks.

    Info-Tech’s Suggested Metrics for Tracking Phase 2 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    # of groups participated in the current state assessment The number of groups joined the current assessment using Info-Tech’s BI Practice Assessment Tool Varies; the tool can accommodate up to five groups
    # of risks mitigated Derive from your risk register At least two to five risks will be identified and mitigated

    Intangible Metrics:

    • Prototyping approach allows the BI group to understand more about business requirements, and in the meantime, allows the business to understand how to partner with the BI group.
    • The BI group and the business have more confidence in the BI program as risks are monitored and mitigated on an ad hoc basis.

    Evaluate your current BI practice

    Phase 2 Overarching Insight

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment, and data management, data quality, and related data practices must be strong. Otherwise, the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 2 overview

    Detailed Overview

    Step 1: Assess Your Current BI Practice

    Step 2: Envision a Future State for Your BI Practice

    Outcomes

    • A comprehensive assessment of current BI practice maturity and capabilities.
    • Articulation of your future BI practice.
    • Improvement objectives and activities for developing your current BI program.

    Benefits

    • Identification of clear gaps in BI practice maturity.
    • A current state assessment that includes the perspectives of both BI providers and consumers to highlight alignment and/or discrepancies.
    • A future state is defined to provide a benchmark for your BI program.
    • Gaps between the future and current states are identified; recommendations for the gaps are defined.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Evaluate Your Current BI Practice

    Proposed Time to Completion: 1-2 weeks

    Step 2.1: Assess Your Current BI Practice

    Start with an analyst kick-off call:

    • Detail the benefits of conducting multidimensional assessments that involve BI providers as well as consumers.
    • Review Info-Tech’s BI Maturity Model.

    Then complete these activities…

    • SWOT analyses
    • Identification of BI maturity level through a current state assessment

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Step 2.2: Envision a Future State for Your BI Practice

    Review findings with an analyst:

    • Discuss overall maturity gaps and patterns in BI perception amongst different units of your organization.
    • Discuss how to translate activity findings into robust initiatives, defining critical success factors for BI development and risk mitigation.

    Then complete these activities…

    • Identify your desired BI patterns and functionalities.
    • Complete a target state assessment for your BI practice.
    • Review capability practice gaps and phase-level metrics.

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Phase 2 Results & Insights:

    • A comprehensive assessment of the organization’s current BI practice capabilities and gaps
    • Visualization of BI perception from a variety of business users as well as IT
    • A list of tasks and initiatives for constructing a strategic BI improvement roadmap

    STEP 2.1

    Assess the Current State of Your BI Practice

    Assess your organization’s current BI capabilities

    Step Objectives

    • Understand the definitions and roles of each component of BI.
    • Contextualize BI components to your organization’s environment and current practices.

    Step Activities

    2.1.1 Perform multidimensional SWOT analyses

    2.1.2 Assess current BI and analytical capabilities, Document challenges, constraints, opportunities

    2.1.3 Review the results of your current state assessment

    Outcomes

    • Holistic perspective of current BI strengths and weaknesses according to BI users and providers
    • Current maturity in BI and related data management practices

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Gather multiple BI perspectives with comprehensive SWOT analyses

    SWOT analysis is an effective tool that helps establish a high-level context for where your practice stands, where it can improve, and the factors that will influence development.

    Strengths

    Best practices, what is working well

    Weaknesses

    Inefficiencies, errors, gaps, shortcomings

    Opportunities

    Review internal and external drivers

    Threats

    Market trends, disruptive forces

    While SWOT is not a new concept, you can add value to SWOT by:

    • Conducting a multi-dimensional SWOT to diversify perspectives – involve the existing BI team, BI management, business executives and other business users.
    • SWOT analyses traditionally provide a retrospective view of your environment. Add a future-looking element by creating improvement tasks/activities at the same time as you detail historical and current performance.

    Info-Tech Insight

    Consider a SWOT with two formats: a private SWOT worksheet and a public SWOT session. Participants will be providing suggestions anonymously while solicited suggestions will be discussed in the public SWOT session to further the discussion.

    Activity: Perform a SWOT analysis in groups to get a holistic view

    2.1.1

    1-2 hours

    This activity will take your project team through a holistic SWOT analysis to gather a variety of stakeholder perception of the current BI practice.

    1. Identify individuals to involve in the SWOT activity. Aim for a diverse pool of participants that are part of the BI practice in different capacities and roles. Solution architects, application managers, business analysts, and business functional unit leaders are a good starting point.
    2. Review the findings summary from Phase 1. You may opt to facilitate this activity with insights from the business context. Each group will be performing the SWOT individually.
    3. The group results will be collected and consolidated to pinpoint common ideas and opinions. Individual group results should be represented by a different color. The core program team will be reviewing the consolidated result as a group.
    4. Document the results of these SWOT activities in the appropriate section of the BI Strategy and Roadmap Template.

    SWOT

    Group 1 Provider Group E.g. The BI Team

    Group 2 Consumer Group E.g. Business End Users

    INPUT

    • IT and business stakeholder perception

    OUTPUT

    • Multi-faceted SWOT analyses
    • Potential BI improvement activities/objectives

    Materials

    • SWOT Analysis section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals in the enterprise (variable)

    Your organization’s BI maturity is determined by several factors and the degree of immersion into your enterprise

    BI Maturity Level

    A way to categorize your analytics maturity to understand where you are currently and what next steps would be best to increase your BI maturity.

    There are several factors used to determine BI maturity:

    Buy-in and Data Culture

    Determines if there is enterprise-wide buy-in for developing business intelligence and if a data-driven culture exists.

    Business–IT Alignment

    Examines if current BI and analytics operations are appropriately enabling the business objectives.

    Governance Structure

    Focuses on whether or not there is adequate governance in place to provide guidance and structure for BI activities.

    Organization Structure and Talent

    Pertains to how BI operations are distributed across the overall organizational structure and the capabilities of the individuals involved.

    Process

    Reviews analytics-related processes and policies and how they are created and enforced throughout the organization.

    Data

    Deals with analytical data in terms of the level of integration, data quality, and usability.

    Technology

    Explores the opportunities in building a fit-for-purpose analytics platform and consolidation opportunities.

    Evaluate Your Current BI Practice with the CMMI model

    To assess BI, Info-Tech uses the CMMI model for rating capabilities in each of the function areas on a scale of 1-5. (“0” and “0.5” values are used for non-existent or emerging capabilities.)

    The image shows an example of a CMMI model

    Use Info-Tech’s BI Maturity Model as a guide for identifying your current analytics competence

    Leverage a BI strategy to revamp your BI program to strive for a high analytics maturity level. In the future you should be doing more than just traditional BI. You will perform self-service BI, predictive analytics, and data science.

    Ad Hoc Developing Defined Managed Trend Setting
    Questions What’s wrong? What happened? What is happening? What happened, is happening, and will happen? What if? So what?
    Scope One business problem at a time One particular functional area Multiple functional areas Multiple functional areas in an integrated fashion Internal plus internet scale data
    Toolset Excel, Access, primitive query tools Reporting tools or BI BI BI, business analytics tools Plus predictive platforms, data science tools
    Delivery Model IT delivers ad hoc reports IT delivers BI reports IT delivers BI reports and some self-service BI Self-service BI and report creation at the business units Plus predictive models and data science projects
    Mindset Firefighting using data Manage using data Analyze using data; shared tooling Data is an asset, shared data Data driven
    BI Org. Structure Data analysts in IT BI BI program BI CoE Data Innovation CoE

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI current state

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analysis of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Conduct a current state assessment of your BI practice maturity

    2.1.2

    2-3 hours

    Use the BI Practice Assessment Tool to establish a baseline for your current BI capabilities and maturity.

    1. Navigate to Tab 2. Current State Assessment in the BI Practice Assessment Tool and complete the current state assessment together or in small groups. If running a series of assessments, do not star or scratch every time. Use the previous group’s results to start the conversation with the users.
    2. Info-Tech suggests the following groups participate in the completion of the assessment to holistically assess BI and to uncover misalignment:

      Providers Consumers
      CIO & BI Management BI Work Groups (developers, analysts, modelers) Business Unit #1 Business Unit #2 Business Unit #3
    3. For each assessment question, answer the current level of maturity in terms of:
      1. Initial/Ad hoc – the starting point for use of a new or undocumented repeat process
      2. Developing – the process is documented such that it is repeatable
      3. Defined – the process is defined/confirmed as a standard business process
      4. Managed and Measurable – the process is quantitatively managed in accordance with agreed-upon metrics.
      5. Optimized – the process includes process optimization/improvement.

    INPUT

    • Observations of current maturity

    OUTPUT

    • Comprehensive current state assessment

    Materials

    • BI Practice Assessment Tool
    • Current State Assessment section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals as suggested by the assessment tool

    Info-Tech Insight

    Discuss the rationale for your answers as a group. Document the comments and observations as they may be helpful in formulating the final strategy and roadmap.

    Activity: Review and analyze the results of the current state assessment

    2.1.3

    2-3 hours

    1. Navigate to Tab 3. Current State Results in the BI Practice Assessment Tool and review the findings:

    The tool provides a brief synopsis of your current BI state. Review the details of your maturity level and see where this description fits your organization and where there may be some discrepancies. Add additional comments to your current state summary in the BI Strategy and Roadmap Document.

    In addition to reviewing the attributes of your maturity level, consider the following:

    1. What are the knowns – The knowns confirm your understanding on the current landscape.
  • What are the unknowns – The unknowns show you the blind spots. They are very important to give you an alternative view of the your current state. The group should discuss those blind spots and determine what to do with them.
  • Activity: Review and analyze the results of the current state assessment (cont.)

    2.1.3

    2-3 hours

    2. Tab 3 will also visualize a breakdown of your maturity by BI practice dimension. Use this graphic as a preliminary method to identify where your organization is excelling and where it may need improvement.

    Better Practices

    Consider: What have you done in the areas where you perform well?

    Candidates for Improvement

    Consider: What can you do to improve these areas? What are potential barriers to improvement?

    STEP 2.2

    Envision a Future State for Your Organization’s BI Practice

    Detail the capabilities of your next generation BI practice

    Step Objectives

    • Create guiding principles that will shape your organization’s ideal BI program.
    • Pinpoint where your organization needs to improve across several BI practice dimensions.
    • Develop approaches to remedy current impediments to BI evolution.
    • Step Activities

      2.2.1 Define guiding principles for the future state

      2.2.2 Define the target state of your BI practice

      2.2.3 Confirm requirements for BI Styles by management group

      2.2.4 Analyze gaps in your BI practice and generate improvement activities and objectives

      2.2.5 Define the critical success factors for future BI

      2.2.6 Identify potential risks for your future state and create a mitigation plan

    Outcomes

    • Defined landscape for future BI capabilities, including desired BI functionalities.
    • Identification of crucial gaps and improvement points to include in a BI roadmap.
    • Updated BI Styles Usage sheet.

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Define guiding principles to drive your future state envisioning

    Envisioning a BI future state is essentially architecting the future for your BI program. It is very similar to enterprise architecture (EA). Guiding principles are widely used in enterprise architecture. This best practice should also be used in BI envisioning.

    Benefits of Guiding Principles in a BI Context

    • BI planning involves a number of business units. Defining high-level future state principles helps to establish a common ground for those different business units.
    • Ensure the next generation BI aligns with the corporate enterprise architecture and data architecture principles.
    • Provide high-level guidance without depicting detailed solutioning by leaving room for innovation.

    Sample Principles for BI Future State

    1. BI should be fit for purpose. BI is a business technology that helps business users.
    2. Business–IT collaboration should be encouraged to ensure deliverables are relevant to the business.
    3. Focus on continuous improvement on data quality.
    4. Explore opportunities to onboard and integrate new datasets to create a holistic view of your data.
    5. Organize and present data in an easy-to-consume, easy-to-digest fashion.
    6. BI should be accessible to everything, as soon as they have a business case.
    7. Do not train just on using the platform. Train on the underlying data and business model as well.
    8. Develop a training platform where trainees can play around with the data without worrying about messing it up.

    Activity: Define future state guiding principles for your BI practice

    2.2.1

    1-2 hours

    Guiding principles are broad statements that are fundamental to how your organization will go about its activities. Use this as an opportunity to gather relevant stakeholders and solidify how your BI practice should perform moving forward.

    1. To ensure holistic and comprehensive future state principles, invite participants from the business, the data management team, and the enterprise architecture team. If you do not have an enterprise architecture practice, invite people that are involved in building the enterprise architecture. Five to ten people is ideal.
    2. BI Future State

      Awareness Buy-in Business-IT Alignment Governance Org. Structure; People Process; Policies; Standards Data Technology
    3. Once the group has some high-level ideas on what the future state looks like, brainstorm guiding principles that will facilitate the achievement of the future state (see above).
    4. Document the future state principles in the Future State Principles for BI section of the BI Strategy and Roadmap Template

    INPUT

    • Existing enterprise architecture guiding principles
    • High-level concept of future state BI

    OUTPUT

    • Guiding principles for prospective BI practice

    Materials

    • Future State Principles section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives
    • The EA group

    Leverage prototypes to facilitate a continuous dialogue with end users en route to creating the final deliverable

    At the end of the day, BI makes data and information available to the business communities. It has to be fit for purpose and relevant to the business. Prototypes are an effective way to ensure relevant deliverables are provided to the necessary users. Prototyping makes your future state a lot closer and a lot more business friendly.

    Simple Prototypes

    • Simple paper-based, whiteboard-based prototypes with same notes.
    • The most basic communication tool that facilitates the exchange of ideas.
    • Often used in Joint Application Development (JAD) sessions.
    • Improve business and IT collaboration.
    • Can be used to amend requirements documents.

    Discussion Possibilities

    • Initial ideation at the beginning
    • Align everyone on the same page
    • Explain complex ideas/layouts
    • Improve collaboration

    Elaborated Prototypes

    • Demonstrates the possibilities of BI in a risk-free environment.
    • Creates initial business value with your new BI platform.
    • Validates the benefits of BI to the organization.
    • Generates interest and support for BI from senior management.
    • Prepares BI team for the eventual enterprise-wide deployment.

    Discussion Possibilities

    • Validate and refine requirements
    • Fail fast, succeed fast
    • Acts as checkpoints
    • Proxy for the final working deliverable

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI target state and visualize capability gaps

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Document essential findings in Info-Tech’s BI Strategy and Roadmap Template.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analyses of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Define the target state for your BI practice

    2.2.2

    2 hours

    This exercise takes your team through establishing the future maturity of your BI practice across several dimensions.

    1. Envisioning of the future state will involve input from the business side as well as the IT department.
    2. The business and IT groups should get together separately and determine the target state maturity of each of the BI practice components:

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Define the target state for your BI practice (cont.)

    2.2.2

    2 hours

    2. The target state levels from the two groups will be averaged in the column “Target State Level.” The assessment tool will automatically calculate the gaps between future state value and the current state maturity determined in Step 2.1. Significant gaps in practice maturity will be highlighted in red; smaller or non-existent gaps will appear green.

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool with Gap highlighted.

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Revisit the BI Style Analysis sheet to define new report and analytical requirements by C-Level

    2.2.3

    1-2 hours

    The information needs for each executive is unique to their requirements and management style. During this exercise you will determine the reporting and analytical needs for an executive in regards to content, presentation and cadence and then select the BI style that suite them best.

    1. To ensure a holistic and comprehensive need assessment, invite participants from the business and BI team. Discuss what data the executive currently use to base decisions on and explore how the different BI styles may assist. Sample reports or mock-ups can be used for this purpose.
    2. Document the type of report and required content using the BI Style Tool.
    3. The BI Style Tool will then guide the BI team in the type of reporting to develop and the level of Self-Service BI that is required. The tool can also be used for product selection.

    INPUT

    • Information requirements for C-Level Executives

    OUTPUT

    • BI style(s) that are appropriate for an executive’s needs

    Materials

    • BI Style Usage sheet from BI Strategy and Roadmap Template
    • Sample Reports

    Participants

    • Business representatives
    • BI representatives

    Visualization tools facilitate a more comprehensive understanding of gaps in your existing BI practice

    Having completed both current and target state assessments, the BI Practice Assessment Tool allows you to compare the results from multiple angles.

    At a higher level, you can look at your maturity level:

    At a detailed level, you can drill down to the dimensional level and item level.

    The image is a screenshots from Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    At a detailed level, you can drill down to the dimensional level and item level.

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities

    2.2.4

    2 hours

    This interpretation exercise helps you to make sense of the BI practice assessment results to provide valuable inputs for subsequent strategy and roadmap formulation.

    1. IT management and the BI team should be involved in this exercise. Business SMEs should be consulted frequently to obtain clarifications on what their ideal future state entails.
    2. Begin this exercise by reviewing the heat map and identifying:

    • Areas with very large gaps
    • Areas with small gaps

    Areas with large gaps

    Consider: Is the target state feasible and achievable? What are ways we can improve incrementally in this area? What is the priority for addressing this gap?

    Areas with small/no gaps

    Consider: Can we learn from those areas? Are we setting the bar too low for our capabilities?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    2. Discuss the differences in the current and target state maturity level descriptions. Questions to ask include:

    • What are the prerequisites before we can begin to build the future state?
    • Is the organization ready for that future state? If not, how do we set expectations and vision for the future state?
    • Do we have the necessary competencies, time, and support to achieve our BI vision?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    3. Have the same group members reconvene and discuss the recommendations at the BI practice dimension level on Tab 5. of the BI Practice Assessment Tool. These recommendations can be used as improvement actions or translated into objectives for building your BI capabilities.

    Example

    The heat map displayed the largest gap between target state and current state in the technology dimension. The detailed drill-down chart will further illustrate which aspect(s) of the technology dimension is/are showing the most room for improvement in order to better direct your objective and initiative creation.

    The image is of an example and recommendations.

    Considerations:

    • What dimension parameters have the largest gaps? And why?
    • Is there a different set of expectations for the future state?

    Define critical success factors to direct your future state

    Critical success factors (CSFs) are the essential factors or elements required for ensuring the success of your BI program. They are used to inform organizations with things they should focus on to be successful.

    Common Provider (IT Department) CSFs

    • BI governance structure and organization is created.
    • Training is provided for the BI users and the BI team.
    • BI standards are in place.
    • BI artifacts rely on quality data.
    • Data is organized and presented in a usable fashion.
    • A hybrid BI delivery model is established.
    • BI on BI; a measuring plan has to be in place.

    Common Consumer (Business) CSFs

    • Measurable business results have been improved.
    • Business targets met/exceeded.
    • Growth plans accelerated.
    • World-class training to empower BI users.
    • Continuous promotion of a data-driven culture.
    • IT–business partnership is established.
    • Collaborative requirements gathering processes.
    • Different BI use cases are supported.

    …a data culture is essential to the success of analytics. Being involved in a lot of Bay Area start-ups has shown me that those entrepreneurs that are born with the data DNA, adopt the data culture and BI naturally. Other companies should learn from these start-ups and grow the data culture to ensure BI adoption.

    – Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP

    Activity: Define provider and consumer critical success factors for your future BI capabilities

    2.2.5

    2 hours

    Create critical success factors that are important to both BI providers and BI consumers.

    1. Divide relevant stakeholders into two groups:
    2. BI Provider (aka IT) BI Consumer (aka Business)
    3. Write two headings on the board: Objective and Critical Success Factors. Write down each of the objectives created in Phase 1.
    4. Divide the group into small teams and assign each team an objective. For each objective, ask the following question:
    5. What needs to be put in place to ensure that this objective is achieved?

      The answer to the question is your candidate CSF. Write CSFs on sticky notes and stick them by the relevant objective.

    6. Rationalize and consolidate CSFs. Evaluate the list of candidate CSFs to find the essential elements for achieving success.
    7. For each CSF, identify at least one key performance indicator that will serve as an appropriate metric for tracking achievement.

    As you evaluate candidate CSFs, you may uncover new objectives for achieving your future state BI.

    INPUT

    • Business objectives

    OUTPUT

    • A list of critical success factors mapped to business objectives

    Materials

    • Whiteboard and colored sticky notes
    • CSFs for the Future State section of the BI Strategy and Roadmap Template

    Participants

    • Business and IT representatives
    • CIO
    • Head of BI

    Round out your strategy for BI growth by evaluating risks and developing mitigation plans

    A risk matrix is a useful tool that allows you to track risks on two dimensions: probability and impact. Use this matrix to help organize and prioritize risk, as well as develop mitigation strategies and contingency plans appropriately.

    Example of a risk matrix using colour coding

    Info-Tech Insight

    Tackling risk mitigation is essentially purchasing insurance. You cannot insure everything – focus your investments on mitigating risks with a reasonably high impact and high probability.

    Be aware of some common barriers that arise in the process of implementing a BI strategy

    These are some of the most common BI risks based on Info-Tech’s research:

    Low Impact Medium Impact High Impact
    High Probability
    • Users revert back to Microsoft Excel to analyze data.
    • BI solution does not satisfy the business need.
    • BI tools become out of sync with new strategic direction.
    • Poor documentation creates confusion and reduces user adoption.
    • Fail to address data issues: quality, integration, definition.
    • Inadequate communication with stakeholders throughout the project.
    • Users find the BI tool interface too confusing.
    Medium Probability
    • Fail to define and monitor KPIs.
    • Poor training results in low user adoption.
    • Organization culture is resistant to the change.
    • Lack of support from the sponsors.
    • No governance over BI.
    • Poor training results in misinformed users.
    Low Probability
    • Business units independently invest in BI as silos.

    Activity: Identify potential risks for your future state and create a mitigation plan

    2.2.6

    1 hour

    As part of developing your improvement actions, use this activity to brainstorm some high-level plans for mitigating risks associated with those actions.

    Example:

    Users find the BI tool interface too confusing.

    1. Use the probability-impact matrix to identify risks systematically. Collectively vote on the probability and impact for each risk.
    2. Risk mitigation. Risk can be mitigated by three approaches:
    3. A. Reducing its probability

      B. Reducing its impact

      C. Reducing both

      Option A: Brainstorm ways to reduce risk probability

      E.g. The probability of the above risk may be reduced by user training. With training, the probability of confused end users will be reduced.

      Option B: Brainstorm ways to reduce risk impact

      E.g. The impact can be reduced by ensuring having two end users validate each other’s reports before making a major decision.

    4. Document your high-level mitigation strategies in the BI Strategy and Roadmap Template.

    INPUT

    • Step 2.2 outputs

    OUTPUT

    • High-level risk mitigation plans

    Materials

    • Risks and Mitigation section of the BI Strategy and Roadmap Template

    Participants

    • BI sponsor
    • CIO
    • Head of BI

    Translate your findings and ideas into actions that will be integrated into the BI strategy and roadmap

    As you progress through each phase, document findings and ideas as they arise. By phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translated findings and ideas into actions that will be integrated into the BI strategy and roadmap.

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 2 findings, ideas, and action items

    2.2.7

    1-2 hours

    1. Reconvene as a group to review the findings, ideas, and actions harvested in Phase 2. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 2

      Sample Phase 2 Findings Found a gap between the business expectation and the existing BI content they are getting.
      Our current maturity level is “Level 2 – Operational.” Almost everyone thinks we should be at least “Level 3 – Tactical” with some level 4 elements.
      Found an error in a sales report. A quick fix is identified.
      The current BI program is not able to keep up with the demand.
    4. Select the top items and document the findings in the BI Strategy Roadmap Template. The findings will be used to build a Roadmap in Phase 3.

    INPUT

    • Phase 2 activities

    OUTPUT

    • Other Phase 2 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1

    Determine your current BI maturity level

    The analyst will take your project team through Info-Tech’s BI Practice Assessment Tool, which collects perspectives from BI consumer and provider groups on multiple facets of your BI practice in order to establish a current maturity level.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    2.2.1

    Define guiding principles for your target BI state

    Using enterprise architecture principles as a starting point, our analyst will facilitate exercises to help your team establish high-level standards for your future BI practice.

    2.2.2-2.2.3

    Establish your desired BI patterns and matching functionalities

    In developing your BI practice, your project team will have to decide what BI-specific capabilities are most important to your organization. Our analyst will take your team through several BI patterns that Info-Tech has identified and discuss how to bridge the gap between these patterns, linking them to specific functional requirements in a BI solution.

    2.2.4-2.2.5

    Analyze the gaps in your BI practice capabilities

    Our analyst will guide your project team through a number of visualizations and explanations produced by our assessment tool in order to pinpoint the problem areas and generate improvement ideas.

    Phase 3

    Create a BI Roadmap for Continuous Improvement

    Build a Reporting and Analytics Strategy

    Create a BI roadmap for continuous improvement

    Phase 3 Overarching Insight

    The benefit of creating a comprehensive and actionable roadmap is twofold: not only does it keep BI providers accountable and focused on creating incremental improvement, but a roadmap helps to build momentum around the overall project, provides a continuous delivery of success stories, and garners grassroots-level support throughout the organization for BI as a key strategic imperative.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 3 overview

    Detailed Overview

    Step 1: Establish Your BI Initiative Roadmap

    Step 2: Identify Opportunities to Enhance Your BI Practice

    Step 3: Create Analytics Strategy

    Step 4: Define CSF and metrics to monitor success of BI and analytics

    Outcomes

    • Consolidate business intelligence improvement objectives into robust initiatives.
    • Prioritize improvement initiatives by cost, effort, and urgency.
    • Create a one-year, two-year, or three-year timeline for completion of your BI improvement initiatives.
    • Identify supplementary programs that will facilitate the smooth execution of road-mapped initiatives.

    Benefits

    • Clear characterization of comprehensive initiatives with a detailed timeline to keep team members accountable.

    Revisit project metrics to track phase progress

    Goals for Phase 3:

    • Put everything together. Findings and observations from Phase 1 and 2 are rationalized in this phase to develop data initiatives and create a strategy and roadmap for BI.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking Phase 3 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Learn more about the CIO Business Vision program.

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that helps you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create a BI Roadmap for Continuous Improvement

    Proposed Time to Completion: 1-2 weeks

    Step 3.1: Construct a BI Improvement Initiative Roadmap

    Start with an analyst kick off call:

    • Review findings and insights from completion of activities pertaining to current and future state assessments
    • Discuss challenges around consolidating activities into initiatives

    Then complete these activities…

    • Collect improvement objectives/tasks from previous phases
    • Develop comprehensive improvement initiatives
    • Leverage value-effort matrix activities to prioritize these initiatives and place them along an improvement roadmap

    With these tools & templates:

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Template

    Step 3.2: Continuous Improvement Opportunities for BI

    Review findings with analyst:

    • Review completed BI improvement initiatives and roadmap
    • Discuss guidelines presenting a finalized improvement to the relevant committee or stakeholders
    • Discuss additional policies and programs that can serve to enhance your established BI improvement roadmap

    Then complete these activities…

    • Present BI improvement roadmap to relevant stakeholders
    • Develop Info-Tech’s recommended supplementary policies and programs for BI

    With these tools & templates:

    BI Strategy and Roadmap Executive Presentation Template

    Phase 3 Results & Insights:

    • Comprehensive initiatives with associated tasks/activities consolidated and prioritized in an improvement roadmap

    STEP 3.1

    Construct a BI Improvement Initiative Roadmap

    Build an improvement initiative roadmap to solidify your revamped BI strategy

    Step Objectives

    • Bring together activities and objectives for BI improvement to form initiatives
    • Develop a fit-for-purpose roadmap aligned with your BI strategy

    Step Activities

    3.1.1 Characterize individual improvement objectives and activities ideated in previous phases.

    3.1.2 Synthesize and detail overall BI improvement initiatives.

    3.1.3 Create a plan of action by placing initiatives on a roadmap.

    Outcomes

    • Detailed BI improvement initiatives, prioritized by value and effort
    • Defined roadmap for completion of tasks associated with each initiative and accountability

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool

    Proposed Participants in this Step

    Project Manager

    Project Team

    Create detailed BI strategy initiatives by bringing together the objectives listed in the previous phases

    When developing initiatives, all components of the initiative need to be considered, from its objectives and goals to its benefits, risks, costs, effort required, and relevant stakeholders.

    Use outputs from previous project steps as inputs to the initiative and roadmap building:

    The image shows the previous project steps as inputs to the initiative and roadmap building, with arrow pointing from one to the next.

    Determining the dependencies that exist between objectives will enable the creation of unique initiatives with associated to-do items or tasks.

    • Group objectives into similar buckets with dependencies
    • Select one overarching initiative
    • Adapt remaining objectives into tasks of the main initiative
    • Add any additional tasks

    Leverage Info-Tech’s BI Initiatives and Roadmap Tool to build a fit-for-purpose improvement roadmap

    BI Initiatives and Roadmap Tool

    Overview

    Use the BI Initiatives and Roadmap Tool to develop comprehensive improvement initiatives and add them to a BI strategy improvement roadmap.

    Recommended Participants

    • BI project team

    Tool Guideline

    Tab 1. Instructions Use this tab to get an understanding as to how the tool works.
    Tab 2. Inputs Use this tab to customize the inputs used in the tool.
    Tab 3. Activities Repository Use this tab to list and prioritize activities, to determine dependencies between them, and build comprehensive initiatives with them.
    Tab 4. Improvement Initiatives Use this tab to develop detailed improvement initiatives that will form the basis of the roadmap. Map these initiatives to activities from Tab 3.
    Tab 5. Improvement Roadmap Use this tab to create your BI strategy improvement roadmap, assigning timelines and accountability to initiatives and tasks, and to monitor your project performance over time.

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities

    3.1.1

  • 2 hours
    1. Have one person from the BI project team populate Tab 3. Activities Repository with the BI strategy activities that were compiled in Phases 1 and 2. Use drop-downs to indicate in which phase the objective was originally ideated.
    2. With BI project team executives, discuss and assign dependencies between activities in the Dependencies columns. A dependency exists if:
    • An activity requires consideration of another activity.
    • An activity requires the completion of another activity.
    • Two activities should be part of the same initiative.
    • Two activities are very similar in nature.
  • Then discuss and assign priorities to each activity in the Priority column using input from previous Phases. For example, if an activity was previously indicated as critical to the business, if a similar activity appears multiple times, or if an activity has several dependencies, it should be higher priority.
  • Inputs

    • BI improvement activities created in Phases 1 and 2

    Output

    • Activities with dependencies and priorities

    Materials

    • BI Initiatives and Roadmap Tool

    Participants

    • BI project team

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities (cont’d.)

    3.1.1

    2 hours

    Screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities

    The image is of a screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities.

    Revisit the outputs of your current state assessment and note which activities have already been completed in the “Status” column, to avoid duplication of your efforts.

    When classifying the status of items in your activity repository, distinguish between broader activities (potential initiatives) and granular activities (tasks).

    Activity: Customize project inputs and build out detailed improvement initiatives

    3.1.2

    1.5 hours

    1. Follow instructions on Tab 2. Inputs to customize inputs you would like to use for your project.
    2. Review the activities repository and select up to 12 overarching initiatives based on the activities with extreme or highest priority and your own considerations.
    • Rewording where necessary, transfer the names of your initiatives in the banners provided on Tab 4. Improvement Initiatives.
    • On Tab 3, indicate these activities as “Selected (initiatives)” in the Status column.
  • In Tab 4, develop detailed improvement initiatives by indicating the owner, taxonomy, start and end periods, cost and effort estimates, goal, benefit/value, and risks of each initiative.
  • Use drop-downs to list “Related activities,” which will become tasks under each initiative.
    • activities with dependency to the initiative
    • activities that lead to the same goal or benefit/value of the main initiative

    Screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives

    <p data-verified=The image is a screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives.">

    Inputs

    • Tab 3. Activities Repository

    Output

    • Unique and detailed improvement initiatives

    Materials

    • BI Initiatives and Roadmap Tool
    • BI Initiatives section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Visual representations of your initiative landscape can aid in prioritizing tasks and executing the roadmap

    Building a comprehensive BI program will be a gradual process involving a variety of stakeholders. Different initiatives in your roadmap will either be completed sequentially or in parallel to one another, given dependencies and available resources. The improvement roadmap should capture and represent this information.

    To determine the order in which main initiatives should be completed, exercises such as a value–effort map can be very useful.

    Example: Value–Effort Map for a BI Project

    Initiatives that are high value–low effort are found in the upper left quadrant and are bolded; These may be your four primary initiatives. In addition, initiative five is valuable to the business and critical to the project’s success, so it too is a priority despite requiring high effort. Note that you need to consider dependencies to prioritize these key initiatives.

    Value–Effort Map for a BI Project
    1. Data profiling techniques training
    2. Improve usage metrics
    3. Communication plan for BI
    4. Staff competency evaluation
    5. Formalize practice capabilities
    6. Competency improvement plan program
    7. Metadata architecture improvements
    8. EDW capability improvements
    9. Formalize oversight for data manipulation

    This exercise is best performed using a white board and sticky notes, and axes can be customized to fit your needs (E.g. cost, risk, time, etc.).

    Activity: Build an overall BI strategy improvement roadmap for the entire project

    3.1.3

    45 minutes

    The BI Strategy Improvement Roadmap (Tab 5 of the BI Initiatives and Roadmap Tool) has been populated with your primary initiatives and related tasks. Read the instructions provided at the top of Tab 5.

    1. Use drop-downs to assign a Start Period and End Period to each initiative (already known) and each task (determined here). As you do so, the roadmap will automatically fill itself in. This is where the value–effort map or other prioritization exercises may help.
    2. Assign Task Owners reporting Managers.
    3. Update the Status and Notes columns on an ongoing basis. Hold meetings with task owners and managers about blocked or overdue items.
    • Updating status should also be an ongoing maintenance requirement for Tab 3 in order to stay up to date on which activities have been selected as initiatives or tasks, are completed, or are not yet acted upon.

    Screenshot of the BI Improvement Roadmap (Gantt chart) showing an example initiative with tasks, and assigned timeframes, owners, and status updates.

    INPUTS

    • Tab 3. Activities Repository
    • Tab 4. Improvement Initiatives

    OUTPUT

    • BI roadmap

    Materials

    • BI Initiatives and Roadmap Tool
    • Roadmap section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Obtain approval for your BI strategy roadmap by organizing and presenting project findings

    Use a proprietary presentation template

    Recommended Participants

    • Project sponsor
    • Relevant IT & business executives
    • CIO
    • BI project team

    Materials & Requirements

    Develop your proprietary presentation template with:

    • Results from Phases 1 and 2 and Step 3.1
    • Information from:
      • Info-Tech’s Build a Reporting and Analytics Strategy
    • Screen shots of outputs from the:
      • BI Practice Assessment Tool
      • BI Initiatives and Roadmap Tool

    Next Steps

    Following the approval of your roadmap, begin to plan the implementation of your first initiatives.

    Overall Guidelines

    • Invite recommended participants to an approval meeting.
    • Present your project’s findings with the goal of gaining key stakeholder support for implementing the roadmap.
    1. Set the scene using BI vision & objectives.
    2. Present the results and roadmap next.
    3. Dig deeper into specific issues by touching on the important components of this blueprint to generate a succinct and cohesive presentation.
  • Make the necessary changes and updates stemming from discussion notes during this meeting.
  • Submit a formal summary of findings and roadmap to your governing body for review and approval (e.g. BI steering committee, BI CoE).
  • Info-Tech Insight

    At this point, it is likely that you already have the support to implement a data quality improvement roadmap. This meeting is about the specifics and the ROI.

    Maximize support by articulating the value of the data quality improvement strategy for the organization’s greater information management capabilities. Emphasize the business requirements and objectives that will be enhanced as a result of tackling the recommended initiatives, and note any additional ramifications of not doing so.

    Leverage Info-Tech’s presentation template to present your BI strategy to the executives

    Use the BI Strategy and Roadmap Executive Presentation Template to present your most important findings and brilliant ideas to the business executives and ensure your BI program is endorsed. Business executives can also learn about how the BI strategy empowers them and how they can help in the BI journey.

    Important Messages to Convey

    • Executive summary of the presentation
    • Current challenges faced by the business
    • BI benefits and associated opportunities
    • SWOT analyses of the current BI
    • BI end-user satisfaction survey
    • BI vision, mission, and goals
    • BI initiatives that take you to the future state
    • (Updated) Analytical Strategy
    • Roadmap that depicts the timeline

    STEP 3.2

    Continuous Improvement Opportunities for BI

    Create supplementary policies and programs to augment your BI strategy

    Step Objectives

    • Develop a plan for encouraging users to continue to use Excel, but in a way that does not compromise overall BI effectiveness.
    • Take steps to establish a positive organizational culture around BI.

    Step Activities

    3.2.1 Construct a concrete policy to integrate Excel use with your new BI strategy.

    3.2.2 Map out the foundation for a BI Ambassador network.

    Outcomes

    • Business user understanding of where Excel manipulation should and should not occur
    • Foundation for recognizing exceptional BI users and encouraging development of enterprise-wide business intelligence

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Project Team

    Additional Business Users

    Establish Excel governance to better serve Excel users while making sure they comply with policies

    Excel is the number one BI tool

    • BI applications are developed to support information needs.
    • The reality is that you will never migrate all Excel users to BI. Some Excel users will continue to use it. The key is to support them while imposing governance.
    • The goal is to direct them to use the data in BI or in the data warehouse instead of extracting their own data from various source systems.

    The Tactic: Centralize data extraction and customize delivery

    • Excel users formerly extracted data directly from the production system, cleaned up the data, manipulated the data by including their own business logic, and presented the data in graphs and pivot tables.
    • With BI, the Excel users can still use Excel to look at the information. The only difference is that BI or data warehouse will be the data source of their Excel workbook.

    Top-Down Approach

    • An Excel policy should be created at the enterprise level to outline which Excel use cases are allowed, and which are not.
    • Excel use cases that involve extracting data from source systems and transforming that data using undisclosed business rules should be banned.
    • Excel should be a tool for manipulating, filtering, and presenting data, not a tool for extracting data and running business rules.

    Excel

    Bottom-Up Approach

    • Show empathy to your users. They just want information to get their work done.
    • A sub-optimal information landscape is the root cause, and they are the victims. Excel spreadmarts are the by-products.
    • Make the Excel users aware of the risks associated with Excel, train them in BI, and provide them with better information in the BI platform.

    Activity: Create an Excel governance policy

    3.2.1

    4 hours

    Construct a policy around Excel use to ensure that Excel documents are created and shared in a manner that does not compromise the integrity of your overall BI program.

    1. Review the information artifact list harvested from Step 2.1 and identify all existing Excel-related use cases.
    2. Categorize the Excel use cases into “allowed,” “not allowed,” and “not sure.” For each category define:
    3. Category To Do: Policy Context
      Allowed Discuss what makes these use cases ideal for BI. Document use cases, scenarios, examples, and reasons that allow Excel as an information artifact.
      Not Allowed Discuss why these cases should be avoided. Document forbidden use cases, scenarios, examples, and reasons that use Excel to generate information artifacts.
      Not Sure Discuss the confusions; clarify the gray area. Document clarifications and advise how end users can get help in those “gray area” cases.
    4. Document the findings in the BI Strategy and Roadmap Template in the Manage and Sustain BI Strategy section, or a proprietary template. You may also need to create a separate Excel policy to communicate the Dos and Don’ts.

    Inputs

    • Step 2.1 – A list of information artifacts

    Output

    • Excel-for-BI Use Policy

    Materials

    • BI Strategy Roadmap and Template, or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Build a network of ambassadors to promote BI and report to IT with end-user feedback and requests

    The Building of an Insider Network: The BI Ambassador Network

    BI ambassadors are influential individuals in the organization that may be proficient at using BI tools but are passionate about analytics. The network of ambassadors will be IT’s eyes, ears, and even mouth on the frontline with users. Ambassadors will promote BI, communicate any messages IT may have, and keep tabs on user satisfaction.

    Ideal candidate:

    • A good relationship with IT.
    • A large breadth of experience with BI, not just one dashboard.
    • Approachable and well-respected amongst peers.
    • Has a passion for driving organizational change using BI and continually looking for opportunities to innovate.

    Push

    • Key BI Messages
    • Best Practices
    • Training Materials

    Pull

    • Feedback
    • Complaints
    • Thoughts and New Ideas

    Motivate BI ambassadors with perks

    You need to motivate ambassadors to take on this additional responsibility. Make sure the BI ambassadors are recognized in their business units when they go above and beyond in promoting BI.

    Reward Approach Reward Type Description
    Privileges High Priority Requests Given their high usage and high visibility, ambassadors’ BI information requests should be given a higher priority.
    First Look at New BI Development Share the latest BI updates with ambassadors before introducing them to the organization. Ambassadors may even be excited to test out new functionality.
    Recognition Featured in Communications BI ambassadors’ use cases and testimonials can be featured in BI communications. Be sure to create a formal announcement introducing the ambassadors to the organization.
    BI Ambassador Certificate A certificate is a formal way to recognize their efforts. They can also publicly display the certificate in their workspace.
    Rewards Appointed by Senior Executives Have the initial request to be a BI ambassador come from a senior executive to flatter the ambassador and position the role as a reward or an opportunity for success.
    BI Ambassador Awards Award an outstanding BI ambassador for the year. The award should be given by the CEO in a major corporate event.

    Activity: Plan for a BI ambassador network

    3.2.2

    2 hours

    Identify individuals within your organization to act as ambassadors for BI and a bridge between IT and business users.

    1. Obtain a copy of your latest organizational chart. Review your most up-to-date organizational chart and identify key BI consumers across a variety of functional units. In selecting potential BI ambassadors, reflect on the following questions:
    • Does this individual have a good relationship with IT?
    • What is the depth of their experience with developing/consuming business intelligence?
    • Is this individual respected and influential amongst their respective business units?
    • Has this individual shown a passion for innovating within their role?
  • Create a mandate and collateral detailing the roles and responsibilities for the ambassador role, e.g.:
    • Promote BI to members of your group
    • Represent the “voice of the data consumers”
  • Approach the ambassador candidates and explain the responsibilities and perks of the role, with the goal of enlisting about 10-15 ambassadors
  • Inputs

    • An updated organizational chart
    • A list of BI users

    Output

    • Draft framework for BI ambassador network

    Materials

    • BI Strategy and Roadmap Template or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Keeping tabs on metadata is essential to creating a data democracy with BI

    A next generation BI not only provides a platform that mirrors business requirements, but also creates a flexible environment that empowers business users to explore data assets without having to go back and forth with IT to complete queries.

    Business users are generally not interested in the underlying architecture or the exact data lineages; they want access to the data that matters most for decision-making purposes.

    Metadata is data about data

    It comes in the form of structural metadata (information about the spaces that contain data) and descriptive metadata (information pertaining to the data elements themselves), in order to answer questions such as:

    • What is the intended purpose of this data?
    • How up-to-date is this information?
    • Who owns this data?
    • Where is this data coming from?
    • How have these data elements been transformed?

    By creating effective metadata, business users are able to make connections between and bring together data sources from multiple areas, creating the opportunity for holistic insight generation.

    Like BI, metadata lies in the Information Dimension layer of our data management framework.

    The metadata needs to be understood before building anything. You need to identify fundamentals of the data, who owns not only that data, but also its metadata. You need to understand where the consolidation is happening and who owns it. Metadata is the core driver and cost saver for building warehouses and requirements gathering.

    – Albert Hui, Principal, Data Economist

    Deliver timely, high quality, and affordable information to enable fast and effective business decisions

    In order to maximize your ROI on business intelligence, it needs to be treated less like a one-time endeavor and more like a practice to be continually improved upon.

    Though the BI strategy provides the overall direction, the BI operating model – which encompasses organization structure, processes, people, and application functionality – is the primary determinant of efficacy with respect to information delivery. The alterations made to the operating model occur in the short term to improve the final deliverables for business users.

    An optimal BI operating model satisfies three core requirements:

    Timeliness

    Effectiveness

  • Affordability
  • Bring tangible benefits of your revamped BI strategy to business users by critically assessing how your organization delivers business intelligence and identifying opportunities for increased operational efficiency.

    Assess and Optimize BI Operations

    Focus on delivering timely, quality, and affordable information to enable fast and effective business decisions

    Implement a fit-for-purpose BI and analytics solution to augment your next generation BI strategy

    Organizations new to business intelligence or with immature BI capabilities are under the impression that simply getting the latest-and-greatest tool will provide the insights business users are looking for.

    BI technology can only be as effective as the processes surrounding it and the people leveraging it. Organizations need to take the time to select and implement a BI suite that aligns with business goals and fosters end-user adoption.

    As an increasing number of companies turn to business intelligence technology, vendors are responding by providing BI and analytics platforms with more and more features.

    Our vendor landscape will simplify the process of selecting a BI and analytics solution by:

    Differentiating between the platforms and features vendors are offering.

    Detailing a robust framework for requirements gathering to pinpoint your organization’s needs.

    Developing a high-level plan for implementation.

    Select and Implement a Business Intelligence and Analytics Solution

    Find the diamond in your data-rough using the right BI & Analytics solution

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-tech analysts with your team:

    3.1.1-3.1.3

    Construct a BI improvement initiative roadmap

    During these activities, your team will consolidate the list of BI initiatives generated from the assessments conducted in previous phases, assign timelines to each action, prioritize them using a value–effort matrix, and finally produce a roadmap for implementing your organization’s BI improvement strategy.

    3.2

    Identify continuous improvement opportunities for BI

    Our analyst team will work with your organization to ideate supplementary programs to support your BI strategy. Defining Excel use cases that are permitted and prohibited in conjunction with your BI strategy, as well as structuring an internal BI ambassador network, are a few extra initiatives that can enhance your BI improvement plans.

    Insight breakdown

    Your BI platform is not a one-and-done initiative.

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to provide effective enablement of business decision making. Develop a BI strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current BI capabilities.

    Put the “B” back in “BI.”

    The closer you align your new BI platform to real business interests, the stronger will be the buy-in, realized value, and groundswell of enthusiastic adoption. Ultimately, getting this phase right sets the stage to best realize a strong ROI for your investment in the people, processes, and technology that will be your next generation BI platform.

    Go beyond the platform.

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment – data management, data quality, and related data practices must be strong, otherwise the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Appendix

    Detailed list of BI Types

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as On-line analytical processing): Flexible tool-based user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods to historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future 5 3 5

    Our BI strategy approach follows Info-Tech’s popular IT Strategy Framework

    A comprehensive BI strategy needs to be developed under the umbrella of an overall IT strategy. Specifically, creating a BI strategy is contributing to helping IT mature from a firefighter to a strategic partner that has close ties with business units.

    1. Determine mandate and scope 2. Assess drivers and constraints 3. Evaluate current state of IT 4. Develop a target state vision 5. Analyze gaps and define initiatives 6. Build a roadmap 8. Revamp 7. Execute
    Mandate Business drivers Holistic assessments Vision and mission Initiatives Business-driven priorities
    Scope External drivers Focus-area specific assessments Guiding principles Risks
    Project charter Opportunities to innovate Target state vision Execution schedule
    Implications Objectives and measures

    This BI strategy blueprint is rooted in our road-tested and proven IT strategy framework as a systematic method of tackling strategy development.

    Research contributors

    Internal Contributors

    • Andy Woyzbun, Executive Advisor
    • Natalia Nygren Modjeska, Director, Data & Analytics
    • Crystal Singh, Director, Data & Analytic
    • Andrea Malick, Director, Data & Analytics
    • Raj Parab, Director, Data & Analytics
    • Igor Ikonnikov, Director, Data & Analytics
    • Andy Neill, Practice Lead, Data & Analytics
    • Rob Anderson, Manager Sales Operations
    • Shari Lava, Associate Vice-President, Vendor Advisory Practice

    External Contributors

    • Albert Hui, Principal, DataEconomist
    • Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP
    • David Farrar, Director – Marketing Planning & Operations, Ricoh Canada Inc
    • Emilie Harrington, Manager of Analytics Operations Development, Lowe’s
    • Sharon Blanton, VP and CIO, The College of New Jersey
    • Raul Vomisescu, Independent Consultant

    Research contributors and experts

    Albert Hui

    Consultant, Data Economist

    Albert Hui is a cofounder of Data Economist, a data-consulting firm based in Toronto, Canada. His current assignment is to redesign Scotiabank’s Asset Liability Management for its Basel III liquidity compliance using Big Data technology. Passionate about technology and problem solving, Albert is an entrepreneur and result-oriented IT technology leader with 18 years of experience in consulting and software industry. His area of focus is on data management, specializing in Big Data, business intelligence, and data warehousing. Beside his day job, he also contributes to the IT community by writing blogs and whitepapers, book editing, and speaking at technology conferences. His recent research and speaking engagement is on machine learning on Big Data.

    Albert holds an MBA from the University of Toronto and a master’s degree in Industrial Engineering. He has twin boys and enjoys camping and cycling with them in his spare time.

    Albert Hui Consultant, Data Economist

    Cameran Hetrick

    Senior Director of Analytics and Data Science, thredUP

    Cameran is the Senior Director of Analytics and Data Science at thredUP, a startup inspiring a new generation to think second hand first. There she helps drives top line growth through advanced and predictive analytics. Previously, she served as the Director of Data Science at VMware where she built and led the data team for End User Computing. Before moving to the tech industry, she spent five years at The Disneyland Resort setting ticket and hotel prices and building models to forecast attendance. Cameran holds an undergraduate degree in Economics/Mathematics from UC Santa Barbara and graduated with honors from UC Irvine's MBA program.

    Cameran Hetrick Senior Director of Analytics and Data Science, thredUP

    Bibliography

    Bange, Carsten and Wayne Eckerson. “BI and Data Management in the Cloud: Issues and Trends.” BARC and Eckerson Group, January 2017. Web.

    Business Intelligence: The Strategy Imperative for CIOs. Tech. Information Builders. 2007. Web. 1 Dec. 2015.

    COBIT 5: Enabling Information. Rolling Meadows, IL: ISACA, 2013. Web.

    Dag, Naslund, Emma Sikander, and Sofia Oberg. "Business Intelligence - a Maturity Model Covering Common Challenges." Lund University Publications. Lund University, 2014. Web. 23 Oct. 2015.

    “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.

    Davenport, Thomas H. and Bean, Randy. “Big Data and AI Executive Survey 2019.” NewVantage Partners LLC. 2019. Web.

    "Debunking the Business of Analytics." Experian Data Quality. Sept. 2013. Web.

    Bibliography

    Drouin, Sue. "Value Chain." SAP Analytics. February 27, 2015.

    Farrar, David. “BI & Data analytics workshop feedback.” Ricoh Canada. Sept. 2019.

    Fletcher, Heather. "New England Patriots Use Analytics & Trigger Emails to Retain Season Ticket Holders." Target Marketing. 1 Dec. 2011. Web.

    Gonçalves, Alex. "Social Media Analytics Strategy - Using Data to Optimize Business Performance.” Apress. 2017.

    Imhoff, Claudia, and Colin White. "Self Service Business Intelligence: Empowering Users to Generate Insights." SAS Resource Page. The Data Warehouse Institute, 2011. Web.

    Khamassi, Ahmed. "Building An Analytical Roadmap : A Real Life Example." Wipro. 2014.

    Kuntz, Jerry, Pierre Haren, and Rebecca Shockley. IBM Insight 2015 Teleconference Series. Proc. of Analytics: The Upside of Disruption. IBM Institute for Business Value, 19 Oct. 2015. Web.

    Kwan, Anne , Maximillian Schroeck, Jon Kawamura. “Architecting and operating model, A platform for accelerating digital transformation.” Part of a Deliotte Series on Digital Industrial Transformation, 2019. Web.

    Bibliography

    Lebied, Mona. "11 Steps on Your BI Roadmap To Implement A Successful Business Intelligence Strategy." Business Intelligence. July 20, 2018. Web.

    Light, Rob. “Make Business Intelligence a Necessity: How to Drive User Adoption.” Sisense Blog. 30 July 2018.

    Mazenko, Elizabeth. “Avoid the Pitfalls: 3 Reasons 80% of BI Projects Fail.” BetterBuys. October 2015.

    Marr, Bernard. "Why Every Business Needs A Data And Analytics Strategy.” Bernard Marr & Co. 2019.

    Mohr, Niko and Hürtgen, Holger. “Achieving Business Impact with Data.” McKinsey. April 2018.

    MIT Sloan Management

    Quinn, Kevin R. "Worst Practices in Business Intelligence: Why BI Applications Succeed Where BI Tools Fail." (2007): 1-19. BeyeNetwork. Information Builders, 2007. Web. 1 Dec. 2015.

    Ringdal, Kristen. "Learning multilevel Analysis." European social Survey. 2019.

    Bibliography

    Schaefer, Dave, Ajay Chandramouly, Burt Carmak, and Kireeti Kesavamurthy. "Delivering Self-Service BI, Data Visualization, and Big Data Analytics." IT@Intel White Paper (2013): 1-11. June 2013. Web. 30 Nov. 2015.

    Schultz, Yogi. “About.” Corvelle Consulting. 2019.

    "The Current State of Analytics: Where Do We Go From Here?" SAS Resource Page. SAS & Bloomberg Businessweek, 2011. Web.

    "The Four Steps to Defining a Customer Analytics Strategy." CCG Analytics Solutions & Services. Nov 10,2017.

    Traore, Moulaye. "Without a strategic plan, your analytics initiatives are risky." Advisor. March 12, 2018. web.

    Wells, Dave. "Ten Mistakes to Avoid When Gathering BI Requirements." Engineering for Industry. The Data Warehouse Institute, 2008. Web.

    “What is a Business Intelligence Strategy and do you need one?” Hydra. Sept 2019. Web.

    Williams, Steve. “Business Intelligence Strategy and Big Data Analytics.” Morgan Kaufman. 2016.

    Wolpe, Toby. "Case Study: How One Firm Used BI Analytics to Track Staff Performance | ZDNet." ZDNet. 3 May 2013. Web.

    Yuk, Mico. “11 Reasons Why Most Business Intelligence Projects Fail.” Innovative enterprise Channels. May 2019.

    Create an Architecture for AI

    • Buy Link or Shortcode: {j2store}344|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $604,999 Average $ Saved
    • member rating average days saved: 49 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    This research is designed to help organizations who are facing these challenges:

    • Deliver on the AI promise within the organization.
    • Prioritize the demand for AI projects and govern the projects to prevent overloading resources.
    • Have sufficient data management capability.
    • Have clear metrics in place to measure progress and for decision making.

    AI requires a high level of maturity in all data management capabilities, and the greatest challenge the CIO or CDO faces is to mature these capabilities sufficiently to ensure AI success.

    Our Advice

    Critical Insight

    • Build your target state architecture from predefined best-practice building blocks.
    • Not all business use cases require AI to increase business capabilities.
    • Not all organizations are ready to embark on the AI journey.
    • Knowing the AI pattern that you will use will simplify architecture considerations.

    Impact and Result

    • This blueprint will assist organizations with the assessment, planning, building, and rollout of their AI initiatives.
      • Do not embark on an AI project with an immature data management practice. Embark on initiatives to fix problems before they cripple your AI projects.
      • Using architecture building blocks will speed up the architecture decision phase.
    • The success rate of AI initiatives is tightly coupled with data management capabilities and a sound architecture.

    Create an Architecture for AI Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why you need an underlying architecture for AI, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess business use cases for AI readiness

    Define business use cases where AI may bring value. Evaluate each use case to determine the company’s AI maturity in people, tools, and operations for delivering the correct data, model development, model deployment, and the management of models in the operational areas.

    • Create an Architecture for AI – Phase 1: Assess Business Use Cases for AI Readiness
    • AI Architecture Assessment and Project Planning Tool
    • AI Architecture Assessment and Project Planning Tool – Sample

    2. Design your target state

    Develop a target state architecture to allow the organization to effectively deliver in the promise of AI using architecture building blocks.

    • Create an Architecture for AI – Phase 2: Design Your Target State
    • AI Architecture Templates

    3. Define the AI architecture roadmap

    Compare current state with the target state to define architecture plateaus and build a delivery roadmap.

    • Create an Architecture for AI – Phase 3: Define the AI Architecture Roadmap
    [infographic]

    Workshop: Create an Architecture for AI

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “Where To?”

    The Purpose

    Define business use cases where AI may add value and assess use case readiness.

    Key Benefits Achieved

    Know upfront if all required data resources are available in the required velocity, veracity, and variety to service the use case.

    Activities

    1.1 Review the business vision.

    1.2 Identify and classify business use cases.

    1.3 Assess company readiness for each use case.

    1.4 Review architectural principles and download and install Archi.

    Outputs

    List of identified AI use cases

    Assessment of each use case

    Data sources needed for each use case

    Archi installed

    2 Define the Required Architecture Building Blocks

    The Purpose

    Define architecture building blocks that can be used across use cases and data pipeline.

    Key Benefits Achieved

    The architectural building blocks ensure reuse of resources and form the foundation of a stepwise rollout.

    Activities

    2.1 ArchiMate modelling language overview.

    2.2 Architecture building block overview

    2.3 Identify architecture building blocks by use case.

    2.4 Define the target state architecture.

    Outputs

    A set of building blocks created in Archi

    Defined target state architecture using architecture building blocks

    3 Assess the Current State Architecture

    The Purpose

    Assess your current state architecture in the areas identified by the target state.

    Key Benefits Achieved

    Only evaluating the current state architecture that will influence your AI implementation.

    Activities

    3.1 Identify the current state capabilities as required by the target state.

    3.2 Assess your current state architecture.

    3.3 Define a roadmap and design implementation plateaus.

    Outputs

    Current state architecture documented in Archi

    Assessed current state using assessment tool

    A roadmap defined using plateaus as milestones

    4 Bridge the Gap and Create the Roadmap

    The Purpose

    Assess your current state against the target state and create a plan to bridge the gaps.

    Key Benefits Achieved

    Develop a roadmap that will deliver immediate results and ensure long-term durability.

    Activities

    4.1 Assess the gaps between current- and target-state capabilities.

    4.2 Brainstorm initiatives to address the gaps in capabilities

    4.3 Define architecture delivery plateaus.

    4.4 Define a roadmap with milestones.

    4.5 Sponsor check-in.

    Outputs

    Current to target state gap assessment

    Architecture roadmap divided into plateaus

    Business Continuity

    • Buy Link or Shortcode: {j2store}36|cart{/j2store}
    • Related Products: {j2store}36|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.2/10
    • member rating average dollars saved: $30,547
    • member rating average days saved: 37
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    The challenge

    • Recent crises have put business continuity firmly on the radar with executives. The pressures mount to have a proper BCP in place.

    • You may be required to show regulators and oversight bodies proof of having your business continuity processes under control.
    • Your customers want to know that you can continue to function under adverse circumstances and may require proof of your business continuity practices and plans.
    • While your company may put the BCM function in facility management or within the business, it typically falls upon IT leaders to join the core team to set up the business continuity plans.

    Our advice

    Insight

    • Business continuity plans require the cooperation and input from all departments with often conflicting objectives.
    • For most medium-sized companies, BCP activities do not require a full-time position. 
    • While the set up of a BCP is an epic or project, embed the maintenance and exercises in its regular activities.
    • As an IT leader in your company, you have the skillset and organizational overview to lead a BCP set up. It is the business that must own the plans. They know their processes and know where to prioritize.
    • The traditional approach to creating a BCP is a considerable undertaking. Most companies will hire one or more consultants to guide them. If you want to do this in-house, then carve up the work into discrete tasks to make it more manageable. Our blueprint explains to you how to do that.

    Impact and results 

    • You have a structured and straightforward process that you can apply to one business unit or department at a time.
    • Start with a pilot, and use the results to fine-tune your approach, fill the gaps while at the same time slowly reducing your business continuity exposure. Repeat the process for each department or team.
    • Enable the business to own the plans. Develop templates that they can use.
    • Leverage the BCP project's outcome and refine your disaster recovery plans to ensure alignment with the overall BCP.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a sound business continuity practice in your company. We'll show you our methodology and the ways we can help you in completing this.

    Identify your current maturity and document process dependencies.

    Choose a medium-sized department and build a team. Identify that department's processes, dependencies, and alternatives.

    • BCP Maturity Scorecard (xls)
    • BCP Pilot Project Charter Template (doc)
    • BCP Business Process Workflows Example (Visio)
    • BCP Business Process Workflows Example (PDF)

    Conduct a business impact analysis to determine what needs to recover first and how much (if any) data you can afford to lose in a disaster.

    Define an objective impact scoring scale for your company. Have the business estimate the impact of downtime and set your recovery targets.

    • BCP Business Impact Analysis Tool (xls)

    Document the recovery workflow entirely.

    The need for clarity is critical. In times when you need the plans, people will be under much higher stress. Build the workflow for the steps necessary to rebuild. Identify gaps and brainstorm on how to close them. Prioritize solutions that mitigate the remaining risks.

    • BCP Tabletop Planning Template (Visio)
    • BCP Tabletop Planning Template (PDF)
    • BCP Project Roadmap Tool
    • BCP Relocation Checklists

    Report the results of the pilot BCP and implement governance.

    Present the results of the pilot and propose the next steps. Assign BCM teams or people within each department. Update and maintain the overall BCMS documentation.

    • BCP Pilot Results Presentation (ppt)
    • BCP Summary (doc)
    • Business Continuity Teams and Roles Tool (xls)

    Additional business continuity tools and templates

    These can help with the creation of your BCP.

    • BCP Recovery Workflow Example (Visio)
    • BCP Recovery Workflow Example (PDF)
    • BCP Notification, Assessment, and Disaster Declaration Plan (doc)
    • BCP Business Process Workarounds and Recovery Checklists (doc)
    • Business Continuity Management Policy (doc)
    • Business Unit BCP Prioritization Tool (xls)
    • Industry-Specific BIA Guidelines (zip)
    • BCP-DRP Maintenance Checklist (xls)
    • Develop a COVID-19 Pandemic Response Plan Storyboard (ppt)

     

    Document Your Cloud Strategy

    • Buy Link or Shortcode: {j2store}468|cart{/j2store}
    • member rating overall impact (scale of 10): 8.9/10 Overall Impact
    • member rating average dollars saved: $35,642 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:

    • Inconsistent understanding of what the cloud means
    • Inability to come to a consensus on key decisions
    • Ungoverned decision-making
    • Unclear understanding of cloud roles and responsibilities

    Our Advice

    Critical Insight

    A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:

    • Vision and alignment
    • People
    • Governance
    • Technology

    Impact and Result

    • A shared understanding of what is necessary to succeed in the cloud
    • An end to ad hoc deployments that solve small problems and create larger ones
    • A unified approach and set of principles that apply to governance, architecture, integration, skills, and roles (and much, much more).

    Document Your Cloud Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Document Your Cloud Strategy – a phased guide to identifying, validating, and recording the steps you’ll take, the processes you’ll leverage, and the governance you’ll deploy to succeed in the cloud.

    This storyboard comprises four phases, covering mission and vision, people, governance, and technology, and how each of these areas requires forethought when migrating to the cloud.

    • Document Your Cloud Strategy – Phases 1-4

    2. Cloud Strategy Document Template – a template that allows you to record the results of the cloud strategy exercise in a clear, readable way.

    Each section of Document Your Cloud Strategy corresponds to a section in the document template. Once you’ve completed each exercise, you can record your results in the document template, leaving you with an artifact you can share with stakeholders.

    • Cloud Strategy Document Template
    [infographic]

    Workshop: Document Your Cloud Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Document Your Vision and Alignment

    The Purpose

    Understand and document your cloud vision and its alignment with your other strategic priorities.

    Key Benefits Achieved

    A complete understanding of your strategy, vision, alignment, and a list of success metrics that will help you find your way.

    Activities

    1.1 Record your cloud mission and vision.

    1.2 Document your cloud strategy’s alignment with other strategic plans.

    1.3 Record your cloud guiding principles.

    Outputs

    Documented strategy, vision, and alignment.

    Defined success metrics.

    2 Record Your People Strategy

    The Purpose

    Define how people, skills, and roles will contribute to the broader cloud strategy.

    Key Benefits Achieved

    Sections of the strategy that highlight skills, roles, culture, adoption, and the creation of a governance body.

    Activities

    2.1 Outline your skills and roles strategy.

    2.2 Document your approach to culture and adoption

    2.3 Create a cloud governing body.

    Outputs

    Documented people strategy.

    3 Document Governance Principles

    The Purpose

    This section facilitates governance in the cloud, developing principles that apply to architecture, integration, finance management, and more.

    Key Benefits Achieved

    Sections of the strategy that define governance principles.

    Activities

    3.1 Conduct discussion on architecture.

    3.2 Conduct discussion on integration and interoperability.

    3.3 Conduct discussion on operations management.

    3.4 Conduct discussion on cloud portfolio management.

    3.5 Conduct discussion on cloud vendor management.

    3.6 Conduct discussion on finance management.

    3.7 Conduct discussion on security.

    3.8 Conduct discussion on data controls.

    Outputs

    Documented cloud governance strategy.

    4 Formalize Your Technology Strategy

    The Purpose

    Creation of a formal cloud strategy relating to technology around provisioning, monitoring, and migration.

    Key Benefits Achieved

    Completed strategy sections of the document that cover technology areas.

    Activities

    4.1 Formalize organizational approach to monitoring.

    4.2 Document provisioning process.

    4.3 Outline migration processes and procedures.

    Outputs

    Documented cloud technology strategy.

    Further reading

    Document Your Cloud Strategy

    Get ready for the cloudy future with a consistent, proven strategy.

    Analyst perspective

    Any approach is better than no approach

    The image contains a picture of Jeremy Roberts

    Moving to the cloud is a big, scary transition, like moving from gas-powered to electric cars, or from cable to streaming, or even from the office to working from home. There are some undeniable benefits, but we must reorient our lives a bit to accommodate those changes, and the results aren’t always one-for-one. A strategy helps you make decisions about your future direction and how you should respond to changes and challenges. In Document Your Cloud Strategy we hope to help you accomplish just that: clarifying your overall mission and vision (as it relates to the cloud) and helping you develop an approach to changes in technology, people management, and, of course, governance. The cloud is not a panacea. Taken on its own, it will not solve your problems. But it can be an important tool in your IT toolkit, and you should aim to make the best use of it – whatever “best” happens to mean for you.

    Jeremy Roberts

    Research Director, Infrastructure and Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The cloud is multifaceted. It can be complicated. It can be expensive. Everyone has an opinion on the best way to proceed – and in many cases has already begun the process without bothering to get clearance from IT. The core challenge is creating a coherent strategy to facilitate your overall goals while making the best use of cloud technology, your financial resources, and your people.

    Common Obstacles

    Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:

    • Inconsistent understanding of what the cloud means
    • Inability to come to a consensus on key decisions
    • Ungoverned decision making
    • Unclear understanding of cloud roles and responsibilities

    Info-Tech’s Approach

    A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:

    1. Vision and alignment
    2. People
    3. Governance
    4. Technology

    The answers might be different, but the questions are the same

    Every organization will approach the cloud differently, but they all need to ask the same questions: When will we use the cloud? What forms will our cloud usage take? How will we manage governance? What will we do about people? How will we incorporate new technology into our environment? The answers to these questions are as numerous as there are people to answer them, but the questions must be asked.

    Your challenge

    This research is designed to help organizations that are facing these challenges or looking to:

    • Ensure that the cloud strategy is complete and accurately reflects organizational goals and priorities.
    • Develop a consistent and coherent approach to adopting cloud services.
    • Design an approach to mitigate risks and challenges associated with adopting cloud services.
    • Create a shared understanding of the expected benefits of cloud services and the steps required to realize those benefits.

    Grappling with a cloud strategy is a top initiative: 43% of respondents report progressing on a cloud-first strategy as a top cloud initiative.

    Source: Flexera, 2021.

    Definition: Cloud strategy

    A document providing a systematic overview of cloud services, their appropriate use, and the steps that an organization will take to maximize value and minimize risk.

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • The cloud means different things to different people, and creating a strategy that is comprehensive enough to cover a multitude of use cases while also being written to be consumable by all stakeholders is difficult.
    • The incentives to adopt the cloud differ based on the expected benefit for the individual customer. User-led decision making and historically ungoverned deployments can make it difficult to reset expectation and align with a formal strategy.
    • Getting all the right people in a room together to agree on the key components of the strategy and the direction undertaken for each one is often difficult.

    Info-Tech’s approach

    Define Your Cloud Vision

    Vision and alignment

    • Mission and vision
    • Alignment to other strategic plans
    • Guiding principles
    • Measuring success

    Technology

    • Monitoring
    • Provisioning
    • Migration

    Governance

    • Architecture
    • Integration and interoperability
    • Operations management
    • Cloud portfolio management
    • Cloud vendor management
    • Finance management
    • Security
    • Data controls

    People

    • Skills and roles
    • Culture and adoption
    • Governing bodies

    Info-Tech’s approach

    Your cloud strategy will comprise the elements listed under “vision and alignment,” “technology,” “governance,” and “people.” The Info-Tech methodology involves breaking the strategy down into subcomponents and going through a three-step process for each one. Start by reviewing a standard set of questions and understanding the goal of the exercise: What do we need to know? What are some common considerations and best practices? Once you’ve had a chance to review, discuss your current state and any gaps: What has been done? What still needs to be done? Finally, outline how you plan to go forward: What are your next steps? Who needs to be involved?

    Review

    • What questions do we need to answer to complete the discussion of this strategy component? What does the decision look like?
    • What are some key terms and best practices we must understand before deciding?

    Discuss

    • What steps have we already taken to address this component?
    • Does anything still need to be done?
    • Is there anything we’re not sure about or need further guidance on?

    Go forward

    • What are the next steps?
    • Who needs to be involved?
    • What questions still need to be asked/answered?
    • What should the document’s wording look like?

    Info-Tech’s methodology for documenting your cloud strategy

    1. Document your vision and alignment

    2. Record your people strategy

    3. Document governance principles

    4. Formalize your technology strategy

    Phase Steps

    1. Record your cloud mission and vision
    2. Document your cloud strategy’s alignment with other strategic plans
    3. Record your cloud guiding principles
    4. Define success
    1. Outline your skills and roles strategy
    2. Document your approach to culture and adoption
    3. Create a cloud governing body

    Document official organizational positions in these governance areas:

    1. Architecture
    2. Integration and interoperability
    3. Operations management
    4. Cloud portfolio management
    5. Cloud vendor management
    6. Finance management
    7. Security
    8. Data controls
    1. Formalize organizational approach to monitoring
    2. Document provisioning process
    3. Outline migration processes and procedures

    Phase Outcomes

    Documented strategy: vision and alignment

    Documented people strategy

    Documented cloud governance strategy

    Documented cloud technology strategy

    Insight summary

    Separate strategy from tactics

    Separate strategy from tactics! A strategy requires building out the framework for ongoing decision making. It is meant to be high level and achieve a large goal. The outcome of a strategy is often a sense of commitment to the goal and better communication on the topic.

    The cloud does not exist in a vacuum

    Your cloud strategy flows from your cloud vision and should align with the broader IT strategy. It is also part of a pantheon of strategies and should exist harmoniously with other strategies – data, security, etc.

    People problems needn’t preponderate

    The cloud doesn’t have to be a great disruptor. If you handle the transition well, you can focus your people on doing more valuable work – and this is generally engaging.

    Governance is a means to an end

    Governing your deployment for its own sake will only frustrate your end users. Articulate the benefits users and the organization can expect to see and you’re more likely to receive the necessary buy-in.

    Technology isn’t a panacea

    Technology won’t solve all your problems. Technology is a force multiplier, but you will still have to design processes and train your people to fully leverage it.

    Key deliverable

    Cloud Strategy Document template

    Inconsistency and informality are the enemies of efficiency. Capture the results of the cloud strategy generation exercises in the Cloud Strategy Document template.

    The image contains a screenshot of the Cloud Strategy Document Template.
    • Record the results of the exercises undertaken as part of this blueprint in the Cloud Strategy Document template.
    • It is important to remember that not every cloud strategy will look exactly the same, but this template represents an amalgamation of best practices and cloud strategy creation honed over several years of advisory service in the space.
    • You know your audience better than anyone. If you would prefer a strategy delivered in a different way (e.g. presentation format) feel free to adapt the Cloud Vision Executive Presentation into a longer strategy presentation.
    • Emphasis is an area where you should exercise discretion as well. A cost-oriented cloud strategy, or one that prioritizes one type of cloud (e.g. SaaS) at the exclusion of others, may benefit from more focus on some areas than others, or the introduction of relevant subcategories. Include as many of these as you think will be relevant.
    • Parsimony is king – if you can distill a concept to its essence, start there. Include additional detail only as needed. You want your cloud strategy document to be read. If it’s too long or overly detailed, you’ll encounter readability issues.

    Blueprint benefits

    IT benefits

    Business benefits

    • A consistent, well-defined approach to the cloud
    • Consensus on key strategy components, including security, architecture, and integration
    • A clear path forward on skill development and talent acquisition/retention
    • A comprehensive resource for information about the organization’s approach to key strategy components
    • Predictable access to cloud services
    • A business-aligned approach to leveraging the resources available in the cloud
    • Efficient and secure consumption of cloud resources where appropriate to do so
    • Answers to questions about the cloud and how it will be leveraged in the environment

    Measure the value of this blueprint

    Don’t take our word for it:

    • Document Your Cloud Strategy has been available for several years in various forms as both a workshop and as an analyst-led guided implementation.
    • After each engagement, we send a survey that asks members how they benefited from the experience. Those who have worked through Info-Tech’s cloud strategy material have given overwhelmingly positive feedback.
    • Additionally, members reported saving between 10 and 20 days and an average of $46,499.
    • Measure the value by calculating the time saved as a result of using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

    8.8/10 Average reported satisfaction

    13 Days Average reported time savings

    $46,499 Average cost savings

    Executive Brief Case Study

    INDUSTRY: Pharmaceuticals

    SOURCE: Info-Tech workshop

    Pharmaceutical company

    The unnamed pharmaceutical company that is the subject of this case study was looking to make the transition to the cloud. In the absence of a coherent strategy, the organization had a few cloud deployments with no easily discernable overall approach. Representatives of several distinct functions (legal, infrastructure, data, etc.) all had opinions on the uses and abuses of cloud services, but it had been difficult to round everyone up and have the necessary conversations. As a result, the strategy exercise had not proceeded in a speedy or well-governed way. This lack of strategic readiness presented a roadblock to moving forward with the cloud strategy and to work with the cloud implementation partner, tasked with execution.

    Results

    The company engaged Info-Tech for a four-day workshop on cloud strategy documentation. Over the course of four days, participants drawn from across the organization discussed the strategic components and generated consensus statements and next steps. The team was able to formalize the cloud strategy and described the experience as saving 10 days.

    Example output: Document your cloud strategy workshop exercise

    The image contains an example of Document your cloud streatgy workshop exercise.

    Anything in green, the team was reasonably sure they had good alignment and next steps. Those yellow flags warranted more discussion and were not ready for documentation.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Document your vision and alignment

    Record your people strategy

    Document governance principles

    Formalize your technology strategy

    Call #1: Review existing vision/strategy documentation.

    Call #2: Review progress on skills, roles, and governance bodies.

    Call #3: Work through integration, architecture, finance management, etc. based on reqs. (May be more than one call.)

    Call #4: Discuss challenges with monitoring, provisioning, and migration as-needed.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 4 to 6 calls over the course of 1 to 3 months

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Answer
    “so what?”

    Define the
    IT target state

    Assess the IT
    current state

    Bridge the gap and
    create the strategy

    Next steps and
    wrap-up (offsite)

    Activities

    1.1 Introduction

    1.2 Discuss cloud mission and vision

    1.3 Discuss alignment with other strategic plans

    1.4 Discuss guiding principles

    1.5 Define success metrics

    2.1 Discuss skills and roles

    2.2 Review culture and adoption

    2.3 Discuss a cloud governing body

    2.4 Review architecture position

    2.5 Discuss integration and interoperability

    3.1 Discuss cloud operations management

    3.2 Review cloud portfolio management

    3.3 Discuss cloud vendor management

    3.4 Discuss cloud finance management

    3.5 Discuss cloud security

    4.1 Review and formalize data controls

    4.2 Design a monitoring approach

    4.3 Document the workload provisioning process

    4.4 Outline migration processes and procedures

    5.1 Populate the Cloud Strategy Document

    Deliverables

    Formalized cloud mission and vision, along with alignment with strategic plans, guiding principles, and success metrics

    Position statement on skills and roles, culture and adoption, governing bodies, architecture, and integration/interoperability

    Position statements on cloud operations management, portfolio management, vendor management, finance management, and cloud security

    Position statements on data controls, monitoring, provisioning, and migration

    Completed Cloud Strategy Document

    Phase 1

    Document Your Vision and Alignment

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Document your mission and vision

    1.2 Document alignment to other strategic plans

    1.3 Document guiding principles

    1.4 Document success metrics

    2.1 Define approach to skills and roles

    2.2 Define approach to culture and adoption

    2.3 Define cloud governing bodies

    3.1 Define architecture direction

    3.2 Define integration approach

    3.3 Define operations management process

    3.4 Define portfolio management direction

    3.5 Define vendor management direction

    3.6 Document finance management tactics

    3.7 Define approach to cloud security

    3.8 Define data controls in the cloud

    4.1 Define cloud monitoring strategy

    4.2 Define cloud provisioning strategy

    4.3 Define cloud migration strategy

    This phase will walk you through the following activities:

    1. Record your cloud mission and vision
    2. Document your cloud strategy’s alignment with other strategic plans
    3. Record your cloud guiding principles
    4. Define success

    This phase has the following outcome:

    • Documented strategy: vision and alignment

    Record your mission and vision

    Build on the work you’ve already done

    Before formally documenting your cloud strategy, you should ensure that you have a good understanding of your overall cloud vision. How do you plan to leverage the cloud? What goals are you looking to accomplish? How will you distribute your workloads between different cloud service models (SaaS, PaaS, IaaS)? What will your preferred delivery model be (public, private, hybrid)? Will you support your cloud deployment internally or use the services of various consultants or managed service providers?

    The answers to these questions will inform the first section of your cloud strategy. If you haven’t put much thought into this or think you could use a deep dive on the fundamentals of your cloud vision and cloud archetypes, consider reviewing Define Your Cloud Vision, the companion blueprint to this one.

    Once you understand your cloud vision and what you’re trying to accomplish with your cloud strategy, this phase will walk you through aligning the strategy with other strategic initiatives. What decisions have others made that will impact the cloud strategy (or that the cloud strategy will impact)? Who must be involved/informed? What callouts must be involved at what point? Do users have access to the appropriate strategic documentation (and would they understand it if they did)?

    You must also capture some guiding principles. A strategy by its nature provides direction, helping readers understand the decisions they should make and why those decisions align with organizational interests. Creating some top-level principles is a useful exercise because those principles facilitate comprehension and ensure the strategy’s applicability.

    Finally, this phase will walk you through the process of measuring success. Once you know where you’d like to go, the principles that underpin your direction, and how your cloud strategy figures into the broader strategic pantheon, you should record what success actually means. If you’re looking to save money, overall cost should be a metric you track. If the cloud is all about productivity, generate appropriate productivity metrics. If you’re looking to expand into new technology or close a datacenter, you will need to track output specific to those overall goals.

    Review: mission and vision

    The overall organizational mission is a key foundational element of the cloud strategy. If you don’t understand where you’re going, how can you begin the journey to get there? This section of the strategy has four key parts that you should understand and incorporate into the beginning of the strategy document. If you haven’t already, review Define Your Cloud Vision for instructions on how to generate these elements.

    1. Cloud vision statement: This is a succinct encapsulation of your overall perspective on the suitability of cloud services for your environment – what you hope to accomplish. The ideal statement includes a scope (who/what does the strategy impact?), a goal (what will it accomplish?), and a key differentiator (what will make it happen?). This is an example: “[Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.” You might also consider reviewing your overall cloud archetype (next slide) and including the output of that exercise in the document

    2. Service model decision framework: Services can be provided as software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), or they can be colocated or remain on premises. Not all cloud service models serve the same purpose or provide equal value in all circumstances. Understanding how you plan to take advantage of these distinct service models is an important component of the cloud strategy. In this section of the strategy, a rubric that captures the characteristics of the ideal workload for each of the named service models, along with some justification for the selection, is essential. This is a core component of Define Your Cloud Vision, and if you would like to analyze individual workloads, you can use the Cloud Vision Workbook for that purpose.

    3. Delivery model decision framework: Just as there are different cloud service models that have unique value propositions, there are several unique cloud delivery models as well, distinguished by ownership, operation, and customer base. Public clouds are the purview of third-party providers who make them available to paying customers. Private clouds are built for the exclusive use of a designated organization or group of organizations with internal clients to serve. Hybrid clouds involve the use of multiple, interoperable delivery models (interoperability is the key term here), while multi-cloud deployment models incorporate multiple delivery and service models into a single coherent strategy. What will your preferred delivery model be? Why?

    4. Support model decision framework: Once you have a service model nailed down and understand how you will execute on the delivery, the question then becomes about how you will support your cloud deployment going forward. Broadly speaking, you can choose to manage your deployment in house using internal resources (e.g. staff), to use managed service providers for ongoing support, or to hire consultants to handle specific projects/tasks. Each approach has its strengths and weaknesses, and many cloud customers will deploy multiple support models across time and different workloads. A foundational perspective on the support model is a key component of the cloud vision and should appear early in the strategy.

    Understand key cloud concepts: Archetype

    Once you understand the value of the cloud, your workloads’ general suitability for the cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype. Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes. After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders. The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

    The image contains an arrow facing vertically up. The pointed end of the arrow is labelled more cloud, and the bottom of the arrow is labelled less cloud.

    We can best support the organization’s goals by:

    Cloud-Focused

    Cloud-Centric

    Providing all workloads through cloud delivery.

    Cloud-First

    Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”

    Cloud-Opportunistic

    Hybrid

    Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.

    Integrated

    Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.

    Split

    Using the cloud for some workloads and traditional infrastructure resources for others.

    Cloud-Averse

    Cloud-Light

    Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.

    Anti-Cloud

    Using traditional infrastructure resources and avoiding the use of cloud wherever possible.

    Applications Priorities 2023

    • Buy Link or Shortcode: {j2store}186|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.
    • These tools and technologies must meet the top business goals of CXOs: ensure service continuity, improve customer experience, and make data-driven decisions.
    • While today’s business applications are good and well received, there is still room for improvement. The average business application satisfaction score among IT leadership was 72% (n=1582, CIO Business Vision).

    Our Advice

    Critical Insight

    • Applications are critical components in any business strategic plan. They can directly influence an organization’s internal and external brand and reputation, such as their uniqueness, competitiveness and innovativeness in the industry
    • Business leaders are continuously looking for innovative ways to better position their application portfolio to satisfy their goals and objectives, i.e., application priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfies the different needs very different customers, stakeholders, and users.
    • Unfortunately, expectations on your applications team have increased while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    Impact and Result

    Learn and explore the technology and practice initiatives in this report to determine which initiatives should be prioritized in your application strategy and align to your business organizational objectives:

    • Optimize the effectiveness of the IT organization.
    • Boost the productivity of the enterprise.
    • Enable business growth through technology.

    Applications Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Applications Priorities Report 2023 – A report that introduces and describes five opportunities to prioritize in your 2023 application strategy.

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the ambitions of your organization.

    • Applications Priorities 2023 Report

    Infographic

    Further reading

    Applications Priorities 2023

    Applications are the engine of the business: keep them relevant and modern

    What we are facing today is transforming the ways in which we work, live, and relate to one another. Applications teams and portfolios MUST change to meet this reality.

    Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.

    As organizations continue to strengthen business continuity, disaster recovery, and system resilience, activities to simply "keep the lights on" are not enough. Be pragmatic in the prioritization and planning of your applications initiatives, and use your technologies as a foundation for your growth.

    Your applications must meet the top business goals of your CXOs

    • Ensure service continuity
    • Improve customer experience
    • Make data-driven decisions
    • Maximize stakeholder value
    • Manage risk

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Select and align your applications priorities to your business goals and objectives

    Applications are critical components in any business strategic plan. They can directly influence an organization's internal and external brand and reputation, such as their:

    • Uniqueness, competitiveness, and innovativeness in the industry.
    • Ability to be dynamic, flexible, and responsive to changing expectations, business conditions, and technologies.

    Therefore, business leaders are continuously looking for innovative ways to better position their application portfolios to satisfy their goals and objectives, i.e. applications priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfy
    the different needs of very different customers, stakeholders, and users.

    Today's business applications are good but leave room for improvement

    72%
    Average business application satisfaction score among IT leadership in 1582 organizations.

    Source: CIO Business Vision, August 2021 to July 2022, N=190.

    Five Applications Priorities for 2023

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the Ambitions of your organization.

    this is an image of the Five Applications Priorities for which will be addressed in this blueprint.

    Strengthen your foundations to better support your applications priorities

    These key capabilities are imperative to the success of your applications strategy.

    KPI and Metrics

    Easily attainable and insightful measurements to gauge the progress of meeting strategic objectives and goals (KPIs), and the performance of individual teams, practices and processes (metrics).

    BUSINESS ALIGNMENT

    Gain an accurate understanding and interpretation of stakeholder, end-user, and customer expectations and priorities. These define the success of business products and services considering the priorities of individual business units and teams.

    EFFICIENT DELIVERY & SUPPORT PRACTICE

    Software delivery and support roles, processes, and tools are collaborative, well equipped and resourced, and optimized to meet changing stakeholder expectations.

    Data Management & Governance

    Ensuring data is continuously reliable and trustworthy. Data structure and integrations are defined, governed, and monitored.

    Product & Service Ownership

    Complete inventory and rationalization of the product and service portfolio, prioritized backlogs, roadmaps, and clear product and service ownership with good governance. This helps ensure this portfolio is optimized to meet its goals and objectives.

    Strengthen your foundations to better support your applications priorities (cont'd)

    These key capabilities are imperative to the success of your applications strategy.

    Organizational Change Management

    Manage the adoption of new and modified processes and technologies considering reputational, human, and operational concerns.

    IT Operational Management

    Continuous monitoring and upkeep of products and services to assure business continuity, and system reliability, robustness and disaster recovery.

    Architectural Framework

    A set of principles and standards that guides the consistent, sustainable and scalable growth of enterprise technologies. Changes to the architecture are made in collaboration with affected parties, such as security and infrastructure.

    Application Security

    The measures, controls, and tactics at the application layer that prevent vulnerabilities against external and internal threats and ensure compliance to industry and regulatory security frameworks and standards.

    There are many factors that can stand in your team's way

    Expectations on your applications team have increased, while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    1. Attracting and retaining talent
    2. Maximizing the return on technology
    3. Confidently shifting to digital
    4. Addressing competing priorities
    5. Fostering a collaborative culture
    6. Creating high-throughput teams

    CIOs agree that at least some improvement is needed across key IT activities

    A bar graph is depicted which shows the proportion of CIOs who believe that some, or significant improvement is necessary for the following categories: Measure IT Project Success; Align IT Budget; Align IT Project Approval Process; Measure Stakeholder Satisfaction With IT; Define and Align IT Strategy; Understand Business Goals

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Pressure Point 1:
    Attracting and Retaining Talent

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Lack of employee empowerment and few opportunities for learning and development.
    • Poor coworker and manager relationships.
    • Compensation and benefits are inadequate to maintain desired quality of life.
    • Unproductive work environment and conflicting balance of work and life.
    • Unsatisfactory employee experience, including lack of employee recognition
      and transparency of organizational change.

    While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing.
    62% of organizations reported increased working hours, while 80% reported an increase in flexibility.
    Source: McLean & Company, 2022; n=394.

    Be strategic in how you fill and train key IT skills and capabilities

    • Cybersecurity
    • Big Data/Analytics
    • Technical Architecture
    • DevOps
    • Development
    • Cloud

    Source: Harvey Nash Group, 2021; n=2120.

    Pressure Point 2:
    Maximizing the Return of Technology

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Inability to analyze, propose, justify, and communicate modernization solutions in language the stakeholders understand and in a way that shows they clearly support business priorities and KPIs and mitigate risks.
    • Little interest in documenting and rationalizing products and services through business-IT collaboration.
    • Lack of internal knowledge of the system and loss of vendor support.
    • Undefined, siloed product and service ownership and governance, preventing solutions from working together to collectively deliver more value.
    • Little stakeholder appetite to invest in activities beyond "keeping the lights on."

    Only 64% of applications were identified as effective by end users.
    Effective applications are identified as at least highly important and have high feature and usability satisfaction.
    Source: Application Portfolio Assessment, August 2021 to July 2022; N=315.

    "Regardless of the many definitions of modernization floating around, the one characteristic that we should be striving for is to ensure our applications do an outstanding job of supporting the users and the business in the most effective and efficient manner possible."
    Source: looksoftware.

    Pressure Point 3:
    Confidently Shifting to Digital

    "Going digital" reshapes how the business operates and drives value by optimizing how digital and traditional technologies and tactics work together. This shift often presents significant business and technical risks to business processes, enterprise data, applications, and systems which stakeholders and teams are not aware of or prepared to accommodate.

    Address the underlying challenges

    • Differing perspectives on digital can lead to disjointed transformation initiatives, oversold benefits, and a lack of synergy among digital technologies and processes.
    • Organizations have difficulty adapting to new technologies or rethinking current business models, processes, and ways of working because of the potential human, ethical, and reputational impacts and restrictions from legacy systems.
    • Management lacks a framework to evaluate how their organization manages and governs business value delivery.
    • IT is not equipped or resourced to address these rapidly changing business, customer, and technology needs.
    • The wrong tools and technologies were chosen to support the shift to digital.

    The shift to digital processes is starting, but slowly.
    62% of respondents indicated that 1-20% of their processes were digitized during the past year.
    Source: Tech Trends and Priorities 2023; N=500

    Resistance to change and time/budget constraints are top barriers preventing companies from modernizing their applications.
    Source: Konveyor, 2022; n=600.

    Pressure Point 4:
    Addressing Competing Priorities

    Enterprise products and services are not used, operated, or branded in isolation. The various parties involved may have competing priorities, which often leads to disagreements on when certain business and technology changes should be made and how resources, budget, and other assets should be allocated. Without a broader product vision, portfolio vision, and roadmap, the various dependent or related products and services will not deliver the same level of value as if they were managed collectively.

    Address the underlying challenges

    • Undefined product and service ownership and governance, including escalation procedures when consensus cannot be reached.
    • Lack of a unified and grounded set of value and quality definitions, guiding principles, prioritization standards, and broad visibility across portfolios, business capabilities, and business functions.
    • Distrust between business units and IT teams, which leads to the scaling of unmanaged applications and fragmented changes and projects.
    • Decisions are based on opinions and experiences without supporting data.

    55% of CXOs stated some improvement is necessary in activities to understand business goals.
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    CXOs are moderately satisfied with IT's performance as a business partner (average score of 69% among all CXOs). This sentiment is similarly felt among CIOs (64%).
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    Pressure Point 5:
    Fostering a Collaborative Culture

    Culture impacts business results, including bottom-line revenue and productivity metrics. Leaders appreciate the impact culture can have on applications initiatives and wish to leverage this. How culture translates from an abstract concept to something that is measurable and actionable is not straightforward. Executives need to clarify how the desired culture will help achieve their applications strategy and need to focus on the items that will have the most impact.

    Address the underlying challenges

    • Broad changes do not consider the unique subcultures, personalities, and behaviors of the various teams and individuals in the organization.
    • Leaders mandate cultural changes without alleviating critical barriers and do not embody the principles of the target state.
    • Bureaucracy and politics restrict changes and encourage the status quo.
    • Industry standards, technologies, and frameworks do not support or cannot be tailored to fit the desired culture.
    • Some teams are deliberately excluded from the scoping, planning, and execution of key product and service delivery and management activities.

    Agile does not solve team culture challenges.
    43% of organizations cited organizational culture as a significant barrier to adopting and scaling Agile practices.
    Source: Digital.ai, 2021.

    "Providing a great employee experience" as the second priority (after recruiting) highlights the emphasis organizations are placing on helping employees adjust after having been forced to change the way work gets done.
    Source: McLean & Company, 2022; N=826.

    Use your applications priorities to help address your pressure points

    Success can be dependent on your ability to navigate around or alleviate your pressure points. Design and market your applications priorities to bring attention to your pressure points and position them as key risk factors to their success.

    Applications Priorities
    Digital Experience (DX) Intelligent Automation Proactive Application Management Multisource Systems Digital Organization as a Platform
    Attracting and Retaining Talent Enhance the employee experience Be transparent and support role changes Shift focus from maintenance to innovation Enable business-managed applications Promote and showcase achievements and successes
    Maximizing the Return on Technology Modernize or extend the use of existing investments Automate applications across multiple business functions Improve the reliability of mission-critical applications Enhance the functionality of existing applications Increase visibility of underused applications
    Confidently Shifting to Digital Prioritize DX in your shift to digital Select the capabilities that will benefit most from automation Prepare applications to support digital tools and technologies Use best-of-breed tools to meet specific digital needs Bring all applications up to a common digital standard
    Addressing Competing Priorities Ground your digital vision, goals, and objectives Recognize and evaluate the architectural impact Rationalize the health of the applications Agree on a common philosophy on system composition Map to a holistic platform vision, goals, and objectives
    Fostering a Collaborative Culture Involve all perspectives in defining and delivering DX Involve the end user in the delivery and testing of the automated process Include the technical perspective in the viability of future applications plans Discuss how applications can work together better in an ecosystem Ensure the platform is configured to meet the individual needs of the users
    Creating High-Throughput Teams Establish delivery principles centered on DX Remove manual, error-prone, and mundane tasks Simplify applications to ease delivery and maintenance Alleviate delivery bottlenecks and issues Abstract the enterprise system to expedite delivery

    Digital Experience (DX)

    PRIORITY 1

    • Deliver Valuable User, Customer, Employee, and Brand Experiences

    Delivering valuable digital experiences requires the adoption of good management, governance, and operational practices to accommodate stakeholder, employee, customer, and end-user expectations of digital experiences (e.g. product management, automation, and iterative delivery). Technologies are chosen based on what best enables, delivers, and supports these expectations.

    Introduction

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    What is digital experience (DX)?

    Digital experience (DX) refers to the interaction between a user and an organization through digital products and services. Digital products and services are tools, systems, devices, and resources that gather, store, and process data; are continuously modernized; and embody eight key attributes that are described on the following slide. DX is broken down into four distinct perspectives*:

    • Customer Experience – The immediate perceptions of transactions and interactions experienced through a customer's journey in the use of the organization's digital
      products and services.
    • End-User Experience – Users' emotions, beliefs, and physical and psychological responses
      that occur before, during, or after interacting with a digital product or service.
    • Brand Experience – The broader perceptions, emotions, thoughts, feelings and actions the public associate with the organization's brand and reputation or its products and services. Brand experience evolves over time as customers continuously engage with the brand.
    • Employee Experience – The satisfaction and experience of an employee through their journey with the organization, from recruitment and hiring to their departure. How an employee embodies and promotes the organization brand and culture can affect their performance, trust, respect, and drive to innovate and optimize.
    Digital Products and Services
    Customer Experience Brand Experience Employee Experience End-User Experience

    Digital products and services have a common set of attributes

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    • Digital products and services must keep pace with changing business and end-user needs as well as tightly supporting your maturing business model with continuous modernization. Focus your continuous modernization on the key characteristics that drive business value.
    • Fit for purpose: Functionalities are designed and implemented for the purpose of satisfying the end user's needs and solving their problems.
    • User-centric: End users see the product as rewarding, engaging, intuitive, and emotionally satisfying. They want to come back to it.
    • Adaptable: The product can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components.
    • Accessible: The product is available on demand and on the end user's preferred interface.
      End users have a seamless experience across all devices.
    • Private and secured: The end user's activity and data are protected from unauthorized access.
    • Informative and insightful: The product delivers consumable, accurate, and trustworthy real-time data that is important to the end user.
    • Seamless application connection: The product facilitates direct interactions with one or more other products through an uninterrupted user experience.
    • Relationship and network building: The product enables and promotes the connection and interaction of people.

    The Business Value cycle of continuous modernization.

    Signals

    DX is critical for business growth and maturity, but the organization may not be ready

    A good DX has become a key differentiator that gives organizations an advantage over their competition and peers. Shifts in working environments; employee, customer, and stakeholder expectations; and the advancements in modern technologies have raised the importance of adopting and transitioning to digital processes and tools to stay relevant and responsive to changing business and technology conditions.

    Applications teams are critical to ensuring the successful delivery and operation of these digital processes and tools. However, they are often under-resourced and challenged to meet their DX goals.

    • 7% of both business and IT respondents think IT has the resources needed to keep up with digital transformation initiatives and meet deadlines (Cyara, 2021).
    • 43% of respondents said that the core barrier to digital transformation is a lack of skilled resources (Creatio, 2021).
    A circle graph is shown with 91% of the circle coloured in dark blue, with the number 91% in the centre.

    of organizations stated that at least 1% of processes were shifted from being manually completed to digitally completed in the last year. 29% of organizations stated at least 21% were shifted.

    Source: Tech Trends and Priorities 2023; N=500.

    A circle graph is shown with 98% of the circle coloured in dark blue, with the number 98% in the centre.

    of organizations recognized digital transformation is important for competitive advantage. 94% stated it is important to enhance customer experience, and 91% stated it will have a positive impact on revenue.

    Source: Cyara, 2021.

    Drivers

    Brand and reputation

    Customers are swayed by the innovations and advancements in digital technologies and expect your applications team to deliver and support them. Your leaders recognize the importance of these expectations and are integrating them into their business strategy and brand (how the organization presents itself to its customers, employees and the public). They hope that their actions will improve and shape the company's reputation (public perception of the company) as effective, customer-focused, and forward-thinking.

    Worker productivity

    As you evolve and adopt more complex tools and technology, your stakeholders will expect more from business units and IT teams. Unfortunately, teams employing manual processes and legacy systems will struggle to meet these expectations. Digital products and services promote the simplification of complex operations and applications and help the business and your teams better align operational practices with strategic goals and deliver valuable DX.

    Organization modernization

    Legacy processes, systems, and ways of working are no longer suitable for meeting the strategic digital objectives and DX needs stakeholders expect. They drive up operational costs without increased benefits, impede business growth and innovation, and consume scarce budgets that could be used for other priorities. Shifting to digital tools and technologies will bring these challenges to light and demonstrate how modernization is an integral part of DX success.

    Benefits & Risks

    Benefits

    • Flexibility & Satisfaction
    • Adoption
    • Reliability

    Employees and customers can choose how they want to access, modify, and consume digital products and services. They can be tailored to meet the specific functional needs, behaviors, and habits of the end user.

    The customer, end user, brand, and employee drive selection, design, and delivery of digital products and services. Even the most advanced technologies will fail if key roles do not see the value in their use.

    Digital products and services are delivered with technical quality built into them, ensuring they meet the industry, regulatory, and company standards throughout their lifespan and in various conditions.

    Risks

    • Legacy & Lore
    • Bureaucracy & Politics
    • Process Inefficiencies
    • No Quality Standards

    Some stakeholders may not be willing to change due to their familiarity and comfort of business practices.

    Competing and conflicting priorities of strategic products and services undermine digital transformation and broader modernization efforts.

    Business processes are often burdened by wasteful activities. Digital products and services are only as valuable as the processes they support.

    The performance and support of your digital products and services are hampered due to unmanageable technical debt because of a deliberate decision to bypass or omit quality good practices.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enhance the employee experience.

    Design the digital processes, tools, and technologies to meet the individual needs of the employee.

    Maximizing the Return on Technology

    Modernize or extend the use of existing investments.

    Drive higher adoption of applications and higher user value and productivity by implementing digital capabilities to the applications that will gain the most.

    Confidently Shifting to Digital

    Prioritize DX in your shift to digital. Include DX as part of your definition of success.

    Your products and services are not valuable if users, customers, and employees do not use them.

    Addressing Competing Priorities

    Ground your digital vision, goals, and objectives

    Establish clear ownership of DX and digital products and services with a cross-functional prioritization framework.

    Fostering a Collaborative Culture

    Involve all perspectives in defining and delivering DX.

    Maintain a committee of owners, stakeholders, and delivery teams to ensure consensus and discuss how to address cross-functional opportunities and risks.

    Creating High-Throughput Teams

    Establish delivery principles centered on DX.

    Enforce guiding principles to streamline and simplify DX delivery, such as plug-and-play architecture and quality standards.

    Recommendations

    Build a digital business strategy

    A digital business strategy clearly articulates the goals and ambitions of the business to adopt digital practices, tools, and technologies. This document:

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Establishes accountability with the executive leadership.
    • States the importance of cross-functional participation from senior management across the organization.

    Related Research:

    Learn, understand, and empathize with your users, employees, and customers

    • To create a better product, solution, or service, understanding those who use it, their needs, and their context is critical.
    • A great experience design practice can help you balance those goals so that they are in harmony with those of your users.
    • IT leaders must find ways to understand the needs of the business and develop empathy on a much deeper level. This empathy is the foundation for a thriving business partnership.

    Related Research:

    Recommendations

    Center product and service delivery decisions and activities on DX and quality

    User, customer, employee, and brand are integral perspectives on the software development lifecycle (SDLC) and the management and governance practices supporting digital products and services. It ensures quality standards and controls are consistently upheld while maintaining alignment with various needs and priorities. The goal is to come to a consensus on a universal definition and approach to embed quality and DX-thinking throughout the delivery process.

    Related Research:

    Instill collaborative delivery practices

    Today's rapidly scaling and increasingly complex digital products and services create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality. This pressure is further compounded by the competing priorities of individual stakeholders and the nuances among different personas of digital products and services.

    A collaborative delivery practice sets the activities, channels, and relationships needed to deliver a valuable and quality product or service with cross-functional awareness, accountability, and agreement.

    Related Research:

    Recommendations

    Continuously monitor and modernize your digital products and services

    Today's modern digital products and services are tomorrow's shelfware. They gradually lose their value, and the supporting technologies will become obsolete. Modernization is a continuous need.

    Data-driven insights help decision makers decide which products and services to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Enhancements focusing on critical business capabilities strengthen the case for investment and build trust with all stakeholders.

    Related Research:

    CASE STUDY
    Mastercard in Asia

    Focus on the customer journey

    Chief Marketing Officer M.V. Rajamannar (Raja) wanted to change Mastercard's iconic "Priceless" ad campaign (with the slogan "There are some things money can't buy. For everything else there's Mastercard."). The main reasons were that the campaign relied on one-way communication and targeted end customers, even though Mastercard doesn't issue cards directly to customers; partner banks do. To drive the change in campaign, Raja and his team created a digital engine that leveraged digital and social media. Digital engine is a seven-step process based on insights gleaned from data and real-time optimization.

    1. Emotional spark: Using data to understand customers' passion points, Mastercard builds videos and creatives to ignite an emotional spark and give customers a reason to engage. For example, weeks before New Year's Eve, Mastercard produced a video with Hugh Jackman to encourage customers to submit a story about someone who deeply mattered to them. The authors of the winning story would be flown to reunite with those both distant and dear.
    2. Engagement: Mastercard targets the right audience with a spark video through social media to encourage customers to share their stories.
    3. Offers: To help its partner banks and merchants in driving their business, the company identifies the best offers to match consumers' interests. In the above campaign, Mastercard's Asia-Pacific team found that Singapore was a favorite destination for Indian customers, so they partnered with Singapore's Resorts World Sentosa with an attractive offer.
    4. Real-time optimization: Mastercard optimizes, in real time, a portfolio of several offers through A/B testing and other analysis.
    5. Amplification: Real-time testing provides confidence to Mastercard about the potential success of these offers and encourages its bank and merchant partners to co-market and co-fund these campaigns.
    6. Network effects: A few weeks after consumers submitted their stories about distant loved ones, Mastercard selected winners, produced videos of them surprising their friends and families, and used these videos in social media to encourage sharing.
    7. Incremental transactions: These programs translate into incremental business for banks who issue cards, for merchants where customers spend money, and for Mastercard, which gets a portion of every transaction.

    Source: Harvard Business Review Press

    CASE STUDY
    Mastercard in Asia (cont'd)

    Focus on the customer journey

    1. Emotional Spark
      Drives genuine personal stories
    2. Engagement
      Through Facebook
      and social media
    3. Offers
      From merchants
      and Mastercard assets
    4. Optimization
      Real-time testing of offers and themes
    5. Amplification
      Paid and organic programmatic buying
    6. Network Effects
      Sharing and
      mass engagement
    7. Incremental Transactions
      Win-win for all parties

    CASE STUDY
    Mastercard in Asia (cont'd)

    The Mastercard case highlights important lessons on how to engage customers:

    • Have a broad message. Brands need to connect with consumers over how they live and spend their time. Organizations need to go beyond the brand or product message to become more relevant to consumers' lives. Dove soap was very successful in creating a conversation among consumers with its "Real Beauty" campaign, which focused not on the brand or even the product category, but on how women and society view beauty.
    • Shift from storytelling to story making. To break through the clutter of advertising, companies need to move from storytelling to story making. A broader message that is emotionally engaging allows for a two-way conversation.
    • Be consistent with the brand value. The brand needs to stand for something, and the content should be relevant to and consistent with the image of the brand. Pepsi announced an award of $20 million in grants to individuals, businesses, and nonprofits that promote a new idea to make a positive impact on community. A large number of submissions were about social causes that had nothing to do with Pepsi, and some, like reducing obesity, were in conflict with Pepsi's product.
    • Create engagement that drives business. Too much entertainment in ads may engage customers but detract from both communicating the brand message and increasing sales. Simply measuring the number of video views provides only a partial picture of a program's success.

    Intelligent Automation

    PRIORITY 2

    • Extend Automation Practices with AI and ML

    AI and ML are rapidly growing. Organizations see the value of machines intelligently executing high-performance and dynamic tasks such as driving cars and detecting fraud. Senior leaders see AI and ML as opportunities to extend their business process automation investments.

    Introduction

    Intelligent automation is the next step in your business process automation journey

    What is intelligent automation (IA)?

    Intelligent automation (IA) is the combination of traditional automation technologies, such as business process management (BPM) and robotic process automation (RPA), with AI and ML. The goal is to further streamline and scale decision making across various business processes by:

    • Removing human interactions.
    • Addressing decisions that involve complex variables.
    • Automatically adapting processes to changing conditions.
    • Bridging disparate automation technologies into an integrated end-to-end value delivery pipeline.

    "For IA to succeed, employees must be involved in the transformation journey so they can experience firsthand the benefits of a new way of working and creating business value," (Cognizant).

    What is the difference between IA and hyperautomation?

    "Hyperautomation is the act of automating everything in an organization that can be automated. The intent is to streamline processes across an organization using intelligent automation, which includes AI, RPA and other technologies, to run without human intervention. … Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible" (IBM, 2021).

    Note that hyperautomation often enables IA, but teams solely adopting IA do not need to abide to its automation-first principles.

    IA is a combination of various tools and technologies

    What tools and technologies are involved in IA?

    • Artificial intelligence (AI) & Machine Learning (ML) – AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. AI is making its own decisions without human intervention. Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned. AI is a combination of technologies and can include machine learning.
    • Intelligent Business Process Management System (iBPMS) – Combination of BPM tools with AI and other intelligence capabilities.
    • Robotic Process Automation (RPA) – Robots leveraging an application's UI rather than programmatic access. Automate rules-based, repetitive tasks performed by human workers with AI/ML.
    • Process Mining & Discovery – Process mining involves reading system event logs and application transactions and applying algorithmic analysis to automatically identify and map inferred business processes. Process discovery involves unintrusive virtual agents that sit on a user's desktop and record and monitor how they interact with applications to perform tasks and processes. Algorithms are then used to map and analyze the processes.
    • Intelligent Document Processing – The conversion of physical or unstructured documents into a structured, digital format that can be used in automation solutions. Optical character recognition (OCR) and natural language processing (NPL) are common tools used to enable this capability.
    • Advanced Analytics – The gathering, synthesis, transformation, and delivery of insightful and consumable information that supports data-driven decision making. Data is queried from various disparate sources and can take on a variety of structured and unstructured formats.

    The cycle of IA technologies

    Signals

    Process automation is an executive priority and requires organizational buy-in

    Stakeholders recognize the importance of business process automation and AI and are looking for ways to deliver more value using these technologies.

    • 90% of executives stated automating business workflows post-COVID-19 will ensure business continuity (Kofax, 2022).
    • 88% of executives stated they need to fast-track their end-to-end digital transformation (Kofax, 2022).

    However, the advertised benefits to vendors of enabling these desired automations may not be easily achievable because of:

    • Manual and undocumented business processes.
    • Fragmented and inaccessible systems.
    • Poor data quality, insights, and security.
    • The lack of process governance and management practice.
    A circle graph is shown with 49% of the circle coloured in dark blue, with the number 49% in the centre.

    of CXOs stated staff sufficiency, skill and engagement issues as a minor IT pain point compared to 51% of CIOs stated this issue as a major pain point.

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    A circle graph is shown with 36% of the circle coloured in dark blue, with the number 36% in the centre.

    of organizations have already invested in AI or machine learning.

    Source: Tech Trends and Priorities 2023; N=662

    Drivers

    Quality & throughput

    Products and services delivered through an undefined and manual process risk the creation of preventable and catchable defects, security flaws and holes, missing information, and other quality issues. IA solutions consistently reinforce quality standards the same way across all products and services while tailoring outputs to meet an individual's specific needs. Success is dependent on the accurate interpretation and application of quality standards and the user's expectations.

    Worker productivity

    IA removes the tedious, routine, and mundane tasks that distract and restrict employees from doing more valuable, impactful, and cognitively focused activities. Practical insights can also be generated through IA tools that help employees make data-driven decisions, evaluate problems from different angles, and improve the usability and value of the products and services they produce.

    Good process management practices

    Automation magnifies existing inefficiencies of a business process management practice, such as unclear and outdated process documentation and incorrect assumptions. IA reinforces the importance of good business process optimization practices, such as removing waste and inefficiencies in a thoughtful way, choosing the most appropriate automation solution, and configuring the process in the right way to maximize the solution's value.

    Benefits & Risks

    Benefits

    • Documentation
    • Hands-Off
    • Reusability

    All business processes must be mapped and documented to be automated, including business rules, data entities, applications, and control points.

    IA can be configured and orchestrated to automatically execute when certain business, process, or technology conditions are met in an unattended or attended manner.

    IA is applicable in use cases beyond traditional business processes, such as automated testing, quality control, audit, website scraping, integration platform, customer service, and data transfer.

    Risks

    • Data Quality & Bias
    • Ethics
    • Recovery & Security
    • Management

    The accuracy and relevance of the decisions IA makes are dependent on the overall quality of the data
    used to train it.

    Some decisions can have significant reputational, moral, and ethical impacts if made incorrectly.
    The question is whether it is appropriate for a non-human to make that decision.

    IA is composed of technologies that can be compromised or fail. Without the proper monitoring, controls,
    and recovery protocols, impacted IA will generate significant business and IT costs and can potentially harm customers, employees, and the organization.

    Low- and no-code capabilities ease and streamline IA development, which makes it susceptible to becoming unmanageable. Discipline is needed to ensure IA owners are aware of the size and health of the IA portfolio.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Be transparent and support role changes.

    Plan to address the human sentiment with automation (e.g. job security) and the transition of the role to other activities.

    Maximizing the Return on Technology

    Automate applications across multiple business functions.

    Recognize the value opportunities of improving and automating the integration of cross-functional processes.

    Confidently Shifting to Digital

    Maximize the learning of automation fit.

    Select the right capabilities to demonstrate the value of IA while using lessons learned to establish the appropriate support.

    Addressing Competing Priorities

    Recognize automation opportunities with capability maps.

    Use a capability diagram to align strategic IA objectives with tactical and technical IA initiatives.

    Fostering a Collaborative Culture

    Involve the user in the delivery process.

    Maximize automation adoption by ensuring the user finds value in its use before deployment.

    Creating High-Throughput Teams

    Remove manual, error-prone, and mundane tasks.

    Look for ways to improve team throughput by removing wasteful activities, enforcing quality, and automating away tasks driving down productivity.

    Recommendations

    Build your business process automation playbook and practice

    Formalize your business process automation practice with a good toolkit and a repeatable set of tactics and techniques.

    • Clarify the problem being solved with IA.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases.

    Related Research:

    Explore the various IA tooling options

    Each IA tool will address a different problem. Which tool to choose is dependent on a variety of factors, such as functional suitability, technology suitability, delivery and support capabilities, alignment to strategic business goals, and the value it is designed to deliver.

    Related Research:

    Recommendations

    Introduce AI and ML thoughtfully and with a plan

    Despite the many promises of AI, organizations are struggling to fully realize its potential. The reasons boil down to a lack of understanding of when these technologies should and shouldn't be used, as well as a fear of the unknown. The plan to adopt AI should include:

    • Understanding of what AI really means in practice.
    • Identifying specific applications of AI in the business.
    • Understanding the type of AI applicable for the situation.

    Related Research:

    Mitigate AI and ML bias

    Biases can be introduced into an IA system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used and what assumptions were made. In most cases, AI and ML bias is a is a social, political, and business problem.

    While bias may not be intentional nor completely prevented or eliminated, early detection, good design, and other proactive preventative steps can be taken to minimize its scope and impact.

    Related Research:

    CASE STUDY
    University Hospitals

    Challenge

    University Hospitals Cleveland (UH) faces the same challenge that every major hospital confronts regarding how to deliver increasingly complex, high-quality healthcare to a diverse population efficiently and economically. In 2017, UH embarked on a value improvement program aiming to improve quality while saving $400 million over a five-year period.

    In emergency department (ED) and inpatient units, leaders found anticipating demand difficult, and consequently units were often over-staffed when demand was low and under-staffed when demand was high. Hospital leaders were uncertain about how to reallocate resources based on capacity needs.

    Solution

    UH turned to Hospital IQ's Census Solution to proactively manage capacity, staff, and flow in the ED and inpatient areas.

    By applying AI, ML, and external data (e.g. weather forecasts) to the hospital's own data (including EMR data and hospital policies), the solution helped UH make two-day census forecasts that managers used to determine whether to open or close in-patient beds and, when necessary, divert low-acuity patients to other hospitals in the system to handle predicted patient volume.

    Source: University Hospitals

    Results

    ED boarding hours have declined by 10% and the hospital has seen a 50% reduction in the number of patients who leave the hospital without
    being seen.

    UH also predicts in advance patients ready for discharge and identifies roadblocks, reducing the average length of stay by 15%. UH is able to better manage staff, reducing overtime and cutting overall labor costs.

    The hospital has also increased staff satisfaction and improved patient safety by closing specific units on weekends and increasing the number of rooms that can be sterilized.

    Proactive Application Management

    PRIORITY 3

    • Strengthen Applications to Prevent and Minimize the Impact of Future Issues

    Application management is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on application management when it becomes a problem. The lack of governance and practice accountability leaves this practice in a chaotic state: politics take over, resources are not strategically allocated, and customers are frustrated. As a result, application management is often reactive and brushed aside for new development.

    Introduction

    What is application management?

    Application management ensures valuable software is successfully delivered and is maintained for continuous and sustainable business operations. It contains a repeatable set of activities needed to rationalize and roadmap products and services while balancing priorities of new features and maintenance tasks.

    Unfortunately, application management is commonly perceived as a practice that solely addresses issues, updates, and incidents. However, application management teams are also tasked with new value delivery that was not part of the original release.

    Why is an effective application maintenance (reactive) practice not good enough?

    Application maintenance is the "process of modifying a software system or its components after delivery to correct faults, improve performance or other attributes, or adapt to a changed environment or business process," (IEEE, 1998). While it is critical to quickly fix defects and issues when they occur, reactively addressing them is more expensive than discovering them early and employing the practices to prevent them.

    Even if an application is working well, its framework, architecture, and technology may not be compatible with the possible upcoming changes stakeholders and vendors may want to undertake. Applications may not be problems now, but they soon can be.

    What motivates proactive application changes?

    This image shows the motivations for proactive application changes, sorted by external and internal sources.

    Proactive application management must be disciplined and applied strategically

    Proactive application management practices are critical to maintaining business continuity. They require continuous review and modification so that applications are resilient and can address current and future scenarios. Depending on the value of the application, its criticality to business operations, and its susceptibility to technology change, a more proactive management approach may be warranted. Stakeholders can then better manage resources and budget according to the needs of specific products.

    Reactive Management

    Run-to-Failure

    Fix and enhance the product when it breaks. In most cases, a plan is in place ahead of a failure, so that the problem can be addressed without significant disruption and costs.

    Preventive

    Regularly inspect and optimize the product to reduce the likelihood that it will fail in the future. Schedule inspections based on a specific timeframe or usage threshold.

    Predictive

    Predict failures before they happen using performance and usage data to alert teams when products are at risk of failure according to specified conditions.

    Reliability and Risk Based

    Analyze all possible failure scenarios for each component of the product and create tailored delivery plans to improve the stability, reliability, and value of each product.

    Proactive Management

    Signals

    Applications begin to degrade as soon as they are used

    Today's applications are tomorrow's shelfware. They gradually lose their value, stability, robustness, and compatibility with other enterprise technologies. The longer these applications are left unattended or simply "keeping the lights on," the more risks they will bring to the application portfolio, such as:

    • Discovery and exploitation of security flaws and gaps.
    • Increasing the lock-in to specific vendor technologies.
    • Inconsistent application performance across various workloads.

    These impacts are further compounded by the continuous work done on a system burdened with technical debt. Technical debt describes the result of avoided costs that, over time, cause ongoing business impacts. Left unaddressed, technical debt can become an existential threat that risks your organization's ability to effectively compete and serve its customers. Unfortunately, most organizations have a significant, growing, unmanageable technical debt portfolio.

    A circle graph is shown with 60% of the circle coloured in dark green, with the number 60% in the centre.

    of respondents stated they saw an increase in perceived change in technical debt during the past three years. A quarter of respondents indicated that it stayed the same.

    Source: McKinsey Digital, 2020.

    US
    $4.35
    Million

    is the average cost of a data breach in 2022. This figure represents a 2.6% increase from last year. The average cost has climbed 12.7% since 2020.

    Source: IBM, 2022; N=537.

    Drivers

    Technical debt

    Historical decisions to meet business demands by deferring key quality, architectural, or other software delivery activities often lead to inefficient and incomplete code, fragile legacy systems, broken processes, data quality problems, and the other contributors to technical debt. The impacts for this challenge is further heightened if organizations are not actively refactoring and updating their applications behind the scenes. Proactive application management is intended to raise awareness of application fragility and prioritize comprehensive refactoring activities alongside new feature development.

    Long-term application value

    Applications are designed, developed, and tested against a specific set of parameters which may become less relevant over time as the business matures, technology changes, and user behaviors and interactions shift. Continuous monitoring of the application system, regular stakeholder and user feedback, and active technology trend research and vendor engagement will reveal tasks to prepare an application for future value opportunities or stability and resilience concerns.

    Security and resiliency

    Innovative approaches to infiltrating and compromising applications are becoming prevailing stakeholder concerns. The loopholes and gaps in existing application security protocols, control points, and end-user training are exploited to gain the trust of unsuspecting users and systems. Proactive application management enforces continuous security reviews to determine whether applications are at risk. The goal is to prevent an incident from happening by hardening or complementing measures already in place.

    Benefits & Risks

    Benefits

    • Consistent Performance
    • Robustness
    • Operating Costs

    Users expect the same level of performance and experience from their applications in all scenarios. A proactive approach ensures the configurations meet the current needs of users and dependent technologies.

    Proactively managed applications are resilient to the latest security concerns and upcoming trends.

    Continuous improvements to the underlying architecture, codebase, and interfaces can minimize the cost to maintain and operate the application, such as the transition to a loosely coupled architecture and the standardization of REST APIs.

    Risks

    • Stakeholder Buy-In
    • Delayed Feature Releases
    • Team Capacity
    • Discipline

    Stakeholders may not see the association between the application's value and its technical quality.

    Updates and enhancements are system changes much like any application function. Depending
    on the priority of these changes, new functions may be pushed off to a future release cycle.

    Applications teams require dedicated capacity to proactively manage applications, but they are often occupied meeting other stakeholder demands.

    Overinvesting in certain application management activities (such as refactoring, re-architecture, and redesign) can create more challenges. Knowing how much to do is important.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Shift focus from maintenance to innovation.

    Work on the most pressing and critical requests first, with a prioritization framework reflecting cross-functional priorities.

    Maximizing the Return on Technology

    Improve the reliability of mission-critical applications.

    Regularly verify and validate applications are up to date with the latest patches and fixes and comply with industry good practices and regulations.

    Confidently Shifting to Digital

    Prepare applications to support digital tools and technologies.

    Focus enhancements on the key components required to support the integration, performance, and security needs of digital.

    Addressing Competing Priorities

    Rationalize the health of the applications.

    Use data-driven, compelling insights to justify the direction and prioritization of applications initiatives.

    Fostering a Collaborative Culture

    Include the technical perspective in the viability of future applications plans.

    Demonstrate how poorly maintained applications impede the team's ability to deliver confidently and quickly.

    Creating High-Throughput Teams

    Simplify applications to ease delivery and maintenance.

    Refactor away application complexities and align the application portfolio to a common quality standard to reduce the effort to deliver and test changes.

    Recommendations

    Reinforce your application maintenance practice

    Maintenance is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on maintenance when it becomes a problem.

    • Justify the necessity of streamlined maintenance.
    • Strengthen triaging and prioritization practices.
    • Establish and govern a repeatable process.

    Ensure product issues, incidents, defects, and change requests are promptly handled to minimize business and IT risks.

    Related Research:

    Build an application management practice

    Apply the appropriate management approaches to maintain business continuity and balance priorities and commitments among maintenance and new development requests.

    This practice serves as the foundation for creating exceptional customer experience by emphasizing cross-functional accountability for business value and product and service quality.

    Related Research:

    Recommendations

    Manage your technical debt

    Technical debt is a type of technical risk, which in turn is business risk. It's up to the business to decide whether to accept technical debt or mitigate it. Create a compelling argument to stakeholders as to why technical debt should be a business priority rather than just an IT one.

    • Define and identify your technical debt.
    • Conduct a business impact analysis.
    • Identify opportunities to better manage technical debt.

    Related Research:

    Gauge your application's health

    Application portfolio management is nearly impossible to perform without an honest and thorough understanding of your portfolio's alignment to business capabilities, business value, total cost of ownership, end-user reception and satisfaction, and technical health.

    Develop data-driven insights to help you decide which applications to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Related Research:

    Recommendations

    Adopt site reliability engineering (SRE) and DevOps practices

    Site reliability engineering (SRE) is an operational model for running online services more reliably by a team of dedicated reliability-focused engineers.

    DevOps, an operational philosophy promoting development and operations collaboration, can bring the critical insights to make application management practices through SRE more valuable.

    Related Research:

    CASE STUDY
    Government Agency

    Goal

    A government agency needed to implement a disciplined, sustainable application delivery, planning, and management process so their product delivery team could deliver features and changes faster with higher quality. The goal was to ensure change requests, fixes, and new features would relieve requester frustrations, reduce regression issues, and allow work to be done on agreeable and achievable priorities organization-wide. The new model needed to increase practice efficiency and visibility in order to better manage technical debt and focus on value-added solutions.

    Solution

    This organization recognized a number of key challenges that were inhibiting its team's ability to meet its goals:

    • The product backlog had become too long and unmanageable.
    • Delivery resources were not properly allocated to meet the skills and capabilities needed to successfully meet commitments.
    • Quality wasn't defined or enforced, which generated mounting technical debt.
    • There was a lack of clear metrics and defined roles and responsibilities.
    • The business had unrealistic and unachievable expectations.

    Source: Info-Tech Workshop

    Key practices implemented

    • Schedule quarterly business satisfaction surveys.
    • Structure and facilitate regular change advisory board meetings.
    • Define and enforce product quality standards.
    • Standardize a streamlined process with defined roles.
    • Configure management tools to better handle requests.

    Multisource Systems

    PRIORITY 4

    • Manage an Ecosystem Composed of In-House and Outsourced Systems

    Various market and company factors are motivating a review on resource and system sourcing strategies. The right sourcing model provides key skills, resources, and capabilities to meet innovation, time to market, financial, and quality goals of the business. However, organizations struggle with how best to support sourcing partners and to allocate the right number of resources to maximize success.

    Introduction

    A multisource system is an ecosystem of integrated internally and externally developed applications, data, and infrastructure. These technologies can be custom developed, heavily configured vendor solutions, or they may be commercial off-the-shelf (COTS) solutions. These systems can also be developed, supported, and managed by internal staff, in partnership with outsourced contractors, or be completely outsourced. Multisource systems should be configured and orchestrated in a way that maximizes the delivery of specific value drivers for the targeted audience.

    Successfully selecting a sourcing approach is not a simple RFP exercise to choose the lowest cost

    Defining and executing a sourcing approach can be a significant investment and risk because of the close interactions third-party services and partners will have with internal staff, enterprise applications and business capabilities. A careful selection and design is necessary.

    The selection of a sourcing partner is not simple. It involves the detailed inspection and examination of different candidates and matching their fit to the broader vision of the multisource system. In cases where control is critical, technology stack and resource sourcing consolidation to a few vendors and partners is preferred. In other cases, where worker productivity and system flexibility are highly prioritized, a plug-and-play best-of-breed approach is preferred.

    Typical factors involved in sourcing decisions.

    Sourcing needs to be driven by your department and system strategies

    How does the department want to be perceived?

    The image that your applications department and teams want to reflect is frequently dependent on the applications they deliver and support, the resources they are composed of, and the capabilities they provide.

    Therefore, choosing the right sourcing approach should be driven by understanding who the teams are and want to be (e.g. internal builder, an integrator, a plug-in player), what they can or want to do (e.g. custom-develop or implement), and what they can deliver or support (e.g. cloud or on-premises) must be established.

    What value is the system delivering?

    Well-integrated systems are the lifeblood of your organization. They provide the capabilities needed to deliver value to customers, employees, and stakeholders. However, underlying system components may not be sourced under a unified strategy, which can lead to duplicate vendor services and high operational costs.

    The right sourcing approach ensures your partners address key capabilities in your system's delivery and support, and that they are positioned to maximize the value of critical and high-impact components.

    Signals

    Business demand may outpace what vendors can support or offer

    Outsourcing and shifting to a buy-over-build applications strategy are common quick fixes to dealing with capacity and skills gaps. However, these quick fixes often become long-term implementations that are not accounted for in the sourcing selection process. Current application and resource sourcing strategies must be reviewed to ensure that vendor arrangements meet the current and upcoming demands and challenges of the business, customers, and enterprise technologies, such as:

    • Pressure from stakeholders to lower operating costs while maintaining or increasing quality and throughput.
    • Technology lock-in that addresses short-term needs but inhibits long-term growth and maturity.
    • Team capacity and talent acquisition not meeting the needs of the business.
    A circle graph is shown with 42% of the circle coloured in dark brown, with the number 42% in the centre.

    of respondents stated they outsourced software development fully or partly in the last 12 months (2021).

    Source: Coding Sans, 2021.

    A circle graph is shown with 65% of the circle coloured in dark brown, with the number 65% in the centre.

    of respondents stated they were at least somewhat satisfied with the result of outsourcing software development.

    Source: Coding Sans, 2021.

    Drivers

    Business-managed applications

    Employees are implementing and building applications without consulting, notifying, or heeding the advice of IT. IT is often ill-equipped and under-resourced to fight against shadow IT. Instead, organizations are shifting the mindset of "fight shadow IT" to "embrace business-managed applications," using good practices in managing multisource systems. A multisource approach strikes the right balance between user empowerment and centralized control with the solutions and architecture that can best enable it.

    Unique problems to solve

    Point solutions offer features to address unique use cases in uncommon technology environments. However, point solutions are often deployed in siloes with limited integration or overlap with other solutions. The right sourcing strategy accommodates the fragmented nature of point solutions into a broader enterprise system strategy, whether that be:

    • Multisource best of breed – integrate various technologies that provide subsets of the features needed for supporting business functions.
    • Multisource custom – integrate systems built in-house with technologies developed by external organizations.
    • Vendor add-ons and integrations – enhance an existing vendor's offering by using their system add-ons as upgrades, new add-ons, or integrations.

    Vendor services

    Some vendor services in a multisource environment may be redundant, conflicting, or incompatible. Given that multisource systems are regularly changing, it is difficult to identify what services are affected, what would be needed to fill the gap of the removed solution, or which redundant services should be removed.

    A multisource approach motivates the continuous rationalization of your vendor services and partners to determine the right mixture of in-house and outsourced resources, capabilities, and technologies.

    Benefits & Risks

    Benefits

    • Business-Focused Solution
    • Flexibility
    • Cost Optimization

    Multisource systems can be designed to support an employee's ability to select the tools they want and need.

    The environment is architected in a loosely coupled approach to allow applications to be easily added, removed, and modified with minimized impact to other integrated applications.

    Rather than investing in large solutions upfront, applications are adopted when they are needed and are removed when little value is gained. Disciplined application portfolio management is necessary to see the full value of this benefit.

    Risks

    • Manageable Sprawl
    • Policy Adherence
    • Integration & Compatibility

    The increased number and diversity of applications in multisource system environments can overwhelm system managers who do not have an effective application portfolio management practice.

    Fragmented application implementations risk inconsistent adherence to security and other quality policies, especially in situations where IT is not involved.

    Application integration can quickly become tangled, untraceable, and unmanageable because of varying team and vendor preferences for specific integration technologies and techniques.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enable business-managed applications.

    Create the integrations to enable the easy connection of desired tools to enterprise systems with the appropriate guardrails.

    Maximizing the Return on Technology

    Enhance the functionality of existing applications.

    Complement current application capability gaps with data, features, and services from third-party applications.

    Confidently Shifting to Digital

    Use best-of-breed tools to meet specific digital needs.

    Select the best tools to meet the unique and special functional needs of the digital vision.

    Addressing Competing Priorities

    Agree on a common philosophy on system composition.

    Establish an owner of the multisource system to guide how the system should mature as the organization grows.

    Fostering a Collaborative Culture

    Discuss how applications can work together better in an ecosystem.

    Build committees to discuss how applications can better support each other and drive more value.

    Creating High-Throughput Teams

    Alleviate delivery bottlenecks and issues.

    Leverage third-party sources to fill skills and capacity gaps until a long-term solution can be implemented.

    Recommendations

    Define the goals of your applications department and product vision

    Understanding the applications team's purpose and image is critical in determining how the system they are managing and the skills and capacities they need should be sourced.

    Changing and conflicting definitions of value and goals make it challenging to convey an agreeable strategy of the multisource system. An achievable vision and practical tactics ensure all parties in the multisource system are moving in the same direction.

    Related Research:

    Develop a sourcing partner strategy

    Almost half of all sourcing initiatives do not realize projected savings, and the biggest reason is the choice of partner (Zhang et al., 2018). Making the wrong choice means inferior products, higher costs and the loss of both clients and reputation.

    Choosing the right sourcing partner involves understanding current skills and capacities, finding the right matching partner based on a desired profile, and managing a good working relationship that sees short-term gains and supports long-term goals.

    Related Research:

    Recommendations

    Strengthen enterprise integration practices

    Integration strategies that are focused solely on technology are likely to complicate rather than simplify because little consideration is given on how other systems and processes will be impacted. Enterprise integration needs to bring together business process, applications, and data – in that order.

    Kick-start the process of identifying opportunities for improvement by mapping how applications and data are coordinated to support business activities.

    Related Research:

    Manage your solution architecture and application portfolio

    Haphazardly implementing and integrating applications can generate significant security, performance, and data risks. A well-thought-through solution architecture is essential in laying the architecture quality principles and roadmap on how the multisource system can grow and evolve in a sustainable and maintainable way.

    Good application portfolio management complements the solution architecture as it indicates when low-value and unused applications should be removed to reduce system complexity.

    Related Research:

    Recommendations

    Embrace business-managed applications

    Multisource systems bring a unique opportunity to support the business and end users' desire to implement and develop their own applications. However, traditional models of managing applications may not accommodate the specific IT governance and management practices required to operate business-managed applications:

    • A collaborative and trusting business-IT relationship is key.
    • The role of IT must be reimagined.
    • Business must be accountable for its decisions.

    Related Research:

    CASE STUDY
    Cognizant

    Situation

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Cognizant seeks to carefully consider client culture to create a one-team environment.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs. the more traditional order-taker development partner.
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Today's clients don't typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Clients do want to know where the work is being delivered from, how it's being done.

    Source: interview with Jay MacIsaac, Cognizant.

    Approach

    • Best relationship comes where teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Want to build a one-team culture with shared goals and deliver business value.
    • Seek a partner that will add to their thinking not echo it.

    Results

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Digital Organization as a Platform

    PRIORITY 5

    • Create a Common Digital Interface to Access All Products and Services

    A digital platform enables organizations to leverage a flexible, reliable, and scalable foundation to create a valuable DX, ease delivery and management efforts, maximize existing investments, and motivate the broader shift to digital. This approach provides a standard to architect, integrate, configure, and modernize the applications that compose the platform.

    Introduction

    What is digital organization as a platform (DOaaP)?

    Digital organization as a platform (DOaaP) is a collection of integrated digital services, products, applications, and infrastructure that is used as a vehicle to meet and exceed an organization's digital strategies. It often serves as an accessible "place for exchanges of information, goods, or services to occur between producers and consumers as well as the community that interacts
    with said platform" (Watts, 2020).

    DOaaP involves a strategy that paves the way for organizations to be digital. It helps organizations use their assets (e.g. data, processes, products, services) in the most effective ways and become more open to cooperative delivery, usage, and management. This opens opportunities for innovation and cross-department collaborations.

    How is DOaaP described?

    1. Open and Collaborative
      • Open organization: open data, open APIs, transparency, and user participation.
      • Collaboration, co-creation, crowdsourcing, and innovation
    2. Accessible and Connected
      • Digital inclusion
      • Channel ubiquity
      • Integrity and interoperability
      • Digital marketplace
    3. Digital and Programmable
      • Digital identity
      • Policies and processes as code
      • Digital products and services
      • Enabling digital platforms

    Digital organizations follow a common set of principles and practices

    Customer-centricity

    Digital organizations are driven by customer focus, meeting and exceeding customer expectations. It must design its services with a "digital first" principle, providing access through every expected channel and including seamless integration and interoperability with various departments, partners, and third-party services. It also means creating trust in its ability to provide secure services and to keep privacy and ethics as core pillars.

    Leadership, management, and strategies

    Digital leadership brings customer focus to the enterprise and its structures and organizes efficient networks and ecosystems. Accomplishing this means getting rid of silos and a siloed mentality and aligning on a digital vision to design policies and services that are efficient, cost-effective, and provide maximum benefit to the user. Asset sharing, co-creation, and being open and transparent become cornerstones of a digital organization.

    Infrastructure

    Providing digital services across demographics and geographies requires infrastructure, and that in turn requires long-term vision, smart investments, and partnerships with various source partners to create the necessary foundational infrastructure upon which to build digital services.

    Digitization and automation

    Automation and digitization of processes and services, as well as creating digital-first products, lead to increased efficiency and reach of the organization across demographics and geographies. Moreover, by taking a digital-first approach, digital organizations future-proof their services and demonstrate their commitment to stakeholders.

    Enabling platforms

    DOaaP embraces open standards, designing and developing organizational platforms and ecosystems with a cloud-first mindset and sound API strategies. Developer experience must also take center stage, providing the necessary tools and embracing Agile and DevOps practices and culture become prerequisites. Cybersecurity and privacy are central to the digital platform; hence they must be part of the design and development principles and practices.

    Signals

    The business expects support for digital products and services

    Digital transformation continues to be a high-priority initiative for many organizations, and they see DOaaP as an effective way to enable and exploit digital capabilities. However, DOaaP unleashes new strategies, opportunities, and challenges that are elusive or unfamiliar to business leaders. Barriers in current business operating models may limit DOaaP success, such as:

    • Department and functional silos
    • Dispersed, fragmented and poor-quality data
    • Ill-equipped and under-skilled resources to support DOaaP adoption
    • System fragmentation and redundancies
    • Inconsistent integration tactics employed across systems
    • Disjointed user experience leading to low engagement and adoption

    DOaaP is not just about technology, and it is not the sole responsibility of either IT or business. It is the collective responsibility of the organization.

    A circle graph is shown with 47% of the circle coloured in dark blue, with the number 47% in the centre.

    of organizations plan to unlock new value through digital. 50% of organizations are planning major transformation over the next three years.

    Source: Nash Squared, 2022.

    A circle graph is shown with 70% of the circle coloured in dark blue, with the number 70% in the centre.

    of organizations are undertaking digital expansion projects focused on scaling their business with technology. This result is up from 57% in 2021.

    Source: F5 Inc, 2022.

    Drivers

    Unified brand and experience

    Users should have the same experience and perception of a brand no matter what product or service they use. However, fragmented implementation of digital technologies and inconsistent application of design standards makes it difficult to meet this expectation. DOaaP embraces a single design and DX standard for all digital products and services, which creates a consistent perception of your organization's brand and reputation irrespective of what products and services are being used and how they are accessed.

    Accessibility

    Rapid advancement of end-user devices and changes to end-user behaviors and expectations often outpace an organization's ability to meet these requirements. This can make certain organization products and services difficult to find, access and leverage. DOaaP creates an intuitive and searchable interface to all products and services and enables the strategic combination of technologies to collectively deliver more value.

    Justification for modernization

    Many opportunities are left off the table when legacy systems are abstracted away rather than modernized. However, legacy systems may not justify the investment in modernization because their individual value is outweighed by the cost. A DOaaP initiative motivates decision makers to look at the entire system (i.e. modern and legacy) to determine which components need to be brought up to a minimum digital state. The conversation has now changed. Legacy systems should be modernized to increase the collective benefit of the entire DOaaP.

    Benefits & Risks

    Benefits

    • Look & Feel
    • User Adoption
    • Shift to Digital

    A single, modern, customizable interface enables a common look and feel no matter what and how the platform is being accessed.

    Organizations can motivate and encourage the adoption and use of all products and services through the platform and increase the adoption of underused technologies.

    DOaaP motivates and supports the modernization of data, processes, and systems to meet the goals and objectives outlined in the broader digital transformation strategy.

    Risks

    • Data Quality
    • System Stability
    • Ability to Modernize
    • Business Model Change

    Each system may have a different definition of commonly used entities (e.g. customer), which can cause data quality issues when information is shared among these systems.

    DOaaP can stress the performance of underlying systems due to the limitations of some systems to handle increased traffic.

    Some systems cannot be modernized due to cost constraints, business continuity risks, vendor lock-in, legacy and lore, or other blocking factors.

    Limited appetite to make the necessary changes to business operations in order to maximize the value of DOaaP technologies.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent Promote and showcase achievements and successes. Share the valuable and innovative work of your teams across the organization and with the public.
    Maximizing the Return on Technology Increase visibility of underused applications. Promote the adoption and use of all products and services through the platform and use the lessons learned to justify removal, updates or modernizations.
    Confidently Shifting to Digital Bring all applications up to a common digital standard. Define the baseline digital state all applications, data, and processes must be in to maximize the value of the platform.
    Addressing Competing Priorities Map to a holistic platform vision, goals and objectives. Work with relevant stakeholders, teams and end users to agree on a common directive considering all impacted perspectives.
    Fostering a Collaborative Culture Ensure the platform is configured to meet the individual needs of the users. Tailor the interface and capabilities of the platform to address users' functional and personal concerns.
    Creating High-Throughput Teams Abstract the enterprise system to expedite delivery. Use the platform to standardize application system access to simplify platform changes and quicken development and testing.

    Recommendations

    Define your platform vision

    Organizations realize that a digital model is the way to provide more effective services to their customers and end users in a cost-effective, innovative, and engaging fashion. DOaaP is a way to help support this transition.

    However, various platform stakeholders will have different interpretations of and preferences for what this platform is intended to solve, what benefits it is supposed to deliver, and what capabilities it will deliver. A grounded vision is imperative to steer the roadmap and initiatives.

    Related Research:

    Assess and modernize your applications

    Certain applications may not sufficiently support the compatibility, flexibility, and efficiency requirements of DOaaP. While workaround technologies and tactics can be employed to overcome these application challenges, the full value of the DOaaP may not be realized.

    Reviewing the current state of the application portfolio will indicate the functional and value limitations of what DOaaP can provide and an indication of the scope of investment needed to bring applications up to a minimum state.

    Related Research:

    Recommendations

    Understand and evaluate end-user needs

    Technology has reached a point where it's no longer difficult for teams to build functional and valuable digital platforms. Rather, the difficulty lies in creating an interface and platform that people want to use and use frequently.

    While it is important to increase the access and promotion of all products and services, orchestrating and configuring them in a way to deliver a satisfying experience is even more important. Applications teams must first learn about and empathize with the needs of end users.

    Related Research:

    Architect your platform

    Formalizing and constructing DOaaP just for the sake of doing so often results in an initiative that is lengthy and costly and ends up being considered a failure.

    The build and optimization of the platform must be predicated on a thorough understanding of the DOaaP's goals, objectives, and priorities and the business capabilities and process they are meant to support and enable. The appropriate architecture and delivery practices can then be defined and employed.

    Related Research:

    CASE STUDY
    e-Estonia

    Situation

    The digital strategy of Estonia resulted in e-Estonia, with the vision of "creating a society with more transparency, trust, and efficiency." Estonia has addressed the challenge by creating structures, organizations, and a culture of innovation, and then using the speed and efficiency of digital infrastructure, apps, and services. This strategy can reduce or eliminate bureaucracy through transparency and automation.

    Estonia embarked on its journey to making digital a priority in 1994-1996, focusing on a committed investment in infrastructure and digital literacy. With that infrastructure in place, they started providing digital services like an e-banking service (1996), e-tax and mobile parking (2002), and then went full steam ahead with a digital information interoperability platform in 2001, digital identity in 2002, e-health in 2008, and e-prescription in 2010. The government is now strategizing for AI.

    Results

    This image contains the results of the e-Estonia case study results

    Source: e-Estonia

    Practices employed

    The e-Estonia digital government model serves as a reference for governments across the world; this is acknowledged by the various awards it has received, like #2 in "internet freedom," awarded by Freedom House in 2019; #1 on the "digital health index," awarded by the Bertelsmann Foundation in 2019; and #1 on "start-up friendliness," awarded by Index Venture in 2018.

    References

    "15th State of Agile Report." Digital.ai, 2021. Web.
    "2022 HR Trends Report." McLean & Company, 2022.
    "2022: State of Application Strategy Report." F5 Inc, 2022.
    "Are Executives Wearing Rose-Colored Glasses Around Digital Transformation?" Cyara, 2021. Web.
    "Cost of a Data Breach Report 2022." IBM, 2022. Web.
    Dalal, Vishal, et al. "Tech Debt: Reclaiming Tech Equity." McKinsey Digital, Oct. 2020. Web.
    "Differentiating Between Intelligent Automation and Hyperautomation." IBM, 15 October 2021. Web.
    "Digital Leadership Report 2021." Harvey Nash Group, 2021.
    "Digital Leadership Report 2022: The State of Digital." Nash Squared, 2022. Web.
    Gupta, Sunil. "Driving Digital Strategy: A Guide to Reimagining Your Business." Harvard Business Review Press, 2018. Web.
    Haff, Gordon. "State of Application Modernization Report 2022." Konveyor, 2022. Web.
    "IEEE Standard for Software Maintenance: IEEE Std 1219-1998." IEEE Standard for Software Maintenance, 1998. Accessed Dec. 2015.
    "Intelligent Automation." Cognizant, n.d. Web.
    "Kofax 2022: Intelligent Automation Benchmark Study". Kofax, 2021. Web.
    McCann, Leah. "Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?" rAVe, 2 July 2020, Web.
    "Proactive Staffing and Patient Prioritization to Decompress ED and Reduce Length of Stay." University Hospitals, 2018. Web.
    "Secrets of Successful Modernization." looksoftware, 2013. Web.
    "State of Software Development." Coding Sans, 2021. Web.
    "The State of Low-Code/No-Code." Creatio, 2021. Web.
    "We Have Built a Digital Society and We Can Show You How." e-Estonia. n.d. Web.
    Zanna. "The 5 Types of Experience Series (1): Brand Experience Is Your Compass." Accelerate in Experience, 9 February 2020. Web.
    Zhang, Y. et al. "Effects of Risks on the Performance of Business Process Outsourcing Projects: The Moderating Roles of Knowledge Management Capabilities." International Journal of Project Management, 2018, vol. 36 no. 4, 627-639.

    Research Contributors and Experts

    This is a picture of Chris Harrington

    Chris Harrington
    Chief Technology Officer
    Carolinas Telco Federal Credit Union

    Chris Harrington is Chief Technology Officer (CTO) of Carolinas Telco Federal Credit Union. Harrington is a proven leader with over 20 years of experience developing and leading information technology and cybersecurity strategies and teams in the financial industry space.

    This is a picture of Benjamin Palacio

    Benjamin Palacio
    Senior Information Technology Analyst County of Placer

    Benjamin Palacio has been working in the application development space since 2007 with a strong focus on system integrations. He has seamlessly integrated applications data across multiple states into a single reporting solution for management teams to evaluate, and he has codeveloped applications to manage billions in federal funding. He is also a CSAC-credentialed IT Executive (CA, USA).

    This is a picture of Scott Rutherford

    Scott Rutherford
    Executive Vice President, Technology
    LGM Financial Services Inc.

    Scott heads the Technology division of LGM Financial Services Inc., a leading provider of warranty and financing products to automotive OEMs and dealerships in Canada. His responsibilities include strategy and execution of data and analytics, applications, and technology operations.

    This is a picture of Robert Willatts

    Robert Willatts
    IT Manager, Enterprise Business Solutions and Project Services
    Town of Newmarket

    Robert is passionate about technology, innovation, and Smart City Initiatives. He makes customer satisfaction as the top priority in every one of his responsibilities and accountabilities as an IT manager, such as developing business applications, implementing and maintaining enterprise applications, and implementing technical solutions. Robert encourages communication, collaboration, and engagement as he leads and guides IT in the Town of Newmarket.

    This is a picture of Randeep Grewal

    Randeep Grewal
    Vice President, Enterprise Applications
    Red Hat

    Randeep has over 25 years of experience in enterprise applications, advanced analytics, enterprise data management, and consulting services, having worked at numerous blue-chip companies. In his most recent role, he is the Vice President of Enterprise Applications at Red Hat. Reporting to the CIO, he is responsible for Red Hat's core business applications with a focus on enterprise transformation, application architecture, engineering, and operational excellence. He previously led the evolution of Red Hat into a data-led company by maturing the enterprise data and analytics function to include data lake, streaming data, data governance, and operationalization of analytics for decision support.

    Prior to Red Hat, Randeep was the director of global services strategy at Lenovo, where he led the strategy using market data to grow Lenovo's services business by over $400 million in three years. Prior to Lenovo, Randeep was the director of advanced analytics at Alliance One and helped build an enterprise data and analytics function. His earlier work includes seven years at SAS, helping SAS become a leader in business analytics, and at KPMG consulting, where he managed services engagements at Fortune 100 companies.

    Recruit and Retain More Women in IT

    • Buy Link or Shortcode: {j2store}575|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $14,532 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women (CIO from IDG, 2021).
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Our Advice

    Critical Insight

    • Retaining and attracting top women is good business, not personal. As per McKinsey Global Institute, “$4.3 trillion of additional annual GDP in 2025 could be added to the U.S. by fully bridging the gender gap.”
    • In the war on talent, having a strategy around how you will recruit & retain of women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    Impact and Result

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets for IT talent. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution that will help IT leaders:

    1. Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    2. Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Recruit and Retain More Women in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recruit and Retain More Women in IT Deck – A step-by-step document that walks you through how to build a recruitment and retention plan for women in IT.

    Create a targeted recruitment and retention strategy for women. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT. Take a data-driven approach to improving retention of women by using best practices to measure and improve employee engagement.

    • Recruit and Retain More Women in IT – Phases 1-2

    2. Employee Value Proposition Tools – Build and road-test your employee value proposition to ensure that it is aligned, clear, compelling, and differentiated.

    These tools tap into best practices to help you collect the information you need to build, assess, test, and adopt an employee value proposition.

    • Employee Value Proposition (EVP) Interview Guide
    • Employee Value Proposition (EVP) Scorecard
    • Employee Value Proposition (EVP) Internal Scorecard Handout

    3. IT Behavioral Interview Question Library – A complete list of sample questions aligned with core, leadership, and IT competencies.

    Don’t hire by intuition, consider leveraging behavioral interview questions to reduce bias and uncover candidates that will be able to execute on the job.

    • IT Behavioral Interview Question Library

    4. Stay Interview Guide – Use this tool to guide one-on-one conversations with your team members to monitor employee engagement between surveys.

    Stay interviews are an effective method for monitoring employee engagement. Have these informal conversations to gain insight into what your employees really think about their jobs, what causes them to stay, and what may lead them to leave.

    • Stay Interview Guide

    Infographic

    Workshop: Recruit and Retain More Women in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for Strategically Recruiting and Retaining Women in IT

    The Purpose

    Identify the need for a targeted strategy to recruit and retain women in IT and pinpoint your largest opportunities to drive diversity in your IT team.

    Key Benefits Achieved

    Establish goals and targets for the changes to be made to your IT recruitment and retention strategies.

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle challenges and opportunities.

    1.3 Make the case for changes to recruitment and retention strategies.

    Outputs

    Recruitment & Retention Metrics Report

    Business Case for Recruitment and Retention Changes

    2 Develop Strategies to Sell Your Organization to Wider Candidate Pool

    The Purpose

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Key Benefits Achieved

    Implement effective strategies to drive more applications to your job postings.

    Activities

    2.1 Develop an IT employee value proposition.

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    Outputs

    Employee Value Proposition

    EVP Marketing Plan

    Revised Job Ads

    3 Expand Your Talent Sourcing Strategy

    The Purpose

    Sourcing shouldn’t start with an open position, it should start with identifying an anticipated need and then building and nurturing a talent pipeline.

    IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Key Benefits Achieved

    Develop a modern job requisition form though role analysis.

    Increase your candidate pool by expanding sourcing programs.

    Activities

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    Outputs

    Job requisition form for key roles

    Sourcing strategy for key roles

    4 Secure Top Talent

    The Purpose

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understanding the root cause of applicant drop-off and success and take corrective actions.

    Key Benefits Achieved

    Optimize your selection process.

    Implement non-bias interview techniques in your selection process.

    Activities

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    Outputs

    Root-Cause Analysis of Section Challenges

    Behavioral Interview Guide

    5 Retain Top Women in IT

    The Purpose

    Employee engagement is one of the greatest predictors of intention to stay.

    To retain employees you need to understand not only engagement, but also your employee experience and the moments that matter, and actively work to create positive experience.

    Key Benefits Achieved

    Identify opportunities to drive engagement across your IT organization.

    Implement tactical programs to reduce turnover in IT.

    Activities

    5.1 Measure employee engagement and review results.

    5.2 Identify new alternative sourcing approaches for talent.

    5.3 Train managers to conduct stay interviews and drive employee engagement.

    Outputs

    Identified Employee Engagement Action Plan

    Action Plan to Execute Stay Interviews

    Further reading

    Recruit and Retain More Women in IT

    Gender diversity is directly correlated to IT performance.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Technology has never been more important to organizations, and as a result, recruiting and retaining quality IT employees is increasingly difficult.

    • IT unemployment rates continue to hover below 2% in the US.
    • The IT talent market has evolved into one where the employer is the seller and the employee is the buyer.

    Common Obstacles

    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women.*
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Info-Tech’s Approach

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution to help:

    • Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    • Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Info-Tech Insight

    Retaining and attracting top women is good business, not personal. Companies with greater gender diversity on executive teams were 25% more likely to have above-average profitability.1 In the war on talent, having a strategy around how you will recruit and retain women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    *– McKinsey & Company, 2020; 2 – CIO From IDG, 2021
    The image contains a screenshot of a thought model titled: Recruit and Retain More Women in IT. Its subheading is: Gender Diversity is Directly Correlated to IT Performance. The thought model lists critical methods to recruit and retain, and also a traditional method to compare.

    Diversity & inclusion – it’s good business, not personal

    Why should organizations care about diversity?

    1. The war for talent is real. Every CIO needs a plan of attack. Unemployment rates are dropping and 54% of CIOs report that the skills shortage is holding them up from meeting their strategic objectives.
    2. Source: Harvey Nash and KPMG, 2020
    3. Diversity has clear ROI – both in terms of recruitment and retention. Eighty percent of technology managers experienced increased turnover in 2021. Not only are employee tenures decreasing, the competition for talent is fierce and the average cost of turnover is 150% of an IT worker’s salary.
    4. Source: Robert Half, 2021
    5. Inability to recruit and retain talent will reduce business satisfaction. Organizations who are continuously losing talent will be unable to meet corporate objectives due to lost productivity, keeping them in firefighting mode. An engaged workforce is a requirement for driving innovation and project success.

    ISACA’s 2020 study shows a disconnect between what men and women think is being done to recruit and retain female employees

    Key findings from ISACA’s 2020 Tech Workforce survey

    65% of men think their employers have a program to encourage hiring women. But only 51% of women agree.

    71% of men believe their employers have a program to encourage the promotion or advancement of women. But only 59% of women agree.

    49% of women compared to 44% of men in the survey feel they must work harder than their peers.

    22% of women compared to 14% of men feel they are underpaid.

    66% of women compared to 72% of men feel they are receiving sufficient resources to sustain their career.

    30% of women compared to 23% of men feel they have unequal growth opportunities.

    74% of women compared to 64% of men feel they lack confidence to negotiate their salaries.

    To see ISACA’s full report click here.
    The image contains a screenshot of a multi bar graph to demonstrate the percentage of female employees in the workforce of major tech companies. The major tech companies include: Amazon, Facebook, Apple, Google, and Microsoft.
    Image: Statista, 2021, CC BY-ND 4.0

    The chart to the left, compiled by Statista, (based on self-reported company figures) shows that women held between 23% to 25% of the tech jobs at major tech companies.

    Women are also underrepresented in leadership positions: 34% at Facebook, 31% at Apple, 29% at Amazon, 28% at Google, and 26% at Microsoft.

    (Statista, 2021)

    To help support women in tech, 78% of women say companies should promote more women into leadership positions. Other solutions include:

    • Providing mentorship opportunities (72%)
    • Offering flexible scheduling (64%)
    • Conducting unconscious bias training (57%)
    • Offering equal maternity and paternity leave (55%)
    • (HRD America, 2021)

    Traditional retention initiatives target the majority – the drivers that impact the retention of women in IT are different

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but, the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees

    The majority of organizations take a one-size-fits-all approach to retaining and engaging employees.

    However, studies show that women are leaving IT in significantly higher proportions than men and that the drivers impacting men’s and women’s retention are different. Knowing how men and women react differently to engagement drivers will help you create a targeted retention strategy.

    In particular, to increase the retention and engagement of women, organizations should develop targeted initiatives that focus on:

    • Organizational culture
    • Employee empowerment
    • Manager relationships

    Why organizations need to focus on the recruitment and retention of women in IT

    1. Women expand the talent pool. Women represent a vast, untapped talent pool that can bolster the technical workforce. Unfortunately, traditional IT recruitment processes are targeted toward a limited IT profile – the key to closing the IT skills gap is to look for agile learners and expand your search criteria to cast a larger net.
    2. Diversity increases innovation opportunities. Groups with greater diversity solve complex problems better and faster than homogenous groups, and the presence of women is more likely to increase the problem-solving and creative abilities of the group.
    3. Women increase your ROI. Research shows that companies with the highest representation of women in their management teams have a 34% higher return on investment than those with few or no women. Further, organizations who are unable to retain top women in their organization are at risk for not being able to deliver to SLAs or project expectations and lose the institutional knowledge needed for continuous improvement.
    4. Source: Bureau of Labour Statistics; Info-Tech Research Group/McLean & Company Analysis

    Improving the representation of women in your organization requires rethinking recruitment and retention strategies

    SIGNS YOU MAY NEED A TARGETED RECRUITMENT STRATEGY…

    SIGNS YOU MAY NEED A TARGETED RETENTION STRATEGY…

    • “It takes longer than 8 weeks to fill a posted IT position.”
    • “Less than 35% of applicants to posted positions are women.”
    • “In the last year the number of applicants to posted positions has decreased.”
    • “The number of female employees who have referred employees in the last year is significantly lower than men in the department.”
    • “Less than 35% of your IT workforce is made up of women.”
    • “Proportionally women decline IT roles in higher rates than men in IT.”
    • “Voluntary turnover of high performers and high potentials is above 5%.”
    • “Turnover of women in IT is disproportionate to the percentage of IT staff.”
    • “Employee rankings of the IT department on social networking sites (e.g. Glassdoor) are low.”
    • “Employees are frequently absent from their jobs.”
    • “Less than 25% of management roles in IT are filled by women.”
    • “Employee engagement scores are lower among women than men.”

    Info-Tech’s approach to improving gender diversity at your organization

    Info-Tech takes a practical, tactical approach to improving gender diversity at organizations, which starts with straightforward tactics that will help you improve the recruitment and retention of women in your organization.

    How we can help

    1. Leverage Info-Tech’s tools to define your current challenges and opportunities for gender diversity to improve your recruitment and retention issues.
    2. Employ straightforward and tested tactics to increase talent acquisition of women in IT by optimizing how you sell to, search for, and secure top female talent.
    3. Take a data-driven approach to measure and increase the retention and engagement of women within your IT organization, and know how and when to involve your staff for optimal results.

    Leverage Info-Tech’s customizable deliverables to improve the recruitment and retention of women in your organization

    RECRUIT Top Women in IT

    If you don’t have a targeted recruitment strategy for women, you are missing out on 50% of the candidate pool. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT.

    Key metrics to track:

    • Average number of female candidates per posting
    • Average time to fill position
    • Percentage of new hires still at the organization one year later

    RETAIN Top Women in IT

    The drivers that impact the retention of men and women are different. Take a data-driven approach to improving retention of women in your organization by using best practices to measure and improve employee engagement.

    Key metrics to track:

    • Voluntary turnover rates of men and women
    • Average tenure of men and women
    • Percentage of internal promotions going to men and women
    • Employee engagement scores

    Info-Tech’s methodology for Recruit and Retain More Women in IT

    1. Enhance Your Recruitment Strategies

    2. Enhance Your Retention Strategies

    Phase Steps

    1. Sell:
    • Develop an attractive employee value proposition.
    • Understand the impact of language on applicants.
  • Search:
    • Define meaningful job requirements
    • Evaluate various sourcing pools.
  • Secure:
    • Improve the interview experience.
    • Leverage behavioral interview questions to limit bias.
    1. Drive engagement in key areas correlated with driving higher retention of women in IT.
    2. Train managers to understand key moments that matter in the employee experience.
    3. Understand what motivates key performers to stay at your organization.

    Phase Outcomes

    Recruitment Optimization Plan

    Retention Optimization Plan

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our teams knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 6 calls over the course of 1 to 2 months.

    1. Tactics to Recruit More Women in IT

    Call #1: Develop a strategy to better sell your organization to diverse candidates.

    Call #2: Evaluate your candidate search practices to reach a wider audience.

    Call #3: Introduce best practices in your interviews to improve the candidate experience and limit bias.

    2. Tactics to Retain More Women in IT

    Call #4: Launch focus groups to improve performance of key retention drivers.

    Call #5: Measure the employee experience and identify key moments that matter to staff.

    Call #6: Conduct stay interviews and establish actions to improve retention.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Make the Case

    Develop Strategies to Sell to a Wider Candidate Pool

    Expand Your Talent Sourcing Strategy

    Secure & Retain Top Talent

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle.

    1.3 Make the case for changes to recruitment and retention strategies.

    2.1 Develop an IT employee value proposition (EVP).

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    4.3 Measure employee engagement and review results.

    4.4 Develop programs to improve employee engagement.

    4.5 Train managers to conduct stay interviews and drive employee engagement.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Recruitment & retention metrics report
    2. Business case for recruitment and retention changes
    1. Employee Value Proposition
    2. EVP marketing plan
    3. Revised job ads
    1. Job requisition form for key roles
    2. Sourcing strategy for key roles
    1. Root-cause analysis of section challenges
    2. Behavioral interview guide
    3. Identified employee engagement action plan
    4. Action plan to execute stay interviews
    1. Completed recruitment optimization plan
    2. Completed retention optimization plan

    Phase 1

    Enhance Your Recruitment Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Consider key factors within the recruitment process

    Key Talent Pipeline Opportunities:

    • In today’s talent landscape IT leaders need to be highly strategic about how they recruit new talent to the organization.
    • IT professionals have a huge number of options to choose from when considering their next career.
    • IT leaders need to actively market and expand their search to attract top talent. The “where” and “how” to recruit men and women in IT are different and your strategy should reflect this.
    • Partnering with your HR department to help you improve the number of applicants, expand your search criteria, and optimize the interview experience will all directly impact your talent pipeline.
    1. Sell
    2. How do you position the value of working for your organization and roles in a meaningful way?

    3. Search
    4. How can you expand your key search criteria and sourcing strategies to reach more candidates?

    5. Secure
    6. How can you reduce bias in your interview process and create positive candidate experiences?

    Info-Tech’s Sell-Search-Secure recruitment model

    Follow these steps to increase your pool of female candidates.

    1. Sell Tactics:
    2. 1. Develop an employee value proposition that will attract female candidates.

      2. Understand how your job postings may be deterring female candidates.

    3. Search Tactics:
    4. 3. Identify opportunities to expand your role analysis for job requisitions.

      4. Increase your candidate pool by expanding sourcing programs.

    5. Secure Tactics:
    6. 5. Identify tactics to improve women’s interview experience.

      6. Leverage behavioral interview questions to limit bias in interviews.

    Please note, this section is not a replacement or a full talent strategy. Rather, this blueprint will highlight key tactics within talent acquisition practices that the IT leadership team can help to influence to drive greater diversity in recruitment.

    Understand where leaks exist in your talent pipeline

    Start your recruitment enhancement here.

    Work with your HR department to track critical metrics around where you need to make improvements and where you can partner with your recruitment team to improve your recruitment process and build a more diverse pipeline. Identify where you have significant drops or variation in diversity or overall need and select where you’d like to focus your recruitment improvement efforts.

    Selection Process Step

    Sample Metrics to Track

    Sell

    Average time to fill a vacant position

    Average number of applicants for posted positions

    Total # of Candidates; # of Male Candidates (% of total);

    # of Female Candidates (% of total); % Difference Male & Female

    Number of page visits vs. applications for posted positions

    Total # of Candidates

    # of Male Candidates

    % of total

    # of Female Candidates

    % of total

    % Difference Male & Female

    Search

    Number of applicants coming from your different sourcing channels (one line per sourcing channel: LinkedIn Group A, website, job boards, specific events, etc.)

    Number of applicants coming from referrals

    Secure

    Number of applicants meeting qualifications

    Number of applicants selected for second interview

    Number of applicants rejecting an offer

    Number of applicants accepting an offer

    Number of employees retained for one year

    Enhance your recruitment strategies

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Sell the organization

    What is an employee value proposition?

    An employee value proposition (EVP) is a unique and clearly defined set of attributes and benefits that capture an employee’s overall work experience within an organization. An EVP is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    How is an employee value proposition used?

    Your EVP should be used internally and externally to promote the unique benefits of working within the department. As a recruiting tool, you can use it to attract candidates, highlighting the benefits of working for your organization. The EVP is often highlighted where you are most likely to reach your target audience, whether that is through social media, in-person events, or in other advertising activities.

    Why tailor this to multiple audiences?

    While your employee value proposition should remain constant in terms of the unique benefits of working for your organization, you want to ensure that the EVP appeals to multiple audiences and that it is backed up by relevant stories that support how your organization lives your EVP every day. Candidates need to be able to relate to the EVP and see it as desirable, so ensuring that it is relatable to a diverse audience is key.

    Develop a strong employee value proposition

    Three key steps

    The image contains a cycle to demonstrate the three key steps. The steps are: Build and Assess the EVP, Test the EVP, and Adopt the EVP.

    1. Build and Assess the EVP

    Assess your existing employee value proposition and/or build a forward-looking, meaningful, authentic, aspirational EVP.

    2. Test the EVP

    Gather feedback from staff to ensure the EVP is meaningful internally and externally.

    3. Adopt the EVP

    Identify how and where you will leverage the EVP internally and externally, and integrate the EVP into your candidate experience, job ads, and employee engagement initiatives.

    As you build your EVP, keep in mind that while it’s important to brand your IT organization as an inclusive workplace to help you attract diverse candidates, be honest about your current level of diversity and your intentions to improve. Otherwise, new recruits will be disappointed and leave.

    What is an employee value proposition?

    And what are the key components?

    The employee value proposition is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    AN EMPLOYEE VALUE PROPOSITION IS:

    AN EMPLOYEE VALUE PROPOSITION IS NOT:

    • An authentic representation of the employee experience
    • Aligned with organizational culture
    • Fundamental to all stages of the employee lifecycle
    • A guide to help investment in programs and policies
    • Short and succinct
    • What the employee can do for you
    • A list of programs and policies
    • An annual project

    THE FOUR KEY COMPONENTS OF AN EMPLOYEE VALUE PROPOSITION

    Rewards

    Organizational Elements

    Working Conditions

    Day-to-Day Job Elements

    • Compensation
    • Health Benefits
    • Retirement Benefits
    • Vacation
    • Culture
    • Customer Focus
    • Organization Potential
    • Department Relationships
    • Senior Management Relationships
    • Work/Life Balance
    • Working Environment
    • Employee Empowerment
    • Development
    • Rewards & Recognition
    • Co-Worker Relationships
    • Manager Relationships

    Creating a compelling EVP that presents a picture of your employee experience, with a focus on diversity, will attract females to your team. This can lead to many internal and external benefits for your organization.

    Collect relevant information

    Existing Employee Value Proposition: If your organization or IT department has an existing employee value proposition, rather than starting from scratch, we recommend leveraging that and moving to the testing phase to see if the EVP still resonates with staff and external parties.

    Employee Engagement Results: If your organization does an employee engagement survey, review the results to identify the areas in which the IT organization is performing well. Identify and document any key comment themes in the report around why employees enjoy working for the organization or what makes your IT department a great place to work.

    Social Media Sites. Prepare for the good, the bad, and the ugly. Social media websites like Glassdoor and Indeed make it easier for employees to share their experiences at an organization honestly and candidly. While postings on these sites won’t relate exclusively to the IT department, they do invite participants to identify their department in the organization. You can search these to identify any positive things people are saying about working for the organization and potentially opportunities for improvement (which you can use as a starting point in the retention section of this report).

    Step 1.1

    Sell – Assess the current state and develop your employee value proposition

    Activities

    1.1.1 Gather feedback on unique benefits

    1.1.2 Build key messages

    1.1.3 Test your EVP

    1.1.4 Adopt your EVP

    1.1.5 Review job postings for gender bias

    1.1.1 Gather feedback

    1. Hold a series of focus groups with employees to understand what about the organization attracted them to join and to stay at the organization.
    2. Start by identifying if you will interview all employees or a subset. If you are going to use a subset, ensure you have at least one male and one female participating from each team and representation of all levels within the department.
    3. Print the EVP Interview Guide to focus your conversation, and ask each individual to take 15 minutes and respond to questions 1-3 in the Guide:
    4. Draw a quadrant on the board and mark each quadrant with four categories: Day-to-Day Elements, Organizational Elements, Compensation & Benefits, and Working Conditions. Provide each participant with sticky notes and ask them to brainstorm the top five things they value most about working at the organization. Ask them to place each sticky in the appropriate category and identify any key themes.
    5. Ask participants to hand in their EVP Interview Guides and document all of the key findings.

    Input

    Output

    • Employee opinions
    • Employee responses to four EVP components
    • Content for EVP

    Materials

    Participants

    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • Male and female employees
    • Different departments
    • Different role levels

    Download the EVP Interview Guide

    1.1.2 Build key messages

    1. Collect all of the information from the various focus groups and begin to build out the employee value proposition statements.
    2. Identify the key elements that staff felt were unique and highly valued by employees and group these into common themes.
    3. Identify categories that related to one of the five key drivers* of women’s retention in IT and highlight any key elements related to these:
    • Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.
    • Company Potential: An employee’s understanding, commitment, and excitement about the organization’s mission and future.
    • Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.
    • Learning and Development: A cooperative and continuous effort to enhance an employee’s skill set and expertise and meet an employee’s career objectives.
    • Manager Relationships: The professional and personal relationship an employee has with their manager, including trust, support, and development.
  • Identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the five categories above.
  • Integrate these into one overall statement.
  • *See Engagement Driver Handout slides for more details on these five drivers.

    Input

    Output

    • Feedback from focus groups
    • EVP and supporting statements

    Materials

    Participants

    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • IT leadership team

    Quality test your revised EVP

    Use Info-Tech’s EVP Scorecard.

    Internally and Externally

    Use the EVP Scorecard and EVP Scorecard Handout throughout this step to assess your EVP against:

    Internal Criteria:

    • Accuracy
    • Alignment
    • Aspirational
    • Differentiation

    External Criteria:

    • Clear
    • Compelling
    • Concise
    • Differentiation
    The image contains screenshots of Info-Tech's EVP Scorecard.

    Ensure your EVP resonates with employees and prospects

    Test your EVP with internal and external audiences.

    INTERNAL TEST REVOLVES AROUND THE 3A’s

    EXTERNAL TEST REVOLVES AROUND THE 3C’s

    ALIGNED: The EVP is in line with the organization’s purpose, vision, values, and processes. Ensure policies and programs are aligned with the organization’s EVP.

    CLEAR: The EVP is straightforward, simple, and easy to understand. Without a clear message in the market, even the best intentioned EVPs can be lost in confusion.

    ACCURATE: The EVP is clear and compelling, supported by proof points. It captures the true employee experience, which matches the organization’s communication and message in the market.

    COMPELLING: The EVP emphasizes the value created for employees and is a strong motivator to join this organization. A strong EVP will be effective in drawing in external candidates. The message will resonate with them and attract them to your organization.

    ASPIRATIONAL: The EVP inspires both individuals and the IT organization as a whole. Identify and invest in the areas that are sure to generate the highest returns for employees.

    COMPREHENSIVE: The EVP provides enough information for the potential employee to understand the true employee experience and to self-assess whether they are a good fit for your organization. If the EVP lacks depth, the potential employee may have a hard time understanding the benefits and rewards of working for your organization.

    1.1.3 Test your EVP

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    2. For internal candidates, send a copy of the EVP and ask them to complete the Internal Assessment (ensure that you have at least 50% representation of women).
    3. For external candidates, identify first how you will reach out to them; popular options are to have team members in key roles reach out to members of their LinkedIn network who are in similar roles to themselves. Request that they look for a diverse group to gather feedback from.
    4. Have the external candidates complete the External Assessment.
    5. Collect the feedback around the EVP and enter the findings into the EVP Scorecard Tool.
    6. If you are dissatisfied with the scorecard results, go back to the employees you interviewed to ask for additional feedback, focusing on the areas that scored low.
    7. Incorporate the feedback and present the revised EVP to see if the changes resonate with stakeholders.
    8. If you are satisfied with the results, present to the leadership and HR teams for agreement and proceed to adopting the EVP in your organization.

    Input

    Output

    • Internal assessment
    • External assessment
    • Finalized EVP

    Materials

    Participants

    • EVP Internal Assessmentt
    • EVP External Assessment
    • Internal staff members
    • External IT professionals

    1.1.4 Adopt your EVP

    Identify your target audience and marketing channels.

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    • The target audience for your employee value proposition
    • Internal and/or external
    • Local, national, international
    • Experience
    • Applicant pool (e.g. new graduates, professionals, internship)
  • For each target audience, identify where you want to reach them with your employee value proposition.
    • Internal: Town hall meetings, fireside chats
    • External: Social media, advertising, job postings
    • Global: Professional affiliations, head hunters
  • For each target audience, build the communication strategy and identify messaging, mediums, timeline, and task ownership.
  • Input

    Output

    • Employee value proposition
    • EVP plan

    Materials

    Participants

    • Pen and paper
    • EVP participants

    Case Study

    INDUSTRY: Restaurant

    SOURCE: McDonald’s Careers, Canadian Business via McLean & Company

    McDonald’s saw a divide between employee experience and its vision. McDonald’s set out to reinvent its employer image and create the reputation it wanted.

    Challenge

    • Historically, McDonald’s has had a challenging employer brand. Founded on the goal of cost effectiveness, a “McJob” was often associated with lower pay and a poor reputation.
    • McDonald’s reached out to employees using a global survey and asked, “What is it you love most about working at McDonald’s?”

    Solution

    • McDonald’s revaluated its employer brand by creating an EVP focused on the three F’s.
    1. Future – career growth and development opportunities
    2. Flexibility – flexible working hours and job variety
    3. Family & Friends – a people-centric work culture

    Results

    • As a result of developing and promoting its EVP internally, McDonald’s has experienced higher engagement and a steady decrease in turnover.
    • Externally, McDonald’s has been recognized numerous times by the Great Place to Work Institute and has been classified by Maclean’s magazine as one of Canada’s top 50 employers for 13 years running.

    Make your job descriptions more attractive to female applicants

    10 WAYS TO REMOVE GENDER BIAS FROM JOB DESCRIPTIONS – GLASSDOOR – AN EXCERPT

    1. USE GENDER-NEUTRAL TITLES: Male-oriented titles can inadvertently prevent women from clicking on your job in a list of search results. Avoid including words in your titles like “hacker,” “rockstar,” “superhero,” “guru,” and “ninja,” and use neutral, descriptive titles like “engineer,” “project manager,” or “developer.
    2. CHECK PRONOUNS: When describing the tasks of the ideal candidate, use “they” or “you.” Example: “As Product Manager for XYZ, you will be responsible for setting the product vision and strategy.
    3. AVOID (OR BALANCE) YOUR USE OF GENDER-CHARGED WORDS: Analysis from language tool Textio found that the gender language bias in your job posting predicts the gender of the person you’re going to hire. Use a tool like Textio tool or the free Gender Decoder to identify problem spots in your word choices. Examples: “Analyze” and “determine” are typically associated with male traits, while “collaborate” and “support” are considered female. Avoid aggressive language like “crush it.
    4. AVOID SUPERLATIVES: Excessive use of superlatives such as “expert,” “superior,” and “world class” can turn off female candidates who are more collaborative than competitive in nature. Research also shows that women are less likely than men to brag about their accomplishments. In addition, superlatives related to a candidate’s background can limit the pool of female applicants because there may be very few females currently in leading positions at “world-class” firms
    5. LIMIT THE NUMBER OF REQUIREMENTS: Identify which requirements are “nice to have” versus “must have,” and eliminate the “nice to haves.” Research shows that women are unlikely to apply for a position unless they meet 100 percent of the requirements, while men will apply if they meet 60 percent of the requirements.

    For the full article please click here.

    1.1.5 Review job postings

    To understand potential gender bias

    1. Select a job posting that you are looking to fill, review the descriptions, and identify if any of the following apply:
    • Are the titles gender neutral? This doesn’t mean you can’t be creative in your naming, but consider if the name really represents the role you are looking to fill.
    • Do you use pronouns? If there are instances where the posting says “he” OR “she” change this to “they” or “you.”
    • Are you overusing superlatives? Review the posting and ensure that when words like “expert” or “world class” are used that you genuinely need someone who is at that level.
    • Are all of the tasks/responsibilities listed the ones that are absolutely essential to the job? Women are less likely to apply if they don’t have direct experience with 100% of the criteria – if it’s a non-essential, consider whether it’s needed in the posting.
    • Is there any organization-specific jargon used? Where possible, avoid using organization-specific jargon in order to create an inclusive posting. Avoid using terms/acronyms that are only known to your organization.
  • Select four to six members of your staff, both male and female, and have them highlight within the job posting what elements appeal to them and what elements do not appeal to them or would concern them about the job.
  • Review the feedback from staff, and identify potential opportunities to reduce bias within the posting.
  • Input

    Output

    • Job posting
    • Updated job posting

    Materials

    Participants

    • Pen and paper
    • IT staff members

    Case Study

    INDUSTRY: Social Media

    SOURCE: Buffer Open blog

    When the social media platform Buffer replaced one word in a job posting, it noticed an increase in female candidates.

    Challenge

    For the social media platform Buffer, all employees were called “hackers.” It had front-end hackers, back-end hackers, Android hackers, iOS hackers, and traction hackers.

    As the company began to grow and ramp up hiring, the Chief Technology Officer, Sunil Sadasivan, noticed that Buffer was seeing a very low percentage of female candidates for these “hacker” jobs.

    In researching the challenge in lack of female candidates, the Buffer team discovered that the word “hacker” may be just the reason why.

    Solution

    Understanding that wording has a strong impact on the type of candidates applying to work for Buffer started a great and important conversation on the Buffer team.

    Buffer wanted to be as inviting as possible in job listings, especially because it hires for culture fit over technical skill.

    Buffer went through a number of wording choices that could replace “hacker,” and ended on the term “developer.” All external roles were updated to reflect this wording change.

    Results

    By making this slight change to the wording used in their jobs, Buffer went from seeing a less than 2% female representation of applicants for developer jobs to around 12% female representation for the same job.

    Step 1.2

    Search – Reach more candidates by expanding key search criteria and sourcing strategies

    Activities

    1.2.1 Complete role analysis

    1.2.2 Expand your sourcing pools

    Enhance your recruitment strategies

    Sourcing shouldn’t start with an open position; it should start with identifying an anticipated need and building and nurturing a talent pipeline. IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Expand your search

    What is a candidate sourcing program?

    A candidate sourcing program is one element of the overall HR sourcing approach, which consists of the overall process (steps to source talent), the people responsible for sourcing, and the programs (internal talent mobility, social media, employee referral, alumni network, campus recruitment, etc.).

    What is a sourcing role analysis?

    Part of the sourcing plan will outline how to identify talent for a role, which includes both the role analysis and the market assessment. The market assessment is normally completed by the HR department and consists of analyzing the market conditions as they relate to specific talent needs. The role analysis looks at what is necessary to be successful in a role, including competencies, education, background experience, etc.

    How will this enable you to attract female candidates?

    Expanding your sourcing programs and supporting deeper role analysis will allow your HR department to reach a larger candidate pool and better understand the type of talent that will be successful in roles within your organization. By expanding from traditional pools and criteria you will open the organization up to a wider variety of talent options.

    Minimize bias in sourcing to hire the right talent and protect against risk

    Failure to take an inclusive approach to sourcing will limit your talent pool by sidelining entire groups or discouraging applicants from diverse backgrounds. Address bias in sourcing so that diverse candidates are not excluded from the start. Solutions such as removing biographical data from CVs prior to interviews may reduce bias, but they may come too late to impact diversity.

    Potential areas of bias in sourcing:

    Modifications to reduce bias:

    Intake Session

    • Describing a specific employee when identifying what it takes to be successful in the role. This may include attributes that do not actually promote success (e.g. school or program) but will decrease diversity of thought.
    • Hiring managers display a “like me” bias where they describe a successful candidate as similar to themselves.
    • Focus on competencies for the role rather than attributes of current employees or skills. Technology is changing rapidly – look for people who have demonstrated a capability over a specific skill.

    Sourcing Pools

    • Blindly hunting or sourcing individuals from a few sources, assuming that these sources are always better than others (e.g. Ivy League schools always produce the best candidates).
    • Expand sources. Don’t exclude diverse sources because they’re not popular.
    • Objectively measure source effectiveness to address underlying assumptions.

    1.2.1 Role analysis

    Customize a sourcing plan for key roles to guide talent pipeline creation.

    1. Complete a role analysis to understand key role requirements. If you are hiring for an existing role, start by taking an inventory of who your top and low performers are within the role today.
    2. Consider your top performers and identify what a successful employee can do better than a less successful one. Start by considering their alignment with job requirements, and identify the education, designations/certifications, and experiences that are necessary for this job. Do not limit yourself; carefully consider if the requirements you are including are actually necessary or just nice to have.
    3. Required Entry Criteria

      Preferred Entry Criteria

      Education

      • University Degree – Bachelors
      • University Degree – Masters

      Experience

      • 5+) years design, or related, experience
      • Experience leading a team
      • External consulting experience
      • Healthcare industry experience

      Designations/Certifications

      • ITIL Foundations
    4. Review Info-Tech’s Job Competency Library in the Workforce Planning Workbook, identify the key competencies that are ideal for this anticipated role, and write a description of how this would manifest in your organization.
    5. Competency

      Level of Proficiency

      Behavioral Descriptions

      Business Analysis

      Level 2: Capable

      • Demonstrates a basic understanding of business roles, processes, planning, and requirements in the organization.
      • Demonstrates a basic understanding of how technologies assist in business processes.
      • Develop basic business cases using internal environment analysis for the business unit level.
    6. Hold a meeting with your HR team or recruiter to highlight the types of experience and competencies you are looking for in a hire to expand the search criteria.

    Target diverse talent pools through different sources

    When looking to diversify your workforce, it’s critical that you look to attract and recruit talent from a variety of different talent pools.

    SOURCING APPROACH

    INTERNAL MOBILITY PROGRAM

    Positioning the right talent in the right place, at the right time, for the right reasons, and supporting them appropriately. Often tied to succession or workforce planning, mentorship, and learning and development.

    SOCIAL MEDIA PROGRAM

    The widely accessible electronic tools that enable anyone to publish and access information, collaborate on common efforts, and build relationships. Think beyond the traditional and consider niche social media platforms.

    EMPLOYEE REFERRAL PROGRAM

    Employees recommend qualified candidates. If the referral is hired, the referring employee typically receives some sort of reward.

    ALUMNI PROGRAM

    An alumni referral program is a formalized way to maintain ongoing relationships with former employees of the organization.

    CAMPUS RECRUITING PROGRAM

    A formalized means of attracting and hiring individuals who are about to graduate from schools, colleges, or universities.

    EVENTS & ASSOCIATION PROGRAM

    A targeted approach for participation in non-profit associations and industry events to build brand awareness of your organization and create a forward-looking talent pipeline.

    1.2.2 Expand your sourcing pools

    Increase the number of female applicants.

    1. Identify where your employees are currently being sourced from and identify how many female candidates you have gotten from each channel as a percentage of applicants.
    2. # of Candidates From Approach

      % of Female Candidates From Approach

      Target # of Female Candidates

      Internal Talent Mobility

      Social Media Program

      Employee Referral Program

      Alumni Program

      Campus Recruiting Program

      Events & Non-Profit Affiliations

      Other (job databases, corporate website, etc.)

    3. Work with your HR partner or organization’s recruiter to identify three recruitment channels from the list that you will work on expanding.
    4. Review the following two slides and identify key success factors for the implementation. Identify what role IT will play and what role HR will play in implementing the approach.
    5. Following implementation, monitor the impact of the tactics on the number of women candidates and determine whether to add additional tactics.

    Different talent sources

    Benefits and success factors of using different talent sources

    Benefits

    Keys to Success

    Internal Mobility Program

    • Drives retention by providing opportunities to develop professionally
    • Provides a ready pipeline for rapid changes
    • Reduces time and cost of recruitment
    • Identify career pathing opportunities
    • Identify potential successors for succession planning
    • Build learning and development and mentorship

    Social Media Program

    • Access to candidates
    • Taps extended networks
    • Facilitates consistent communication with candidates and talent in pipelines
    • Personalizes the candidate experience
    • Identify platforms – common and niche
    • Talk to your top performers and IT network and identify which sites they use
    • Identify how people use that platform – nature of posts and engagement
    • Define what content to share and who from IT should be engaging
    • Be timely with participation and responses

    Employee Referral Program

    • Higher applicant-to-hire rate
    • Decreased time to fill positions
    • Decreased turner
    • Increased quality of hire
    • Expands your network – women in IT often know other qualified women in IT and in project delivery
    • Educate employees (particularly female employees) to participate
    • Send reminders, incorporate into onboarding, and ask leaders to share job openings
    • Make it easy to share jobs by providing templates and shortened URLs
    • Where possible, simplify the process by avoiding paper forms, reaching out quickly
    • Select metrics that will identify areas of strength and gaps in the referral program

    Alumni Program

    • A formalized way to maintain ongoing relationship with former employees
    • Positive branding as alumni are regarded as a credible source of information
    • Source of talent – boomerang employees are doubly as valuable as they understand the organization
    • Increased referral potential provides access to a larger network and alumni know what is required to be successful in the organization
    • Identify the purpose of the network and set clear goals
    • Identify what the network will do: Will the network be virtual or in person? Who will chair? Who should participate? etc.
    • Create a simple process for alumni to share information about vacancies and refer people
    • Measure progress

    Campus Recruiting Program

    • Increases employer brand awareness among talent entering the workforce
    • Provides the opportunity to interact with large groups of potential candidates at one time
    • Offers access to a highly diverse audience
    • Identify key competencies and select programs based on relevant curriculum for building those competencies
    • Select targeted schools keeping in mind programs and existing relationships
    • Work with HR to get involved

    Events & Non-Profit Affiliations

    • Create a strong talent pipeline for future positions
    • Build relationships based on shared values in a comfortable environment for participants
    • Ability to expand diversity by targeting different types of events or by leveraging women-focused, specifically women in technology, groups
    • Look for events that attract similar participants to the skills or roles you are looking to attract, e.g. Women Who Code if you’re looking for developers
    • Actively engage and participate in the event
    • Couple this with learning and development activities, and invite female top performers to participate

    Enhance your recruitment strategies

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understand the root cause of applicant drop-off and success and take corrective actions.

    Secure top candidates

    Why does the candidate experience matter?

    Until recently it was an employer’s market, so recruiters and hiring managers were able to get good talent without courting top candidates. Today, that’s not the case. You need to treat your IT candidates like customers and be mindful that this is often one of the first experiences future staff will have with the organization. It will give them their first real sense of the culture of the organization and whether they want to work for the organization.

    What can IT leaders do if they have limited influence over the interview process?

    Work with your HR department to evaluate the existing recruitment process, share challenges you’ve experienced, and offer additional support in the process. Identify where you can influence the process and if there are opportunities to build service-level agreements around the candidate experience.

    Take a data-driven approach

    Understand opportunities to enhance the talent selection process.

    While your HR department likely owns the candidate experience and processes, if you have identified challenges in diversity we recommend partnering with your HR department or recruitment team to identify opportunities for improvement within the process. If you are attracting a good amount of candidates through your sell and search tactics but aren’t finding that this is translating into more women selected, it’s time to take a look at your selection processes.

    SIMPLIFIED CANDIDATE SELECTION PROCESS STEPS

    1. Application Received
    2. Candidate Selected for Interview
    3. Offer Extended
    4. Offer Accepted
    5. Onboarding of Staff

    To understand the challenges within your selection process, start by baselining your drop-off rates throughout selection and comparing the differences in male and female candidates. Use this to pin point the issues within the process and complete a root-cause analysis to identify where to improve.

    Step 1.3

    Secure – reduce bias in your interview process and create positive candidate experiences

    Activities

    1.3.1 Identify selection challenges

    1.3.1 Identify your selection challenges

    Review your candidate data.

    1. Hold a meeting with your HR partner to identify trends in your selection data. If you have an applicant tracking system, pull all relevant information for analysis.
    2. Start by identifying the total number of candidates that move forward in each stage of the process. Record the overall number of applicants for positions (should have this number from your sourcing analysis), overall number of candidates selected for interviews, overall number of offers extended, overall number of offers rejected, and overall number of employees still employed after one year.
    3. Identify the number of female and male candidates in each of those categories and as a percentage of the total number of applicants.
    4. Selection Process Step

      Total # of Candidates

      Male Candidates

      Female Candidates

      % Difference Male & Female

      #

      #

      % of total

      #

      % of total

      Applicants for Posted Position

      150

      115

      76.7%

      35

      23.3%

      70% fewer females

      Selected for Interview

      (Selected for Second Interview)

      (Selected for Final Interview)

      Offer Extended

      Offer Rejected

      Employees Retained for One Year

    5. Identify where there are differences in the percentages of male and female candidates and where there are significant drop-off rates between steps in the process.

    Note: For larger organizations, we highly recommend analyzing differences in specific teams/roles and/or at different seniority levels. If you have that data available, repeat the analysis, controlling for those factors.

    Root-cause analysis can be conducted in a variety of ways

    Align your root-cause analysis technique with the problem that needs to be solved and leverage the skills of the root-cause analysis team.

    Brainstorming/Process of Elimination

    After brainstorming, identify which possible causes are not the issue’s root cause by removing unlikely causes.

    The Five Whys

    Use reverse engineering to delve deeper into a recruitment issue to identify the root cause.

    Ishikawa/Fishbone Diagram

    Use an Ishikawa/fishbone diagram to identify and narrow down possible causes by categories.

    Process of elimination

    Leveraging root-cause analysis techniques.

    Using the process of elimination can be a powerful tool to determine root causes.

    • To use the process of elimination to determine root cause, gather the participants from within your hiring team together once you have identified where your issues are within the recruitment process and brainstorm a list of potential causes.
    • Like all brainstorming exercises, remember that the purpose is to gather the widest possible variety of perspectives, so be sure not to eliminate any suggested causes out of hand.
    • Once you have an exhaustive list of potential causes, you can begin the process of eliminating unlikely causes to arrive at a list of likely potential causes.

    Example

    Problem: Women candidates are rejecting job offers more consistently

    Potential Causes

    • The process took too long to complete
    • Lack of information about the team and culture
    • Candidates aren’t finding benefits/salary compelling
    • Lack of clarity on role expectations
    • Lack of fit between candidate and interviewers
    • Candidates offered other positions
    • Interview tactics were negatively perceived

    As you brainstorm, ensure that you are identifying differentiators between male and female candidate experiences and rationale. If you ask candidates their rationale for turning down roles, ensure that these are included in the discussion.

    The five whys

    Leveraging root-cause analysis techniques

    Repeatedly asking “why” might seem overly simplistic, but it has the potential to be useful.

    • It can be useful, when confronting a problem, to start with the end result and work backwards.
    • According to Olivier Serrat, a knowledge management specialist at the Asian Development Bank, there are three key components that define successful use of the five whys: “(i) accurate and complete statements of problems, (ii) complete honesty in answering the questions, and (iii) the determination to get to the bottom of problems and resolve them.”
    • As a group, develop a consensus around the problem statement. Go around the room and have each person suggest a potential reason for its occurrence. Repeat the process for each potential reason (ask “why?”) until there are no more potential causes to explore.
    • Note: The total number of “whys” may be more or less than five.

    Example

    The image contains an example of the five whys activity as described in the text above.

    Ishikawa/fishbone diagram

    Leveraging root-cause analysis techniques.

    Use this technique to sort potential causes by category and match them to the problem.

    • The first step in creating a fishbone diagram is agreeing on a problem statement and populating a box on the right side of a whiteboard or a piece of chart paper.
    • Draw a horizontal line left from the box and draw several ribs on either side that will represent the categories of causes you will explore.
    • Label each rib with relevant categories. In the recruitment context, consider cause categories like technology, interview, process, etc. Go around the room and ask, “What causes this problem to happen?” Every result produced should fit into one of the identified categories. Place it there, and continue to brainstorm sub-causes.

    The image contains a screenshot example of the Ishikawa/fishbone diagram.

    Info-Tech Best Practice

    Avoid naming individuals in the fishbone diagram. The goal of the root-cause exercise is not to lay blame or zero in on a guilty party but rather to identify how you can rectify any challenges.

    Leverage behavioral interviews

    Use Info-Tech’s Behavioral Interview Questions Library.

    Reduce bias in your interviews.

    In the past, companies were pushing the boundaries of the conventional interview, using unconventional questions to find top talent, e.g. “what color is your personality?” The logic was that the best people are the ones who don’t necessarily show perfectly on a resume, and they were intent on finding the best.

    However, many companies have stopped using these questions after extensive statistical analysis revealed there was no correlation between candidates’ ability to answer them and their future performance on the job. Hiring by intuition – or “gut” – is usually dependent on an interpersonal connection being developed over a very short period of time. This means that people who were naturally likeable would be given preferential treatment in hiring decisions whether they were capable of doing the job.

    Asking behavioral interview questions based on the competency needs of the role is the best way to uncover if the candidates will be able to execute on the job.

    For more information see Info-Tech’s Behavioral Interview Question Library.

    The image contains screenshots of Info-Tech's Behavioral Interview Questions Library.

    Improve the level of diversity in your organization by considering inclusive candidate selection practices

    Key action items to create inclusivity in your candidate selection practices:

    1. Managers must be aware of how bias can influence hiring. Encourage your HR department to provide diversity training for recruiters and hiring managers. Ensure those responsible for recruitment are using best practices, are aware of the impact of unconscious bias, and are making decisions in alignment with your DEI strategy.
    2. Use a variety of interviewers to leverage multiple/diverse perspectives. Hiring decisions made by a group can offer a more balanced perspective. Include interviewers from multiple levels in the organization and both men and women.
    3. Hire for distinguished excellence. Be careful not to simply choose the same kind of people over and over, in the name of cultural fit (Source: Recruiter.com, 2015).
    4. Broaden the notion of fit:

    • Hire for skill fit: you might still hire certain types for a specific job (e.g. analytical types for analysis positions), but these candidates can still be diverse.
    • Hire for fit with your organization’s DEI values, regardless of whether the candidate is from a diverse background or not.
    • It can be tempting for hiring managers to hire individuals who are similar to themselves. However, doing so limits the amount of diversity entering your organization, and as a result, limits your organization’s ability to innovate.
  • Deliberately hire for cognitive diversity. Diverse thought processes, perspectives, and problem-solving abilities are positively correlated with firm performance (Source: Journal of Diversity Management, 2014).
  • Leverage a third-party tool

    Ensure recruiting and onboarding programs are effective by surveying your new hires.

    For a deeper analysis of your new hire processes Info-Tech’s sister company, McLean & Company, is an HR research and advisory firm that offers powerful diagnostics to measure HR processes effectiveness. If you are finding diversity issues to be systemic within the organization, leveraging a diagnostic can greatly improve your processes.

    Use this diagnostic to get vital feedback on:

    • Recruiting efforts. Find out if your job marketing efforts are successful, which paths your candidates took to find you, and whether your company is maintaining an attractive profile.
    • Interviewing process. Ensure candidates experience an organized, professional, and ethical process that accurately sets their expectations for the job.
    • Onboarding process. Make sure your new hires are being trained and integrated into their team effectively.
    • Organizational culture. Is your culture welcoming and inclusive? You need to know if top talent enjoy the environment you have to offer.
    The image contains a screenshot of the New Hire Survey.

    For more information on the New Hire Survey click here. If you are interested in referring your HR partner please contact your account manager.

    Phase 2

    Enhance Your Retention Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Actively engage female staff to retain them

    Employee engagement: the measurement of effective management practices that create a positive emotional connection between the employee and the organization.

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Today, what we find is that 54% of women in IT are not engaged,* but…

    …engaged employees are: 39% more likely to stay at an organization than employees who are not engaged.*

    Additionally, engaging your female staff also has the additional benefit of increasing willingness to innovate by 30% and performance by 28%. The good news is that increasing employee engagement is not difficult, it just requires dedication and an effective toolkit to monitor, analyze, and implement tactics.*

    * Info-Tech and McLean & Company Diagnostics; N=1,308 IT employees

    Don’t seek to satisfy; drive IT success through engagement

    The image contains a screenshot of a diagram that highlights the differences between satisfied and engaged employees.

    Engagement drivers that impact retention for men and women are different – tailor your strategy to your audience

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees.

    An analysis of the differences between men and women in IT’s drivers indicates that women in IT are significantly less likely than men in IT to agree with the following statements:

    Culture:

    • They identify well with the organization’s values.
    • The organization has a very friendly atmosphere.

    Employee Empowerment:

    • They are given the chance to fully leverage their talents through their job.

    Manager Relationships:

    • They can trust their manager.
    • Their manager cares about them as a person

    Working Environment:

    • They have not seen incidents of discrimination at their organization based on age, gender, sexual orientation, religion, or ethnicity.

    Enhance your retention strategies

    Employee engagement is one of the greatest predictors of intention to stay. To retain you need to understand not only engagement but also your employee experience – the moments that matter – and actively work to create a positive experience.

    Improve employee engagement

    What differentiates an engaged employee?

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Why measure engagement when looking at retention?

    Engaged employees report 39%1 higher intention to stay at the organization than disengaged employees. The cost of losing an employee is estimated to be 150% to 200% of their annual salary.2 Can you afford to not engage your staff?

    Why should IT leadership be responsible for their staff engagement?

    Engagement happens every day, through every interaction, and needs to be tailored to individual team members to be successful. When engagement is owned by IT leadership, engagement initiatives are incorporated into daily experiences and personalized to their employees based on what is happening in real time. It is this active, dynamic leadership that inspires ongoing employee engagement and differentiates those who talk about engagement from those who succeed in engaging their teams.

    Sources: 1 - McLean & Company Employee Engagement Survey, 2 - Gallup, 2019

    Step 2.1

    Improve employee engagement

    Activities

    2.1.1 Review employee engagement results and trends

    2.1.2 Focus on areas that impact retention of women

    Take a data-driven approach

    Info-Tech’s employee engagement diagnostics are low-effort, high-impact programs that will give you detailed report cards on the organization’s engagement levels. Use these insights to understand your employees’ engagement levels by a variety of core demographics.

    FULL ENGAGEMENT DIAGNOSTIC

    EMPLOYEE EXPERIENCE MONITOR

    The full engagement diagnostic provides a comprehensive view of your organization’s engagement levels, informing you of what motivates employees and providing a detailed view of what engagement drivers to focus on for optimal results.

    Info-Tech & McLean & Company’s Full Engagement Diagnostic Survey has 81 questions in total.

    The survey should be completed annually and typically takes 15-20 minutes to complete.

    The EXM Dashboard is designed to give organizations a real-time view of employee engagement while being minimally intrusive.

    This monthly one-question survey allows organizations to track the impact of events and initiatives on employee engagement as they happen, creating a culture of engagement.

    The survey takes less than 30 seconds to complete and is fully automated.

    For the purpose of improving retention of women in IT, we encourage you to leverage the EXM tool, which will allow you to track how this demographic group’s engagement changes as you implement new initiatives.

    Engagement survey

    For a detailed breakdown of staff overall engagement priorities.

    Overall Engagement Results

    • A clear breakdown of employee engagement results by demographic, gender, and team.
    • Detailed engagement breakdown and benchmarking.
    The image contains a screenshot of the overall engagement results.

    Priority Matrix and Driver Scores

    • A priority matrix specific to your organization.
    • A breakdown of question scores by priority matrix quadrant.
    • Know what not to focus your effort on – not all engagement drivers will have a high impact on engagement.
    The image contains a screenshot of the priority matrix and driver scores.

    EXM dashboard

    Reporting to track engagement in real time.

    EXM Dashboard

    • Leverage Info-Tech’s real-time Employee Experience Monitor dashboard to track your team’s engagement levels over time.
    • Track changes in the number of supporters and detractors and slice the data by roles, teams, and gender.
    The image contains a screenshot of the EXM dashboard.

    Time Series Trends

    • As you implement new initiatives to improve the engagement and retention of staff, track their impact and continuously course correct.
    • Empower your leaders to actively manage their team culture to drive innovation, retention, and productivity.
    The image contains a screenshot of the time series trends.

    Start your diagnostic now

    Leverage your Info-Tech membership to seamlessly launch your employee engagement survey.

    Info-Tech’s dedicated team of program managers will facilitate this diagnostic program remotely, providing you with a convenient, low-effort, high-impact experience.

    We will guide you through the process with your goals in mind to deliver deep insight into your successes and areas to improve.

    What You Need to Do:

    Info-Tech’s Program Manager Will:

    1. Contact Info-Tech to launch the program.
    2. Review the two survey options to select the right survey for your organization.
    3. Work with an Info-Tech analyst to set up your personal diagnostic.
    4. Identify who you would like to take the survey.
    5. Customize Info-Tech’s email templates.
    6. Participate in a one-hour results call with an Info-Tech executive advisor.
    1. Work with you to define your engagement strategy and goals.
    2. Launch, maintain, and support the diagnostic in the field.
    3. Provide you with response rates throughout the process.
    4. Explore your results in a one-hour call with an executive advisor to fully understand key insights from the data.
    5. Provide quarterly updates and training materials for your leadership team.

    Start Now

    2.1.1 Review employee engagement results

    Identify trends

    1. In a call with one of Info-Tech’s executive advisors, review the results of your employee engagement survey.
    2. Identify which departments are most and least engaged and brainstorm some high-level reasons.
    3. Review the demographic information and highlight any inconsistencies or areas with high levels of variance. Document which demographics have the most and least engaged, disengaged, and indifferent employees.
    4. With help from the Info-Tech executive advisor, identify and document any dramatic differences in the demographic data, particularly around gender.
    5. Identify if the majority of issues effecting engagement are at an organization or department level and which stakeholders you need to engage to support the process moving forward.
    6. Identify next steps.
    Input
    • Employee engagement results
    Participants
    • CIO
    • Info-Tech Advisor

    2.1.2 Focus on areas that impact retention of women

    Hold focus groups with IT staff and focus on the five areas with the greatest impact on women’s retention.

    1. Review the handout slides on the following pages to get a better understanding of the definition of each of the top five drivers impacting women’s retention. Depending on your team’s size, pick one to three drivers to focus on for your first focus group.
    2. Divide the participants into teams and on flip chart paper or using sticky notes have the teams brainstorm what you can stop/start/continue doing to help you improve on your assigned driver.
    • Continue: actions that work for the team related to this driver and should proceed.
    • Start: actions/initiatives that the team would like to begin.
    • Stop: actions/initiatives that the team would like to stop.
  • Prioritize the initiatives by considering: Is this initiative something you feel will make an impact on the engagement driver? Eliminate any initiatives that would not make an impact.
  • Have the groups present back and vote on two to three initiatives to implement to drive improvements within that area.
  • Culture

    Engagement driver handout

    Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.

    Questions:

    • I identify well with the organization’s values.
    • This organization has a collaborative work environment.
    • This organization has a very friendly atmosphere.
    • I am a fit for the organizational culture.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #1
    • Men in IT: #2

    Company Potential

    Engagement driver handout

    Company Potential: An employee’s understanding of and commitment to the organization’s mission, and the employee’s excitement about the organization’s mission and future.

    Questions:

    • This organization has a bright future.
    • I am impressed with the quality of people at this organization.
    • People in this organization are committed to doing high-quality work.
    • I believe in the organization’s overall business strategy.
    • This organization encourages innovation.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #2
    • Men in IT: #1

    Employee Empowerment

    Engagement driver handout

    Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.

    Questions:

    • I am not afraid of trying out new ideas in my job.
    • If I make a suggestion to improve something in my department I believe it will be taken seriously.
    • I am empowered to make decisions about how I do my work.
    • I clearly understand what is expected of me on the job.
    • I have all the tools I need to do a great job.
    • I am given the chance to fully leverage my talents through my job.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #3
    • Men in IT: #6

    Learning and Development

    Engagement driver handout

    Learning and Development: A cooperative and continuous effort between an employee and the organization to enhance an employee’s skill set and expertise and meet an employee’s career objectives and the organization’s needs.

    Questions:

    • I can advance my career in this organization.
    • I am encouraged to pursue career development activities.
    • In the last year, I have received an adequate amount of training.
    • In the last year, the training I have received has helped me do my job better.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #4
    • Men in IT: #5

    Manager Relationships

    Engagement driver handout

    Manager Relationships: The professional and personal relationship an employee has with their manager. Manager relationships depend on the trust that exists between these two individuals and the extent that a manager supports and develops the employee.

    Questions:

    • My manager inspires me to improve.
    • My manager provides me with high-quality feedback.
    • My manager helps me achieve better results.
    • I trust my manager.
    • My manager cares about me as a person.
    • My manager keeps me well informed about decisions that affect me.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #5
    • Men in IT: #11

    Step 2.2

    Examine employee experience

    Activities

    2.2.1 Identify moments that matter

    Understand why and when employees plan to depart

    Leverage “psychology of quitting” expertise.

    Train your managers to provide them with the skills and expertise to recognize the warning signs of an employee’s departure and know how to re-engage and retain them.

    • The majority of resignations are not spur of the moment. They are the result of a compilation of events over a period of time. Normally, these instances are magnified by a stimulant. The final straw or the breaking point drives the employee to make a change. In fact, it has been estimated that a shock jumpstarts 65% of departures.*
      • These shocks could be a lack of promotion, loss of privilege or development opportunity, or a quarrel with a manager.
    • Employees rarely leave right away. Most wait until they have confirmed a new job opportunity before leaving. This creates a window in which you can reengage and retain them.
    • The majority of employees show signs that they are beginning to think of leaving. Whether that is leaving immediately, putting in the bare minimum of effort, or job searching online at work. Train your managers to know the signs and to keep an eye out for potentially dissatisfied and searching employees.*
    • It is easier and less costly to reengage an employee than to start the hiring process from the beginning.
    *Source: The Career Café, 2017

    Examine employee experience (EX)

    Look beyond engagement drivers to drive retention.

    Employee experience (EX) is the employee’s perception of their cumulative lived experiences with the organization. It is gauged by how well the employee’s expectations are met within the parameters of the workplace, especially by the “moments that matter” to them. Individual employee engagement is the outcome of a strong overall EX.

    The image contains a diagram as an example of examining employee experience.

    Drive a positive employee experience

    Identify moments that matter.

    Moments that matter are defining pieces or periods in an employee’s experience that create a critical turning point or memory that is of significant importance to them.

    These are moments that dramatically change the path of the emotional journey, influence the quality of the final outcome, or end the journey prematurely.

    To identify the moment that matters look for significant drops in the emotional journey that your organization needs to improve or significant bumps that your organization can capitalize on. Look for these drops or bumps in the journey and take stock of everything you have recorded at that point in the process. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    The image contains a screenshot of an example graph to demonstrate opportunities and issues to help drive a positive employee experience.

    Info-Tech Insight

    The moment that matters is key and it could be completely separate from organizational life, like the death of a family member. Leaders can more proactively address these moments that matter by identifying them and determining how to make the touchpoint at that moment more impactful.

    2.2.1 Identify moments that matter

    1. Review your Employee Experience Monitor weekly trends by logging into your dashboard and clicking on “Time Series Trends.”
    2. With your management team, identify any weekly trends where your Employee Experience Score has seen changes in the number of detractor, passive, or promoter responses.
    3. For each significant change identify:
    • Increase in promoters or decrease in detractors:
      • What can we do to duplicate positive moments that occurred this week?
      • What did I do as a leader to create positive employee experiences?
      • What happened in the organization that created a positive employee experience?
    • Increase in detractors or decrease in promoters:
      • What difficult change was delivered this week?
      • What about this change was negatively perceived?
      • During the difficult situation how did we as a leadership team support our staff?
      • Who did we engage and recognize during the difficult situation?
      • Was this situation a one-off issue or is this likely to occur again?
  • Consider your interactions with employees and identify how you made moments matter during those times related to four key engagement drivers impacting women in IT:
    • How did you promote a positive culture and friendly atmosphere?
    • How did you empower female staff to leverage their talents?
    • How did you interact with staff?
    • How did you promote a positive work environment? Where did you see bias in decisions?
  • Independently as manager, document three to five lessons learned from the changes in your detractors and promoters, and determine what action you will take.
  • Measured benefits of positive employee experience

    Positive employee experiences lead to engaged employees, and engaged employees are eight times more likely to recommend the organization (McLean & Company Employee Engagement Database, 2017; N=74,671).

    Retention

    Employees who indicate they are having a positive experience at work have a 52% higher level of intent to stay (Great Place To Work Institute, 2021)

    The bottom line

    Organizations that make employee experience a focus have: 23% higher profitability 10% higher customer loyalty (Achievers, 2021)

    Case Study

    INDUSTRY: Post-Secondary Education

    SOURCE: Adam Grant, “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior”

    The future is here! Is your data architecture practice ready?

    Challenge

    A university call center, tasked with raising scholarship money from potential donors, had high employee turnover and low morale.

    Solution

    A study led by Grant arranged for a test group of employees to meet and interact with a scholarship recipient. In the five-minute meeting, employees learned what the student was studying.

    Results

    Demonstrating the purpose behind their work had significant returns. Employees who had met with the student demonstrated:

    More than two times longer “talk time” with potential donors.

    A productivity increase of 400%: the weekly average in donations went from $185.94 to $503.22 for test-group employees.

    Enhance your retention strategies

    Do not wait until employees leave to find out what they were unhappy with or why they liked the organization. Instead, perform stay interviews with top and core talent to create a holistic understanding of what they are perceiving and feeling.

    Conduct stay interviews

    What is a stay interview?

    A stay interview is a conversation with current employees. It should be performed on a yearly basis and is an informal discussion to generate deeper insight into the employee’s opinions, perspectives, concerns, and complaints. Stay interviews can have a multitude of uses. In this project they will be used to understand why top and core talent chose to stay with the organization to ensure that organizations understand and build upon their current strengths.

    When should you do stay interviews?

    We recommend completing stay interviews at least on an annual, if not quarterly, basis to truly understand how staff are feeling about the organization and their job, why they stay at the organization, and what would cause them to leave. Couple the outcomes of these interviews with employee engagement action planning to ensure that you are able to address talent needs.

    Step 2.3

    Conduct stay interviews and learn why employees stay

    Activities

    2.3.1 Conduct stay interviews

    Conduct regular “stay” or “retention” interviews

    Build stay interviews into the regular routine. By incorporating stay interviews into your schedule, they are more likely to stick. This regularity provides several advantages:

    1. Ensures that retention issues do not take you by surprise. With a finger on the pulse of the organization you will be aware of potential issues.
    2. Acts as a supplement to the engagement survey by providing additional information and context for the current level of emotion within the organization.
    3. Begins to build a wealth of information that can be analyzed to identify themes and trends. This can be used to track whether the reasons why individuals stay are consistent or if are they changing. This will ensure that the retention strategy remains up to date.

    Stay interview best practices:

    • Ideally is performed by managers, but can be performed by HR.
      • Ideally completed by managers as they are more familiar with their employees, have a greater reach, can hold meetings in a more informal setting, and will receive information first hand.
      • If conducted by managers, it’s a best practice to ensure that there is a central repository of themes so that you can identify if there are any trends in the responses, that consistent questions are asked, and that all of the information is in one place
    • Should be an informal conversation.
    • Should be conducted in a non-critical time in the business year.
    • Ask three types of questions:
      • What do you enjoy about working here?
      • What would you change about your working environment?
      • What would encourage or force you to leave the organization?
    • Interview a diverse employee base:
      • Demographics
      • Role
      • Performance level
      • Location
    Source: Talent Management & HT, 2013

    Leverage stay interviews

    Use Info-Tech’s Stay Interview Guide.

    Proactively identify opportunities to drive retention.

    The Stay Interview Guide helps managers conduct interviews with current employees, enabling the manager to understand:

    • The employee's current engagement level.
    • The employee's satisfaction with current role and responsibilities.
    • Suggestions for potential improvements.
    • An employee's intent to stay with the organization.

    Use this template to help you understand how you can best engage your employees and identify any challenges, in terms of moments that mattered, that negatively impacted their intention to stay at the organization.

    The image contains a screenshot of Info-Tech's Stay Interview Guide.

    2.3.1 Conduct stay interviews

    1. If you are using the Employee Experience Monitor, prepare for your stay interviews by reviewing your results and identifying if there have been any changes in the results over the previous six weeks. Identify which demographics have the highest and lowest engagement levels – and identify any changes in experience between different demographics.
    2. Identify a meeting schedule and cadence that seems appropriate for your stay interviews. For example, you likely will not do all staff at the same time and it may be beneficial to space out your meetings throughout the year. Select a candidate for your first stay interview and invite them for a one-on-one meeting. If it’s unusual for you to meet with this employee, we recommend providing some light context around the rationale, such as that you are looking for opportunities to strengthen the organizational culture and better understand how you can improve retention and engagement at the organization.
    3. Download the Stay Interview Template, review all of the questions beforehand, and identify the key questions that you want to ask in the meeting.
    • TIP: Even though this is called a “stay interview,” really it should be more of a conversation, and certainly not an interrogation. Know the questions you want to ask, and ask your staff member if it’s ok if you jot down some notes. It may even be beneficial to have the meeting outside of the office, over lunch, or out for coffee.
  • Hold your meeting with the employee and thank them for their time.
  • Following the meeting, send them a thank-you email to thank them for providing feedback, summarize your top three to five key takeaways from the meeting, verify with them that this aligns with their perspective, and see if they have anything else to add to the conversation. Identify any initiatives or changes that you will make as a result of the information – set a date for execution and follow-up.
  • If you are in the process of recruiting new employees to the organization, don’t forget to remind them of your referral program and ask if they might know of any candidates that would be a good fit for the organization.
  • Download the Stay Interview Guide

    Ten tips for best managing stay interviews

    Although stay interviews are meant to be informal, you should schedule them as you would any other meeting. Simply invite the employee for a chat.

    1. Step out of the office if possible. Opt for your local coffee shop, a casual lunch destination, or another public but informal location.
    2. Keep the conversation short, no more than 15 to 20 minutes. If there are any areas of concern that you think warrant action, ask the employee if they would like to discuss them another time. Suggest another meeting to delve deeper into specific issues.
    3. Be clear about the purpose of the conversation. Stay interviews are not performance reviews.
    4. Focus on what you can do for them. Ask about the employee’s preferences when it comes to feedback and communication (frequency, method, etc.) as well as development (preferences around methods, e.g. coaching or rotations, and personal goals).
    5. Be positive. Ask your employee what they like about their job and use positively framed questions.
    6. Ask about what they like doing. People enjoy talking about what they like to do. Ask employees about the talents and skills they would like to incorporate into their work duties.
    7. Show that you’re listening – paraphrase, ask for clarification, and use appropriate gestures.
    8. Refrain from taking notes during the meeting to preserve a conversational atmosphere.
    9. Pay attention to the employee’s body language and tone. If it appears that they are uncomfortable talking to you, stop the interview or pause to let them collect themselves.
    10. Be open to suggestions, but remember that you can’t control everything. If the employee brings up issues that are beyond your control, tell them that you will do all you can to improve the situation but can’t guarantee anything.

    Related Info-Tech Research

    Recruit and Retain People of Color in IT

    • To stay competitive, IT leaders need to be more involved and commit to a plan to recruit and retain people of color in their departments and organizations. A diverse team is an answer to innovation that can differentiate your company.
    • Treat recruiting and retaining a diverse team as a business challenge that requires full engagement. Info-Tech offers a targeted solution that will help IT leaders build a plan to attract, recruit, engage, and retain people of color.

    Recruit Top IT Talent

    • Changing workforce dynamics and increased transparency have shifted the power from employers to job seekers, stiffening the competition for talent.
    • Candidate expectations match high consumer expectations and affect the employer brand, the consumer brand, and overall organizational reputation. Delivering a positive candidate experience (CX2) is no longer optional.

    Acquire the Right Hires with Effective Interviewing

    • Talk is cheap. Hiring isn’t.
    • Gain insight into and understand the need for a strong interview process.
    • Strategize and plan your interview process.
    • Understand various hiring scenarios and how an interview process may be modified to reflect your organization’s scenario.

    Bibliography

    “4 Hiring Trends Technology Managers Need to Know.” Robert Half Talent Solutions, 4 Oct. 2021. Accessed 4 Feb. 2022.

    “89% of CIOs are concerned about Talent Retention: SOTD CIO.” 2016 Harvey Nash/KPMG CIO Survey, CIO From IDG, 12 Aug. 2016. Web.

    Angier, Michelle, and Beth Axelrod. “Realizing the power of talented women.” McKinsey Insights, Sept. 2014. Web.

    Beansontoast23. “Not being trained on my first dev job.” Reddit, 29 July 2016. Web.

    Birt, Martin. “How to develop a successful mentorship program: 8 steps.” Financial Post, 5 Dec. 2014. Web.

    Bort, Julie. “The 25 Best Tech Employers For Women [Ranked].” Business Insider, 18 Nov. 2014. Web.

    Bradford, Laurence. “15 of the Most Powerful Women in Tech.” The Balance Careers, Updated 4 Feb. 2018. Web.

    “Building A Stronger, Better, More Diverse eBay.” eBay Inc., 31 July 2014. Web.

    “Canada’s Best Employers 2015: The Top 50 Large Companies.” Canadian Business, 2014. Article.

    Cao, Jing, and Wei Xue. “What are the Best practices to Promote High-Ranking Female Employees Within Organizations?” Cornell University ILR School, Spring 2013. Web.

    Cheng, Roger. “Women in Tech: The Numbers Don't Add Up.” CNET, 6 May 2015. Web.

    “CIO Survey 2020: Everything Changed. Or Did It?” Harvey Nash and KPMG, 2020. Accessed 24 Feb. 2022.

    Daley, Sam. “Women in Tech Statistics Show the Industry Has a Long Way to Go.” Built In, 5 May 2021. Accessed 1 March 2022.

    Dixon-Fyle, Sundiatu, et al. “Diversity wins: How inclusion matters.” McKinsey & Company, 19 May 2020. Accessed 24 Feb. 2022.

    Donovan, Julia. “How to Quantify the Benefits of Enhancing Your Employee Experience.” Achievers Solution Inc., 21 Sept. 2021. Web.

    “Engage Me! Employee Engagement Explored.” SoftSolutions, 12 Jan. 2016. Web.

    Erb, Marcus. Global Employee Engagement Benchmark Study. Great Place to Work Institute, 29 Nov. 2021. Accessed 15 Feb. 2022.

    Garner, Mandy. “How to attract and recruit a more gender diverse team.” Working Mums, 4 March 2016. Web.

    Gaur, Shubhra. “Women in IT: Their path to the top is like a maze.” Firstpost, 28 Aug. 2015. Web.

    “Girls Gone Wired Subreddit.” Reddit, n.d. Web.

    Glassdoor Team. “10 Ways to Remove Gender Bias from Job Descriptions.” Glassdoor for Employers Blog, 9 May 2017. Web.

    Grant, Adam. “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior.” Organizational Behavior and Human Decision Processes, vol. 103, no. 1, 2007, pp. 53-67. Accessed on ScienceDirect.

    IBM Smarter Workforce Institute. The Employee Experience Index. IBM Corporation, 2016. Web.

    ISACA. “Tech Workforce 2020: The Age and Gender Perception Gap.” An ISACA Global Survey Report, 2019. Accessed 17 Feb. 2022.

    Johnson, Stephanie K., David R. Hekman, and Elsa T. Chan. “If There’s Only One Woman in Your Candidate Pool, There’s Statistically No Chance She’ll Be Hired.” Harvard Business Review, 26 April 2016. Web.

    Kessler, Sarah. “Tech's Big Gender Diversity Push One Year In.” Fast Company, 19 Nov. 2015. Web.

    Kosinski, M. “Why You Might Want to Focus a Little Less on Hiring for Cultural Fit.” Recruiter.com, 11 Aug. 2015. Web.

    Krome, M. A. “Knowledge Transformation: A Case for Workforce Diversity.” Journal of Diversity Management (JDM), vol. 9, no. 2, Nov. 2014, pp. 103-110.

    Ladimeij, Kazim. “Why Staff Resign; the Psychology of Quitting.” The Career Café, 31 March 2017. Updated 9 Jan. 2018. Web.

    Loehr, Anne. “Why You Need a New Strategy For Retaining Female Talent.” ReWork, 10 Aug. 2015. Web.

    Lucas, Suzanne. “How Much Employee Turnover Really Costs You.” Inc., 30 Aug. 2013. Web.

    Marttila, Paula. “5 Step Action Plan To Attract Women Join Tech Startups.” LinkedIn, 10 March 2016. Web.

    Mayor, Tracy. “Women in IT: How deep is the bench?” Computerworld, 19 Nov. 2012. Web.

    McCracken, Douglas M. “Winning the Talent War for Women: Sometimes It Takes a Revolution.” Harvard Business Review, Nov.-Dec. 2000. Web.

    McDonald’s Careers. McDonald’s, n.d. Web.

    McFeely, Shane, and Ben Wigert. “This Fixable Problem Costs U.S. Businesses $1 Trillion.” Gallup, Inc., 31 March 2019. Accessed 4 March 2022.

    Morgan, Jacob. The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate. John Wiley & Sons, Inc., 2017. Print.

    Napolitano, Amy. “How to Build a Successful Mentoring Program.” Training Industry, 20 April 2015. Web.

    Peck, Emily. “The Stats On Women In Tech Are Actually Getting Worse.” Huffington Post. 27 March 2015. Updated 6 Dec. 2017. Web. 20

    Porter, Jane. “Why Are Women Leaving Science, Engineering, And Tech Jobs?” Fast Company, 15 Oct. 2014. Web.

    Pratt, Siofra. “Emma Watson: Your New Recruitment Guru - How to: Attract, Source and Recruit Women.” SocialTalent, 25 Sept. 2014. Web.

    “RBC Diversity Blueprint 2012-2015.” 2012-2015 Report Card, RBC, 2015. Web.

    Richter, Felix. “Infographic: Women’s Representation in Big Tech.” Statista Infographics, 1 July 2021. Web.

    Rogers, Rikki. “5 Ways Companies Can Attract More Women (Aside From Offering to Freeze Their Eggs).” The Muse, n.d. Web.

    Sazzoid. “HOWTO recruit and retain women in tech workplaces.” Geek Feminism Wiki, 10 Jan. 2012. Updated 18 Aug. 2016. Web.

    Seiter, Courtney. “Why We Removed the Word ‘Hacker’ From Buffer Job Descriptions.” Buffer Open blog, 13 March 2015. Updated 31 Aug. 2018. Web.

    Serebrin, Jacob. “With tech giants like Google going after female talent, how can startups compete?” The Globe and Mail, 18 Jan. 2016. Updated 16 May 2018. Web.

    Snyder, Kieran. “Why women leave tech: It's the culture, not because 'math is hard'.” Fortune, 2 Oct. 2014. Web.

    Stackpole, Beth. “5 ways to attract and retain female technologists.” Computerworld, 7 March 2016. Web.

    Sullivan, John. “4 Stay Interview Formats You Really Should Consider.” Talent Management & HT, 5 Dec. 2013. Web.

    Syed, Nurhuda. “IWD 2021: Why Are Women Underrepresented in the C-Suite?” HRD America, 5 March 2021. Web.

    Sylvester, Cheryl. “How to empower women in IT (and beyond) on #InternationalWomenDay.” ITBUSINESS.CA, 31 March 2016. Web.

    “The Power of Parity: Advancing Women’s Equality in the United States.” McKinsey Global Institute, April 2016. Web.

    White, Cindy. “How to Promote Gender Equality in the Workplace.” Chron, 8 Aug. 2018. Web.

    White, Sarah. “Women in Tech Statistics: The Hard Truths of an Uphill Battle.” CIO From IDG Communication, Inc., 8 March 2021. Accessed 24 Feb. 2022.

    Master the Public Cloud IaaS Acquisition Models

    • Buy Link or Shortcode: {j2store}228|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $3,820 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Understanding the differences in IaaS platform agreements, purchasing options, associated value, and risks. What are your options for:

    • Upfront or monthly payments
    • Commitment discounts
    • Support options
    • Migration planning and support

    Our Advice

    Critical Insight

    IaaS platforms offer similar technical features, but they vary widely on their procurement model. By fully understanding the procurement differences and options, you will be able to purchase wisely, save money both long and short term, and mitigate investment risk.

    Most vendors have similar processes and options to buy. Finding a transparent explanation and summary of each platform in a side-by-side review is difficult.

    • Are vendor reps being straight forward?
    • What are the licensing requirements?
    • What discounts or incentives can I negotiate?
    • How much do I have to commit to and for how long?

    Impact and Result

    This project will provide several benefits for both IT and the business. It includes:

    • Best IaaS platform to support current and future procurement requirements.
    • Right-sized cloud commitment tailored to the organization’s budget.
    • Predictable and controllable spend model.
    • Flexible and reliable IT infrastructure that supports the lines of business.
    • Reduced financial and legal risk.

    Master the Public Cloud IaaS Acquisition Models Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to learn how the public cloud IaaS procurement models compare. Review Info-Tech’s methodology and understand the top three platforms, features, and benefits to support and inform the IaaS vendor choice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Educate

    Learn the IaaS basics, terminologies, purchasing options, licensing requirements, hybrid options, support, and organization requirements through a checklist process.

    • Master the Public Cloud IaaS Acquisition Models – Phase 1: Educate
    • Public Cloud Procurement Checklist
    • Microsoft Public Cloud Licensing Guide

    2. Evaluate

    Review and understand the features, downsides, and differences between the big three players.

    • Master the Public Cloud IaaS Acquisition Models – Phase 2: Evaluate
    • Public Cloud Procurement Comparison Summary

    3. Execute

    Decide on a primary vendor that meets requirements, engage with a reseller, negotiate pricing incentives, migration costs, review, and execute the agreement.

    • Master the Public Cloud IaaS Acquisition Models – Phase 3: Execute
    • Public Cloud Acquisition Executive Summary Template

    Infographic

    Define Your Cloud Vision

    • Buy Link or Shortcode: {j2store}448|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $182,333 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    The cloud permeates the enterprise technology discussion. It can be difficult to separate the hype from the value. Should everything go to the cloud, or is that sentiment stoked by vendors looking to boost their bottom lines? Not everything should go to the cloud, but coming up with a systematic way to determine what belongs where is increasingly difficult as offerings get more complex.

    Our Advice

    Critical Insight

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.

    Impact and Result

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Define Your Cloud Vision Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Your Cloud Vision – A step-by-step guide to generating, validating, and formalizing your cloud vision.

    The cloud vision storyboard walks readers through the process of generating, validating and formalizing a cloud vision, providing a framework and tools to assess workloads for their cloud suitability and risk.

    • Define Your Cloud Vision – Phases 1-4

    2. Cloud Vision Executive Presentation – A document that captures the results of the exercises, articulating use cases for cloud/non-cloud, risks, challenges, and high-level initiative items.

    The executive summary captures the results of the vision exercise, including decision criteria for moving to the cloud, risks, roadblocks, and mitigations.

    • Cloud Vision Executive Presentation

    3. Cloud Vision Workbook – A tool that facilitates the assessment of workloads for appropriate service model, delivery model, support model, and risks and roadblocks.

    The cloud vision workbook comprises several assessments that will help you understand what service model, delivery model, support model, and risks and roadblocks you can expect to encounter at the workload level.

    • Cloud Vision Workbook
    [infographic]

    Workshop: Define Your Cloud Vision

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Cloud

    The Purpose

    Align organizational goals to cloud characteristics.

    Key Benefits Achieved

    An understanding of how the characteristics particular to cloud can support organizational goals.

    Activities

    1.1 Generate corporate goals and cloud drivers.

    1.2 Identify success indicators.

    1.3 Explore cloud characteristics.

    1.4 Explore cloud service and delivery models.

    1.5 Define cloud support models and strategy components.

    1.6 Create state summaries for the different service and delivery models.

    1.7 Select workloads for further analysis.

    Outputs

    Corporate cloud goals and drivers

    Success indicators

    Current state summaries

    List of workloads for further analysis

    2 Assess Workloads

    The Purpose

    Evaluate workloads for cloud value and action plan.

    Key Benefits Achieved

    Action plan for each workload.

    Activities

    2.1 Conduct workload assessment using the Cloud Strategy Workbook tool.

    2.2 Discuss assessments and make preliminary determinations about the workloads.

    Outputs

    Completed workload assessments

    Workload summary statements

    3 Identify and Mitigate Risks

    The Purpose

    Identify and plan to mitigate potential risks in the cloud project.

    Key Benefits Achieved

    A list of potential risks and plans to mitigate them.

    Activities

    3.1 Generate a list of risks and potential roadblocks associated with the cloud.

    3.2 Sort risks and roadblocks and define categories.

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations.

    Outputs

    List of risks and roadblocks, categorized

    List of mitigations

    List of initiatives

    4 Bridge the Gap and Create the Strategy

    The Purpose

    Clarify your vision of how the organization can best make use of cloud and build a project roadmap.

    Key Benefits Achieved

    A clear vision and a concrete action plan to move forward with the project.

    Activities

    4.1 Review and assign work items.

    4.2 Finalize the decision framework for each of the following areas: service model, delivery model, and support model.

    4.3 Create a cloud vision statement

    Outputs

    Cloud roadmap

    Finalized task list

    Formal cloud decision rubric

    Cloud vision statement

    5 Next Steps and Wrap-Up

    The Purpose

    Complete your cloud vision by building a compelling executive-facing presentation.

    Key Benefits Achieved

    Simple, straightforward communication of your cloud vision to key stakeholders.

    Activities

    5.1 Build the Cloud Vision Executive Presentation

    Outputs

    Completed cloud strategy executive presentation

    Completed Cloud Vision Workbook.

    Further reading

    Define Your Cloud Vision

    Define your cloud vision before it defines you

    Analyst perspective

    Use the cloud’s strengths. Mitigate its weaknesses.

    The cloud isn’t magic. It’s not necessarily cheaper, better, or even available for the thing you want it to do. It’s not mysterious or a cure-all, and it does take a bit of effort to systematize your approach and make consistent, defensible decisions about your cloud services. That’s where this blueprint comes in.

    Your cloud vision is the culmination of this effort all boiled down into a single statement: “This is how we want to use the cloud.” That simple statement should, of course, be representative of – and built from – a broader, contextual strategy discussion that answers the following questions: What should go to the cloud? What kind of cloud makes sense? Should the cloud deployment be public, private, or hybrid? What does a migration look like? What risks and roadblocks need to be considered when exploring your cloud migration options? What are the “day 2” activities that you will need to undertake after you’ve gotten the ball rolling?

    Taken as a whole, answering these questions is difficult task. But with the framework provided here, it’s as easy as – well, let’s just say it’s easier.

    Jeremy Roberts

    Research Director, Infrastructure and Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You are both extrinsically motivated to move to the cloud (e.g. by vendors) and intrinsically motivated by internal digital transformation initiatives.
    • You need to define the cloud’s true value proposition for your organization without assuming it is an outsourcing opportunity or will save you money.
    • Your industry, once cloud-averse, is now normalizing the use of cloud services, but you have not established a basic cloud vision from which to develop a strategy at a later point.

    Common Obstacles

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations have a foot in the cloud already, but these decisions have been made in an ad hoc rather than systematic fashion.
    • You lack a consistent framework to assess your workloads’ suitability for the cloud.

    Info-Tech's Approach

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Info-Tech Insight: 1) Base migration decisions on cloud characteristics. If your justification for the migration is simply getting your workload out of the data center, think again. 2) Address the risks up front in your migration plan. 3) The cloud changes roles and calls for different skill sets, but Ops is here to stay.

    Your challenge

    This research is designed to help organizations who need to:

    • Identify workloads that are good candidates for the cloud.
    • Develop a consistent, cost-effective approach to cloud services.
    • Outline and mitigate risks.
    • Define your organization’s cloud archetype.
    • Map initiatives on a roadmap.
    • Communicate your cloud vision to stakeholders so they can understand the reasons behind a cloud decision and differentiate between different cloud service and deployment models.
    • Understand the risks, roadblocks, and limitations of the cloud.

    “We’re moving from a world where companies like Oracle and Microsoft and HP and Dell were all critically important to a world where Microsoft is still important, but Amazon is now really important, and Google also matters. The technology has changed, but most of the major vendors they’re betting their business on have also changed. And that’s super hard for people..” –David Chappell, Author and Speaker

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations already have a foot in the cloud, but the choice to explore these solutions was made in an ad hoc rather than systematic fashion. The cloud just sort of happened.
    • The lack of a consistent assessment framework means that some workloads that probably belong in the cloud are kept on premises or with hosted services providers – and vice versa.
    • Securing cloud expertise is remarkably difficult – especially in a labor market roiled by the global pandemic and the increasing importance of cloud services.

    Standard cloud challenges

    30% of all cloud spend is self-reported as waste. Many workloads that end up in the cloud don’t belong there. Many workloads that do belong in the cloud aren’t properly migrated. (Flexera, 2021)

    44% of respondents report themselves as under-skilled in the cloud management space. (Pluralsight, 2021)

    Info-Tech’s approach

    Goals and drivers

    • Service model
      • What type of cloud makes the most sense for workload archetypes? When does it make sense to pick SaaS over IaaS, for example?
    • Delivery model
      • Will services be delivered over the public cloud, a private cloud, or a hybrid cloud? What challenges accompany this decision?
    • Migration Path
      • What does the migration path look like? What does the transition to the cloud look like, and how much effort will be required? Amazon’s 6Rs framework captures migration options: rehosting, repurchasing, replatforming, and refactoring, along with retaining and retiring. Each workload should be assessed for its suitability for one or more of these paths.
    • Support model
      • How will services be provided? Will staff be trained, new staff hired, a service provider retained for ongoing operations, or will a consultant with cloud expertise be brought on board for a defined period? The appropriate support model is highly dependent on goals along with expected outcomes for different workloads.

    Highlight risks and roadblocks

    Formalize cloud vision

    Document your cloud strategy

    The Info-Tech difference:

    1. Determine the hypothesized value of cloud for your organization.
    2. Evaluate workloads with 6Rs framework.
    3. Identify and mitigate risks.
    4. Identify cloud archetype.
    5. Plot initiatives on a roadmap.
    6. Write action plan statement and goal statement.

    What is the cloud, how is it deployed, and how is service provided?

    Cloud Characteristics

    1. On-demand self-service: the ability to access reosurces instantly without vendor interaction
    2. Broad network access: all services delivered over the network
    3. Resource pooling: multi-tenant environment (shared)
    4. Rapid elasticity: the ability to expand and retract capabilities as needed
    5. Measured service: transparent metering

    Service Model:

    1. Software-as-a-Service: all but the most minor configuration is done by the vendor
    2. Platform-as-a-Service: customer builds the application using tools provided by the provider
    3. Infrastructure-as-a-Service: the customer manages OS, storage, and the application

    Delivery Model

    1. Public cloud: accessible to anyone over the internet; multi-tenant environment
    2. Private cloud: provisioned for a single organization with multiple units
    3. Hybrid cloud: two or more connected clouds; data is portage across them
    4. Community cloud: provisioned for a specific group of organizations

    (National Institute of Standards and Technology)

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances, good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you given your unique context.

    Migration paths

    In a 2016 blog post, Amazon introduced a framework for understanding cloud migration strategies. The framework presented here is slightly modified – including a “relocate” component rather than a “retire” component – but otherwise hews close to the standard.

    These migration paths reflect organizational capabilities and desired outcomes in terms of service models – cloud or otherwise. Retention means keeping the workload where it is, in a datacenter or a colocation service, or relocating to a colocation or hosted software environment. These represent the “non-cloud” migration paths.

    In the graphic on the right, the paths within the red box lead to the cloud. Rehosting means lifting and shifting to an infrastructure environment. Migrating a virtual machine from your VMware environment on premises to Azure Virtual machines is a quick way to realize some benefits from the cloud. Migrating from SQL Server on premises to a cloud-based SQL solution looks a bit more like changing platforms (replatforming). It involves basic infrastructure modification without a substantial architectural component.

    Refactoring is the most expensive of the options and involves engaging the software development lifecycle to build a custom solution, fundamentally rewriting the solution to be cloud native and take advantage of cloud-native architectures. This can result in a PaaS or an IaaS solution.

    Finally, repurchasing means simply going to market and procuring a new solution. This may involve migrating data, but it does not require the migration of components.

    Migration Paths

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Relocate

    • Move the workload between datacenters or to a hosted software/colocation provider.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud-native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Support model

    Support models by characteristic

    Duration of engagement Specialization Flexibility
    Internal IT Indefinite Varies based on nature of business Fixed, permanent staff
    Managed Service Provider Contractually defined General, some specialization Standard offering
    Consultant Project-based Specific, domain-based Entirely negotiable

    IT services, including cloud services, can be delivered and managed in multiple ways depending on the nature of the workload and the organization’s intended path forward. Three high-level options are presented here and may be more or less valuable based on the duration of the expected engagement with the service (temporary or permanent), the skills specialization required, and the flexibility necessary to complete the job.

    By way of example, a highly technical, short-term project with significant flexibility requirements might be a good fit for an expensive consultant, whereas post-implementation maintenance of a cloud email system requires relatively little specialization and flexibility and would therefore be a better fit for internal management.

    There is no universally applicable rule here, but there are some workloads that are generally a good fit for the cloud and others that are not as effective, with that fit being conditional on the appropriate support model being employed.

    Risks, roadblocks, and strategy components

    No two cloud strategies are exactly alike, but all should address 14 key areas. A key step in defining your cloud vision is an assessment of these strategy components. Lower maturity does not preclude an aggressive cloud strategy, but it does indicate that higher effort will be required to make the transition.

    Component Description Component Description
    Monitoring What will system owners/administrators need visibility into? How will they achieve this? Vendor Management What practices must change to ensure effective management of cloud vendors?
    Provisioning Who will be responsible for deploying cloud workloads? What governance will this process be subject to? Finance Management How will costs be managed with the transition away from capital expenditure?
    Migration How will cloud migrations be conducted? What best practices/standards must be employed? Security What steps must be taken to ensure that cloud services meet security requirements?
    Operations management What is the process for managing operations as they change in the cloud? Data Controls How will data residency, compliance, and protection requirements be met in the cloud?
    Architecture What general principles must apply in the cloud environment? Skills and roles What skills become necessary in the cloud? What steps must be taken to acquire those skills?
    Integration and interoperability How will services be integrated? What standards must apply? Culture and adoption Is there a cultural aversion to the cloud? What steps must be taken to ensure broad cloud acceptance?
    Portfolio Management Who will be responsible for managing the growth of the cloud portfolio? Governing bodies What formal governance must be put in place? Who will be responsible for setting standards?

    Cloud archetypes – a cloud vision component

    Once you understand the value of the cloud, your workloads’ general suitability for cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype.

    Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes.

    After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders.

    The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

    We can best support the organization's goals by:

    More Cloud

    Less Cloud

    Cloud Focused Cloud-Centric Providing all workloads through cloud delivery.
    Cloud-First Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”
    Cloud Opportunistic Hybrid Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.
    Integrated Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.
    Split Using the cloud for some workloads and traditional infrastructure resources for others.
    Cloud Averse Cloud-Light Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.
    Anti-Cloud Using traditional infrastructure resources and avoiding use of the cloud wherever possible.

    Info-Tech’s methodology for defining your cloud vision

    1. Understand the Cloud 2. Assess Workloads 3. Identify and Mitigate Risks 4. Bridge the Gap and Create the Vision
    Phase Steps
    1. Generate goals and drivers
    2. Explore cloud characteristics
    3. Create a current state summary
    4. Select workloads for analysis
    1. Conduct workload assessments
    2. Determine workload future state
    1. Generate risks and roadblocks
    2. Mitigate risks and roadblocks
    3. Define roadmap initiatives
    1. Review and assign work items
    2. Finalize cloud decision framework
    3. Create cloud vision
    Phase Outcomes
    1. List of goals and drivers
    2. Shared understanding of cloud terms
    3. Current state of cloud in the organization
    4. List of workloads to be assessed
    1. Completed workload assessments
    2. Defined workload future state
    1. List of risks and roadblocks
    2. List of mitigations
    3. Defined roadmap initiatives
    1. Cloud roadmap
    2. Cloud decision framework
    3. Completed Cloud Vision Executive Presentation

    Insight summary

    The cloud may not be right for you – and that’s okay!

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud first isn’t always the way to go.

    Not all clouds are equal

    It’s not “should I go to the cloud?” but “what service and delivery models make sense based on my needs and risk tolerance?” Thinking about the cloud as a binary can force workloads into the cloud that don’t belong (and vice versa).

    Bottom-up is best

    A workload assessment is the only way to truly understand the cloud’s value. Work from the bottom up, not the top down, understand what characteristics make a workload cloud suitable, and strategize on that basis.

    Your accountability doesn’t change

    You are still accountable for maintaining available, secure, functional applications and services. Cloud providers share some responsibility, but the buck stops where it always has: with you.

    Don’t customize for the sake of customization

    SaaS providers make money selling the same thing to everyone. When migrating a workload to SaaS, work with stakeholders to pursue standardization around a selected platform and avoid customization where possible.

    Best of both worlds, worst of both worlds

    Hybrid clouds are in fashion, but true hybridity comes with additional cost, administration, and other constraints. A convoy moves at the speed of its slowest member.

    The journey matters as much as the destination

    How you get there is as important as what “there” actually is. Any strategy that focuses solely on the destination misses out on a key part of the value conversation: the migration strategy.

    Blueprint benefits

    Cloud Vision Executive Presentation

    This presentation captures the results of the exercises and presents a complete vision to stakeholders including a desired target state, a rubric for decision making, the results of the workload assessments, and an overall risk profile.

    Cloud Vision Workbook

    This workbook includes the standard cloud workload assessment questionnaire along with the results of the assessment. It also includes the milestone timeline for the implementation of the cloud vision.

    Blueprint benefits

    IT Benefits

    • A consistent approach to the cloud takes the guesswork out of deployment decisions and makes it easier for IT to move on to the execution stage.
    • When properly incorporated, cloud services come with many benefits, including automation, elasticity, and alternative architectures (micro-services, containers). The cloud vision project will help IT readers articulate expected benefits and work towards achieving them.
    • A clear framework for incorporating organizational goals into cloud plans.

    Business benefits

    • Simple, well-governed access to high-quality IT resources.
    • Access to the latest and greatest in technology to facilitate remote work.
    • Framework for cost management in the cloud that incorporates OpEx and chargebacks/showbacks. A clear understanding of expected changes to cost modeling is also a benefit of a cloud vision.
    • Clarity for stakeholders about IT’s response (and contribution to) IT strategic initiatives.

    Measure the value of this blueprint

    Don’t take our word for it:

    • The cloud vision material in various forms has been offered for several years, and members have generally benefited substantially, both from cloud vision workshops and from guided implementations led by analysts.
    • After each engagement, we send a survey that asks members how they benefited from the experience. Of 30 responses, the cloud vision research has received an average score of 9.8/10. Real members have found significant value in the process.
    • Additionally, members reported saving between 2 and 120 days (for an average of 17), and financial savings ranged from $1,920 all the way up to $1.27 million, for an average of $170,577.90! If we drop outliers on both ends, the average reported value of a cloud vision engagement is $37, 613.
    • Measure the value by calculating the time saved from using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

    9.8/10 Average reported satisfaction

    17 Days Average reported time savings

    $37, 613 Average cost savings (adj.)

    Executive Brief Case Study

    Industry: Financial

    Source: Info-Tech workshop

    Anonymous financial institution

    A small East Coast financial institution was required to develop a cloud strategy. This strategy had to meet several important requirements, including alignment with strategic priorities and best practices, along with regulatory compliance, including with the Office of the Comptroller of the Currency.

    The bank already had a significant cloud footprint and was looking to organize and formalize the strategy going forward.

    Leadership needed a comprehensive strategy that touched on key areas including the delivery model, service models, individual workload assessments, cost management, risk management and governance. The output had to be consumable by a variety of audiences with varying levels of technical expertise and had to speak to IT’s role in the broader strategic goals articulated earlier in the year.

    Results

    The bank engaged Info-Tech for a cloud vision workshop and worked through four days of exercises with various IT team members. The bank ultimately decided on a multi-cloud strategy that prioritized SaaS while also allowing for PaaS and IaaS solutions, along with some non-cloud hosted solutions, based on organizational circumstances.

    Bank cloud vision

    [Bank] will provide innovative financial and related services by taking advantage of the multiplicity of best-of-breed solutions available in the cloud. These solutions make it possible to benefit from industry-level innovations, while ensuring efficiency, redundancy, and enhanced security.

    Bank cloud decision workflow

    • SaaS
      • Platform?
        • Yes
          • PaaS
        • No
          • Hosted
        • IaaS
          • Other

    Non-cloud

    Cloud

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this crticial project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off imediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge the take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    • Call #1: Discuss current state, challenges, etc.
    • Call #2: Goals, drivers, and current state.

    Phase 2

    • Call #3: Conduct cloud suitability assessment for selected workloads.

    Phase 3

    • Call #4: Generate and categorize risks.
    • Call #5: Begin the risk mitigation conversation.

    Phase 4

    • Call #6: Complete the risk mitigation process
    • Call #7: Finalize vision statement and cloud decision framework.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Offsite day
    Understand the cloud Assess workloads Identify and mitigate risks Bridge the gap and create the strategy Next steps and wrap-up (offsite)
    Activities

    1.1 Introduction

    1.2 Generate corporate goals and cloud drivers

    1.3 Identify success indicators

    1.4 Explore cloud characteristics

    1.5 Explore cloud service and delivery models

    1.6 Define cloud support models and strategy components

    1.7 Create current state summaries for the different service and delivery models

    1.8 Select workloads for further analysis

    2.1 Conduct workload assessments using the cloud strategy workbook tool

    2.2 Discuss assessments and make preliminary determinations about workloads

    3.1 Generate a list of risks and potential roadblocks associated with the cloud

    3.2 Sort risks and roadblocks and define categories

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations

    4.1 Review and assign work items

    4.2 Finalize the decision framework for each of the following areas:

    • Service model
    • Delivery model
    • Support model

    4.3 Create a cloud vision statement

    5.1 Build the Cloud Vision Executive Presentation
    Deliverables
    1. Corporate goals and cloud drivers
    2. Success indicators
    3. Current state summaries
    4. List of workloads for further analysis
    1. Completed workload assessments
    2. Workload summary statements
    1. List of risks and roadblocks, categorized
    2. List of mitigations
    3. List of initiatives
    1. Finalized task list
    2. Formal cloud decision rubric
    3. Cloud vision statement
    1. Completed cloud strategy executive presentation
    2. Completed cloud vision workbook

    Understand the cloud

    Build the foundations of your cloud vision

    Phase 1

    Phase 1

    Understand the Cloud

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    1.1.1 Generate organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    1.3.1 Record your current state

    1.4.1 Select workloads for further assessment

    This phase involves the following participants:

    IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders.

    It starts with shared understanding

    Stakeholders must agree on overall goals and what “cloud” means

    The cloud is a nebulous term that can reasonably describe services ranging from infrastructure as a service as delivered by providers like Amazon Web Services and Microsoft through its Azure platform, right up to software as a service solutions like Jira or Salesforce. These solutions solve different problems – just because your CRM would be a good fit for a migration to Salesforce doesn’t mean the same system would make sense in Azure or AWS.

    This is important because the language we use to talk about the cloud can color our approach to cloud services. A “cloud-first” strategy will mean something different to a CEO with a concept of the cloud rooted in Salesforce than it will to a system administrator who interprets it to mean a transition to cloud-hosted virtual machines.

    Add to this the fact that not all cloud services are hosted externally by providers (public clouds) and the fact that multiple delivery models can be engaged at once through hybrid or multi-cloud approaches, and it’s apparent that a shared understanding of the cloud is necessary for a coherent strategy to take form.

    This phase proceeds in four steps, each governed by the principle of shared understanding. The first requires a shared understanding of corporate goals and drivers. Step 2 involves coming to a shared understanding of the cloud’s unique characteristics. Step 3 requires a review of the current state. Finally, in Step 4, participants will identify workloads that are suitable for analysis as candidates for the cloud.

    Step 1.1

    Generate goals and drivers

    Activities

    1.1.1 Define organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • IT management
    • Core working group
    • Security
    • Applications
    • Infrastructure
    • Service management
    • Leadership

    Outcomes of this step

    • List of organizational goals
    • List of cloud drivers
    • Defined success indicators

    What can the cloud do for you?

    The cloud is not valuable for its own sake, and not all users derive the same value

    • The cloud is characterized by on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Any or all of those characteristics might be enough to make the cloud appealing, but in most cases, there is an overriding driver.
    • Multiple paths may lead to the cloud. Consider an organization with a need to control costs by showing back to business units, or perhaps by reducing capital expenditure – the cloud may be the most appropriate way to effect these changes. Conversely, an organization expanding rapidly and with a need to access the latest and greatest technology might benefit from the elasticity and pooled resources that major cloud providers can offer.
    • In these cases, the destination might be the same (a cloud solution) but the delivery model – public, private, or hybrid – and the decisions made around the key strategy components, including architecture, provisioning, and cost management, will almost certainly be different.
    • Defining goals, understanding cloud drivers, and – crucially – understanding what success means, are all therefore essential elements of the cloud vision process.

    1.1.1 Generate organizational goals

    1-3 hours

    Input

    • Strategy documentation

    Output

    • Organizational goals

    Materials

    • Whiteboard (digital/physical)

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. As a group, brainstorm organizational goals, ideally based on existing documentation
      • Review relevant corporate and IT strategies.
      • If you do not have access to internal documentation, review the standard goals on the next slide and select those that are most relevant for you.
    2. Record the most important business goals in the Cloud Vision Executive Presentation. Include descriptions where possible to ensure wide readability.
    3. Make note of these goals. They should inform the answers to prompts offered in the Cloud Vision Workbook and should be a consistent presence in the remainder of the visioning exercise. If you’re conducting the session in person, leave the goals up on a whiteboard and make reference to them throughout the workshop.

    Cloud Vision Executive Presentation

    Standard COBIT 19 enterprise goals

    1. Portfolio of competitive products and services
    2. Managed business risk
    3. Compliance with external laws and regulations
    4. Quality of financial information
    5. Customer-oriented service culture
    6. Business service continuity and availability
    7. Quality of management information
    8. Optimization of internal business process functionality
    9. Optimization of business process costs
    10. Staff skills, motivation, and productivity
    11. Compliance with internal policies
    12. Managed digital transformation programs
    13. Product and business innovation

    1.1.2 Define cloud drivers

    30-60 minutes

    Input

    • Organizational goals
    • Strategy documentation
    • Management/staff perspective

    Output

    • List of cloud drivers

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. Cloud drivers sit at a level of abstraction below organizational goals. Keeping your organizational goals in mind, have each participant in the session write down how they expect to benefit from the cloud on a sticky note.
    2. Solicit input one at a time and group similar responses. Encourage participants to bring forward their cloud goals even if similar goals have been mentioned previously. The number of mentions is a useful way to gauge the relative weight of the drivers.
    3. Once this is done, you should have a few groups of similar drivers. Work with the group to name each category. This name will be the driver reported in the documentation.
    4. Input the results of the exercise into the Cloud Vision Executive Presentation, and include descriptions based on the constituent drivers. For example, if a driver is titled “do more valuable work,” the constituent drivers might be “build cloud skills,” “focus on core products,” and “avoid administration work where possible.” The description would be based on these components.

    Cloud Vision Executive Presentation

    1.1.3 Define success indicators

    1 hour

    Input

    • Cloud drivers
    • Organizational goals

    Output

    • List of cloud driver success indicators

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. On a whiteboard, draw a table with each of the cloud drivers (identified in 1.1.2) across the top.
    2. Work collectively to generate success indicators for each cloud driver. In this case, a success indicator is some way you can report your progress with the stated driver. It is a real-world proxy for the sometimes abstract phenomena that make up your drivers. Think about what would be true if your driver was realized.
      1. For example, if your driver is “faster access to resources,” you might consider indicators like developer satisfaction, project completion time, average time to provision, etc.
    3. Once you are satisfied with your list of indicators, populate the slide in the Cloud Vision Executive Presentation for validation from stakeholders.

    Cloud Vision Executive Presentation

    Step 1.2

    Explore cloud characteristics

    Activities

    Understand the value of the cloud:

    • Review delivery models
    • Review support models
    • Review service models
    • Review migration paths

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • Core working group
    • Architecture
    • Engineering
    • Security

    Outcomes of this step

    • Understanding of cloud service models and value

    Defining the cloud

    Per NIST, the cloud has five fundamental characteristics. All clouds have these characteristics, even if they are executed in somewhat different ways between delivery models, service models, and even individual providers.

    Cloud characteristics

    On-demand self-service

    Cloud customers are capable of provisioning cloud resources without human interaction (e.g. contacting sales), generally through a web console.

    Broad network access

    Capabilities are designed to be delivered over a network and are generally intended for access by a wide variety of platform types (cloud services are generally device-agnostic).

    Resource pooling

    Multiple customers (internal, in the case of private clouds) make use of a highly abstracted shared infrastructure managed by the cloud provider.

    Rapid elasticity

    Customers are capable of provisioning additional resources as required, pulling from a functionally infinite pool of capacity. Cloud resources can be spun-down when no longer needed.

    Measured service

    Consumption is metered based on an appropriate unit of analysis (number of licenses, storage used, compute cycles, etc.) and billing is transparent and granular.

    Cloud delivery models

    The NIST definition of cloud computing outlines four cloud delivery models: public, private, hybrid, and community clouds. A community cloud is like a private cloud, but it is provisioned for the exclusive use of a like-minded group of organizations, usually in a mutually beneficial, non-competitive arrangement. Universities and hospitals are examples of organizations that can pool their resources in this way without impacting competitiveness. The Info-Tech model covers three key delivery models – public, private, and hybrid, and an overarching model (multi-cloud) that can comprise more than one of the other models – public + public, public + hybrid, etc.

    Public

    The cloud service is provisioned for access by the general public (customers).

    Private

    A private cloud has the five key characteristics, but is provisioned for use by a single entity, like a company or organization.

    Hybrid

    Hybridity essentially refers to interoperability between multiple cloud delivery models (public +private).

    Multi

    A multi-cloud deployment requires only that multiple clouds are used without any necessary interoperability (Nutanix, 2019).

    Public cloud

    This is what people generally think about when they talk about cloud

    • The public cloud is, well, public! Anyone can make use of its resources, and in the case of the major providers, capacity is functionally unlimited. Need to store exabytes of data in the cloud? No problem! Amazon will drive a modified shipping container to your datacenter, load it up, and “migrate” it to a datacenter.
    • Public clouds offer significant variety on the infrastructure side. Major IaaS providers, like Microsoft and Amazon, offer dozens of services across many different categories including compute, networking, and storage, but also identity, containers, machine learning, virtual desktops, and much, much more. (See a list from Microsoft here, and Amazon here)
    • There are undoubtedly strengths to the public cloud model. Providers offer the “latest and greatest” and customers need not worry about the details, including managing infrastructure and physical locations. Providers offer built-in redundancy, multi-regional deployments, automation tools, management and governance solutions, and a variety of leading-edge technologies that would not be feasible for organizations to run in-house, like high performance compute, blockchain, or quantum computing.
    • Of course, the public cloud is not all sunshine and rainbows – there are downsides as well. It can be expensive; it can introduce regulatory complications to have to trust another entity with your key information. Additionally, there can be performance hiccups, and with SaaS products, it can be difficult to monitor at the appropriate (per-transaction) level.

    Prominent examples include:

    AWS

    Microsoft

    Azure

    Salesforce.com

    Workday

    SAP

    Private cloud

    A lower-risk cloud for cloud-averse customers?

    • A cloud is a cloud, no matter how small. Some IT shops deploy private clouds that make use of the five key cloud characteristics but provisioned for the exclusive use of a single entity, like a corporation.
    • Private clouds have numerous benefits. Some potential cloud customers might be uncomfortable with the shared responsibility that is inherent in the public cloud. Private clouds allow customers to deliver flexible, measured services without having to surrender control, but they require significant overhead, capital expenditure, administrative effort, and technical expertise.
    • According to the 2021 State of the Cloud Report, private cloud use is common, and the most frequently cited toolset is VMware vSphere, followed by Azure Stack, OpenStack, and AWS Outposts. Private cloud deployments are more common in larger organizations, which makes sense given the overhead required to manage such an environment.

    Private cloud adoption

    The images shows a graph titled Private Cloud Adoption for Enterprises. It is a horizontal bar graph, with three segments in each bar: dark blue marking currently use; mid blue marking experimenting; and light blue marking plan to use.

    VMware and Microsoft lead the pack among private cloud customers, with Amazon and Red Hat also substantially present across private cloud environments.

    Hybrid cloud

    The best of both worlds?

    Hybrid cloud architectures combine multiple cloud delivery models and facilitate some level of interoperability. NIST suggests bursting and load balancing as examples of hybrid cloud use cases. Note: it is not sufficient to simply have multiple clouds running in parallel – there must be a toolset that allows for an element of cross-cloud functionality.

    This delivery model is attractive because it allows users to take advantage of the strengths of multiple service models using a single management pane. Bursting across clouds to take advantage of additional capacity or disaster recovery capabilities are two obvious use cases that appeal to hybrid cloud users.

    But while hybridity is all the rage (especially given the impact Covid-19 has had on the workplace), the reality is that any hybrid cloud user must take the good with the bad. Multiple clouds and a management layer can be technically complex, expensive, and require maintaining a physical infrastructure that is not especially valuable (“I thought we were moving to the cloud to get out of the datacenter!”).

    Before selecting a hybrid approach through services like VMware Cloud on AWS or Microsoft’s Azure Stack, consider the cost, complexity, and actual expected benefit.

    Amazon, Microsoft, and Google dominate public cloud IaaS, but IBM is betting big on hybrid cloud:

    The image is a screencap of a tweet from IBM News. The tweet reads: IBM CEO Ginni Rometty: Hybrid cloud is a trillion dollar market and we'll be number one #Think2019.

    With its acquisition of Red Hat in 2019 for $34 billion, Big Blue put its money where its mouth is and acquired a substantial hybrid cloud business. At the time of the acquisition, Red Hat’s CEO, Jim Whitehurst, spoke about the benefit IBM expected to receive:

    “Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility” (Red Hat, 2019).

    Multi-cloud

    For most organizations, the multi-cloud is the most realistic option.

    Multi-cloud is popular!

    The image shows a graph titled Multi-Cloud Architectures Used, % of all Respondents. The largest percentage is Apps siloed on different clouds, followed by DAta integration between clouds.

    Multi-cloud solutions exist at a different layer of abstraction from public, private, and even hybrid cloud delivery models. A multi-cloud architecture, as the name suggests, requires the user to be a customer of more than one cloud provider, and it can certainly include a hybrid cloud deployment, but it is not bound by the same rules of interoperability.

    Many organizations – especially those with fewer resources or a lack of a use case for a private cloud – rely on a multi-cloud architecture to build applications where they belong, and they manage each environment separately (or occasionally with the help of cloud management platforms).

    If your data team wants to work in AWS and your enterprise services run on basic virtual machines in Azure, that might be the most effective architecture. As the Flexera 2021 State of the Cloud Report suggests, this architecture is far more common than the more complicated bursting or brokering architectures characteristic of hybrid clouds.

    NIST cloud service models

    Software as a service

    SaaS has exploded in popularity with consumers who wish to avail themselves of the cloud’s benefits without having to manage underlying infrastructure components. SaaS is simple, generally billed per-user per-month, and is almost entirely provider-managed.

    Platform as a service

    PaaS providers offer a toolset for their customers to run custom applications and services without the requirement to manage underlying infrastructure components. This service model is ideal for custom applications/services that don’t benefit from highly granular infrastructure control.

    Infrastructure as a service

    IaaS represents the sale of components. Instead of a service, IaaS providers sell access to components, like compute, storage, and networking, allowing for customers to build anything they want on top of the providers’ infrastructure.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem,” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS, or might offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises), and this can be perfectly effective. It must be consistent and intentional, however.

    On-prem Co-Lo IaaS PaaS SaaS
    Application Application Application Application Application
    Database Database Database Database Database
    Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware
    OS OS OS OS OS
    Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor
    Server Network Storage Server Network Storage Server Network Storage Server Network Storage Server Network Storage
    Facilities Facilities Facilities Facilities Facilities

    Organization has control

    Organization or vendor may control

    Vendor has control

    Analytics folly

    SaaS is good, but it’s not a panacea

    Industry: Healthcare

    Source: Info-Tech workshop

    Situation

    A healthcare analytics provider had already moved a significant number of “non-core workloads” to the cloud, including email, HRIS, and related services.

    The company CEO was satisfied with the reduced effort required by IT to manage SaaS-based workloads and sought to extend the same benefits to the core analytics platform where there was an opportunity to reduce overhead.

    Complication

    Many components of the health analytics service were designed to run specifically in a datacenter and were not ready to be migrated to the cloud without significant effort/refactoring. SaaS was not an option because this was a core platform – a SaaS provider would have been the competition.

    That left IaaS, which was expensive and would not bring the expected benefits (reduced overhead).

    Results

    The organization determined that there were no short-term gains from migrating to the cloud. Due to the nature of the application (its extensive customization, the fact that it was a core product sold by the company) any steps to reduce operational overhead were not feasible.

    The CEO recognized that the analytics platform was not a good candidate for the cloud and what distinguished the analytics platform from more suitable workloads.

    Migration paths

    In a 2016 blog post, Amazon Web Services articulated a framework for cloud migration that incorporates elements of the journey as well as the destination. If workload owners do not choose to retain or retire their workloads, there are four alternatives. These alternatives all stack up differently along five key dimensions:

    1. Value: does the workload stand to benefit from unique cloud characteristics? To what degree?
    2. Effort: how much work would be required to make the transition?
    3. Cost: how much money is the migration expected to cost?
    4. Time: how long will the migration take?
    5. Skills: what skills must be brought to bear to complete the migration?

    Not all migration paths can lead to all destinations. Rehosting generally means IaaS, while repurchasing leads to SaaS. Refactoring and replatforming have some variety of outcomes, and it becomes possible to take advantage of new IaaS architectures or migrate workloads over fully to SaaS.

    As part of the workload assessment process, use the five dimensions (expanded upon on the next slide) to determine what migration path makes sense. Preferred migration paths form an important part of the overall cloud vision process.

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Retire

    • Get rid of the application completely.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Migration paths – relative value

    Migration path Value Effort Cost Time Skills
    Retain No real change in the absolute value of the workload if it is retained. No effort beyond ongoing workload maintenance. No immediate hard dollar costs, but opportunity costs and technical debt abound. No time required! (At least not right away…) Retaining requires the same skills it has always required (which may be more difficult to acquire in the future).
    Rehire A retired workload can provide no value, but it is not a drain! Spinning a service down requires engaging that part of the lifecycle. N/A Retiring the service may be simple or complicated depending on its current role. N/A
    Rehost Some value comes with rehosting, but generally components stay the same (VM here vs. a VM there). Minimal effort required, especially with automated tools. The effort will depend on the environment being migrated. Relatively cheap compared to other options. Rehosting infrastructure is the simplest cloud migration path and is useful for anyone in a hurry. Rehosting is the simplest cloud migration path for most workloads, but it does require basic familiarity with cloud IaaS.

    Replatform

    Replatformed workloads can take advantage of cloud-native services (SQL vs. SQLaaS). Replatforming is more effortful than rehosting, but less effortful than refactoring. Moderate cost – does not require fundamental rearchitecture, just some tweaking. Relatively more complicated than a simple rehost, but less demanding than a refactor. Platform and workload expertise is required; more substantial than a simple rehost.
    Refactor A fully formed, customized cloud-based workload that can take advantage of cloud-native architectures is generally quite valuable. Significant effort required based on the requirement to engage the full SDLC. Significant cost required to engage SDLC and rebuild the application/service. The most complicated and time-consuming. The most complicated and time-consuming.
    Repurchase Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Configuration – especially for massive projects – can be time consuming, but in general repurchasing can be quite fast. Buying software does require knowledge of requirements and integrations, but is otherwise quite simple.

    Where should you get your cloud skills?

    Cloud skills are certainly top of mind right now. With the great upheaval in both work patterns and in the labor market more generally, expertise in cloud-related areas is simultaneously more valuable and more difficult to procure. According to Pluralsight’s 2021 “State of Upskilling” report, 44% of respondents report themselves under-skilled in the cloud management area, making cloud management the most significant skill gap reported on the survey.

    Everyone left the office. Work as we know it is fundamentally altered for a generation or more. Cloud services shot up in popularity by enabling the transition. And yet there is a gap – a prominent gap – in skilling up for this critically important future. What is the cloud manager to do?

    Per the framework presented here, that manager has three essential options. They may take somewhat different forms depending on specific requirements and the quirks of the local market, but the options are:

    1. Train or hire internal resources: This might be easier said than done, especially for more niche skills, but makes sense for workloads that are critical to operations for the long term.
    2. Engage a managed service provider: MSPs are often engaged to manage services where internal IT lacks bandwidth or expertise.
    3. Hire a consultant: Consultants are great for time-bound implementation projects where highly specific expertise is required, such as a migration or implementation project.

    Each model makes sense to some degree. When evaluating individual workloads for cloud suitability, it is critical to consider the support model – both immediate and long term. What makes sense from a value perspective?

    Cloud decisions – summary

    A key component of the Info-Tech cloud vision model is that it is multi-layered. Not every decision must be made at every level. At the workload level, it makes sense to select service models that make sense, but each workload does not need its own defined vision. Workload-level decisions should be guided by an overall strategy but applied tactically, based on individual workload characteristics and circumstances.

    Conversely, some decisions will inevitably be applied at the environment level. With some exceptions, it is unlikely that cloud customers will build an entire private/hybrid cloud environment around a single solution; instead, they will define a broader strategy and fit individual workloads into that strategy.

    Some considerations exist at both the workload and environment levels. Risks and roadblocks, as well as the preferred support model, are concerns that exist at both the environment level and at the workload level.

    The image is a Venn diagram, with the left side titled Workload level, and the right side titled Environment Level. In the left section are: service model and migration path. On the right section are: Overall vision and Delivery model. In the centre section are: support model and Risks and roadblocks.

    Step 1.3

    Create a current state summary

    Activities

    1.3.1 Record your current state

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants: Core working group

    Outcomes of this step

    • Current state summary of cloud solutions

    1.3.1 Record your current state

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • Current state cloud summary for service, delivery, and support models

    Materials

    • Whiteboard

    Participants

    • Core working group
    • Infrastructure team
    • Service owners
    1. On a whiteboard (real or virtual) draw a table with each of the cloud service models across the top. Leave a cell below each to list examples.
    2. Under each service model, record examples present in your environment. The purpose of the exercise is to illustrate the existence of cloud services in your environment or the lack thereof, so there is no need to be exhaustive. Complete this in turn for each service model until you are satisfied that you have created an effective picture of your current cloud SaaS state, IaaS state, etc.
    3. Input the results into their own slide titled “current state summary” in the Cloud Vision Executive Presentation.
    4. Repeat for the cloud delivery models and support models and include the results of those exercises as well.
    5. Create a short summary statement (“We are primarily a public cloud consumer with a large SaaS footprint and minimal presence in PaaS and IaaS. We retain an MSP to manage our hosted telephony solution; otherwise, everything is handled in house.”

    Cloud Vision Executive Presentation

    Step 1.4

    Select workloads for current analysis

    Activities

    1.4.1 Select workloads for assessment

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of workloads for assessment

    Understand the cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    1.4.1 Select workloads for assessment

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • List of workloads to be assessed

    Materials

    • Whiteboard
    • Cloud Vision Workbook

    Participants

    • Core working group
    • IT management
    1. In many cases, the cloud project is inspired by a desire to move a particular workload or set of workloads. Solicit feedback from the core working group about what these workloads might be. Ask everyone in the meeting to suggest a workload and record each one on a sticky note or white board (virtual or physical).
    2. Discuss the results with the group and begin grouping similar workloads together. They will be subject to the assessments in the Cloud Vision Workbook, so try to avoid selecting too many workloads that will produce similar answers. It might not be obvious, but try to think about workloads that have similar usage patterns, risk levels, and performance requirements, and select a representative group.
    3. You should embrace counterintuition by selecting a workload that you think is unlikely to be a good fit for the cloud if you can and subjecting it to the assessment as well for validation purposes.
    4. When you have a list of 4-6 workloads, record them on tab 2 of the Cloud Vision Workbook.

    Cloud Vision Workbook

    Assess your cloud workloads

    Build the foundations of your cloud vision

    Phase 2

    Phase 2

    Evaluate Cloud Workloads

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Conduct workload assessments
    • Determine workload future state

    This phase involves the following participants:

    • Subject matter experts
    • Core working group
    • IT management

    Define Your Cloud Vision

    Work from the bottom up and assess your workloads

    A workload-first approach will help you create a realistic vision.

    The concept of a cloud vision should unquestionably be informed by the nature of the workloads that IT is expected to provide for the wider organization. The overall cloud vision is no greater than the sum of its parts. You cannot migrate to the cloud in the abstract. Workloads need to go – and not all workloads are equally suitable for the transition.

    It is therefore imperative to understand which workloads are a good fit for the cloud, which cloud service models make the most sense, how to execute the migration, what support should look like, and what risks and roadblocks you are likely to encounter as part of the process.

    That’s where the Cloud Vision Workbook comes into play. You can use this tool to assess as many workloads as you’d like – most people get the idea after about four – and by the end of the exercise, you should have a pretty good idea about where your workloads belong, and you’ll have a tool to assess any net new or previously unconsidered workloads.

    It’s not so much about the results of the assessment – though these are undeniably important – but about the learnings gleaned from the collaborative assessment exercise. While you can certainly fill out the assessment without any additional input, this exercise is most effective when completed as part of a group.

    Introducing the Cloud Vision Workbook

    • The Cloud Vision Workbook is an Excel tool that answers the age old question: “What should I do with my workloads?”
    • It is divided into eight tabs, each of which offers unique value. Start by reading the introduction and inputting your list of workloads. Work your way through tabs 3-6, completing the suitability, migration, management, and risk and roadblock assessments, and review the results on tab 7.
    • If you choose to go through the full battery of assessments for each workload, expect to answer and weight 111 unique questions across the four assessments. This is an intensive exercise, so carefully consider which assessments are valuable to you, and what workloads you have time to assess.
    • Tab 8 hosts the milestone timeline and captures the results of the phase 3 risk and mitigation exercise.

    Understand Cloud Vision Workbook outputs

    The image shows a graphic with several graphs and lists on it, with sections highlighted with notes. At the top, there's the title Database with the note Workload title (populated from tab 2). Below that, there is a graph with the note Relative suitability of the five service models. The Risks and roadblocks section includes the note: The strategy components – the risks and roadblocks – are captured relative to one another to highlight key focus areas. To the left of that, there is a Notes section with the note Notes populated based on post-assessment discussion. At the bottom, there is a section titled Where should skills be procured?, with the note The radar diagram captures the recommended support model relative to the others (MSP, consultant, internal IT). To the right of that, there is a section titled Migration path, with the note that Ordered list of migration paths. Note: a disconnect here with the suggested service model may indicate an unrealistic goal state.

    Step 2.1

    Conduct workload assessments

    Activities

    2.1.1 Conduct workload assessments

    2.1.2 Interpret your results

    Phase Title

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • Core working group
    • Workload subject matter experts

    Outcomes of this step

    • Completed workload assessments

    2.1.1 Conduct workload assessments

    2 hours per workload

    Input

    • List of workloads to be assessed

    Output

    • Completed cloud vision assessments

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. The Cloud Vision Workbook is your one stop shop for all things workload assessment. Open the tool to tab 2 and review the workloads you identified at the end of phase 1. Ensure that these are correct. Once satisfied, project the tool (virtually, if necessary) so that all participants can see the assessment questions.
    2. Work through tabs 3-6, answering the questions and assigning a multiplier for each one. A higher multiplier increases the relative weight of the question, giving it a greater impact on the overall outcome.
    3. Do your best to induce participants to offer opinions. Consensus is not absolutely necessary, but it is a good goal. Ask your participants if they agree with initial responses and occasionally take the opposite position (“I’m surprised you said agree – I would have thought we didn’t care about CapEx vs. OpEx”). Stimulate discussion.
    4. Highlight any questions that you will need to return to or run by someone not present. Include a placeholder answer, as the tool requires all cells to be filled for computation.

    Cloud Vision Workbook

    2.1.2 Interpret your results

    10 minutes

    Input

    • Completed cloud vision assessments

    Output

    • Shared understanding of implications

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. Once you’ve completed all 111 questions for each workload, you can review your results on tab 7. On tab 7, you will see four populated graphics: cloud suitability, migration path, “where should skills be procured?”, and risks and roadblocks. These represent the components of the overall cloud vision that you will present to stakeholders.
    2. The “cloud suitability” chart captures the service model that the assessment judges to be most suitable for the workload. Ask those present if any are surprised by the output. If there is any disagreement, discuss the source of the surprise and what a more realistic outcome would be. Revisit the assessment if necessary.
    3. Conduct a similar exercise with each of the other outputs. Does it make sense to refactor the workload based on its cloud suitability? Does the fact that we scored so highly on the “consultant” support model indicate something about how we handle upskilling internally? Does the profile of risks and roadblocks identified here align with expectations? What should be ranked higher? What about lower?
    4. Once everyone is generally satisfied with the results, close the tool and take a break! You’ve earned it.

    Cloud Vision Workbook

    Understand the cloud strategy components

    Each cloud strategy will take a slightly different form, but all should contain echoes of each of these components. This process will help you define your vision and direction, but you will need to take steps to execute on that vision. The remainder of the cloud strategy, covered in the related blueprint Document Your Cloud Strategy comprises these fourteen topics divided across three categories: people, governance, and technology. The workload assessment covers these under risks and roadblocks and highlights areas that may require specific additional attention. When interpreting the results, think of these areas as comprising things that you will need to do to make your vision a reality.

    People

    • Skills and roles
    • Culture and adoption
    • Governing bodies

    Governance

    • Architecture
    • Integration and interoperability
    • Operations management
    • Cloud portfolio management
    • Cloud vendor management
    • Finance management
    • Security
    • Data controls

    Technology

    • Monitoring
    • Provisioning
    • Migration

    Strategy component: People

    People form the core of any good strategy. As part of your cloud vision, you will need to understand the implications a cloud transition will have on your staff and users, whether those users are internal or external.

    Component Description Challenges
    Skills and roles The move to the cloud will require staff to learn how to handle new technology and new operational processes. The cloud is a different way of procuring IT resources and may require the definition of new roles to handle things like cost management and provisioning. Staff may not have the necessary experience to migrate to a cloud environment or to effectively manage resources once the cloud transition is made. Cloud skills are difficult to hire for, and with the ever-changing nature of the platforms themselves, this shows no sign of abating. Redefining roles can also be politically challenging and should be done with due care and consideration.
    Culture and adoption If you build it, they will come…right? It is not always the case that a new service immediately attracts users. Ensuring that organizational culture aligns with the cloud vision is a critical success factor. Equally important is ensuring that cloud resources are used as intended. Those unfamiliar with cloud resources may be less willing to learn to use them. If alternatives exist (e.g. a legacy service that has not been shut down), or if those detractors are influential, this resistance may impede your cloud execution. Also, if the cloud transition involves significant effort or a fundamental rework (e.g. a DevOps transition) this role redefinition could cause some internal turmoil.
    Governing bodies A large-scale cloud deployment requires formal governance. Formal governance requires a governing body that is ultimately responsible for designing the said governance. This could take the form of a “center of excellence” or may rest with a single cloud architect in a smaller, less complicated environment. Governance is difficult. Defining responsibilities in a way that includes all relevant stakeholders without paralyzing the decision-making process is difficult. Implementing suggestions is a challenge. Navigating the changing nature of service provision (who can provision their own instances or assign licenses?) can be difficult as well. All these concerns must be addressed in a cloud strategy.

    Strategy component: Governance

    Without guardrails, the cloud deployment will grow organically. This has strengths (people tend to adopt solutions that they select and deploy themselves), but these are more than balanced out by the drawbacks that come with inconsistency, poor administration, duplication of services, suboptimal costing, and any number of other unique challenges. The solution is to develop and deploy governance. The following list captures some of the necessary governance-related components of a cloud strategy.

    Component Description Challenges
    Architecture Enterprise architecture is an important function in any environment with more than one interacting workload component (read: any environment). The cloud strategy should include an approach to defining and implementing a standard cloud architecture and should assign responsibility to an individual or group. Sometimes the cloud transition is inspired by the desire to rearchitect. The necessary skills and knowledge may not be readily available to design and transition to a microservices-based environment, for example, vs. a traditional monolithic application architecture. The appropriateness of a serverless environment may not be well understood, and it may be the case that architects are unfamiliar with cloud best practices and reference architectures.
    Integration and interoperability Many services are only highly functional when integrated with other services. What is a database without its front-end? What is an analytics platform without its data lake? For the cloud vision to be properly implemented, a strategy for handling integration and interoperability must be developed. It may be as simple as “all SaaS apps must be compatible with Okta” but it must be there. Migration to the cloud may require a fundamentally new approach to integration, moving away from a point-to-point integrations and towards an ESB or data lake. In many cases, this is easier said than done. Centralization of management may be appealing, but legacy applications – or those acquired informally in a one-off fashion – might not be so easy to integrate into a central management platform.
    Operations management Service management (ITIL processes) must be aligned with your overall cloud strategy. Migrating to the cloud (where applicable) will require refining these processes, including incident, problem, request, change, and configuration management, to make them more suitable for the cloud environment. Operations management doesn’t go away in the cloud, but it does change in line with the transition to shared responsibility. Responding to incidents may be more difficult on the cloud when troubleshooting is a vendor’s responsibility. Change management in a SaaS environment may be more receptive than staff are used to as cloud providers push changes out that cannot be rolled back.

    Strategy component: Governance (cont.)

    Component Description Challenges
    Cloud portfolio management This component refers to the act of managing the portfolio of cloud services that is available to IT and to business users. What requirements must a SaaS service meet to be onboarded into the environment? How do we account for exceptions to our IaaS policy? What about services that are only available from a certain provider? Rationalizing services offers administrative benefits, but may make some tasks more difficult for end users who have learned things a certain way or rely on niche toolsets. Managing access through a service catalog can also be challenging based on buy-in and ongoing administration. It is necessary to develop and implement policy.
    Cloud vendor management Who owns the vendor management function, and what do their duties entail? What contract language must be standard? What does due diligence look like? How should negotiations be conducted? What does a severing of the relationship look like? Cloud service models are generally different from traditional hosted software and even from each other (e.g. SaaS vs. PaaS). There is a bit of a learning curve when it comes to dealing with vendors. Also relevant: the skills that it takes to build and maintain a system are not necessarily the same as those required to coherently interact with a cloud vendor.
    Finance management Cloud services are, by definition, subject to a kind of granular, operational billing that many shops might not be used to. Someone will need to accurately project and allocate costs, while ensuring that services are monitored for cost abnormalities. Cloud cost challenges often relate to overall expense (“the cloud is more expensive than an alternative solution”), expense variability (“I don’t know what my budget needs to be this quarter”), and cost complexity (“I don’t understand what I’m paying for – what’s an Elastic Beanstalk?”).
    Security The cloud is not inherently more or less secure than a premises-based alternative, though the risk profile can be different. Applying appropriate security governance to ensure workloads are compliant with security requirements is an essential component of the strategy.

    Technical security architecture can be a challenge, as well as navigating the shared responsibility that comes with a cloud transition. There are also a plethora of cloud-specific security tools like cloud access security brokers (CASBs), cloud security posture management (CSPM) solutions, and even secure access services edge (SASE) technology.

    Data controls Data residency, classification, quality, and protection are important considerations for any cloud strategy. With cloud providers taking on outsized responsibility, understanding and governing data is essential. Cloud providers like to abstract away from the end user, and while some may be able to guarantee residency, others may not. Additionally, regulations may prevent some data from going to the cloud, and you may need to develop a new organizational backup strategy to account for the cloud.

    Strategy component: Technology

    Good technology will never replace good people and effective process, but it remains important in its own right. A migration that neglects the undeniable technical components of a solid cloud strategy is doomed to mediocrity at best and failure at worst. Understanding the technical implications of the cloud vision – particularly in terms of monitoring, provisioning, and migration – makes all the difference. You can interpret the results of the cloud workload assessments by reviewing the details presented here.

    Component Description Challenges
    Monitoring The cloud must be monitored in line with performance requirements. Staff must ensure that appropriate tools are in place to properly monitor cloud workloads and that they are capturing adequate and relevant data. Defining requirements for monitoring a potentially unfamiliar environment can be difficult, as can consolidating on a monitoring solution that both meets requirements and covers all relevant areas. There may be some upskilling and integration work required to ensure that monitoring works as required.
    Provisioning How will provisioning be done? Who will be responsible for ensuring the right people have access to the right resources? What tooling must be deployed to support provisioning goals? What technical steps must be taken to ensure that the provisioning is as seamless as possible? There is the inevitable challenge of assigning responsibility and accountability in a changing infrastructure and operations environment, especially if the changes are substantial (e.g. a fundamental operating model shift, reoriented around the cloud). Staff may also need to familiarize themselves with cloud-based provisioning tools like Ansible, Terraform, or even CloudFormation.
    Migration The act of migrating is important as well. In some cases, the migration is as simple as configuring the new environment and turning it up (e.g. with a net new SaaS service). In other cases, the migration itself can be a substantial undertaking, involving large amounts of data, a complicated replatforming/refactoring, and/or a significant configuration exercise.

    Not all migration journeys are created equal, and challenges include a general lack of understanding of the requirements of a migration, the techniques that might be necessary to migrate to a particular cloud (there are many) and the disruption/risk associated with moving large amounts of data. All of these challenges must be considered as part of the overall cloud strategy, whether in terms of architectural principles or skill acquisition (or both!).

    Step 2.2

    Determine workload future state

    Activities

    2.2.1 Determine workload future state

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • IT management
    • Core working group

    Outcomes of this step

    • Completed workload assessments
    • Defined workload future state

    2.2.1 Determine workload future state

    1-3 hours

    Input

    • Completed workload assessments

    Output

    • Preliminary future state outputs

    Materials

    • Cloud Vision Workbook
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    • Service owners
    • IT management
    1. After you’ve had a chance to validate your results, refer to tab 7 of the tool, where you will find a blank notes section.
    2. With the working group, capture your answers to each of the following questions:
      1. What service model is the most suitable for the workload? Why?
      2. How will we conduct the migration? Which of the six models makes the most sense? Do we have a backup plan if our primary plan doesn’t work out?
      3. What should the support model look like?
      4. What are some workload-specific risks and considerations that must be taken into account for the workload?
    3. Once you’ve got answers to each of these questions for each of the workloads, include your summary in the “notes” section of tab 7.

    Cloud Vision Executive Presentation

    Paste the output into the Cloud Vision Executive Presentation

    • The Cloud Vision Workbook output is a compact, consumable summary of each workload’s planned future state. Paste each assessment in as necessary.
    • There is no absolutely correct way to present the information, but the output is a good place to start. Do note that, while the presentation is designed to lead with the vision statement, because the process is workload-first, the assessments are populated prior to the overall vision in a bottom-up manner.
    • Be sure to anticipate the questions you are likely to receive from any stakeholders. You may consider preparing for questions like: “What other workloads fit this profile?” “What do we expect the impact on the budget to be?” “How long will this take?” Keep these and other questions in mind as you progress through the vision definition process.

    The image shows the Cloud Vision Workbook output, which was described in an annotated version in an earlier section.

    Info-Tech Insight

    Keep your audience in mind. You may want to include some additional context in the presentation if the results are going to be presented to non-technical stakeholders or those who are not familiar with the terms or how to interpret the outputs.

    Identify and Mitigate Risks

    Build the foundations of your cloud vision

    PHASE 3

    Phase 3

    Identify and Mitigate Risks

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Generate risks and roadblocks
    • Mitigate risks and roadblocks
    • Define roadmap initiatives

    This phase involves the following participants:

    • Core working group
    • Workload subject matter experts

    You know what you want to do, but what do you have to do?

    What questions remain unanswered?

    There are workload-level risks and roadblocks, and there are environment-level risks. This phase is focused primarily on environment-level risks and roadblocks, or those that are likely to span multiple workloads (but this is not hard and fast rule – anything that you deem worth discussing is worth discussing). The framework here calls for an open forum where all stakeholders – technical and non-technical, pro-cloud and anti-cloud, management and individual contributor – have an opportunity to articulate their concerns, however specific or general, and receive feedback and possible mitigation.

    Start by soliciting feedback. You can do this over time or in a single session. Encourage anyone with an opinion to share it. Focus on those who are likely to have a perspective that will become relevant at some point during the creation of the cloud strategy and the execution of any migration. Explain the preliminary direction; highlight any major changes that you foresee. Remind participants that you are not looking for solutions (yet), but that you want to make sure you hear any and every concern as early as possible. You will get feedback and it will all be valuable.

    Before cutting your participants loose, remind them that, as with all business decisions, the cloud comes with trade-offs. Not everyone will have every wish fulfilled, and in some cases, significant effort may be needed to get around a roadblock, risks may need to be accepted, and workloads that looked like promising candidates for one service model or another may not be able to realize that potential. This is a normal and expected part of the cloud vision process.

    Once the risks and roadblocks conversation is complete, it is the core working group’s job to propose and validate mitigations. Not every risk can be completely resolved, but the cloud has been around for decades – chances are someone else has faced a similar challenge and made it through relatively unscathed. That work will inevitably result in initiatives for immediate execution. Those initiatives will form the core of the initiative roadmap that accompanies the completed Cloud Vision Executive Presentation.

    Step 3.1

    Generate risks and roadblocks

    Activities

    3.1.1 Generate risks and roadblocks

    3.1.2 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group
    • IT management
    • Infrastructure
    • Applications
    • Security
    • Architecture

    Outcomes of this step

    • List of risks and roadblocks

    Understand risks and roadblocks

    Risk

    • Something that could potentially go wrong.
    • You can respond to risks by mitigating them:
      • Eliminate: take action to prevent the risk from causing issues.
      • Reduce: take action to minimize the likelihood/severity of the risk.
      • Transfer: shift responsibility for the risk away from IT, towards another division of the company.
      • Accept: where the likelihood or severity is low, it may be prudent to accept that the risk could come to fruition.

    Roadblock

    • There are things that aren’t “risks” that we care about when migrating to the cloud.
    • We know, for example, that a complicated integration situation will create work items for any migration – this is not an “unknown.”
    • We respond to roadblocks by generating work items.

    3.1.1 Generate risks and roadblocks

    1.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Gather your core working group – and really anyone with an intelligent opinion on the cloud – into a single meeting space. Give the group 5-10 minutes to list anything they think could present a difficulty in transitioning workloads to the cloud. Write each risk/roadblock on its own sticky note. You will never be 100% exhaustive, but don’t let anything your users care about go unaddressed.
    2. Once everyone has had time to write down their risks and roadblocks, have everyone share one by one. Make sure you get them all. Overlap in risks and roadblocks is okay! Group similar concerns together to give a sort of heat map of what your participants are concerned about. (This is called “affinity diagramming.”)
    3. Assign names to these categories. Many of these categories will align with the strategy components discussed in the previous phase (governance, security, etc.) but some will be specific whether by nature or by degree.
    4. Sort each of the individual risks into its respective category, collapsing any exact duplicates, and leaving room for notes and mitigations (see the next slide for a visual).

    Understand risks and roadblocks

    The image is two columns--on the left, the column is titled Affinity Diagramming. Below the title, there are many colored blocks, randomly arranged. There is an arrow pointing right, to the same coloured blocks, now sorted by colour. In the right column--titled Categorization--each colour has been assigned a category, with subcategories.

    Step 3.2

    Mitigate risks and roadblocks

    Activities

    3.2.1 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of mitigations

    Is the public cloud less secure?

    This is the key risk-related question that most cloud customers will have to answer at some point: does migrating to the cloud for some services increase their exposure and create a security problem?

    As with all good questions, the answer is “it depends.” But what does it depend on? Consider these cloud risks and potential mitigations:

    1. Misconfiguration: An error grants access to unauthorized parties (as happened to Capital One in 2019). This can be mitigated by careful configuration management and third-party tooling.
    2. Unauthorized access by cloud provider/partner employees: Though rare, it is possible that a cloud provider or partner can be a vector for a breach. Careful contract language, choosing to own your own encryption keys, and a hybrid approach (storing data on-premises) are some possible ways to address this problem.
    3. Unauthorized access to systems: Cloud services are designed to be accessed from anywhere and may be accessed by malicious actors. Possible mitigations include risk-based conditional access, careful identity access management, and logging and detection.

    “The cloud is definitely more secure in that you have much more control, you have much more security tooling, much more visibility, and much more automation. So it is more secure. The caveat is that there is more risk. It is easier to accidentally expose data in the cloud than it is on-premises, but, especially for security, the amount of tooling and visibility you get in cloud is much more than anything we’ve had in our careers on-premises, and that’s why I think cloud in general is more secure.” –Abdul Kittana, Founder, ASecureCloud

    Breach bests bank

    No cloud provider can protect against every misconfiguration

    Industry: Finance

    Source: The New York Times, CNET

    Background

    Capital One is a major Amazon Web Services customer and is even featured on Amazon’s site as a case study. That case study emphasizes the bank’s commitment to the cloud and highlights how central security and compliance were. From the CTO: “Before we moved a single workload, we engaged groups from across the company to build a risk framework for the cloud that met the same high bar for security and compliance that we meet in our on-premises environments. AWS worked with us every step of the way.”

    Complication

    The cloud migration was humming along until July 2019, when the bank suffered a serious breach at the hands of a hacker. That hacker was able to steal millions of credit card applications and hundreds of thousands of Social Security numbers, bank account numbers, and Canadian social insurance numbers.

    According to investigators and to AWS, the breach was caused by an open reverse proxy attack against a misconfigured web app firewall, not by an underlying vulnerability in the cloud infrastructure.

    Results

    Capital One reported that the breach was expected to cost it $150 million, and AWS fervently denied any blame. The US Senate got involved, as did national media, and Capital One’s CEO issued a public apology, writing, “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

    It was a bad few months for IT at Capital One.

    3.2.1 Generate mitigations

    3-4.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Recall the four mitigation strategies: eliminate, reduce, transfer, or accept. Keep these in mind as you work through the list of risks and roadblocks with the core working group. For every individual risk or roadblock raised in the initial generation session, suggest a specific mitigation. If the concern is “SaaS providers having access to confidential information,” a mitigation might be encryption, specific contract language, or proof of certifications (or all the above).
    2. Work through this for each of the risks and roadblocks, identifying the steps you need to take that would satisfy your requirements as you understand them.
    3. Once you have gone through the whole list – ideally with input from SMEs in particular areas like security, engineering, and compliance/legal – populate the Cloud Vision Workbook (tab 8) with the risks, roadblocks, and mitigations (sorted by category). Review tab 8 for an example of the output of this exercise.

    Cloud Vision Workbook

    Cloud Vision Workbook – mitigations

    The image shows a large chart titled Risks, roadblocks, and mitigations, which has been annotated with notes.

    Step 3.3

    Define roadmap initiatives

    Activities

    3.3.1 Generate roadmap initiatives

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Defined roadmap initiatives

    3.3.1 Generate roadmap initiatives

    1 hour

    Input

    • List of risk and roadblock mitigations

    Output

    • List of cloud initiatives

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Executing on your cloud vision will likely require you to undertake some key initiatives, many of which have already been identified as part of your mitigation exercise. On tab 8 of the Cloud Vision Workbook, review the mitigations you created in response to the risks and roadblocks identified. Initiatives should generally be assignable to a party and should have a defined scope/duration. For example, “assess all net new applications for cloud suitability” might not be counted as an initiative, but “design a cloud application assessment” would likely be.
    2. Design a timeline appropriate for your specific needs. Generally short-term (less than 3 months), medium-term (3-6 months), and long-term (greater than 6 months) will work, but this is entirely based on preference.
    3. Review and validate the parameters with the working group. Consider creating additional color-coding (highlighting certain tasks that might be dependent on a decision or have ongoing components).

    Cloud Vision Workbook

    Bridge the gap and create the vision

    Build the foundations of your cloud vision

    Phase 4

    Phase 4

    Bridge the Gap and Create the Vision

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Assign initiatives and propose timelines
    • Build a delivery model rubric
    • Build a service model rubric
    • Built a support model rubric
    • Create a cloud vision statement
    • Map cloud workloads
    • Complete the Cloud Vision presentation

    This phase involves the following participants:

    • IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders

    Step 4.1

    Review and assign work items

    Activities

    4.1.1 Assign initiatives and propose timelines

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    • Populated cloud vision roadmap

    4.1.1 Assign initiatives and propose timelines

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Once the list is populated, begin assigning responsibility for execution. This is not a RACI exercise, so focus on the functional responsibility. Once you have determined who is responsible, assign a timeline and include any notes. This will form the basis of a more formal project plan.
    2. To assign the initiative to a party, consider 1) who will be responsible for execution and 2) if that responsibility will be shared. Be as specific as possible, but be sure to be consistent to make it easier for you to sort responsibility later on.
    3. When assigning timelines, we suggest including the end date (when you expect the project to be complete) rather than the start date, though whatever you choose, be sure to be consistent. Make use of the notes column to record anything that you think any other readers will need to be aware of in the future, or details that may not be possible to commit to memory.

    Cloud Vision Workbook

    Step 4.2

    Finalize cloud decision framework

    Activities

    4.2.1 Build a delivery model rubric

    4.2.2 Build a service model rubric

    4.2.3 Build a support model rubric

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Cloud decision framework

    4.2.1 Build a delivery model rubric

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    Participants

    • Core working group
    1. Now that we have a good understanding of the cloud’s key characteristics, the relative suitability of different workloads for the cloud, and a good understanding of some of the risks and roadblocks that may need to be overcome if a cloud transition is to take place, it is time to formalize a delivery model rubric. Start by listing the delivery models on a white board vertically – public, private, hybrid, and multi-cloud. Include a community cloud option as well if that is feasible for you. Strike any models that do not figure into your vision.
    2. Create a table style rubric for each delivery model. Confer with the working group to determine what characteristics best define workloads suitable for each model. If you have a hybrid cloud option, you may consider workloads that are highly dynamic; a private cloud hosted on-premises may be more suitable for workloads that have extensive regulatory requirements.
    3. Once the table is complete, include it in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Delivery model Decision criteria
    Public cloud
    • Public cloud is the primary destination for all workloads as the goal is to eliminate facilities and infrastructure management
    • Offers features, broad accessibility, and managed updates along with provider-managed facilities and hardware
    Legacy datacenter
    • Any workload that is not a good fit for the public cloud
    • Dependency (like a USB key for license validation)
    • Performance requirements (e.g. workloads highly sensitive to transaction thresholds)
    • Local infrastructure components (firewall, switches, NVR)

    Summary statement: Everything must go! Public cloud is a top priority. Anything that is not compatible (for whatever reason) with a public cloud deployment will be retained in a premises-based server closet (downgraded from a full datacenter). The private cloud does not align with the overall organizational vision, nor does a hybrid solution.

    4.2.2 Build a service model rubric

    1 hour

    Input

    • Output of workload assessments
    • Output of risk and mitigation exercise

    Output

    • Service model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. This next activity is like the delivery model activity, but covers the relevant cloud service models. On a whiteboard, make a vertical list of the cloud service models (SaaS, PaaS, IaaS, etc.) that will be considered for workloads. If you have an order of preference, place your most preferred at the top, your least preferred at the bottom.
    2. Describe the circumstances under which you would select each service model. Do your best to focus on differentiators. If a decision criterion appears for multiple service models, consider refining or excluding it. (For additional information, check out Info-Tech’s Reimagine IT Operations for a Cloud-First World blueprint.)
    3. Create a summary statement to capture your overall service model position. See the next slide for an example. Note: this can be incorporated into your cloud vision statement, so be sure that it reflects your genuine cloud preferences.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Service model Decision criteria
    SaaS

    SaaS first; opt for SaaS when:

    • A SaaS option exists that meets all key business requirements
    • There is a strong desire to have someone else (the vendor) manage infrastructure components/the platform
    • Not particularly sensitive to performance thresholds
    • The goal is to transition management of the workload outside of IT
    • SaaS is the only feasible way to consume the desired service
    PaaS
    • Highly customized service/workload – SaaS not feasible
    • Still preferable to offload as much management as possible to third parties
    • Customization required, but not at the platform level
    • The workload is built using a standard framework
    • We have the time/resources to replatform
    IaaS
    • Service needs to be lifted and shifted out of the datacenter quickly
    • Customization is required at the platform level/there is value in managing components
    • There is no need to manage facilities
    • Performance is not impacted by hosting the workload offsite
    • There is value in right-sizing the workload over time
    On-premises Anything that does not fit in the cloud for performance or other reasons (e.g. licensing key)

    Summary statement: SaaS will be the primary service model. All workloads will migrate to the public cloud where possible. Anything that cannot be migrated to SaaS will be migrated to PaaS. IaaS is a transitory step.

    4.2.3 Build a support model rubric

    1 hour

    Input

    • Results of the cloud workload assessments

    Output

    • Support model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. The final rubric covered here is that for the support model. Where will you procure the skills necessary to ensure the vision’s proper execution? Much like the other rubric activities, write the three support models vertically (in order of preference, if you have one) on a whiteboard.
    2. Next to each model, describe the circumstances under which you would select each support model. Focus on the dimensions: the duration of the engagement, specialization required, and flexibility required. If you have existing rules/practices around hiring consultants/MSPs, consider those as well.
    3. Once you have a good list of decision criteria, form a summary statement. This should encapsulate your position on support models and should mention any notable criteria that will contribute to most decisions.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Support model Decision criteria
    Internal IT

    The primary support model will be internal IT going forward

    • Chosen where the primary work required is administrative
    • Where existing staff can manage the service in the cloud easily and effectively
    • Where the chosen solution fits the SaaS service model
    Consultant
    • Where the work required is time-bound (e.g. a migration/refactoring exercise)
    • Where the skills do not exist in house, and where the skills cannot easily be procured (specific technical expertise required in areas of the cloud unfamiliar to staff)
    • Where opportunities for staff to learn from consultant SMEs are valuable
    • Where ongoing management and maintenance can be handled in house
    MSP
    • Where an ongoing relationship is valued
    • Where ongoing administration and maintenance are disproportionately burdensome on IT staff (or where this administration and maintenance is likely to be burdensome)
    • Where the managed services model has already been proven out
    • Where specific expertise in an area of technology is required but this does not rise to the need to hire an FTE (e.g. telephony)

    Summary statement: Most workloads will be managed in house. A consultant will be employed to facilitate the transition to micro-services in a cloud container environment, but this will be transitioned to in-house staff. An MSP will continue to manage backups and telephony.

    Step 4.3

    Create cloud vision

    Activities

    4.3.1 Create a cloud vision statement

    4.3.2 Map cloud workloads

    4.3.3 Complete the Cloud Vision Presentation

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    Completed Cloud Vision Executive Presentation

    4.3.1 Create a cloud vision statement

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Now that you know what service models are appropriate, it’s time to summarize your cloud vision in a succinct, consumable way. A good vision statement should have three components:
      • Scope: Which parts of the organization will the strategy impact?
      • Goal: What is the strategy intended to accomplish?
      • Key differentiator: What makes the new strategy special?
    2. On a whiteboard, make a chart with three columns (one column for each of the features of a good mission statement). Have the group generate a list of words to describe each of the categories. Ideally, the group will produce multiple answers for each category.
    3. Once you’ve gathered a few different responses for each category, have the team put their heads down and generate pithy mission statements that capture the sentiments underlying each category.
    4. Have participants read their vision statements in front of the group. Use the rest of the session to produce a final statement. Record the results in the Cloud Strategy Executive Presentation.

    Example vision statement outputs

    “IT at ACME Corp. hereby commits to providing clients and end users with an unparalleled, productivity-enabling technology experience, leveraging, insofar as it is possible and practical, cloud-based services.”

    “At ACME Corp. our employees and customers are our first priority. Using new, agile cloud services, IT is devoted to eliminating inefficiency, providing cutting-edge solutions for a fast-paced world, and making a positive difference in the lives of our colleagues and the people we serve.”

    As a global leader in technology, ACME Corp. is committed to taking full advantage of new cloud services, looking first to agile cloud options to optimize internal processes wherever efficiency gaps exist. Improved efficiency will allow associates to spend more time on ACME’s core mission: providing an unrivalled customer experience.”

    Scope

    Goal

    Key differentiator

    4.3.2 Map cloud workloads

    1 hour

    Input

    • List of workloads
    • List of acceptable service models
    • List of acceptable migration paths

    Output

    • Workloads mapped by service model/migration path

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    1. Now that you have defined your overall cloud vision as well as your service model options, consider aligning your service model preferences with your migration path preferences. Draw a table with your expected migration strategies across the top (retain, retire, rehost, replatform, refactor, repurchase, or some of these) and your expected service models across the side.
    2. On individual sticky notes, write a list of workloads in your environment. In a smaller environment, this list can be exhaustive. Otherwise take advantage of the list you created as part of phase 1 along with any additional workloads that warrant discussion.
    3. As a group, go through the list, placing the sticky notes first in the appropriate row based on their characteristics and the decision criteria that have already been defined, and then in the appropriate column based on the appropriate migration path. (See the next slide for an example of what this looks like.)
    4. Record the results in the Cloud Vision Executive Presentation. Note: not every cell will be filled; some migration path/service model combinations are impossible or otherwise undesirable.

    Cloud Vision Executive Presentation

    Example cloud workload map

    Repurchase Replatform Rehost Retain
    SaaS

    Office suite

    AD

    PaaS SQL Database
    IaaS File Storage DR environment
    Other

    CCTV

    Door access

    4.3.3 Complete the Cloud Vision Presentation

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Open the Cloud Vision Executive Presentation to the second slide and review the templated executive brief. This comprises several sections (see the next slide). Populate each one:
      • Summary of the exercise
      • The cloud vision statement
      • Key cloud drivers
      • Risks and roadblocks
      • Top initiatives and next steps
    2. Review the remainder of the presentation. Be sure to elaborate on any significant initiatives and changes (where applicable) and to delete any slides that you no longer require.

    Cloud Vision Workbook

    Sample cloud vision executive summary

    • From [date to date], a cross-functional group representing IT and its constituents met to discuss the cloud.
    • Over the course of the week, the group identified drivers for cloud computing and developed a shared vision, evaluated several workloads through an assessment framework, identified risks, roadblocks, and mitigations, and finally generated initiatives and next steps.
    • From the process, the group produced a summary and a cloud suitability assessment framework that can be applied at the level of the workload.

    Cloud Vision Statement

    [Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support, and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.

    Cloud Drivers Retire the datacenter Do more valuable work
    Right-size the environment Reduce CapEx
    Facilitate ease of mgmt. Work from anywhere
    Reduce capital expenditure Take advantage of elasticity
    Performance and availability Governance Risks and roadblocks
    Security Rationalization
    Cost Skills
    Migration Remaining premises resources
    BC, backup, and DR Control

    Initiatives and next steps

    • Close the datacenter and colocation site in favor of a SaaS-first cloud approach.
    • Some workloads will migrate to infrastructure-as-a-service in the short term with the assistance of third-party consultants.

    Document your cloud strategy

    You did it!

    Congratulations! If you’ve made it this far, you’ve successfully articulated a cloud vision, assessed workloads, developed an understanding (shared with your team and stakeholders) of cloud concepts, and mitigated risks and roadblocks that you may encounter along your cloud journey. From this exercise, you should understand your mission and vision, how your cloud plans will interact with any other relevant strategic plans, and what successful execution looks like, as well as developing a good understanding of overall guiding principles. These are several components of your overall strategy, but they do not comprise the strategy in its entirety.

    How do you fix this?

    First, validate the results of the vision exercise with your stakeholders. Socialize it and collect feedback. Make changes where you think changes should be made. This will become a key foundational piece. The next step is to formally document your cloud strategy. This is a separate project and is covered in the Info-Tech blueprint Document Your Cloud Strategy.

    The vision exercise tells you where you want to go and offers some clues as to how to get there. The formal strategy exercise is a formal documentation of the target state, but also captures in detail the steps you’ll need to take, the processes you’ll need to refine, and the people you’ll need to hire.

    A cloud strategy should comprise your organizational stance on how the cloud will change your approach to people and human resources, technology, and governance. Once you are confident that you can make and enforce decisions in these areas, you should consider moving on to Document Your Cloud Strategy. This blueprint, Define Your Cloud Vision, often serves as a prerequisite for the strategy documentation conversation(s).

    Appendix

    Summary of Accomplishment

    Additional Support

    Research Contributors

    Related Info-Tech Research

    Vendor Resources

    Bibliography

    Summary of Accomplishment

    Problem Solved

    You have now documented what you want from the cloud, what you mean when you say “cloud,” and some preliminary steps you can take to make your vision a reality.

    You now have at your disposal a framework for identifying and evaluating candidates for their cloud suitability, as well as a series of techniques for generating risks and mitigations associated with your cloud journey. The next step is to formalize your cloud strategy using the takeaways from this exercise. You’re well on your way to a completed cloud strategy!

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Generate drivers for cloud adoption

    Work with stakeholders to understand the expected benefits of the cloud migration and how these drivers will impact the overall vision.

    Conduct workload assessments

    Assess your individual cloud workloads for their suitability as candidates for the cloud migration.

    Bibliography

    “2021 State of the Cloud Report.” Flexera, 2021. Web.

    “2021 State of Upskilling Report.” Pluralsight, 2021. Web.

    “AWS Snowmobile.” Amazon Web Services, n.d. Web.

    “Azure products.” Microsoft, n.d. Web.

    “Azure Migrate Documentation.” Microsoft, n.d. Web.

    Bell, Harold. “Multi-Cloud vs. Hybrid Cloud: What’s the Difference?” Nutanix, 2019. Web.

    “Cloud Products.” Amazon Web Services, n.d. Web.

    “COBIT 2019 Framework: Introduction and Methodology.” ISACA, 2019. Web.

    Edmead, Mark T. “Using COBIT 2019 to Plan and Execute an Organization’s Transformation Strategy.” ISACA, 2020. Web.

    Flitter, Emily, and Karen Weise. “Capital One Data Breach Compromises Data of Over 100 Million.” The New York Times, 29 July 2019. Web.

    Gillis, Alexander S. “Cloud Security Posture Management (CSPM).” TechTarget, 2021. Web.

    “’How to Cloud’ with Capital One.” Amazon Web Services, n.d. Web.

    “IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud Future.” Red Hat, 9 July 2019. Web.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology, Sept. 2011. Web.

    Ng, Alfred. “Amazon Tells Senators it Isn't to Blame for Capital One Breach.” CNET, 2019. Web.

    Orban, Stephen. “6 Strategies for Migrating Applications to the Cloud.” Amazon Web Services, 2016. Web.

    Sullivan, Dan. “Cloud Access Security Broker (CASB).” TechTarget, 2021. Web.

    “What Is Secure Access Service Edge (SASE)?” Cisco, n.d. Web.

    Service Desk

    • Buy Link or Shortcode: {j2store}11|cart{/j2store}
    • Related Products: {j2store}11|crosssells{/j2store}
    • Up-Sell: {j2store}11|upsells{/j2store}
    • member rating overall impact (scale of 10): 9.4/10
    • member rating average dollars saved: $22,900
    • member rating average days saved: 20
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    The service desk is typically the first point of contact for clients and staff who need something. Make sure your team is engaged, involved, knowledgeable, and gives excellent customer service.

    Design and Build an Effective Contract Lifecycle Management Process

    • Buy Link or Shortcode: {j2store}214|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $5,039 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Your vendor contracts are unorganized and held in various cabinets and network shares. There is no consolidated list or view of all the agreements, and some are misplaced or lost as coworkers leave.
    • The contract process takes a long time to complete. Coworkers are unsure who should be reviewing and approving them.
    • You are concerned that you are not getting favorable terms with your vendors and not complying with your agreement commitments.
    • You are unsure what risks your organization could be exposed to in your IT vendor contacts. These could be financial, legal, or security risks and/or compliance requirements.

    Our Advice

    Critical Insight

    • Focus on what’s best for you. There are two phases to CLM. All stages within those phases are important, but choose to improve the phase that can be most beneficial to your organization in the short term. However, be sure to include reviewing risk and monitoring compliance.
    • Educate yourself. Understand the stages of CLM and how each step can rely on the previous one, like a stepping-stone model to success.
    • Consider the overall picture. Contract lifecycle management is the sum of many processes designed to manage contracts end to end while reducing corporate risk, improving financial savings, and managing agreement obligations. It can take time to get CLM organized and working efficiently, but then it will show its ROI and continuously improve.

    Impact and Result

    • Understand how to identify and mitigate risk to save the organization time and money.
    • Gain the knowledge required to implement a CLM that will be beneficial to all business units.
    • Achieve measurable savings in contract time processing, financial risk avoidance, and dollar savings.
    • Effectively review, store, manage, comply with, and renew agreements with a collaborative process

    Design and Build an Effective Contract Lifecycle Management Process Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how a contract management system will save money and time and mitigate contract risk, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Master the operational framework of contract lifecycle management.

    Understand how the basic operational framework of CLM will ensure cost savings, improved collaboration, and constant CLM improvement.

    • Design and Build an Effective Contract Lifecycle Management Process – Phase 1: Master the Operational Framework of CLM
    • Existing CLM Process Worksheet
    • Contract Manager

    2. Understand the ten stages of contract lifecycle management.

    Understand the two phases of CLM and the ten stages that make up the entire process.

    • Design and Build an Effective Contract Lifecycle Management Process – Phase 2: Understand the Ten Stages of CLM
    • CLM Maturity Assessment Tool
    • CLM RASCI Diagram
    [infographic]

    Workshop: Design and Build an Effective Contract Lifecycle Management Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review Your CLM Process and Learn the Basics

    The Purpose

    Identify current CLM processes.

    Learn the CLM operational framework.

    Key Benefits Achieved

    Documented overview of current processes and stakeholders.

    Activities

    1.1 Review and capture your current process.

    1.2 Identify current stakeholders.

    1.3 Learn the operational framework of CLM.

    1.4 Identify current process gaps.

    Outputs

    Existing CLM Process Worksheet

    2 Learn More and Plan

    The Purpose

    Dive into the two phases of CLM and the ten stages of a robust system.

    Key Benefits Achieved

    A deep understanding of the required components/stages of a CLM system.

    Activities

    2.1 Understand the two phases of CLM.

    2.2 Learn the ten stages of CLM.

    2.3 Assess your CLM maturity state.

    2.4 Identify and assign stakeholders.

    Outputs

    CLM Maturity Assessment

    CLM RASCI Diagram

    Further reading

    Design and Build an Effective Contract Lifecycle Management Process

    Mitigate risk and drive value through robust best practices for contract lifecycle management.

    Our understanding of the problem

    This Research Is Designed For:

    • The CIO who depends on numerous key vendors for services
    • The CIO or Project Manager who wants to maximize the value delivered by vendors
    • The Director or Manager of an existing IT procurement or vendor management team
    • The Contracts Manager or Legal Counsel whose IT department holds responsibility for contracts, negotiation, and administration

    This Research Will Help You:

    • Implement and streamline the contract management process, policies, and procedures
    • Baseline and benchmark existing contract processes
    • Understand the importance and value of contract lifecycle management (CLM)
    • Minimize risk, save time, and maximize savings with vendor contracts

    This Research Will Also Assist

    • IT Service Managers
    • IT Procurement
    • Contract teams
    • Finance and Legal departments
    • Senior IT leadership

    This Research Will Help Them

    • Understand the required components of a CLM
    • Establish the current CLM maturity level
    • Implement a new CLM process
    • Improve on an existing or disparate process

    ANALYST PERSPECTIVE

    "Contract lifecycle management (CLM) is a vital process for small and enterprise organizations alike. Research shows that all organizations can benefit from a contract management process, whether they have as few as 25 contracts or especially if they have contracts numbering in the hundreds.

    A CLM system will:

    • Save valuable time in the entire cycle of contract/agreement processes.
    • Save the organization money, both hard and soft dollars.
    • Mitigate risk to the organization.
    • Avoid loss of revenue.

    If you’re not managing your contracts, you aren’t capitalizing on your investment with your vendors and are potentially exposing your organization to contract and monetary risk."

    - Ted Walker
    Principal Research Advisor, Vendor Management Practice
    Info-Tech Research Group

    Executive Summary

    Situation

    • Most organizations have vendor overload and even worse, no defined process to manage the associated contracts and agreements. To manage contracts, some vendor management offices (VMOs) use a shared network drive to store the contracts and a spreadsheet to catalog and manage them. Yet other less-mature VMOs may just rely on a file cabinet in Procurement and a reminder in someone’s calendar about renewals. These disparate processes likely cost your organization time spent finding, managing, and renewing contracts, not to mention potential increases in vendor costs and risk and the inability to track contract obligations.

    Complication

    • Contract lifecycle management (CLM) is not an IT buzzword, and it’s rarely on the top-ten list of CIO concerns in most annual surveys. Until a VMO gets to a level of maturity that can fully develop a CLM and afford the time and costs of doing so, there can be several challenges to developing even the basic processes required to store, manage, and renew IT vendor contracts. As is always an issue in IT, budget is one of the biggest obstacles in implementing a standard CLM process. Until senior leadership realizes that a CLM process can save time, money, and risk, getting mindshare and funding commitment will remain a challenge.

    Resolution

    • Understand the immediate benefits of a CLM process – even a basic CLM implementation can provide significant cost savings to the organization; reduce time spent on creating, negotiating, and renewing contracts; and help identify and mitigate risks within your vendor contracts.
    • Budgets don’t always need to be a barrier to a standard CLM process. However, a robust CLM system can provide significant savings to the organization.

    Info-Tech Insight

    • If you aren’t managing your contracts, you aren’t capitalizing on your investments.
    • Even a basic CLM process with efficient procedures will provide savings and benefits.
    • Not having a CLM process may be costing your organization money, time, and exposure to unmitigated risk.

    What you can gain from this blueprint

    Why Create a CLM

    • Improved contract organization
    • Centralized and manageable storage/archives
    • Improved vendor compliance
    • Risk mitigation
    • Reduced potential loss of revenue

    Knowledge Gained

    • Understanding of the value and importance of a CLM
    • How CLM can impact many departments within the organization
    • Who should be involved in the CLM steps and processes
    • Why a CLM is important to your organization
    • How to save time and money by maximizing IT vendor contracts
    • How basic CLM policies and procedures can be implemented without costly software expenditure

    The Outcome

    • A foundation for a CLM with best-practice processes
    • Reduced exposure to potential risks within vendor contracts
    • Maximized savings with primary vendors
    • Vendor compliance and corporate governance
    • Collaboration, transparency, and integration with business units

    Contract management: A case study

    CASE STUDY
    Industry Finance and Banking
    Source Apttus

    FIS Global

    The Challenge

    FIS’ business groups were isolated across the organization and used different agreements, making contract creation a long, difficult, and manual process.

    • Customers frustrated by slow and complicated contracting process
    • Manual contract creation and approval processes
    • Sensitive contract data that lacked secure storage
    • Multiple agreements managed across divisions
    • Lack of central repository for past contracts
    • Inconsistent and inaccessible

    The Solution: Automating and Streamlining the Contract Management Process

    A robust CLM system solved FIS’ various contract management needs while also providing a solution that could expand into full quote-to cash in the future.

    • Contract lifecycle management (CLM)
    • Intelligent workflow approvals (IWA)
    • X-Author for Excel

    Customer Results

    • 75% cycle time reduction
    • $1M saved in admin costs per year
    • 49% increase in sales proposal volume
    • Automation on one standard platform and solution
    • 55% stronger compliance management
    • Easy maintenance for various templates
    • Ability to quickly absorb new contracts and processes via FIS’s ongoing acquisitions

    Track the impact of CLM with these metrics

    Dollars Saved

    Upfront dollars saved

    • Potential dollars saved from avoiding unfavorable terms and conditions
    • Incentives that encourage the vendor to act in the customer’s best interest
    • Secured commitments to provide specified products and services at firm prices
    • Cost savings related to audits, penalties, and back support
    • Savings from discounts found

    Time Saved

    Time saved, which can be done in several areas

    • Defined and automated approval flow process
    • Preapproved contract templates with corporate terms
    • Reduced negotiation times
    • Locate contracts in minutes

    Pitfalls Avoided

    Number of pitfalls found and avoided, such as

    • Auto-renewal
    • Inconsistencies between sections and documents
    • Security and data not being deleted upon termination
    • Improper licensing

    The numbers are compelling

    71%

    of companies can’t locate up to 10% of their contracts.

    Source: TechnologyAdvice, 2019

    9.2%

    of companies’ annual revenue is lost because of poor contract management practices.

    Source: IACCM, 2019

    60%

    still track contracts in shared drives or email folders.

    Source: “State of Contract Management,” SpringCM, 2018

    CLM blueprint objectives

    • To provide a best-practice process for managing IT vendor contract lifecycles through a framework that organizes from the core, analyzes each step in the cycle, has collaboration and governance attached to each step, and integrates with established vendor management practices within your organization.
    • CLM doesn’t have to be an expensive managed database system in the cloud with fancy dashboards. As long as you have a defined process that has the framework steps and is followed by the organization, this will provide basic CLM and save the organization time and money over a short period of time.
    • This blueprint will not delve into the many vendors or providers of CLM solutions and their methodologies. However, we will discuss briefly how to use our framework and contract stages in evaluating a potential solution that you may be considering.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Design and Build an Effective CLM Process – project overview

    1. Master the Operational Framework

    2. Understand the Ten Stages of CLM

    Best-Practice Toolkit

    1.1 Understand the operational framework components.

    1.2 Review your current framework.

    1.3 Create a plan to implement or enhance existing processes.

    2.1 Understand the ten stages of CLM.

    2.2 Review and document your current processes.

    2.3 Review RASCI chart and assign internal ownership.

    2.4 Create an improvement plan.

    2.5 Track changes for measurable ROI.

    Guided Implementations
    • Review existing processes.
    • Understand what CLM is and why the framework is essential.
    • Create an implementation or improvement plan.
    • Review the ten stages of CLM.
    • Complete CLM Maturity Assessment.
    • Create a plan to target improvement.
    • Track progress to measure savings.
    Onsite Workshop

    Module 1: Review and Learn the Basics

    • Review and capture your current processes.
    • Learn the basic operational framework of contract management.

    Module 2 Results:

    • Understand the ten stages of effective CLM.
    • Create an improvement or implementation plan.
    Phase 1 Outcome:
    • A full understanding of what makes a comprehensive contract management system.
    Phase 2 Outcome:
    • A full understanding of your current CLM processes and where to focus your efforts for improvement or implementation.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2
    Activities

    Task – Review and Learn the Basics

    Task – Learn More and Plan

    1.1 Review and capture your current process.

    1.2 Identify current stakeholders.

    1.3 Learn the operational framework of contract lifecycle management.

    1.4 Identify current process gaps.

    2.1 Understand the two phases of CLM.

    2.2 Learn the ten stages of CLM.

    2.3 Assess your CLM maturity.

    2.4 Identify and assign stakeholders.

    2.5 Discuss ROI.

    2.6 Summarize and next steps.

    Deliverables
    1. Internal interviews with business units
    2. Existing CLM Process Worksheet
    1. CLM Maturity Assessment
    2. RASCI Diagram
    3. Improvement Action Plan

    PHASE 1

    Master the Operational Framework of Contract Lifecycle Management

    Design and Build an Effective CLM Process

    Phase 1: Master the Operational Framework of Contract Lifecycle Management

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of
    2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Master the Operational Framework of Contract Lifecycle Management
    Proposed Time to Completion: 1-4 weeks

    Step 1.1: Document your Current CLM Process

    Step 1.2: Read and Understand the Operational Framework

    Step 1.3: Review Solution Options

    Start with an analyst kick-off call:

    • Understand what your current process(es) is for each stage
    • Do a probative review of any current processes
    • Interview stakeholders for input

    Review findings with analyst:

    • Discuss the importance of the framework as the core of your plan
    • Review the gaps in your existing process
    • Understand how to prioritize next steps towards a CLM

    Finalize phase deliverable:

    • Establish ownership of the framework
    • Prioritize improvement areas or map out how your new CLM will look

    Then complete these activities…

    • Document the details of your process for each stage of CLM

    With these tools & templates:

    • Existing CLM Process Worksheet

    Phase 1 Results:

    • A full understanding of what makes a comprehensive contract management system.

    What Is Contract Lifecycle Management?

    • Every contract has a lifecycle, from creation to time and usage to expiration. Organizations using a legacy or manual contract management process usually ask, “What is contract lifecycle management and how will it benefit my business?”
    • Contract lifecycle management (CLM) creates a process that manages each contract or agreement. CLM eases the challenges of managing hundreds or even thousands of important business and IT contracts that affect the day-to-day business and could expose the organization to vendor risk.
    • Managing a few contracts is quite easy, but as the number of contracts grows, managing each step for each contract becomes increasingly difficult. Ultimately, it will get to a point where managing contracts properly becomes very difficult or seemingly impossible.

    That’s where contract lifecycle management (CLM) comes in.

    CLM can save money and improve revenue by:

    • Improving accuracy and decreasing errors through standardized contract templates and approved terms and conditions that will reduce repetitive tasks.
    • Securing contracts and processes through centralized software storage, minimizing risk of lost or misplaced contracts due to changes in physical assets like hard drives, network shares, and file cabinets.
    • Using policies and procedures that standardize, organize, track, and optimize IT contracts, eliminating time spent on creation, approvals, errors, and vendor compliance.
    • Reducing the organization’s exposure to risks and liability.
    • Having contracts renewed on time without penalties and with the most favorable terms for the business.

    The Operational Framework of Contract Lifecycle Management

    Four Components of the Operational Framework

    1. Organization
    2. Analysis
    3. Collaboration and Governance
    4. Integration/Vendor Management
    • By organizing at the core of the process and then analyzing each stage, you will maximize each step of the CLM process and ensure long-term contract management for the organization.
    • Collaboration and governance as overarching policies for the system will provide accountability to stakeholders and business units.
    • Integration and vendor management are encompassing features in a well-developed CLM that add visibility, additional value, and savings to the entire organization.

    Info-Tech Best Practice

    Putting a contract manager in place to manage the CLM project will accelerate the improvements and provide faster returns to the organizations. Reference Info-Tech’s Contract Manager Job Description template as needed.

    The operational framework is key to the success, return on investment (ROI), cost savings, and customer satisfaction of a CLM process.

    This image depicts Info-Tech's Operational Framework.  It consists of a series of five concentric circles, with each circle a different colour.  On the outer circle, is the word Integration.  The next outermost circle has the words Collaboration and Governance.  The next circle has no words, the next circle has the word Analysis, and the very centre circle has the word Organization.

    1. Organization

    • Every enterprise needs to organize its contract documents and data in a central repository so that everyone knows where to find the golden source of contractual truth.
    • This includes:
      • A repository for storing and organizing contract documents.
      • A data dictionary for describing the terms and conditions in a consistent, normalized way.
      • A database for persistent data storage.
      • An object model that tracks changes to the contract and its prevailing terms over time.

    Info-Tech Insight

    Paper is still alive and doing very well at slowing down the many stages of the contract process.

    2. Analysis

    Most organizations analyze their contracts in two ways:

    • First, they use reporting, search, and analytics to reveal risky and toxic terms so that appropriate operational strategies can be implemented to eliminate, mitigate, or transfer the risk.
    • Second, they use process analytics to reveal bottlenecks and points of friction as contracts are created, approved, and negotiated.

    3. Collaboration

    • Throughout the contract lifecycle, teams must collaborate on tasks both pre-execution and post-execution.
    • This includes document collaboration among several different departments across an enterprise.
    • The challenge is to make the collaboration smooth and transparent to avoid costly mistakes.
    • For some contracting tasks, especially in regulated industries, a high degree of control is required.
    • In these scenarios, the organization must implement controlled systems that restrict access to certain types of data and processes backed up with robust audit trails.

    4. Integration

    • For complete visibility into operational responsibilities, relationships, and risk, an organization must integrate its golden contract data with other systems of record.
    • An enterprise contracts platform must therefore provide a rich set of APIs and connectors so that information can be pushed into or pulled from systems for enterprise resource planning (ERP), customer relationship management (CRM), supplier relationship management (SRM), document management, etc.

    This is the ultimate goal of a robust contract management system!

    Member Activity: Document Current CLM Processes

    1.1 Completion Time: 1-5 days

    Goal: Document your existing CLM processes (if any) and who owns them, who manages them, etc.

    Instructions

    Interview internal business unit decision makers, stakeholders, Finance, Legal, CIO, VMO, Sales, and/or Procurement to understand what’s currently in place.

    1. Use the Existing CLM Process Worksheet to capture and document current CLM processes.
    2. Establish what processes, procedures, policies, and workflows, if any, are in place for pre-execution (Phase 1) contract stages.
    3. Do the same for post-execution (Phase 2) stages.
    4. Use this worksheet as reference for assessments and as a benchmark for improvement review six to 12 months later.
    This image contains a screenshot of Info-Tech's Existing CLM Process Discovery Worksheet

    INPUT

    • Internal information from all CLM stakeholders

    OUTPUT

    • A summary of processes and owners currently in place

    Materials

    • Existing CLM processes from interviews

    Participants

    • Finance, Legal, CIO, VMO, Sales, Procurement

    PHASE 2

    Understand the Ten Stages of Contract Lifecycle Management

    Design and Build an Effective CLM Process

    Phase 1: Master the Operational Framework of Contract Lifecycle Management

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of
    2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Understand the Ten Stages of Contract Lifecycle Management

    Proposed Time to Completion: 1-10 weeks

    Step 2.1: Assess CLM Maturity

    Step 2.2: Complete a RASCI Diagram

    Start with an analyst kick-off call:

    • Review the importance of assessing the maturity of your current CLM processes
    • Discuss interview process for internal stakeholders
    • Use data from the Existing CLM Process Worksheet

    Review findings with analyst:

    • Review your maturity results
    • Identify stages that require immediate improvement
    • Prioritize improvement or implementation of process

    Then complete these activities…

    • Work through the maturity assessment process
    • Answer the questions in the assessment tool
    • Review the summary tab to learn where to focus improvement efforts

    Then complete these activities…

    • Using maturity assessment and existing process data, establish ownership for each process stage
    • Fill in the RASCI Chart based on internal review or existing processes

    With these tools & templates:

    • CLM Maturity Assessment Tool

    With these tools & templates:

    • CLM RASCI Diagram

    Phase 2 Results & Insights:

    • A full understanding of your current CLM process and where improvement is required
    • A mapping of stakeholders for each stage of the CLM process

    The Ten Stages of Contract Lifecycle Management

    There are ten key stages of contract lifecycle management.

    The steps are divided into two phases, pre-execution and post-execution.

      Pre-Execution (Phase 1)

    1. Request
    2. Create
    3. Review Risk
    4. Approve
    5. Negotiate
    6. Sign
    7. Post-Execution (Phase 2)

    8. Capture
    9. Manage
    10. Monitor Compliance
    11. Optimize

    Ten Process Stages Within the CLM Framework

    This image contains the CLM framework from earlier in the presentation, with the addition of the following ten steps: 1. Request; 2. Create Contract; 3. Review Risk; 4. Approve; 5. Negotiate; 6. Sign; 7. Capture; 8. Manage; 9. Monitor Compliance; 10. Optimize.

    Stage 1: Request or Initiate

    Contract lifecycle management begins with the contract requesting process, where one party requests for or initiates the contracting process and subsequently uses that information for drafting or authoring the contract document. This is usually the first step in CLM.

    Requests for contracts can come from various sources:

    • Business units within the organization
    • Vendors presenting their contract, including renewal agreements
    • System- or process-generated requests for renewal or extension

    At this stage, you need to validate if a non-disclosure agreement (NDA) is currently in place with the other party or is required before moving forward. At times, adequate NDA components could be included within the contract or agreement to satisfy corporate confidentiality requirements.

    Stage 1: Request or Initiate

    Stage Input

    • Information about what the contract needs to contain, such as critical dates, term length, coverage, milestones, etc.
    • Some organizations require that justification and budget approval be provided at this stage.
    • Request could come from a vendor as a pre-created contract.
    • Best practices recommend that a contract request form or template is used to standardize all required information.

    Stage Output

    • Completed request form, stored or posted with all details required to move forward to risk review and contract creation.
    • Possible audit trails.

    Stage 2: Create Contract

    • At the creation or drafting stage, the document is created, generated, or provided by the vendor. The document will contain all clauses, scope, terms and conditions, and pricing as required.
    • In some cases, a vendor-presented contract that is already prepared will go through an internal review or redlining process by the business unit and/or Legal.
    • Both internal and external review and redlining are included in this stage.
    • Also at this stage, the approvers and signing authorities are identified and added to the contract. In addition, some audit trail features may be added.

    Info-Tech Best Practice

    For a comprehensive list of terms and conditions, see our Software Terms & Conditions Evaluation Tool within Master Contract Review and Negotiation for Software Agreements.

    Stage 2: Create Contract

    Stage Input

    • Contract request form, risk review/assessment.
    • Vendor- or contractor-provided contract/agreement, either soft copy, electronic form, or more frequently, “clickwrap” web-posted document.
    • Could also include a renewal notification from a vendor or from the CLM system or admin.

    Stage Output

    • Completed draft contract or agreement, typically in a Microsoft Word or Adobe PDF format with audit trail or comment tracking.
    • Redlined document for additional revision and or acceptance.
    • Amendment or addendum to existing contract.

    Stage 3: Review Risk 1 of 2

    The importance of risk review can not be understated. The contract or agreement must be reviewed by several stakeholders who can identify risks to the organization within the contract.

    Three important definitions:

    1. Risk is the potential for a negative outcome. A risk is crossing the street while wearing headphones and selecting the next track to play on your smartphone. A negative outcome is getting hit by an oncoming person who, unremarkably, was doing something similar at the same time.
    2. Risk mitigation is about taking the steps necessary to minimize both the likelihood of a risk occurring – look around both before and while crossing the street – and its impact if it does occur – fall if you must, but save the smartphone!
    3. Contract risk is about any number of situations that can cause a contract to fail, from trivially – the supplier delivers needed goods late – to catastrophically – the supplier goes out of business without having delivered your long-delayed orders.

    Stage 3: Review Risk 2 of 2

    • Contracts must be reviewed for business terms and conditions, potential risk situations from a financial or legal perspective, business commitments or obligations, and any operational concerns.
    • Mitigating contract risk requires a good understanding of what contracts are in place, how important they are to the success of the organization, and what data they contain.

    Collectively, this is known as contract visibility.

    • Risk avoidance and mitigation are also a key component in the ROI of a CLM system and should be tracked for analysis.
    • Risk-identifying forms or templates can be used to maintain consistency with corporate standards.

    Stage 3: Review Risk

    Stage Input

    • All details of the proposed contract so that a proper risk analysis can be done as well as appropriate review with stakeholders, including:
      • Finance
      • Legal
      • Procurement
      • Security
      • Line-of-business owner
      • IT stakeholders

    Stage Output

    • A list of identified concerns that could expose the business unit or organization.
    • Recommendations to minimize or eliminate identified risks.

    Stage 4: Approve

    The approval stage can be a short process if policies and procedures are already in place. Most organizations will have defined delegation of authority or approval authority depending on risk, value of the contract, and other corporate considerations.

    • Defined approval levels should be known within the organization and can be applied to the approval workflow, expediting the approval of drafted terms, conditions, changes, and cost/spend within the contract internally.
    • Tracking and flexibility needs to considered in the approval process.
    • Gates need to be in place to ensure that a required approver has approved the contract before it moves to the next approver.
    • Flexibility is needed in some situations for ad hoc approval tasks and should include audit trail as required.
    • Approvers can include business units, Finance, Legal, Security, and C-level leaders

    Stage 4: Approve

    Stage Input

    • Complete draft contract with all terms and conditions (T&Cs) and approval trail.
    • Amendment or addendum to existing contract.

    Stage Output

    • Approved draft contract ready to move to the next step of negotiating with the vendor.
    • Approved amendment or addendum to existing or renewal agreement.

    Stage 5: Negotiate

    • At this stage, there should be an approved draft of the contract that can be presented to the other party or vendor for review.
    • Typically organizations will negotiate their larger deals for terms and conditions with the goal of balancing the contractual allocation of risk with the importance of the vendor or agreement and its value to the business.
    • Several people on either side are typically involved and will discuss legal and commercial terms of the contract. Throughout the process, negotiators may leverage a variety of tools, including playbooks with preferred and fallback positions, clause libraries, document redlines and comparisons, and issue lists.
    • Audit trails or tracking of changes and acceptances is an important part of this stage. Tracking will avoid duplication and lost or missed changes and will speed up the entire process.
    • A final, clean document is created at this point and readied for execution.

    Stage 5: Negotiate

    Stage Input

    • Approved draft contract ready to move to the next step of negotiating with the vendor.
    • Approved amendment or addendum to existing or renewal agreement.

    Stage Output

    • A finalized and approved contract or amendment with agreed-upon terms and conditions ready for signatures.

    Info-Tech Insight

    Saving the different versions of a contract during negotiations will save time, provide reassurance of agreed terms as you move through the process, and provide reference for future negotiations with the vendor.

    Stage 6: Sign or Execute

    • At this stage in the process, all the heavy lifting in a contract’s creation is complete. Now it’s signature time.
    • To finalize the agreement, both parties need to the sign the final document. This can be done by an in-person wet ink signature or by what is becoming more prevalent, digital signature through an e-signature process.
    • Once complete, the final executed documents are exchanged or received electronically and then retained by each party.

    Stage 6: Sign or Execute

    Stage Input

    • A finalized and approved contract or amendment with agreed-upon terms and conditions ready for signatures.

    Stage Output

    • An executed contract or amendment ready to move to the next stage of CLM, capturing in the repository.

    Info-Tech Best Practice

    Process flow provisions should made for potential rejection of the contract by signatories, looping the contract back to the appropriate stage for rework or revision.

    Stage 7: Capture in Database/Repository 1 of 2

    • This is one of the most important stages of a CLM process. Executed agreements need to be stored in a single manageable, searchable, reportable, and centralized repository.
    • All documents should to be captured electronically, reviewed for accuracy, and then posted to the CLM repository.
    • The repository can be in various formats depending on the maturity, robustness, and budget of the CLM program.

    Most repositories are some type of database:

    • An off-the-shelf product
    • A PaaS cloud-based solution
    • A homegrown, internally developed database
    • An add-on module to your ERP system

    Stage 7: Capture in Database/Repository 2 of 2

    Several important features of an electronic repository should be considered:

    • Consistent metadata tagging of clauses, terms, conditions, dates, etc.
    • Centralized summary view of all contracts
    • Controlled access for those who need to review and manage the contracts

    Establishing an effective repository will be key to providing measurable value to the organization and saving large amounts of time for the business unit.

    Info-Tech Insight

    Planning for future needs by investing a little more money into a better, more robust repository could pay bigger dividends to the VMO and organization while providing a higher ROI over time as advanced functionality is deployed.

    Stage 8: Manage

    • Once an agreement is captured in the repository, it needs to be managed from both an operational and a commitment perspective.
    • Through a summary view or master list, contracts need to be operationally managed for end dates and renewals, vendor performance, discounts, and rebates.
    • Managing contracts for commitment and compliance will ensure all contract requirements, rights, service-level agreements (SLAs), and terms are fulfilled. This will eliminate the high costs of missed SLAs, potential breaches, or missed renewals.
    • Managing contracts can be improved by adding metadata to the records that allow for easier search and retrieval of contracts or even proactive notification.
    • The repository management features can and should be available to business stakeholders, or reporting from a CLM admin can also alert stakeholders to renewals, pricing, SLAs, etc.
    • Also important to this stage is reporting. This can be done by an admin or via a self-serve feature for stakeholders, or it could even be automated.

    Stage 9: Monitor Compliance 1 of 2

    • At this stage, the contracts or agreements need to be monitored for the polices within them and the purpose for which they were signed.
    • This is referred to as obligation management and is a key step to providing savings to the organization and mitigating risk.
    • Many contracts contain commitments by each party. These can include but are not limited to SLAs, service uptime targets, user counts, pricing threshold discounts and rebates, renewal notices to vendors, and training requirements.
    • All of these obligations within the contracts should be summarized and monitored to ensure that all commitments are delivered on. Managing obligations will mitigate risks, maximize savings and rebates to the organization, and minimize the potential for a breach within the contract.

    Stage 9: Monitor Compliance 2 of 2

    • Monitoring and measuring vendor commitments and performance will also be a key factor in maximizing the benefits of the contract through vendor accountability.
    • Also included in this stage is renewal and/or disposition of the contract. If renewal is due, it should go back to the business unit for submission to the Stage 1: Request process. If the business unit is not going to renew the contract, the contract must be tagged and archived for future reference.

    Stage 10: Optimize

    • The goal of this stage is to improve the other stages of the process as well as evaluate how each stage is integrating with the core operational framework processes.
    • With more data and improved insight into contractual terms and performance, a business can optimize its portfolio for better value, greater savings, and lower-risk outcomes.
    • For high-performance contract teams, the goal is a continuous feedback loop between the contract portfolio and business performance. If, for example, the data shows that certain negotiation issues consume a large chunk of time but yield no measurable difference in risk or performance, you may tweak the playbook to remedy those issues quickly.

    Additional optimization tactics:

    • Streamlining contract renewals with auto-renew
    • Predefined risk review process or template, continuous review/improvement of negotiation playbook
    • Better automation or flow of approval process
    • Better signature delegation process if required
    • Improving repository search with metadata tagging
    • Automating renewal tracking or notice process
    • Tracking the time a contract spends in each stage

    Establish Your Current CLM Maturity Position

    • Sometimes organizations have a well-defined pre-execution process but have a poor post-signature process.
    • Identifying your current processes or lack thereof will provide you with a starting point in developing a plan for your CLM. It’s possible that most of the stages are there and just need some improvements, or maybe some are missing and need to be implemented.
    • It’s not unusual for organizations to have a manual pre-execution process and an automated backend repository with compliance and renewal notices features.

    Info-Tech Best Practice

    Use the CLM Maturity Assessment Tool to outline where your organization is at each stage of the process.

    Member Activity: Assess Current CLM Maturity

    2.1 Completion Time 1-2 days

    Goal: Identify and measure your existing CLM processes, if any, and provide a maturity value to each stage. The resulting scores will provide a maturity assessment of your CLM.

    Instructions

    1. Use the Existing CLM Process Worksheet to document current CLM processes.
    2. Using the CLM worksheet info, answer the questions in the CLM Maturity Assessment Tool.
    3. Review the results and scores on Tab 3 to see where you need to focus your initial improvements.
    4. Save the initial assessment for future reference and reassess in six to 12 months to measure progress.

    This image contains a screenshot from Info-Tech's CLM Maturity Assessment Tool.

    INPUT

    • Internal information from all CLM stakeholders

    OUTPUT

    • A summary of processes and owners currently in place in the organization

    Materials

    • Existing CLM processes from interviews

    Participants

    • Finance, Legal, CIO, VMO, Sales, Procurement

    Member Activity: Complete RASCI Chart

    2.2 Completion Time 2-6 hours

    Goal: Identify who in your organization is primarily accountable and involved in each stage of the CLM process.

    Instructions

    Engage internal business unit decision makers, stakeholders, Finance, Legal, CIO, VMO, Sales, and Procurement as required to validate who should be involved in each stage.

    1. Using the information collected from internal reviews, assign a level in the CLM RASCI Diagram to each team member.
    2. Use the resulting RASCI diagram to guide you through developing or improving your CLM stages.

    This image contains a screenshot from Info-Tech's CLM RASCI Diagram.

    INPUT

    • Internal interview information

    OUTPUT

    • Understanding of who is involved in each CLM stage

    Materials

    • Interview data
    • RASCI Diagram

    Participants

    • Finance, Legal, CIO, VMO, Sales, Procurement

    Applying CLM Framework and Stages to Your Organization

    • Understand what CLM process you currently do or do not have in place.
    • Review implementation options: automated, semi-automated, and manual solutions.
    • If you are improving an existing process, focus on one phase at a time, perfect it, and then move to the other phase. This can also be driven by budget and time.
    • Create a plan to start with and then move to automating or semi-automating the stages.
    • Building onto or enhancing an existing system or processes can be a cost-effective method to produce near-term measurable savings
    • Focus on one phase at a time, then move on to the other phase.
    • While reviewing implementation of or improvements to CLM stages, be sure to track or calculate the potential time and cost savings and risk mitigation. This will help in any required business case for a CLM.

    CLM: An ROI Discussion 1 of 2

    • ROI can be easier to quantify and measure in larger organizations with larger CLM, but ROI metrics can be obtained regardless of the company or CLM size.
    • Organizations recognize their ROI through gains in efficiency across the entire business as well as within individual departments involved in the contracting process. They also do so by reducing the risk associated with decentralized and insecure storage of and access to their contracts, failure to comply with terms of their contracts, and missing deadlines associated with contracts.

    Just a few of the factors to consider within your own organization include:

    • The number of people inside and outside your company that touch your contracts.
    • The number of hours spent weekly, monthly, and annually managing contracts.
    • Potential efficiencies gained in better managing those contracts.
    • The total number of contracts that exist at any given time.
    • The average value and total value of those contract types.
    • The potential risk of being in breach of any of those contracts.
    • The number of places contracts are stored.
    • The level of security that exists to prevent unauthorized access.
    • The potential impact of unauthorized access to your sensitive contract data.

    CLM: An ROI Discussion 2 of 2

    Decision-Maker Apprehensions

    Decision-maker concerns arise from a common misunderstanding – that is, a fundamental failure to appreciate the true source of contract management value. This misunderstanding goes back many years to the time when analysts first started to take an interest in contract management and its automation. Their limited experience (primarily in retail and manufacturing sectors) led them to think of contract management as essentially an administrative function, primarily focused on procurement of goods. In such environments, the purpose of automation is focused on internal efficiency, augmented by the possibility of savings from reduced errors (e.g. failing to spot a renewal or expiry date) or compliance (ensuring use of standard terms).

    Today’s CLM systems and processes can provide ROI in several areas in the business.

    Info-Tech Insight

    Research on ROI of CLM software shows significant hard cost savings to an organization. For example, a $10 million company with 300 contracts valued at $3 million could realize savings of $83,400 and avoid up to $460,000 in lost revenues. (Derived from: ACCDocket, 2018)

    Additional Considerations 1 of 2

    Who should own and/or manage the CLM process within an organization? Legal, VMO, business unit, Sales?

    This is an often-discussed question. Research suggests that there is no definitive answer, as there are several variables.

    Organizations needs to review what makes the best business sense for them based on several considerations and then decide where CLM belongs.

    • Business unit budgets and time management
    • Available Administration personnel and time
    • IT resources
    • Security and access concerns
    • Best fit based on organizational structure

    35% of law professionals feel contract management is a legal responsibility, while 45% feel it’s a business responsibility and a final 20% are unsure where it belongs. (Source: “10 Eye-Popping Contract Management Statistics,” Apttus, 2018)

    Additional Considerations 2 of 2

    What type of CLM software or platform should we use?

    This too is a difficult question to answer definitively. Again, there are several variables to consider. As well, several solutions are available, and this is not a one-size-fits-all scenario.

    As with who should own the CLM process, organizations must review the various CLM software solutions available that will meet their current and future needs and then ask, “What do we need the system to do?”

    • Do you build a “homegrown” solution?
    • Should it be an add-on module to the current ERP or CRM system?
    • Is on-premises more suitable?
    • Is an adequate off-the-shelf (OTS) solution available?
    • What about the many cloud offerings?
    • Is there a basic system to start with that can expand as you grow?

    Info-Tech Insight

    When considering what type of solution to choose, prioritize what needs to been done or improved. Sometimes solutions can be deployed in phases as an “add-on” type modules.

    Summary of Accomplishment

    Knowledge Gained

    • Documented current CLM process
    • Core operational framework to build a CLM process on
    • Understanding of best practices required for a sustainable CLM

    Processes Optimized

    • Internal RASCI process identified
    • Existing internal stage improvements
    • Internal review process for risk mitigation

    Deliverables Completed

    • Existing CLM Processes Worksheet
    • CLM Maturity Assessment
    • CLM RASCI Chart
    • CLM improvement plan

    Project Step Summary

    Client Project: CLM Assessment and Improvement Plan

    1. Set your goals – what do you want to achieve in your CLM project?
    2. Assess your organization’s current CLM position in relation to CLM best practices and stages.
    3. Map your organization’s RASCI structure for CLM.
    4. Identify opportunities for stage improvements or target all low stage assessments.
    5. Prioritize improvement processes.
    6. Track ROI metrics.
    7. Develop a CLM implementation or improvement plan.

    Info-Tech Insight

    This project can fit your organization’s schedule:

    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    CLM Blueprint Summary and Conclusion

    • Contract management is a vital component of a responsible VMO that will benefit all business units in an organization, save time and money, and reduce risk exposure.
    • A basic well-deployed and well-managed CLM will provide ROI in the short term.
    • Setting an improvement plan with concise improvements and potential cost savings based on process improvements will help your business case for CLM get approval and leadership buy-in.
    • Educating and aligning all business units and stakeholders to any changes to CLM processes will ensure that cost savings and ROI are achieved.
    • When evaluating a CLM software solution, use the operational framework and the ten process stages in this blueprint as a reference guide for CLM vendor functionality and selection.

    Related Info-Tech Research

    Master Contract Review and Negotiation

    Optimize spend with significant cost savings and negotiate from a position of strength.

    Manage Your Vendors Before They Manage You

    Maximize the value of vendor relationships.

    Bibliography

    Burla, Daniel. “The Must Know Of Transition to Dynamics 365 on Premise.” Sherweb, 14 April 2017. Web.

    Anand, Vishal, “Strategic Considerations in Implementing an End-to-End Contract Lifecycle Management Solution.” DWF Mindcrest, 20 Aug. 2016. Web.

    Alspaugh, Zach. “10 Eye-Popping Contract Management Statistics from the General Counsel’s Technology Report.” Apttus, 23 Nov. 2018. Web.

    Bishop, Randy. “Contract Management is not just a cost center.” ContractSafe, 9 Sept. 2019. Web.

    Bryce, Ian. “Contract Management KPIs - Measuring What Matters.” Gatekeeper, 2 May 2019. Web.

    Busch, Jason. “Contract Lifecycle Management 101.” Determine. 4 Jan. 2018. Web.

    “Contract Management Software Buyer's Guide.” TechnologyAdvice, 5 Aug. 2019. Web.

    Dunne, Michael. “Analysts Predict that 2019 will be a Big Year for Contract Lifecycle Management.” Apttus, 19 Nov. 2018. Web.

    “FIS Case Study.” Apttus, n.d. Web.

    Gutwein, Katie. “3 Takeaways from the 2018 State of Contract Management Report.” SpringCM, 2018. Web.

    “IACCM 2019 Benchmark Report.” IAACM, 4 Sept. 2019. Web.

    Linsley, Rod. “How Proverbial Wisdom Can Help Improve Contract Risk Mitigation.” Gatekeeper, 2 Aug. 2019. Web.

    Mars, Scott. “Contract Management Data Extraction.” Exari, 20 June 2017. Web.

    Rodriquez, Elizabeth. “Global Contract Life-Cycle Management Market Statistics and Trends 2019.” Business Tech Hub, 17 June 2017. Web.

    “State of Contract Management Report.” SpringCM, 2018. Web.

    Teninbaum, Gabriel, and Arthur Raguette. “Realizing ROI from Contract Management Technology.” ACCDocket.com, 29 Jan. 2018. Web.

    Wagner, Thomas. “Strategic Report on Contract Life cycle Management Software Market with Top Key Players- IBM Emptoris, Icertis, SAP, Apttus, CLM Matrix, Oracle, Infor, Newgen Software, Zycus, Symfact, Contract Logix, Coupa Software.” Market Research, 21 June 2019. Web.

    “What is Your Contract Lifecycle Management (CLM) Persona?” Spend Matters, 19 Oct. 2017. Web.

    Create a Data Management Roadmap

    • Buy Link or Shortcode: {j2store}122|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $100,135 Average $ Saved
    • member rating average days saved: 36 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    Data has quickly become one of the most valuable assets in any organization. But when it comes to strategically and effectively managing those data assets, many businesses find themselves playing catch-up. The stakes are high because ineffective data management practices can have serious consequences, from poor business decisions and missed revenue opportunities to critical cybersecurity risks.

    Successful management and consistent delivery of data assets requires collaboration between the business and IT and the right balance of technology, process, and resourcing solutions.

    Build an effective and collaborative data management practice

    Data management is not one-size-fits-all. Cut through the noise around data management and create a roadmap that is right for your organization:

    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing data assets.
    • Design a program that can scale and evolve over time.
    • Perform data strategy planning and incorporate data capabilities into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    This blueprint will help you design a data management practice that builds capabilities to support your organization’s current use of data and its vision for the future.

    Create a Data Management Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a Data Management Roadmap Storyboard – Use this deck to help you design a data management practice and turn data into a strategic enabler for the organization.

    Effective data delivery and management provides the business with new and improved opportunities to leverage data for business operations and decision making. This blueprint will help you design a data management practice that will help your team build capabilities that align to the business' current usage of data and its vision for the future.

    • Create a Data Management Roadmap – Phases 1-2

    2. Data Management Strategy Planning Tools – Use these tools to align with the business and lay the foundations for the success of your data management practice.

    Begin by using the interview guide to engage stakeholders to gain a thorough understanding of the business’ challenges with data, their strategic goals, and the opportunities for data to support their future plans. From there, these tools will help you identify the current and target capabilities for your data management practice, analyze gaps, and build your roadmap.

    • Data Strategy Planning Interview Guide
    • Data Management Assessment and Planning Tool
    • Data Management Project Charter Template

    3. Stakeholder Communication and Assessment Tools – Use these templates to develop a communication strategy that will convey the value of the data management project to the organization and meet the needs of key stakeholders.

    Strong messaging around the value and purpose of the data management practice is essential to ensure buy-in. Use these templates to build a business case for the project and socialize the idea of data management across the various levels of the organization while anticipating the impact on and reactions from key stakeholders.

    • Data Management Communication/Business Case Template
    • Project Stakeholder and Impact Assessment Tool

    4. Data Management Strategy Work Breakdown Structure Template – Use this template to maintain strong project management throughout your data management project.

    This customizable template will support an organized approach to designing a program that addresses the business’ current and evolving data management needs. Use it to plan and track your deliverables and outcomes related to each stage of the project.

    • Data Management Strategy Work Breakdown Structure Template

    5. Data Management Roadmap Tools – Use these templates to plan initiatives and create a data management roadmap presentation.

    Create a roadmap for your data management practice that aligns to your organization’s current needs for data and its vision for how it wants to use data over the next 3-5 years. The initiative tool guides you to identify and record all initiative components, from benefits to costs, while the roadmap template helps you create a presentation to share your project findings with your executive team and project sponsors.

    • Initiative Definition Tool
    • Data Management Roadmap Template

    6. Track and Measure Benefits Tool – Use this tool to monitor the project’s progress and impact.

    Benefits tracking enables you to measure the effectiveness of your project and make adjustments where necessary to realize expected benefits. This tool will help you track benefit metrics at regular intervals to report progress on goals and identify benefits that are not being realized so that you can take remedial action.

    • Track and Measure Benefits Tool

    Infographic

    Workshop: Create a Data Management Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop Data Strategies

    The Purpose

    Understand the business’s vision for data and the role of the data management practice.

    Determine business requirements for data.

    Map business goals and strategic plans to create data strategies.

    Key Benefits Achieved

    Understanding of business’s vision for data

    Unified vision for data management (business and IT)

    Identification of the business’s data strategies

    Activities

    1.1 Establish business context for data management.

    1.2 Develop data management principles and scope.

    1.3 Develop conceptual data model (subject areas).

    1.4 Discuss strategic information needs for each subject area.

    1.5 Develop data strategies.

    1.6 Identify data management strategies and enablers.

    Outputs

    Practice vision

    Data management guiding principles

    High-level data requirements

    Data strategies for key data assets

    2 Assess Data Management Capabilities

    The Purpose

    Determine the current and target states of your data management practice.

    Key Benefits Achieved

    Clear understanding of current environment

    Activities

    2.1 Determine the role and scope of data management within the organization.

    2.2 Assess current data management capabilities.

    2.3 Set target data management capabilities.

    2.4 Identify performance gaps.

    Outputs

    Data management scope

    Data management capability assessment results

    3 Analyze Gaps and Develop Improvement Initiatives

    The Purpose

    Identify how to bridge the gaps between the organization’s current and target environments.

    Key Benefits Achieved

    Creation of key strategic plans for data management

    Activities

    3.1 Evaluate performance gaps.

    3.2 Identify improvement initiatives.

    3.3 Create preliminary improvement plans.

    Outputs

    Data management improvement initiatives

    4 Design Roadmap and Plan Implementation

    The Purpose

    Create a realistic and action-oriented plan for implementing and improving the capabilities for data management.

    Key Benefits Achieved

    Completion of a Data Management Roadmap

    Plan for how to implement the roadmap’s initiatives

    Activities

    4.1 Align data management initiatives to data strategies and business drivers.

    4.2 Identify dependencies and priorities

    4.3 Build a data management roadmap (short and long term)

    4.4 Create a communication plan

    Outputs

    Data management roadmap

    Action plan

    Communication plan

    Further reading

    Contents

    Executive Brief
    Analyst Perspective
    Executive Summary
    Phase 1: Build Business and User Context
    Phase 2: Assess Data Management and Build Your Roadmap
    Additional Support
    Related Research
    Bibliography

    Create a Data Management Roadmap

    Ensure the right capabilities to support your data strategy.

    EXECUTIVE BRIEF

    Analyst Perspective

    Establish a data management program to realize the data strategy vision and data-driven organization.

    Data is one of the most valuable organizational assets, and data management is the foundation – made up of plans, programs, and practices – that delivers, secures, and enhances the value of those assets.

    Digital transformation in how we do business and innovations like artificial intelligence and automation that deliver exciting experiences for our customers are all powered by readily available, trusted data. And there’s so much more of it.

    A data management roadmap designed for where you are in your business journey and what’s important to you provides tangible answers to “Where do we start?” and “What do we do?”

    This blueprint helps you build and enhance data management capabilities as well as identify the next steps for evaluating, strengthening, harmonizing, and optimizing these capabilities, aligned precisely with business objectives and data strategy.

    Andrea Malick
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Frame the problem

    Who this research is for
    • Data management professionals looking to improve the organization’s ability to leverage data in value-added ways
    • Data governance managers and data analysts looking to improve the effectiveness and value of their organization’s data management practice
    This research will help you
    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing the organization’s data assets.
    • Design a data management program that can scale and evolve over time.
    This research will also assist
    • Business leaders creating plans to leverage data in their strategic planning and business processes
    • IT professionals looking to improve the environment that manages and delivers data
    This research will also help you
    • Perform data strategy planning and incorporate data capabilities and plans into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    Executive Summary

    Your Challenge
    • The organizational appetite for data is increasing, with growing demands for data to better support business processes and inform decision making.
    • For data to be accessible and trustworthy for the business it must be effectively managed throughout its lifecycle.
    • With so much data circulating throughout our systems and a steady flow via user activity and business activities, it is imperative that we understand our data environment, focus our data services and oversight on what really matters, and work closely with business leads to ensure data is an integral part of the digital solution.
    Common Obstacles
    • Despite the growing focus on data, many organizations struggle to develop an effective strategy for managing their data assets.
    • Successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.
    • Employees are doing their best to just get things done with their own spreadsheets and familiar patterns of behavior. It takes leadership to pause those patterns and take a thoughtful enterprise and strategic approach to a more streamlined – and transformed – business data service.
    Info-Tech’s Approach
    • Incremental approach: Building a mature and optimized practice doesn’t occur overnight – it takes time and effort. Use this blueprint’s approach and roadmap results to support your organization in building a practice that prioritizes scope, increases the effectiveness of your data management practice, and improves your alignment with business data needs.
    • Build smart: Don’t do data management for data management’s sake; instead, align it to business requirements and the business’ vision for the organization’s data. Ensure initiatives and program investments best align to business priorities and support the organization in becoming more data driven and data centric.

    Info-Tech Insight

    Use value streams and business capabilities to develop a prioritized and practical data management plan that provides the highest business satisfaction in the shortest time.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Data is a business asset and needs to be treated like one

    Data management is an enabler of the business and therefore needs to be driven by business goals and objectives. For data to be a strategic asset of the business, the business and IT processes that support its delivery and management must be mature and clearly executed.

    Business Drivers
    1. Client Intimacy/Service Excellence
    2. Product and Service Innovations
    3. Operational Excellence
    4. Risk and Compliance Management
    Data Management Enablers
    • Data Governance
    • Data Strategy Planning
    • Data Architecture
    • Data Operations Management
    • Data Risk Management
    • Data Quality Management

    Industry spotlight: Risk management in the financial services sector

    REGULATORY
    COMPLIANCE

    Regulations are the #1 driver for risk management.

    US$11M:

    Fine incurred by a well-known Wall Street firm after using inaccurate data to execute short sales orders.
    “To successfully leverage customer data while maintaining compliance and transparency, the financial sector must adapt its current data management strategies to meet the needs of an ever-evolving digital landscape.” (Phoebe Fasulo, Security Scorecard, 2021)

    Industry spotlight: Operational excellence in the public sector

    GOVERNMENT
    TRANSPARENCY

    With frequent government scandals and corruption dominating the news, transparency to the public is quickly becoming a widely adopted practice at every level of government. Open government is the guiding principle that the public has access to the documents and proceedings of government to allow for effective public oversight. With growing regulations and pressure from the public, governments must adopt a comprehensive data management strategy to ensure they remain accountable to their rate payers, residents, businesses, and other constituents.

    1. Transparency Transparency is not just about access; it’s about sharing and reuse.
    2. Social and commercial value Everything from finding your local post office to building a search engine requires access to data.
    3. Participatory government Open data enables citizens to be more directly informed and involved in decision making.

    Industry spotlight: Operational excellence and client intimacy in major league sports

    SPORTS
    ANALYTICS

    A professional sports team is essentially a business that is looking for wins to maximize revenue. While they hope for a successful post-season, they also need strong quarterly results, just like you. Sports teams are renowned for adopting data-driven decision making across their organizations to do everything from improving player performance to optimizing tickets sales. At the end of the day, to enable analytics you must have top-notch information management.

    Team Performance Benefits
    1. Talent identification
    2. In-game decision making
    3. Injury reduction
    4. Athlete performance
    5. Bargaining agreement
    Team Performance Benefits
    1. Fan engagement
    2. Licensing
    3. Sports gambling
    (Deloitte Insights, 2020)
    Industry leaders cite data, and the insights they glean from it, as their means of standing apart from their competitors.

    Industry spotlight: Operational excellence and service delivery within manufacturing and supply chain services

    SUPPLY CHAIN
    EFFICIENCY

    Data offers key insights and opportunities when it comes to supply chain management. The supply chain is where the business strategy gets converted to operational service delivery of the business. Proper data management enables business processes to become more efficient, productive, and profitable through the greater availability of quality data and analysis.

    Fifty-seven percent of companies believe that supply chain management gives them a competitive advantage that enables them to further develop their business (FinancesOnline, 2021).

    Involving Data in Your Supply Chain

    25%

    Companies can reap a 25% increase in productivity, a 20% gain in space usage, and a 30% improvement in stock use efficiency if they use integrated order processing for their inventory system.

    36%

    Thirty-six percent of supply chain professionals say that one of the top drivers of their analytics initiatives is the optimization of inventory management to balance supply and demand.
    (Source: FinancesOnline, 2021)

    Industry spotlight: Intelligent product innovation and strong product portfolios differentiate consumer retailers and CPGs

    INFORMED PRODUCT
    DEVELOPMENT
    Consumer shopping habits and preferences are notoriously variable, making it a challenge to develop a well-received product. Information and insights into consumer trends, shopping preferences, and market analysis support the probability of a successful outcome.

    Maintaining a Product Portfolio
    What is selling? What is not selling?

    Product Development
    • Based on current consumer buying patterns, what will they buy next?
    • How will this product be received by consumers?
    • What characteristics do consumers find important?
    A combination of operational data and analytics data is required to accurately answer these questions.
    Internal Data
    • Organizational sales performance
    External Data
    • Competitor performance
    • Market analysis
    • Consumer trends and preferences
    Around 75% of ideas fail for organizational reasons – viability or feasibility or time to market issues. On the other hand, around 20% of product ideas fail due to user-related issues – not valuable or usable (Medium, 2020).

    Changes in business and technology are changing how organizations use and manage data

    The world moves a lot faster today

    Businesses of today operate in real time. To maintain a competitive edge, businesses must identify and respond quickly to opportunities and events.

    To effectively do this businesses must have accurate and up-to-date data at their fingertips.

    To support the new demands around data consumption, data velocity (pace in which data is captured, organized, and analyzed) must also accelerate.

    Data Management Implications
    • Strong integration capabilities
    • Intelligent and efficient systems
    • Embedded data quality management
    • Strong transparency into the history of data and its transformation

    Studies and projections show a clear case of how data and its usage will grow and evolve.

    Zettabyte Era

    64.2

    More Data

    The amount of data created, consumed, and stored globally is forecast to increase rapidly, reaching 64.2 zettabytes in 2020 and projected to grow to over 180 zettabyes in 2025 (Statista, 2021).

    Evolving Technologies

    $480B

    Cloud Proliferation

    Global end-user spending on public cloud services is expected to exceed $480 billion next year (Info-Tech, 2021).

    To differentiate and remain competitive in today’s marketplace, organizations are becoming more data-driven

    Pyramid with a blue tip. Sublevels from top down are labelled 'Analytical Companies', 'Analytical Aspirations', 'Localized Analytics', and 'Analytically Impaired'.

    Analytic Competitor

    “Given the unforgiving competitive landscape, organizations have to transform now, and correctly. Winning requires an outcome-focused analytics strategy.” (Ramya Srinivasan, Forbes, 2021)
    Data and the use of data analytics has become a centerpiece to effective modern business. Top-performing organizations across a variety of industries have been cited as using analytics five times more than lower performers (MIT Sloan).

    The strategic value of data

    Power intelligent and transformative organizational performance through leveraging data.

    Respond to industry disruptors

    Optimize the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk

    Harness the value of your data

    Despite investments in data initiatives, organizations are carrying high levels of data debt

    Data debt is the accumulated cost that is associated with the suboptimal governance of data assets in an enterprise, like technical debt.

    Data debt is a problem for 78% of organizations.

    40%

    of organizations say individuals within the business do not trust data insights.

    66%

    of organizations say a backlog of data debt is impacting new data management initiatives.

    33%

    of organizations are not able to get value from a new system or technology investment.

    30%

    of organizations are unable to become data-driven.

    (Source: Experian, 2020)

    The journey to being data-driven

    The journey to becoming a data-driven organization requires a pit stop at data enablement.

    The Data Economy

    Diagram of 'The Data Economy' with three points on an arrow. 'Data Disengaged: You have a low appetite for data and rarely use data for decision making.' 'Data Enabled: Technology, data architecture, and people and processes are optimized and supported by data governance.' 'Data Driven: You are differentiating and competing on data and analytics, described as a “data first” organization. You’re collaborating through data. Data is an asset.'

    Measure success to demonstrate tangible business value

    Put data management into the context of the business:
    • Tie the value of data management and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don’t let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data management program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organization.

    Key considerations:
    • When building your data management roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data management partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data management milestones
    Sample milestones:
    • Data Management Leadership & Org Structure Definition
      Define the home for data management, as approved by senior leadership.
    • Data Management Charter and Policies
      Create a charter for your program and build/refresh associated policies.
    • Data Culture Diagnostic
      Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
    • Use Case Build and Prioritization
      Build a use case that is tied to business capabilities. Prioritize accordingly.
    • Business Data Glossary/Catalog
      Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
    • Tools & Technology
      Explore the tools and technology offering in the data management space that would serve as an enabler to the program (e.g. RFI, RFP).

    Insight summary

    Overarching insight

    Your organization’s value streams and the associated business capabilities require effectively managed data. Whether building customer service excellence or getting ahead of cyberattacks, a data management practice is the dependable mainstay supporting business operations and transformation.

    Insight 1

    Data – it’s your business.
    Data is a digital imprint of business activities. Data architecture and flows are reflective of the organizational business architecture. Take data management capabilities as seriously as other core business capabilities.

    Insight 2

    Take a data-oriented approach.
    Data management must be data-centric – with technology and functional enablement built around the data and its structure and flows. Maintain the data focus during project’s planning, delivery, and evaluation stages.

    Insight 3

    Get the business into the data business.
    Data is not “IT’s thing.” Just as a bank helps you properly allocate your money to achieve your financial goals, IT will help you implement data management to support your business goals, but the accountability for data resides with the business.

    Tactical insight

    Data management is the program and environment we build once we have direction, i.e. a data strategy, and we have formed an ongoing channel with the guiding voice of the business via data governance. Without an ultimate goal in a strategy or the real requirements of the business, what are we building data systems and processes for? We are used to tech buzz words and placing our hope in promising innovations like artificial intelligence. There are no shortcuts, but there are basic proven actions we can take to meet the digital revolution head on and let our data boost our journey.

    Key deliverable:

    Data Management Roadmap Template

    Use this template to guide you in translating your project's findings and outcomes into a presentation that can be shared with your executive team and project sponsors.

    Sample of the 'Data Management Roadmap Template' key deliverable.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Data Management Assessment and Planning Tool

    Use this tool to support your team in assessing and designing the capabilities and components of your organization's data management practice. Sample of the 'Data Management Assessment and Planning Tool' deliverable.

    Data Culture Diagnostic and Scorecard

    Sample of the 'Data Culture Diagnostic and Scorecard' deliverable.

    Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.

    Business Capability Map

    This template takes you through a business capability and value stream mapping to identify the data capabilities required to enable them. Sample of the 'Business Capability Map' deliverable.

    Measure the value of this blueprint

    Leverage this blueprint’s approach to ensure your data management initiatives align and support your key value streams and their business capabilities.
    • Aligning your data management program and its initiatives to your organization’s business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data management with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.

    Project outcome

    Metric

    Timely data delivery Time of data delivery to consumption
    Improved data quality Data quality scorecard metrics
    Data provenance transparency Time for data auditing (from report/dashboard to the source)
    New reporting and analytic capabilities Number of level 2 business capabilities implemented as solutions
    In Phase 1 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data management capabilities and strengths.

    In Phase 2, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data management capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Create a Data Management Roadmap project overview

    1. Build Business Context and Drivers for the Data Management Program 2. Assess Data Management and Build Your Roadmap
    Best-Practice Toolkit

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • An understanding of the core components of an effective data management program
    • Your organization’s business capabilities and value streams
    • A business capability map for your organization
    • High-value use cases for data management
    • Vision and guiding principles for data management
    • An understanding of your organization’s current data management capabilities
    • Definition of target-state capabilities and gaps
    • Roadmap of priority data management initiatives
    • Business data domains and ownership

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Call #1: Understand drivers, business context, and scope of data management at your organization. Learn about Info-Tech’s approach and resources.

    Call #2: Get a detailed overview of Info-Tech’s approach, framework, Data Culture Diagnostic, and blueprint.

    Call #3:Align your business capabilities with your data management capabilities. Begin to develop a use case framework.

    Call #4:Further discuss alignment of business capabilities to data management capabilities and use case framework.

    Call #5: Assess your current data management capabilities and data environment. Review your Data Culture Diagnostic Scorecard, if applicable.

    Call #6: Plan target state and corresponding initiatives.

    Call #7: Identify program risks and formulate a roadmap.

    Call #8: Identify and prioritize improvements. Define a RACI chart.

    Call #9: Summarize results and plan next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Understand and contextualize

    1.1 Review your data strategy.

    1.2 Learn data management capabilities.

    1.3 Discuss DM capabilities cross-dependencies and interactions.

    1.4 Develop high-value use cases.

    Assess current DM capabilities and set improvement targets

    2.1 Assess you current DM capabilities.

    2.2 Set targets for DM capabilities.

    Formulate and prioritize improvement initiatives

    3.1 Formulate core initiatives for DM capabilities improvement.

    3.2 Discuss dependencies across the initiatives and prioritize them.

    Plan for delivery dates and assign RACI

    4.1 Plan dates and assign RACI for the initiatives.

    4.2 Brainstorm initiatives to address gaps and enable business goals.

    Next steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Understanding of the data management capabilities and their interactions and logical dependencies
    2. Use cases
    1. DM capability assessment results
    2. DM vision and guiding principles
    1. Prioritized DM capabilities improvement initiatives
    1. DM capabilities improvement roadmap
    2. Business data domains and ownership
    1. Workshop final report with key findings and recommendations

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    What is data management and why is it needed?

    “Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    Achieving successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.

    Who:

    This research is designed for:
    • Data management heads and professionals looking to improve their organization’s ability to leverage data in value-added ways.
    • Data management and IT professionals looking to optimize the data environment, from creation and ingestion right through to consumption.

    Are your data management capabilities optimized to support your organization’s data use and demand?

    What is the current situation?

    Situation
    • The volume and variety of data are growing exponentially and show no sign of slowing down.
    • Business landscapes and models are evolving.
    • Users and stakeholders are becoming more and more data-centric, with maturing and demanding expectations.
    Complication
    • Organizations struggle to develop a comprehensive approach to optimizing data management.
    • In their efforts to keep pace with the demands for data, data management groups often adopt a piecemeal approach that includes turning to tools as a means to address the needs.
    • Data architecture, models, and designs fail to deliver real and measurable business impact and value. Technology ROI is not realized.
    Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Management Framework

    What Is Data Management?

    Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    The three-tiered Data Management Framework, tiers are labelled 'Data Management Enablers', 'Information Dimensions', and 'Business Information'.

    Adapted from DAMA-DMBOK and Advanced Knowledge Innovations Global Solutions

    Info-Tech’s Approach

    Info-Tech’s Data Management Framework is designed to show how an organization’s business model sits as the foundation of its data management practice. Drawing from the requirements of the underpinning model, a practice is designed and maintained through the creation and application of the enablers and dimensions of data management.

    Build a data management practice that is centered on supporting the business and its use of key data assets

    Business Resources

    Data subject areas provide high-level views of the data assets that are used in business processes and enable an organization to perform its business functions.

    Classified by specific subjects, these groups reflect data elements that, when used effectively, are able to support analytical and operational use cases of data.

    This layer is representative of the delivery of the data assets and the business’ consumption of the data.

    Data is an integral business asset that exists across all areas of an organization

    Equation stating 'Trustworthy and Usable Data' plus 'Well-Designed and Executed Processes' equals 'Business Capabilities and Functions'.
    Data Management Framework with only the bottom tier highlighted.

    For a data management practice to be effective it ultimately must show how its capabilities and operations better support the business in accessing and leveraging its key data assets.*

    *This project focuses on building capabilities for data management. Leverage our data quality management research to support you in assessing the performance of this model.

    Information dimensions support the different types of data present within an organization’s environment

    Information Dimensions

    Components at the Information Dimensions layer manage the different types of data and information present with an environment.

    At this layer, data is managed based on its type and how the business is looking to use and access the data.

    Custom capabilities are developed at this level to support:

    • Structured data
    • Semi-structured data
    • Unstructured data
    The types, formats, and structure of the data are managed at this level using the data management enablers to support their successful execution and performance.
    Data Management Framework with only the middle tier highlighted.

    Build a data management practice with strong process capabilities

    Use these guiding principles to contextualize the purpose and value for each data management enabler.

    Data Management Framework with only the top tier highlighted.

    Data Management Enablers

    Info-Tech categorizes data management enablers as the processes that guide the management of the organization’s data assets and support the delivery.

    Govern and Direct

    • Ensures data management practices and processes follow the standards and policies outlined for them
    • Manages the executive oversight of the broader practice

    Align and Plan

    • Aligns data management plans to the business’ data requirements
    • Creates the plans to guide the design and execution of data management components

    Build, Acquire, Operate, Deliver, and Support

    • Executes the operations that manage data as it flows through the business environment
    • Manages the business’ risks in relation to its data assets and the level of security and access required

    Monitor and Improve

    • Analyzes the performance of data management components and the quality of business data
    • Creates and execute plans to improve the performance of the practice and the quality and use of data assets

    Use Info-Tech’s assessment framework to support your organization’s data management planning

    Info-Tech employs a consumer-driven approach to requirements gathering in order to support a data management practice. This will create a vision and strategic plan that will help to make data an enabler to the business as it looks to achieve its strategic objectives.

    Data Strategy Planning

    To support the project in building an accurate understanding of the organization’s data requirements and the role of data in its operations (current and future), the framework first guides organizations on a business and subject area assessment.

    By focusing on data usage and strategies for unique data subject areas, the project team will be better able to craft a data management practice with capabilities that will generate the greatest value and proactively handle evolving data requirements.

    Arrow pointing right.

    Data Management Assessment

    To support the design of a fit-for-purpose data management practice that aligns with the business’ data requirements this assessment will guide you in:

    • Determining the target capabilities for the different dimensions of data management.
    • Identifying the interaction dependencies and coordination efforts required to build a successful data management practice.

    Create a Data Management Roadmap

    Phase 1

    Build Business Context and Drivers for the Data Management Program

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Identify your business drivers and business capabilities.
    • Align data management capabilities with business goals.
    • Define scope and vision of the data management plan.
    • This phase involves the follow

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data Owners, Records Managers, Regulatory Subject Matter Experts (e.g. Legal Counsel, Security)

    Step 1.1

    Review the Data Management Framework

    Activities

    1.1.1 Walk through the main parts of the best-practice Data Management Framework

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map
    Build Business Context and Drivers
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Build a Robust & Comprehensive Data Strategy

    Business Strategy

    Organizational Goals & Objectives

    Business Drivers

    Industry Drivers

    Current Environment

    Data Management Capability Maturity Assessment

    Data Culture Diagnostic

    Regulatory and Compliance Requirements

    Data Strategy

    Organizational Drivers and Data Value

    Data Strategy Objectives & Guiding Principles

    Data Strategy Vision and Mission

    Data Strategy Roadmap

    People: Roles and Organizational Structure

    Data Culture & Data Literacy

    Data Management and Tools

    Risk and Feasibility

    Unlock the Value of Data

    Generate Game-Changing Insights

    Fuel Data-Driven Decision Making

    Innovate and Transform With Data

    Thrive and Differentiate With a Data-Driven Culture

    Elevate Organizational Data IQ

    Build a Foundation for Data Valuation

    What is a data strategy and why is it needed?

    • Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.
    • For any CDO or equivalent data leader, a robust and comprehensive data strategy is the number one tool in your toolkit for generating measurable business value from data.
    • The data strategy will serve as the mechanism for making high-quality, trusted, and well-governed data readily available and accessible to deliver on your organizational mandate.

    What is driving the need to formulate or refresh your organization’s data strategy?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Governance Framework

    Model of Info-Tech's Data Governance Framework titled 'Key to Data Enablement'. There are inputs, a main Data Governance cycle, and a selection of outputs. The inputs are 'Business Strategy' and 'Data Strategy' injected into the cycle via 'Strategic Goals & Objectives'. The cycle consists of 'Operating Model', 'Policies & Procedures', 'Data Literacy & Culture', 'Enterprise Projects & Services', 'Data Management', 'Data Privacy & Security', 'Data Leadership', and 'Data Ownership & Stewardship'. The latter two are part of 'Enterprise Governance's 'Oversight & Alignment' cycle. Outputs are 'Defined Data Accountability & Responsibility', 'Knowledge & Common Understanding of Data Assets', 'Trust & Confidence in Traceable Data', 'Improved Data ROI & Reduced Data Debt', and 'Support of Ethical Use of Data in a Data-Driven Culture'.

    What is data governance and why is it needed?

    • Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.
    • It should deliver agreed-upon models that are conducive to your organization’s operating culture, where there is clarity on who can do what with which data and via what means.
    • It is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization.
    • It promotes and drives responsible and ethical use and handling of data while helping to build and foster an organizational culture of data excellence.

    Do you feel there is a clear definition of data accountability and responsibility in your organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data Governance, Lead Data Governance Officer
    • Head of Data
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function.

    A diagram titled 'Data Platform Selection - Make complex tasks simple by applying proven methodology to connect businesses to software' with five steps. '1. Formalize a Business Strategy', '2. Identify Platform Specific Considerations', '3. Execute Data Platform Architecture Selection', 'Select Software', 'Achieve Business Goals'.

    Info-Tech’s Data Platform Framework

    Data pipeline for versatile and scalable data delivery

    a diagram showing the path from 'Data Creation' to 'Data Accumulation', to 'Engineering & Augmentation', to 'Data Delivery'. Each step has a 'Fast Lane', 'Operational Lane', and 'Curated Lane'.

    What are the data platform and practice and why are they needed?

    • The data platform and practice are two parts of the data and analytics equation:
      • The practice is about the operating model for data; that is, how stakeholders work together to deliver business value on your data platform. These stakeholders are a combination of business and IT from across the organization.
      • The platform is a combination of the architectural components of the data and analytics landscape that come together to support the role the business plays day to day with respect to data.
    • Don’t jump directly into technology: use Info-Tech tools to solve and plan first.
    • Create a continuous roadmap to implement and evolve your data practice and platform.
    • Promote collaboration between the business and IT by clearly defining responsibilities.

    Does your data platform effectively serve your reporting and analytics capabilities?

    Who:

    This research is designed for:

    • Data and Information Leadership
    • Enterprise Information Architect
    • Data Architect
    • Data Engineer/Modeler

    Info-Tech Insight

    Info-Tech’s approach is driven by business goals and leverages standard data practice and platform patterns. This enables the implementation of critical and foundational data and analytics components first and subsequently facilitates the evolution and development of the practice and platform over time.

    Info-Tech’s Reporting and Analytics Framework

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layers is in turn driven by the enterprise reporting and analytics strategy.
    A diagram of the 'Reporting and Analytics Framework' with 'Business vision/strategies' fed through four stages beginning with 'Business Intelligence: Reporting & Analytics Strategy', 'Data Warehouse: Data Warehouse/ Data Lake Strategy', 'Integration and Translation: Data Integration Strategy', 'Sources: Source Strategy (Content/Quality)'
    The current states of your integration and warehouse platforms determine what data can be used for BI and analytics.
    Your enterprise reporting and analytics strategy is driven by your organization’s vision and corporate strategy.

    What is reporting and analytics and why is it needed?

    • Reporting and analytics bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed or evidence-based decision making.
    • The reporting and analytics strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    • The reporting and analytics strategy ensures that the investment made in optimizing the data environment to support reporting and analytics is directly aligned with the organization’s needs and priorities and hence will deliver measurable business value.

    Do you have a strategy to enable self-serve analytics? What does your operating model look like? Have you an analytics CoE?

    Who:

    This research is designed for:

    • Head of BI and Analytics
    • CIO or Business Unit (BU) Leader looking to improve reporting and analytics
    • Applications Lead

    Info-Tech Insight

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layer is in turn driven by the enterprise reporting and analytics strategy.

    Info-Tech’s Data Architecture Framework

    Info-Tech’s methodology:
      1. Prioritize your core business objectives and identify your business driver.
      2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
      3. Determine the appropriate tactical pattern that addresses your most important requirements.
    Visual diagram of the first two parts of the methodology on the left. Objectives apply to the data architecture model, which appropriates tactical patterns, which leads to a focus.
      1. Select the areas of the five-tier architecture to focus on.
      2. Measure your current state.
      3. Set the targets of your desired optimized state.
      1. Roadmap your tactics.
      2. Manage and communicate change.
    Visual diagram of the third part of the methodology on the left. A roadmap of tactics leads to communicating change.

    What is data architecture and why is it needed?

    • Data architecture is the set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.
    • In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    Is your architecture optimized to sustainably deliver readily available and accessible data to users?

    Who:

    This research is designed for:

    • Data Architects or their equivalent
    • Enterprise Architects
    • Head of Data
    • CIO
    • Database Administrators

    Info-Tech Insight

    Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify your business’ priorities and adapt your data architecture to those needs.

    A diagram titled 'Build Your Data Quality Program'. '1. Data Quality & Data Culture Diagnostics Business Landscape Exercise', '2. Business Strategy & Use Cases', '3. Prioritize Use Cases With Poor Quality'. 'Info-Tech Insight: As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.' A data flow diagram points out how 'Data quality issues can occur at any stage of the data flow', and that it is better to 'Fix data quality root causes here' during the 'Data Creation', 'Data Ingestion', and 'Data Accumulation & Engineering' stages in order 'to prevent expensive cures here' in the 'Data Delivery' and 'Reporting & Analytics' stages.

    What is data quality management and why is it needed?

    • Data is the foundation of decisions made at data-driven organizations.
    • Data quality management ensures that foundation is sustainably solid.
    • If there are problems with the organization’s underlying data, it can have a domino effect on many downstream business functions.
    • The transformational insights that executives are constantly seeking can be uncovered by a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

    Do your users have an optimal level of trust and confidence in the quality of the organization’s data?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data quality suffers most at the point of entry. The resulting domino effect of error propagation makes these errors among the most costly forms of data quality errors. Fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a majority of data quality issues.

    Info-Tech’s Enterprise Content Management Framework

    Drivers Governance Information Architecture Process Policy Systems Architecture
    Regulatory, Legal –›
    Efficiency, Cost-Effectiveness –›
    Customer Service –›
    User Experience –›
    • Establish decision-making committee
    • Define and formalize roles (RACI, charter)
    • Develop policies
    • Create business data glossary
    • Decide who approves documents in workflow
    • Operating models
    • Information categories (taxonomy)
    • Classifications, retention periods
    • Metadata (for findability and as tags in automated workflows)
    • Review and approval process, e.g. who approves
    • Process for admins to oversee performance of IM service
    • Process for capturing and classifying incoming documents
    • Audit trails and reporting process
    • Centralized index of data and records to be tracked and managed throughout their lifecycle
    • Data retention policy
    • E-signature policy
    • Email policy
    • Information management policies
    • Access/privacy rules
    • Understand the flow of content through multiple systems (e.g. email, repositories)
    • Define business and technical requirements to select a new content management platform/service
    • Improve integrations
    • Right-size solutions for use case (e.g. DAM)
    • Communication/Change Management
    • Data Literacy

    What is enterprise content management and why is it needed?

    “Enterprise Content Management is the systematic collection and organization of information that is to be used by a designated audience – business executives, customers, etc. Neither a single technology nor a methodology nor a process, it is a dynamic combination of strategies, methods and tools used to capture, manage, store, preserve and deliver information supporting key organizational processes through its entire lifecycle.” (AIIM, 2021)

    • Changing your ECM capabilities is about changing organizational behavior; take an all-hands-on-deck approach to make the most of information gathering, create a vested interest, and secure buy-in.
    • It promotes and drives responsible and ethical use and handling of content while helping to build and foster an organizational culture of information excellence.

    Who:

    This research is designed for:

    • Information Architect
    • Chief Data Officer (CDO)
    • Head of Data, Information Management
    • Records Management
    • CIO

    Info-Tech Insight

    ECM is critical to becoming a digital and modernized operation, where both structured data (such as sales reports) and unstructured content (such as customer sentiment in social media) are brought together for a 360-degree view of the customer or for a comprehensive legal discovery.

    Metadata management/Data cataloging

    Overview

    Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about data or information about information (NISO).

    Metadata management is the function that manages and maintains the technology and processes that creates, processes, and stores metadata created by business processes and data.

    90%

    The majority of data is unstructured information like text, video, audio, web server logs, social media, and more (MIT Sloan, 2021).
    As data becomes more unstructured, complex, and manipulated, the importance and value of metadata will grow exponentially and support improved:
    • Data consumption
    • Quality management
    • Risk management

    Value of Effective Metadata Management

    • Supports the traceability of data through an environment.
    • Creates standards and logging that enable information and data to be searchable and cataloged.
    • Metadata schemas enable easier transferring and distribution of data across different environments.
    Data about data: The true value of metadata and the management practices supporting it is its ability to provide deeper understanding and auditability to the data assets and processes of the business.
    Metadata supports the use of:
    Big Data
    Unstructured data
    Content and Documents
    Unstructured and semi-structured data
    Structured data
    Master, reference, etc.

    Critical Success Factors of Metadata Management

    • Consistent and documented data standards and definitions
    • Architectural planning for metadata
    • Incorporation of metadata into system design and the processing of data
    • Technology to support metadata creation, collection, storage, and reviews (metadata repository, meta marts, etc.)

    Info-Tech’s Data Integration Framework

    On one hand…

    Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

    On the other hand…

    It is difficult to bring data together from different sources to generate insights and prevent stale data.

    How can these two ideas be reconciled?

    Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level and is used to design a common data-centric integration environment.

    A diagram of the 'Data Integration Onion Framework' with five layers: 'Enterprise Business Processes', 'Enterprise Analytics', 'Enterprise Integration', 'Enterprise Data Repositories', and 'Enterprise Data' at the center.
    Info-Tech’s Data Integration Onion Framework
    Data-centric integration is the solution you need to bring data together to break down data silos.

    What is data integration and why is it needed?

    • To get more value from their information, organizations are relying on increasingly more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of that data.
    • Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and that leads to the formation of data silos.
    • Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

    Is your integration near real time and scalable?

    Who:

    This research is designed for:

    • Data Engineers
    • Business Analysts
    • Data Architects
    • Head of Data Management
    • Enterprise Architects

    Info-Tech Insight

    Every IT project requires data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.

    Info-Tech’s Master Data Management Framework

    Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).

    The Data Management Framework from earlier with tier 2 item 'Reference and Master' highlighted.

    Fundamental objective of MDM: Enable the business to see one view of critical data elements across the organization.

    Phases of the MDM Framework. 'Phase 1: Build a Vision for MDM' entails a 'Readiness Assessment', then both 'Identify the Master Data Needs of the Business' and 'Create a Strategic Vision'. 'Phase 2: Create a Plan and Roadmap for the Organization’s MDM Program' entails 'Assess Current MDM Capabilities', then 'Initiative Planning', then 'Strategic Roadmap'.

    What is MDM and why is it needed?

    • Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).
    • The fundamental objective of MDM is to enable the business to see one view of critical data elements across the organization.
    • What is included in the scope of MDM?
      • Party data (employees, customers, etc.)
      • Product/service data
      • Financial data
      • Location data

    Is there traceability and visibility into your data’s lineage? Does your data pipeline facilitate that single view across the organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO)
    • Head of Data Management, CIO
    • Data Architect
    • Head of Data Governance, Data Officer

    Info-Tech Insight

    Successful MDM requires a comprehensive approach. To be successfully planned, implemented, and maintained it must include effective capabilities in the critical processes and subpractices of data management.

    Data Modeling Framework

    • The framework consists of the business, enterprise, application, and implementation layers.
    • The Business Layer encodes real-world business concepts via the conceptual model.
    • The Enterprise Layer defines all enterprise data asset details and their relationships.
    • The Application Layer defines the data structures as used by a specific application.
    • The Implementation Layer defines the data models and artifacts for use by software tools.
    Data Modeling Framework with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Model hierarchy

    • The Conceptual data model describes the organization from a business perspective.
    • The Message model is used to describe internal- and external-facing messages and is equivalent to the canonical model.
    • The Enterprise model depicts the whole organization and is divided into domains.
    • The Analytical model is built for specific business use cases.
    • Application models are application-specific operational models.
    Model hierarchy with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Info-Tech Insight

    The Conceptual model acts as the root of all the models required and used by an organization.

    Data architecture and modeling processes

    A diagram moving from right to left through 5 phases: 'Business concepts defined and organized', 'Business concepts enriched with attribution', 'Physical view of the data, still vendor agnostic', 'The view being used by developers and business', and 'Manage the progression of your data assets'.

    Info-Tech Insight

    The Conceptual data model adds relationships to your business data glossary terms and is the first step of the modeling journey.

    Data operations

    Objectives of Data Operations Management

    • Implement and follow policies and procedures to manage data at each stage of its lifecycle.
    • Maintain the technology supporting the flow and delivery of data (applications, databases, systems, etc.).
    • Control the delivery of data within the system environment.

    Indicators of Successful Data Operations Management

    • Effective delivery of data assets to end users.
    • Successful maintenance and performance of the technical environment that collects, stores, delivers, and purges organizational data.
    'Data Lifecycle' with steps 'Create', 'Acquire', 'Store', 'Maintain', 'Use', and 'Archive/Destroy'.
    This data management enabler has a heavy focus on the management and performance of data systems and applications.
    It works closely with the organization’s technical architecture to support successful data delivery and lifecycle management (data warehouses, repositories, databases, networks, etc.).

    Step 1.2

    Understand and Align to Business Drivers

    Activities

    1.2.1 Define your value streams

    1.2.2 Identify your business capabilities

    1.2.3 Categorize your organization’s key business capabilities

    1.2.4 Develop a strategy map tied to data management

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Identifying value streams

    Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities.
    There are several key questions to ask when endeavouring to identify value streams.

    Key Questions

    • Who are your customers?
    • What are the benefits we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?

    1.2.1 Define value streams

    1-3 hours

    Input: Business strategy/goals, Financial statements, Info-Tech’s industry-specific business architecture

    Output: List of organization-specific value streams, Detailed value stream definition(s)

    Materials: Whiteboard/kanban board, Info-Tech’s Reference Architecture Template – contact your Account Representative for details, Other industry standard reference architecture models: BIZBOK, APQC, etc., Info-Tech’s Archimate models

    Participants: Enterprise/Business Architect, Business Analysts, Business Unit Leads, CIO, Departmental Executive & Senior managers

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      • How does the organization deliver those benefits?
      • How does the customer receive the benefits?
      • What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Avoid:
      • Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.

    Contact your Account Representative for access to Info-Tech’s Reference Architecture Template

    Define or validate the organization’s value streams

    Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.

    If the organization does not have a business architecture function to conduct and guide Activity 1.2.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture–related work? Who has the relevant skills, competencies, experience, and knowledge about the organization?
    • Engage with these stakeholders to define and validate how the organization creates value. Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, they could be customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organization’s products and/or services help them accomplish that?
      • What are the benefits your organization delivers to them and how does your organization deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data management to the organization’s value realization activities.

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively managed and governed data. Without this, you could face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Retail Banking with five value chains. 'Attract Customers: Retail banks design new products to fill gaps in their product portfolios by analyzing the market for changing customer needs and new competitor offerings or pricing; Pricing a product correctly through analysis and rate setting is a delicate balance and fundamental to a bank’s success.' 'Supply Loans and Mortgages and Credit Cards: Selecting lending criteria helps banks decide on the segment of customer they should take on and the degree of risk they are willing to accept.' 'Provide Core Banking Services: Servicing includes the day-to-day interactions with customers for onboarding, payments, adjustments, and offboarding through multiple banking channels; Customer retention and growing share of wallet are crucial capabilities in servicing that directly impact the growth and profitability of retail banks.' 'Offer Card Services: Card servicing involves quick turnarounds on card delivery and acceptance at a large number of merchants; Accurate billing and customizable spending alerts are crucial in ensuring that the customer understands their spending habits.' 'Grow Investments and Manage Wealth: Customer retention can be increased through effective wealth management and additional services that will increase the number of products owned by a customer.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Higher Education with five value chains. 'Shape Institutional Research: Institutional research provides direct benefits to both partners and faculty, ensuring efficient use of resources and compliance with ethical and methodological standards; This value stream involves all components of the research lifecycle, from planning and resourcing to delivery and commercialization.' 'Facilitate Curriculum Design: Curriculum design is the process by which learning content is designed and developed to achieve desired student outcomes; Curriculum management capabilities include curriculum planning, design and commercialization, curriculum assessment, and instruction management.' 'Design Student Support Services: Support services design and development provides a range of resources to assist students with academic success, such as accessibility, health and counseling, social services, housing, and academic skills development.' 'Manage Academic Administration: Academic administration involves the broad capabilities required to attract and enroll students in institutional programs; This value stream involves all components related to recruitment, enrollment, admissions, and retention management.' 'Deliver Student Services: Delivery of student services comes after curricular management, support services design, and academic administration. It comprises delivery of programs and services to enable student success; Program and service delivery capabilities include curriculum delivery, convocation management, and student and alumni support services.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Local Government with five value chains. 'Sustain Land, Property, and the Environment: Local governments act as the stewards of the regional land and environment that are within their boundaries; Regional government bodies are responsible for ensuring that the natural environment is protected and sustained for future citizens in the form of parks and public land.' 'Facilitate Civic Engagement: Local governments engage with constituents to maintain a high quality of life through art, culture, and education.' 'Protect Local Health and Safety: Health concerns are managed by a local government through specialized campaigns and clinics; Emergency services are provided by the local authority to protect and react to health and safety concerns including police and firefighting services.' 'Grow the Economy: Economic growth is a cornerstone of a strong local government. Growth comes from flourishing industries, entrepreneurial success, high levels of employment, and income from tourism.' 'Provide Regional Infrastructure: Local governments ensure that infrastructure is built, maintained, and effective in meeting the needs of constituents. (Includes: electricity, water, sustainable energy sources, waste collection, transit, and local transportation.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Manufacturing with three value chains. 'Design Product: Manufacturers proactively analyze their respective markets for any new opportunities or threats; They design new products to serve changing customer needs or to rival any new offerings by competitors; A manufacturer’s success depends on its ability to develop a product that the market wants at the right price and quality level.' 'Produce Product: Optimizing production activities is an important capability for manufacturers. Raw materials and working inventories need to be managed effectively to minimize wastage and maximize the utilization of the production lines; Processes need to be refined continuously over time to remain competitive and the quality of the materials and final products needs to be strictly managed.' 'Sell Product: Once produced, manufacturers need to sell the products. This is done through distributors, retailers, and, in some cases, directly to the end consumer; After the sale, manufacturers typically have to deliver the product, provide customer care, and manage complaints; Manufacturers also randomly test their end products to ensure they meet quality requirements.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Define the organization’s business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”

    If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described in the slide entitled “Define or validate the organization’s value streams”:

    • Analyze the value streams to identify and describe the organization’s capabilities that support them.
    • Consider the objective of your value stream. (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don’t start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organization, remove the ones that don’t, and add any needed.

    Align data management to the organization’s value realization activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data management program must support.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    1.2.2 Identify your business capabilities

    Input: List of confirmed value streams and their related business capabilities

    Output: Business capability map with value streams for your organization

    Materials: Your existing business capability map, Business Alignment worksheet provided in the Data Management Assessment and Planning Tool, Info-Tech’s Document Your Business Architecture blueprint

    Participants: Key business stakeholders, Data stewards, Data custodians, Data leads and administrators

    Confirm your organization's existing business capability map or initiate the formulation of a business capability map:

    • If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organization creates and captures value) and their business capabilities reflect the organization’s current business environment.
    • If you do not have an existing business capability map, complete this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organization’s value streams. Meet with senior leadership and other key business stakeholders to define how your organization creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of one another, and typically will have a defined business outcome.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Retail Banking

    Example business capability map for Retail Banking with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Higher Education

    Example business capability map for Higher Education with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Example business capability map for Local Government with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Example business capability map for Manufacturing with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Example business capability map – Retail

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Example business capability map for Retail with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.3 Categorize your organization’s key capabilities

    Input: Strategic insight from senior business stakeholders on the business capabilities that drive value for the organization

    Output: Business capabilities categorized and prioritized (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk) See next slide for an example

    Materials: Your existing business capability map or the business capability map derived in Activity 1.2.2

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Determine which capabilities are considered high priority in your organization.

    1. Categorize or heatmap the organization’s key capabilities. Consult with senior and other key business stakeholders to categorize and prioritize the business’ capabilities. This will aid in ensuring your data governance future-state planning is aligned with the mandate of the business. One approach to prioritizing capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organization. Highlight these capabilities and prioritize programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organization an edge over rivals or other players in your industry.

    This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    Example of business capabilities categorization or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business’ priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organization’s competitive advantage creators.

    Example: Retail

    Example business capability map for Retail with capabilities categorized into Cost Advantage Creators and Competitive Advantage creators via a legend. Value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.4 Develop a strategy map tied to data management

    Input: Strategic objectives as outlined by the organization’s business strategy and confirmed by senior leaders

    Output: A strategy map that maps your organizational strategic objectives to value streams, business capabilities, and ultimately data programs

    Materials: Your existing business capability map or the one created in Activity 1.2.2, Business strategy (see next slide for an example)

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business–data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organization’s business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and ultimately data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organization.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Example of a strategy map tied to data management

    • Strategic objectives are the outcomes the organization is looking to achieve.
    • Value streams enable an organization to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap that will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip: Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.

    Example: Retail

    Example of a strategy map tied to data management with diagram column headers 'Strategic Objectives' (are realized through...) 'Value Streams' (are enabled by...) 'Key Capabilities' (are driven by...) 'Data Capabilities and Initiatives'. Row headers are objectives and fields are composed of three examples of each column header.

    For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.

    Step 1.3

    Build High-Value Use Cases for Data Management

    Activities

    1.3.1 Build high-value use cases

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.3.1 Build high-value use cases

    Input: Value streams and business capabilities as defined by business leaders, Business stakeholders’ subject area expertise, Data custodian systems, integration, and data knowledge

    Output: Use cases that articulate data-related challenges, needs, or opportunities that are tied to defined business capabilities and hence, if addressed, will deliver measurable value to the organization

    Materials: Your business capability map from Activity 1.2.2, Info-Tech’s Data Use Case Framework Template, Whiteboard or flip charts (or shared screen if working remotely), Markers/pens

    Participants: Key business stakeholders, Data stewards and business SMEs, Data custodians, Data leads and administrators

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech’s Data Use Case Framework Template as seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the use case worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template.
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Download Info-Tech’s Data Use Case Framework Template

    Data use cases

    Sample Data

    The following is the list of use cases as articulated by key stakeholders at [Organization Name].

    The stakeholders see these as areas that are relevant and highly valuable for delivering strategic value to [Organization Name].

    Use Case 1: Customer/Student/Patient/Resident 360 View

    Use Case 2: Project/Department Financial Performance

    Use Case 3: Vendor Lifecycle Management

    Use Case 4: Project Risk Management

    Prioritization of use cases

    Example table for use case prioritization. Column headers are 'Use Case', 'Order of Priority', and 'Comments'. Fields are empty.

    Use case 1

    Sample Data

    Problem statement:

    • We are not realizing our full growth potential because we do not have a unified 360 view of our customers/clients/[name of external stakeholder].
    • This impacts: our cross-selling; upselling; talent acquisition and retention; quality of delivery; ability to identify and deliver the right products, markets, and services...

    If we could solve this:

    • We would be able to better prioritize and position ourselves to meet evolving customer needs.
    • We would be able to optimize the use of our limited resources.

    Use case 1: challenges, risks, and opportunities

    Sample Data

    1. What is the number one risk you need to alleviate?
      • Loss of potential revenue, whether from existing or net new customers.
        • How?
          • By not maximizing opportunities with customers or even by losing customers; by not understanding or addressing their greatest needs
          • By not being able to win potential new customers because we don’t understand their needs
    2. What is the number one opportunity you wish to see happen?
      • The ability to better understand and anticipate the needs of both existing and potential customers.
    3. What is the number one pain point you have when working with data?
      • I can’t do my job with confidence because it’s not based on comprehensive, sound, reliable data. My group spends significant time reconciling data sets with little time left for data use and analysis.
    4. What are your challenges in performing the activity today?
      • I cannot pull together customer data in a timely manner due to having a high level of dependence on specific individuals with institutional knowledge rather than having easy access to information.
      • It takes too much time and effort to pull together what we know about a customer.
      • The necessary data is not consolidated or readily/systematically available for consumption.
      • These challenges are heightened when dealing with customers across markets.

    Use case 1 (cont'd)

    Sample Data

    1. What does “amazing” look like if we solve this perfectly?
      • Employees have immediate, self-service access to necessary information, leading to better and more timely decisions. This results in stronger business and financial growth.
    2. What other business unit activities/processes will be impacted/improved if we solve this?
      • Marketing/bid and proposal, staffing, procurement, and contracting strategy
    3. What compliance/regulatory/policy concerns do we need to consider in any solution?
      • PII, GDPR, HIPAA, CCPA, etc.
    4. What measures of success/change should we use to prove the value of the effort (KPIs/ROI)?
      • Win rate, number of services per customer, gross profit, customer retention, customer satisfaction scores, brand awareness, and net promoter score
    5. What are the steps in the process/activity today?
      • Manual aggregation (i.e. pull data from systems into Excel), reliance on unwritten knowledge, seeking IT support, canned reports

    Use case 1 (cont'd)

    Sample Data

    1. What are the applications/systems used at each step?
      • Salesforce CRM, Excel, personal MS Access databases, SharePoint
    2. What data elements (domains) are involved, created, used, or transformed at each step?
      • Bid and proposal information, customer satisfaction, forecast data, list of products, corporate entity hierarchy, vendor information, key staffing, recent and relevant news, and competitor intelligence

    Use case worksheet

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    1.

    What business capability (or capabilities) in your business area is this use case tied to?

    Examples: Demand Planning, Assortment Planning, Allocation & Replenishment, Fulfillment Planning, Customer Management
    2.

    What are your data-related challenges in performing this today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    3.

    What are the steps in the process/activity today?

    4.

    What are the applications/systems used at each step today?

    5.

    What data domains are involved, created, used, or transformed at each step today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    6.

    What does an ideal or improved state look like?

    7.

    What other business units, business capabilities, activities, or processes will be impacted and/or improved if this were to be solved?

    8.

    Who are the stakeholders impacted by these changes? Who needs to be consulted?

    9.

    What are the risks to the organization (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    What compliance, regulatory, or policy concerns do we need to consider in any solution?

    11.

    What measures of success or change should we use to prove the value of the effort (KPIs/ROI)? What is the measurable business value of doing this?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    Conclusion: What are the data capabilities that need to be optimized, addressed, or improved to support or help realize the business capability (or capabilities) highlighted in this use case?

    (Tip: This will inform your future-state data capabilities optimization planning and roadmapping activities.)

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Challenges
    • Data is not suitable for analytics. It takes lot of effort to clean data.
    • Data intervals are not correct and other data quality issues.
    • The roles are not clearly defined.
    • Lack of communication between key stakeholders.
    • Inconsistent data/reporting/governance in the agencies. This has resulted in number of issues for Covid-19 emergency management. Not able to report accurately on number of cases, deaths, etc.
    • Data collection systems changed overtime (forms, etc.).
    • GIS has done all the reporting. However, why GIS is doing all the reporting is not clear. GIS provides critical information for location. Reason: GIS was ready with reporting solution ArcGIS.
    • Problem with data collection, consolidation, and providing hierarchical view.
    • Change in requirements, metrics – managing crisis by email and resulting in creating one dashboard after another. Not sure whether these dashboards being used.
    • There is a lot of manual intervention and repeated work.
    What Does Amazing Look Like?
    • One set of dashboards (or single dashboard) – too much time spend on measure development
    • Accurate and timely data
    • Automated data
    • Access to granular data (for researchers and other stakeholders)
    • Clear ownership of data and analytics
    • It would have been nice to have governance already prior to this crisis
    • Proper metrics to measure usage and value
    • Give more capabilities such as predictive analytics, etc.
    Related Processes/Impact
    • DPH
    • Schools
    • Business
    • Citizens
    • Resources & Funding
    • Data Integration & GIS
    • Data Management
    • Automated Data Quality
    Compliance
    • HIPAA, FERPA, CJIS, IRS
    • FEMA
    • State compliance requirement – data classification
    • CDC
    • Federal data-sharing agreements/restrictions
    Benefits/KPIs
    • Reduction in cases
    • Timely response to outbreak
    • Better use of resources
    • Economic impact
    • Educational benefits
    • Trust and satisfaction

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Current Steps in Process Activity (Systems)
    1. Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM
    2. KYEM stores this information/data
    3. Deduplicate data (emergency preparedness group)
    4. Generate dashboard using ArcGIS
    5. Map to monitor status of the update
    6. Error correction using web portal (QAQC)
    7. Download Excel/CVS after all 97 hospital reports
    8. Sent to federal platform (White House, etc.)
    9. Generate reports for epidemiologist (done manually for public reporting)
    Data Flow diagram

    Data flow diagram.

    SystemsData Management Dimensions
    1. Data Governance
    2. Data Quality
    3. Data Integrity
    4. Data Integration
    1. Data Architecture
    2. Metadata
    3. Data Warehouse, Reporting & Analytics
    4. Data Security

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    List Future Process Steps

    Prior to COVID-19 Emergency Response:

    • ArcGIS data integrated available in data warehouse/data lake.
    • KYEM data integrated and available in data warehouse/data lake.
    • CHFS data integrated and available in data warehouse/data lake.
    • Reporting standards and tools framework established.

    After COVID-19 Emergency Response:

    • Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM.
    • Error correction using web portal (QAQC).
    • Generate reports/dashboard/files as per reporting/analytical requirements:
      • Federal reporting
      • COVID dashboards
      • Epidemiologist reports
      • Lab reporting
    Future Process and Data Flow

    Data flow diagram with future processes.

    Step 1.4

    Create a Vision and Guiding Principles for Data Management

    Activities

    1.4.1 Craft a vision

    1.4.2 Create guiding principles

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map, guided by info-Tech’s approach.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.4.1 Craft a vision

    Input: Organizational vision and mission statements, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Vision and mission statements

    Materials: Markers and pens, Whiteboard, Online whiteboard, Vision samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Complete the vision statement to set the direction, the “why,” for the changes we’re making. The vision is a reference point that should galvanize everyone in the organization and set guardrails for technical and process decisions to follow.

    1. Bring together key business stakeholders (content owners, SMEs, and relevant IT custodians) to craft a data management vision statement.
    2. Start by brainstorming keywords, such as customer-focused, empower the business, service excellence, findable and manageable, protected, accessible, paperless.
    3. Highlight the keywords that resonate most with the group. Refer to example vision statements for ideas.

    Create a common data management vision that is consistently communicated to the organization

    A data management program should be an enterprise-wide initiative.

    • To create a strong vision for data management, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.
    • Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.
    • The data management program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.
    Stock image of a megaphone with multiple icons pouring from its opening.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data management.
    • Brainstorm guiding principles for content and understand the overall value to the organization.

    Create compelling vision and mission statements for the organization’s future data management practice

    A vision represents the way your organization intends to be in the future.

    A clear vision statement helps align the entire organization to the same end goal.

    Your vision should be brief, concise, and inspirational; it is attempting to say a lot in a few words, so be very thoughtful and careful with the words you choose. Consider your strengths across departments – business and IT, the consumers of your services, and your current/future commitments to service quality.

    Remember that a vision statement is internally facing for other members of your company throughout the process.

    A mission expresses why you exist.

    While your vision is a declaration of where your organization aspires to be in the future, your mission statement should communicate the fundamental purpose of the data management practice.

    It identifies the function of the practice, what it produces, and its high-level goals that are linked to delivering timely, high-quality, relevant, and valuable data to business processes and end users. Consider if the practice is responsible for providing data for analytical and/or operational use cases.

    A mission statement should be a concise and clear statement of purpose for both internal and external stakeholders.

    “The Vision is the What, Where or Who you want the company to become. The Mission is the WHY the company exists, it is your purpose, passion or cause.” (Doug Meyer-Cuno, Forbes, 2021)

    Data Management Vision and Mission Statements: Draft

    Vision and mission statements crafted by the workshop participants. These statements are to be reviewed, refined into a single version, approved by members of the senior leadership team, and then communicated to the wider organization.

    Corporate

    Group 1

    Group 2

    Vision:
    Create and maintain an institution of world-class excellence.
    Vision: Vision:
    Mission:
    Foster an economic and financial environment conducive to sustainable economic growth and development.
    Mission: Mission:

    Information management framework

    The information management framework is a way to organize all the ECM program’s guidelines and artifacts

    Information management framework with 'Information Management Vision' above six principles. Below them are 'Information Management Policies' and 'Information Management Standards and Procedures.'

    The vision is a statement about the organization’s goals and provides a basis to guide decisions and rally employees toward a shared goal.

    The principles or themes communicate the organization’s priorities for its information management program.

    Policies are a set of official guidelines that determine a course of action. For example: Company is committed to safety for its employees.

    Procedures are a set of actions for doing something. For example: Company employees will wear protective gear while on the production floor.

    Craft your vision

    Use the insights you gathered from users and stakeholders to develop a vision statement
    • The beginning of a data management practice is a clear set of goals and key performance indicators (KPIs).
      A good set of goals takes time and input from senior leadership and stakeholders.
    • The data management program lead is selling a compelling vision of what is possible.
    • The vision also helps set the scope and expectations about what the data management program lead is and is not doing.
    • Be realistic about what you can do and how long it will take to see a difference.
    Table comparing the talk (mission statements, vision statements, and values) with the walk (strategies/goals, objectives, and tactical plans). Example vision statements:
    • The organization is dedicated to creating an enabling structure that helps the organization get the right information to the right people at the right time.
    • The organization is dedicated to creating a program that recognizes data as an asset, establishing a data-centric culture, and ensuring data quality and accessibility to achieve service excellence.
    The vision should be short, memorable, inspirational and draw a clear picture of what that future-state data management experience looks like.

    Is it modern and high end, with digital self-service?

    Is it a trusted and transparent steward of customer assets?

    1.4.2 Create guiding principles

    Input: Sample data management guiding principles, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Data management guiding principles

    Materials: Markers and pens, Whiteboard, Online whiteboard, Guiding principles samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Draft a set of guiding principles that express your program’s values as a framework for decisions and actions and keep the data strategy alive.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to craft a set of data management guiding principles.
    2. Refer to industry sample guiding principles for data management.
    3. Discuss what’s important to stakeholders and owners, e.g. security, transparency, integrity. Good guiding principles address real challenges.
    4. A helpful tip: Craft principles as “We will…” statements for the problems you’ve identified.

    Twelve data management universal principles

    [SAMPLE]
    Principle Definitions
    Data Is Accessible Data is accessible across the organization based on individuals’ roles and privileges.
    Treat Data as an Asset Treat data as a most valuable foundation to make right decisions at the right time. Manage the data lifecycle across organization.
    Manage Data Define strategic enterprise data management that defines, integrates, and effectively retrieves data to generate accurate, consistent insights.
    Define Ownership & Stewardship Organizations should clearly appoint data owners and data stewards and ensure all team members understand their role in the company’s data management system.
    Use Metadata Use metadata to ensure data is properly managed by tacking how data has been collected, verified, reported, and analyzed.
    Single Source of Truth Ensure the master data maintenance across the organization.
    Ensure Data Quality Ensure data integrity though out the lifecycle of data by establishing a data quality management program.
    Data Is Secured Classify and maintain the sensitivity of the data.
    Maximize Data Use Extend the organization’s ability to make the most of its data.
    Empower the Users Foster data fluency and technical proficiency through training to maximize optimal business decision making.
    Share the Knowledge Share and publish the most valuable insights appropriately.
    Consistent Data Definitions Establish a business data glossary that defines consistent business definitions and usage of the data.

    Create a Data Management Roadmap

    Phase 2

    Assess Data Management and Build Your Roadmap

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Understand your current data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify priority initiatives and planning timelines for data management improvements.

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data owners, records managers, regulatory subject matter experts (e.g. legal counsel, security)

    Step 2.1

    Assess Your Data Management Capabilities

    Activities

    2.1.1 Define current state of data management capabilities

    2.1.2 Set target state and identify gaps

    This step will guide you through the following activities:

    • Assess the current state of your data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify gaps and prioritize focus areas for improvement.

    Outcomes of this step

    • A prioritized set of improvement areas aligned with business value stream and drivers

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    Define current state

    The Data Management Assessment and Planning Tool will help you analyze your organization’s data requirements, identify data management strategies, and systematically develop a plan for your target data management practice.
    • Based on Info-Tech’s Data Management Framework, evaluate the current-state performance levels for your organization’s data management practice.
    • Use the CMMI maturity index to assign values 1 to 5 for each capability and enabler.

    A visualization of stairs numbered up from the bottom. Main headlines of each step are 'Initial and Reactive', 'Managed while developing DG capabilities', 'Defined DG capabilities', 'Quantitatively Managed by DG capabilities', and 'Optimized'.

    Sample of the 'Data Management Current State Assessment' form the Data Management Assessment and Planning Tool.

    2.1.1 Define current state

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map

    Output: Current-state data management capabilities

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g. Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign current-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 4, “Current State Assessment,” populate a current-state value for each item in the Data Management Capabilities worksheet.
    5. Once you’ve entered values in tab 4, a visual and summary report of the results will be generated on tab 5, “Current State Results.”

    2.1.2 Set target state and identify gaps

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map to identify priorities

    Output: Target-state data management capabilities, Gaps identification and analysis

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g., Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign target-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 6, “Target State & Gap Analysis,” enter maturity values in each item of the Capabilities worksheet in the Target State column.
    5. Once you’ve assigned both target-state and current-state values, the tool will generate a gap analysis chart on tab 7, “Gap Analysis Results,” where you can start to decide first- and second-line priorities.

    Step 2.2

    Build Your Data Management Roadmap

    Activities

    2.2.1 Describe gaps

    2.2.2 Define gap initiatives

    2.2.2 Build a data management roadmap

    This step will guide you through the following activities:

    • Identify and understand data management gaps.
    • Develop data management improvement initiatives.
    • Build a data management–prioritized roadmap.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.2.1 Describe gaps

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gaps result, describe the nature of the gap, which will lead to specific initiatives for the data management plan:

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, enter additional context about the nature and extent of each gap in the Gap Description column.
    2. Based on the best-practices framework we walked through in Phase 1, note the specific areas that are not fully developed in your organization; for example, we don’t have a model of our environment and its integrations, or there isn’t an established data quality practice with proactive monitoring and intervention.

    2.2.2 Define gap initiatives

    Input: Gaps analysis, Gaps descriptions

    Output: Data management initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gap analysis, start to define the data management initiatives that will close the gaps and help the organization achieve its target state.

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, note in the Gap Initiative column what actions you can take to address the gap for each item. For example, if we found through diagnostics and use cases that users didn’t understand the meaning of their data or reports, an initiative might be, “Build a standard enterprise business data catalog.”
    2. It’s an opportunity to brainstorm, to be creative, and think about possibilities. We’ll use the roadmap step to select initiatives from this list.
    3. There are things we can do right away to make a difference. Acknowledge the resources, talent, and leadership momentum you already have in your organization and leverage those to find activities that will work in your culture. For example, one company held a successful Data Day to socialize the roadmap and engage users.

    2.2.3 Build a data management roadmap

    Input: Gap initiatives, Target state and current-state assessment

    Output: Data management initiatives and roadmap

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Start to list tangible actions you will take to address gaps and achieve data objectives and business goals along with timelines and responsibility:

    1. With an understanding of your priority areas and specific gaps, and referring back to your use cases, draw up specific initiatives that you can track, measure, and align with your original goals.
    2. For example, in data governance, initiatives might include:
      • Assign data owners and stewards for all data assets.
      • Consolidate disparate business data catalogs.
      • Create a data governance charter or terms of reference.
    3. Alongside the initiatives, fill in other detail, especially who is responsible and timing (start and end dates). Assigning responsibility and some time markers will help to keep momentum alive and make the work projects real.

    Step 2.3

    Organize Business Data Domains

    Activities

    2.3.1 Define business data domains and assign owners

    This step will guide you through the following activities:

    • Identify business data domains that flow through and support the systems environment and business processes.
    • Define and organize business data domains with assigned owners, artifacts, and profiles.
    • Apply the domain map to building governance program.

    Outcomes of this step

    • Business data domain map with assigned owners and artifacts

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.3.1 Define business data domains

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Identify the key data domains for each line of business, where the data resides, and the main contact or owner.

    1. We have an understanding of what the business wants to achieve, e.g. build customer loyalty or comply with privacy laws. But where is the data that can help us achieve that? What systems is that data moving and living in and who, if anyone, owns it?
    2. Define the main business data domains apart from what system it may be spread over. Use the worksheet on the next slide as an example.
    3. Examples of business data domains: Customer, Product, Vendor.
    4. Each domain should have owners and associated business processes. Assign data domain owners, application owners, and business process owners.

    Business and data domains

    [SAMPLE]

    Business Domain App/Data Domains Business Stewards Application Owners Business Owners
    Client Experience and Sales Tech Salesforce (Sales, Service, Experience Clouds), Mulesoft (integration point) (Any team inputting data into the system)
    Quality and Regulatory Salesforce
    Operations Salesforce, Salesforce Referrals, Excel spreadsheets, SharePoint
    Finance Workday, Sage 300 (AccPac), Salesforce, Moneris Finance
    Risk/Legal Network share drive/SharePoint
    Human Resources Workday, Network share drive/SharePoint HR team
    Corporate Sales Salesforce (Sales, Service, Health, Experience Clouds),
    Sales and Client Success Mitel, Outlook, PDF intake forms, Workday, Excel. Sales & Client Success Director, Marketing Director CIO, Sales & Client Success Director, Marketing Director

    Embrace the technology

    Make the available data governance tools and technology work for you:
    • Data catalog
    • Business data glossary
    • Data lineage
    • Metadata management
    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.
    Array of logos of tech companies whose products are used for this type of work: Informatica, Collibra, Tibco, Alation, Immuta, TopQuadrant, and SoftwareReviews.

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.
    Photo of an analyst.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    Sample of the Data Governance Strategy Map slide from earlier.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data management roadmap, aligning data management initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.
    Sample of a 'Data Management Enablers' table.

    Formulate a Plan to Get to Your Target State

    Develop a data management future-state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Stock image of people pointing to a tablet with a dashboard.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.
    Sample of the 'Data & Analytics Landscape' slide from earlier.

    Understand the Data and Analytics Landscape

    Optimize your data and analytics environment.
    Stock image of co-workers looking at the same thing.

    Build a Data Pipeline for Reporting and Analytics

    Data architecture best practices to prepare data for reporting and analytics.

    Research Contributors

    Name Position Company
    Anne Marie Smith Board of Directors DAMA International
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Mario Cantin Chief Data Strategist Prodago
    Martin Sykora Director NexJ Analytics
    Michael Blaha Author, Patterns of Data Modeling Consultant
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Ranjani Ranganathan Product Manager, Research – Workshop Delivery Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group

    Bibliography

    AIIM, “What is Enterprise Content Management (ECM)?” Intelligent Information Management Glossary, AIIM, 2021. Web.

    BABOK V3: A Guide to Business Analysis Body of Knowledge. IIBA, 2014. Web.

    Barton, Dominic, and David Court. "Three Keys To Building a Data-Driven Strategy." McKinsey and Company, 1 Mar. 2013. Web.

    Boston University Libraries. "Data Life Cycle » Research Data Management | Boston University." Research Data Management RSS. Boston University, n.d. Accessed Oct. 2015.

    Chang, Jenny. “97 Supply Chain Statistics You Must Know: 2020 / 2021 Market Share Analysis & Data.” FinancesOnline, 2021. Web.

    COBIT 5: Enabling Information. ISACA, 2013. Web.

    CSC (Computer Sciences Corporation), Big Data Infographic, 2012. Web.

    DAMA International. DAMA-DMBOK Guide. 1st ed., Technics Publications, 2009. Digital.

    DAMA International. “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK2 Guide).” 2nd ed., 2017. Accessed June 2017.

    Davenport, Thomas H. "Analytics in Sports: The New Science of Winning." International Institute for Analytics, 2014. Web.

    Department of Homeland Security. Enterprise Data Management Policy. Department of Homeland Security, 25 Aug. 2014. Web.

    Enterprise Data Management Data Governance Plan. US Federal Student Aid, Feb. 2007. Accessed Oct. 2015.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021.

    Fasulo, Phoebe. “6 Data Management Trends in Financial Services.” SecurityScorecard, 3 June 2021. Web.

    Georgia DCH Medicaid Enterprise – Data Management Strategy. Georgia Department of Community Health, Feb. 2015. Accessed Oct. 2015.

    Hadavi, Cyrus. “Use Exponential Growth of Data to Improve Supply Chain Operations.” Forbes, 5 Oct. 2021. Web.

    Harbert, Tam. “Tapping the power of unstructured data.” MIT Sloan, 1 Feb. 2021. Web.

    Hoberman, Steve, and George McGeachie. Data Modeling Made Simple with PowerDesigner. Technics Pub, 2011. Print.

    “Information Management Strategy.” Information Management – Alberta. Service Alberta, Nov.-Dec. 2013. Web.

    Jackson, Brian, et al. “2021 Tech Trends.” Info-Tech Research Group, 2021. Web.

    Jarvis, David, et al. “The hyperquantified athlete: Technology, measurement, and the business of sports.” Deloitte Insights, 7 Dec. 2020. Web.

    Bibliography

    Johnson, Bruce. “Leveraging Subject Area Models.” EIMInsight Magazine, vol. 3, no. 4, April 2009. Accessed Sept. 2015.

    Lewis, Larry. "How to Use Big Data to Improve Supply Chain Visibility." Talking Logistics, 14 Sep. 2014. Web.

    McAfee, Andrew, and Erik Brynjolfsson. “Big Data: The Management Revolution,” Harvard Business Review, vol. 90, no. 10, 2012, pp. 60-68.

    Meyer-Cuno, Doug. “Is A Vision Statement Important?” Forbes, 24 Feb. 2021. Web.

    MIT. “Big Data: The Management Revolution.” MIT Center for Digital Business, 29 May 2014. Accessed April 2014.

    "Open Framework, Information Management Strategy & Collaborative Governance.” MIKE2 Methodology RSS, n.d. Accessed Aug. 2015.

    PwC. “Asset Management 2020: A Brave New World.” PwC, 2014. Accessed April 2014.

    Riley, Jenn. Understanding Metadata: What is Metadata, and What is it For: A Primer. NISO, 1 Jan. 2017. Web.

    Russom, Philip. "TDWI Best Practices Report: Managing Big Data." TDWI, 2013. Accessed Oct. 2015.

    Schneider, Joan, and Julie Hall. “Why Most Product Launches Fail.” Harvard Business Review, April 2011. Web.

    Sheridan, Kelly. "2015 Trends: The Growth of Information Governance | Insurance & Technology." InformationWeek. UBM Tech, 10 Dec. 2014. Accessed Nov. 2015.

    "Sports Business Analytics and Tickets: Case Studies from the Pros." SloanSportsConference. Live Analytics – Ticketmaster, Mar. 2013. Accessed Aug. 2015.

    Srinivasan, Ramya. “Three Analytics Breakthroughs That Will Define Business in 2021.” Forbes, 4 May 2021. Web.

    Statista. “Amount of data created, consumed, and stored 2010-2020.” Statista, June 2021. Web.

    “Understanding the future of operations: Accenture Global Operations Megatrends research.” Accenture Consulting, 2015. Web.

    Vardhan, Harsh. “Why So Many Product Ideas Fail?” Medium, 26, Sept. 2020. Web.

    Design and Build a User-Facing Service Catalog

    • Buy Link or Shortcode: {j2store}395|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $62,821 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Business users don’t know what breadth of services are available to them.
    • It is difficult for business users to obtain useful information regarding services because they are often described in technical language.
    • Business users have unrealistic expectations of what IT can do for them.
    • There is no defined agreement on what is available, so the business assumes everything is.

    Our Advice

    Critical Insight

    • Define services from the business user’s perspective, not IT’s perspective.
      • A service catalog is of no use if a user looks at it and sees a significant amount of information that doesn’t apply to them.
    • Separate the enterprise services from the Line of Business (LOB) services.
      • This will simplify the process of documenting your service definitions and make it easier for users to navigate, which leads to a higher chance of user acceptance.

    Impact and Result

    • Our program helps you organize your services in a way that is relevant to the users, and practical and manageable for IT.
    • Our approach to defining and categorizing services ensures your service catalog remains a living document. You may add or revise your service records with ease.
    • Our program creates a bridge between IT and the business. Begin transforming IT’s perception within the organization by communicating the benefits of the service catalog.

    Design and Build a User-Facing Service Catalog Research & Tools

    Start here – read the Executive Brief

    Read our concise executive brief to understand why building a Service Catalog is a good idea for your business, and how following our approach will help you accomplish this difficult task.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    The Launch the Project phase will walk through completing Info-Tech's project charter template. This phase will help build a balanced project team, create a change message and communication plan, and achieve buy-in from key stakeholders.

    • Design & Build a User-Facing Service Catalog – Phase 1: Launch the Project
    • Service Catalog Project Charter

    2. Identify and define enterprise services

    The Identify and Define Enterprise Services phase will help to target enterprise services offered by the IT team. They are offered to everyone in the organization, and are grouped together in logical categories for users to access them easily.

    • Design & Build a User-Facing Service Catalog – Phase 2: Identify and Define Enterprise Services
    • Sample Enterprise Services

    3. Identify and define Line of Business (LOB) services

    After completing this phase, all services IT offers to each LOB or functional group should have been identified. Each group should receive different services and display only these services in the catalog.

    • Design & Build a User-Facing Service Catalog – Phase 3: Identify and Define Line of Business Services
    • Sample LOB Services – Industry Specific
    • Sample LOB Services – Functional Group

    4. Complete the Services Definition Chart

    Completing the Services Definition Chart will help the business pick which information to include in the catalog. This phase also prepares the catalog to be extended into a technical service catalog through the inclusion of IT-facing fields.

    • Design & Build a User-Facing Service Catalog – Phase 4: Complete Service Definitions
    • Services Definition Chart
    [infographic]

    Workshop: Design and Build a User-Facing Service Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    The purpose of this module is to help engage IT with business decision making.

    Key Benefits Achieved

    This module will help build a foundation for the project to begin. The buy-in from key stakeholders is key to having them take onus on the project’s completion.

    Activities

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    Outputs

    A list of project members, stakeholders, and a project leader.

    A change message, communication strategy, and defined benefits for each user group.

    Metrics used to monitor the usefulness of the catalog, both from a performance and monetary perspective.

    A completed project charter to engage users in the initiative.

    2 Identify and Define Enterprise Services

    The Purpose

    The purpose of this module is to review services which are offered across the entire organization.

    Key Benefits Achieved

    A complete list of enterprise services defined from the user’s perspective to help them understand what is available to them.

    Activities

    2.1 Identify enterprise services used by almost everyone across the organization.

    2.2 Categorize services into logical groups.

    2.3 Define the services from the user’s perspective.

    Outputs

    A complete understanding of enterprise services for both IT service providers and business users.

    Logical groups for organizing the services in the catalog.

    Completed definitions in business language, preferably reviewed by business users.

    3 Identify and Define Line of Business (LOB) Services

    The Purpose

    The purpose of this module is to define the remaining LOB services for business users, and separate them into functional groups.

    Key Benefits Achieved

    Business users are not cluttered with LOB definitions that do not pertain to their business activities.

    Business users are provided with only relevant IT information.

    Activities

    3.1 Identify the LOBs.

    3.2 Determine which one of two methodologies is more suitable.

    3.3 Identify LOB services using appropriate methodology.

    3.4 Define services from a user perspective.

    Outputs

    A structured view of the different functional groups within the business.

    An easy to follow process for identifying all services for each LOB.

    A list of every service for each LOB.

    Completed definitions in business language, preferably reviewed by business users.

    4 Complete the Full Service Definitions

    The Purpose

    The purpose of this module is to guide the client to completing their service record definitions completely.

    Key Benefits Achieved

    This module will finalize the deliverable for the client by defining every user-facing service in novice terms.

    Activities

    4.1 Understand the components to each service definition (information fields).

    4.2 Pick which information to include in each definition.

    4.3 Complete the service definitions.

    Outputs

    A selection of information fields to be included in the service catalog.

    A selection of information fields to be included in the service catalog.

    A completed service record design, ready to be implemented with the right tool.

    Further reading

    Design and Build a User-Facing Service Catalog

    Improve user satisfaction with IT with a convenient menu-like catalog.

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • Directors and senior managers within IT and the business

    This Research Will Help You:

    • Articulate all of the services IT provides to the business in a language the business users understand.
    • Improve IT and business alignment through a common understanding of service features and IT support.

    This Research Will Help Them

    • Standardize and communicate how users request access to services.
    • Standardize and communicate how users obtain support for services.
    • Clearly understand IT’s role in providing each service.

    What is a service catalog?

    The user-facing service catalog is the go-to place for IT service-related information.

    The catalog defines, documents, and organizes the services that IT delivers to the organization. The catalog also describes the features of the services and how the services are intended to be used.

    The user-facing service catalog creates benefits for both the business and IT.

    For business users, the service catalog:

    1. Documents how to request access to the service, hours of availability, delivery timeframes, and customer responsibilities.
    2. Specifies how to obtain support for the services, support hours, and documentation.

    For IT, the service catalog:

    1. Identifies who owns the services and who is authorized to use the services.
    2. Specifies IT support requirements for the services, including support hours and documentation.

    What is the difference between a user-facing service catalog and a technical service catalog?

    This blueprint is about creating a user-facing service catalog written and organized in a way that focuses on the services from the business’ view.

    User facing

    User-friendly, intuitive, and simple overview of the services that IT provides to the business.

    The items you would see on the menu at a restaurant are an example of User Facing. The content is relatable and easy to understand.

    Technical

    Series of technical workflows, supporting services, and the technical components that are required to deliver a service.

    The recipe book with cooking instructions is an example of Technical Facing. This catalog is intended for the IT teams and is “behind the scene.”

    What is a service and what does it mean to be service oriented?

    The sum of the people, processes, and technologies required to enable users to achieve a business outcome is a Service.

    A service is used directly by the end users and is perceived as a coherent whole.

    Business Users →Service = Application & Systems + People & Processes

    Service Orientation is…

    • A focus on business requirements and business value, rather than IT driven motives.
    • Services are designed to enable required business activities.
    • Services are defined from the business perspective using business language.

    In other words, put on your user hat and leave behind the technical jargons!

    A lack of a published user-facing service catalog could be the source of many pains throughout your organization

    IT Pains

    • IT doesn’t understand all the services they provide.
    • Business users would go outside of IT for solutions, proliferating shadow IT.
    • Business users have a negative yet unrealistic perception of what IT is capable of.
    • IT has no way of managing expectations for their users, which tend to inflate.
    • There is often no defined agreement on services; the business assumes everything is available.

    Business Pains

    • Business users don’t know what services are available to them.
    • It is difficult to obtain useful information regarding a service because IT always talks in technical language.
    • Without a standard process in place, business users don’t know how to request access to a service with multiple sources of information available.
    • Receiving IT support is a painful, long process and IT doesn’t understand what type of support the business requires.

    An overwhelming majority of IT organizations still need to improve how they demonstrate their value to the business

    This image contains a pie chart with a slice representing 23% of the circle This image contains a pie chart with a slice representing 47% of the circle This image contains a pie chart with a slice representing 92% of the circle

    23% of IT is still viewed as a cost center.

    47% of business executives believe that business goals are going unsupported by IT.

    92% of IT leaders see the need to prove the business value of IT’s contribution.

    How a Service Catalog can help:

    Use the catalog to demonstrate how IT is an integral part of the organization and IT services are essential to achieve business objectives.

    Source: IT Communication in Crisis Report

    Transform the perception of IT by articulating all the services that are provided through the service catalog in a user-friendly language.

    Source: Info-Tech Benchmarking and Diagnostic Programs

    Increase IT-business communication and collaboration through the service catalog initiative. Move from technology focused to service-oriented.

    Source: IT Communication in Crisis Report

    Project Steps

    Phase 1 – Project Launch

    1.2 Project Team

    The team must be balanced between representatives from the business and IT.

    1.2 Communication Plan

    Communication plan to facilitate input from both sides and gain adoption.

    1.3 Identify Metrics

    Metrics should reflect the catalog benefits. Look to reduced number of service desk inquiries.

    1.4 Project Charter

    Project charter helps walk you through project preparation.

    This blueprint separates enterprise service from line of business service.

    This image contains a comparison between Enterprise IT Service and Line of Business Service, which will be discussed in further detail later in this blueprint.

    Project steps

    Phase 2 – Identify and Define Enterprise Services

    2.1 Identify the services that are used across the entire organization.

    2.2 Users must be able to identify with the service categories.

    2.3 Create basic definitions for enterprise services.

    Phase 3 – Identify and Define Line of Business Services

    3.1 Identify the different lines of business (LOBs) in the organization.

    3.2 Understand the differences between our two methodologies for identifying LOB services.

    3.3 Use methodology 1 if you have thorough knowledge of the business.

    3.4 Use methodology 2 if you only have an IT view of the LOB.

    Phase 4 – Complete Service Definitions

    4.1 Understand the different components to each service definition, or the fields in the service record.

    4.2 Identify which information to include for each service definition.

    4.3 Define each enterprise service according to the information and field properties.

    4.3 Define each LOB service according to the information and field properties.

    Define your service catalog in bundles to achieve better catalog design in the long run

    Trying to implement too many services at once can be overwhelming for both IT and the users. You don’t have to define and implement all of your services in one release of the catalog.

    Info-Tech recommends implementing services themselves in batches, starting with enterprise, and then grouping LOB services into separate releases. Why? It benefits both IT and business users:

    • It enables a better learning experience for IT – get to test the first release before going full-scale. In other words, IT gets a better understanding of all components of their deliverable before full adoption.
    • It is easier to meet customer agreements on what is to be delivered early, and easier to be able to meet those deadlines.
    This image depicts how you can use bundles to simplify the process of catalog design using bundles. The cycle includes the steps: Identify Services; Select a Service Bundle; Review Record Design; followed by a cycle of: Pick a service; Service X; Service Data Collection; Create Service Record, followed by Publish the bundle; Communicate the bundle; Rinse and Repeat.

    After implementing a service catalog, your IT will be able to:

    Use the service catalog to communicate all the services that IT provides to the business.

    Improve IT’s visibility within the organization by creating a single source of information for all the value creating services IT has to offer. The service catalog helps the business understand the value IT brings to each service, each line of business, and the overall organization.

    Concentrate more on high-value IT services.

    The service catalog contains information which empowers business users to access IT services and information without the help of IT support staff. The reduction in routine inquiries decreases workload and increases morale within the IT support team, and allows IT to concentrate on providing higher value services.

    Reduce shadow IT and gain control of services.

    Service catalog brings more control to your IT environment by reducing shadow IT activities. The service catalog communicates business requests responsively in a language the business users understand, thus eliminating the need for users to seek outside help.

    After implementing a service catalog, your business will be able to:

    Access IT services with ease.

    The language of IT is often confusing for the business and the users don’t know what to do when they have a concern. With a user-facing service catalog, business users can access information through a single source of information, and better understand how to request access or receive support for a service through clear, consistent, and business-relevant language.

    Empower users to self-serve.

    The service catalog enables users to “self-serve” IT services. Instead of calling the service desk every time an issue occurs, the users can rely on the service catalog for information. This simplified process not only reduces routine service requests, but also provides information in a faster, more efficient manner that increases productivity for both IT and the business.

    Gain transparency on the IT services provided.

    With every service clearly defined, business users can better understand the current support level, communicate their expectation for IT accountability, and help IT align services with critical business strategies.

    Leverage the different Info-Tech deliverable tools to help you along the way

    1. Project Charter

    A project charter template with a few samples completed. The project charter helps you govern the project progress and responsibilities.

    2. Enterprise Service Definitions

    A full list of enterprise definitions with features and descriptions pre-populated. These are meant to get you on your feet defining your own enterprise services, or editing the ones already there.

    3. Basic Line of Business Service Definitions

    Similar to the enterprise services deliverable, but with two separate deliverables focusing on different perspectives – functional groups services (e.g. HR and finance) and industry-specific services (e.g. education and government).

    Service Definitions & Service Record Design

    Get a taste of a completed service catalog with full service definitions and service record design. This is the final product of the service catalog design once all the steps and activities have been completed.

    The service catalog can be the foundation of your future IT service management endeavors

    After establishing a catalog of all IT services, the following projects are often pursued for other objectives. Service catalog is a precursor for all three.

    1. Technical Service Catalog

    Need an IT-friendly breakdown of each service?
    Keep better record of what technical components are required to deliver a service. The technical service catalog is the IT version of a user-facing catalog.

    2. Service-Based Costing

    Want to know how much each IT service is costing you?
    Get a better grip on the true cost of IT. Using service-based costing can help justify IT expenses and increase budgetary allotment.

    3. Chargeback

    Want to hold each business unit accountable for the IT services they use?
    Some business units abuse their IT services because they are thought to be free. Keep them accountable and charge them for what they use.

    The service catalog need not be expensive – organizations of all sizes (small, medium, large) can benefit from a service catalog

    No matter what size organization you may be, every organization can create a service catalog. Small businesses can benefit from the catalog the same way a large organization can. We have an easy step-by-step methodology to help introduce a catalog to your business.

    It is common that users do not know where to go to obtain services from IT… We always end up with a serious time-crunch at the beginning of a new school year. With automated on- and off-boarding services, this could change for the better.Dean Obermeyer, Technology Coordinator, Los Alamos Public Schools

    CIO Call to Action

    As the CIO and the project sponsor, you need to spearhead the development of the service catalog and communicate support to drive engagement and adoption.

      Start

    1. Select an experienced project leader
    2. Identify stakeholders and select project team members with the project leader
    3. Throughout the project

    4. Attend or lead the project kick-off meeting
    5. Create checkpoints to regularly touch base with the project team
    6. Service catalog launch

    7. Communicate the change message from beginning to implementation

    Identify a project leader who will drive measurable results with this initiative

    The project leader acts on behalf of the CIO and must be a senior level staff member who has extensive knowledge of the organization and experiences marshalling resources.

    Influential & Impactful

    Developing a service catalog requires dedication from many groups within IT and outside of IT.
    The project leader must hold a visible, senior position and can marshal all the necessary resources to ensure the success of the project. Ability to exert impact and influence around both IT and the business is a must.

    Relationship with the Business

    The user-facing service catalog cannot be successful if business input is not received.
    The project leader must leverage his/her existing relationship with the business to test out the service definitions and the service record design.

    Results Driven

    Creating a service catalog is not an easy job and the project leader must continuously engage the team members to drive results and efficiency.
    The highly visible nature of the service catalog means the project leader must produce a high-quality outcome that satisfies the business users.

    Info-Tech’s methodology helps organization to standardize how to define services

    CASE STUDY A
    Industry Municipal Government
    Source Onsite engagement

    Municipal Government
    The IT department of a large municipal government in the United States provides services to a large number of customers in various government agencies.
    Service Catalog Initiative
    The municipal government allocated a significant amount of resources to answer routine inquiries that could have been avoided through user self-service. The government also found that they do not organize all the services IT provides, and they could not document and publish them to the customer. The government has already begun the service catalog initiative, but was struggling with how to identify services. Progress was slow because people were arguing amongst themselves – the project team became demoralized and the initiative was on the brink of failure.
    Results
    With Info-Tech’s onsite support, the government was able to follow a standardized methodology to identify and define services from the user perspective. The government was able to successfully communicate the initiative to the business before the full adoption of the service catalog.

    We’re in demos with vendors right now to purchase an ITSM tool, and when the first vendor looked at our finished catalog, they were completely impressed.- Client Feedback

    [We feel] very confident. The group as a whole is pumped up and empowered – they're ready to pounce on it. We plan to stick to the schedule for the next three months, and then review progress/priorities. - Client Feedback

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Healthcare Provider
    The organization is a healthcare provider in Canada. It treats patients with medical emergencies, standard operations, and manages a faculty of staff ranging from nurses and clerks, to senior doctors. This organization is run across several hospitals, various local clinics, and research centers.
    Service Catalog Initiative
    Because the organization is publicly funded, it is subject to regular audit requirements – one of which is to have a service catalog in place.
    The organization also would like to charge back its clients for IT-related costs. In order to do this, the organization must be able to trace it back to each service. Therefore, the first step would be to create a user-facing service catalog, followed by the technical service catalog, which then allows the organization to do service-based costing and chargeback.
    Results
    By leveraging Info-Tech’s expertise on the subject, the healthcare provider was able to fast-track its service catalog development and establish the groundwork for chargeback abilities.

    "There is always some reticence going in, but none of that was apparent coming out. The group dynamic was very good. [Info-Tech] was able to get that response, and no one around the table was silent.
    The [expectation] of the participants was that there was a purpose in doing the workshop. Everybody knew it was for multiple reasons, and everyone had their own accountability/stakes in the development of it. Highly engaged."
    - Client Feedback

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    Best-Practice Toolkit

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    2.1 Identify services available organization-wide.

    2.2 Categorize services into logical groups.

    2.3 Define the services.

    3.1 Identify different LOBs.

    3.2 Pick one of two methodologies.

    3.3 Use method to identify LOB services.

    4.1 Learn components to each service definition.

    4.2 Pick which information to include in each definition.

    4.3 Define each service accordingly.

    Guided Implementations Identify the project leader with the appropriate skills.

    Assemble a well-rounded project team.

    Develop a mission statement and change messages.

    Create a comprehensive list of enterprise services that are used across the organization.

    Create a categorization scheme that is based on the needs of the business users.

    Walk through the two Info-Tech methodologies and understand which one is applicable.

    Define LOB services using the appropriate methodology.

    Decide what should be included and what should be kept internal for the service record design.

    Complete the full service definitions.

    Onsite Workshop Phase 1 Results:

    Clear understanding of project objectives and support obtained from the business.

    Phase 2 Results:

    Enterprise services defined and categorized.

    Phase 3 Results:

    LOB services defined based on user perspective.

    Phase 4 Results:

    Service record designed according to how IT wishes to communicate to the business.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    1.1 Assemble the project team.

    1.2 Develop a communication plan.

    1.3 Establish metrics for success.

    1.4 Complete the project charter.

    2.1 Identify services available organization-wide.

    2.2 Categorize services into logical groups.

    2.3 Define the services.

    3.1 Identify different LOBs.

    3.2 Pick one of two methodologies.

    3.3 Use method to identify LOB services.

    4.1 Learn components to each service definition.

    4.2 Pick which information to include in each definition.

    4.3 Define each service accordingly.

    Deliverables
    • Service Catalog Project Charter
    • Enterprise Service Definitions
    • LOB Service Definitions – Functional groups
    • LOB Service Definitions – Industry specific
    • Service Definitions Chart

    PHASE 1

    Launch the Project

    Design & Build a User-Facing Service Catalog

    Step 1 – Create a project charter to launch the initiative

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Develop a mission statement to obtain buy-ins from both IT and business stakeholders.
    • Assemble a well-rounded project team to increase the success of the project.
    • Identify and obtain support from stakeholders.
    • Create an impactful change message to the organization to promote the service catalog.
    • Determine project metrics to measure the effectiveness and value of the initiative.

    Step Insights

    • The project leader must have a strong relationship with the business, the ability to garner user input, and the authority to lead the team in creating a user-facing catalog that is accessible and understandable to the user.
    • Having two separate change messages prepared for IT and the business is a must. The business change message advocates how the catalog will make IT more accessible to users, and the IT message centers around how the catalog will make IT’s life easier through a standardized request process.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Launch the project
    Proposed Time to Completion: 2 weeks
    Step 1.2: Create change messages

    Step 1.2: Create change messages

    Start with an analyst kick off call:

    • Identify the key objectives of creating a user-facing service catalog.
    • Identify the necessary members of the project team.

    Review findings with analyst:

    • Prioritize project stakeholders according to their involvement and influence.
    • Create a change message for IT and the business articulating the benefits.

    Then complete these activities…

  • Assemble a team with representatives from all areas of IT.
  • Identify the key project stakeholders.
  • Create a project mission statement.
  • Then complete these activities…

  • Create a separate change message for IT and the business.
  • Determine communication methods and channels.
  • With these tools & templates: Service

    Catalog Project Charter

    With these tools & templates:

    Service Catalog Project Charter

    Use Info-Tech’s Service Catalog Project Charter to begin your initiative

    1.1 Project Charter

    The following section of slides outline how to effectively use Info-Tech’s sample project charter.

    The Project Charter is used to govern the initiative throughout the project. IT should provide the foundation for project communication and monitoring.

    It has been pre-populated with information appropriate for Service Catalog projects. Please review this sample text and change, add, or delete information as required.

    Building the charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders upfront.

    You may feel like a full charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important none-the-less. No matter your current climate, some elements of communicating the value and plans for implementing the catalog will be necessary.

    The Charter includes the following sections:

    • Mission Statement
    • Project team members
    • Project stakeholders
    • Change message
    • Communication and organizational plan
    • Metrics

    Use Info-Tech’s Service Catalog Project Charter.

    Create a mission statement to articulate the purpose of this project

    The mission statement must be compelling because embarking on creating a service catalog is no easy task. It requires significant commitment from different people in different areas of the business.

    Good mission statements are directive, easy to understand, narrow in focus, and favor substance over vagueness.

    While building your mission statement, think about what it is intended to do, i.e. keep the project team engaged and engage others to adopt the service catalog. Included in the project charter’s mission statement section is a brief description of the goals and objectives of the service catalog.

    Ask yourself the following questions:

    1. What frustrations does your business face regarding IT services?
    2. f our company continues growing at this rate, will IT be able to manage service levels?
    3. How has IT benefited from consolidating IT services into a user perspective?

    Project Charter

    Info-Tech’s project charter contains two sample mission statements, along with additional tips to help you create yours.

    Tackle the project with a properly assembled team to increase the speed and quality in which the catalog will be created

    Construct a well-balanced project team to increase your chances of success.

    Project Leader

    Project leader will be the main catalyst for the creation of the catalog. This person is responsible for driving the whole initiative.

    Project Participants

    IT project participants’ input and business input will be pivotal to the creation of the catalog.

    Project Stakeholders

    The project stakeholders are the senior executives who have a vested interest in the service catalog. IT must produce periodic and targeted communication to these stakeholders.

    Increase your chances of success by creating a dynamic group of project participants

    Your project team will be a major success factor for your service catalog. Involvement from IT management and the business is a must.

    IT Team Member

    IT Service Desk Manager

    • The Service Desk team will be an integral part of the service catalog creation. Because of their client-facing work, service desk technicians can provide real feedback about how users view and request services.

    Senior Manager/Director of Application

    • The Application representative provides input on how applications are used by the business and supported by IT.

    Senior Manager/Director of Infrastructure

    • The infrastructure representative provides input on services regarding data storage, device management, security, etc.

    Business Team Member

    Business IT Liaison

    • This role is responsible for bridging the communication between IT and the business. This role could be fulfilled by the business relationship manager, service delivery manager, or business analyst. It doesn’t have to be a dedicated role; it could be part of an existing role.

    Business representatives from different LOBs

    • Business users need to validate the service catalog design and ensure the service definitions are user facing and relevant.

    Project Charter

    Input your project team, their roles, and relevant contact information into your project charter, Section 2.

    Identify the senior managers who are the stakeholders for the service catalog

    Obtain explicit buy-in from both IT and business stakeholders.

    The stakeholders could be your biggest champions for the service catalog initiative, or they could pull you back significantly. Engage the stakeholders at the start of the project and communicate the benefits of the service catalog to them to gain their approval.

    Stakeholders

    Benefits

    CIO
    • Improved visibility and perception for IT
    • Ability to better manage business expectation

    Manager of Service Desk

    • Reduced number of routine inquires
    • Respond to business needs faster and uniformly

    Senior Manager/Director of Application & Infrastructure

    • Streamlined and standardized request/support process
    • More effective communication with the business

    Senior Business Executives from Major LOBs

    • Self-service increases user productivity for business users
    • Better quality of services provided by IT

    Project Charter

    Document a list of stakeholders, their involvement in the process (why they are stakeholders), and their contact information in Section 3.

    Articulate the creation of the service catalog to the organization

    Spread the word of service catalog implementation. Bring attention to your change message through effective mediums and organizational changes.

    Key aspects of a communication plan

    The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.

    In addition, it is important to know who will deliver the message (delivery strategy). Talking to the business leaders is very important, and you need IT executives to deliver the message. Work hard on obtaining their support as they are the ones communicating to their staff and could be your project champions.

    Recommended organizational changes

    The communication plan should consist of changes that will affect the way users interact with the catalog. Users should know of any meetings pertinent to the maintenance and improvement of the catalog, and ways to access the catalog (e.g. link on desktop/start menu).

    This image depicts the cycle of communicating change. the items in the cycle include: What is the change?; Why are we doing it?; How are we going to go about it?; What are we trying to achieve?; How often will we be updated?

    The Qualities of Leadership: Leading Change

    Project Charter

    Your communication plan should serve as a rough guide. Communication happens in several unpredictable happenstances, but the overall message should be contained within.

    Ensure you get the whole company on board for the service catalog with a well practiced change message

    The success of your catalog implementation hinges on the business’ readiness.

    One of the top challenges for organizations that are implementing a service catalog is the acceptance and adoption of the change. Effective planning for implementation and communication is pivotal. Ensure you create tailored plans for communication and understand how the change will impact staff.

    1. Draft your change message
    2. “Better Service, Better Value.” It is important to have two change messages prepared: one for the IT department and one for business users.
      Outline a few of the key benefits each user group will gain from adopting the service catalog (e.g. Faster, ease of use, convenient, consistent…)

    3. Address feedback
    4. Anticipate some resistances of service catalog adoption and prepare responses. These may be the other benefits which were not included in the change message (e.g. IT may be reluctant to think in business language.)

    5. Conduct training sessions
    6. Host lunch & learns to demonstrate the value of the service catalog to both business and IT user groups.
      These training sessions also serve as a great way to gather feedback from users regarding style and usability.

    Project Charter

    Pick your communication medium, and then identify your target audience. You should have a change message for each: the IT department and the business users. Pay careful consideration to wording and phrasing with regard for each.

    Track metrics throughout the project to keep stakeholders informed

    In order to measure the success of your service catalog, you must establish baseline metrics to determine how much value the catalog is creating for your business.

    1. Number of service requests via the service catalog
    2. The number of service catalog requests should be carefully monitored so that it does not fluctuate too greatly. In general, the number of requests via the service catalog should increase, which indicates a higher level of self-serve.

    3. Number of inquiry calls to the service desk
    4. The number of inquiry calls should decrease because customers are able to self-serve routine IT inquiries that would otherwise have gone through the service desk.

    5. Customer satisfaction – specific questions
    6. The organization could adopt the following sample survey questions:
      From 0-5: How satisfied are you with the functionality of the service catalog? How often do you turn to the service catalog first to solve IT problems?

    7. Number of non-standard requests
    8. The number of non-standard requests should decrease because a majority of services should eventually be covered in the service catalog. Users should be able to solve nearly any IT related problem through navigating the service catalog.

    Metric Description Current Metric Future Goal
    Number of service requests via the Service Catalog
    Number of inquiry calls to the service desk
    Customer Satisfaction – specific question
    Number of non-standard requests

    Use metrics to monitor the monetary improvements the service catalog creates for the business

    When measuring against your baseline, you should expect to see the following two monetary improvements:

    1. Improved service desk efficiency
    2. (# of routine inquiry calls reduced) x (average time for a call) x (average service desk wage)

      Routine inquiries often take up a significant portion of the service desk’s effort, and the majority of them can be answered via the service catalog, thus reducing the amount of time required for a service desk employee to engage in routine solutions. The reduction in routine inquiries allows IT to allocate resources to high-value services and provide higher quality of support.

    Example

    Originally, the service desk of an organization answers 850 inquiries per month, and around 540 of them are routine inquiries requesting information on when a service is available, who they can contact if they want to receive a service, and what they need to do if they want access to a service, etc.

    IT successfully communicated the introduction of the service catalog to the business and 3 months after the service catalog was implemented, the number of routine inquiries dropped to 60 per month. Given that the average time for IT to answer the inquiry is 10 minutes (0.167 hour) and the hourly wage of a service desk technician is $25, the monthly monetary cost saving of the service catalog is:

    (540 – 60) x 0.167 x 25 = $2004.00

    • Reduced expense by eliminating non-standard requests

    (Average additional cost of non-standard request) x (Reduction of non-standard request)
    +
    (Extra time IT spends on non-standard request fulfilment) x (Average wage)

    Non-standard requests require a lot of time, and often a lot of money. IT frequently incurs additional cost because the business is not aware of how to properly request service or support. Not only can the service catalog standardize and streamline the service request process, it can also help IT define its job boundary and say no to the business if needed.

    Example

    The IT department of an organization often finds itself dealing with last-minute, frustrating service requests from the business. For example, although equipment requests should be placed a week in advance, the business often requests equipment to be delivered the next day, leaving IT to pay for additional expedited shipping costs and/or working fanatically to allocate the equipment. Typically, these requests happen 4 times a month, with an additional cost of $200.00. IT staff work an extra 6 hours per each non-standard request at an hourly wage of $30.00.

    With the service catalog, the users are now aware of the rules that are in place and can submit their request with more ease. IT can also refer the users to the service catalog when a non-standard request occurs, which helps IT to charge the cost to the department or not meet the terms of the business.

    The monthly cost saving in this case is:

    $200.00 x 4 + 6 hours x 30 = $980.00

    Create your project charter for the service catalog initiative to get key stakeholders to buy in

    1.1 2-3 hours

    The project charter is an important document to govern your project process. Support from the project sponsors is important and must be documented. Complete the following steps working with Info-Tech’s sample Project Charter.

    1. The project leader and the core project team must identify key reasons for creating a service catalog. Document the project objectives and benefits in the mission statement section.
    2. Identify and document your project team. The team must include representatives from the Infrastructure, Applications, Service desk, and a Business-IT Liaison.
    3. Identify and document your project stakeholders. The stakeholders are those who have interest in seeing the service catalog completed. Stakeholders for IT are the CIO and management of different IT practices. Stakeholders for the business are executives of different LOBs.
    4. Identify your target audience and choose the communication medium most effective to reach them. Draft a communication message hitting all key elements.
      Info-Tech’s project charter contains sample change messages for the business and IT.
    5. Develop a strategy as to how the change message will be distributed, i.e. the communication and organizational change plan.
    6. Use the metrics identified as a base to measure your service catalog’s implementation. If you have identified any other objectives, add new metrics to monitor your progress from the baseline to reaching those objectives.
    7. Sign and date the project charter to officiate commitment to completing the project and reaching your objectives. Have the signed and dated charter available to members of the project team.

    INPUT

    • A collaborative discussion between team members

    OUTPUT

    • Thorough briefing for project launch
    • A committed team

    Materials

    • Communication message and plan
    • Metric tracking

    Participants

    • Project leader
    • Core project team

    Obtain buy-in from business users at the beginning of the service catalog initiative

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The nature of government IT is quite complex: there are several different agencies located in a number of different areas. It is extremely important to communicate the idea of the service catalog to all the users, no matter the agency or location.

    The IT department had yet to let business leaders of the various agencies know about the initiative and garner their support for the project. This has proven to be prohibitive for gaining adoption from all users.

    Solution

    The IT leaders met and identified all the opportunities to communicate the service catalog to the business leaders and end users.

    To meet with the business leaders, IT leaders hosted a service level meeting with the business directors and managers. They adopted a steering committee for the continuation of the project.

    To communicate with business users, IT leaders published announcements on the intranet website before releasing the catalog there as well.

    Results

    Because IT communicated the initiative, support from business stakeholders was obtained early and business leaders were on board shortly after.

    IT also managed to convince key business stakeholders to become project champions, and leveraged their network to communicate the initiative to their employees.

    With this level of adoption, it meant that it was easier for IT to garner business participation in the project and to obtain feedback throughout.

    Info-Tech assists project leader to garner support from the project team

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The project received buy-in from the CIO and director of infrastructure. Together they assembled a team and project leader.

    The two struggled to get buy-in from the rest of the team, however. They didn’t understand the catalog or its benefits and objectives. They were reluctant to change their old ways. They didn’t know how much work was required from them to accomplish the project.

    Solution

    With the Info-Tech analyst on site, the client was able to discuss the benefits within their team as well as the project team responsibilities.

    The Info-Tech analyst convinced the group to move towards focusing on a business- and service-oriented mindset.

    The workshop discussion was intended to get the entire team on board and engaged with meeting project objectives.

    Results

    The project team had experienced full buy-in after the workshop. The CIO and director relived their struggles of getting project members on-board through proper communication and engagement.

    Engaging the members of the project team with the discussion was key to having them take ownership in accomplishing the project.

    The business users understood that the service catalog was to benefit their long-term IT service development.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    1.1 this image contains a screenshot from section 1.1 of this blueprint. Begin your project with a mission statement
    A strong mission statement that outlines the benefits of the project is needed to communicate the purpose of the project. The onsite Info-Tech analysts will help you customize the message and establish the foundation of the project charter.
    1.2 this image contains a screenshot from section 1.2 of this blueprint.

    Identify project team members

    Our onsite analysts will help you identify high-value team members to contribute to this project.

    1.3 This image contains a screenshot from section 1.3 of this blueprint.

    Identify important business and IT stakeholders

    Buy-in from senior IT and business management is a must. Info-Tech will help you identify the stakeholders and determine their level of influence and impact.

    1.4 This image contains a screenshot from section 1.4 of this blueprint.

    Create a change message for the business and IT

    It is important to communicate changes early and the message must be tailored for each target audience. Our analysts will help you create an effective message by articulating the benefits of the service catalog to the business and to IT.

    1.5 This image contains a screenshot from section 1.5 of this blueprint.

    Determine service project metrics

    To demonstrate the value of the service catalog, IT must come up with tangible metrics. Info-Tech’s analysts will provide some sample metrics as well as facilitate a discussion around which metrics should be tracked and monitored.

    PHASE 2

    Identify and Define Enterprise Services

    Design & Build a User-Facing Service Catalog

    Step 2 – Create Enterprise Services Definitions

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Identify and define enterprise services that are commonly used across the organization.
    • Create service descriptions and features to accurately sum up the functionality of each service.
    • Create service categories and assign each service to a category.

    Step Insights

    • When defining services, be sure to carefully distinguish between what is a feature and what is a service. Often, separate services are defined in situations when they would be better off as features of existing services, and vice versa.
    • When coming up with enterprise services categories, ensure the categories group the services in a way that is intuitive. The users should be able to find a service easily based on the names of the categories.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define Enterprise Services
    Proposed Time to Completion: 4 weeks

    Step 2.1: Identify enterprise services

    Step 2.2: Create service categories

    Start with an analyst kick off call:

    • Identify enterprise services that are commonly used.
    • Ensure the list is comprehensive and capture common IT needs.
    • Create service descriptions and features.

    Review findings with analyst:

    • Review full list of identified enterprise services.
    • Identify service categories that are intuitive to the users.

    Then complete these activities…

    • Use Info-Tech’s sample enterprise service definitions as a guide, and change/add/delete the service definitions to customize them to your organization.

    Then complete these activities…

    • Group identified services into categories that are intuitive to the users.

    With these tools & templates: Service

    Sample Enterprise Services

    With these tools & templates:

    Sample Enterprise Services

    Identify enterprise services in the organization apart from the services available to lines of business

    Separating enterprise services from line of business services helps keep things simple to organize the service catalog. -

    Documentation of all business-facing IT services is an intimidating task, and a lack of parameters around this process often leads to longer project times and unsatisfactory outcomes.

    To streamline this process, separating enterprise services from line of business services allows IT to effectively and efficiently organize these services. This method increases the visibility of the service catalog through user-oriented communication plans.

    Enterprise Services are common services that are used across the organization.

    1. Common Services for all users within the organization (e.g. Email, Video Conferencing, Remote Access, Guest Wireless)
    2. Service Requests organized into Service Offerings (e.g. Hardware Provisioning, Software Deployment, Hardware Repair, Equipment Loans)
    3. Consulting Services (e.g. Project Management, Business Analysis, RFP Preparation, Contract Negotiation)

    All user groups access Enterprise Services

    Enterprise Services

    • Finance
    • IT
    • Sales
    • HR

    Ensure your enterprise services are defined from the user perspective and are commonly used

    If you are unsure whether a service is enterprise wide, ask yourself these two questions:

    This image contains an example of how you would use the two questions: Does the user directly use the service themselves?; and; Is the service used by the entire organization (or nearly everyone)?. The examples given are: A. Video Conferencing; B. Exchange Server; C. Email & Fax; D. Order Entry System

    Leverage Info-Tech’s Sample Enterprise Services definition

    2.1 Info-Tech’s Sample Enterprise Services definitions

    Included with this blueprint is Info-Tech’s Sample Enterprise Services definitions.

    The sample contains dozens of services common across most organizations; however, as a whole, they are not complete for every organization. They must be modified according to the business’ needs. Phase two will serve as a guide to identifying an enterprise service as well as how to fill out the necessary fields.

    This image contains a screenshot of definitions from Info-Tech's Sample Enterprises services

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    The next slide will introduce you to the information for each service record that can be edited.

    Info-Tech’s Sample Enterprise Services definitions is designed to be easily customized

    2.1 Info-Tech’s Sample Enterprise Services definitions

    Below is an example of a service record and its necessary fields of information. This is information that can be kept, deleted, or expanded upon.

    Name the service unambiguously and from the user’s perspective.

    Brief description of how the service allows users to perform tasks.

    Describe the functionality of the service and how it helps users to achieve their business objectives.

    Cluster the services into logical groups.

    Service Name Description Features Category
    Email Email communication to connect with other employees, suppliers, and customers
    • Inbox
    • Calendar
    • Resource Scheduling (meeting rooms)
    • Access to shared mailboxes
    • Limit on mailbox size (‘x’ GB)
    • Address book/external contacts
    • Spam filtering, virus protection
    • Archiving and retrieval of older emails
    • Web/browser access to email
    • Mass email/notification (emergency, surveys, reporting)
    • Setting up a distribution list
    • Setting up Active Sync for email access on mobile devices
    Communications

    Distinguish between a feature and a unique service

    It can be difficult to determine what is considered a service itself, and what is a feature of another service. Use these tips and examples below to help you standardize this judgement.

    Example 1

    Web Conferencing has already been defined as a service. Is Audio Conferencing its own service or a feature of Web Conferencing?

    Info-Tech Tip: Is Audio Conferencing run by the same application as the Web Conferencing? Does it use the same equipment? If not, Audio Conferencing is probably its own service.

    Example 2

    Web Conferencing has already been defined as a service. Is “Screen Sharing” its own service or a feature of Web Conferencing?

    Info-Tech Tip: It depends on how the user interacts with Screen Sharing. Do they only screen share when engaged in a Web Conference? If so, Screen Sharing is a feature and not a service itself.

    Example 3

    VoIP is a popular alternative to landline telephone nowadays, but should it be part of the telephony service or a separate service?

    Info-Tech Tip: It depends on how the VoIP phone is set up.

    If the user uses the VoIP phone the same way they would use a landline phone – because the catalog is user facing – consider the VoIP as part of the telephone service.

    If the user uses their computer application to call and receive calls, consider this a separate service on its own.

    Info-Tech Insight

    While there are some best practices for coming up with service definitions, it is not an exact science and you cannot accommodate everyone. When in doubt, think how most users would perceive the service.

    Change or delete Info-Tech’s enterprise services definitions to make them your own

    2.1 3 hours

    You need to be as comprehensive as possible and try to capture the entire breadth of services IT provides to the business.

    To achieve this, a three-step process is recommended.

    1. First, assemble your project team. It is imperative to have representatives from the service desk. Host two separate workshops, one with the business and one with IT. These workshops should take the form of focus groups and should take no more than 1-2 hours.
    2. Business Focus Group:
    • In an open-forum setting, discuss what the business needs from IT to carry out their day-to-day activities.
    • Engage user-group representatives and business relationship managers.

    IT Focus Group:

    • In a similar open-forum setting, determine what IT delivers to the business. Don’t think about it from a support perspective, but from an “ask” perspective – e.g. “Service Requests.
    • Engage the following individuals: team leads, managers, directors.
  • Review results from the focus groups and compare with your service desk tickets – are there services users inquire about frequently that are not included? Finalize your list of enterprise services as a group.
  • INPUT

    • Modify Info-Tech’s sample services

    OUTPUT

    • A list of some of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Using Info-Tech’s Sample Enterprise Services, expand upon the services to add those that we did not include

    2.2 1-3 hours (depending on size and complexity of the IT department)

    Have your user hat on when documenting service features and descriptions. Try to imagine how the users interact with each service.

    1. Once you have your service name, start with the service feature. This field lists all the functionality the service provides. Think from the user’s perspective and document the IT-related activities they need to complete.
    2. Review the service feature fields with internal IT first to make sure there isn’t any information that IT doesn’t want to publish. Afterwards, review with business users to ensure the language is easy to understand and the features are relatable.
    3. Lastly, create a high-level service description that defines the nature of the service in one or two sentences.

    INPUT

    • Collaborate and discuss to expand on Info-Tech’s example

    OUTPUT

    • A complete list of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Follow Info-Tech’s guidelines to establish categories for the enterprise services that IT provides to the business

    Similar to the services and their features, there is no right or wrong way to categorize. The best approach is to do what makes sense for your organization and understand what your users think.

    What are Service Categories?

    Categories organize services into logical groups that the users can identify with. Services with similar functions are grouped together in a common category.

    When deciding your categories, think about:

    • What is best for the users?
    • Look at the workflows from the user perspective: how and why do they use the service?
    • Will the user connect with the category name?
    • Will they think about the services within the category?
    Enterprise Service Categories
    Accounts and Access
    Collaboration
    Communication
    Connectivity
    Consulting
    Desktop, Equipment, & Software
    Employee Services
    Files and Documents
    Help & Support
    Training

    Sample categories

    Categorize the services from the list below; how would you think to group them?

    There is no right or wrong way to categorize services; it is subjective to how they are provided by IT and how they are used by the business. Use the aforementioned categories to group the following services. Sample solutions are provided on the following slide.

    Service Name
    Telephone
    Email
    Remote access
    Internet
    BYOD (wireless access)
    Instant Messaging
    Video Conferencing
    Audio Conferencing
    Guest Wi-Fi
    Document Sharing

    Tips and tricks:

    1. Think about the technology behind the service. Is it the same application that provides the services? For example: is instant messaging run by the same application as email?
    2. Consider how the service is used by the business. Are two services always used together? If instant messaging is always used during video conferencing, then they belong in the same category.
    3. Consider the purpose of the services. Do they achieve the same outcomes? For example, document sharing is different from video conferencing, though they both support a collaborative working environment.

    This is a sample of different categorizations – use these examples to think about which would better suit your business

    Example 1 Example 2

    Desktop, Equipment, & Software Services

    Connectivity

    Mobile Devices

    Communications

    Internet

    Telephone

    BYOD (wireless access)

    Telephone

    Guest Wi-Fi

    Internet

    Email

    Remote Access

    Instant Messaging

    Video Conferencing

    Audio Conferencing

    Communications

    Collaboration

    Storage and Retrieval

    Accounts and Access

    Telephone

    Email

    Document Sharing

    Remote access

    Email

    Instant Messaging

    Connectivity

    Mobile Devices

    Video Conferencing

    Internet

    BYOD (wireless access)

    Audio Conferencing

    Guest Wi-Fi

    Guest Wi-Fi

    Document Sharing

    Info-Tech Insight

    Services can have multiple categories only if it means the users will be better off. Try to limit this as much as possible.

    Neither of these two examples are the correct answer, and no such thing exists. The answers you came up with may well be better suited for the users in your business.

    With key members of your project team, categorize the list of enterprise services you have created

    2.3 1 hour

    Before you start, you must have a modified list of all defined enterprise services and a modified list of categories.

    1. Write down the service names on sticky notes and write down the categories either on the whiteboard or on the flipchart.
    2. Assign the service to a category one at a time. For each service, obtain consensus on how the users would view the service and which category would be the most logical choice. In some cases, discuss whether a service should be included in two categories to create better searchability for the users.
    3. If a consensus could not be reached on how to categorize a service, review the service features and category name. In some cases, you may go back and change the features or modify or create new categories if needed.

    INPUT

    • Collaborate and discuss to expand on Info-Tech’s example

    OUTPUT

    • A complete list of your business’ enterprise services

    Materials

    • Whiteboard/marker
    • Info-Tech sample enterprise services

    Participants

    • Key members of the project team
    • Service desk rep
    • Business rep

    Accounts & Access Services

    • User ID & Access
    • Remote Access
    • Business Applications Access

    Communication Services

    • Telephone
    • Email
    • Mobile devices

    Files & Documents

    • Shared Folders
    • File Storage
    • File Restoration
    • File Archiving

    Collaboration

    • Web Conferencing
    • Audio Conferencing
    • Video Conferencing
    • Chat
    • Document Sharing

    Employee Services

    • Onboarding & Off Boarding
    • Benefits Self Service
    • Time and Attendance
    • Employee Records Management

    Help & Support

    • Service Desk
    • Desk Side Support
    • After Hours Support

    Desktop, Equipment, & Software

    • Printing
    • Hardware Provisioning
    • Software Provisioning
    • Software Support
    • Device Move
    • Equipment Loaner

    Education & Training Services

    • Desktop Application Training
    • Corporate Application Training
    • Clinical Application Training
    • IT Training Consultation

    Connectivity

    • BYOD (wireless access)
    • Internet
    • Guest Wi-Fi

    IT Consulting Services

    • Project Management
    • Analysis
    • RFP Reviews
    • Solution Development
    • Business Analysis/Requirements Gathering
    • RFI/RFP Evaluation
    • Security Consulting & Assessment
    • Contract Management
    • Contract Negotiation

    IT department identifies a comprehensive list of enterprise services

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    Because of the breadth of services IT provides across several agencies, it was challenging to identify what was considered enterprise beyond just the basic ones (email, internet, etc.)

    IT recognized that although the specific tasks of service could be different, there are many services that are offered universally across the organization and streamlining the service request and delivery process would reduce the burden on IT.

    Solution

    The client began with services that users interact with on a daily basis; this includes email, wireless, telephone, internet, printing, etc.

    Then, they focused on common service requests from the users, such as software and hardware provisioning, as well as remote access.

    Lastly, they began to think of other IT services that are provided across the organization, such as RFP/RFI support, project management analysis, employee onboarding/off-boarding, etc.

    Results

    By going through the lists and enterprise categories, the government was able to come up with a comprehensive list of all services IT provides to the business.

    Classifying services such as onboarding meant that IT could now standardize IT services for new recruits and employee termination.

    By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

    Organization distinguishes features from services using Info-Tech’s tips and techniques

    CASE STUDY B
    Industry Government
    Source Onsite engagement

    Challenge

    For some services, the project team had difficulty deciding on what was a service and what was a feature. They found it hard to distinguish between a service with features or multiple services.

    For example, the client struggled to define the Wi-Fi services because they had many different user groups and different processes to obtain the service. Patients, visitors, doctors, researchers, and corporate employees all use Wi-Fi, but the service features for each user group were different.

    Solution

    The Info-Tech analyst came on-site and engaged the project team in a discussion around how the users would view the services.

    The analyst also provided tips and techniques on identifying services and their features.

    Because patients and visitors do not access Wi-Fi or receive support for the service in the same way as clinical or corporate employees, Wi-Fi was separated into two services (one for each user group).

    Results

    Using the tips and techniques that were provided during the onsite engagement, the project team was able to have a high degree of clarity on how to define the services by articulating who the authorized users are, and how to access the process.

    This allowed the group to focus on the users’ perspective and create clear, unambiguous service features so that users could clearly understand eligibility requirements for the service and how to request them.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    2.1 This image contains a screenshot from section 2.1 of this blueprint.

    Understand what enterprise services are

    The project team must have a clear understanding of what qualifies as an enterprise service. The onsite analysts will also promote a user-oriented mindset so the catalog focuses on business needs.

    2.2 this image contains a screenshot from section 2.2 of this blueprint.

    Identify enterprise services

    The Info-Tech analysts will provide a list of ready-to-use services and will work with the project team to change, add, and delete service definitions and to customize the service features.

    2.3 this image contains a screenshot from section 2.3 of this blueprint.

    Identify categories for enterprise services

    The Info-Tech analyst will again emphasize the importance of being service-oriented rather than IT-oriented. This will allow the group to come up with categories that are intuitive to the users.

    PHASE 3

    Identify and Define Line of Business Services

    Design & Build a User-Facing Service Catalog

    Step 3 – Create Line of Business Services Definitions

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Identify lines of business (LOB) within the organization as well as the user groups within the different LOBs.
    • Determine which one of Info-Tech’s two approaches is more suitable for your IT organization.
    • Define and document LOB services using the appropriate approach.
    • Categorize the LOB services based on the organization’s functional structure.

    Step Insights

    • Collaboration with the business significantly strengthens the quality of line of business service definitions. A significant amount of user input is crucial to create impactful and effective service definitions.
    • If a strong relationship with the business is not in place, IT can look at business applications and the business activities they support in order to understand how to define line of business services.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Define LOB Services

    Proposed Time to Completion: 4 weeks

    Step 3.1: Identify LOB services

    Step 3.2: Define LOB services

    Start with an analyst kick off call:

    • Identify enterprise services that are commonly used.
    • Ensure the list is comprehensive and capture common IT needs.
    • Create service descriptions and features.

    Review findings with analyst:

    • Use either the business view or the IT view methodology to identify and define LOB services.

    Then complete these activities…

    • Select one of the methodologies and either compile a list of business applications or a list of user groups/functional departments.

    Then complete these activities…

    • Validate the service definitions and features with business users.

    With these tools & templates: Service

    LOB Services – Functional Group
    LOB Services – Industry Specific

    With these tools & templates:

    LOB Services – Functional Group
    LOB Services – Industry Specific

    Communicate with your business users to get a clear picture of each line of business

    Within a business unit, there are user groups that use unique applications and IT services to perform business activities. IT must understand which group is consuming each service to document to their needs and requirements. Only then is it logical to group services into lines of business.

    Covering every LOB service is a difficult task. Info-Tech offers two approaches to identifying LOB services, though we recommend working alongside business user groups to have input on how each service is used directly from the users. Doing so makes the job of completing the service catalog easier, and the product more detailed and user friendly.

    Some helpful questions to keep in mind when characterizing user groups:

    • Where do they fall on the organizational chart?
    • What kind of work do they do?
    • What is included in their job description?
    • What are tasks that they do in addition to their formal responsibilities?
    • What do they need from IT to do their day-to-day tasks?
    • What does their work day look like?
    • When, why, and how do they use IT services?

    Info-Tech Insight

    With business user input, you can answer questions as specific as “What requirements are necessary for IT to deliver value to each line of business?” and “What does each LOB need in order to run their operation?”

    Understand when it is best to use one of Info-Tech’s two approaches to defining LOB services

    1. Business View

    Business View is the preferred method for IT departments with a better understanding of business operations. This is because they can begin with input from the user, enabling them to more successfully define every service for each user group and LOB.

    In addition, IT will also have a chance to work together with the business and this will improve the level of collaboration and communication. However, in order to follow this methodology, IT needs to have a pre-established relationship with the business and can demonstrate their knowledge of business applications.

    2. IT View

    The IT view begins with considering each business application used within the organization’s lines of business. Start with a broad view, following with a process of narrowing down, and then iterate for each business application.

    This process leads to each unique service performed by every application within the business’ LOBs.

    The IT view does not necessarily require a substantial amount of information about the business procedures. IT staff are capable of deducing what business users often require to maintain their applications’ functionality.

    Use one of Info-Tech’s two methodologies to help you identify each LOB service

    Choose the methodology that fits your IT organization’s knowledge of the business.

    This image demonstrates a comparison between the business view of service and the IT View of Service. Under the Business View, the inputs are LOB; User Groups; and Business Activity. Under the IT View, the inputs are Business Application and Functionality, and the outputs are Business Activity; User Groups; and LOB.

    1. Business View

    If you do have knowledge of business operations, using the business view is the better option and the service definition will be more relatable to the users.

    2. IT View

    For organizations that don’t have established relationships with the business or detailed knowledge of business activities, IT can decompose the application into services. They have more familiarity and comfort with the business applications than with business activities.

    It is important to continue after the service is identified because it helps confirm and solidify the names and features. Determining the business activity and the user groups can help you become more user-oriented.

    Identifying LOB services using Info-Tech’s Business View method

    We will illustrate the two methodologies with the same example.

    If you have established an ongoing relationship with the business and you are familiar with their business operations, starting with the LOB and user groups will ensure you cover all the services IT provides to the business and create more relatable service names.

    This is a screenshot of an example of the business view of Service.

    Identifying LOB services using Info-Tech’s IT View method

    If you want to understand what services IT provides to the Sales functional group, and you don’t have comprehensive knowledge of the department, you need to start with the IT perspective.

    This is a screenshot of an example of the business view of Service.

    Info-Tech Insight

    If you are concerned about the fact that people always associate a service with an application, you can include the application in the service name or description so users can find the service through a search function.

    Group LOB services into functional groups as you did enterprise services into categories

    3.1 Sample Line of Business Services Definitions – Functional Groups & Industry Examples

    Like categories for enterprise services in Phase Two, LOB services are grouped into functional groups. Functional groups are the components of an organizational chart (HR, Finance, etc.) that are found in a company’s structure.

    Functional Groups

    Functional groups enable a clear view for business users of what services they need, while omitting services that do not apply to them. This does not overwhelm them, and provides them with only relevant information.

    Industry Services

    To be clear, industry services can be put into functional groups.

    Info-Tech provides a few sample industry services (without their functional group) to give an idea of what LOB service is specific to these industries. Try to extrapolate from these examples to create LOB services for your business.

    Use Info-Tech’s Sample LOB Services – Functional Group and Sample LOB Services – Industry Specific documents.

    This is a screenshot of Info-Tech's Functional Group Services

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    Identify the user group and business activity within each line of business – Business view

    3.1 30-45 minutes per line of business

    Only perform this activity if you have a relationship with the business that can enable you to generate business input on service identifications and definitions.

    In a group of your project participants, repeat the sequence for each LOB.

    1. Brainstorm each user group within the LOB that is creating value for the business by performing functional activities.
    2. Think of what each individual end user must do to create their value. Think of the bigger picture rather than specifics at this point. For example, sales representatives must communicate with clients to create value.
    3. Now that you have each user group and the activities they perform, consider the specifics of how they go about doing that activity. Consider each application they use and how much they use that application. Think of any and all IT services that could occur as a result of that application usage.

    INPUT

    • A collaborative discussion (with a business relationship)

    OUTPUT

    • LOB services defined from the business perspective

    Materials

    • Sticky notes
    • Whiteboard/marker

    Participants

    • Members of the project team
    • Representatives from the LOBs

    Identify the user group and business activity within each line of business – IT view

    3.1 30-45 minutes per application

    Only perform this activity if you cannot generate business input through your relationships, and must begin service definitions with business applications.

    In a group of your project participants, repeat the sequence for each application.

    1. Brainstorm all applications that the business provides through IT. Cross out the ones that provide enterprise services.
    2. In broad terms, think about what the application is accomplishing to create value for the business from IT’s perspective. What are the modules? Is it recording interactions with the clients? Each software can have multiple functionalities.
    3. Narrow down each functionality performed by the application and think about how IT helps deliver that value. Create a name for the service that the users can relate to and understand.
    4. → Optional

    5. Now go beyond the service and think about the business activities. They are always similar to IT’s application functionality, but from the user perspective. How would the user think about what the application’s functionality to accomplish that particular service is? At this point, focus on the service, not the application.
    6. Determine the user groups for each service. This step will help you complete the service record design in phase 4. Keep in mind that multiple user groups may access one service.

    INPUT

    • A collaborative discussion (without a business relationship)

    OUTPUT

    • LOB services defined from the IT perspective

    Materials

    • Sticky notes
    • Whiteboard/marker

    Participants

    • Members of the project team

    You must review your LOB service definitions with the business before deployment

    Coming up with LOB service definitions is challenging for IT because it requires comprehension of all lines of business within the organization as well as direct interaction with the business users.

    After completing the LOB service definitions, IT must talk to the business to ensure all the user groups and business activities are covered and all the features are accurate.

    Here are some tips to reviewing your LOB Service Catalog generated content:

    • If you plan to talk to a business SME, plan ahead to help complete the project in time for rollout.
    • Include a business relationship manager on the project team to facilitate discussion if you do not have an established relationship with the business.

    Sample Meeting Agenda

    Go through the service in batches. Present 5-10 related services to the business first. Start with the service name and then focus on the features.

    In the meeting, discuss whether the service features accurately sum up the business activities, or if there are missing key activities. Also discuss whether certain services should be split up into multiple services or combined into one.

    Organization identifies LOB services using Info-Tech’s methodologies

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    There were many users from different LOBs, and IT provided multiple services to all of them. Tracking them and who had access to what was difficult.

    IT didn’t understand who provided the services (service owner) and who the customers were (business owner) for some of the services.

    Solution

    After identifying the different Lines of Business, they followed the first approach (Business View) for those that IT had sufficient knowledge of in terms of business operations:

    1. Identified lines of business
    2. Identified user groups
    3. Identified business activities

    For the LOBs they weren’t familiar with, they used the IT view method, beginning with the application:

    1. Identified business apps
    2. Deduced the functionalities of each application
    3. Traced the application back to the service and identified the service owner and business owner

    Results

    Through these two methodologies, IT was able to define services according to how the users both perceive and utilize them.

    IT was able to capture all the services it provides to each line of business effectively without too much help from the business representatives.

    By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

    Info-Tech helps organization to identify LOB services using the IT View

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Challenge
    The organization uses a major application containing several modules used by different users for various business activities.

    The challenge was to break down the application into multiple services in a way that makes sense to the business users. Users should be able to find services specific to them easily.

    Therefore, the project team must understand how to map the modules to different services and user groups.


    Solution
    The project team identified the major lines of business and took various user groups such as nurses and doctors, figured out their daily tasks that require IT services, and mapped each user-facing service to the functionality of the application.

    The project team then went back to the application to ensure all the modules and functionalities within the application were accounted for. This helped to ensure that services for all user groups were covered and prepared to be released in the catalog.


    Results
    Once the project team had come up with a comprehensive list of services for each line of business, they were able to sit with the business and review the services.

    IT was also able to use this opportunity to demonstrate all the services it provides. Having all the LOB services demonstrates IT has done its preparation and can show the value they help create for the business in a language the users can understand. The end result was a strengthened relationship between the business and the IT department.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    This is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    3.1 this image contains a screenshot from section 3.1 of this blueprint.

    Understand what Line of Business services are

    The onsite analysts will provide a clear distinction between enterprise services and LOB services. The analysts will also articulate the importance of validating LOB services with the business.

    3.2 this image contains a screenshot from section 3.2 of this blueprint.

    Identify LOB services using the business’ view

    There are two methods for coming up with LOB services. If IT has comprehensive knowledge of the business, they can identify the services by outlining the user groups and their business activities.

    3.3 This image contains a screenshot from section 3.3 of this blueprint.

    Identify LOB services using IT’s view

    If IT does not understand the business and cannot obtain business input, Info-Tech’s analysts will present the second method, which allows IT to identify services with more comfortability through business applications/systems.

    3.4 This image contains a screenshot from section 3.4 of this blueprint.

    Categorize the LOB services into functional groups

    The analysts will help the project team categorize the LOB services based on user groups or functional departments.

    PHASE 4

    Complete Service Definitions

    Design & Build a User-Facing Service Catalog

    Step 4: Complete service definitions and service record design

    1. Complete the Project Charter
    2. Create Enterprise Services Definitions
    3. Create Line of Business Services Definitions
    4. Complete Service Definitions

    This step will walk you through the following activities:

    • Select which fields of information you would like to include in your service catalog design.
    • Determine which fields should be kept internal for IT use only.
    • Complete the service record design with business input if possible.

    Step Insights

    • Don’t overcomplicate the service record design. Only include the pieces of information the users really need to see.
    • Don’t publish anything that you don’t want to be held accountable for. If you are not ready, keep the metrics and costs internal.
    • It is crucial to designate a facilitator and a decision maker so confusions and disagreements regarding service definitions can be resolved efficiently.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Complete service definitions
    Proposed Time to Completion (in weeks): 4 weeks

    Step 4.1: Design service record

    Step 4.2: Complete service definitions

    Start with an analyst kick off call:

    • Review Info-Tech’s sample service record and determine which fields to add/change/delete.
    • Determine which fields should be kept internal.

    Review findings with analyst:

    • Complete all fields in the service record for each identified service.

    Then complete these activities…

    • Finalize the design of the service record and bring over enterprise services and LOB services.

    Then complete these activities…

    • Test the service definitions with business users prior to catalog implementation.

    With these tools & templates: Service

    Services Definition Chart

    With these tools & templates:

    Services Definition Chart

    Utilize Info-Tech’s Services Definition Chart to map out your final service catalog design

    Info-Tech’s Sample Services Definition Chart

    Info-Tech has provided a sample Services Definition Chart with standard service definitions and pre-populated fields. It is up to you throughout this step to decide which fields are necessary to your business users, as well as how much detail you wish to include in each of them.

    This image contains a screenshot from Info-Tech's Services Definition Chart.

    Info-Tech Insight

    Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

    Tips and techniques for service record design

    The majority of the fields in the service catalog are user facing, which means they must be written in business language that the users can understand.

    If there is any confusion or disagreement in filling out the fields, a facilitator is required to lead the working groups in coming up with a definitive answer. If a decision is still not reached, it should be escalated to the decision maker (usually the service owner).

    IT-Facing Fields

    There are IT facing fields that should not be published to the business users – they are for the benefit of IT. For example, you may want to keep Performance Metrics internal to IT until you are ready to discuss it with the business.

    If the organization is interested in creating a Technical Service Catalog following this initiative, these fields will provide a helpful starting place for IT to identify the people, process, and technology required to support user-facing services.

    Info-Tech Insight

    It is important for IT-facing fields to be kept internal. If business users are having trouble with a service and the service owner’s name is available to them, they will phone them for support even if they are not the support owner.

    Design your service catalog with business input: have the user in mind

    When completing the service record, adopt the principle that “Less is More.” Keep it simple and write the service description from the user’s perspective, without IT language. From the list below, pick which fields of information are important to your business users.

    What do the users need to access the service quickly and with minimal assistance?

    The depicted image contains an example of an analysis of what users need to access the service quickly and with minimal assistance. The contents are as follows. Under Service Overview, Name; Description; Features; Category; and Supporting Services. Under Owners, are Service Owner; Business Owner. Under Access Policies and Procedures, are Authorized Users; Request Process; Approval Requirements/Process; Turnaround Time; User Responsibility. Under Availability and Service Levels are Support Hours; Hours of Availability; Planned Downtime; and Metrics. Under Support Policies & Procedures are Support Process; Support Owner; Support Documentation. Under Costs are Internal Cost; Customer Cost. The items which are IT Facing are coloured Red. These include Supporting Services; Service Owner; Business Owner; Metrics; Support Owner; and Internal Cost.

    Identify service overview

    “What information must I have in each service record? What are the fundamentals required to define a service?”

    Necessary Fields – Service Description:

    • Service name → a title for the service that gives a hint of its purpose.
    • Service description → what the service does and expected outcomes.
    • Service features → describe functionality of the service.
    • Service category → an intuitive way to group the service.
    • Support services → applications/systems required to support the service.

    Description: Delivers electronic messages to and from employees.

    Features:

    • Desk phone
    • Teleconference phones (meeting rooms)
    • Voicemail
    • Recover deleted voicemails
    • Team line: call rings multiple phones/according to call tree
    • Employee directory
    • Caller ID, Conference calling

    Category: Communications

    This image contains an example of a Service overview table. The headings are: Description; Features; Category; Supporting Services (Systems, Applications).

    Identify owners

    Who is responsible for the delivery of the service and what are their roles?

    Service Owner and Business Owner

    Service owner → the IT member who is responsible and accountable for the delivery of the service.

    Business owner → the business partner of the service owner who ensures the provided service meets business needs.

    Example: Time Entry

    Service Owner: Manager of Business Solutions

    Business Owner: VP of Human Resources

    This image depicts a blank table with the headings Service Owner, and Business Owner

    Info-Tech Insight

    For enterprise services that are used by almost everyone in the organization, the business owner is the CIO.

    Identify access policies and procedures

    “Who is authorized to access this service? How do they access it?”

    Access Policies & Procedures

    Authorized users → who can access the service.

    Request process → how to request access to the service.

    Approval requirement/process → what the user needs to have in place before accessing the service.

    Example: Guest Wi-Fi

    Authorized Users: All people on site not working for the company

    Request Process: Self-Service through website for external visitors

    Approval Requirement/Process: N/A

    This image depicts a blank table with the headings: Authorized Users; Request Process; Approval Requirement/Process

    Info-Tech Insight

    Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

    Identify access policies and procedures

    “Who is authorized to access this service? How do they access it?”

    Access Policies & Procedures

    Requirements & pre-requisites → details of what must happen before a service can be provided.

    Turnaround time → how much time it will take to grant access to the service.

    User responsibility → What the user is expected to do to acquire the service.

    Example: Guest Wi-Fi

    Requirements & Pre-requisites: Disclaimer of non-liability and acceptance

    Turnaround time: Immediate

    User Responsibility: Adhering to policies outlined in the disclaimer

    This image depicts a blank table with the headings: Authorized Users; Request Process; Approval Requirement/Process

    Info-Tech Insight

    Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

    Identify availability and service levels

    “When is this service available to users? What service levels can the user expect?”

    Availability & Service Levels

    Support hours → what days/times is this service available to users?

    Hours of availability/planned downtime → is there scheduled downtime for maintenance?

    Performance metrics → what level of performance can the user expect for this service?

    Example: Software Provisioning

    Support Hours: Standard business hours

    Hours of Availability/Planned Downtime: Standard business hours; can be agreed to work beyond operating hours either earlier or later

    Performance Metrics: N/A

    This image depicts a blank table with the headings: Support hours; Hours of availability/planned downtime; Performance Metrics.

    Info-Tech Insight

    Manage user expectations by clearly documenting and communicating service levels.

    Identify support policies and procedures

    “How do I obtain support for this service?”

    Support Policies & Procedures

    Support process → what is the process for obtaining support for this service?

    Support owner → who can users contact for escalations regarding this service?

    Support documentation → where can users find support documentation for this service?

    Example: Shared Folders

    Support Process: Contact help desk or submit a ticket via portal

    Support Owner: Manager, client support

    Support Documentation: .pdf of how-to guide

    This image depicts a blank table with the headings: Support Process; Support Owner; Support Documentation

    Info-Tech Insight

    Clearly documenting support procedures enables users to get the help they need faster and more efficiently.

    Identify service costs and approvals

    “Is there a cost for this service? If so, how much and who is expensing it?”

    Costs

    Internal Cost → do we know the total cost of the service?

    Customer Cost → a lot of services are provided without charge to the business; however, certain service requests will be charged to a department’s budget.

    Example: Hardware Provisioning

    Internal Cost: For purposes of audit, new laptops will be expensed to IT.

    Customer Cost: Cost to rush order 10 new laptops with retina displays for the graphics team. Charged for extra shipment cost, not for cost of laptop.

    This image depicts a blank table with the headings: Internal Costs; Customer costs

    Info-Tech Insight

    Set user expectations by clearly documenting costs associated with a service and how to obtain approval for these costs if required.

    Complete the service record design fields for every service

    4.1 3 Hours

    This is the final activity to completing the service record design. It has been a long journey to make it here; now, all that is left is completing the fields and transferring information from previous activities.

    1. Organize the services however you think is most appropriate. A common method of organization is alphabetically by enterprise category, and then each LOB functional group.
    2. Determine which fields you would like to keep or edit to be part of your design. Also add any other fields you can think of which will add value to the user or IT. Remember to keep them IT facing if necessary.
    3. Complete the fields for each service one by one. Keep in mind that for some services, a field or two may not apply to the nature of that service and may be left blank or filled with a null value (e.g. N/A).

    INPUT

    • A collaborative discussion

    OUTPUT

    • Completed service record design ready for a catalog

    Materials

    • Info-Tech sample service record design.

    Participants

    • Project stakeholders, business representatives

    Info-Tech Insight

    Don’t forget to delete or bring over the edited LOB and Enterprise services from the phase 2 and 3 deliverables.

    Complete the service definitions and get them ready for publication

    Now that you have completed the first run of service definitions, you can go back and complete the rest of the identified services in batches. You should observe increased efficiency and effectiveness in filling out the service definitions.

    This image depicts how you can use bundles to simplify the process of catalog design using bundles. The cycle includes the steps: Identify Services; Select a Service Bundle; Review Record Design; followed by a cycle of: Pick a service; Service X; Service Data Collection; Create Service Record, followed by Publish the bundle; Communicate the bundle; Rinse and Repeat.

    This blueprint’s purpose is to help you design a service catalog. There are a number of different platforms to build the catalog offered by application vendors. The sophistication of the catalog depends on the size of your business. It may be as simple as an Excel book, or something as complex as a website integrated with your service desk.

    Determine how you want to publish the service catalog

    There are various levels of maturity to consider when you are thinking about how to deploy your service catalog.

    1. Website/User Portal 2. Catalog Module Within ITSM Tool

    3. Homegrown Solution

    Prerequisite

    An internet website, or a user portal

    An existing ITSM tool with a built-in service catalog module

    Database development capabilities

    Website development capabilities

    Pros

    Low cost

    Low effort

    Easy to deploy

    Customized solution tailored for the organization

    High flexibility regarding how the service catalog is published

    Cons

    Not aesthetically appealing

    Lacking sophistication

    Difficult to customize to organization’s needs

    Limitation on how the service catalog info is published

    High effort

    High cost

    → Maturity Level →

    Organization uses the service catalog to outline IT’s and users’ responsibilities

    CASE STUDY A
    Industry Government
    Source Onsite engagement

    Challenge

    The client had collected a lot of good information, but they were not sure about what to include to ensure the users could understand the service clearly.

    They were also not sure what to keep internal so the service catalog did not increase IT’s workload. They want to help the business, but not appear as if they are capable of solving everything for everyone immediately. There was a fear of over-commitment.

    Solution

    The government created a Customer Responsibility field for each service, so it was not just IT who was providing solutions. Business users needed to understand what they had to do to receive some services.

    The Service Owner and Business Owner fields were also kept internal so users would go through the proper request channel instead of calling Service Owners directly.

    Lastly, the Performance Metrics field was kept internal until IT was ready to present service metrics to the business.

    Results

    The business was provided clarity on their responsibility and what was duly owed to them by IT staff. This established clear boundaries on what was to be expected of IT services projected into the future.

    The business users knew what to do and how to obtain the services provided to them. In the meantime, they didn’t feel overwhelmed by the amount of information provided by the service catalog.

    Organization leverages the service catalog as a tool to define IT workflows and business processes

    CASE STUDY B
    Industry Healthcare
    Source Onsite engagement

    Challenge

    There is a lack of clarity and a lack of agreement between the client’s team members regarding the request/approval processes for certain services. This was an indication that there is a level of ambiguity around process. Members were not sure what was the proper way to access a service and could not come up with what to include in the catalog.

    Different people from different teams had different ways of accessing services. This could be true for both enterprise and LOB services.

    Solution

    The Info-Tech analyst facilitated a discussion about workflows and business processes.

    In particular, the discussion focused around the approval/authorization process, and IT’s workflows required to deliver the service. The Info-Tech analyst on site walked the client through their different processes to determine which one should be included in the catalog.

    Results

    The discussion brought clarity to the project team around both IT and business process. Using this new information, IT was able to communicate to the business better, and create consistency for IT and the users of the catalog.

    The catalog design was a shared space where IT and business users could confer what the due process and responsibilities were from both sides. This increased accountability for both parties.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    4.1 this image contains a screenshot from section 4.1 of this blueprint.

    Determine which fields should be included in the record design

    The analysts will present the sample service definitions record and facilitate a discussion to customize the service record so unique business needs are captured.

    4.2 this image contains a screenshot from section 4.2.1 of this blueprint.

    Determine which fields should be kept internal

    The onsite analysts will explain why certain fields are used but not published. The analysts will help the team determine which fields should be kept internal.

    4.3 this image contains a screenshot from section 4.3 of this blueprint.

    Complete the service definitions

    The Info-Tech analysts will help the group complete the full service definitions. This exercise will also provide the organization with a clear understanding of IT workflows and business processes.

    Summary of accomplishment

    Knowledge Gained

    • Understanding why it is important to identify and define services from the user’s perspective.
    • Understand the differences between enterprise services and line of business services.
    • Distinguish service features from services.
    • Involve the business users to define LOB services using either IT’s view or LOB’s view.

    Processes Optimized

    • Enterprise services identification and documentation.
    • Line of business services identification and documentation.

    Deliverables Completed

    • Service catalog project charter
    • Enterprise services definitions
    • Line of business service definitions – functional groups
    • Line of business service definitions – industry specific
    • Service definition chart

    Project step summary

    Client Project: Design and Build a User-Facing Service Catalog

    1. Launch the Project – Maximize project success by assembling a well-rounded team and managing all important stakeholders.
    2. Identify Enterprise Services – Identify services that are used commonly across the organization and categorize them in a user-friendly way.
    3. Identify Line of Business Services – Identify services that are specific to each line of business using one of two Info-Tech methodologies.
    4. Complete the Service Definitions – Determine what should be presented to the users and complete the service definitions for all identified services.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Establish a Service-Based Costing Model

    Develop the right level of service-based costing capability by applying our methodology.

    Assess Your IT Financial Management Maturity Effectively

    • Buy Link or Shortcode: {j2store}315|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Organizations wishing to mature their IT financial management (ITFM) maturity often face the following obstacles:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Our Advice

    Critical Insight

    No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool that is only valuable if you are willing to act on it.

    Impact and Result

    A mature ITFM practice leads to many benefits.

    • Foundation: Improved governance, skill sets, processes, and tools.
    • Data: An appropriate taxonomy/data model alongside accurate data for high-quality reporting and insights.
    • Language: A common vocabulary across the organization.
    • Organization Culture: Improved communication and collaboration between IT and business partners.

    Assess Your IT Financial Management Maturity Effectively Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your IT Financial Management Maturity Effectively Storyboard – A framework and step-by-step methodology to assess your ITFM maturity.

    This research seeks to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    • Assess Your IT Financial Management Maturity Effectively Storyboard

    2. IT Financial Management Maturity Assessment Tool – A structured tool to help you assess your ITFM maturity.

    This Excel workbook guides IT finance practitioners to effectively assess their IT financial management practice. Incorporate the visual outputs into your final executive presentation document. Key activities include context setting, completing the assessment, and prioritizing focus areas based on results.

    • IT Financial Management Maturity Assessment Tool

    3. IT Financial Management Maturity Assessment Report Template – A report summarizing your ITFM maturity assessment results to help you communicate with stakeholders.

    Use this template to document your final ITFM maturity outputs, including the current and target states and your identified priorities.

    • IT Financial Management Maturity Assessment Report Template
    [infographic]

    Further reading

    Assess Your IT Financial Management Maturity Effectively

    Influence your organization’s strategic direction.

    Analyst Perspective

    Make better informed data-driven business decisions.

    Technology has been evolving throughout the years, increasing complexity and investments, while putting more stress on operations and people involved. As an IT leader, you are now entrusted to run your outfit as a business, sit at the executive table as a true partner, and be involved in making decisions that best suit your organization. Therefore, you have an obligation to fulfill the needs of your end customers and live up to their expectations, which is not an easy task.

    IT financial management (ITFM) helps you generate value to your organization’s clientele by bringing necessary trade-offs to light, while driving effective dialogues with your business partners and leadership team.

    This research will focus on Info-Tech’s approach to ITFM maturity, aiming for a state of continuous improvement, where an organization can learn and grow as it adapts to change. As the ITFM practice matures, IT and business leaders will be able to better understand one another and together make better business decisions, driven by data.

    This client advisory presentation and accompanying tool seek to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    Photo of Bilal Alberto Saab, Research Director, IT Financial Management, Info-Tech Research Group. Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    The value of ITFM is undermined

    ITFM is often discarded and not given enough importance and relevance due to the operational nature of IT, and the specialized skillset of its people, leading to several problems and challenges, such as:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Constructive dialogues with business partners are not the norm

    Business-driven conversations around financials (spending, cost, revenue) are a rarity in IT due to several factors, including:

    • Foundation: Weak governance, inadequate skillset, and less than perfect processes and tools.
    • Data: Lack of adequate taxonomy/data model, alongside inaccurate data leading to poor reporting and insights.
    • Language: Lack of a common vocabulary across the organization.
    • Organization culture: No alignment, alongside minimal communication and collaboration between IT and business partners.

    Follow Info-Tech’s approach to move up the ITFM maturity ladder

    Mature your ITFM practice by activating the means to make informed business decisions.

    Info-Tech’s methodology helps you move the dial by focusing on three maturity focus areas:

    • Build an ITFM Foundation
    • Manage and Monitor IT Spending
    • Bridge the Language Barrier

    Info-Tech Insight

    Influence your organization’s strategic direction by maturing your ITFM practice.

    What is ITFM?

    ITFM is not just about finance.

    • ITFM has evolved from traditional budgeting, accounting, and cost optimization; however, it is much more than those activities alone.
    • It starts with understanding the financial implications of technology by adopting different perspectives to become adept in communicating with various stakeholders, including finance, business partners, IT managers, and your CEO.
    • Armed with this knowledge, ITFM helps you address a variety of questions, such as:
      • How are technology funds being spent?
      • Which projects is IT prioritizing and why?
      • What are the resources needed to speed IT delivery?
      • What’s the value of IT within the organization?
    • ITFM’s main objective is thus to improve decision-making capabilities by facilitating communication between IT leaders and stakeholders, while enabling a customer focus attitude throughout the organization.

    “ITFM embeds technology in financial management practices. Through cost, demand, and value, ITFM brings technology and business together, forging the necessary relationships and starting the right conversations to enable the best decisions for the organization.”
    – Monica Braun, Research Director, Info-Tech Research Group

    Your challenge

    IT leaders struggle to articulate and communicate business value.

    • IT spending is often questioned by different stakeholders, such as business partners and various IT business units. These questions, usually resulting from shifts in business needs, may revolve around investments, expenditures, services, and speed to market, among others. While IT may have an idea about its spending habits, aligning it to the business strategy may prove difficult.
    • IT staff often does not have access to, or knowledge of, the business model and its intricacies. In an operational environment, the focus tends to be on technical issues rather than overall value.
    • People tend to fear what they do not know. Some business managers may not be comfortable with technology. They do not recognize the implications and ramifications of certain implementations or understand the related terminology, which puts a strain on any conversation.

    “Value is not the numbers you visualize on a chart, it’s the dialogue this data generates with your business partners and leadership team.”
    – Dave Kish, Practice Lead, Info-Tech Research Group

    Technology is constantly evolving

    Increasing IT spending and decision-making complexity.

    Timeline of IT technology evolution, starting with 'Timesharing' in the 1980s to 'All Things Digital' in the 2020s. 'IT Spend Growth' grows from start to finish.

    Common obstacles

    IT leaders are not able to have constructive dialogues with their stakeholders.

    • The way IT funds are spent has changed significantly, moving from the purchase of discrete hardware and software tools to implementing data lakes, cloud solutions, the metaverse and blockchain. This implies larger investments and more critical decisions. Conversations around interoperability, integration, and service-based solutions that focus more on big-picture architecture than day-to-day operations have become the norm.
    • Speed to market is now a survival criterion for most organizations, requiring IT to shift rapidly based on changing priorities and customer expectations. This leads to the need for greater financial oversight, with the CFO as the gatekeeper. Today’s IT leaders need to possess both business and financial management savvy to justify their spending with various stakeholders.
    • Any IT budget increase is tied to expectations of greater value. Hence, the compelling demands for IT to prove its worth to the business. Promoting value comes in two ways: 1) objectively, based on data, KPIs, and return on investment; and 2) subjectively, based on stakeholder satisfaction, alongside relationships. Building trust, credibility, and confidence can go a long way.

    In a technology-driven world, advances come at a price. With greater spending required, more complex and difficult conversations arise.

    Constructive dialogues are key

    You don’t know what you don’t know.

    • IT, being historically focused on operations, has become a hub for technically savvy personnel. On the downside, technology departments are often alien to business, causing problems such as:
      • IT staff have no knowledge of the business model and lack customer focus.
      • Business is not comfortable with technology and related jargon.
    • The lack of two-way communication and business alignment is hence an important ramification. If the business does not understand technology, and IT does not speak in business terms, where does that lead us?
    • Poor data quality and governance practices, alongside overly manual processes can only exasperate the situation.

    IT Spending Survey

    79% of respondents believe that decisions taking too long to make is either a significant or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    81% of respondents believe that ensuring spend efficiency (avoiding waste) is either a challenge or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    ITFM is trailing behind

    IT leaders must learn to speak business.

    In today’s world, where organizations are driving customer experience through technology investments, having a seat at the table means IT leaders must be well versed in business language and practice, including solid financial management skills.

    However, IT staff across all industries aren’t very confident in how well IT is doing in managing its finances. This becomes evident after looking at three core processes:

    • Demonstrating IT’s value to the business.
    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.

    Recent data from 4,137 respondents to Info-Tech’s IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing on them.

    IT leadership’s capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and demonstrating IT’s contribution to business value.

    Bar charts comparing percentages of people who 'Agree process is important' and 'Agree process is effective' for three processes: Business Value, Cost & Budget Management, and Cost Optimization. In all instances, the importance outweighed the perceived effectiveness.
    Source: Info-Tech Research Group, IT Management & Governance Diagnostic, 2023.

    Info-Tech’s approach

    We take a holistic approach to ITFM and support you throughout your maturity journey.

    Visualization of the IT maturity levels with three goals at the bottom, 'Build am ITFM Foundation', 'Manage & Monitor IT Spending', and 'Bridge the Language Barrier'. The 5 levels, from bottom to top, are 'Nascent - Level 1, Inability to consistently deliver financial planning services', 'Cost Operator - Level 2, Rudimentary financial planning capabilities', 'Trusted Coordinator - Level 3, Enablement of business through cost-effective supply of technology', 'Value Optimizer - Level 4, Effective impact on business performance', and 'Strategic Partner - Level 5, Influence on the organization's strategic direction'.

    The Info-Tech difference:

    • Info-Tech has a methodology and set of tools that will help assess your ITFM maturity and take the first step in developing an improvement plan. We have identified three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier
    • No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool, which is only valuable if you are willing to act on it.

    Note: See Appendix A for maturity level definitions and descriptions.

    Climb the maturity ladder

    By growing along three maturity focus areas.

    A diagram with '3 Maturity Focus Areas' and '9 Maturity Levers' within them. The first area is 'Build an ITFM Foundation' with levers 'Establish your Team', 'Set up your Governance Structure', and 'Adopt ITFM Processes & Tools'. The second area is 'Manage & Monitor IT Spending', with levers 'Standardize your Taxonomy & Data Model', 'Identify, Gather & Prepare your Data', and 'Analyze your Findings and Develop your Reports'. The third area is 'Bridge the Language Barrier' with levers 'Communicate your IT Spending', 'Educate the Masses', and 'Influence your Organization's Culture'.

    Info-Tech identified three maturity focus areas, each containing three levers.

    Identify where you stand across the nine maturity levers, detect the gaps, and determine your priorities as a first step to develop an improvement plan.

    Note: See Appendix B for maturity level definitions and descriptions per lever.

    Key project deliverables

    Each step of this activity is accompanied by supporting deliverables to help you accomplish your goals.

    IT Financial Management Maturity Assessment Report Template

    A template of an ITFM maturity assessment report that can be customized based on your own results.

    IT Financial Management Maturity Assessment Tool

    A workbook including an ITFM maturity survey, generating a summary of your current state, target state, and priorities.

    Measure the value of this activity

    Reach your 12-month maturity target.

    • Determine your 12-month maturity target, identify your gaps, and set your priorities.
    • Use the ITFM maturity assessment to kickstart your improvement plan by developing actionable initiatives.
    • Implement your initiatives and monitor your progress to reach your 12-month target.

    Sample of a result page from the ITFM maturity assessment.

    Build your improvement plan and implement your initiatives to move the dial and climb the maturity ladder.

    Sample of a result page from the ITFM maturity assessment with a graph.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Step 1

    Prepare for the ITFM maturity assessment

    Content Overview

    1. Identify your stakeholders
    2. Set the context
    3. Determine the methodology
    4. Identify assessment takers

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    1. Prepare to take the ITFM maturity assessment

    3 hours

    Input: Understanding your context, objectives, and methodology

    Output: ITFM maturity assessment stakeholders and their objectives, ITFM maturity assessment methodology, ITFM maturity assessment takers

    Materials: 1a. Prepare for Assessment tab in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Identify your stakeholders and document it in the ITFM Maturity Assessment Tool (see next slides). We recommend having representatives from different business units across the organization, most notably IT, IT finance, finance, and IT audit.
    2. Set the context with your stakeholders and document it in the ITFM Maturity Assessment Tool. Discuss the reason behind taking the ITFM maturity assessment among the various stakeholders. Why do each of your stakeholders want to take the assessment? What are their main objectives? What would they like to achieve?
    3. Determine the methodology and document it in the ITFM Maturity Assessment Tool. Discuss how you want to go about taking the assessment with your stakeholders. Do you want to have representatives from each business unit take the assessment individually, then share and discuss their findings? Do you prefer forming a working group with representatives from each business unit and go through the assessment together? Or does any of your stakeholders have a different suggestion? You will have to consider the effort, skillset, and knowledge required.
    4. Identify the assessment takers and document it in the ITFM Maturity Assessment Tool. Determine who will be taking the assessment (specific names of stakeholders). Consider their availability, knowledge, and skills.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your stakeholders, objectives, and methodology

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document stakeholders, objectives, and methodology (table range: columns B to G and rows 8 to 15).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Stakeholders'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each stakeholder on a separate row.
    D Text Enter the job title related to each stakeholder.
    E Text Enter the objective(s) related to each stakeholder.
    F Text Enter the agreed upon methodology.
    G Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full names and job titles of the ITFM maturity assessment stakeholders.
    3. Document the maturity assessment objective of each of your stakeholders.
    4. Document the agreed-upon methodology.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your assessment takers

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document assessment takers (table range: columns B to E and rows 18 to 25).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Takers'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each assessment taker on a separate row.
    D Text Enter the job title related to each stakeholder to identify which party is being represented per assessment taker.
    E Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full name of each assessment taker, along with the job title of the stakeholder they are representing.

    Download the IT Financial Management Maturity Assessment Tool

    Step 2

    Take the ITFM maturity assessment

    Content Overview

    1. Complete the survey
    2. Review your assessment results
    3. Determine your priorities

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    2. Take the ITFM maturity assessment

    3 hours

    Input: Understanding of your ITFM current state and 12-month target state, ITFM maturity assessment results

    Output: ITFM current- and target-state maturity levels, average scores, and variance, ITFM current- and target-state average scores, variance, and priority by maturity focus area and maturity lever

    Materials: 1b. Glossary, 2a. Assess ITFM Foundation, 2b. Assess Mngt. & Monitoring, 2c. Assess Language, and 3. Assessment Summary tabs in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Complete the survey: select the current and target state of each statement – refer to the glossary as needed for definitions of key terms – in the ITFM Maturity Assessment Tool (see next slides). There are three tabs (one per maturity focus area) with three tables each (nine maturity levers). Review and discuss statements with all assessment takers: consider variations, differing opinions, and reach an agreement on each statement inputs.
    2. Review assessment results: navigate to the Assessment Summary tab in the ITFM maturity assessment tool (see next slides) to view your results. Review and discuss with all assessment takers: consider any shocking output and adjust survey input if necessary.
    3. Determine your priorities: decide on the priority (Low/Medium/High) by maturity focus area and/or maturity lever. Rank your maturity focus area priorities from 1 to 3 and your maturity lever priorities from 1 to 9. Consider the feasibility in terms of timeframe, effort, and skillset required, positive and negative impacts on business and technology, likelihood of failure, and necessary approvals. Document your priorities in the ITFM maturity assessment tool (see next slides).
      Review and discuss priorities with all assessment takers: consider variations, differing opinions, and reach an agreement on each priority.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Complete the survey

    Excel workbook: ITFM Maturity Assessment Tool – Survey worksheets

    Refer to the example and guidelines below on how to complete the survey.

    Example table from the ITFM Maturity Assessment Tool re: Survey worksheets.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity statement to assess.
    D, E Dropdown Select the maturity levels of your current and target states. One of five maturity levels for each statement, from “1. Nonexistent” (lowest maturity) to “5. Advanced” (highest maturity).
    F, G, H Formula Automatic calculation, no entry required: scores associated with your current and target state selection, along with related variance (column G – column F).
    I Text Enter any notes or comments per ITFM maturity statement (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the survey tabs: 2a. Assess ITFM Foundation, 2b. Assess Management and Monitoring, and 2c. Assess Language.
    2. Select the appropriate current and target maturity levels.
    3. Add any notes or comments per ITFM maturity statement where necessary or helpful.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review your overall result

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    K Formula Automatic calculation, no entry required.
    L Formula Automatic calculation, no entry required: Current State, Target State, and Variance entries. Please ignore the current state benchmark, it’s a placeholder for future reference.
    M Formula Automatic calculation, no entry required: average overall maturity score for your Current State and Target State entries, along with related Variance.
    N, O Formula Automatic calculation, no entry required: maturity level and related name based on the overall average score (column M), where level 1 corresponds to an average score less than or equal to 1.49, level 2 corresponds to an average score between 1.5 and 2.49 (inclusive), level 3 corresponds to an average score between 2.5 and 3.49 (inclusive), level 4 corresponds to an average score between 3.5 and 4.49 (inclusive), and level 5 corresponds to an average score between 4.5 and 5 (inclusive).
    P, Q Formula Automatic calculation, no entry required: maturity definition and related description based on the maturity level (column N).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your overall current state and target state result along with the corresponding variance.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Set your priorities

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results per maturity focus area and maturity lever, then prioritize accordingly.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity focus area or lever, depending on the table.
    D Placeholder Ignore this column because it’s a placeholder for future reference.
    E, F, G Formula Automatic calculation, no entry required: average score related to the current state and target state, along with the corresponding variance per maturity focus area or lever (depending on the table).
    H Formula Automatic calculation, no entry required: preliminary priority based on the average variance (column G), where Low corresponds to an average variance between 0 and 0.5 (inclusive), Medium corresponds to an average variance between 0.51 and 0.99 (inclusive), and High corresponds to an average variance greater than or equal to 1.
    J Dropdown Select your final priority (Low, Medium, or High) per ITFM maturity focus area or lever, depending on the table.
    K Whole Number Enter the appropriate rank based on your priorities; do not use the same number more than once. A whole number between 1 and 3 to rank ITFM maturity focus areas, and between 1 and 9 to rank ITFM maturity levers, depending on the table.

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your current-state and target-state result along with the corresponding variance per maturity focus area and maturity lever.
    3. Select the appropriate priority for each maturity focus area and maturity lever.
    4. Enter a unique rank for each maturity focus area (1 to 3).
    5. Enter a unique rank for each maturity lever (1 to 9).

    Download the IT Financial Management Maturity Assessment Tool

    Step 3

    Communicate your ITFM maturity results

    Content Overview

    1. Review your assessment charts
    2. Customize the assessment report
    3. Communicate your results

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    3. Communicate your ITFM maturity results

    3 hours

    Input: ITFM maturity assessment results

    Output: Customized ITFM maturity assessment report

    Materials: 3. Assessment Summary tab in the ITFM Maturity Assessment Tool, ITFM Maturity Assessment Report Template

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Review assessment charts: navigate to the Assessment Summary tab in the ITFM Maturity Assessment Tool (see next slides) to view your results and related charts.
    2. Edit the report template: complete the template based on your results and priorities to develop your customized ITFM maturity assessment report (see next slide).
    3. Communicate results: communicate and deliberate the assessment results with assessment takers at a first stage, and with your stakeholders at a second stage. The objective is to agree on next steps, including developing an improvement plan.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review assessment charts

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example below on charts depicting different views of the maturity assessment results across the three focus areas and nine levers.

    Samples of different tabs from the ITFM Maturity Assessment Tool: 'Assessment Summary tab: From cell B49 to cell M100' and 'Assessment Summary tab: From cell K13 to cell Q34'.

    From the Excel workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to tab 3. Assessment Summary.
    2. Review each of the charts.
    3. Navigate back to the survey tabs to examine, drill down, and amend individual entries as you deem necessary.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Customize your report

    PowerPoint presentation: ITFM Maturity Assessment Report Template

    Refer to the example below on slides depicting different views of the maturity assessment results across the three maturity focus areas and nine maturity levers.

    Samples of different slides from the ITFM Maturity Assessment Report Template, detailed below.

    Slide 6: Edit levels based on your assessment results. Copy and paste the appropriate maturity level definition and description from slide 4.

    Slide 7: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title. You can use the “Outer Offset: Bottom” shadow under shape effects on the chart.

    Slide 8: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title and legend. You can use the “Outer Offset: Center” shadow under shape effects on the chart.

    From the ITFM Maturity Assessment Report Template:

    1. Edit the report based on your results found in the assessment summary tab of the Excel workbook (see previous slide).
    2. Review slides 6 to 8 and bring necessary adjustments.

    Download the IT Financial Management Maturity Assessment Report Template

    Make informed business decisions

    Take a holistic approach to ITFM.

    • A thorough understanding of your technology spending in relation to business needs and drivers is essential to make informed decisions. As a trusted partner, you cannot have effective conversations around budgets and cost optimization without a solid foundation.
    • It is important to realize that ITFM is not a one-time exercise, but a continuous, sustainable process to educate (teach, mentor, and train), increase transparency, and assign responsibility.
    • Move up the ITFM maturity ladder by improving across three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier

    What’s Next?

    Communicate your maturity results with stakeholders and develop an actionable ITFM improvement plan.

    And remember, having informed discussions with your business partners and stakeholders, where technology helps propel your organization forward, is priceless!

    IT Financial Management Team

    Photo of Dave Kish, Practice Lead, ITFM Practice, Info-Tech Research Group. Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group
    Photo of Jennifer Perrier, Principal Research Director, ITFM Practice, Info-Tech Research Group. Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group. Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group. Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group. Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group
    Photo of Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group. Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Research Contributors and Experts

    Photo of Amy Byalick, Vice President, IT Finance, Info-Tech Research Group. Amy Byalick
    Vice President, IT Finance
    Info-Tech Research Group
    Amy Byalick is an IT Finance practitioner with 15 years of experience supporting CIOs and IT leaders elevating the IT financial storytelling and unlocking insights. Amy is currently working at Johnson Controls as the VP, IT Finance, previously working at PepsiCo, AmerisourceBergen, and Jacobs.
    Photo of Carol Carr, Technical Counselor, Executive Services, Info-Tech Research Group. Carol Carr
    Technical Counselor, Executive Services
    Info-Tech Research Group
    Photo of Scott Fairholm, Executive Counselor, Executive Services, Info-Tech Research Group. Scott Fairholm
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Gokul Rajan, Executive Counselor, Executive Services, Info-Tech Research Group. Gokul Rajan
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Allison Kinnaird, Practice Lead, Infrastructure & Operations, Info-Tech Research Group. Allison Kinnaird
    Practice Lead, Infrastructure & Operations
    Info-Tech Research Group
    Photo of Isabelle Hertanto, Practice Lead, Security & Privacy, Info-Tech Research Group. Isabelle Hertanto
    Practice Lead, Security & Privacy
    Info-Tech Research Group

    Related Info-Tech Research

    Sample of the IT spending transparency research. Achieve IT Spending Transparency

    Mature your ITFM practice by activating the means to make informed business decisions.

    Sample of the IT cost optimization roadmap research. Build Your IT Cost Optimization Roadmap

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Bibliography

    Eby, Kate. “The Complete Guide to Organizational Maturity: Models, Levels, and Assessments.” Smartsheet, 8 June 2022. Web.

    “Financial Management Maturity Model.” National Audit Office, n.d. Accessed 28 Apr. 2023.

    “ITFM/TBM Program Maturity Guide.” Nicus Software, n.d. Accessed 28 Apr. 2023.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 2020.

    McCarthy, Seamus. “Financial Management Maturity Model: A Good Practice Guide.” Office of the Comptroller & Auditor General, 26 June 2018. Web.

    “Principles for Effective Risk Data Aggregation and Risk Reporting.“ Bank for International Settlements, Jan. 2013. Web.

    “Role & Influence of the Technology Decision-Maker 2022.” Foundry, 2022. Web.

    Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO, 21 March 2022. Web.

    “Tech Spend Pulse.” Flexera, 2022. Web.

    Appendix A

    Definition and Description
    Per Maturity Level

    ITFM maturity levels and definitions

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to consistently deliver financial planning services ITFM practices are almost inexistent. Only the most basic financial tasks and activities are being performed on an ad hoc basis to fulfill the Finance department’s requests.
    Cost Operator
    Level 2
    Rudimentary financial planning capabilities. ITFM activities revolve around minimizing the IT budget as much as possible. ITFM practices are not well defined, and IT’s financial view is limited to day-to-day technical operations.
    IT is only involved in low complexity decision making, where financial conversations center on general ledger items and IT spending.
    Trusted Coordinator
    Level 3
    Enablement of business through cost-effective supply of technology. ITFM activities revolve around becoming a proficient and cost-effective technology supplier to business partners.
    ITFM practices are in place, with moderate coordination and adherence to execution. Various IT business units coordinate to produce a consolidated financial view focused on business services.
    IT is involved in moderate complexity decision making, as a technology subject matter expert, where financial conversations center on IT spending in relation to technology services or solutions provided to business partners.
    Value Optimizer
    Level 4
    Effective impact on business performance. ITFM activities revolve around optimizing existing technology investments to improve both IT and business performance.
    ITFM practices are well managed, established, documented, repeatable, and integrated as necessary across the organization. IT’s financial view tie technology investments to lines of business, business products, and business capabilities.
    Business partners are well informed on the technology mix and drive related discussion. IT is trusted to contribute to complex decision making around existing investments to cost-effectively plan initiatives, as well as enhance business performance.
    Strategic Partner
    Level 5
    Influence on the organization’s strategic direction. ITFM activities revolve around predicting the outcome of new or potential technology investments to continuously optimize business performance.
    ITFM practices are fully optimized, reviewed, and improved in a continuous and sustainable manner, and related execution is tracked by gathering qualitative and quantitative feedback. IT’s financial view is holistic and fully integrated with the business, with an outlook on innovation, growth, and strategic transformation.
    Business and IT leaders know the financial ramifications of every business and technology investment decision. IT is trusted to contribute to strategic decision making around potential and future investments to grow and transform the business.

    Appendix B

    Maturity Level Definitions and Descriptions
    Per Lever

    Establish your ITFM team

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM tasks, activities, and functions are not being met in any way, shape, or form.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.There is no dedicated ITFM team.


    Basic ITFM tasks, activities, and functions are being performed on an ad hoc basis, such as high-level budget reporting.

    Trusted Coordinator
    Level 3
    Ability to provide basic business insights.A dedicated team is fulfilling essential ITFM tasks, activities, and functions.


    ITFM team can combine and analyze financial and technology data to produce necessary reports.

    Value Optimizer
    Level 4
    Ability to provide valuable business driven insights.A dedicated ITFM team with well-defined roles and responsibilities can provide effective advice to IT leaders, in a timely fashion, and positively influence IT decisions.
    Strategic Partner
    Level 5
    Ability to influence both technology and business decisions.A dedicated and highly specialized ITFM team is trusted and valued by both IT and Business leaders.


    Insights provided by the ITFM team can influence and shape the organization’s strategy.

    Set up your governance structure

    Maturity focus area: Build an ITFM foundation

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to ensure any adherence to rules and regulations.ITFM frameworks, guidelines, policies, and procedures are not developed nor documented.
    Cost Operator
    Level 2
    Ability to ensure basic adherence to rules and regulations.Basic ITFM frameworks, guidelines, policies, and procedures are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to ensure compliance to rules and regulations, as well as accountability across ITFM processes.Essential ITFM frameworks, guidelines, policies, and procedures are in place, coherent, and documented, aiming to (a) comply with rules and regulations, and (b) provide clear accountability.
    Value Optimizer
    Level 4
    Ability to ensure compliance to rules and regulations, as well as structure, transparency, and business alignment across ITFM processes.ITFM frameworks, guidelines, policies, and procedures are well defined, coherent, documented, and regularly reviewed, aiming to (a) comply with rules and regulations, (b) provide clear accountability, and (c) maintain business alignment.
    Strategic Partner
    Level 5
    Ability to:
    • Ensure compliance to rules and regulations, as well as ITFM processes are transparent, structured, focused on business objectives, and support decision making.
    • Reinforce and shape the organization culture.
    ITFM frameworks, guidelines, policies, and procedures are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) comply with rules and regulations, (b) provide clear accountability, (c) maintain business alignment, and (d) facilitate the decision-making process.


    Enforcement of the ITFM governance structure can influence the organization culture.

    Adopt ITFM processes and tools

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to deliver IT financial planning and performance output.ITFM processes and tools are not developed nor documented.
    Cost Operator
    Level 2
    Ability to deliver basic IT financial planning output.Basic ITFM processes and tools are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to deliver accurate IT financial output and basic IT performance output in a consistent cadence.Essential ITFM processes and tools are in place, coherent, and documented, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; and (c) provide clear accountability. ITFM tools and processes are adopted by the ITFM team and some IT business units but are not fully integrated.
    Value Optimizer
    Level 4
    Ability to deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders in a consistent cadence.ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision-making. ITFM tools and processes are adopted by IT and business partners but are not fully integrated.
    Strategic Partner
    Level 5
    Ability to:
    • Deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders.
    • Leverage IT financial planning and performance output in real time and when needed by stakeholders.
    ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision making.


    ITFM processes and tools are automated to the full extent needed by the organization, utilized to their full potential, and integrated into a single enterprise platform, providing a holistic view of IT spending and IT performance.

    Standardize your taxonomy and data model

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide transparency across technology spending.ITFM taxonomy and data model are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide transparency and support IT financial planning data, analysis, and reporting needs of finance stakeholders.ITFM taxonomy and data model are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation, to comply with, and meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT and finance stakeholders.ITFM taxonomy and data model are in place, coherent, and documented to meet the needs of IT and finance stakeholders.
    Value Optimizer
    Level 4
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized to meet the needs of IT, finance, business, and executive stakeholders, but not flexible enough to be adjusted in a timely fashion as needed.

    Strategic Partner
    Level 5
    Ability to:
    • Provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.
    • Change to meet evolving needs.
    ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized and meet the changing needs of IT, finance, business, and executive stakeholders.

    Identify, gather, and prepare your data

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide accurate and complete across technology spending.ITFM data needs and requirements are not understood.
    Cost Operator
    Level 2
    Ability to provide accurate, but incomplete IT financial planning data to meet the needs of finance stakeholders.Technology spending data is extracted, transformed, and loaded on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide accurate and complete IT financial planning data to meet the needs of IT and finance stakeholders, but IT performance data remain incomplete.IT financial planning data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT and finance stakeholders.


    IT financial planning data is (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Value Optimizer
    Level 4
    Ability to provide accurate and complete IT financial planning and performance data to meet the needs of IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    ITFM data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT, finance, business, and executive stakeholders.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Strategic Partner
    Level 5
    Ability to provide accurate and complete IT financial planning and performance data real time and when needed by IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, (c) available and refreshed as needed, and (d) sourced from the organization’s system of record.

    Analyze your findings and develop your reports

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM analysis and reports are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.IT financial planning analysis is conducted on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide basic financial planning and performance insights to meet the needs of IT and finance stakeholders.IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.).

    Value Optimizer
    Level 4
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate business decision making around technology investments.ITFM analysis and reports support business decision making around technology investments.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, and (c) regularly validated for inconsistencies.

    Strategic Partner
    Level 5
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate strategic decision making.ITFM analysis and reports support strategic decision making.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.), and consider multiple point of views (hypotheses, interpretations, opinions, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, (c) comprehensive, and (d) regularly validated for inconsistencies.

    Communicate your IT spending

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to communicate and understand each other.The organization stakeholders including IT, finance, business, and executives do not understand one another, and cannot speak the same language.
    Cost Operator
    Level 2
    Ability to understand business and finance requirements.IT understands and meets business and financial planning requirements but does not communicate in a similar language.


    IT cannot influence finance or business decision making.

    Trusted Coordinator
    Level 3
    Ability to understand the needs of different stakeholders including IT, finance, business, and executives and take part in decision making around technology spending.The organization stakeholders including IT, finance, business, and executives understand each other’s needs, but do not communicate in a common language.


    IT leaders provide insights as technology subject matter experts, where conversations center on IT spending in relation to technology services or solutions provided to business partners.


    IT can influence technology decisions around its own budget.

    Value Optimizer
    Level 4
    Ability to communicate in a common vocabulary across the organization and take part in business decision making around technology investments.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to support and influence business decision making around existing technology investments.

    Strategic Partner
    Level 5
    Ability to communicate in a common vocabulary across the organization and take part in strategic decision making.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to facilitate decision making around potential and future investments to grow and transform the business, thus influencing the organization’s overall strategic direction.

    Educate the masses

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to acquire knowledge.Educational resources are inexistent.
    Cost Operator
    Level 2
    Ability to acquire financial knowledge and understand financial concepts.IT leaders have access to educational resources to gain the financial knowledge necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to acquire financial and business knowledge and understand related concepts.IT leaders and their respective teams have access to educational resources to gain the financial and business knowledge necessary to perform their duties.


    ITFM team has access to the necessary educational resources to keep up with changing financial regulations and technology developments.

    Value Optimizer
    Level 4
    Ability to acquire knowledge, across technology, business, and finance as needed by different organization stakeholders, and the leadership understand concepts across these various domains.Stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders have a good understanding of business and financial concepts.


    Business leaders have a good understanding of technology concepts.

    Strategic Partner
    Level 5
    Ability to acquire knowledge, and understand concepts across technology, business, and finance as needed by different organization stakeholders.The organization promotes continuous learning through well designed programs including training, mentorship, and academic courses. Thus, stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders and their respective teams have a good understanding of business and financial concepts.


    Business leaders and their respective teams have a good understanding of technology concepts.

    Influence your organization’s culture

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide and foster an environment of collaboration and continuous improvement.Stakeholders including IT, finance, business, and executives operate in silos, and collaboration between different teams is inexistent.
    Cost Operator
    Level 2
    Ability to provide an environment of cooperation to meet the needs of IT, finance, and business leaders.IT, finance, and business leaders cooperate to meet financial planning requirements as necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to provide and foster an environment of collaboration across the organization.IT, finance, and business collaborate on various initiatives.

    ITFM employees are trusted and supported by their stakeholders (IT, finance, and business).

    Value Optimizer
    Level 4
    Ability to provide and foster an environment of collaboration and continuous improvement, where employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    Employees are trusted, supported, empowered, and valued.

    Strategic Partner
    Level 5
    Ability to provide and foster an environment of collaboration and continuous improvement, where leaders are willing to change, and employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    The organization’s leadership is adaptable and open to change.


    Employees are trusted, supported, empowered, and valued.

    Learn the right way to manage metrics

    • Parent Category Name: Improve Your Processes
    • Parent Category Link: /improve-your-processes

    Learn to use metrics in the right way. Avoid staff (subconciously) gaming the numbers, as it is only natural to try to achieve the objective. This is really a case of be careful what you wish for, you may just get it.

    Register to read more …

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}366|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Regulatory and Compliance Risk Impacts to Your Organization Storyboard – Use the research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Storyboard

    2. Regulatory Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Regulatory Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Risk Impacts on Your Organization

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.

    Analyst perspective

    Organizations must understand the regulatory damage vendors may cause from lack of compliance.

    Frank Sewell.

    The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance.

    As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance.

    Frank Sewell,

    Research Director, Vendor Management

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Regulatory and Compliance risk impacts

    Potential losses to the organization due regulatory and compliance incidents.

    • In this blueprint we’ll:
      • Explore regulatory and compliance risks and their impacts.
      • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational. Regulatory & Compliance is highlighted on the cube.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.

    When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    45%

    Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers.

    2022 McKinsey

    61%

    Of compliance officers expect to increase investment in their compliance function over the next two years.

    2022 Accenture

    $770k+

    Breaches involving third-party vendors cost more on average.

    2022 HIT Consultant.net

    Regulatory Compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    Review your expectations with your vendors and hold them accountable.

    Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Regulatory Guidance and Industry Standards

    Are you confident your vendors meet your standards?

    Identify and manage regulatory and compliance risks

    Environmental, Social, Governance (ESG)
    Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.

    Data Protection
    Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and Acquisitions
    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    What to look for

    Identify regulatory and compliance risk impacts.

    • Is there a record of complaints against the vendor from their employees or customers?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for regulatory violations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term, with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess third-party risk

    1. Review Organizational Regulations
    2. Understand the organization’s regulatory risks to prepare for the “What If” game exercise.

    3. Identify & Understand Potential Regulatory-Compliance Risks
    4. Play the “What If” game with the right people at the table.

    5. Create a Risk Profile Packet for Leadership
    6. Pull all the information together in a presentation document.

    7. Validate the Risks
    8. Work with leadership to ensure that the proposed risks are in line with their thoughts.

    9. Plan to Manage the Risks
    10. Lower the overall risk potential by putting mitigations in place.

    11. Communicate the Plan
    12. It is important not only to have a plan but also to socialize it in the organization for awareness.

    13. Enact the Plan
    14. Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Identifying regulatory and compliance risks

    Who should be included in the discussion.

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from regulatory risk experts within your organization will enhance your long-term potential for successful compliance.
    • Involving those who not only directly manage vendors but also understand your regulatory requirements will aid in determining the path forward for relationships with your current vendors, and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor regulatory and compliance risk impacts

    How could your vendors fall out of compliance?

    • Review vendors’ downstream connections to understand thoroughly with whom you are in business.
      • Monitor their regulatory stance as it could reflect on your organization.
    • Institute proper vendor lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to consistently do so is a recipe for disaster.
    • Develop IT risk governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your regulatory requirements for new and changing risks.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly.

    Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and update our plans.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Regulatory Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.
    Input Output
    • List of identified potential risk scenarios scored by regulatory-compliance impact
    • List of potential mitigations of the scenarios to reduce the risk
    • Comprehensive regulatory risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Regulatory Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    The image contains a screenshot demonstrating high risk example from the tool.

    How to mitigate:

    Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    Low risk example from tool

    The image contains a screenshot demonstrating low risk example from the tool.

    Summary

    Seek to understand all regulatory requirements to obtain compliance.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Those organizations that consistently follow their established risk assessment and due diligence processes are better positioned to avoid penalties.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Keeping up with the ever-changing regulations can make compliance a difficult task.

    Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Info-Tech Insight

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.


    Bibliography

    Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
    Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
    Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Build a Data Warehouse

    • Buy Link or Shortcode: {j2store}200|cart{/j2store}
    • member rating overall impact (scale of 10): 8.7/10 Overall Impact
    • member rating average dollars saved: $94,499 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Relational data warehouses, although reliable, centralized repositories for corporate data, were not built to handle the speed and volume of data and analytics today.
    • IT is under immense pressure from business units to provide technology that will yield greater agility and insight.
    • While some organizations are benefitting from modernization technologies, the majority of IT departments are unfamiliar with the technologies and have not yet defined clear use cases.

    Our Advice

    Critical Insight

    • The vast majority of your corporate data is not being properly leveraged. Modernize the data warehouse to get value from the 80% of unstructured data that goes unused.
    • Avoid rip and replace. Develop a future state that complements your existing data warehouse with emerging technologies.
    • Be flexible in your roadmap. Create an implementation roadmap that’s incremental and adapts to changing business priorities.

    Impact and Result

    • Establish both the business and IT perspectives of today’s data warehouse environment.
    • Explore the art-of-the-possible. Don’t get stuck trying to gather technical requirements from business users who don’t know what they don’t know. Use Info-Tech’s interview guide to discuss the pains of the current environment, and more importantly, where stakeholders want to be in the future.
    • Build an internal knowledgebase with respect to emerging technologies. The technology landscape is constantly shifting and often difficult for IT staff to keep track of. Use Info-Tech’s Data Warehouse Modernization Technology Education Deck to ensure that IT is able to appropriately match the right tools to the business’ use cases.
    • Create a compelling business case to secure investment and support.

    Build a Data Warehouse Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be looking to modernize the relational data warehouse, review Info-Tech’s framework for identifying modernization opportunities, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the current data warehouse environment

    Review the business’ perception and architecture of the current data warehouse environment.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 1: Assess the Current Data Warehouse Environment
    • Data Warehouse Maturity Assessment Tool

    2. Define modernization drivers

    Collaborate with business users to identify the strongest motivations for data warehouse modernization.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 2: Define Modernization Drivers
    • Data Warehouse Modernization Stakeholder Interview Guide
    • Data Warehouse Modernization Technology Education Deck
    • Data Warehouse Modernization Initiative Building Tool

    3. Create the modernization future state

    Combine business ideas with modernization initiatives and create a roadmap.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 3: Create the Modernization Future State
    • Data Warehouse Modernization Technology Architectural Template
    • Data Warehouse Modernization Deployment Plan
    [infographic]

    Workshop: Build a Data Warehouse

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current Data Warehouse Environment

    The Purpose

    Discuss the general project overview for data warehouse modernization.

    Establish the business and IT perspectives of the current state.

    Key Benefits Achieved

    Holistic understanding of the current data warehouse.

    Business user engagement from the start of the project.

    Activities

    1.1 Review data warehouse project history.

    1.2 Evaluate data warehouse maturity.

    1.3 Draw architecture diagrams.

    1.4 Review supporting data management practices.

    Outputs

    Data warehouse maturity assessment

    Data architecture diagrams

    2 Explore Business Opportunities

    The Purpose

    Conduct a user workshop session to elicit the most pressing needs of business stakeholders.

    Key Benefits Achieved

    Modernization technology selection is directly informed by business drivers.

    In-depth IT understanding of the business pains and opportunities.

    Activities

    2.1 Review general trends and drivers in your industry.

    2.2 Identify primary business frustrations, opportunities, and risks.

    2.3 Identify business processes to target for modernization.

    2.4 Capture business ideas for the future state.

    Outputs

    Business ideas for modernization

    Defined strategic direction for data warehouse modernization

    3 Review the Technology Landscape

    The Purpose

    Educate IT staff on the most common technologies for data warehouse modernization.

    Key Benefits Achieved

    Improved ability for IT to match technology with business ideas.

    Activities

    3.1 Appoint Modernization Advisors.

    3.2 Hold an open education and discussion forum for modernization technologies.

    Outputs

    Modernization Advisors identified

    Modernization technology education deck

    4 Define Modernization Solutions

    The Purpose

    Consolidate business ideas into modernization initiatives.

    Key Benefits Achieved

    Refinement of the strategic direction for data warehouse modernization.

    Activities

    4.1 Match business ideas to technology solutions.

    4.2 Group similar ideas to create modernization initiatives.

    4.3 Create future-state architecture diagrams.

    Outputs

    Identified strategic direction for data warehouse modernization

    Defined modernization initiatives

    Future-state architecture for data warehouse

    5 Establish a Modernization Roadmap

    The Purpose

    Validate and build out initiatives with business users.

    Define benefits and costs to establish ROI.

    Identify enablers and barriers to modernization.

    Key Benefits Achieved

    Completion of materials for a compelling business case and roadmap.

    Activities

    5.1 Validate use cases with business users.

    5.2 Define initiative benefits.

    5.3 Identify enablers and barriers to modernization.

    5.4 Define preliminary activities for initiatives.

    5.5 Evaluate initiative costs.

    5.6 Determine overall ROI.

    Outputs

    Validated modernization initiatives

    Data warehouse modernization roadmap

    Take the First Steps to Embrace Open-Source Software

    • Buy Link or Shortcode: {j2store}164|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development

    Your organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option given the advertised opportunities and the popularity of many open-source projects, but they have concerns:

    • Despite the longevity and broad adoption of open-source software, stakeholders are hesitant about its long-term viability and the costs of ongoing support.
    • A clear direction and strategy are needed to align the expected value of open source to your stakeholders’ priorities and gain the funding required to select, implement, and support open-source software.

    Our Advice

    Critical Insight

    • Position open source in the same light as commercial software. The continuous improvement and evolution of popular open-source software and communities have established a reputation for reliability in the industry.
    • Consider open source as another form of outsource development. Open source is externally developed software where the code is accessible and customizable. Code quality may not align to your organization’s standards, which can require extensive testing and optimization.
    • Treat open source as any internally developed solution. Configurations, integrations, customizations, and orchestrations of open-source software are often done at the code level. While some community support is provided, most of the heavy lifting is done by the applications team.

    Impact and Result

    • Outline the value you expect to gain. Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.
    • Define your open-source selection criteria. Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.
    • Assess the readiness of your team. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Take the First Steps to Embrace Open-Source Software Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take the First Steps to Embrace Open-Source Software Storyboard – A guide to learn the fit, value, and considerations of open-source software.

    This research walks you through the misconceptions about open source, factors to consider in its selection, and initiatives to prepare your teams for its adoption.

    • Take the First Steps to Embrace Open-Source Software Storyboard

    2. Open-Source Readiness Assessment – A tool to help you evaluate your readiness to embrace open-source software in your environment.

    Use this tool to identify key gaps in the people, processes, and technologies needed to support open source in your organization. It also contains a canvas to facilitate discussions about expectations with your stakeholders and applications teams.

    • Open-Source Readiness Assessment
    [infographic]

    Further reading

    Take the First Steps to Embrace Open-Source Software

    Begin to understand what is required to embrace open-source software in your organization.

    Analyst Perspective

    With great empowerment comes great responsibilities.

    Open-source software promotes enticing technology and functional opportunities to any organization looking to modernize without the headaches of traditional licensing. Many organizations see the value of open source in its ability to foster innovation, be flexible to various use cases and system configurations, and give complete control to the teams who are using and managing it.

    However, open source is not free. While the software is freely and easily accessible, its use and sharing are bound by its licenses, and its implementation requires technical expertise and infrastructure investments. Your organization must be motivated and capable of taking on the various services traditionally provided and managed by the vendor.

    Photo of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Director,
    Application Delivery and Application Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option because of the advertised opportunities and the popularity of many open-source projects.

    Despite the longevity and the broad adoption of open-source software, stakeholders are hesitant about its adoption, its long-term viability, and the costs of ongoing support.

    A clear direction and strategy is needed to align the expected value of open source to your stakeholders’ priorities and gain the funding required to select, implement, and support open-source software.

    Common Obstacles

    Your stakeholders’ fears, uncertainties, and doubts about open source may be driven by misinterpretation or outdated information. This hesitancy can persist despite some projects being active longer than their proprietary counterparts.

    Certain software features, support capabilities, and costs are commonly overlooked when selecting open-source software because they are often assumed in the licensing and service costs of commercial software.

    Open-source software is often technically complicated and requires specific skill sets and knowledge. Unfortunately, current software delivery capability gaps impede successful adoption and scaling of open-source software.

    Info-Tech’s Approach

    Outline the value you expect to gain. Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.

    Define your open-source selection criteria. Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.

    Assess the readiness of your team. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Insight Summary

    Overarching Info-Tech Insight

    Open source is as much about an investment in people as it is about technology. It empowers applications teams to take greater control over their technology and customize it as they see fit. However, teams need the time and funding to conduct the necessary training, management, and ongoing community engagement that open-source software and its licenses require.

    • Position open source in the same light as commercial software.
      The continuous improvement and evolution of popular open-source software and communities have established a trusting and reliable reputation in the industry. Open-source software quality and community support can rival similar vendor capabilities given the community’s maturity and contributions in the technology.
    • Consider open source another form of outsource development.
      Open source is externally developed software where the code is accessible and customizable. Code quality may not align to your organization’s standards, which can require extensive testing and optimization. A thorough analysis of change logs, code repositories, contributors, and the community is recommended – much to the same degree as one would do with prospective outsourcing partners.
    • Treat open source as any internally developed solution.
      Configurations, integrations, customizations, and orchestrations of open-source software are often done at the code level. While some community support is provided, most of the heavy lifting is done by the applications team. Teams must be properly resourced, upskilled, and equipped to meet this requirement. Otherwise, third-party partners are needed.

    What is open source?

    According to Synopsys, “Open source software (OSS) is software that is distributed with its source code, making it available for use, modification, and distribution with its original rights. … Programmers who have access to source code can change a program by adding to it, changing it, or fixing parts of it that aren’t working properly. OSS typically includes a license that allows programmers to modify the software to best fit their needs and control how the software can be distributed.”

    What are the popular use cases?

    1. Programming languages and frameworks
    2. Databases and data technologies
    3. Operating systems
    4. Git public repos
    5. Frameworks and tools for AI/ML/DL
    6. CI/CD tooling
    7. Cloud-related tools
    8. Security tools
    9. Container technology
    10. Networking

    Source: OpenLogic, 2022

    Common Attributes of All Open-Source Software

    • Publicly shared repository that anyone can access to use the solution and contribute changes to the design and functionality of the project.
    • A community that is an open forum to share ideas and solution enhancements, discuss project direction and vision, and seek support from peers.
    • Project governance that sets out guidelines, rules, and requirements to participate and contribute to the project.
    • Distribution license that defines the terms of how a solution can be used, assessed, modified, and distributed.

    Take the first steps to embrace open-source software

    Begin to understand what is required to embrace open-source software in your organization.

    A diagram of open-source community.

    State the Value of Open Source: Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.

    Select Your Open-Source Software: Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.

    Prepare for Open Source: Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Step 1.1: State the Value of Open Source

    Diagram of step 1.1

    Activities

    1.1.1 Outline the value you expect to gain from open-source software

    This step involves the following participants:

    • Applications team
    • Product owner

    Outcomes of this step:

    • Value proposition for open source
    • Potential open-source use cases

    Use a canvas to frame your open-source evaluation

    A photo of open-source canvas

    This canvas is intended to provide a single pane of glass to start collecting your thoughts and framing your future conversations on open-source software selection and adoption.

    Record the results in the “Open-Source Canvas” tab in the Open-Source Readiness Assessment.

    Open source presents unique software and tooling opportunities

    Innovation

    Many leading-edge and bleeding-edge technologies are collaborated and innovated in open-source projects, especially in areas that are beyond the vision and scope of vendor products and priorities.

    Niche Solutions

    Open-source projects are focused. They are designed and built to solve specific business and technology problems.

    Flexible & Customizable

    All aspects of the open-source software are customizable, including source code and integrations. They can be used to extend, complement, or replace internally developed code. Licenses define how open-source code should be and must be used, productized, and modified.

    Brand & Recognition

    Open-source communities encourage contribution and collaboration among their members to add functionality and improve quality and adoption.

    Cost

    Open-source software is accessible to everyone, free of charge. Communities do not need be consulted prior to acquisition, but the software’s use, configurations, and modifications may be restricted by its license.

    However, myths continue to challenge adoption

    • Open source is less secure or poorer quality than proprietary solutions.
    • Open source is free from risk of intellectual property (IP) infringement.
    • Open source is cheaper than proprietary solutions.

    What are the top perceived barriers to using enterprise open source?

    • Concerns about the level of support
    • Compatibility concerns
    • Concerns about inherent security of the code
    • Lack of internal skills to manage and support it

    Source: Red Hat, 2022

    Transition Projects Over to the Service Desk

    • Buy Link or Shortcode: {j2store}495|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • IT suffers from a lack of strategy and plan for transitioning support processes to the service desk.
    • Lack of effective communication between the project delivery team and the service desk, leads to an inefficient knowledge transfer to the service desk.
    • New service is not prioritized and categorized, negatively impacting service levels and end-user satisfaction.

    Our Advice

    Critical Insight

    Make sure to build a strong knowledge management strategy to identify, capture, and transfer knowledge from project delivery to the service desk.

    Impact and Result

    • Build touchpoints between the service desk and project delivery team and make strategic points in the project lifecycles to ensure service support is done effectively following the product launch.
    • Develop a checklist of action items on the initiatives that should be done following project delivery.
    • Build a training plan into the strategy to make sure service desk agents can handle tickets independently.

    Transition Projects Over to the Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Transition Projects Over to the Service Desk – A guideline to walk you through transferring project support to the service desk.

    This storyboard will help you craft a project support plan to document information to streamline service support.

    • Transition Projects Over to the Service Desk Storyboard

    2. Project Handover and Checklist – A structured document to help you record information on the project and steps to take to transfer support.

    Use these two templates as a means of collaboration with the service desk to provide information on the application/product, and steps to take to make sure there are efficient service processes and knowledge is appropriately transferred to the service desk to support the service.

    • Project Handover Template
    • Service Support Transitioning Checklist
    [infographic]

    Further reading

    Transition Projects Over to the Service Desk

    Increase the success of project support by aligning your service desk and project team.

    Analyst Perspective

    Formalize your project support plan to shift customer service to the service desk.

    Photo of Mahmoud Ramin, Senior Research Analyst, Infrastructure and Operations, Info-Tech Research Group

    As a service support team member, you receive a ticket from an end user about an issue they’re facing with a new application. You are aware of the application release, but you don’t know how to handle the issue. So, you will need to either spend a long time investigating the issue via peer discussion and research or escalate it to the project team.

    Newly developed or improved services should be transitioned appropriately to the support team. Service transitioning should include planning, coordination, and communication. This helps project and support teams ensure that upon a service failure, affected end users receive timely and efficient customer support.

    At the first level, the project team and service desk should build a strategy around transitioning service support to the service desk by defining tasks, service levels, standards, and success criteria.

    In the second step, they should check the service readiness to shift support from the project team to the service desk.

    The next step is training on the new services via efficient communication and coordination between the two parties. The project team should allocate some time, according to the designed strategy, to train the service desk on the new/updated service. This will enable the service desk to provide independent service handling.

    This research walks you through the above steps in more detail and helps you build a checklist of action items to streamline shifting service support to the service desk.

    Mahmoud Ramin, PhD

    Senior Research Analyst
    Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • IT suffers from a lack of strategy and planning for transitioning support processes to the service desk.
    • Lack of effective communication between the project delivery team and the service desk leads to an inefficient knowledge transfer to the service desk.
    • New service is not prioritized and categorized, negatively impacting service levels and end-user satisfaction.

    Common Obstacles

    • Building the right relationship between the service desk and project team is challenging, making support transition tedious.
    • The service desk is siloed; tasks and activities are loosely defined. Service delivery is inconsistent, which impacts customer satisfaction.
    • Lack of training on new services forces the service desk to unnecessarily escalate tickets to other levels and delays service delivery.

    Info-Tech’s Approach

    • Build touchpoints between the service desk and project delivery team and make strategic points in the project lifecycles to ensure service support is done effectively following the product launch.
    • Develop a checklist of action items on the initiatives that should be done following project delivery.
    • Build a training plan into the strategy to make sure service desk agents can handle tickets independently.

    Info-Tech Insight

    Make sure to build a strong knowledge management strategy to identify, capture, and transfer knowledge from project delivery to the service desk.

    A lack of formal service transition process presents additional challenges

    When there is no formal transition process following a project delivery, it will negatively impact project success and customer satisfaction.

    Service desk team:

    • You receive a request from an end user to handle an issue with an application or service that was recently released. You are aware of the features but don’t know how to solve this issue particularly.
    • You know someone in the project group who is familiar with the service, as he was involved in the project. You reach out to him, but he is very busy with another project.
    • You get back to the user to let them know that this will be done as soon as the specialist is available. But because there is no clarity on the scope of the issue, you cannot tell them when this will be resolved.
    • Lack of visibility and commitment to the service recovery will negatively impact end-user satisfaction with the service desk.

    Project delivery team:

    • You are working on an exciting project, approaching the deadline. Suddenly, you receive a ticket from a service desk agent asking you to solve an incident on a product that was released three months ago.
    • Given the deadline on the current project, you are stressed, thinking about just focusing on the projects. On the other hand, the issue with the other service is impacting multiple users and requires much attention.
    • You spend extra time handling the issue and get back to your project. But a few days later the same agent gets back to you to take care of the same issue.
    • This is negatively impacting your work quality and causing some friction between the project team and the service desk.

    Link how improvement in project transitioning to the service desk can help service support

    A successful launch can still be a failure if the support team isn't fully informed and prepared.

    • In such a situation, the project team sends impacted users a mass notification without a solid plan for training and no proper documentation.
    • To provide proper customer service, organizations should involve several stakeholder groups to collaborate for a seamless transition of projects to the service desk.
    • This shift in service support takes time and effort; however, via proper planning there will be less confusion around customer service, and it will be done much faster.
      • For instance, if AppDev is customizing an ERP solution without considering knowledge transfer to the service desk, relevant tickets will be unnecessarily escalated to the project team.
    • On the other hand, the service desk should update configuration items (CIs) and the service catalog and related requests, incidents, problems, and workarounds to the relevant assets and configurations.
    • In this transition process, knowledge transfer plays a key role. Users, the service desk, and other service support teams need to know how the new application or service works and how to manage it when an issue arises.
    • Without a knowledge transfer, service support will be forced to either reinvent the wheel or escalate the ticket to the development team. This will unnecessarily increase the time for ticket handling, increase cost per ticket, and reduce end-user satisfaction.

    Info-Tech Insight

    Involve the service desk in the transition process via clear communication, knowledge transfer, and staff training.

    Integrate the service desk into the project management lifecycle for a smooth transition of service support

    Service desk involvement in the development, testing, and maintenance/change activity steps of your project lifecycle will help you logically define the category and priority level of the service and enable service level improvement accordingly after the project goes live.

    Project management lifecycle

    As some of the support and project processes can be integrated, responsibility silos should be broken

    Processes are done by different roles. Determine roles and responsibilities for the overlapping processes to streamline service support transition to the service desk.

    The project team is dedicated to projects, while the support team focuses on customer service for several products.

    Siloed responsibilities:

    • Project team transfers the service fully to the service desk and leaves technicians alone for support without a good knowledge transfer.
    • Specialists who were involved in the project have deep knowledge about the product, but they are not involved in incident or problem management.
    • Service desk was not involved in the planning and execution processes, which leads to lack of knowledge about the product. This leaves the support team with some vague knowledge about the service, which negatively impacts the quality of incident and problem management.

    How to break the silos:

    Develop a tiered model for the service desk and include project delivery in the specialist tier.

    • Use tier 1 (service desk) as a single point of contact to support all IT services.
    • Have tier 2/3 as experts in technology. These agents are a part of the project team. They are also involved in incident management, root-cause analysis, and change management.

    Determine the interfaces

    At the project level, get a clear understanding of support capabilities and demands, and communicate them to the service desk to proactively bring them into the planning step.

    The following questions help you with an efficient plan for support transition

    Questions for support transition

    Clear responsibilities help you define the level of involvement in the overlapping processes

    Conduct a stakeholder analysis to identify the people that can help ensure the success of the transition.

    Goal: Create a prioritized list of people who are affected by the new service and will provide support.

    Why is stakeholder analysis essential?

    Why is stakeholder analysis essential

    Identify the tasks that are required for a successful project handover

    Embed the tasks that the project team should deliver before handing support to the service desk.

    Task/Activity Example

    Conduct administrative work in the application

    • New user setup
    • Password reset

    Update documentation

    • Prepare for knowledge transfer>
    Service request fulfillment/incident management
    • Assess potential bugs
    Technical support for systems troubleshooting
    • Configure a module in ITSM solution

    End-user training

    • FAQs
    • How-to questions
    Service desk training
    • Train technicians for troubleshooting

    Support management (monitoring, meeting SLAs)

    • Monitoring
    • Meeting SLAs

    Report on the service transitioning

    • Transition effectiveness
    • Four-week warranty period
    Ensure all policies follow the transition activities
    • The final week of transition, the service desk will be called to a meeting for final handover of incidents and problems

    Integrate project description and service priority throughout development phase

    Include the service desk in discussions about project description, so it will be enabled to define service priority level.

    • Project description will be useful for bringing the project forward to the change advisory board (CAB) for approval and setting up the service in the CMDB.
    • Service priority is used for adding the next layer of attributes to the CMDB for the service and ensuring the I&O department can set up systems monitoring.
    • This should be done early in the process in conjunction with the project manager and business sponsors.
    • It should be done as the project gets underway and the team can work on specifically where that milestone will be in each project.
    • What to include in the project description:
      • Name
      • Purpose
      • Publisher
      • Departments that will use the service
      • Service information
      • Regulatory constrains
    • What to include in the service priority information:
      • Main users
      • Number of users
      • Service requirements
      • System interdependencies
      • Criticality of the dependent systems
      • Service category
      • Service SME and support backup
      • System monitoring resources
      • Alert description and flow

    Document project description and service priority in the Project Handover Template.

    Embed service levels and maintenance information

    Include the service desk in discussions about project description, so it will be enabled to define service priority level.

    • Service level objectives (SLOs) will be added to CMDB to ensure the product is reviewed for business continuity and disaster recovery and that the service team knows what is coming.
    • This step will be good to start thinking about training agents and documenting knowledgebase (KB) articles.
    • What to include in SLO:
      • Response time
      • Resolution time
      • Escalation time
      • Business owner
      • Service owner
      • Vendor(s)
      • Vendor warranties
      • Data archiving/purging
      • Availability list
      • Business continuity/recovery objectives
      • Scheduled reports
      • Problem description
    • Maintenance and change requirements: You should add maintenance windows to the change calendar and ensure the maintenance checklist is added to KB articles and technician schedules.
    • What to include in maintenance and change requirements:
      • Scheduled events for the launch
      • Maintenance windows
      • Module release
      • Planned upgrades
      • Anticipated intervals for changes and trigger points
      • Scheduled batches

    Document service level objectives and maintenance in the Project Handover Template.

    Enhance communication between the project team and the service desk

    Communicating with the service desk early and often will ensure that agents fully get a deep knowledge of the new technology.

    Transition of a project to the service desk includes both knowledge transfer and execution transfer.

    01

    Provide training and mentoring to ensure technical knowledge is passed on.

    02

    Transfer leadership responsibilities by appointing the right people.

    03

    Transfer support by strategically assigning workers with the right technical and interpersonal skills.

    04

    Transfer admin rights to ensure technicians have access rights for troubleshooting.

    05

    Create support and a system to transfer work process. For example, using an online platform to store knowledge assets is a great way for support to access project information.

    Info-Tech Insight

    A communication plan and executive presentation will help project managers outline recommendations and communicate their benefits.

    Communicate reasons for projects and how they will be implemented

    Proactive communication of the project to affected stakeholders will help get their buy-in for the new technology and feedback for better support.

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, that makes the change concrete and meaningful to staff.

    The message should:

    • Explain why the change or new application is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed due to the new or updated product.
    • Explain how the application will be implemented.
    • Address how this will affect various roles in the organization.
    • Discuss the staff’s role in making the project successful.
    • Communicate the supporting roles in the early implementation stages and later on.

    Five elements of communicating change

    Implement knowledge transfer to the service desk to ensure tickets won’t be unnecessarily escalated

    The support team usually uses an ITSM solution, while the project team mostly uses a project management solution. End users’ support is done and documented in the ITSM tool.

    Even terminologies used by these teams are different. For instance, service desk’s “incident” is equivalent to a project manager’s “defect.” Without proper integration of the development and support processes, the contents get siloed and outdated over time.

    Potential ways to deal with this challenge:

    Use the same platform for both project and service support

    This helps you document information in a single platform and provides better visibility of the project status to the support team as well. It also helps project team find out change-related incidents for a faster rollback.

    Note: This is not always feasible because of the high costs incurred in purchasing a new application with both ITSM and PM capabilities and the long time it takes for implementing such a solution.

    Integrate the PM and ITSM tools to improve transition efficiency

    Note: Consider the processes that should be integrated. Don’t integrate unnecessary steps in the development stage, such as design, which will not be helpful for support transition.

    Build a training plan for the new service

    When a new system is introduced or significant changes are applied, describe the steps and timeline for training.

    Training the service desk has two-fold benefits:
    Improve support:
    • Support team gets involved in user acceptance testing, which will provide feedback on potential bugs or failures in the technology.
    • Collaboration between specialists and tier 1 technicians will allow the service desk to gather information for handling potential incidents on the application.
    Shift-left enablement:
    • At the specialist level, agents will be more focused on other projects and spend less time on application issues, as they are mostly handled by the service desk.
    • As you shift service support left:
      • Cost per ticket decreases as more of the less costly resources are doing the work.
      • Average time to resolve decreases as the ticket is handled by the service desk.
      • End-user satisfaction increases as they don’t need to wait long for resolution.

    Who resolves the incident

    For more information about shift-left enablement, refer to InfoTech’s blueprint Optimize the Service Desk With a Shift-Left Strategy.

    Integrate knowledge management in the transition plan

    Build a knowledge transfer process to streamline service support for the newly developed technology.

    Use the following steps to ensure the service desk gets trained on the new project.

    1. Identify learning opportunities.
    2. Prioritize the identified opportunities based on:
    • Risk of lost knowledge
    • Impact of knowledge on support improvement
  • Define ways to transfer knowledge from the project team to the service desk. These could be:
    • One-on-one meetings
    • Mentoring sessions
    • Knowledgebase articles
    • Product road test
    • Potential incident management shadowing
  • Capture and transfer knowledge (via the identified means).
  • Support the service desk with further training if the requirement arises.
  • Info-Tech Insight

    Allocate knowledge transfer within ticket handling workflows. When incident is resolved by a specialist, they will assess if it is a good candidate for technician training and/or a knowledgebase article. If so, the knowledge manager will be notified of the opportunity to assign it to a SME for training and documentation of an article.

    For more information about knowledge transfer, refer to phase 3 of Info-Tech’s blueprint Standardize the Service Desk.

    Focus on the big picture first

    Identify training functions and plan for a formal knowledge transfer

    1. Brainstorm training functions for each group.
    2. Determine the timeline needed to conduct training for the identified training topics.
    RoleTraining FunctionTimeline

    Developer/Technical Support

    • Coach the service desk on the new application
    • Document relevant KB articles
    Business Analysts
    • Conduct informational interviews for new business requirements

    Service Desk Agents

    • Conduct informational interviews
    • Shadow incident management procedures
    • Document lessons learned
    Vendor
    • Provide cross-training to support team

    Document your knowledge transfer plan in the Project Handover Template.

    Build a checklist of the transition action items

    At this stage, the project is ready to go live and support needs to be independently done by the service desk.

    Checklist of the transition action items

    Info-Tech Insight

    No matter how well training is done, specialists may need to work on critical incidents and handle emergency changes. With effective service support and transition planning, you can make an agreement between the incident manager, change manager, and project manager on a timeline to balance critical incident or emergency change management and project management and define your SLA.

    Activity: Prepare a checklist of initiatives before support transition

    2-3 hours

    Document project support information and check off each support transition initiative as you shift service support to the service desk.

    1. As a group, review the Project Handover Template that you filled out in the previous steps.
    2. Download the Service Support Transitioning Checklist, and review the items that need to be done throughout the development, testing, and deployment steps of your project.
    3. Brainstorm at what step service desk needs to be involved.
    4. As you go through each initiative and complete it, check it off to make sure you are following the agreed document for a smooth transition of service support.
    Input Output
    • Project information
    • Support information for developed application/service
    • List of transitioning initiatives
    MaterialsParticipants
    • Project Handover Template
    • Service Support Transitioning Checklist
    • Project Team
    • Service Desk Manager
    • IT Lead

    Download the Project Handover Template

    Download the Service Support Transitioning Checklist

    Define metrics to track the success of project transition

    Consider key metrics to speak the language of targeted end users.

    You won’t know if transitioning support processes are successful unless you measure their impact. Find out your objectives for project transition and then track metrics that will allow you to fulfill these goals.

    Determine critical success factors to help you find out key metrics:

    High quality of the service

    Effectiveness of communication of the transition

    Manage risk of failure to help find out activities that will mitigate risk of service disruption

    Smooth and timely transition of support to the service desk

    Efficient utilization of the shared services and resources to mitigate conflicts and streamline service transitioning

    Suggested metrics:

    • Time to fulfill requests and resolve incidents for the new project
    • Time spent training the service desk
    • Number of knowledgebase articles created by the project team
    • Percentage of articles used by the service desk that prevented ticket escalation
    • First-level resolution
    • Ratio of escalated tickets for the new project
    • Problem ticket volume for the new project
    • Average customer satisfaction with the new project support
    • SLA breach rate

    Summary of Accomplishment

    Problem Solved

    Following the steps outlined in this research has helped you build a strategy to shift service support from the project team to the service desk, resulting in an improvement in customer service and agent satisfaction.

    You have also developed a plan to break the silo between the service desk and specialists and enable knowledge transfer so the service desk will not need to unnecessarily escalate tickets to developers. In the meantime, specialists are also responsible for service desk training on the new application.

    Efficient communication of service levels has helped the project team set clear expectations for managers to create a balance between their projects and service support.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Standardize the Service Desk

    Improve customer service by driving consistency in your support approach and meeting SLAs.

    Optimize the Service Desk With a Shift-Left Strategy

    The best type of service desk ticket is the one that doesn’t exist.

    Tailor IT Project Management Processes to Fit Your Projects

    Right-size PMBOK for all of your IT projects.

    Works Cited

    Brown, Josh. “Knowledge Transfer: What it is & How to Use it Effectively.” Helpjuice, 2021. Accessed November 2022.

    Magowan, Kirstie. “Top ITSM Metrics & KPIs: Measuring for Success, Aiming for Improvement.” BMC Blogs, 2020. Accessed November 2022.

    “The Complete Blueprint for Aligning Your Service Desk and Development Teams (Process Integration and Best Practices).” Exalate, 2021. Accessed October 2022.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2010. Web.

    Succeed With Digital Strategy Execution

    • Buy Link or Shortcode: {j2store}527|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Rising customer expectations and competitive pressures have accelerated the pace at which organizations are turning to digital transformation to drive revenue or cut costs.
    • Many digital strategies are not put into action, and instead sit on the shelf. A digital strategy that is not translated into specific projects and initiatives will provide no value to the organization.
    • Executing a digital strategy is easier said than done: IT often lacks the necessary framework to create a roadmap, or fails to understand how new applications can enable the vision outlined in the strategy.

    Our Advice

    Critical Insight

    • A digital strategy needs a clear roadmap to succeed. Too many digital strategies are lofty statements of objective with no clear avenue for actual execution: create a digital strategy application roadmap to avoid this pitfall.
    • Understand the art of execution. Application capabilities are rapidly evolving: IT must stand ready to educate the business on how new applications can be used to pursue the digital strategy.

    Impact and Result

    • IT must work with the business to parse specific technology drivers from the digital strategy, distill strategic requirements, and create a prescriptive roadmap of initiatives that will close the gaps between the current state and the target state outlined in the digital strategy. Doing so well is a path to the CIO’s office.
    • To better serve the organization, IT leaders must stay abreast of key application capabilities and trends. Exciting new developments such as artificial intelligence, IoT, and machine learning have opened up new avenues for process digitization, but IT leaders need to make a concerted effort to understand what modern applications bring to the table for technology enablement of the digital strategy.
    • Taking an agile approach to application roadmap development will help to provide a clear path forward for tackling digital strategy execution, while also allowing for flexibility to update and iterate as the internal and external environment changes.

    Succeed With Digital Strategy Execution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have a structured approach to translating your digital strategy to specific application initiatives, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Parse digital strategy drivers

    Parse specific technology drivers out of the formal enterprise digital strategy.

    • Succeed With Digital Strategy Execution – Phase 1: Parse Your Digital Strategy for Critical Technology Drivers

    2. Map drivers to enabling technologies

    Review and understand potential enabling applications.

    • Succeed With Digital Strategy Execution – Phase 2: Map Your Drivers to Enabling Applications

    3. Create the application roadmap to support the digital strategy

    Use the drivers and an understanding of enabling applications to put together an execution roadmap that will support the digital strategy.

    • Succeed With Digital Strategy Execution – Phase 3: Create an Application Roadmap That Supports the Digital Strategy
    • Digital Strategy Roadmap Tool
    • Application Roadmap Presentation Template
    • Digital Strategy Communication and Execution Plan Template
    [infographic]

    Workshop: Succeed With Digital Strategy Execution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Validate the Digital Strategy

    The Purpose

    Review and validate the formal enterprise digital strategy.

    Key Benefits Achieved

    Confirmation of the goals, objectives, and direction of the organization’s digital strategy.

    Activities

    1.1 Review the initial digital strategy.

    1.2 Determine gaps.

    1.3 Refine digital strategy scope and vision.

    1.4 Finalize digital strategy and validate with stakeholders.

    Outputs

    Validated digital strategy

    2 Parse Critical Technology Drivers

    The Purpose

    Enumerate relevant technology drivers from the digital strategy.

    Key Benefits Achieved

    List of technology drivers to pursue based on goals articulated in the digital strategy.

    Activities

    2.1 Identify affected process domains.

    2.2 Brainstorm impacts of digital strategy on technology enablement.

    2.3 Distill critical technology drivers.

    2.4 Identify KPIs for each driver.

    Outputs

    Affected process domains (based on APQC)

    Critical technology drivers for the digital strategy

    3 Map Drivers to Enabling Applications

    The Purpose

    Relate your digital strategy drivers to specific, actionable application areas.

    Key Benefits Achieved

    Understand the interplay between the digital strategy and impacted application domains.

    Activities

    3.1 Build and review current application inventory for digital.

    3.2 Execute fit-gap analysis between drivers and current state inventory.

    3.3 Pair technology drivers to specific enabling application categories.

    Outputs

    Current-state application inventory

    Fit-gap analysis

    4 Understand Applications

    The Purpose

    Understand how different applications support the digital strategy.

    Understand the art of the possible.

    Key Benefits Achieved

    Knowledge of how applications are evolving from a features and capabilities perspective, and how this pertains to digital strategy enablement.

    Activities

    4.1 Application spotlight: customer experience.

    4.2 Application spotlight: content and collaboration.

    4.3 Application spotlight: business intelligence.

    4.4 Application spotlight: enterprise resource planning.

    Outputs

    Application spotlights

    5 Build the Digital Application Roadmap

    The Purpose

    Create a concrete, actionable roadmap of application and technology initiatives to move the digital strategy forward.

    Key Benefits Achieved

    Clear, concise articulation of application roadmap for supporting digital that can be communicated to the business.

    Activities

    5.1 Build list of enabling projects and applications.

    5.2 Create prioritization criteria.

    5.3 Build the digital strategy application roadmap.

    5.4 Socialize the roadmap.

    5.5 Delineate responsibility for roadmap execution.

    Outputs

    Application roadmap for the digital strategy

    RACI chart for digital strategy roadmap execution

    Craft a Customer-Driven Market Strategy With Unbiased Data

    • Buy Link or Shortcode: {j2store}611|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Market strategies are informed by gut feel and endless brainstorming instead of market data to take their product from concept to customer.
    • Hiring independent market research firms results in a lack of unbiased third-party data. Research firms tell vendors what they want to hear instead of offering an agnostic view of software trends.
    • Dissatisfied customers don’t tell you directly why they are leaving, so there is no feedback loop back into product improvements.
    • Often a market strategy is built after a product is developed to force the product’s fit in the market. The product marketing team has no say in the product vision or future improvements.

    Our Advice

    Critical Insight

    • Adopt the 5 P’s to building a winning market strategy: Proposition, Product, Pricing, Placement, and Promotion.
    • You can’t be everything to everyone. Testing your proposition in the market to see what sticks is a risky move. Promise future value using past successes by gaining a deeper understanding of which customers and submarkets truly align to your product.
    • Customers have learned to avoid shiny new objects but still expect rapid feature releases. Differentiating features require a closer look at the underpinning vendor capabilities. Having intentional feature releases requires a feedback loop into the product roadmap and increases influence by the product marketing team.
    • Price transparency and sensitivity should drive what you offer to customers. Negotiating solely on price is a race to the bottom.

    Impact and Result

    • Leverage this report to gain insights on the software selection process and what top vendors do best.
    • Gain a bird’s-eye view on customer purchasing behavior using over 40,000 data points on satisfaction and importance collected directly from the source.
    • Build a winning market strategy influenced by real customer data that drives vendor success.

    Craft a Customer-Driven Market Strategy With Unbiased Data Research & Tools

    Read the storyboard

    Read our storyboard to find out why you should leverage SoftwareReviews data to craft your market strategy, review Info-Tech’s methodology, and understand unbiased customer data on software purchasing triggers.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Craft a Customer-Driven Market Strategy With Unbiased Data Storyboard
    [infographic]

    Develop a Security Operations Strategy

    • Buy Link or Shortcode: {j2store}264|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $79,249 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • There is an onslaught of security data – generating information in different formats, storing it in different places, and forwarding it to different locations.
    • The organization lacks a dedicated enterprise security team. There is limited resourcing available to begin or mature a security operations center.
    • Many organizations are developing ad hoc security capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of security technology investments.
    • It is difficult to communicate the value of a security operations program when trying to secure organizational buy-in to gain the appropriate resourcing.
    • There is limited communication between security functions due to a centralized security operations organizational structure.

    Our Advice

    Critical Insight

    1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    2. Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives.
    3. If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Impact and Result

    • A unified security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes, addressing the increasing sophistication of cyberthreats, and guiding continuous improvement.
    • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Develop a Security Operations Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should enhance your security operations program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess your current state

    Assess current prevention, detection, analysis, and response capabilities.

    • Develop a Security Operations Strategy – Phase 1: Assess Operational Requirements
    • Security Operations Preliminary Maturity Assessment Tool

    2. Develop maturity initiatives

    Design your optimized state of operations.

    • Develop a Security Operations Strategy – Phase 2: Develop Maturity Initiatives
    • Information Security Requirements Gathering Tool
    • Concept of Operations Maturity Assessment Tool

    3. Define operational interdependencies

    Identify opportunities for collaboration within your security program.

    • Develop a Security Operations Strategy – Phase 3: Define Operational Interdependencies
    • Security Operations RACI Chart & Program Plan
    • Security Operations Program Cadence Schedule Template
    • Security Operations Collaboration Plan
    • Security Operations Metrics Summary Document
    [infographic]

    Workshop: Develop a Security Operations Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Operational Requirements

    The Purpose

    Determine current prevention, detection, analysis, and response capabilities, operational inefficiencies, and opportunities for improvement.

    Key Benefits Achieved

    Determine why you need a sound security operations program.

    Understand Info-Tech’s threat collaboration environment.

    Evaluate your current security operation’s functions and capabilities.

    Activities

    1.1 Understand the benefits of refining your security operations program.

    1.2 Gauge your current prevention, detection, analysis, and response capabilities.

    Outputs

    Security Operations Preliminary Maturity Assessment Tool

    2 Develop Maturity Initiatives

    The Purpose

    Begin developing and prioritizing gap initiatives in order to achieve the optimal state of operations.

    Key Benefits Achieved

    Establish your goals, obligations, scope, and boundaries.

    Assess your current state and define a target state.

    Develop and prioritize gap initiatives.

    Define the cost, effort, alignment, and security benefits of each initiative.

    Develop a security strategy operational roadmap.

    Activities

    2.1 Assess your current security goals, obligations, and scope.

    2.2 Design your ideal target state.

    2.3 Prioritize gap initiatives.

    Outputs

    Information Security Strategy Requirements Gathering Tool

    Security Operations Maturity Assessment Tool

    3 Define Operational Interdependencies

    The Purpose

    Identify opportunities for collaboration.

    Formalize your operational process flows.

    Develop a comprehensive and actionable measurement program.

    Key Benefits Achieved

    Understand the current security operations process flow.

    Define the security operations stakeholders and their respective deliverables.

    Formalize an internal information-sharing and collaboration plan.

    Activities

    3.1 Identify opportunities for collaboration.

    3.2 Formalize a security operations collaboration plan.

    3.3 Define operational roles and responsibilities.

    3.4 Develop a comprehensive measurement program.

    Outputs

    Security Operations RACI & Program Plan Tool

    Security Operations Collaboration Plan

    Security Operations Cadence Schedule Template

    Security Operations Metrics Summary

    Further reading

    INFO-TECH RESEARCH GROUP

    Develop a Security Operations Strategy

    Transition from a security operations center to a threat collaboration environment.

    Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.
    © 1997-2017 Info-Tech Research Group Inc.

    ANALYST PERSPECTIVE

    “A reactive security operations program is no longer an option. The increasing sophistication of threats demands a streamlined yet adaptable mitigation and remediation process. Protect your assets by preparing for the inevitable; unify your prevention, detection, analysis, and response efforts and provide assurance to your stakeholders that you are making information security a top priority.”

    Phot of Edward Gray, Consulting Analyst, Security, Risk & Compliance, Info-Tech Research Group.

    Edward Gray,
    Consulting Analyst, Security, Risk & Compliance
    Info-Tech Research Group



    Our understanding of the problem

    This Research Is Designed For:
    • Chief Information Officer (CIO)
    • Chief Information Security Officer (CISO)
    • Chief Operating Officer (COO)
    • Security / IT Management
    • Security Operations Director / Security Operations Center (SOC)
    • Network Operations Director / Network Operations Center (NOC)
    • Systems Administrator
    • Threat Intelligence Staff
    • Security Operations Staff
    • Security Incident Responders
    • Vulnerability Management Staff
    • Patch Management
    This Research Will Help You:
    • Enhance your security program by implementing and streamlining next-generation security operations processes.
    • Increase organizational situational awareness through active collaboration between core threat teams, enriching internal security events with external threat intelligence and enhancing security controls.
    • Develop a comprehensive threat analysis and dissemination process: align people, process, and technology to scale security to threats.
    • Identify the appropriate technological and infrastructure-based sourcing decisions.
    • Design a step-by-step security operations implementation process.
    • Pursue continuous improvement: build a measurement program that actively evaluates program effectiveness.
    This Research Will Also Assist:
    • Board / Chief Executive Officer
    • Information Owners (Business Directors/VP)
    • Security Governance and Risk Management
    • Fraud Operations
    • Human Resources
    • Legal and Public Relations
    This Research Will Help Them
    • Aid decision making by staying abreast of cyberthreats that could impact the business.
    • Increase visibility into the organization’s threat landscape to identify likely targets or identify exposed vulnerabilities.
    • Ensure the business is compliant with regularity, legal, and/or compliance requirements.
    • Understand the value and return on investment of security operations offerings.

    Executive summary

    Situation

    • Current security practices are disjointed, operating independently with a wide variety of processes and tools to conduct incident response, network defense, and threat analysis. These disparate mitigations leave organizations vulnerable to the increasing number of malicious events.
    • Threat management has become resource intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data, while juggling business, compliance, and consumer obligations.

    Complication

    • There is an onslaught of security data – generating information in different formats, storing it in different places, and forwarding it to different locations.
    • The organization lacks a dedicated enterprise security team. There is limited resourcing available to begin or mature a security operations center.
    • Many organizations are developing ad hoc security capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of their security technology investments.
    • It is difficult to communicate the value of a security operations program when trying to secure organizational buy-in to gain the appropriate resourcing.
    • There is limited communication between security functions due to a centralized security operations organizational structure.

    Resolution

    • A unified security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes, addressing the increasing sophistication of cyberthreats, and guiding continuous improvement.
    • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Info-Tech Insight

    1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    2. Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives.
    3. If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Data breaches are resulting in major costs across industries

    Horizontal bar chart of 'Per capita cost by industry classification of benchmarked companies', with the highest cost attributed to 'Health', 'Pharmaceutical', 'Financial', 'Energy', and 'Transportation'.

    Average data breach costs per compromised record hit an all-time high of $217 (in 2015); $74 is direct cost (e.g. legal fees, technology investment) and $143 is indirect cost (e.g. abnormal customer churn). (Source: Ponemon Institute, “2015 Cost of Data Breach Study: United States”)

    '% of systems impacted by a data breach', '1% No Impact', '19% 1-10% impacted', '41% 11-30% impacted', '24% 31-50% impacted', '15% more than 50% impacted
    Divider line.
    '% of customers lost from a data breach', '61% Lost <20%', '21% Lost 20-40%', '8% Lost 40-60%', '6% Lost 60-80%', '4% Lost 80-100%'.
    Divider line.
    '% of business opportunity lost from a data breach', '58% Lost <20%', '25% Lost 20-40%', '9% Lost, 40-60%', '5% Lost 60-80%', '4% Lost 80-100%'.
    (Source: The Network, “ Cisco 2017 Security Capabilities Benchmark Study”)

    Persistent issues

    • Organizational barriers separating prevention, detection, analysis, and response efforts.
      Siloed operations limit collaboration and internal knowledge sharing.
    • Lack of knowledgeable security staff.
      Human capital is transferrable between roles and functions and must be cross-trained to wear multiple hats.
    • Failure to evaluate and improve security operations.
      The effectiveness of operations must be frequently measured and (re)assessed through an iterative system of continuous improvement.
    • Lack of standardization.
      Pre-established use cases and policies outlining tier-1 operational efforts will eliminate ad hoc remediation efforts and streamline operations.
    • Failure to acknowledge the auditor as a customer.
      Many compliance and regulatory obligations require organizations to have comprehensive documentation of their security operations practices.

    60% Of organizations say security operation teams have little understanding of each other’s requirements.

    40% Of executives report that poor coordination leads to excessive labor and IT operational costs.

    38-100% Increase in efficiency after closing operational gaps with collaboration.
    (Source: Forbes, “The Game Plan for Closing the SecOps Gap”)

    The solution

    Bar chart of the 'Benefits of Internal Collaboration' with 'Increased Operational Efficiency' and 'Increased Problem Solving' having the highest percentage.

    “Empower a few administrators with the best information to enable fast, automated responses.”
    – Ismael Valenzuela, IR/Forensics Technical Practice Manager, Foundstone® Services, Intel Security)

    Insufficient security personnel resourcing has been identified as the most prevalent challenge in security operations…

    When an emergency security incident strikes, weak collaboration and poor coordination among critical business functions will magnify inefficiencies in the incident response (IR) process, impacting the organization’s ability to minimize damage and downtime.

    The solution: optimize your SOC. Info-Tech has seen SOCs with five analysts outperform SOCs with 25 analysts through tools and process optimization.

    Sources:
    Ponemon. "2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB).”
    Syngress. Designing and Building a Security Operations Center.

    Maintain a holistic security operations program

    Legacy security operations centers (SOCs) fail to address gaps between data sources, network controls, and human capital. There is limited visibility and collaboration between departments, resulting in siloed decisions that do not support the best interests of the organization.
    Venn diagram of 'Next-Gen Security Operations' with four intersecting circles: 'Prevent', 'Detect', 'Analyze', and 'Respond'.

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address cyberthreats affecting the organization’s brand, business operations, and technology infrastructure on a daily basis.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Diligent patching and vulnerability management, endpoint protection, and strong human-centric security (amongst other tactics) are essential. Detect: There are two types of companies – those who have been breached and know it and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs
    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook in order to reduce incident remediation time and effort.

    Info-Tech’s security operations blueprint ties together various initiatives

    Stock image 1.

    Design and Implement a Vulnerability Management Program

    Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    Deliverables
    • Vulnerability Tracking Tool
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template
    • Vulnerability Mitigation Process Template
    Stock image 2.

    Integrate Threat Intelligence Into Your Security Operations

    Threat Intelligence
    Threat intelligence addresses the collection, analysis, and dissemination of external threat data. Analysts act as liaisons to their peers, publishing actionable threat alerts, reports, and briefings. Threat intelligence proactively monitors and identifies whether threat indicators are impacting your organization.
    • Maturity Assessment Tool
    • Threat Intelligence RACI Tool
    • Management Plan Template
    • Threat Intelligence Policy Template
    • Alert Template
    • Alert and Briefing Cadence Schedule
    Stock image 3.

    Develop Foundational Security Operations Processes

    Operations
    Security operations include the real-time monitoring and analysis of events based on the correlation of internal and external data sources. This also includes incident escalation based on impact. Analysts are constantly tuning and tweaking rules and reporting thresholds to further help identify which indicators are most impactful during the analysis phase of operations.
    • Maturity Assessment Tool
    • Event Prioritization Tool
    • Efficiency Calculator
    • SecOps Policy Template
    • In-House vs. Outsourcing Decision-Making Tool
    • SecOps RACI Tool
    • TCO & ROI Comparison Calculator
    Stock image 4.

    Develop and Implement a Security Incident Management Program

    Incident Response
    Effective and efficient management of incidents involves a formal process of analysis, containment, eradication, recovery, and post-incident activities. IR teams coordinate root-cause analysis and incident gathering while facilitating post-incident lessons learned. Incident response can provide valuable threat data that ties specific indicators to threat actors or campaigns.
    • Incident Management Policy
    • Maturity Assessment Tool
    • Incident Management RACI Tool
    • Incident Management Plan
    • Incident Runbook Prioritization Tool
    • Various Incident Management Runbooks

    This blueprint will…

    …better protect your organization with an interdependent and collaborative security operations program.

    Phase 01

    Assess your operational requirements.

    Phase 02

    Optimize and further mature your security operations processes

    Phase 3a

    Develop the process flow and specific interaction points between functions

    Phase 3b

    Test your current capabilities with a table top exercise
    Briefly assess your current prevention, detection, analysis, and response capabilities.
    Highlight operational weak spots that should be addressed before progressing.
    Develop a prioritized list of security-focused operational initiatives.
    Conduct a holistic analysis of your operational capabilities.
    Define the operational interaction points between security-focused operational departments.
    Document the results in comprehensive operational interaction agreement.
    Test your operational processes with Info-Tech’s security operations table-top exercise.

    Info-Tech integrates several best practices to create a best-of-breed security framework

    Legend for the 'Information Security Framework' identifying blue best practices as 'In Scope' and white best practices as 'Out of Scope'. Info-Tech's 'Information Security Framework' of best practices with two main categories 'Governance' and 'Management', each with subcategories such as 'Context & Leadership' and 'Prevention', each with a group of best practices color-coded to the associated legend identifying them as 'In Scope' or 'Out of Scope'.

    Benefits of a collaborative and integrated operations program

    Effective security operations management will help you do the following:

    • Improve efficacy
      Develop structured processes to automate activities and increase process consistency across the security program. Expose operational weak points and transition teams from firefighting to an innovator role.
    • Improve threat protection
      Enhance network controls through the hardening of perimeter defenses, an intelligence-driven analysis process, and a streamlined incident remediation process.
    • Improve visibility and information sharing
      Promote both internal and external information sharing to enable good decision making.
    • Create and clarify accountability and responsibility
      Security operations management practices will set a clear level of accountability throughout the security program and ensure role responsibility for all tasks and processes involved in service delivery.
    • Control security costs
      Security operations management is concerned with delivering promised services in the most efficient way possible. Good security operations management practices will provide insight into current costs across the organization and present opportunities for cost savings.
    • Identify opportunities for continuous improvement
      Increased visibility into current performance levels and the ability to accurately identify opportunities for continuous improvement.

    Impact

    Short term:

    • Streamlined security operations program development process.
    • Completed comprehensive list of operational gaps and initiatives.
    • Formalized and structured implementation process.
    • Standardized operational use cases that predefine necessary operational protocol.

    Long term:

    • Enhanced visibility into immediate threat environment.
    • Improved effectiveness of internal defensive controls.
    • Increased operational collaboration between prevention, detection, analysis, and response efforts.
    • Enhanced security pressure posture.
    • Improved communication with executives about relevant security risks to the business.

    Understand the cost of not having a suitable security operations program

    A practical approach, justifying the value of security operations, is to identify the assets at risk and calculate the cost to the company should the information assets be compromised (i.e. assess the damage an attacker could do to the business).

    Cost Structure Cost Estimation ($) for SMB
    (Small and medium-sized business)
    Cost Estimation ($) for LE
    (Large enterprise)
    Security controls Technology investment: software, hardware, facility, maintenance, etc.
    Cost of process implementation: incident response, CMBD, problem management, etc.
    Cost of resource: salary, training, recruiting, etc.
    $0-300K/year $200K-2M/year
    Security incidents
    (if no security control is in place)
    Explicit cost:
    1. Incident response cost:
      • Remediation costs
      • Productivity: (number of employees impacted) × (hours out) × (burdened hourly rate)
      • Extra professional services
      • Equipment rental, travel expenses, etc.
      • Compliance fine
      • Cost of notifying clients
    2. Revenue loss: direct loss, the impact of permanent loss of data, lost future revenues
    3. Financial performance: credit rating, stock price
      Hidden cost:
      • Reputation, customer loyalty, etc.
    $15K-650K/year $270K-11M/year

    Workshop Overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities
    • Kick-off and introductions.
    • High-level overview of weekly activities and outcomes.
    • Activity: Define workshop objectives and current state of knowledge.
    • Understand the threat collaboration environment.
    • Understand the benefits of an optimized security operations.
    • Activity: Review preliminary maturity level.
    • Activity: Assess current people, processes, and technology capabilities.
    • Activity: Assess workflow capabilities.
    • Activity: Begin deep-dive into maturity assessment tool.
    • Discuss strategies to enhance the analysis process (ticketing, automation, visualization, use cases, etc.).
    • Activity: Design ideal target state.
    • Activity: Identify security gaps.
    • Build initiatives to bridge the gaps.
    • Activity: Estimate the resources needed.
    • Activity: Prioritize gap initiatives.
    • Activity: Develop dashboarding and visualization metrics.
    • Activity: Plan for a transition with the security roadmap and action plan.
    • Activity: Define and assign tier 1, 2 & 3 SOC roles and responsibilities.
    • Activity: Assign roles and responsibilities for each security operations initiative.
    • Activity: Develop a comprehensive measurement program.
    • Activity: Develop specific runbooks for your top-priority incidents (e.g. ransomware).
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Activity:Conduct attack campaign simulation.
    • Finalize main deliverables.
    • Schedule feedback call.
    Deliverables
    1. Security Operations Maturity Assessment Tool
    1. Target State and Gap Analysis (Security Operations Maturity Assessment Tool)
    1. Security Operations Role & Process Design
    2. Security Operations RACI Chart
    3. Security Operations Metrics Summary
    4. Security Operations Phishing Process Runbook
    5. Attack Campaign Simulation PowerPoint

    All Final Deliverables

    Develop a Security Operations Strategy

    PHASE 1

    Assess Operational Requirements

    1

    Assess Operational Requirements

    2

    Develop Maturity Initiatives

    3

    Define Interdependencies

    This step will walk you through the following activities:

    • Determine why you need a sound security operations program.
    • Understand Info-Tech’s threat collaboration environment.
    • Evaluate your current security operation’s functions and capabilities.

    Outcomes of this step

    • A defined scope and motive for completing this project.
    • Insight into your current security operations capabilities.
    • A prioritized list of security operations initiatives based on maturity level.

    Info-Tech Insight

    Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.

    Warm-up exercise: Why build a security operations program?

    Estimated time to completion: 30 minutes

    Discussion: Why are we pursuing this project?

    What are the objectives for optimizing and developing sound security operations?

    Stakeholders Required:

    • Key business executives
    • IT leaders
    • Security operations team members

    Resources Required

    • Sticky notes
    • Whiteboard
    • Dry-erase markers
    1. Briefly define the scope of security operations
      What people, processes, and technology fall within the security operations umbrella?
    2. Brainstorm the implications of not acting
      What does the status quo have in store? What are the potential risks?
    3. Define the goals of the project
      Clarify from the outset: what exactly do you want to accomplish from this project?
    4. Prioritize all brainstormed goals
      Classify the goals based on relevant prioritization criteria, e.g. urgency, impact, cost.

    Info-Tech Best Practice

    Don’t develop a security operations program with the objective of zero incidents. This reliance on prevention results in over-engineered security solutions that cost more than the assets being protected.

    Decentralizing the SOC: Security as a function

    Before you begin, remember that no two security operation programs are the same. While the end goal may be similar, the threat landscape, risk tolerance, and organizational requirements will differ from any other SOC. Determine what your DNA looks like before you begin to protect it.

    Security operations must provide several fundamental functions:
    • Real-time monitoring, detecting, and triaging of data from both internal and external sources.
    • In-depth analysis of indicators and incidents, leveraging malware analysis, correlation and rule tweaking, and forensics and eDiscovery techniques.
    • Network/host scanning and vulnerability patch management.
    • Incident response, remediation, and reporting. Security operations must disseminate appropriate information/intelligence to relevant stakeholders.
    • Comprehensive logging and ticketing capabilities that document and communicate events throughout the threat collaboration environment.
    • Tuning and tweaking of technologies to ingest collected data and enhance the analysis process.
    • Enhance overall organizational situational awareness by reporting on security trends, escalating incidents, and sharing adversary tools, tactics, and procedures.
    Venn diagram of 'Security Operations' with four intersecting circles: 'Prevent', 'Detect', 'Analyze', and 'Respond'.
    At its core, a security operations program is responsible for the prevention, detection, analysis, and response of security events.

    Optimized security operations can seamlessly integrate threat and incident management processes with monitoring and compliance workflows and resources. This integration unlocks efficiency.

    Understand the levels of security operations

    Take the time to map out what you need and where you should go. Security operations has to be more than just monitoring events – there must be a structured program.

    Foundational Arrow with a plus sign pointing right. Operational Arrow with a plus sign pointing right. Strategic
    • Intrusion Detection Management
    • Active Device and Event Monitoring
    • Log Collection and Retention
    • Reporting and Escalation Management
    • Incident Management
    • Audit Compliance
    • Vendor Management
    • Ticketing Processes
    • Packet Capture and Analysis
    • SIEM
    • Firewall
    • Antivirus
    • Patch Management
    • Event Analysis and Incident Triage
    • Security Log Management
    • Vulnerability Management
    • Host Hardening
    • Static Malware Analysis
    • Identity and Access Management
    • Change Management
    • Endpoint Management
    • Business Continuity Management
    • Encryption Management
    • Cloud Security (if applicable)
    • SIEM with Defined Use Cases
    • Big Data Security Analytics
    • Threat Intelligence
    • Network Flow Analysis
    • VPN Anomaly Detection
    • Dynamic Malware Analysis
    • Use-Case Management
    • Feedback and Continuous Improvement Management
    • Visualization and Dashboarding
    • Knowledge Portal Ticket Documentation
    • Advanced Threat Hunting
    • Control and Process Automation
    • eDiscovery and Forensics
    • Risk Management
    ——Security Operations Capabilities—–›

    Understand security operations: Establish a unified threat collaboration environment

    Stock image 1.

    Design and Implement a Vulnerability Management Program

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address threats impacting the organization’s brand, operations, and technology infrastructure.
    • Managing incident escalation and response.
    • Coordinating root-cause analysis and incident gathering.
    • Facilitating post-incident lessons learned.
    • Managing system patching and risk acceptance.
    • Conducting vulnerability assessment and penetration testing.
    • Monitoring in real-time and triaging of events.
    • Escalating events to incident management team.
    • Tuning and tweaking rules and reporting thresholds.
    • Gathering and analyzing external threat data.
    • Liaising with peers, industry, and government.
    • Publishing threat alerts, reports, and briefings.

    Info-Tech Best Practice

    Ensure that information flows freely throughout the threat collaboration environment – each function should serve to feed and enhance the next.

    Stock image 2.

    Integrate Threat Intelligence Into Your Security Operations

    Stock image 3.

    Develop Foundational Security Operations Processes

    Stock image 4.

    Develop and Implement a Security Incident Management Program

    The threat collaboration environment is comprised of three core elements

    Info-Tech Insight

    The value of a SOC can be achieved with fewer prerequisites than you think. While it is difficult to cut back on process and technology requirements, human capital is transferrable between roles and functions and can be cross-trained to satisfy operational gaps.

    Three hexes fitting together with the words 'People', 'Process', and 'Technology'. People. Effective human capital is fundamental to establishing an efficient security operations program, and if enabled correctly, can be the driving factor behind successful process optimization. Ensure you address several critical human capital components:
    • Who is responsible for each respective threat collaboration environment function?
    • What are the required operational roles, responsibilities, and competencies for each employee?
    • Are there formalized training procedures to onboard new employees?
    • Is there an established knowledge transfer and management program?
    Processes. Formal and informal mechanisms that bridge security throughout the collaboration environment and organization at large. Ask yourself:
    • Are there defined runbooks that clearly outline critical operational procedures and guidelines?
    • Is there a defined escalation protocol to transfer knowledge and share threats internally?
    • Is there a defined reporting procedure to share intelligence externally?
    • Are there formal and accessible policies for each respective security operations function?
    • Is there a defined measurement program to report on the performance of security operations?
    • Is there a continuous improvement program in place for all security operations functions?
    • Is there a defined operational vendor management program?
    Technology. The composition of all infrastructure, systems, controls, and tools that enable processes and people to operate and collaborate more efficiently. Determine:
    • Are the appropriate controls implemented to effectively prevent, detect, analyze, and remediate threats? Is each control documented with an assigned asset owner?
    • Can a solution integrate with existing controls? If so, to what extent?
    • Is there a centralized log aggregation tool such as a SIEM?
    • What is the operational cost to effectively manage each control?
    • Is the control the most up-to-date version? Have the most recent patches and configuration changes been applied? Can it be consolidated with or replaced by another control?

    Conduct a preliminary maturity assessment before tackling this project

    Stock image 1.

    Design and Implement a Vulnerability Management Program

    Sample of Info-Tech's Security Operations Preliminary Maturity Assessment

    At a high level, assess your organization’s operational maturity in each of the threat collaboration environment functions. Determine whether the foundational processes exist in order to mature and streamline your security operations.

    Stock image 2.

    Integrate Threat Intelligence Into Your Security Operations

    Stock image 3.

    Develop Foundational Security Operations Processes

    Stock image 4.

    Develop and Implement a Security Incident Management Program

    Assess the current maturity of your security operations program

    Prioritize the component most important to the development of your security operations program.

    Screenshot of a table from the Security Operations Preliminary Maturity Assessment presenting the 'Impact Sub-Weightings' of 'People', 'Process', 'Technology', and 'Policy'.
    Screenshot of a table from the Security Operations Preliminary Maturity Assessment assessing the 'Current State' and 'Target State' of different 'Security Capabilities'.
    Each “security capability” covers a component of the overarching “security function.” Assign a current and target maturity score to each respective security capability. (Note: The CMMI maturity scores are further explained on the following slide.) Document any/all comments for future Info-Tech analyst discussions.

    Assign each security capability a reflective and desired maturity score.

    Your current and target state maturity will be determined using the capability maturity model integration (CMMI) scale. Ensure that all participants understand the 1-5 scale.
    Two-way vertical arrow colored blue at the top and green at the bottom. Ad Hoc
    1 Arrow pointing right. Initial/Ad Hoc: Activity is not well defined and is ad hoc, e.g. no formal roles or responsibilities exist, de facto standards are followed on an individual-by-individual basis.
    2 Arrow pointing right. Developing: Activity is established and there is moderate adherence to its execution, e.g. while no formal policies have been documented, content management is occurring implicitly or on an individual-by-individual basis.
    3 Arrow pointing right. Defined: Activity is formally established, documented, repeatable, and integrated with other phases of the process, e.g. roles and responsibilities have been defined and documented in an accessible policy, however, metrics are not actively monitored and managed.
    4 Arrow pointing right. Managed and Measurable: Activity execution is tracked by gathering qualitative and quantitative feedback, e.g. metrics have been established to monitor the effectiveness of tier-1 SOC analysts.
    5 Arrow pointing right. Optimized: Qualitative and quantitative feedback is used to continually improve the execution of the activity, e.g. the organization is an industry leader in the respective field; research and development efforts are allocated in order to continuously explore more efficient methods of accomplishing the task at hand.
    Optimized

    Notes: Info-Tech seldom sees a client achieve a CMMI score of 4 or 5. To achieve a state of optimization there must be a subsequent trade-off elsewhere. As such, we recommend that organizations strive for a CMMI score of 3 or 4.

    Ensure that your threat collaboration environment is of a sufficient maturity before progressing

    Example report card from the maturity assessment. Functions are color-coded green, yellow, and red. Review the report cards for each of the respective threat collaboration environment functions.
    • A green function indicates that you have exceeded the operational requirements to proceed with the security operations initiative.
    • A yellow function indicates that your maturity score is below the recommended threshold; Info-Tech advises revisiting the attached blueprint. In the instance of a one-off case, the client can proceed with this security operations initiative.
    • A red function indicates that your maturity score is well below the recommended threshold; Info-Tech strongly advises to not proceed with the security operations initiative. Revisit the recommended blueprint and further mature the specific function.

    Are you ready to move on to the next phase?

    Self-Assessment Questions

    • Have you clearly defined the rationale for refining your security operations program?
    • Have you clearly defined and prioritized the goals and outcomes of optimizing your security operations program?
    • Have you assessed your respective people, process, and technological capabilities?
    • Have you completed the Security Operations Preliminary Maturity Assessment Tool?
    • Were all threat collaboration environment functions of a sufficient maturity level?

    If you answered “yes” to the questions, then you are ready to move on to Phase 2: Develop Maturity Initiatives

    Develop a Security Operations Strategy

    PHASE 2

    Develop Maturity Initiatives

    1

    Assess Operational Requirements

    2

    Develop Maturity Initiatives

    3

    Define Interdependencies

    This step will walk you through the following activities:

    • Establish your goals, obligations, scope, and boundaries.
    • Assess your current state and define a target state.
    • Develop and prioritize gap initiatives.
    • Define cost, effort, alignment, and security benefit of each initiative.
    • Develop a security strategy operational roadmap.

    Outcomes of this step

    • A formalized understanding of your business, customer, and regulatory obligations.
    • A comprehensive current and target state assessment.
    • A succinct and consolidated list of gap initiatives that will collectively achieve your target state.
    • A formally documented set of estimated priority variables (cost, effort, business alignment).
    • A fully prioritized security roadmap that is in alignment with business goals and informed by the organization’s needs and limitations.

    Info-Tech Insight

    Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives

    Align your security operations program with corporate goals and obligations

    A common challenge for security leaders is learning to express their initiatives in terms that are meaningful to business executives.

    Frame the importance of your security operations program to
    align with that of the decision makers’ over-arching strategy.

    Oftentimes resourcing and funding is dependent on the
    alignment of security initiatives to business objectives.

    Corporate goals and objectives can be categorized into three major buckets:
    1. BUSINESS OBLIGATIONS
      The primary goals and functions of the organization at large. Examples include customer retention, growth, innovation, customer experience, etc.
    2. CONSUMER OBLIGATIONS
      The needs and demands of internal and external stakeholders. Examples include ease of use (external), data protection (external), offsite access (internal), etc.
    3. COMPLIANCE OBLIGATIONS
      The requirements of the organization to comply with mandatory and/or voluntary standards. Examples include HIPAA, PIPEDA, ISO 27001, etc.
    *Do not approach the above list with a security mindset – take a business perspective and align your security efforts accordingly.

    Info-Tech Best Practice

    Developing a security operations strategy is a proactive activity that enables you to get in front of any upcoming business projects or industry trends rather than having to respond reactively later on. Consider as many foreseeable variables as possible!

    Determine your security operations program scope and boundaries

    It is important to define all security-related areas of responsibility. Upon completion you should clearly understand what you are trying to secure.

    Ask yourself:
    Where does the onus of responsibility stop?

    The organizational scope and boundaries and can be categorized into four major buckets:
    1. PHYSICAL SCOPE
      The physical locations that the security operations program is responsible for. Examples include office locations, remote access, clients/vendors, etc.
    2. IT SYSTEMS
      The network systems that must be protected by the security operations program. Examples include fully owned systems, IaaS, PaaS, remotely hosted SaaS, etc.
    3. ORGANIZATIONAL SCOPE
      The business units, departments, or divisions that will be affected by the security operations program. Examples include user groups, departments, subsidiaries, etc.
    4. DATA SCOPE
      The data types that the business handles and the privacy/criticality level of each. Examples include top secret, confidential, private, public, etc.

    This also includes what is not within scope. For some outsourced services or locations you may not be responsible for security. For some business departments you may not have control of security processes. Ensure that it is made explicit at the outset, what will be included and what will be excluded from security considerations.

    Reference Info-Tech’s security strategy: goals, obligations, and scope activities

    Explicitly understanding how security aligns with the core business mission is critical for having a strategic plan and fulfilling the role of business enabler.

    Download and complete the information security goals, obligations and scope activities (Section 1.3) within the Info-Tech security strategy research publication. If previously completed, take the time to review your results.

    GOALS and OBLIGATIONS
    Proceed through each slide and brainstorm the ways that security operations supports business, customer, and compliance needs.

    Goals & Obligations
    Screenshots of slides from the information security goals, obligations and scope activities (Section 1.3) within the Info-Tech security strategy research publication.

    PROGRAM SCOPE & BOUNDARIES
    Assess your current organizational environment. Document current IT systems, critical data, physical environments, and departmental divisions.

    If a well-defined corporate strategy does not exist, these questions can help pinpoint objectives:

    • What is the message being delivered by the CEO?
    • What are the main themes of investments and projects?
    • What are the senior leaders measured on?
    Program Scope & Boundaries
    Screenshots of slides from the information security goals, obligations and scope activities (Section 1.3) within the Info-Tech security strategy research publication.

    INFO-TECH OPPORTUNITY

    For more information on how to complete the goals & obligations activity please reference Section 1.3 of Info-Tech’s Build an Information Security Strategy blueprint.

    Complete the Information Security Requirements Gathering Tool

    On tab 1. Goals and Obligations:
    • Document all business, customer, and compliance obligations. Ensure that each item is reflective of the over-arching business strategy and is not security focused.
    • In the second column, identify the corresponding security initiative that supports the obligation.
    Screenshot from tab 1 of Info-Tech's Information Security Requirements Gathering Tool. Columns are 'Business obligations', 'Security obligations to support the business (optional)', and 'Notes'.
    On tab 2. Scope and Boundaries:
    • Record all details for what is in and out of scope from physical, IT, organizational, and data perspectives.
    • Complete the affiliated columns for a comprehensive scope assessment.
    • As a discussion guide, refer to the considerations slides prior to this in phase 1.3.
    Screenshot from tab 2 of Info-Tech's Information Security Requirements Gathering Tool. Title is 'Physical Scope', Columns are 'Environment Name', 'Highest data criticality here', 'Is this in scope of the security strategy?', 'Are we accountable for security here?', and 'Notes'.
    For the purpose of this security operations initiative please IGNORE the risk tolerance activities on tab 3.

    Info-Tech Best Practice

    A common challenge for security leaders is expressing their initiatives in terms that are meaningful to business executives. This exercise helps make explicit the link between what the business cares about and what security is trying to do.

    Conduct a comprehensive security operations maturity assessment

    The following slides will walk you through the process below.

    Define your current and target state

    Self-assess your current security operations capabilities and determine your intended state.

    Create your gap initiatives

    Determine the operational processes that must be completed in order to achieve the target state.

    Prioritize your initiatives

    Define your prioritization criteria (cost, effort, alignment, security benefit) based on your organization

    Build a Gantt chart for your upcoming initiatives
    The final output will be a Gantt to action your prioritized initiatives

    Info-Tech Insight

    Progressive improvements provide the most value to IT and your organization. Leaping from pre-foundation to complete optimization is an ineffective goal. Systematic improvements to your security performance delivers value to your organization, each step along the way.

    Optimize your security operations workflow

    Info-Tech consulted various industry experts and consolidated their optimization advice.

    Dashboards: Centralized visibility, threat analytics, and orchestration enable faster threat detection with fewer resources.

    Adding more controls to a network never increases resiliency. Identify technological overlaps and eliminate unnecessary costs.

    Automation: There is shortfall in human capital in contrast to the required tools and processes. Automate the more trivial processes.

    SOCs with 900 employees are just as efficient as those with 35-40. There is an evident tipping point in marginal value.

    There are no plug-and-play technological solutions – each is accompanied by a growing pain and an affiliated human capital cost.

    Planning: Narrow the scope of operations to focus on protecting assets of value.

    Cross-train employees throughout different silos. Enable them to wear multiple hats.

    Practice: None of the processes happen in a vacuum. Make the most of tabletop exercises and other training exercises.

    Define appropriate use cases and explicitly state threat escalation protocol. Focus on automating the tier-1 analyst role.

    Self-assess your current-state capabilities and determine the appropriate target state

    1. Review:
    The heading in blue is the security domain, light blue is the subdomain and white is the specific control.
    2. Determine and Record:
    Ask participants to identify your organization’s current maturity level for each control. Next, determine a target maturity level that meets the requirements of the area (requirements should reflect the goals and obligations defined earlier).
    3.
    In small groups, have participants answer “what is required to achieve the target state?” Not all current/target state gaps will require additional description, explanation, or an associated imitative. You can generate one initiative that may apply to multiple line items.

    Screenshot of a table for assessing the current and target states of capabilities.

    Info-Tech Best Practice

    When customizing your gap initiatives consider your organizational requirements and scope while remaining realistic. Below is an example of lofty vs. realistic initiatives:
    Lofty: Perform thorough, manual security analysis. Realistic: Leverage our SIEM platform to perform more automated security analysis through the use of log information.

    Consolidate related gap initiatives to simplify and streamline your roadmap

    Identify areas of commonality between gap initiative in order to effectively and efficiently implement your new initiatives.

    Steps:
    1. After reviewing and documenting initiatives for each security control, begin sorting controls by commonality, where resources can be shared, or similar end goals and actions. Begin by copying all initiatives from tab 2. Current State Assessment into tab 5. Initiative List of the Security Operations Maturity Assessment Tool and then consolidating them.
    2. Initiatives Consolidated Initiatives
      Document data classification and handling in AUP —› Document data classification and handling in AUP Keep urgent or exceptional initiatives separate so they can be addressed appropriately.
      Document removable media in AUP —› Define and document an Acceptable Use Policy Other similar or related initiatives can be consolidated into one item.
      Document BYOD and mobile devices in AUP —›
      Document company assets in Acceptable Use Policy (AUP) —›

    3. Review grouped initiatives and identify specific initiatives should be broken out and defined separately.
    4. Record your consolidated gap initiatives in the Security Operations Maturity Assessment Tool, tab 6. Initiative Prioritization.

    Understand your organizational maturity gap

    After inputting your current and target scores and defining your gap initiatives in tab 2, review tab 3. Current Maturity and tab 4. Maturity Gap in Info-Tech’s Security Operations Maturity Assessment Tool.

    Automatically built charts and tables provide a clear visualization of your current maturity.

    Presenting these figures to stakeholders and management can help visually draw attention to high-priority areas and contextualize the gap initiatives for which you will be seeking support.

    Screenshot of tabs 3 and 4 from Info-Tech's Security Operations Maturity Assessment Tool. Bar charts titled 'Planning and Direction', 'Vulnerability Management', 'Threat Intelligence', and 'Security Maturity Level Gap Analysis'.

    Info-Tech Best Practice

    Communicate the value of future security projects to stakeholders by copying relevant charts and tables into an executive stakeholder communication presentation (ask an Info-Tech representative for further information).

    Define cost, effort, alignment, and security benefit

    Define low, medium, and high resource allocation, and other variables for your gap initiatives in the Concept of Operations Maturity Assessment Tool. These variables include:
    1. Define initial cost. One-time, upfront capital investments. The low cut-off would be a project that can be approved with little to no oversight. Whereas the high cut-off would be a project that requires a major approval or a formal capital investment request. Initial cost covers items such as appliance cost, installation, project based consulting fees, etc.
    2. Define ongoing cost. This includes any annually recurring operating expenses that are new budgetary costs, e.g. licensing or rental costs. Do not account for FTE employee costs. Generally speaking you can take 20-25% of initial cost as ongoing cost for maintenance and service.
    3. Define initial staffing in hours. This is total time in hours required to complete a project. Note: It is not total elapsed time, but dedicated time. Consider time required to research, document, implement, review, set up, fine tune, etc. Consider all staff hours required (2 staff at 8 hours means 16 hours total).
    4. Define ongoing staffing in hours. This is the ongoing average hours per week required to support that initiative. This covers all operations, maintenance, review, and support for the initiative. Some initiatives will have a week time commitment (e.g. perform a vulnerability scan using our tool once a week) versus others that may have monthly, quarterly, or annual time commitments that need to averaged out per week (e.g. perform annual security review requiring 0.4 hours/week (20 hours total based on 50 working weeks per year).
    Table relating the four definitions on the left, 'Initial Cost', 'Ongoing Cost (annual)', 'Initial Staffing in Hours', and 'Ongoing Staffing in Hours/Week'. Each row header is a definition and has four sub-rows 'High', 'Medium', 'Low', and 'Zero'.

    Info-Tech Best Practice

    When considering these parameters, aim to use already existing resource allocations.

    For example, if there is a dollar value that would require you to seek approval for an expense, this might be the difference between a medium and a high cost category.

    Define cost, effort, alignment, and security benefit

    1. Define Alignment with Business. This variable is meant to capture how well the gap initiative aligns with organizational goals and objectives. For example, something with high alignment usually can be tied to a specific organization initiative and will receive senior management support. You can either:
      • Set low, medium, and high based on levels of support the organization will provide (e.g. High – senior management support, Medium – VP/business unit head support, IT support only)
      • Attribute specific corporate goals or initiatives to the gap initiative (e.g. High – directly supports a customer requirement/key contract requirement; Medium – indirectly support customer requirement/key contract OR enables remote workforce; Low – security best practice).
    2. Define Security Benefit. This variable is meant to capture the relative security benefit or risk reduction being provided by the gap initiative. This can be represented through a variety of factors, such as:
      • Reduces compliance or regulatory risk by meeting a control requirement
      • Reduces availability and operational risk
      • Implements a non-existent control
      • Secures high-criticality data
      • Secures at-risk end users
    Table relating the two definitions on the left, 'Alignment with Business', and 'Security Benefit'. Each row header is a definition and has three sub-rows 'High', 'Medium', and 'Low'.

    Info-Tech Best Practice

    Make sure you consider the value of AND/OR. For either alignment with business or security benefit, the use of AND/OR can become useful thresholds to rank similar importance but different value initiatives.

    Example: with alignment with business, an initiative can indirectly support a key compliance requirement OR meet a key corporate goal.

    Info-Tech Insight

    You cannot do everything – and you probably wouldn’t want to. Make educated decisions about which projects are most important and why.

    Apply your variable criteria to your initiatives

    Identify easy-win tasks and high-value projects worth fighting for.
    Categorize the Initiative
    Select the gap initiative type from the down list. Each category (Must, Should, Could, and Won’t) is considered to be an “execution wave.” There is also a specific order of operations within each wave. Based on dependencies and order of importance, you will execute on some “must-do” items before others.
    Assign Criteria
    For each gap initiative, evaluate it based on your previously defined parameters for each variable.
    • Cost – initial and ongoing
    • Staffing – initial and ongoing
    • Alignment with business
    • Security benefit
    Overall Cost/Effort Rating
    An automatically generated score between 0 and 12. The higher the score attached to the initiative, the more effort required. The must-do, low-scoring items are quick wins and must be prioritized first.
    Screenshot of a table from Info-Tech's Concept of Operations Maturity Assessment Tool with all of the previous table row headers as column headers.

    A financial services organization defined its target security state and created an execution plan

    CASE STUDY
    Industry: Financial Services | Source: Info-Tech Research Group
    Framework Components
    Security Domains & Accompanied Initiatives
    (A portion of completed domains and initiatives)
    CSC began by creating over 100 gap initiatives across Info-Tech’s seven security domains.
    Current-State Assessment Context & Leadership Compliance, Audit & Review Security Prevention
    Gap Initiatives Created 12
    Initiatives
    14
    Initiatives
    45
    Initiatives
    Gap Initiative Prioritization
    Planned Initiative(s)* Initial Cost Ongoing Cost Initial Staffing Ongoing Staffing
    Document Charter Low - ‹$5K Low - ‹$1K Low - ‹1d Low - ‹2 Hour
    Document RACI Low - ‹$5K Low - ‹$1K Low - ‹1d Low - ‹2 Hour
    Expand IR processes Medium - $5K-$50K Low - ‹$1K High - ›2w Low - ‹2 Hour
    Investigate Threat Intel Low - ‹$5K Low - ‹$1K Medium - 1-10d Low - ‹2 Hour
    CSC’s defined low, medium, and high for cost and staffing are specific to the organization.

    CSC then consolidated its initiatives to create less than 60 concise tasks.

    *Initiatives and variables have been changed or modified to maintain anonymity

    Review your prioritized security roadmap

    Review the final Gantt chart to review the expected start and end dates for your security initiatives as part of your roadmap.

    In the Gantt chart, go through each wave in sequence and determine the planned start date and planned duration for each gap initiative. As you populate the planned start dates, take into consideration the resource constraints or dependencies for each project. Go back and revise the granular execution wave to resolve any conflicts you find.

    Screenshot of a 'Gantt Chart for Initiatives', a table with planned and actual start times and durations for each initiative, and beside it a roadmap with the dates from the Gantt chart plugged in.
    Review considerations
    • Does this roadmap make sense for our organization?
    • Do we focus too much on one quarter over others?
    • Will the business be going through any significant changes during the upcoming years that will directly impact this project?
    This is a living management document
    • You can use the same process on a per-case basis to decide where this new project falls in the priority list, and then add it to your Gantt chart.
    • As you make progress, check items off of the list, and periodically use this chart to retroactively update your progress towards achieving your overall target state.

    Consult an Info-Tech Analyst

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    Onsite workshops offer an easy way to accelerate your project. If a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to successfully complete your project.
    Photo of TJ Minichillo, Senior Director – Security, Risk & Compliance, Info-Tech Research Group. TJ Minichillo
    Senior Director – Security, Risk & Compliance
    Info-Tech Research Group
    Edward Gray, Consulting Analyst – Security, Risk & Compliance, Info-Tech Research Group. Edward Gray
    Consulting Analyst – Security, Risk & Compliance
    Info-Tech Research Group
    Photo of Celine Gravelines, Research Manager – Security, Risk & Compliance, Info-Tech Research Group. Celine Gravelines
    Research Manager – Security, Risk & Compliance
    Info-Tech Research Group
    If you are not communicating, then you are not secure.

    Call 1-888-670-8889 or email workshops@infotech.com for more information.

    Are you ready to move on to the next phase?

    Self-Assessment Questions

    • Have you identified your organization’s corporate goals along with your obligations?
    • Have you defined the scope and boundaries of your security program?
    • Have you determined your organization’s risk tolerance level?
    • Have you considered threat types your organization may face?
    • Are the above answers documented in the Security Requirements Gathering Tool?
    • Have you defined your maturity for both your current and target state?
    • Do you have clearly defined initiatives that would bridge the gap between your current and target state?
    • Are each of the initiatives independent, specific, and relevant to the associated control?
    • Have you indicated any dependencies between your initiatives?
    • Have you consolidated your gap initiatives?
    • Have you defined the parameters for each of the prioritization variables (cost, effort, alignment, and security benefit)?
    • Have you applied prioritization parameters to each consolidated initiative?
    • Have you recorded your final prioritized roadmap in the Gantt chart tab?
    • Have you reviewed your final Gantt chart to ensure it aligns to your security requirements?

    If you answered “yes” to the questions, then you are ready to move on to Phase 3: Define Operational Interdependencies

    Develop a Security Operations Strategy

    PHASE 3

    Define Operational Interdependencies

    1

    Assess Operational Requirements

    2

    Develop Maturity Initiatives

    3

    Define Interdependencies

    This step will walk you through the following activities:

    • Understand the current security operations process flow.
    • Define the security operations stakeholders and their respective deliverables.
    • Formalize an internal information sharing and collaboration plan.

    Outcomes of this step

    • A formalized security operations interaction agreement.
    • A security operations service and product catalog.
    • A structured operations collection plan.

    Info-Tech Insight

    If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Tie everything together with collaboration

    If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Define Strategic Needs and Requirements Participate in Information Sharing Communicate Clearly
    • Establish a channel to communicate management needs and requirements and define important workflow activities. Focus on operationalizing those components.
    • Establish a feedback loop to ensure your actions satisfied management’s criteria.
    • Consolidate critical security data within a centralized portal that is accessible throughout the threat collaboration environment, reducing the human capital resources required to manage that data.
    • Participate in external information sharing groups such as ISACs. Intelligence collaboration allows organizations to band together to decrease risk and protect one another from threat actors.
    • Disseminate relevant information in clear and succinct alerts, reports, or briefings.
    • Security operations analysts must be able to translate important technical security issues and provide in-depth strategic insights.
    • Define your audience before presenting information; various stakeholders will interpret information differently. You must present it in a format that appeals to their interests.
    • Be transparent in your communications. Holding back information will only serve to alienate groups and hinder critical business decisions.

    Info-Tech Best Practice

    Simple collaborative activities, such as a biweekly meeting, can unite prevention, detection, analysis, and response teams to help prevent siloed decision making.

    Understand the security operations process flow

    Process standardization and automation is critical to the effectiveness of security operations.

    Process flow for security operations with column headers 'Monitoring', 'Preliminary Analysis (Tier 1)', 'Triage', 'Investigation & Analysis (Tier 2)', 'Response', and 'Advanced Threat Detection (Tier 3)'. All processes begin with elements in the 'Monitoring' column and end up at 'Visualization & Dashboarding'.

    Document your security operations’ capabilities and tasks

    Table of capabilities and tasks for security operations.
    Document your security operations’ functional capabilities and operational tasks to satisfy each capability. What resources will you leverage to complete the specific task/capability? Identify your internal and external collection sources to satisfy the individual requirement. Identify the affiliated product, service, or output generated from the task/capability. Determine your escalation protocol. Who are the stakeholders you will be sharing this information with?
    Capabilities

    The major responsibilities of a specific function. These are the high-level processes that are expected to be completed by the affiliated employees and/or stakeholders.

    Tasks

    The specific and granular tasks that need to be completed in order to satisfy a portion of or the entire capability.

    Download Info-Tech’s Security Operations RACI Chart & Program Plan.

    Convert your results into actionable process flowcharts

    Map each functional task or capability into a visual process-flow diagram.

    • The title should reflect the respective capability and product output.
    • List all involved stakeholders (inputs and threat escalation protocol) along the left side.
    • Ensure all relevant security control inputs are documented within the body of the process-flow diagram.
    • Map out the respective processes in order to achieve the desired outcome.
    • Segment each process within its own icon and tie that back to the respective input.
    Example of a process flow made with sticky notes.

    Title: Output #1 Example of a process flow diagram with columns 'Stakeholders', 'Input Processes', 'Output Processes', and 'Threat Escalation Protocol'. Processes are mapped by which stakeholder and column they fall to.

    Download Info-Tech’s Security Operations RACI Chart & Program Plan.

    Formalize the opportunities for collaboration within your security operations program

    Security Operations Collaboration Plan

    Security operations provides a single pane of glass through which the threat collaboration environment can manage its operations.

    How to customize

    The security operations interaction agreement identifies opportunities for optimization through collaboration and cross-training. The document is composed of several components:

    • Security operations program scope and objectives
    • Operational capabilities and outputs on a per function basis
    • A needs and requirements collection plan
    • Escalation protocol and respective information-sharing guidance (i.e. a detailed cadence schedule)
    • A security operations RACI chart
    Sample of Info-Tech's Security Operations Collaboration Plan.

    Info-Tech Best Practice

    Understand the operational cut-off points. While collaboration is encouraged, understand when the onus shifts to the rest of the threat collaboration environment.

    Assign responsibilities for the threat management process

    Security Operations RACI Chart & Program Plan

    Formally documenting roles and responsibilities helps to hold those accountable and creates awareness as to everyone’s involvement in various tasks.

    How to customize
    • Customize the header fields with applicable stakeholders.
    • Identify stakeholders that are:
      • Responsible: The person(s) who does the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
      • Accountable: The person(s) who is accountable for the completion of the activity. Ideally, this is a single person and is often an executive or program sponsor.
      • Consulted: The person(s) who provides information. This is usually several people, typically called subject matter experts (SMEs).
      • Informed: The person(s) who is updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.
    Sample of Info-Tech's Security Operations Collaboration Plan.

    Download Info-Tech’s Security Operations RACI Chart & Program Plan.

    Identify security operations consumers and their respective needs and requirements

    Ensure your security operations program is constantly working toward satisfying a consumer need or requirement.

    Internal Consumers External Consumers
    • Business Executives & Management (CIO, CISO, COO):
      • Inform business decisions regarding threats and their association with future financial risk, reputational risk, and continuity of operations.
    • Human Resources:
      • Security operations must directly work with HR to enforce tight device controls, develop processes, and set expectations.
    • Legal:
      • Security operations is responsible to notify the legal department of data breaches and the appropriate course of action.
    • Audit and Compliance:
      • Work with the auditing department to define additional audits or controls that must be measured.
    • Public Relations/Marketing Employees:
      • Employees must be educated on prevalent threats and how to avoid or mitigate them.

    Note: Your organization might not be the final target, but it could be a primary path for attackers. If you exist as a third-party partner to another organization, your responsibility in your technology ecosystem extends beyond your own product or service offerings.

    • Third-Party Contractors:
      • Identify relevant threats across industries – security operations is responsible for protecting more than just itself.
    • Commercial Vendors:
      • Identify commercial vendors of control failures and opportunities for operational improvement.
    • Suppliers:
      • Provide or maintain a certain level of security delivery.
      • Meet the same level of security that is expected of business units.
    • All End Users:
      • Be notified of any data breaches and potential violations of privacy.

    Info-Tech Best Practice

    “In order to support a healthy constituency, network operations and security operations should be viewed as equal partners, rather than one subordinate to the other.” (Mitre world-class CISO)

    Define the stakeholders, their respective outputs, and the underlying need

    Security Operations Program Service & Product Catalog

    Create an informal security operations program service and product catalog. Work your way backwards – map each deliverable to the respective stakeholders and functions.

    Action/Output Arrow pointing right. Frequency Arrow pointing right. Stakeholders/Function
    Document the key services and outputs produced by the security operations program. For example:
    • Real-time monitoring
    • Event analysis and incident coordination
    • Malware analysis
    • External information sharing
    • Published alerts, reports, and briefings
    • Metrics
    Define the frequency for which each deliverable or service is produced or conducted. Leverage this activity to establish a state of accountability within your threat collaboration environment. Identify the stakeholders or groups affiliated with each output. Remember to include potential MSSPs.
    • Vulnerability Management
    • Threat Intelligence
    • Tier 1, 2, and 3 Analysts
    • Incident Response
    • MSSP
    • Network Operations
    Remember to include any target-state outputs or services identified in the maturity assessment. Use this exercise as an opportunity to organize your security operations outputs and services.

    Info-Tech Best Practice

    Develop a central web/knowledge portal that is easily accessible throughout the threat collaboration environment.

    Internal information sharing helps to focus operational efforts

    Organizations must share information internally and through secure external information sharing and analysis centers (ISACs).

    Ensure information is shared in a format that relates to the particular end user. Internal consumers fall into two categories:

    • Strategic Users — Intelligence enables strategic stakeholders to better understand security trends, minimize risk, and make more educated and informed decisions. The strategic intelligence user often lacks technical security knowledge; bridge the communication gap between security and non-technical decision makers by clearly communicating the underlying value and benefits.
    • Operational Users — Operational users integrate information and indicators directly into their daily operations and as a result have more in-depth knowledge of the technical terms. Reports help to identify escalated alerts that are part of a bigger campaign, provide attribution and context to attacks, identify systems that have been compromised, block malicious URLs or malware signatures in firewalls, IDPS systems, and other gateway products, identify patches, reduce the number of incidents, etc.
    Collaboration includes the exchange of:
    • Contextualized threat indicators, threat actors, TTPs, and campaigns.
    • Attribution of the attack, motives of the attacker, victim profiles, and frequent exploits.
    • Defensive and mitigation strategies.
    • Best-practice incident response procedures.
    • Technical tools to help normalize threat intelligence formats or decode malicious network traffic.
    Collaboration can be achieved through:
    • Manual unstructured exchanges such as alerts, reports, briefings, knowledge portals, or emails.
    • Automated centralized platforms that allow users to privately upload, aggregate, and vet threat intelligence. Current players include commercial, government, and open-source information-sharing and analysis centers.
    Isolation prevents businesses from learning from each others’ mistakes and/or successes.

    Define the routine of your security operations program in a detailed cadence schedule

    Security Operations Program Cadence Schedule Template

    Design your meetings around your security operations program’s outputs and capabilities

    How to customize

    Don’t operate in a silo. Formalize a cadence schedule to develop a state of accountability, share information across the organization, and discuss relevant trends. A detailed cadence schedule should include the following:

    • Activity, output, or topic being discussed.
    • Participants and stakeholders involved.
    • Value and purpose of meeting.
    • Duration and frequency of each meeting.
    • Investment per participant per meeting.
    Sample of Info-Tech's Security Operations Program Cadence Schedule Template.

    Info-Tech Best Practice

    Schedule regular meetings composed of key members from different working groups to discuss concerns, share goals, and communicate operational processes pertaining to their specific roles.

    Apply a strategic lens to your security operations program

    Frame the importance of optimizing the security operations program to align with that of the decision makers’ overarching strategy.

    Strategies
    1. Bridge the communication gap between security and non-technical decision makers. Communicate concisely in business-friendly terms.
    2. Quantify the ROI for the given project.
    3. Educate stakeholders – if stakeholders do not understand what a security operations program encompasses, it will be hard for them to champion the initiative.
    4. Communicate the implications, value, and benefits of a security operations program.
    5. Frame the opportunity as a competitive advantage, e.g. proactive security measures as a client acquisition strategy.
    6. Address the increasing prevalence of threat actors. Use objective data to demonstrate the impact, e.g. through case studies, recent media headlines, or statistics.

    Defensive Strategy diagram with columns 'Adversaries', 'Defenses', 'Assets', and priority level.
    (Source: iSIGHT, “ Definitive Guide to Threat Intelligence”)

    Info-Tech Best Practice

    Refrain from using scare tactics such as fear, uncertainty, and doubt (FUD). While this may be a short-term solution, it limits the longevity of your operations as senior management is not truly invested in the initiative.

    Example: Align your strategic needs with that of management.

    Identify assets of value, current weak security measures, and potential adversaries. Demonstrate how an optimized security operations program can mitigate those threats.

    Develop a comprehensive measurement program to evaluate the effectiveness of your security operations

    There are three types of metrics pertaining to security operations:

    1) Operations-focused

    Operations-focused metrics are typically communicated through a centralized visualization such as a dashboard. These metrics guide operational efforts, identifying operational and control weak points while ensuring the appropriate actions are taken to fix them.

    Examples include, but are not limited to:

    • Ticketing metrics (e.g. average ticket resolution rate, ticketing status, number of tickets per queue/analyst).
    • False positive percentage per control.
    • Incident response metrics (e.g. mean time to recovery).
    • CVSS scores per vulnerability.

    2) Business-focused

    The evaluation of operational success from a business perspective.

    Example metrics include:

    • Return on investment.
    • Total cost of ownership (can be segregated by function: prevent, detect, analyze, and respond).
    • Saved costs from mitigated breaches.
    • Security operations budget as a percentage of the IT budget.

    3) Initiative-focused

    The measurement of security operations project progress. These are frequently represented as time, resource, or cost-based metrics.

    Note: Remember to measure end-user feedback. Asking stakeholders about their current expectations via a formal survey is the most effective way to kick-start the continuous improvement process.

    Info-Tech Best Practice

    Operational metrics have limited value beyond security operations – when communicating to management, focus on metrics that are actionable from a business perspective.

    Download Info-Tech’s Security Operations Metrics Summary Document.Sample of Info-Tech's Security Operations Metrics Summary Document.

    Identify the triggers for continual improvement

    Continual Improvement

    • Audits: Check for performance requirements in order to pass major audits.
    • Assessments: Variances in efficiency or effectiveness of metrics when compared to the industry standard.
    • Process maturity: Opportunity to increase efficiency of services and processes.
    • Management reviews: Routine reviews that reveal gaps.
    • Technology advances: For example, new security architecture/controls have been released.
    • Regulations: Compliance to new or changed regulations.
    • New staff or technology: Disruptive technology or new skills that allow for improvement.

    Conduct tabletop exercises with Info-Tech’s onsite workshop

    Assess your security operations capabilities

    Leverage Info-Tech’s Security Operations Tabletop Exercise to guide simulations to validate your operational procedures.

    How to customize
    • Use the templates to document actions and actors.
    • For each new injection, spend three minutes discussing the response as a group. Then spend two minutes documenting each role’s contribution to the response. After the time limit, proceed to the following injection scenario.
    • Review the responses only after completing the entire exercise.
    Sample of Info-Tech's Security Operations Tabletop Exercise.

    This tabletop exercise is available through an onsite workshop as we can help establish and design a tabletop capability for your organization.

    Are you ready to implement your security operations program?

    Self-Assessment Questions

    • Is there a formalized security operations collaboration plan?
    • Are all key stakeholders documented and acknowledged?
    • Have you defined your strategic needs and requirements in a formalized collection plan?
    • Is there an established channel for management to communicate needs and requirements to the security operation leaders?
    • Are all program outputs documented and communicated?
    • Is there an accessible, centralized portal or dashboard that actively aggregates and communicates key information?
    • Is there a formalized threat escalation protocol in order to facilitate both internal and external information sharing?
    • Does your organization actively participate in external information sharing through the use of ISACs?
    • Does your organization actively produce reports, alerts, products, etc. that feed into and influence the output of other functions’ operations?
    • Have you assigned program responsibilities in a detailed RACI chart?
    • Is there a structured cadence schedule for key stakeholders to actively communicate and share information?
    • Have you developed a structured measurement program on a per function basis?
    • Now that you have constructed your ideal security operations program strategy, revisit the question “Are you answering all of your objectives?”

    If you answered “yes” to the questions, then you are ready to implement your security operations program.

    Summary

    Insights

    1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    2. Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives
    3. If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Best Practices

    • Have a structured plan of attack. Define your unique threat landscape, as well as business, regulatory, and consumer obligations.
    • Foster both internal and external collaboration.
    • Understand the operational cut-off points. While collaboration is encouraged, understand when the onus shifts to the rest of the threat collaboration environment.
    • Do not bite off more than you can chew. Identify current people, processes, and technologies that satisfy immediate problems and enable future expansion.
    • Leverage threat intelligence to create a predictive and proactive security operations analysis process.
    • Formalize escalation procedures with logic and incident management flow.
    • Don’t develop a security operations program with the objective of zero incidents. This reliance on prevention results in over-engineered security solutions that cost more than the assets being protected.
    • Ensure that information flows freely throughout the threat collaboration environment – each function should serve to feed and enhance the next.
    • Develop a central web/knowledge portal that is easily accessible throughout the threat collaboration environment
    Protect your organization with an interdependent and collaborative security operations program.

    Bibliography

    “2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB).” Ponemon Institute, June 2016. Web. 10 Nov. 2016.

    Ahmad, Shakeel et al. “10 Tips to Improve Your Security Incident Readiness and Response.” RSA, n.d. Web. 12 Nov. 2016.

    Anderson, Brandie. “ Building, Maturing & Rocking a Security Operations Center.” Hewlett Packard, n.d. Web. 4 Nov. 2016.

    Barnum, Sean. “Standardizing cyber threat intelligence information with the structured threat information expression.” STIX, n.d. Web. 03 Oct. 2016.

    Bidou, Renaud. “Security Operation Center Concepts & Implementation.” IV2-Technologies, n.d. Web. 20 Nov. 2016.

    Bradley, Susan. “Cyber threat intelligence summit.” SANS Institute InfoSec Reading Room, n.d. Web. 03 Oct. 2016.

    “Building a Security Operations Center.” DEF CON Communications, Inc., 2015. Web. 14 Nov. 2016.

    “Building a Successful Security Operations Center.” ArcSight, 2015. Web. 21 Nov. 2016.

    “Building an Intelligence-Driven Security Operations Center.” RSA, June 2014. Web. 25 Nov. 2016.

    Caltagirone, Sergio, Andrew Pendergast, and Christopher Betz. “Diamond Model of Intrusion Analysis,” Center for Cyber Threat Intelligence and Threat Research, 5 July 2013. Web. 25 Aug. 2016.

    “Cisco 2017 Annual Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches and the Actions Organizations Are Taking.” The Network. Cisco, 31 Jan. 2017. Web. 11 Nov. 2017.

    “CITP Training and Education.” Carnegie Mellon University, 2015. Web. 03 Oct. 2016.

    “Creating and Maintaining a SOC.” Intel Security, n.d. Web. 14 Nov. 2016.

    “Cyber Defense.” Mandiant, 2015. Web. 10 Nov. 2016.

    “Cyber Security Operations Center (CSOC).” Northrop Grumman, 2014. Web. 14 Nov. 2016.

    Danyliw, Roman. “Observations of Successful Cyber Security Operations.” Carnegie Mellon, 12 Dec. 2016. Web. 14 Dec. 2016.

    “Designing and Building Security Operations Center.” SearchSecurity. TechTarget, Mar. 2016. Web. 14 Dec. 2016.

    EY. “Managed SOC.” EY, 2015. Web. 14 Nov. 2016.

    Fishbach, Nicholas. “How to Build and Run a Security Operations Center.” Securite.org, n.d. Web. 20 Nov. 2016.

    “Framework for improving critical infrastructure cybersecurity.” National Institute of Standards and Technology, 12 Feb. 2014. Web.

    Friedman, John, and Mark Bouchard. “Definitive Guide to Cyber Threat Intelligence.” iSIGHT, 2015. Web. 1 June 2015.

    Goldfarb, Joshua. “The Security Operations Hierarchy of Needs.” Securityweek.com, 10 Sept. 2015. Web. 14 Dec. 2016.

    “How Collaboration Can Optimize Security Operations.” Intel, n.d. Web. 2 Nov. 2016.

    Hslatman. “Awesome threat intelligence.” GitHub, 16 Aug. 2016. Web. 03 Oct. 2016.

    “Implementation Framework – Collection Management.” Carnegie Mellon University, 2015. Web.

    “Implementation Framework – Cyber Threat Prioritization.” Carnegie Mellon University, 03 Oct. 2016. Web. 03 Oct. 2016.

    “Intelligent Security Operations Center.” IBM, 25 Feb. 2015. Web. 15 Nov. 2016.

    Joshi Follow , Abhishek. “Best Practices for Security Operations Center.” LinkedIn, 01 Nov. 2015. Web. 14 Nov. 2016.

    Joshi. “Best Practices for a Security Operations Center.” Cybrary, 18 Sept. 2015. Web. 14 Dec. 2016.

    Kelley, Diana and Ron Moritz. “Best Practices for Building a Security Operations Center.” Information Security Today, 2006. Web. 10 Nov. 2016.

    Killcrece, Georgia, Klaus-Peter Kossakowski, Robin Ruefle, and Mark Zajicek. ”Organizational Models for Computer Security Incident Response Teams (CSIRTs).” Carnegie Mellon Software Engineering Institute, Dec. 2003. Carnegie Mellon. Web. 10 Nov. 2016.

    Kindervag , John. “SOC 2.0: Three Key Steps toward the Next-generation Security Operations Center.” SearchSecurity. TechTarget, Dec. 2010. Web. 14 Dec. 2016.

    Kvochko, Elena. “Designing the Next Generation Cyber Security Operations Center.” Forbes Magazine, 14 Mar. 2016. Web. 14 Dec. 2016.

    Lambert, P. “ Security Operations Center: Not Just for Huge Enterprises.” TechRepublic, 31 Jan. 2013. Web. 10 Nov. 2016.

    Lecky, M. and D. Millier. “Re-Thinking Security Operations.” SecTor Security Education Conference. Toronto, 2014.

    Lee, Michael. “Three Elements That Every Advanced Security Operations Center Needs.” CSO | The Resource for Data Security Executives, n.d. Web. 16 Nov. 2016.

    Linch, David and Jason Bergstrom. “Building a Culture of Continuous Improvement in an Age of Disruption.” Deloitte LLP, 2014.

    Lynch, Steve. “Security Operations Center.” InfoSec Institute, 14 May 2015. Web. 14 Dec. 2016.

    Macgregor, Rob. “Diamonds or chains – cyber security updates.” PwC, n.d. Web. 03 Oct. 2016.

    “Make Your Security Operations Center (SOC) More Efficient.” Making Your Data Center Energy Efficient (2011): 213-48. Intel Security. Web. 20 Nov. 2016.

    Makryllos, Gordon. “The Six Pillars of Security Operations.” CSO | The Resource for Data Security Executives, n.d. Web. 14 Nov. 2016.

    Marchany, R. “ Building a Security Operations Center.” Virginia Tech, 2015. Web. 8 Nov. 2016.

    Marty, Raffael. “Dashboards in the Security Operations Center (SOC).” Security Bloggers Network, 15 Jan. 2016. Web. 14 Nov. 2016.

    Minu, Adolphus. “Discovering the Value of Knowledge Portal.” IBM, n.d. Web. 1 Nov. 2016.

    Muniz, J., G. McIntyre, and N. AlFardan. “Introduction to Security Operations and the SOC.” Security Operations Center: Building, Operating, and Maintaining your SOC. Cisco Press, 29 Oct. 2015. Web. 14 Nov. 2016.

    Muniz, Joseph and Gary McIntyre. “ Security Operations Center.” Cisco, Nov. 2015. Web. 14 Nov. 2016.

    Muniz, Joseph. “5 Steps to Building and Operating an Effective Security Operations Center (SOC).” Cisco, 15 Dec. 2015. Web. 14 Dec. 2016.

    Nathans, David. Designing and Building a Security Operations Center. Syngress, 2015. Print.

    National Institute of Standards and Technology. “SP 800-61 Revision 2: Computer Security Incident Handling Guide.” 2012. Web.

    National Institute of Standards and Technology. “SP 800-83 Revision 1.” 2013. Web.

    National Institute of Standards and Technology. “SP 800-86: Guide to Integrating Forensic Techniques into Incident Response.” 2006. Web.

    F5 Networks. “F5 Security Operations Center.” F5 Networks, 2014. Web. 10 Nov. 2016.

    “Next Generation Security Operations Center.” DTS Solution, n.d. Web. 20 Nov. 2016.

    “Optimizing Security Operations.” Intel, 2015. Web. 4 Nov. 2016.

    Paganini, Pierluigi. “What Is a SOC ( Security Operations Center)?” Security Affairs, 24 May 2016. Web. 14 Dec. 2016.

    Ponemon Institute LLC. “Cyber Security Incident Response: Are we as prepared as we think?” Ponemon, 2014. Web.

    Ponemon Institute LLC. “The Importance of Cyber Threat Intelligence to a Strong Security Posture.” Ponemon, Mar. 2015. Web. 17 Aug. 2016.

    Poputa-Clean, Paul. “Automated defense – using threat intelligence to augment.” SANS Institute InfoSec Reading Room, 15 Jan. 2015. Web.

    Quintagroup. “Knowledge Management Portal Solution.” Quintagroup, n.d. Web.

    Rasche, G. “Guidelines for Planning an Integrated Security Operations Center.” EPRI, Dec. 2013. Web. 25 Nov. 2016.

    Rehman, R. “What It Really Takes to Stand up a SOC.” Rafeeq Rehman – Personal Blog, 27 Aug. 2015. Web. 14 Dec. 2016.

    Rothke, Ben. “Designing and Building Security Operations Center.” RSA Conference, 2015. Web. 14 Nov. 2016.

    Ruks, Martyn and David Chismon. “Threat Intelligence: Collecting, Analysing, Evaluating.” MWR Infosecurity, 2015. Web. 24 Aug. 2016.

    Sadamatsu, Takayoshi. “Practice within Fujitsu of Security Operations Center.” Fujitsu, July 2016. Web. 15 Nov. 2016.

    Sanders, Chris. “Three Useful SOC Dashboards.” Chris Sanders, 24 Oct. 2016. Web. 14 Nov. 2016.

    SANS Institute. “Incident Handler's Handbook.” 2011. Web.

    Schilling, Jeff. “5 Pitfalls to Avoid When Running Your SOC.” Dark Reading, 18 Dec. 2014. Web. 14 Nov. 2016.

    Schinagl, Stef, Keith Schoon, and Ronald Paans. “A Framework for Designing a Security Operations Centre (SOC).” 2015 48th Hawaii International Conference on System Sciences. Computer.org, 2015. Web. 20 Nov. 2016.

    “Security – Next Gen SOC or SOF.” InfoSecAlways.com, 31 Dec. 2013. Web. 14 Nov. 2016.

    “Security Operations Center Dashboard.” Enterprise Dashboard Digest, n.d. Web. 14 Dec. 2016.

    “Security Operations Center Optimization Services.” AT&T, 2015. Web. 5 Nov. 2016.

    “Security Operations Centers — Helping You Get Ahead of Cybercrime Contents.” EY, 2014. Web. 6 Nov. 2016.

    Sheikh, Shah. “DTS Solution - Building a SOC (Security Operations Center).” LinkedIn, 4 May 2013. Web. 20 Nov. 2016.

    Soto, Carlos. “ Security Operations Center (SOC) 101.” Tom's IT Pro, 28 Oct. 2015. Web. 14 Dec. 2016.

    “Standardizing and Automating Security Operations.” National Institute of Standards and Technology, 3 Sept. 2006. Web.

    “Strategy Considerations for Building a Security Operations Center.” IBM, Dec. 2013. Web. 5 Nov. 2016.

    “Summary of Key Findings.” Carnegie Mellon University, 03 Oct. 2016. Web. 03 Oct. 2016.

    “Sustainable Security Operations.” Intel, 2016. Web. 20 Nov. 2016.

    “The Cost of Malware Containment.” Ponemon Institute, Jan. 2015. Web.

    “The Game Plan for Closing the SecOps Gap.” BMC. Forbes Magazine, Jan. 2016. Web. 10 Jan. 2017.

    Veerappa Srinivas, Babu. “Security Operations Centre (SOC) in a Utility Organization.” GIAC, 17 Sept. 2014. Web. 5 Nov. 2016.

    Wang, John. “Anatomy of a Security Operations Center.” NASA, 2015. Web. 2 Nov. 2016.

    Weiss, Errol. “Statement for the Record.” House Financial Services Committee, 1 June 2012. Web. 12 Nov. 2016.

    Wilson, Tim. “SOC 2.0: A Crystal-Ball Glimpse of the Next-Generation Security Operations Center.” Dark Reading, 22 Nov. 2010. Web. 10 Nov. 2016.

    Zimmerman, Carson. “Ten Strategies of a World-Class Cybersecurity Operations Center.” Mitre, 2014. Web. 24 Aug. 2016.

    Reduce Shadow IT With a Service Request Catalog

    • Buy Link or Shortcode: {j2store}302|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $129,999 Average $ Saved
    • member rating average days saved: 35 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.
    • Renewal Management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.
    • Over-purchasing: Contracts may be renewed without a clear picture of usage, potentially renewing unused applications.

    Our Advice

    Critical Insight

    There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

    Impact and Result

    Our blueprint will help you design a service that draws the business to use it. If it is easier for them to buy from IT than it is to find their own supplier, they will use IT.

    A heavy focus on customer service, design optimization, and automation will provide a means for the business to get what they need, when they need it, and provide visibility to IT and security to protect organizational interests.

    This blueprint will help you:

    • Design the request service
    • Design the request catalog
    • Build the request catalog
    • Market the service

    Reduce Shadow IT With a Service Request Catalog Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Reduce Shadow IT With a Service Request Catalog – A step-by-step document that walks you through creation of a request service management program.

    Use this blueprint to create a service request management program that provides immediate value.

    • Reduce Shadow IT With a Service Request Catalog Storyboard

    2. Nonstandard Request Assessment – A template for documenting requirements for vetting and onboarding new applications.

    Use this template to define what information is needed to vet and onboard applications into the IT environment.

    • Nonstandard Request Assessment

    3. Service Request Workflows – A library of workflows used as a starting point for creating and fulfilling requests for applications and equipment.

    Use this library of workflows as a starting point for creating and fulfilling requests for applications and equipment in a service catalog.

    • Service Request Workflows

    4. Application Portfolio – A template to organize applications requested by the business and identify which items are published in the catalog.

    Use this template as a starting point to create an application portfolio and request catalog.

    • Application Portfolio

    5. Reduce Shadow IT With a Service Request Catalog Communications Template – A presentation and communications plan to announce changes to the service and introduce a catalog.

    Use this template to create a presentation and communications plan for launching the new service and service request catalog.

    • Reduce Shadow IT with a Service Request Catalog Communications Template
    [infographic]

    Workshop: Reduce Shadow IT With a Service Request Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Design the Service

    The Purpose

    Collaborate with the business to determine service model.

    Collaborate with IT teams to build non-standard assessment process.

    Key Benefits Achieved

    Designed a service for service requests, including new product intake.

    Activities

    1.1 Identify challenges and obstacles.

    1.2 Complete customer journey map.

    1.3 Design process for nonstandard assessments.

    Outputs

    Nonstandard process.

    2 Design the Catalog

    The Purpose

    Design the service request catalog management process.

    Key Benefits Achieved

    Ensure the catalog is kept current and is integrated with IT service catalog if applicable.

    Activities

    2.1 Determine what will be listed in the catalog.

    2.2 Determine process to build and maintain the catalog, including roles, responsibilities, and workflows.

    2.3 Define success and determine metrics.

    Outputs

    Catalog scope.

    Catalog design and maintenance plan.

    Defined success metrics

    3 Build and Market the Catalog

    The Purpose

    Determine catalog contents and how requests will be fulfilled.

    Key Benefits Achieved

    Catalog framework and service level agreements will be defined.

    Create communications documents.

    Activities

    3.1 Determine how catalog items will be displayed.

    3.2 Complete application categories for catalog.

    3.3 Create deployment categories and SLAs.

    3.4 Design catalog forms and deployment workflows.

    3.5 Create roadmap.

    3.6 Create communications plan.

    Outputs

    Catalog workflows and SLAs.

    Roadmap.

    Communications deck.

    4 Breakout Groups – Working Sessions

    The Purpose

    Create an applications portfolio.

    Prepare to populate the catalog.

    Key Benefits Achieved

    Portfolio and catalog contents created.

    Activities

    4.1 Using existing application inventory, add applications to portfolio and categorize.

    4.2 Determine which applications should be in the catalog.

    4.3 Determine which applications are packaged and can be easily deployed.

    Outputs

    Application Portfolio.

    List of catalog items.

    Further reading

    Reduce Shadow IT With a Service Request Catalog

    Foster business partnerships with sourcing-as-a-service.

    Analyst Perspective

    Improve the request management process to reduce shadow IT.

    In July 2022, Ivanti conducted a study on the state of the digital employee experience, surveying 10,000 office workers, IT professionals, and C-suite executives. Results of this study indicated that 49% of employees are frustrated by their tools, and 26% of employees were considering quitting their jobs due to unsuitable tech. 42% spent their own money to gain technology to improve their productivity. Despite this, only 21% of IT leaders prioritized user experience when selecting new tools.

    Any organization’s workers are expected to be productive and contribute to operational improvements or customer experience. Yet those workers don’t always have the tools needed to do the job. One option is to give the business greater control, allowing them to choose and acquire the solutions that will make them more productive. Info-Tech's blueprint Embrace Business-Managed Applications takes you down this path.

    However, if the business doesn’t want to manage applications, but just wants have access to better ones, IT is positioned to provide services for application and equipment sourcing that will improve the employee experience while ensuring applications and equipment are fully managed by the asset, service, and security teams.

    Improving the request management and deployment practice can give the business what they need without forcing them to manage license agreements, renewals, and warranties.

    Photo of Sandi Conrad

    Sandi Conrad
    ITIL Managing Professional
    Principal Research Director, IT Infrastructure & Operations,
    Info-Tech Research Group

    Your challenge

    This research is designed to help organizations that are looking to improve request management processes and reduce shadow IT.

    Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.

    Renewal management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.

    Over-purchasing and over-spending: Contracts may be renewed without a clear picture of utilization, potentially renewing unused applications. Applications or equipment may be purchased at retail price where corporate, government, or educational discounts exist.

    Info-Tech Insight

    To increase the visibility of the IT environment, IT needs to transform the request management process to create a service that makes it easier for the business to access the tools they need rather than seeking them outside of the organization.

    609
    Average number of SaaS applications in large enterprises

    40%
    On average, only 60% of provisioned SaaS licenses are used, with the remaining 40% unused.

    — Source: Zylo, SaaS Trends for IT Leaders, 2022

    Common obstacles

    Too many layers of approvals and a lack of IT workers makes it difficult to rethink service request fulfillment.

    Delays: The business may not be getting the applications they need from IT to do their jobs or must wait too long to get the applications approved.

    Denials: Without IT’s support, the business is finding alternative options, including SaaS applications, as they can be bought and used without IT’s input or knowledge.

    Threats: Applications that have not been vetted by security or installed without their knowledge may present additional threats to the organization.

    Access: Self-serve isn’t mature enough to support an applications catalog.

    A diagram that shows the number of SaaS applications being acquired outside of IT is increasing year over year, and that business units are driving the majority of SaaS spend.

    8: average number of applications entering the organization every 30 days

    — Source: Zylo, SaaS Trends for Procurement, 2022

    Info-Tech’s approach

    Improve the request management process to create sourcing-as-a-service for the business.

    • Improve customer service
    • Reduce shadow IT
    • Gain control in a way that keeps the business happy

    1. Design the service

    Collaborate with the business

    Identify the challenges and obstacles

    Gain consensus on priorities

    Design the service

    2. Design the catalog

    Determine catalog scope

    Create a process to build and maintain the catalog

    Define metrics for the request management process

    3. Build the catalog

    Determine descriptions for catalog items

    Create definitions for license types, workflows, and SLAs

    Create application portfolio

    Design catalog forms and workflows

    4. Market the service

    Create a roadmap

    Determine messaging

    Build a communications plan

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Communications Presentation

    Photo of Communications Presentation

    Application Portfolio

    Photo of Application Portfolio

    Visio Library

    Photo of Visio Library

    Nonstandard Request Assessment

    Photo of Nonstandard Request Assessment

    Create a request management process and service catalog to improve delivery of technology to the business

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    • Buy Link or Shortcode: {j2store}416|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $38,999 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Writing SOPs is the last thing most people want to do, so the work gets pushed down the priority list and the documents become dated.
    • Most organizations know it is good practice to have SOPs as it improves consistency, facilitates process improvement, and contributes to efficient operations.
    • Though the benefits are understood, many organizations don't have SOPs and those that do don't maintain them.

    Our Advice

    Critical Insight

    • Create visual documents, not dense SOP manuals.
    • Start with high-impact SOPs, and identify the most critical undocumented SOPs and address them first.
    • Integrate SOP creation into project requirements and create SOP approval steps to ensure documentation is reviewed and completed in a timely fashion.

    Impact and Result

    • Create visual documents that can be scanned. Flowcharts, checklists, and diagrams are quicker to create, take less time to update, and are ultimately more usable than a dense manual.
    • Use simple but effective document management practices.
    • Make SOPs part of your project deliverables rather than an afterthought. That includes checking documentation status as part of your change management process.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind – Make SOPs work for you with visual documents that are easier to create and more effective for process management and optimization.

    Learn best practices for creating, maintaining, publishing, and managing effective SOP documentation.

    • Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind – Phases 1-3

    2. Standard Operating Procedures Workbook and Document Management Checklist – Prioritize, optimize, and document critical SOPs.

    Identify required documentation and prioritize them according to urgency and impact.

    • Standard Operating Procedures Workbook
    • Document Management Checklist

    3. Process Templates and Examples – Review and assess templates to find samples that are fit for purpose.

    Review the wide variety of samples to see what works best for your needs.

    • Standard Operating Procedures Project Roadmap Tool
    • System Recovery Procedures Template
    • Application Development Process – AppDev Example (Visio)
    • Application Development Process – AppDev Example (PDF)
    • Network Backup for Atlanta Data Center – Backups Example
    • DRP Recovery Workflow Template (PDF)
    • DRP Recovery Workflow Template (Visio)
    • Employee Termination Process Checklist – IT Security Example
    • Sales Process for New Clients – Sales Example (Visio)
    • Sales Process for New Clients – Sales Example (PDF)
    • Incident and Service Management Procedures – Service Desk Example (Visio)
    • Incident and Service Management Procedures – Service Desk Example (PDF)
    [infographic]

    Further reading

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Change your focus from satisfying auditors to driving process optimization, consistent IT operations, and effective knowledge transfer.

    Project Outline

    Two flowcharts are depicted. The first is labelled 'Executive Brief' and the second is labelled 'Tools and Templates Roadmap'. Both outline the following project.

    ANALYST PERSPECTIVE

    Do your SOPs drive process optimization?

    "Most organizations struggle to document and maintain SOPs as required, leading to process inconsistencies and inefficiencies. These breakdowns directly impact the performance of IT operations. Effective SOPs streamline training and knowledge transfer, improve transparency and compliance, enable automation, and ultimately decrease costs as processes improve and expensive breakdowns are avoided. Documenting SOPs is not just good practice; it directly impacts IT efficiency and your bottom line."

    Frank Trovato, Senior Manager, Infrastructure Research Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • IT Process Owners
    • IT Infrastructure Managers
    • IT Service Managers
    • System Administrators
    • And more…

    This Research Will Help You:

    • Identify, prioritize, and document SOPs for critical business processes.
    • Discover opportunities for overall process optimization by documenting SOPs.
    • Develop documentation best practices that support ongoing maintenance and review.

    This Research Will Also Assist:

    • CTOs
    • Business unit leaders

    This Research Will Help Them:

    • Understand the need for and value of documenting SOPs in a usable format.
    • Help set expectations around documentation best practices.
    • Extend IT best practices to other parts of the business.

    Executive summary

    Situation

    • Most organizations know it is good practice to have SOPs as it improves consistency, facilitates process improvement, and contributes to efficient operations.
    • Though the benefits are understood, many organizations don't have SOPs and those that do don't maintain them.

    Complication

    • Writing SOPs is the last thing most people want to do, so the work gets pushed down the priority list and the documents become dated.
    • Promoting the use of SOPs can also face staff resistance as the documentation is seen as time consuming to develop and maintain, too convoluted to be useful, and generally out of date.

    Resolution

    • Overcome staff resistance while implementing a sustainable SOP documentation approach by doing the following:
      • Create visual documents that can be scanned. Flowcharts, checklists, and diagrams are quicker to create, take less time to update, and are ultimately more usable than a dense manual.
      • Use simple, but effective document management practices.
      • Make SOPs part of your project deliverables rather than an afterthought. That includes checking documentation status as part of your change management process.
    • Extend these principles to other areas of IT and business processes. The survey data and examples in this report include application development and business processes as well as IT operations.

    Info-Tech Insight

    1. Create visual documents, not dense SOP manuals.
    2. Start with high-impact SOPs. Identify the most critical undocumented SOPs and document them first.
    3. Integrate SOP creation into project requirements and create SOP approval steps to ensure documentation is reviewed and completed in a timely fashion.

    Most organizations struggle to create and maintain SOP documents, especially in North America, despite the benefits

    North American companies are traditionally more technology focused than process focused, and that is reflected in the approach to documenting SOPs.

    • An ad hoc approach to SOPs almost certainly means documents will be out of date and ineffective. The same is also true when updating SOPs as part of periodic concerted efforts to prepare for an audit, annual review, or certification process, and this makes the task more imposing.
    • Incorporating SOP updates as part of regular change management processes ensures documents are up to date and usable. This can also make reviews and audits much more manageable.

    'It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained.'

    – Gary Patterson, Consultant, Quorum Resources

    Organizations are most likely to update documents on an ad hoc basis or via periodic formal reviews. Less than 25% keep SOPs updated as needed.

    Graph depicting North America versus Asia and Europe practices of document updates

    Source: Info-Tech Research Group; N=104

    Document SOPs to improve knowledge transfer, optimize processes, and ultimately save money

    Benefits of documented SOPs Impact of undocumented/undefined SOPs
    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks). Without documented SOPs: Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff.
    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved. Without documented SOPs: IT automation built on poorly defined, unoptimized processes leads to inconsistent results.
    Compliance: Compliance audits are more manageable because the documentation is already in place. Without documented SOPs: Documenting SOPs to prepare for an audit becomes a major time-intensive project.
    Transparency: Visually documented processes answer the common business question of “why does that take so long?” Without documented SOPs: Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.
    Cost savings: Work can be assigned to the lowest level of support cost, IT operations achieve greater efficiency, and expensive breakdowns are avoided. Without documented SOPs: Work may be distributed uneconomically, money may be wasted through inefficient processes, and the organization is vulnerable to costly disruptions.

    COBIT, ISO, and ITIL aren’t a complete solution

    "Being ITIL and ISO compliant hasn’t solved our documentation problem. We’re still struggling."

    – Vendor Relationship Manager, Financial Services Industry

    • Adopting a framework such as ITIL, COBIT, or ISO doesn’t always mean that SOP documents are accurate, effective, or up to date.
    • Although these frameworks emphasize the importance of documenting processes, they tend to focus more on process development and requirements than on actual documentation. In other words, they deal more with what needs to be done than with how to do it.
    • This research will focus more on the documentation process itself – so how to go about creating, updating, optimizing, managing, and distributing SOP documents.

    Inadequate SOPs lead to major data loss and over $99,000 in recovery costs

    CASE STUDY 1

    Company A mid-sized US organization with over 1,000 employees

    Source Info-Tech Interview

    Situation

    • IT supports storage nodes replicated across two data centers. SOPs for backup procedures did not include an escalation procedure for failed backups or a step to communicate successful backups. Management was not aware of the issue and therefore could not address it before a failure occurred.

    Incident

    • Primary storage had a catastrophic failure, and that put pressure on the secondary storage, which then also failed. All active storage failed and the data corrupted. Daily backups were failing due to lack of disk space on the backup device. The organization had to resort to monthly tape backups.

    Impact

    • Lost 1 month of data (had to go back to the last tape backup).
    • Recovery also took much longer because recovery procedures were also not documented.
    • Key steps such as notifying impacted customers were overlooked. Customers were left unhappy not only with the outage and data loss but also the lack of communication.
    Hard dollar recovery costs
    Backup specialist (vendor) to assist with restoring data from tape $12,000
    Temps to re-enter 1 month of data $5,000
    Weekend OT for 4 people (approximately 24 hours per person) $5,538
    Productivity cost for affected employees for 1 day of downtime $76,923
    Total $99,462

    Intangible costs

    High “goodwill” impact for internal staff and customers.

    "The data loss pointed out a glaring hole in our processes – the lack of an escalation procedure. If I knew backups weren’t being completed, I would have done something about that immediately."

    – Senior Division Manager, Information Technology Division

    IT services company optimizes its SOPs using “Lean” approach

    CASE STUDY 2

    Company Atrion

    SourceInfo-Tech Interview

    Lean and SOPs

    • Standardized work is important to Lean’s philosophy of continuous improvement. SOPs allow for replication of the current best practices and become the baseline standard for member collaboration toward further improvements.
    • For more on Lean’s approach to SOPs, see “Lean Six Sigma Quality Transformation Toolkit (LSSQTT) Tool #17.”

    Atrion’s approach

    • Atrion is focused on documenting high-level processes that improve the client and employee experience or which can be used for training.
    • Cross-functional teams collaborate to document a process and find ways to optimize that SOP.
    • Atrion leverages visual documentation as much as possible: flowcharts, illustrations, video screen captures, etc.

    Outcomes

    • Large increase in usable, up-to-date documentation.
    • Process and efficiency improvements realized and made repeatable.
    • Success has been so significant that Atrion is planning to offer SOP optimization training and support as a service for its clients in the future.

    Atrion

    • Atrion provides IT services, solutions, and leadership to clients in the 250+ user range.
    • After adopting the Lean framework for its organization, it has deliberately focussed on optimizing its documentation.

    When we initiated a formal process efficiency program a little over a year ago and began striving towards a culture of continuous improvement, documenting our SOPs became key. We capture how we do things today and how to make that process more efficient. We call it current state and future state mapping of any process.

    – Michelle Pope, COO, Atrion Networking Corp.

    Strategies to overcome common documentation challenges

    Use Info-Tech’s methodology to streamline the SOP documentation process.

    Common documentation challenges Info-Tech’s methodology
    Where to start. For organizations with very few (if any) documented SOPs, the challenge is where to start. Apply a client focus to prioritize SOPs. Start with mission-critical operations, service management, and disaster recovery.
    Lack of time. Writing SOPs is viewed as an onerous task, and IT staff typically do not like to write documentation or lack the time. Use flowcharts, checklists, and diagrams over traditional dense manuals. Flowcharts, checklists, and diagrams take less time to create and maintain, and the output is far more usable than traditional manuals.
    Inconsistent document management. Documents are unorganized, e.g. hard to find documents, or you don’t know if you have the correct, latest version. Keep it simple. You don’t need a full-time SOP librarian if you stick to a simple, but consistent approach to documentation management. Simple is easier to follow (therefore, be consistent).
    Documentation is not maintained. More urgent tasks displace documentation efforts. There is little real motivation for staff to keep documents current. Ensure accountability at the individual and project level. Incorporate documentation requirements into performance evaluations, project planning, and change control procedures.

    Use this blueprint as a building block to complete these other Info-Tech projects

    Improve IT-Business Alignment Through an Internal SLA

    Understand business requirements, clarify capabilities, and close gaps.

    Standardize the Service Desk – Module 2 & 3

    Improve reporting and management of incidents and build service request workflows.

    Create a Right-Sized Disaster Recovery Plan

    Define appropriate objectives for DR, build a roadmap to close gaps, and document your incident response plan.

    Extend the Service Desk to the Enterprise

    Position IT as an innovator.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Create Visual SOP Documents – project overview

    1. Prioritize, optimize, and document critical SOPs 2. Establish a sustainable documentation process 3. Identify a content management solution
    Best-Practice Toolkit

    1.1 Identify and prioritize undocumented/outdated critical processes

    1.2 Reduce effort and improve usability with visual documentation

    1.3 Optimize and document critical processes

    2.1 Establish guidelines for identifying and organizing SOPs

    2.2 Write an SOP for creating and maintaining SOPs

    2.3 Plan SOP working sessions to put a dent into your documentation backlog

    3.1 Understand the options when it comes to content management solutions

    3.2 Use Info-Tech’s evaluation tool to determine the right approach for you

    Guided Implementations
    • Identify undocumented critical SOPs.
    • Understand the benefits of a visual approach.
    • Work through a tabletop exercise to document two visual SOP documents.
    • Establish documentation information guidelines.
    • Identify opportunities to create a culture that fosters SOP creation.
    • Address outstanding undocumented SOPs by working through process issues together.
    • Review your current approach to content management and discuss possible alternatives.
    • Evaluate options for a content management strategy, in the context of your own environment.
    Onsite Workshop Module 1:

    Identify undocumented critical processes and review the SOP mapping process.

    Module 2:

    Review and improve your documentation process and address your documentation backlog.

    Module 3:

    Evaluate strategies for publishing and managing SOP documentation.

    Phase 1 Outcome:
      Review and implement the process for creating usable SOPs.
    Phase 2 Outcome:
      Optimize your SOP maintenance processes.
    Phase 3 Outcome:
      Choose a content management solution that meets your needs.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Prep Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities Scope the SOP pilot and secure resources
    • Identify the scope of the pilot project.
    • Develop a list of processes to document.
    • Ensure required resources are available.
    Prioritize SOPs and review methodology

    1.1 Prioritize undocumented SOPs.

    1.2 Review the visual approach to SOP planning.

    1.3 Conduct a tabletop planning exercise.

    Review SOPs and identify process gaps

    2.1 Continue the tabletop planning exercise with other critical processes.

    2.2 Conduct a gap analysis to identify solutions to issues discovered during SOP mapping.

    Identify projects to meet process gaps

    3.1 Develop a prioritized project roadmap to address gaps.

    3.2 Define a process for documenting and maintaining SOPs.

    3.3 Identify and assign actions to improve SOP management and maintenance.

    Set next steps and put a dent in your backlog

    4.1 Run an SOP working session with experts and process owners to put a dent in the documentation backlog.

    4.2 Identify an appropriate content management solution.

    Deliverables
    1. Defined scope for the workshop.
    2. A longlist of key processes.
    1. Undocumented SOPs prioritized according to business criticality and current state.
    2. One or more documented SOPs.
    1. One or more documented SOPs.
    2. Gap analysis.
    1. SOP Project Roadmap.
    2. Publishing and Document Management Solution Evaluation Tool.
    1. Multiple documented SOPs.
    2. Action steps to improve SOP management and maintenance.

    Measured value for Guided Implementations (GIs)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value
    Phase 1: Prioritize, optimize, and document critical SOPs
    • Time, value, and resources saved using Info-Tech’s methodology to prioritize and document SOPs in the ideal visual format.
    • For example, 4 FTEs*4 days*$80,000/year = $5,120
    Phase 2: Establish a sustainable documentation process
    • Time, value, and resources saved using our tools and methodology to implement a process to ensure SOPs are maintained, accessible, and up to date.
    • For example: 4 FTEs*5 days*$80,000/year = $6,400
    Phase 3: Identify a content management solution
    • Time, value, and resources saved using our best-practice guidance and tools to select an approach and solution to manage your organization’s SOPs.
    • For example: 2 FTEs*5 days*$80,000/year = $3,200
    Total Savings $14,720

    Note: Documenting SOPs provides additional benefits that are more difficult to quantify: reducing the time spent by staff to find or execute processes, improving transparency and accountability, presenting opportunities for automation, etc.

    Phase 1

    Prioritize, Optimize, and Document Critical SOPs

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prioritize, optimize, and document critical SOPs

    Proposed Time to Completion (in weeks): 2 weeks

    Step 1.1: Prioritize SOPs

    Start with an analyst kick off call:

    • Apply a client focus to critical IT services.
    • Identify undocumented, critical SOPs.

    Then complete these activities…

    • Rank and prioritize your SOP documentation needs.

    With this template:

    Standard Operating Procedures Workbook

    Step 1.2: Develop visual documentation

    Review findings with analyst:

    • Understand the benefits of a visual approach.
    • Review possibilities for visual documentation.

    Then complete these activities…

    • Identify formats that can improve your SOP documentation.

    With these templates:

    • Example DRP Process Flows
    • Example App Dev Process And more…

    Step 1.3: Optimize and document critical processes

    Finalize phase deliverable:

    • Two visual SOP documents, mapped using a tabletop exercise.

    Then complete these activities…

    • Create the visual SOP.
    • Review and optimize the process.

    With this tool:

    SOP Project Roadmap Tool

    Phase 1 Results & Insights:

    Identify opportunities to deploy visual documentation, and follow Info-Tech’s process to capture steps, gaps, and opportunities to improve IT processes.

    Focus first on client-facing and high-impact SOPs

    IT’s number one obligation to internal and external customers is to keep critical services running – that points to mission-critical operations, service management, and disaster recovery.

    Topic Description
    Mission-critical operations
    • Maintenance processes for mission-critical systems (e.g. upgrade procedures, batch processing, etc.).
    • Client-facing services with either formal or informal SLAs.
    • Change management – especially for mission-critical systems, change management is more about minimizing risk of downtime than expediting change.
    Service management
    • Service desk procedures (e.g. ticket assignment and issue response).
    • Escalation procedures for critical outages.
    • System monitoring.
    Disaster recovery procedures
    • Management-level incident response plans, notification procedures, and high-level failover procedures (e.g. which systems must come up first, second, third).
    • Recovery or failover procedures for individual systems.
    • Backup and restore procedures – to ensure backups are available if needed.

    Understand what makes an application or service mission critical

    When email or a shared drive goes down, it may impact productivity, but may not be a significant impact to the business. Ask these questions when assessing whether an application or service is mission critical.

    Criteria Description
    Is there a hard-dollar impact from downtime?
    • For example, when an online catalog system goes down, it impacts sales and therefore revenue. Without determining the actual financial impact, you can make an immediate assessment that this is a Gold system.
    • By contrast, loss of email may impact productivity but may not affect revenue streams, depending on your business. A classification of Silver is most likely appropriate.
    Impact on goodwill/customer trust?
    • If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems Gold status.
    Is regulatory compliance a factor?
    • If a system requires redundancy and/or high availability due to legal or regulatory compliance requirements, it may need to be classified as a Gold system.
    Is there a health or safety risk?
    • For example, police and medical organizations have systems that are mission critical due to their impact on health and safety rather than revenue or cost, and therefore are classified as Gold systems. Are there similar considerations in your organization?

    "Email and other Windows-based applications are important for our day-to-day operations, but they aren’t critical. We can still manufacture and ship clothing without them. However, our manufacturing systems, those are absolutely critical"

    – Bob James, Technical Architect, Carhartt, Inc.

    Create a high-level risk and benefit scale

    1.1a

    15 minutes

    Define criteria for high, medium, and low risks and benefits, as shown in the example below. These criteria will be used in the upcoming exercises to rank SOPs.

    Note: The goal in this section is to provide high-level indicators of which SOPs should be documented first, so a high-level set of criteria is used. To conduct a detailed business impact analysis, see Info-Tech’s Create a Right-Sized Disaster Recovery Plan.

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Risk to the business Score
    Low: Affects ad hoc activities or non-critical data. 1
    Moderate: Impacts productivity and internal goodwill. 2
    High: Impacts revenue, safety, and external goodwill. 3
    Benefit (e.g. productivity improvement) Score
    Low: Minimal impact. 1
    Moderate: Items with short-term or occasional applicability, so limited benefit. 2
    High: Save time for common or ongoing processes, and extensive improvement to training/knowledge transfer. 3

    Identify and prioritize undocumented mission-critical operations

    1.1b

    15 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. List your top three–five mission critical applications or services.
    3. Identify relevant SOPs that support those applications or services.
    4. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    5. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting mission-critical operations

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Application SOPs Status Risk Benefit
    Enterprise Resource Planning (ERP)
    • System administration (user administration, adding projects, etc.).
    Red 1 2
    • System upgrades (including OS upgrades and patches).
    Red 2 2
    • Report generation.
    Green n/a n/a
    Network services
    • Network monitoring (including fault detection).
    Yellow 3 2
    • Network upgrades.
    Red 2 1
    • Backup procedures.
    Yellow 3 1

    Identify and prioritize undocumented service management procedures

    1.1c

    15 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. Identify service management SOPs.
    3. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    4. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting service management

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Service Type SOPs Status Risk Benefit
    Service Request
    • Software install
    Red 3 1
    • Software update
    Yellow 3 1
    • New hardware
    Green n/a n/a
    Incident Management
    • Ticket entry and triage
    Yellow 3 2
    • Ticket escalation
    Red 2 1
    • Notification for critical issues
    Yellow 3 1

    Identify and prioritize undocumented DR procedures

    1.1d

    20 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. Identify DR SOPs.
    3. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    4. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting DR

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    DR Phase SOPs Status Risk Benefit
    Discovery and Declaration
    • Initial detection and escalation
    Red 3 1
    • Notification procedures to Emergency Response Team (ERT)
    Yellow 3 1
    • Notification procedures to staff
    Green n/a n/a
    Recover Gold Systems
    • ERP recovery procedures
    Red 2 2
    • Corporate website recovery procedures
    Yellow 3 2
    Recover Silver Systems
    • MS Exchange recovery procedures
    Red 2 1

    Select the SOPs to focus on for the first round of documentation

    1.1e

    20 minutes

    1. Identify two significantly different priority 1 SOPs to document during this workshop. It’s important to get a sense of how the Info-Tech templates and methodology can be applied to different types of SOPs.
    2. Rank the remaining SOPs that you still need to address post-workshop by priority level within each topic area.

    INPUT

    • SOP analysis from activities 1.1 and 1.2

    OUTPUT

    • A shortlist of critical, undocumented SOPs to review later in this phase

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Category Area SOPs Status Risk Benefit
    Disaster Recovery Procedures Discovery and Declaration
    • Initial detection and escalation
    Red 3 1
    • Notification procedures to ERT
    Yellow 3 1
    Mission-Critical Operations Network Services
    • Network monitoring (including fault detection)
    Yellow 3 2
    Service Management Procedures Incident Management
    • Ticket entry and triage
    Yellow 3 2

    Change the format of your documentation

    Which document is more effective? Which is more likely to be used?

    "The end result for most SOPs is a 100-page document that makes anyone but the author want to stab themselves rather than read it. Even worse is when you finally decide to waste an hour of your life reading it only to be told afterwards that it might not be quite right because Bob or Stan needed to make some changes last year but never got around to it."

    – Peter Church, Solutions Architect

    Create visual-based documentation to improve usability and effectiveness

    "Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

    – Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

    SOPs, including those that support your disaster recovery plan (DRP), are often created to meet certification requirements. However, this often leads to lengthy overly detailed documentation that is geared to auditors and business leaders, not IT staff trying to execute a procedure in a high-pressure, time-sensitive scenario.

    Staff don’t have time to flip through a 300-page manual, let alone read lengthy instructions, so organizations are transforming monster manuals into shorter, visual-based documentation. Benefits include:

    • Quicker to create than lengthy manuals.
    • Easier to be absorb, so they are more usable.
    • More likely to stay up to date because they are easier to maintain.

    Example: DRPs that include visual SOPs are easier to use — that leads to shorter recovery times and fewer mistakes.

    Chart is depicted showing the success rates of traditional manuals versus visual documentation.

    Use flowcharts for process flows or a high-level view of more detailed procedures

    • Flowcharts depict who does what and when; they provide an at-a-glance view that is easy to follow and makes task ownership clear.
    • Use swim lanes, as in this example, to indicate process stages and task ownership.
    • For experienced staff, a high-level reminder of process flows or key steps is sufficient.
    • Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation, other flowcharts, etc.).

    See Info-Tech’s Incident and Service Management Procedures – Service Desk Example.

    "Flowcharts are more effective when you have to explain status and next steps to upper management."

    – Assistant Director-IT Operations, Healthcare Industry

    Example: SOP in flowchart format

    A flowchart is depicted as an example flowchart. This one is an SOP flowchart labelled 'Triage Process - Incidents'

    Review your options for diagramming software

    Many organizations look for an option that easily integrates with the MS Office suite. The default option is often Microsoft Visio.

    Pros:

    • Easy to learn and use.
    • Has a wide range of features and capabilities.
    • Comes equipped with a large collection of stencils and templates.
    • Offers the convenience of fluid integration with the MS Office Suite.

    Cons:

    • Isn’t included in any version of the MS Office Suite and can be quite expensive to license.
    • Not available for Mac or Linux environments.

    Consider the options below if you’re looking for an alternative to Microsoft Visio:

    Desktop Solutions

    • Dia Diagram Editor
    • Diagram Designer
    • LibreOffice Draw
    • Pencil Project
    • yEd Graph Editor

    • Draw.io
    • Creately
    • Gliffy
    • LucidChart

    Note: No preference or recommendation is implied from the ordering of the options above.

    This list is not intended to be comprehensive.

    Evaluate different solutions to identify one that works for you

    Use the criteria below to identify a flowchart software that fits your needs.

    Criteria Description
    Platform What platform(s) can run the software?
    Description What use cases are identified by the vendor – and do these cover your needs for documenting your SOPs? Is the software open source?
    Features What are the noteworthy features and characteristics?
    Usability How easy is the program to use? What’s the learning curve like? How intuitive is the design?
    Templates and Stencils Availability of templates and stencils.
    Portability Can the solution integrate with other pieces of software? Consider whether other tools can view, open, and/or edit documents; what file formats can be published, etc.
    Cost Cost of the software to purchase or license.

    Use checklists to streamline step-by-step procedures

    • Checklists are ideal when staff just need a reminder of what to do, not how to do it.
    • Remember your audience. You aren’t pulling in a novice to run a complex procedure, so all you really need here are a series of reminders.
    • Where more detail is required, include links to supporting documentation.
    • Note that a flowchart can often be used instead of a checklist, depending on preference.

    For two different examples of a checklist template, see:

    Image depicting an example checklist. This checklist depicts an employee termination checklist

    Use topology diagrams to capture network layout, integrations, and system information

    • Organizations commonly have network topology diagrams for reference purposes, so this is just a re-use of existing resources.
    • Physically label real world equipment to correspond to topology diagrams. While these labels will be redundant for most IT employees, they help give clarity and confidence when changes are being made.
    • If your topology diagrams are housed in a tool such as a systems management product, then export the diagrams so they can be included in your SOP documentation suite.

    "Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them."

    The image shows a topology organization diagram as an example network layout

    Use screen captures and tutorials to facilitate training for applications and SOPs

    • Screen capture tutorials or videos are effective for training staff on applications. For example, create a screen capture tutorial to train staff on the use of a help desk application and your company’s specific process for using that tool.
    • Similarly, create tutorials to train end users on straightforward “technical” tasks (e.g. setting up their VPN connection) to reduce the demand on IT staff.
    • Tutorials can be created quickly and easily with affordable software such as Snag-It, ScreenHunter Pro, HyperSnap, PicPick, FastStone, Ashampoo Snap 6, and many others.

    "When contractors come onboard, they usually don't have a lot of time to learn about the organization, and we have a lot of unique requirements. Creating SOP documents with screenshots has made the process quicker and more accurate."

    – Susan Bellamore, Business Analyst, Public Guardian and Trustee of British Columbia

    The image is an example of a screen caption tutorial, depicting desktop icons and a password login

    Example: Disaster recovery notification and declaration procedure

    1. Swim lanes indicate task ownership and process stages.
    2. Links to supporting documentation (which could include checklists, vendor documentation, other flowcharts, etc.) are included where necessary.
    3. Additional DR SOPs are captured within the same spreadsheet for convenient, centralized access.

    Review Info-Tech’s Incident Response and Recovery Process Flows – DRP Example.

    Example: DRP flowchart with links to supporting documents

    The image is an example of an DRP flowchart labelled 'Initial Discovery/Notification and Declaration Procedures'

    Establish flowcharting standards

    If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

    Start, End, and Connector. Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.

    Start, End. Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.

    Process Step. Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the sub-process symbol and flowchart the sub-process separately.

    Sub-Process. A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a sub-process, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).

    Decision. Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).

    Document/Report Output. For example, the output from a backup process might include an error log.

    Conduct a tabletop planning exercise to build an SOP

    1.3a

    20 minutes

    Tabletop planning is a paper-based exercise where your team walks through a particular process and maps out what happens at each stage.

    1. For this exercise, choose one particular process to document.
    2. Document each step of the process using cue cards, which can be arranged on the table in sequence.
    3. Be sure to include task ownership in your steps.
    4. Map out the process as it currently happens – we’ll think about how to improve it later.
    5. Keep focused. Stay on task and on time.

    OUTPUT

    • Steps in the current process for one SOP

    Materials

    • Tabletop, pen, and cue cards

    Participants

    • Process Owners
    • SMEs

    Info-Tech Insight

    Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

    The image depicts three cue cards labelled steps 3 to 5. The cue cards are examples of the tabletop planning exercise.

    Collaborate to optimize the SOP

    1.3b

    20 minutes

    Review the tabletop exercise. What gaps exist in current processes?

    How can the process be made better? What are the outputs and checkpoints?

    The image depicts five cue cards, two of which are examples on how to improve the process. This is an example of the tabletop exercise.

    OUTPUT

    • Identify steps to optimize the SOP

    Materials

    • Tabletop, pen, and cue cards

    Participants

    • Process Owners
    • SMEs

    A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

    If it’s necessary to clarify complex process flows during the exercise, also use green cards for decision diamonds, purple for document/report outputs, and blue for sub-processes.

    Capture opportunities to improve processes in the Standard Operating Procedures Project Roadmap Tool

    1.3

    Rank and track projects to close gaps you discover in your processes.

    1. As a group, identify potential solutions to close the gaps in your processes that you’ve uncovered through the tabletop mapping exercise.
    2. Add these project names to the Standard Operating Procedures Project Roadmap Tool on the “Project Scoring” tab.
    3. Review and adjust the criteria for evaluating the benefits and costs of different projects on the “Scoring Criteria” tab.
    4. Return to the “Project Scoring” tab, and assign weights at the top of each scoring column. Use the drop-down menus to adjust the scores for each project category. The tool will automatically rank the projects based on your input, but you can adjust the ranks as needed.
    5. Assign dates and descriptions to the projects on the “Implementation Schedule” tab, below.
    The image depicts a graph showing an example of ranked and tracked projects.

    Identify gaps to improve process performance and make SOP documentation a priority

    CASE STUDY

    Industry Government (700+ FTEs)
    Source Info-Tech Workshop

    Challenge

    • Tabletop planning revealed a 77-hour gap between current and desired RTO for critical systems.
    • Similarly, the current achievable RPO gap was up to one week, but the desired RPO was one hour.
    • A DR site was available but not yet set up with the necessary equipment.
    • Lack of documented standard operating procedures (SOPs) was identified as a risk since that increased the dependence on two or three key SMEs.

    Solution

    • Potential projects to close RTO/RPO gaps were identified, including:
      • Deploy servers that were decommissioned (as a result of a server refresh) to the DR site as warm standby servers.
      • Implement site-to-site data replication.
      • Document SOPs to enable tasks to be delegated and minimize resourcing risks.

    Results

    • A DR project implementation schedule was defined.
    • Many of the projects required no further investment, but rather deployment of existing equipment that could function as standby equipment at the DR site.
    • The DR risk from a lack of SOPs enabled SOPs to be made a priority. An expected side benefit is the ability to review and optimize processes and improve consistency in IT operations.

    Document the SOPs from the tabletop exercise

    1.3c

    20 minutes

    Document the results from the tabletop exercise in the appropriate format.

    1. Identify an appropriate visual format for the high-level SOP as well as for any sub-processes or supporting documentation.
    2. Break into groups of two or three.
    3. Each group will be responsible for creating part of the SOP. Include both the high-level SOP itself and any supporting documentation such as checklists, sign-off forms, sub-processes, etc.
    4. Once your document is complete, exchange it with that of another group. Review each other’s documents to check for clarity and completeness.

    OUTPUT

    • Output from activities 1.4 and 1.5

    Materials

    • Flowcharting software, laptops

    Participants

    • Process Owners
    • SMEs

    This image has four cue cards, and an arrow pointing to a flowchart, depicting the transfer of the information on the cue cards into a flowchart software

    Repeat the tabletop exercise for the second process

    Come back together as a large group. Choose a process that is significantly different from the one you’ve just documented, and repeat the tabletop exercise.

    As a reminder, the steps are:

    1. Use the tabletop exercise to map out a current SOP.
    2. Collaborate to optimize the SOP.
    3. Decide on appropriate formats for the SOP and its supporting documents.
    4. Divide into small groups to create the SOP and its supporting documents.
    5. Repeat the steps above as needed for your initial review of critical processes.

    Info-Tech Insight

    If you plan to document more than two or three SOPs at once, consider making it an SOP “party” to add momentum and levity to an otherwise dry process. Review section 2.3 to find out how.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1a-e

    Get started by prioritizing SOPs

    Ensure the SOP project remains business focused, and kick off the project by analyzing critical business services. Identify key IT services that support the relevant business services. Conduct a benefit/risk analysis to prioritize which SOPs should become the focus of the workshop.

    1.3a-c

    Document the SOPs from the tabletop exercise

    Leverage a tabletop planning exercise to walk the team through the SOP. During the exercise, focus on identifying timelines, current gaps, and potential risks. Document the steps via que cards first and transpose the hard copies to an electronic version.

    Phase 2

    Establish a Sustainable Documentation Process

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Establish a sustainable SOP documentation process

    Proposed Time to Completion (in weeks): 4 weeks

    Step 2.1: Establish guidelines for identifying and organizing SOPs

    Start with an analyst call:

    • Establish documentation information guidelines.
    • Review version control best practices.

    Then complete these activities…

    • Implement best practices to identify and organize your SOPs.

    With these tools & templates:

    • SOP Workbook

    Step 2.2: Define a process to document and maintain SOPs

    Review findings with analyst:

    • Identify opportunities to create a culture that fosters SOP creation.

    Then complete these activities…

    • Create a plan to address SOP documentation gaps.

    With these tools & templates:

    • Document Management Checklist

    Step 2.3: Plan time with experts to put a dent in your documentation backlog

    Finalize phase deliverable:

    • Address outstanding undocumented SOPs by working through process issues together.

    Then complete these activities…

    • Organize and run a working session to document and optimize processes.

    With these tools & templates:

    • SOP Workbook
    • SOP Project Roadmap Tool

    Phase 2 Results & Insights:

    Improve the process for documenting and maintaining your SOPs, while putting a dent in your documentation backlog and gaining buy-in with staff.

    Identify current content management practices and opportunities for improvement

    DISCUSS

    What is the current state of your content management practices?

    Are you using a content management system? If not, where are documents kept?

    Are your organizational or departmental SOPs easy to find?

    Is version control a problem? What about file naming standards?

    Get everyone on the same page on the current state of your SOP document management system, using the questions above as the starting point.

    Keep document management simple for better adoption and consistency

    If there is too much complexity and staff can’t easily find what they need, you won’t get buy-in and you won’t get consistency.

    Whether you store SOPs in a sophisticated content management system (CMS) or on a shared network drive, keep it simple and focus on these primary goals:

    • Enable staff to find the right document.
    • Know if a document is the latest, approved version.
    • Minimize document management effort to encourage buy-in and consistency.

    If users can’t easily find what they need, it leads to bad practices. For example:

    • Users maintain their own local copies of commonly used documents to avoid searching for them. The risk is that local copies will not be automatically updated when the SOP changes.
    • Separate teams will implement their own document management system and repository. Now you have duplication of effort and company resources, multiple copies of documents (where each group needs their own version), and no centralized control over potentially sensitive documents.
    • Users will ignore documented SOPs or ask a colleague who might also be following the above bad practices.

    Insert a document information block on the first page of every document to identify key attributes

    Include a document information block on the first page of every document to identify key attributes. This strategy is as much about minimizing resistance as it is ensuring key attributes are captured.

    • A consistent document information block saves time (e.g. vs. customized approaches per document). If some fields don’t apply, enter “n/a.”
    • It provides key information about the document without having to check soft copy metadata, especially if you work with hard copies.
    • It’s a built-in reminder of what to capture and easier than updating document properties or header/footer information or entering metadata into a CMS.

    Note: The Info-Tech templates in this blueprint include a copy of the document information block shown in this example. Add more fields if necessary for your organization’s needs.

    For an example of a completed document information block, see Network Backup for Atlanta Data Center – Backups Example

    Info-Tech Insight

    For organizations with more advanced document management requirements, consider more sophisticated strategies (e.g. using metadata) as described in Info-Tech’s Use SharePoint for Enterprise Content Management and Reintroduce the Information Lifecycle to the Content Management Strategy. However, the basic concepts above still apply: establish standard attributes you need to capture and do so in a consistent manner.

    Modify the Info-Tech document information block to meet your requirements

    2.1a

    15 minutes

    1. Review “Guidelines and Template for the Document Information Block” in the Standard Operating Procedures Workbook. Determine if any changes are required, such as additional fields.
    2. Identify which fields you want to standardize and then establish standard terms. Balance the needs for simplicity and consistency – don’t force consistency where it isn’t a good fit.
    3. Pre-fill the document information block with standard terms and examples and add it to an SOP template that’s stored in your content management system.

    Educate staff by pre-filling the document

    • Providing examples built into the templates provides in-context, just-in-time training which is far more effective and easier than formal education efforts.
    • Focus your training on communicating when the template or standard terms change so that staff know to obtain the new version. Otherwise, the tendency for many staff will be to use one of their existing documents as their template.

    OUTPUT

    • Completed document information block

    Materials

    • Laptop
    • Projector

    Participants

    • Process Owners
    • SMEs

    Leverage the document information block to create consistent filenames that facilitate searching

    Use the following filename format to create consistent, searchable, and descriptive filenames:

    Topic – Document Title – Document Type – Version Date

    Filename Component Purpose
    Topic
    • Functions as a filename prefix to group related documents but is also a probable search term. For project work, use a project name/number.
    Document Title
    • The title should be fairly descriptive of the content (if it isn’t, it’s not a good title) so it will help make the file easily identifiable and will include more probable search terms.
    Document Type Further distinguishes similar files (e.g. Maintenance SOP vs. a Maintenance Checklist).
    Version Date (for local files or if not using a CMS)
    • If it’s necessary to work on a file locally, include the version date at the end of the filename. The date is a more recognizable indicator of whether it’s the latest version or an old copy.
    • Establish a standard date format. Although MM-DD-YY is common in the US, the format YYYY-MM-DD reduces confusion between the month and day.

    For example:

    • ERP – System Administration Monthly Maintenance Tasks – Checklist – 2016-01-15.docx
    • ERP – System Administration Monthly Maintenance Tasks – SOP – 2017-01-10.docx
    • Backups – Network Backup Procedure for Atlanta Data Center – SOP – 2017-03-06.docx
    • PROJ437 – CRM Business Requirements – BRD – 2017-02-01.xlsx
    • DRP – Notification Procedures – SOP – 2016-09-14.docx
    • DRP – Emergency Response Team Roles and Responsibilities – Reference – 2018-03-10.xlsx

    Apply filename and document information block guidelines to existing SOPs

    2.1b

    15 minutes

    1. Review the SOPs created during the earlier exercises.
    2. Update the filenames and document information block based on guidelines in this section.
    3. Apply these guidelines to other select existing SOPs to see if additional modifications are required (e.g. additional standard terms).

    INPUT

    • Document Information Block

    OUTPUT

    • Updated filenames and document information blocks

    Materials

    • Laptop and projector

    Participants

    • Process Owners
    • SMEs

    Implement version control policies for local files as well as those in your content management system (CMS)

    1. Version Control in Your CMS

    2. Always keep one master version of a document:

    • When uploading a new copy of an existing SOP (or any other document), ensure the filenames are identical so that you are just adding a new version rather than a separate new file.
    • Do not include version information in the filename (which would create a new separate file in your CMS). Allow your CMS to handle version numbering.
  • Version Control for Local Files

  • Ideally, staff would never keep local copies of files. However, there are times when it is practical or preferable to work from a local copy: for example, when creating or updating an SOP, or when working remotely if the CMS is not easily accessible.

    Implement the following policies to govern these circumstances:

    • Add the version date to the end of the filename while the document is local, as shown in the slide on filenames.
    • Remove the date when uploading it to a CMS that tracks date and version. If you leave the date in the filename, you will end up with multiple copies in your CMS.
    • When distributing copies for review, upload a copy to the CMS and send the link. Do not attach a physical file.
  • Minimize the Need for Version Updates

  • Reduce the need for version updates by isolating volatile information in a separate, linked document. For example:

    • Use Policy documents to establish high-level expectations and goals, and use SOPs to capture workflow, but put volatile details in a separate reference document. For example, for Backup procedures, put offsite storage vendor details such as contact information, pick up times, and approved couriers in a separate document.
    • Similarly, for DRP Notification procedures, reference a separate contacts list.

    Modify the Info-Tech Document Management Checklist to meet your requirements

    2.1c

    15 minutes

    1. Review the Info-Tech Document Management Checklist.
    2. Add or remove checklist items.
    3. Update the document information block.

    OUTPUT

    • Completed document management checklist

    Materials

    • Laptop, projector

    Participants

    • Process Owners
    • SMEs

    See Info-Tech’s Document Management Checklist.

    If you aren’t going to keep your SOPs current, then you’re potentially doing more harm than good

    An outdated SOP can be just as dangerous as having no SOP at all. When a process is documented, it’s trusted to be accurate.

    • Disaster recovery depends as much on supporting SOPs – such as backup and restore procedures – as it does on a master incident response plan.
    • For disaster scenarios, the ability to meet recovery point objectives (i.e. minimize data loss) and recovery time objectives (i.e. minimize downtime) depends on smoothly executed recovery procedures and on having well-defined and up-to-date DR documentation and supporting SOPs. For example:
      • Recovery point (data loss) objectives are directly impacted by your backup procedures.
      • Recovery time is minimized by a well-defined restore procedure that reduces the risk of human error during recovery which could lead to data loss or a delay in the recovery.
      • Similarly, a clearly documented configuration procedure will reduce the time to bring a standby system online.
    A graph depicting the much faster recovery time of up-to-date SOPs versus out-of-date SOPs.

    Follow Info-Tech best practices to keep SOPs current and drive consistent, efficient IT operations

    The following best practices were measured in this chart, and will be discussed further in this section:

    1. Identify documentation requirements as part of project planning.
    2. Require a manager or supervisor to review and approve SOPs.
    3. Check documentation status as part of change management.
    4. Hold staff accountable.
    Higher adoption of Info-Tech best practices leads to more effective SOPs and greater benefits in areas such as training and process improvement.

    Graph depicting the efficiency of adopting Info-Tech practices regarding SOPs. Four categories of 'Training', 'process improvement', 'IT automation', and 'consistent IT operations' are shown increasing in efficiency with a high adoption of Info-Tech strategies.

    Info-Tech Insight

    Audits for compliance requirements have little impact on getting SOPs done in a timely manner or the actual usefulness of those SOPs, because the focus is on passing the audit instead of creating SOPs that improve operations. The frantic annual push to complete SOPs in time for an audit is also typically a much greater effort than maintaining documents as part of ongoing change management.

    Identify documentation requirements as part of project planning

    DISCUSS

    When are documentation requirements captured, including required changes to SOPs?

    Make documentation requirements a clearly defined deliverable. As with any other task, this should include:

    • Owner: The person ultimately responsible for the documentation.
    • Assigned resource: The person who will actually put pen to paper. This could be the same person as the owner, or the owner could be a reviewer.
    • Deadlines: Include documentation deliverables in project milestones.
    • Verification process: Validate completion and accuracy. This could be a peer review or management review.
    Example: Implement a new service desk application.
    • Service desk SOP documentation requirements: SOP for monitoring and managing tickets will require changes to leverage new automation features.
    • Owner: Service Desk Lead.
    • Assigned resource: John Smith (service desk technician).
    • Deadline: Align with “ready for QA testing.”
    • Verification process: Service Desk Lead document review and signoff.

    Info-Tech Insight

    Realistically, documentation will typically be a far less urgent task than the actual application or system changes. However, if you want the necessary documentation to be ultimately completed, even if it’s done after more urgent tasks, it must be tracked.

    Implement document approval steps at the individual and project level

    DISCUSS

    How do you currently review and validate SOP documents?

    Require a manager or supervisor to review and approve SOPs.

    • Avoid a bureaucratic review process involving multiple parties. The goal is to ensure accuracy and not just provide administrative protection.
    • A review by the immediate supervisor or manager is often sufficient. Their feedback and the implied accountability improve the quality and usefulness of the SOPs.

    Check documentation status as part of change management.

    • Including a documentation status check holds the project leaders and management accountable.
    • If SOPs are not critical to the project deliverable, then realistically the deliverable is not held back. However, keep the project open until relevant documents are updated so those tasks can’t be swept under the rug until the next audit.

    SOP reviews, change management, and identifying requirements led to benefits such as training and process improvement.

    A chart depicting the impact and benefits of SOP reviews, change management and identifying requirements. The chart is accompanied by a key for the grey to blue colours depicted

    "Our directors and our CIO have tied SOP work to performance evaluations and SOP status is reviewed during management meetings. People have now found time to get this work done."

    – Assistant Director-IT Operations, Healthcare Industry

    Review SOPs regularly and assign a process owner to avoid reinforcing silos

    CASE STUDY

    Industry

    Public service organization

    Source

    Info-Tech client engagement

    Situation

    • The organization’s IT department consists of five heavily siloed units.
    • Without communication or workflow accountability across units, each had developed incompatible workflows, making estimates of “time to resolution” for service requests difficult.
    • The IT service manager purchases a new service desk tool, attempting to standardize requests across IT to improve efficiency, accountability, and transparency.

    Complication

    • The IT service manager implements the tool and creates standardized workflows without consulting stakeholders in the different service units.
    • The separate units immediately rebel against the service manager and try to undermine the implementation of the new tool.

    Results

    • Info-Tech analysts helped to facilitate a solution between experts in the different units.
    • In order to develop a common workflow and ticket categorization scheme, Info-Tech recommended that each service process should have a single approver.

    The bottom line: ensure that there’s one approver per process to drive process efficiency and accountability and avoid problems down the road.

    Hold staff accountable to encourage SOP work to be completed in a timely manner

    DISCUSS

    Are SOP updates treated as optional or “when I have time” work?

    Hold staff directly accountable for SOP work.

    Holding staff accountable is really about emphasizing the importance of ensuring SOPs stay current. If management doesn’t treat SOPs as a priority, then neither will your staff. Strategies include:

    • Include SOP work in performance appraisals.
    • Keep relevant tickets open until documentation is completed.
    • Ensure documents are reviewed, as discussed earlier.
    • Identify and assign documentation tasks as part of project planning efforts, as discussed earlier.

    Holding staff accountable minimizes procrastination and therefore maintenance effort.

    Chart depicting the impact on reducing SOP maintenance effort followed by a key defining the colours on the chart

    Info-Tech Insight

    Holding staff accountable does not by itself make a significant impact on SOP quality (and therefore the typical benefits of SOPs), but it minimizes procrastination, so the work is ultimately done in a more timely manner. This ensures SOPs are current and usable, so they can drive benefits such as consistent operations, improved training, and so on.

    Assign action items to address SOP documentation process challenges

    2.2

    1. Discuss the challenges mentioned at the start of this section, and other challenges highlighted by the strategies discussed in this section. For example:
    • Are documentation requirements included in project planning?
    • Are SOPs and other documentation deliverables reviewed?
    • Are staff held accountable for documentation?
  • Document the challenges in your copy of the Standard Operating Procedures Workbook and assign action items to address those challenges.
  • Challenge Action Items Action Item Owner
    Documentation requirements are identified at the end of a project.
    • Modify project planning templates and checklists to include “identify documentation requirements.”
    Bob Ryan
    SOPs are not reviewed.
    • When assigning documentation tasks, also assign an owner who will be responsible for reviewing and approving the deliverable.
    • Create a mechanism for officially signing off on the document (e.g. email approval or create a signoff form).
    Susan Jones

    An “SOP party” fosters a collaborative approach and can add some levity to an otherwise dry exercise

    What is an SOP party?

    • An SOP party is a working session, bringing together process owners and key staff to define current SOPs and collaborate to identify optimization opportunities.
    • The party aspect is really just about how you market the event. Order in food or build in a cooking contest (e.g. a chilli cook-off or dessert bake-off) to add some fun to what can be a dry activity.

    Why does this work?

    • Process owners become so familiar with their tasks that many of the steps essentially live in their heads. Questions from colleagues draw out those unwritten steps and get them down on paper so another sufficiently qualified employee could carry out the same steps.
    • Once the processes are defined (e.g. via a tabletop exercise), input from colleagues can help identify risks and optimization opportunities, and process questions can be quickly answered because the key people are all present.
    • The group approach also promotes consistency and enables you to set expectations (e.g. visual-based approach, standards, level of detail, etc.).

    When is collaboration necessary (e.g. via tabletop planning)?

    • Tabletop planning is ideal for complex processes as well as processes that span multiple tasks, people, and/or systems.
    • For processes with a narrow focus (e.g. recovery steps for a specific server), assign these to the SME to document. Then ensure the SOP is reviewed to draw out the unwritten steps as described above.
    • For example, if you use tabletop planning to document a high-level DR plan, sub-processes might include recovery procedures for individual systems; those SOPs can then be assigned to individual SMEs.

    Schedule SOP working sessions until critical processes are documented

    Ultimately, it’s more efficient to create and update SOPs as needed but dedicated working sessions will help address immediate critical needs.

    Organize the working session:
    1. Book a full-day meeting in an out of the way meeting room, invite key staff (system and process owners who ultimately need to be SOP owners), and order in lunch so no one has to leave.
    2. Prioritize SOPs (see Phase 1) and set goals (e.g. complete the top 6 SOPs during this session).
    3. Alternate between collaborative efforts and documenting the SOPs. For example:
      1. Tabletop or flowchart the current SOP. Take a picture of the current state for reference purposes.
      2. Look for process improvements. If you have the authority in the room to enable process changes, then modify the tabletop/flowchart accordingly and capture this desired future state (e.g. take a picture). Otherwise, identify action items to follow up on proposed changes.
      3. Identify all related documentation deliverables (e.g. sub-processes, checklists, approval forms, etc.).
      4. Create the identified documentation deliverables (divide the work among the team). Then repeat the above.
    4. Repeat these working sessions on a monthly or quarterly basis, depending on your requirements, until critical SOPs are completed.
    5. When the SOP backlog is cleared, conduct quarterly or semi-annual refreshers for ongoing review and optimization of key processes.

    Assign action items to capture next steps after SOP working sessions

    2.3

    1. Review the SOPs documented during this workshop. Identify action items to complete and validate those SOPs and related documents. For example, do the SOPs require further approval or testing?
    2. Similarly, review the document management checklist and identify action items to complete, expand, and/or validate proposed standards.
    3. For SOP working sessions, decide on a date, time, and who should be there based on the guidelines in this section. If the SOP party approach does not meet your requirements, then at the very least assign owners for the identified critical SOPs and set deadlines for completing those SOPs. Document these extra action items in your copy of the Standard Operating Procedures Workbook.
    SOP or Task Action Items Action Item Owner
    Ticket escalation SOP
    • Debrief the rest of the Service Desk team on the new process.
    • Modify the SOP further based on feedback, if warranted.
    • Implement the new SOP. This includes communicating visible changes to business users and other IT staff.
    Jeff Sutter
    SOP party
    • Contact prospective attendees to communicate the purpose of the SOP party.
    • Schedule the SOP party.
    Bob Smith

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with out Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    Identify current content management practices

    As a group, identify current pain points and opportunities for improvement in your current content management practices.

    2.2

    Assign action items to address documentation process challenges

    Develop a list of action items to address gaps in the SOP documentation and maintenance process.

    Phase 3

    Identify a Content Management Solution

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Decide on a content management solution for your SOPs

    Proposed Time to Completion (in weeks): 1 week

    Step 3.1: Understand the options for CM solutions

    Start with an analyst kick off call:

    • Review your current approach to content management and discuss possible alternatives.

    Then complete these activities…

    • Evaluate the pros and cons of different approaches to content management.
    • Discuss approaches for fit with your team.

    Step 3.2: Identify the right solution for you

    Review findings with analyst:

    • Identify 2–3 possible options for a content management strategy.

    Then complete these activities…

    • Identify the best solution based on portability, maintainability, cost, and implementation effort.

    With these tools & templates:

    • Publishing and Document Management Solution Evaluation Tool
    • SOP Project Roadmap
    • SOP Workbook

    Phase 3 Results & Insights:

    Choose an approach to content management that will best support your organization’s SOP documentation and maintenance process.

    Decide on an appropriate publishing and document management strategy for your organization

    Publishing and document management considerations:

    • Portability/External Access: At the best of times, portability is nice because it enables flexibility, but at the worst of times (such as in a disaster recovery situation) it is absolutely essential. If your primary site is down, can you still access your documentation? As shown in this chart, traditional storage strategies still dominate DRP documentation, but these aren’t necessarily the best options.
    • Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents? Is there version control? The easier the system is to use, the easier it is to get employees to use it.
    • Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution like SharePoint or a Content Management System. For smaller organizations, the cost of these tools might be harder to justify.

    Consider these approaches:

    This section reviews the following approaches, their pros and cons, and how they meet publishing and document management requirements:

    • SOP tools.
    • Cloud-based content management software.
    • In-house solutions combining SharePoint and MS Office (or equivalent).
    • Wiki site.
    • “Manual” approaches such as storing documents on a USB drive.
    Chart depicting the portable strategy popularity, followed by a key defining the colours on the graph

    Source: Info-Tech Research Group; N=118

    Note: Percentages total more than 100% due to respondents using more than one portability strategy.

    Develop a content management strategy and process to reduce organizational risk

    CASE STUDY

    Segment

    Mid-market company

    Source

    Info-Tech Interview

    Situation

    • A mid-sized company hired a technical consultancy to manage its network.
    • As part of this move, the company’s network administrator was fired.
    • Over time, this administrator had become a “go-to” person for several other IT functions.

    Complication

    • The consulting team realizes that the network administrator kept critical documentation on his local hard drive.
    • This includes configs, IP addresses, passwords, logins to vendor accounts, and more.
    • It becomes clear the administrator was able to delete some of this information before leaving, which the consultants are required to retrieve and re-document.

    Result

    • Failing to implement effective SOPs for document management and terminating key IT staff exposed the organization to unnecessary risk and additional costs.
    • Allowing a local content management system to develop created a serious security risk.
    • The bottom line: create a secure, centralized, and backed-up location and establish SOPs around using it to help keep the company’s data safe.

    Info-Tech offers a web-based policy management solution with process management capabilities

    Role How myPolicies helps you
    Policy Sponsors
    • CEO
    • Board of Directors

    Reduced Corporate Risk

    Avoid being issued a regulatory fine or sanction that could jeopardize operations or hurt brand image.

    Policy Reviewers
    • Internal Audit
    • Compliance
    • Risk
    • Legal

    A Culture of Compliance

    Adherence with regulatory requirements as well as documented audit trail of all critical policy activities.

    Policy Owners
    • HR
    • IT
    • Finance
    • Operations

    Less Administrative Burden

    Automation and simplification of policy creation, distribution, and tracking.

    Policy Users
    • Employees
    • Vendors
    • Contractors

    Policy Clarity

    Well-written policies are stored in one reliable, easy to navigate location.

    About this Approach:

    myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms, built around best practices identified by our research.

    Contact your Account Manager today to find out if myPolicies is right for you.

    SOP software and DR planning tools can help, but they aren’t a silver bullet

    Portability/External Access:
    • Pros: Typically have a SaaS option, providing built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Dependent on the vendor to ensure external access, but this is typically not an issue.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency as well as guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support, etc.), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    • Cons: Often modules of larger software suites. If you use the entire suite, it may make sense to use the SOP tool, but otherwise probably not.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: SOP tools can be costly. Expect to pay at least $3,000-7,000 for software licensing, plus additional per user and hosting fees.
    About this Approach:

    SOP tools such as Princeton Center’s SOP ExpressTM and SOP Tracks or MasterControl’s SOP Management and eSOP allow organizations to create, manage, and access SOPs. These programs typically offer a range of SOP templates and formats, electronic signatures, version control, and review options and training features such as quizzes and monitoring.

    Similarly, DR planning solutions (e.g. eBRP, Recovery Planner, LDRPS, etc.) provide templates, tools, and document management to create DR documentation including SOPs.

    Consider leveraging SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in the event of a worst-case scenario disaster recovery situation in which the primary data center is down.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support, etc.) as well as centralized access to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automated updates (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    For more information on SharePoint as a content management solution, see Info-Tech’s Use SharePoint for Enterprise Content Management.

    About this Approach:

    Most SOP documents start as MS Office documents, even if there is an SOP tool available (some SOP tools actually run within MS Office on the desktop). For organizations that decide to bypass a formal SOP tool, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for SOP documentation.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instance at multiple in-house locations or using a cloud-based SharePoint solution.

    As an alternative to SharePoint, SaaS tools such as Power DMS, NetDocuments, Xythos on Demand, Knowledge Tree, Spring CM, and Zoho Docs offer cloud-based document management, authoring, and distribution services that can work well for SOPs. Some of these, such as Power DMS and Spring CM, are geared specifically toward workflows.

    A wiki may be all you need

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: May lack more sophisticated content management features.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support, etc.) as well as centralized access to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.
    About this Approach:

    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    An approach that I’ve seen work well is to consult the wiki for any task, activity, job, etc. Is it documented? If not, then document it there and then. Sure, this led to 6-8 weeks of huge effort, but the documentation grew in terms of volume and quality at an alarming but pleasantly surprising rate. Providing an environment to create the documentation is important and a wiki is ideal. Fast, lightweight, in-browser editing leads to little resistance in creating documents.

    - Lee Blackwell, Global IT Operation Services Manager, Avid Technology

    Managing SOPs on a shared network drive involves major challenges and limitations

    Portability/External Access:
    • Cons: Must be hosted at redundant sites in order to be effective in a worst-case scenario that takes down your data center.
    Maintainability/Usability:
    • Pros: Easy to implement and no learning curve.
    • Pros: Access can be easily managed.
    • Cons: Version control, standardization, and document management can be significant challenges.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: Managing documents on a shared network drive requires strict attention to process for version control, updates, approvals, and distribution.
    About this Approach:

    With this strategy, SOP documents are stored and managed locally on a shared network drive. Only process owners and administrators have read-write permissions on documents on the shared drive.

    The administrator grants access and manages security permissions.

    Info-Tech Insight

    For small organizations, the shared network drive approach can work, but this is ultimately a short-term solution. Move to an online library by creating a wiki site. Start slow by beginning with a particular department or project, then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to the Info-Tech collaboration strategy research cited on the previous slide for additional guidance.

    Avoid extensive use of paper copies of SOP documentation

    SOP documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Not adequate for disaster recovery situations; would require all staff to have a copy and to have it with them at all times.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest most accurate documentation.
    • Cons: Navigation to other information is manual – flipping through pages etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations and this adds to it.
    • Cons: Labor-intensive due to need to print and physically distribute documentation updates.
    About this Approach

    Traditionally, SOPs were printed and kept somewhere in a large binder (or several large binders). This isn’t adequate to the needs of most organizations and typically results in documents that aren’t up to date or effective.

    Use Info-Tech’s solution evaluation tool to decide on a publishing and document management strategy

    All organizations have existing document management methodologies, even if it’s simply storing documents on a network drive.

    Use Info-Tech’s solution evaluation tool to decide whether your existing solution meets the portability/external access, maintainability/usability, and cost/effort criteria, or whether you need to explore a different option.

    Note: This tool was originally built to evaluate DRP publishing options, so the tool name and terminology refers to DR. However, the same tool can be used to evaluate general SOP publishing and document management solutions.

    The image is a screenshot of Info-Tech's evaluation tool
    Consider using Info-Tech’s DRP Publishing and Document Management Solution Evaluation Tool.

    Info-Tech Insight

    There is no absolute ranking for possible solutions. The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on. For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to ensure consistent application of corporate guidelines.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    Decide on a publishing and document management strategy

    Review the pros and cons of different strategies for publishing and document management. Identify needs, priorities, and limitations of your environment. Create a shortlist of options that can meet your organization’s needs and priorities.

    3.2

    Complete the solution evaluation tool

    Evaluate solutions on the shortlist to identify the strongest option for your organization, based on the criteria of maintainability, affordability, effort to implement, and accessibility/portability.

    Insight breakdown

    Create visual documents, not dense SOP manuals.

    • Visual documents that can be scanned are more usable and easier to update.
    • Flowcharts, checklists, and diagrams all have their place in visual documentation.

    Start with high-impact SOPs.

    • It can be difficult to decide where to start when faced with a major documentation backlog.
    • Focus first on client facing and high-impact SOPs, i.e. mission-critical operations, service management, and disaster recovery procedures.

    Integrate SOP creation into project requirements and hold staff accountable.

    • Holding staff accountable does not provide all the benefits of a well documented and maintained SOP, but it minimizes procrastination, so the work is ultimately done in a more timely manner.

    Summary of accomplishment

    Knowledge Gained

    SOPs may not be exciting, but they’re very important to organizational consistency, efficiency, and improvement.

    This blueprint outlined how to:

    • Prioritize and execute SOP documentation work.
    • Establish a sustainable process for creating and maintaining SOP documentation.
    • Choose a content management solution for best fit.

    Processes Optimized

    • Multiple processes supporting mission-critical operations, service management, and disaster recovery were documented. Gaps in those processes were uncovered and addressed.
    • In addition, your process for maintaining process documents was improved, including adding documentation requirements and steps requiring documentation approval.

    Deliverables Completed

    As part of completing this project, the following deliverables were completed:

    • Standard Operating Procedures Workbook
    • Standard Operating Procedures Project Roadmap Tool
    • Document Management Checklist
    • Publishing and Document Management Solution Evaluation Tool

    Project step summary

    Client Project: Create and maintain visual SOP documentation.

    1. Prioritize undocumented SOPs.
    2. Develop visual SOP documentation.
    3. Optimize and document critical processes.
    4. Establish guidelines for identifying and organizing SOPs.
    5. Define a process for documenting and maintaining SOPs.
    6. Plan time with experts to put a dent in your documentation backlog.
    7. Understand the options for content management solutions.
    8. Identify the right content management solution for your organization.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Bibliography

    Anderson, Chris. “What is a Standard Operating Procedure (SOP)?” Bizmanualz, Inc. No date. Web. 25 Jan. 2016. https://www.bizmanualz.com/save-time-writing-procedures/what-are-policies-and-procedures-sop.html

    Grusenmeyer, David. “Developing Effective Standard Operating Procedures.” Dairy Business Management. 1 Feb. 2003. Web. 25 Jan. 2016. https://ecommons.cornell.edu/handle/1813/36910

    Mosaic. “The Value of Standard Operating Procedures.” 22 Oct. 2012. Web. 25 Jan. 2016. ttp://www.mosaicprojects.com.au/WhitePapers/WP1086_Standard_Operating_Procedures.pdf

    Sinn, John W. “Lean, Six Sigma, Quality Transformation Toolkit (LSSQTT) Tool #17 Courseware Content – Standard Operating Procedures (SOP) For Lean and Six Sigma: Infrastructure for Understanding Process.” Summer 2006. Web. 25 Jan. 2016. https://www.bgsu.edu/content/dam/BGSU/college-of-technology/documents/LSSQTT/LSSQTT%20Toolkit/toolkit3/LSSQTT-Tool-17.pdf

    United States Environmental Protection Agency. “Guidance for Preparing Standard Operating Procedures (SOPs).” April 2007. Web. 25 Jan. 2016. http://www.epa.gov/sites/production/files/2015-06/documents/g6-final.pdf

    Drive Technology Adoption

    • Buy Link or Shortcode: {j2store}111|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    The project isn’t over if the new product or system isn’t being used. How do you ensure that what you’ve put in place isn’t going to be ignored or only partially adopted? People are more complicated than any new system and managing them through the change needs careful planning.

    Our Advice

    Critical Insight

    Cultivating a herd mentality, where people adopt new technology merely because everyone else is, is an important goal in getting the bulk of users using the new product or system. The herd needs to gather momentum though and this can be done by using the more tech-able and enthused to lead the rest on the journey. Identifying and engaging these key resources early in the process will greatly assist in starting the flow.

    Impact and Result

    While communication is key throughout, involving staff in proof-of-concept activities and contests and using the train-the-trainer techniques and technology champions will all start the momentum toward technology adoption. Group activities will address the bulk of users, but laggards may need special attention.

    Drive Technology Adoption Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Technology Adoption – A brief deck describing how to encourage users to adopt newly implemented technology.

    This document will help you to ensure that newly implemented systems and technologies are correctly adopted by the intended recipients.

    • Drive Technology Adoption Storyboard
    [infographic]

    Further reading

    Drive Technology Adoption

    The project is over. The new technology is implemented. Now how do we make sure it's used?

    Executive Summary

    Your Challenge

    Technology endlessly changes and evolves. Similarly, business directions and requirements change, and these changes need to be supported by technology. Improved functionality and evolvement of systems, along with systems becoming redundant or unsupported, means that maintaining a static environment is virtually impossible.

    Enormous amounts of IT budget are allocated to these changes each year. But once the project is over, how do you manage that change and ensure the systems are being used? Planning your technology adoption is vital.

    Common Obstacles

    The obstacles to technology adoption can be many and various, covering a broad spectrum of areas including:

    • Reluctance of staff to let go of familiar processes and procedures.
    • Perception that any change will add complications but not add value, thereby hampering enthusiasm to adopt.
    • Lack of awareness of the change.
    • General fear of change.
    • Lack of personal confidence.

    Info-Tech’s Approach

    Start by identifying, understanding, categorizing, and defining barriers and put in place a system to:

    • Gain an early understanding of the different types of users and their attitudes to technology and change.
    • Review different adoption techniques and analyze which are most appropriate for your user types.
    • Use a “Follow the Leader” approach, by having technical enthusiasts and champions to show the way.
    • Prevent access to old systems and methods.

    Info-Tech Insight

    For every IT initiative that will be directly used by users, consider the question, “Will the final product be readily accepted by those who are going to use it?” There is no point in implementing a product that no one is prepared to use. Gaining user acceptance is much more than just ticking a box in a project plan once UAT is complete.

    The way change should happen is clear

    Prosci specializes in change. Its ADKAR model outlines what’s required to bring individuals along on the change journey.

    AWARENESS

    • Awareness means more than just knowing there’s a change occurring,
    • it means understanding the need for change.

    DESIRE

    • To achieve desire, there needs to be motivation, whether it be from an
    • organizational perspective or personal.

    KNOWLEDGE

    • Both knowledge on how to train during the transition and knowledge
    • on being effective after the change are required. This can only be done
    • once awareness and desire are achieved.

    ABILITY

    • Ability is not knowledge. Knowing how to do something doesn’t necessarily translate to having the skills to do it.

    REINFORCEMENT

    • Without reinforcement there can be a tendency to revert.

    When things go wrong

    New technology is not being used

    The project is seen as complete. Significant investments have been made, but the technology either isn’t being used or is only partially in use.

    Duplicate systems are now in place

    Even worse. The failure to adopt the new technology by some means that the older systems are still being used. There are now two systems that fail to interact; business processes are being affected and there is widespread confusion.

    Benefits not being realized

    Benefits promised to the business are not being realized. Projected revenue increases, savings, or efficiencies that were forecast are now starting to be seen as under threat.

    There is project blowout

    The project should be over, but the fact that the technology is not being used has created a perception that the implementation is not complete and the project needs to continue.

    Info-Tech Insight

    People are far more complicated than any technology being implemented.

    Consider carefully your approach.

    Why does it happen?

    POOR COMMUNICATION

    There isn’t always adequate communications about what’s changing in the workplace.

    FEAR

    Fear of change is natural and often not rational. Whether the fear is about job loss or not being able to adapt to change; it needs to be managed.

    TRAINING

    Training can be insufficient or ineffective and when this happens people are left feeling like they don’t have the skills to make the change.

    LACK OF EXECUTIVE SUPPORT

    A lack of executive support for change means the change is seen as less important.

    CONFLICTING VIEWS OF CHANGE

    The excitement the project team and business feels about the change is not necessarily shared throughout the business. Some may just see the change as more work, changing something that already works, or a reason to reduce staff levels.

    LACK OF CONFIDENCE

    Whether it’s a lack of confidence generally with technology or concern about a new or changing tool, a lack of confidence is a huge barrier.

    BUDGETARY CONSTRAINTS

    There is a cost with managing people during a change, and budget must be allocated to allow for it.

    Communications

    Info-Tech Insight

    Since Sigmund Freud there has been endless work to understand people’s minds.
    Don’t underestimate the effect that people’s reactions to change can have on your project.

    This is a Kubler-ross change curve graph, plotting the following Strategies: Create Alignment; Maximize Communication; Spark Motivation; Develop Capability; Share Knowledge

    Communication plans are designed to properly manage change. Managing change can be easier when we have the right tools and information to adapt to new circumstances. The Kubler-Ross change curve illustrates the expected steps on the path to acceptance of change. With the proper communications strategy, each can be managed appropriately

    Analyst perspective

    Paul Binns – Principal Research Advisor, Info-Tech

    The rapidly changing technology landscape in our world has always meant that an enthusiasm or willingness to embrace change has been advantageous. Many of us have seen how the older generation has struggled with that change and been left behind.

    In the work environment, the events of the past two years have increased pressure on those slow to adopt as in many cases they couldn't perform their tasks without new tools. Previously, for example, those who may have been reluctant to use digital tools and would instead opt for face-to-face meetings, suddenly found themselves without an option as physical meetings were no longer possible. Similarly, digital collaboration tools that had been present in the market for some time were suddenly more heavily used so everyone could continue to work together in the “online world.”

    At this stage no one is sure what the "new normal" will be in the post-pandemic world, but what has been clearly revealed is that people are prepared to change given the right motivation.

    “Technology adoption is about the psychology of change.”
    Bryan Tutor – Executive Counsellor, Info-Tech

    The Fix

    • Categorize Users
      • Gain a clear understanding of your user types.
    • Identify Adoption Techniques
      • Understand the range of different tools and techniques available.
    • Match Techniques To Categories
      • Determine the most appropriate techniques for your user base.
    • Follow-the-Leader
      • Be aware of the different skills in your environment and use them to your advantage.
    • Refresh, Retrain, Restrain
      • Prevent reversion to old methods or systems.

    Categories

    Client-Driven Insight

    Consider your staff and industry when looking at the Everett Rogers curve. A technology organization may have less laggards than a traditional manufacturing one.

    In Everett Rogers’ book Diffusion of Innovations 5th Edition (Free Press, 2005), Rogers places adopters of innovations into five different categories.

    This is an image of an Innovation Adoption Curve from Everett Rogers' book Diffusion of Innovations 5th Edition

    Category 1: The Innovator – 2.5%

    Innovators are technology enthusiasts. Technology is a central interest of theirs, either at work, at home, or both. They tend to aggressively pursue new products and technologies and are likely to want to be involved in any new technology being implemented as soon as possible, even before the product is ready to be released.

    For people like this the completeness of the new technology or the performance can often be secondary because of their drive to get new technology as soon as possible. They are trailblazers and are not only happy to step out of their comfort zone but also actively seek to do so.

    Although they only make up about 2.5% of the total, their enthusiasm, and hopefully endorsement of new technology, offers reassurance to others.

    Info-Tech Insight

    Innovators can be very useful for testing before implementation but are generally more interested in the technology itself rather than the value the technology will add to the business.

    Category 2: The Early Adopter – 13.5%

    Whereas Innovators tend to be technologists, Early Adopters are visionaries that like to be on board with new technologies very early in the lifecycle. Because they are visionaries, they tend to be looking for more than just improvement – a revolutionary breakthrough. They are prepared to take high risks to try something new and although they are very demanding as far as product features and performance are concerned, they are less price-sensitive than other groups.

    Early Adopters are often motivated by personal success. They are willing to serve as references to other adopter groups. They are influential, seen as trendsetters, and are of utmost importance to win over.

    Info-Tech Insight

    Early adopters are key. Their enthusiasm for technology, personal drive, and influence make them a powerful tool in driving adoption.

    Category 3: The Early Majority – 34%

    This group is comprised of pragmatists. The first two adopter groups belong to early adoption, but for a product to be fully adopted the mainstream needs to be won over, starting with the Early Majority.

    The Early Majority share some of the Early Adopters’ ability to relate to technology. However, they are driven by a strong sense of practicality. They know that new products aren’t always successful. Consequently, they are content to wait and see how others fare with the technology before investing in it themselves. They want to see well-established references before adopting the technology and to be shown there is no risk.

    Because there are so many people in this segment (roughly 34%), winning these people over is essential for the technology to be adopted.

    Category 4: The Late Majority – 34%

    The Late Majority are the conservatives. This group is generally about the same size as the Early Majority. They share all the concerns of the Early Majority; however, they are more resistant to change and are more content with the status quo than eager to progress to new technology. People in the Early Majority group are comfortable with their ability to handle new technology. People in the Late Majority are not.

    As a result, these conservatives prefer to wait until something has become an established standard and take part only at the end of the adoption period. Even then, they want to see lots of support and ensure that there is proof there is no risk in them adopting it.

    Category 5: The Laggard – 16%

    This group is made up of the skeptics and constitutes 16% of the total. These people want nothing to do with new technology and are generally only content with technological change when it is invisible to them. These skeptics have a strong belief that disruptive new technologies rarely deliver the value promised and are almost always worried about unintended consequences.

    Laggards need to be dealt with carefully as their criticism can be damaging and without them it is difficult for a product to become fully adopted. Unfortunately, the effort required for this to happen is often disproportional to the size of the group.

    Info-Tech Insight

    People aren’t born laggards. Technology projects that have failed in the past can alter people’s attitudes, especially if there was a negative impact on their working lives. Use empathy when dealing with people and respect their hesitancy.

    Adoption Techniques

    Different strokes for different folks

    Technology adoption is all about people; and therefore, the techniques required to drive that adoption need to be people oriented.

    The following techniques are carefully selected with the intention of being impactful on all the different categories described previously.

    Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

    There are multitudes of different methods to get people to adopt new technology, but which is the most appropriate for your situation? Generally, it’s a combination.

    Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

    Train the Trainer

    Use your staff to get your message across.

    Abstract

    This technique involves training key members of staff so they can train others. It is important that those selected are strong communicators, are well respected by others, and have some expertise in technology.

    Advantages

    • Cost effective
    • Efficient dissemination of information
    • Trusted internal staff

    Disadvantages

    • Chance of inconsistent delivery
    • May feel threatened by co-worker

    Best to worst candidates

    • Early Adopter: Influential trendsetters. Others receptive of their lead.
    • Innovator: Comfortable and enthusiastic about new technology, but not necessarily a trainer.
    • Early Majority: Tendency to take others’ lead.
    • Late Majority: Risk averse and tend to follow others, only after success is proven.
    • Laggard: Last to adopt usually. Unsuitable as Trainer.

    Marketing

    Marketing should be continuous throughout the change to encourage familiarity.

    Abstract

    Communication is key as people are comfortable with what is familiar to them. Marketing is an important tool for convincing adopters that the new product is mainstream, widely adopted and successful.

    Advantages

    • Wide communication
    • Makes technology appear commonplace
    • Promotes effectiveness of new technology

    Disadvantages

    • Reliant on staff interest
    • Can be expensive

    Best to worst candidates

    • Early Majority: Pragmatic about change. Marketing is effective encouragement.
    • Early Adopter: Receptive and interested in change. Marketing is supplemental.
    • Innovator: Actively seeks new technology. Does not need extensive encouragement.
    • Late Majority: Requires more personal approach.
    • Laggard: Resistant to most enticements.

    One-on-One

    Tailored for individuals.

    Abstract

    One-on-one training sometimes is the only way to train if you have staff with special needs or who are performing unique tasks.
    It is generally highly effective but inefficient as it only addresses individuals.

    Advantages

    • Tailored to specific need(s)
    • Only relevant information addressed
    • Low stress environment

    Disadvantages

    • Expensive
    • Possibility of inconsistent delivery
    • Personal conflict may render it ineffective

    Best to worst candidates

    • Laggard: Encouragement and cajoling can be used during training.
    • Late Majority: Proof can be given of effectiveness of new product.
    • Early Majority: Effective, but not cost efficient.
    • Early Adopter: Effective, but not cost-efficient.
    • Innovator: Effective, but not cost-efficient.

    Group Training

    Similar roles, attitudes, and abilities.

    Abstract

    Group training is one of the most common methods to start people on their journey toward new technology. Its effectiveness with the two largest groups, Early Majority and Late Majority, make it a primary tool in technology adoption.

    Advantages

    • Cost effective
    • Time effective
    • Good for team building

    Disadvantages

    • Single method may not work for all
    • Difficult to create single learning pace for all

    Best to worst candidates

    • Early Majority: Receptive. The formality of group training will give confidence.
    • Late Majority: Conservative attitude will be receptive to traditional training.
    • Early Adopter: Receptive and attentive. Excited about the change.
    • Innovator: Will tend to want to be ahead or want to move ahead of group.
    • Laggard: Laggards in group training may have a negative impact.

    Force

    The last resort.

    Abstract

    The transition can’t go on forever.

    At some point the new technology needs to be fully adopted and if necessary, force may have to be used.

    Advantages

    • Immediate full transition
    • Fixed delivery timeline

    Disadvantages

    • Alienation of some staff
    • Loss of faith in product if there are issues

    Best to worst candidates

    • Laggard: No choice but to adopt. Forces the issue.
    • Late Majority: Removes issue of reluctance to change.
    • Early Majority: Content, but worried about possible problems.
    • Early Adopter: Feel less personal involvement in change process.
    • Innovator: Feel less personal involvement in change process.

    Contests

    Abstract

    Contests can generate excitement and create an explorative approach to new technology. People should not feel pressured. It should be enjoyable and not compulsory.

    Advantages

    • Rapid improvement of skills
    • Bring excitement to the new technology
    • Good for team building

    Disadvantages

    • Those less competitive or with lower skills may feel alienated
    • May discourage collaboration

    Best to worst candidates

    • Early Adopter: Seeks personal success. Risk taker. Effective.
    • Innovator: Enthusiastic to explore limits of technology.
    • Early Majority: Less enthusiastic. Pragmatic. Less competitive.
    • Late Majority: Conservative. Not enthusiastic about new technology.
    • Laggard: Reluctant to get involved.

    Incentives

    Incentives don’t have to be large.

    Abstract

    For some staff, merely taking management’s lead is not enough. Using “Nudge” techniques to give that extra incentive is quite effective. Incentivizing staff either financially or through rewards, recognition, or promotion is a successful adoption technique for some.

    Advantages

    Encouragement to adopt from receiving tangible benefit

    Draws more attention to the new technology

    Disadvantages

    Additional expense to business or project

    Possible poor precedent for subsequent changes

    Best to worst candidates

    Early Adopter: Desire for personal success makes incentives enticing.

    Early Majority: Prepared to change, but extra incentive will assist.

    Late Majority: Conservative attitude means incentive may need to be larger.

    Innovator: Enthusiasm for new technology means incentive not necessary.

    Laggard: Sceptical about change. Only a large incentive likely to make a difference.

    Champions

    Strong internal advocates for your new technology are very powerful.

    Abstract

    Champions take on new technology and then use their influence to promote it in the organization. Using managers as champions to actively and vigorously promote the change is particularly effective.

    Advantages

    • Infectious enthusiasm encourages those who tend to be reluctant
    • Use of trusted internal staff

    Disadvantages

    • Removes internal staff from regular duties
    • Ineffective if champion not respected

    Best to worst candidates

    • Early Majority: Champions as references of success provide encouragement.
    • Late Majority: Management champions in particular are effective.
    • Laggard: Close contact with champions may be effective.
    • Early Adopter: Receptive of technology, less effective.
    • Innovator: No encouragement or promotion required.

    Herd Mentality

    Follow the crowd.

    Abstract

    Herd behavior is when people discount their own information and follow others. Ideally all adopters would understand the reason and advantages in adopting new technology, but practically, the result is most important.

    Advantages

    • New technology is adopted without question
    • Increase in velocity of adoption

    Disadvantages

    • Staff may not have clear understanding of the reason for change and resent it later
    • Some may adopt the change before they are ready to do so

    Best to worst candidates

    • Early Majority: Follow others’ success.
    • Late Majority: Likely follow an established proven standard.
    • Early Adopter: Less effective as they prefer to set trends rather than follow.
    • Innovator: Seeks new technology rather than following others.
    • Laggard: Suspicious and reluctant to change.

    Proof of Concepts

    Gain early input and encourage buy-in.

    Abstract

    Proof of concept projects give early indications of the viability of a new initiative. Involving the end users in these projects can be beneficial in gaining their support

    Advantages

    Involve adopters early on

    Valuable feedback and indications of future issues

    Disadvantages

    If POC isn’t fully successful, it may leave lingering negativity

    Usually, involvement from small selection of staff

    Best to worst candidates

    • Innovator: Strong interest in getting involved in new products.
    • Early Adopter: Comfortable with new technology and are influencers.
    • Early Majority: Less interest. Prefer others to try first.
    • Late Majority: Conservative attitude makes this an unlikely option.
    • Laggard: Highly unlikely to get involved.

    Match techniques to categories

    What works for who?

    This clustered column chart categorizes techniques by category

    Follow the leader

    Engage your technology enthusiasts early to help refine your product, train other staff, and act as champions. A combination of marketing and group training will develop a herd mentality. Finally, don’t neglect the laggards as they can prevent project completion.

    This is an inverted funnel chart with the output of: Change Destination.  The inputs are: 16% Laggards; 34% Late Majority; 34% Early Majority; 13.3% Early Adopters; 2% Innovators

    Info-Tech Insight

    Although there are different size categories, none can be ignored. Consider your budget when dealing with smaller groups, but also consider their impact.

    Refresh, retrain, restrain

    We don’t want people to revert.

    Don’t assume that because your staff have been trained and have access to the new technology that they will keep using it in the way they were trained. Or that they won’t revert back to their old methods or system.

    Put in place methods to remove completely or remove access to old systems. Schedule refresh training or skill enhancement sessions and stay vigilant.

    Research Authors

    Paul Binns

    Paul Binns

    Principal Research Advisor, Info-Tech Research Group

    With over 30 years in the IT industry, Paul brings to his work his experience as a Strategic Planner, Consultant, Enterprise Architect, IT Business Owner, Technologist, and Manager. Paul has worked with both small and large companies, local and international, and has had senior roles in government and the finance industry.

    Scott Young

    Scott Young

    Principal Research Advisor, Info-Tech Research Group

    Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

    Related Info-Tech Research

    User Group Analysis Workbook

    Use Info-Tech’s workbook to gather information about user groups, business processes, and day-to-day tasks to gain familiarity with your adopters.

    Governance and Management of Enterprise Software Implementation

    Use our research to engage users and receive timely feedback through demonstrations. Our iterative methodology with a task list focused on the business’ must-have functionality allows staff to return to their daily work sooner.

    Quality Management User Satisfaction Survey

    This IT satisfaction survey will assist you with early information to use for categorizing your users.

    Master Organizational Change Management Practices

    Using a soft, empathetic approach to change management is something that all PMOs should understand. Use our research to ensure you have an effective OCM plan that will ensure project success.

    Bibliography

    Beylis, Guillermo. “COVID-19 accelerates technology adoption and deepens inequality among workers in Latin America and the Caribbean.” World Bank Blogs, 4 March 2021. Web.

    Cleland, Kelley. “Successful User Adoption Strategies.” Insight Voices, 25 Apr. 2017. Web.

    Hiatt, Jeff. “The Prosci ADKAR ® Model.” PROSCI, 1994. Web.

    Malik, Priyanka. “The Kübler Ross Change Curve in the Workplace.” whatfix, 24 Feb. 2022. Web.

    Medhaugir, Tore. “6 Ways to Encourage Software Adoption.” XAIT, 9 March 2021. Web.

    Narayanan, Vishy. “What PwC Australia learned about fast tracking tech adoption during COVID-19” PWC, 13 Oct. 2020. Web.

    Sridharan, Mithun. “Crossing the Chasm: Technology Adoption Lifecycle.” Think Insights, 28 Jun 2022. Web.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    • Buy Link or Shortcode: {j2store}216|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $25,860 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Most IT organizations do not have standard RFP templates and tools.
    • Many RFPs lack sufficient requirements.
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time that is required to perform an effective RFP.

    Our Advice

    Critical Insight

    • Vendors generally do not like RFPs
      Vendors view RFPs as time consuming and costly to respond to and believe that the decision is already made.
    • Dont ignore the benefits of an RFI
      An RFI is too often overlooked as a tool for collecting information from vendors about their product offerings and services.
    • Leverage a pre-proposal conference to maintain an equal and level playing field
      Pre-proposal conference is a convenient and effective way to respond to vendors’ questions ensuring all vendors have the same information to provide a quality response.

    Impact and Result

    • A bad or incomplete RFP results in confusing and incomplete vendor RFP responses which consume time and resources.
    • Incomplete or misunderstood requirements add cost to your project due to the change orders required to complete the project.

    Drive Successful Sourcing Outcomes With a Robust RFP Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Storyboard – Leverage your vendor sourcing process to get better results

    Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.

    • Drive Successful Sourcing Outcomes With a Robust RFP Process Storyboard

    2. Define your RFP Requirements Tool – A convenient tool to gather your requirements and align them to your negotiation strategy.

    Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.

    • RFP Requirements Worksheet

    3. RFP Development Suite of Tools – Use Info-Tech’s RFP, pricing, and vendor response tools and templates to increase your efficiency in your RFP process.

    Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.

    • RFP Calendar and Key Date Tool
    • Vendor Pricing Tool
    • Lean RFP Template
    • Short-Form RFP Template
    • Long-Form RFP Template
    • Excel Form RFP Tool
    • RFP Evaluation Guidebook
    • RFP Evaluation Tool
    • Vendor TCO Tool
    • Consolidated Vendor RFP Response Evaluation Summary
    • Vendor Recommendation Presentation

    Infographic

    Workshop: Drive Successful Sourcing Outcomes With a Robust RFP Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation for Creating Requirements

    The Purpose

    Problem Identification

    Key Benefits Achieved

    Current process mapped and requirements template configured

    Activities

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Outputs

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    2 Creating a Sourcing Process

    The Purpose

    Define Success Target

    Key Benefits Achieved

    Baseline RFP and evaluation templates

    Activities

    2.1 Create and issue RFP

    2.2 Evaluate responses/proposals and negotiate the agreement

    2.3 Purchase goods and services

    Outputs

    RFP Calendar Tool

    RFP Evaluation Guidebook

    RFP Respondent Evaluation Tool

    3 Configure Templates

    The Purpose

    Configure Templates

    Key Benefits Achieved

    Configured Templates

    Activities

    3.1 Assess and measure

    3.2 Review templates

    Outputs

    Long-Form RFP Template

    Short-Form RFP Template

    Excel-Based RFP Template

    Further reading

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    EXECUTIVE BRIEF

    Drive Successful Sourcing Outcomes with a Robust RFP Process

    Lack of RFP Process Causes...
    • Stress
    • Confusion
    • Frustration
    • Directionless
    • Exhaustion
    • Uncertainty
    • Disappointment
    Solution: RFP Process
    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.
    • Best value solutions
    • Right-sized solutions
    • Competitive Negotiations
    • Better requirements that feed negotiations
    • Internal alignment on requirements and solutions
    • Vendor Management Governance Plan
    Requirements
    • Risk
    • Legal
    • Support
    • Security
    • Technical
    • Commercial
    • Operational
    • Vendor Management Governance
    Templates, Tools, Governance
    • RFP Template
    • Your Contracts
    • RFP Procedures
    • Pricing Template
    • Evaluation Guide
    • Evaluation Matrix
    Vendor Management
    • Scorecards
    • Classification
    • Business Review Meetings
    • Key Performance Indicators
    • Contract Management
    • Satisfaction Survey

    Analyst Perspective

    Consequences of a bad RFP

    Photo of Steven Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group

    “A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”

    Steven Jeffery
    Principal Research Director, Vendor Management
    Co-Author: The Art of Creating a Quality RFP
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Most IT organizations are absent of standard RFP templates, tools, and processes.
    • Many RFPs lack sufficient requirements from across the business (Legal, Finance, Security, Risk, Procurement, VMO).
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time required to perform an effective RFP.
    • An ad hoc sourcing process is a common recipe for vendor performance failure.

    Common Obstacles

    • Lack of time
    • Lack of resources
    • Right team members not engaged
    • Poorly defined requirements
    • Too difficult to change supplier
    • Lack of a process
    • Lack of adequate tools/processes
    • Lack of a vendor communications plan that includes all business stakeholders.
    • Lack of consensus as to what the ideal result should look like.

    Info-Tech’s Approach

    • Establish a repeatable, consistent RFP process that maintains negotiation leverage and includes all key components.
    • Create reusable templates to expedite the RFP evaluation and selection process.
    • Maximize the competition by creating an equal and level playing field that encourages all the vendors to respond to your RFP.
    • Create a process that is clear and understandable for both the business unit and the vendor to follow.
    • Include Vendor Management concepts in the process.

    Info-Tech Insight

    A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.

    Executive Summary

    Your Challenge

    Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.

    Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.

    An additional challenge is to answer the question “What is the purpose of our RFX?”

    If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.

    If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.

    If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.

    This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.

    Executive Summary

    Common Obstacles

    • Lack of process/tools
    • Lack of input from stakeholders
    • Stakeholders circumventing the process to vendors
    • Vendors circumventing the process to key stakeholders
    • Lack of clear, concise, and thoroughly articulated requirements
    • Waiting until the vendor is selected to start contract negotiations
    • Waiting until the RFP responses are back to consider vendor management requirements
    • Lack of clear communication strategy to the vendor community that the team adheres to

    Many organizations underestimate the time commitment for an RFP

    70 Days is the average duration of an IT RFP.

    The average number of evaluators is 5-6

    4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.)

    “IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”)

    Why Vendors Don’t Like RFPs

    Vendors’ win rate

    44%

    Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022).
    High cost to respond

    3-5%

    Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available).
    Time spent writing response

    23.8 hours

    Vendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021).

    Negative effects on your organization from a lack of RFP process

    Visualization titled 'Lack of RFP Process Causes' with the following seven items listed.

    Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships.

    Confusion, because you don’t know what the expected or desired results are.

    Directionless, because you don’t know where the team is going.

    Uncertainty, with many questions of your own and many more from other team members.

    Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements.

    Exhaustion, because reviewing RFP responses of insufficient quality is tedious.

    Disappointment in the results your company realizes.

    (Source: The Art of Creating a Quality RFP)

    Info-Tech’s approach

    Develop an inclusive and thorough approach to the RFP Process

    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.

    The Info-Tech difference:

    1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – by developing a standard process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
    2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
    3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
    4. Based on the predetermined requirements, either an RFI or an RFP is issued to vendors with a predetermined due date.

    Insight Summary

    Overarching insight

    Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.

    Phase 1 insight

    Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.

    Phase 2 insight

    Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.

    Phase 3 insight

    Consider adding vendor management requirements to manage the ongoing relationship post contract.

    Tactical insight

    Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.

    Tactical insight

    Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.

    Key deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverables:

    Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.

    Sample of

    Long-Form RFP Template
    For when you have complete requirements and time to develop a thorough RFP.
    Sample of the Long-Form RFP Template deliverable. Short-Form RFP Template
    When the requirements are not as extensive, time is short, and you are familiar with the market.
    Sample of the Short-Form RFP Template deliverable.
    Lean RFP Template
    When you have limited time and some knowledge of the market and wish to include only a few vendors.
    Sample of the Lean RFP Template deliverable. Excel-Form RFP Template
    When there are many requirements, many options, multiple vendors, and a broad evaluation team.
    Sample of the Excel-Form RFP Template deliverable.

    Blueprint benefits

    IT Benefits
    • Side-by-side comparison of vendor capabilities
    • Pricing alternatives
    • No surprises
    • Competitive solutions to deliver the best results
    Mutual IT and Business Benefits
    • Reduced time to implement
    • Improved alignment between IT /Business
    • Improved vendor performance
    • Improved vendor relations
    Business Benefits
    • Budget alignment, reduced cost
    • Best value
    • Risk mitigation
    • Legal and risk protections

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is seven to twelve calls over the course of four to six months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5

    Phase 6

    Phase 7

    Call #1: Identify the need Call #3: Gain business authorization Call #5: Negotiate agreement strategy Call #7: Assess and measure performance
    Call #2: Define business requirements Call #4: Review and perform the RFX or RFP Call #6: Purchase goods and services

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3
    Activities
    Answer “What problem do we need to solve?”

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Define what success looks like?

    2.1 Create and issue RFP

    2.2 Evaluate responses/ proposals and negotiate the agreement.

    2.3 Purchase goods and services

    Configure Templates

    3.1 Assess and measure

    3.2 Review tools

    Deliverables
    1. Map your process with gap identification
    2. RFP Requirements Worksheet
    1. RFP Calendar and Key Date Tool
    2. RFP Evaluation Guidebook
    3. RFP Evaluation Tool
    1. Long-form RFP Template
    2. Short-form RFP Template
    3. Excel-based RFP Tool
    4. Lean RFP Template

    Phase 1

    Identify Need

    Steps

    1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI).

    Steps in an RFP Process with the first step, 'Identify Need', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • IT
    • Sourcing/Procurement
    • Finance

    Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.

    Outcomes of this phase

    Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.

    Identify Need
    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Identify the Need for Your RFP

    • An RFP is issued to the market when you are certain that you intend to purchase a product/service and have identified an adequate vendor base from which to choose as a result of:

      • IT Strategy
      • Changes in technology
      • Marketplace assessment
      • Contract expiration/renewal
      • Changes in regulatory requirements
      • Changes in the business’ requirements
    • An RFI is issued to the market when you are uncertain as to available technologies or supplier capabilities and need budgetary costs for planning purposes.
    • Be sure to choose the right RFx tool for your situation!
    Stock photo of a pen circling the word 'needs' on a printed document.

    Phase 2

    Define Your RFP Requirements

    Steps

    2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business.

    Steps in an RFP Process with the second step, 'Define Business Requirements', highlighted.

    This phase involves the following participants:

    • IT
    • Legal
    • Finance
    • Risk management
    • Sourcing/Procurement
    • Business stakeholders

    Outcomes of this phase

    A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”

    Define Business Requirements

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Define RFP Requirements

    Key things to consider when defining requirements

    • Must be inclusive of the needs of all stakeholders: business, technical, financial, and legal
    • Strive for clarity and completeness in each area of consideration.
    • Begin defining your “absolute,” “bargaining,” “concession,” and ‘”dropped/out of scope” requirements to streamline the evaluation process.
    • Keep the requirements identified as “absolute” to a minimum, because vendors that do not meet absolute requirements will be removed from consideration.
    • Do you have a standard contract that can be included or do you want to review the vendor’s contract?
    • Don’t forget Data Security!
    • Begin defining your vendor selection criteria.
    • What do you want the end result to look like?
    • How will you manage the selected vendor after the contract? Include key VM requirements.
    • Defining requirements can’t be rushed or you’ll find yourself answering many questions, which may create confusion.
    • Collect all your current spend and budget considerations regarding the needed product(s) and service(s).

    “Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)

    Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
    https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively

    2.1 Prioritize your requirements

    1 hr to several days

    Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal

    Output: Prioritized list of RFP requirements approved by the stakeholder team

    Materials: The RFP Requirements Worksheet

    Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal

    1. Use this tool to assist you and your team in documenting the requirements for your RFP. Leverage it to collect and categorize your requirements in preparation for negotiations. Use the results of this tool to populate the requirements section of your RFP.
    2. As a group, review each of the requirements and determine their priority as they will ultimately relate to the negotiations.
      • Prioritizing your requirements will set up your negotiation strategy and streamline the process.
      • By establishing the priority of each requirement upfront, you will save time and effort in the selection process.
    3. Review RFP requirements with stakeholders for approval.

    Download the RFP Requirements Worksheet

    Phase 3

    Gain Business Authorization

    Steps

    3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement

    Steps in an RFP Process with the third step, 'Gain Business Authorization', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • Technology and finance (depending upon the business)
    • Sourcing/Procurement

    Outcomes of this phase

    Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.

    Gain Business Authorization

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Gain Business Authorization

    Gain authorization for your RFP from all relevant stakeholders
    • Alignment of stakeholders
    • Agreement on final requirements
    • Financial authorization
    • Commitment of resources
    • Agreement on what constitutes vendor qualification
    • Finalization of selection criteria and their prioritization

    Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in.

    Stock photo of the word 'AUTHORIZED' stamped onto a white background with a much smaller stamp laying beside it.

    Phase 4

    Create and Issue

    Steps

    4.1 Build your RFP

    4.2 Decide RFI or not

    4.3 Create your RFP

    4.4 Receive & answer questions

    4.5 Perform Pre-Proposal Conference

    4.6 Evaluate responses

    Steps in an RFP Process with the fourth step, 'Perform RFI/RFP', highlighted.

    This phase involves the following participants:

    • The RFP owner
    • IT
    • Business SMEs/stakeholders

    Outcomes of this phase

    RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.

    SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.

    Create and Issue Your RFP/RFI

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Build your RFP with evaluation in mind

    Easing evaluation frustrations

    At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.

    Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.

    Things to Consider When Creating Your RFP:

    • Consistency is the foundation for ease of evaluation.
    • Provide templates, such as an Excel worksheet, for the vendor’s pricing submissions and for its responses to close-ended questions.
    • Give detailed instructions on how the vendor should organize their response.
    • Limit the number of open-ended questions requiring a long narrative response to must-have requirements.
    • Organize your requirements and objectives in a numerical outline and have the vendor respond in the same manner, such as the following:
      • 1
      • 1.1
      • 1.1.1

    Increase your response quality

    Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:

    Challenges
    • Vendor responses are submitted with different and confusing nomenclature
    • Inconsistent format in response
    • Disparate order of sections in the vendors responses
    • Different style of outlining their responses, e.g. 1.1 vs. I.(i)
    • Pricing proposal included throughout their response
    • Responses are comingled with marketing messages
    • Vendor answers to requirements or objectives are not consolidated in a uniform manner
    • Disparate descriptions for response subsections
    Prevention
    • Provide specific instructions as to how the vendor is to organize their response:
      • How to format and outline the response
      • No marketing material
      • No pricing in the body of the response
    • Provide templates for pricing, technical, operational, and legal aspects.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Perform Request for Information

    Don’t underestimate the importance of the RFI

    As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.

    RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.

    A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP

    Several days
    1. Create an RFI with all of the normal and customary components. Next, add a few additional RFP-like requirements (e.g. operational, technical, and legal requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all of the vendors. Finally, notify the vendors that you will not be doing an RFP.
    2. Review the vendors’ proposals and evaluate their proposals against your requirements along with their notional or budgetary pricing.
    3. Have the evaluators utilize the Lean RFP Template to record their scores accordingly.
    4. After collecting the scores from the evaluators, consolidate the scores together to discuss which vendors – we recommend two or three – you want to present demos.
    5. Based on the vendors’ demos, the team selects at least two vendors to negotiate contract and pricing terms with intent of selecting the best-value vendor.
    6. The Lean RFP shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    Download the Lean RFP Template

    Download the RFP Evaluation Tool

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP continued

    Input

    • List of technical, operational, business, and legal requirements
    • Budgetary pricing ask

    Output

    • A Lean RFP document that includes the primary components of an RFP
    • Lean RFP vendors response evaluation

    Materials

    • Lean RFP Template
    • RFP Evaluation Tool
    • Contracting requirements
    • Pricing

    Participants

    • IT
    • Business
    • Finance
    • Sourcing/Procurement

    Case Study

    A Lean RFP saves time
    INDUSTRY: Pharmaceutical
    SOURCE: Guided Implementation
    Challenge
    • The vendor manager (VM) was experiencing pressure to shorten the expected five-month duration to perform an RFP for software that planned, coordinated, and submitted regulatory documents to the US Food and Drug Administration.
    • The VM team was not completely familiar with the qualified vendors and their solutions.
    • The organization wanted to capitalize on this opportunity to enhance its current processes with the intent of improving efficiencies in documentation submissions.
    Solution
    • Leveraging the Lean RFP process, the team reduced the 200+ RFP questionnaire into a more manageable list of 34 significant questions to evaluate vendor responses.
    • The team issued the Lean RFP and requested the vendors’ responses in three weeks instead of the five weeks planned for the RFP process.
    • The team modified the scoring process to utilize a simple weighted-scoring methodology, using a scale of 1-5.
    Results
    • The Lean RFP scaled back the complexity of a large RFP.
    • The customer received three vendor responses ranging from 19 to 43 pages and 60-80% shorter than expected if the RFP had been used. This allowed the team to reduce the evaluation period by three weeks.
    • The duration of the RFx process was reduced by more than two months – from five months to just under three months.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    4.3.1 RFP Calendar

    1 hour

    Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP

    Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.

    Materials: RFP Calendar and Key Date Tool

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    1. As a group, identify the key activities to be accomplished and the amount of time estimated to complete each task:
      1. Identify who is ultimately accountable for the completion of each task
      2. Determine the length of time required to complete each task
    2. Use the RFP Calendar and Key Date Tool to build the calendar specific to your needs.
    3. Include vendor-related dates in the RFP, i.e., Pre-Proposal Conference, deadline for RFP questions as well as response.

    Download the RFP Calendar and Key Date Tool

    Draft your RFP

    Create and issue your RFP, which should contain at least the following:
    • The ability for the vendors to ask clarifying questions (in writing, sent to the predetermined RFP contact)
    • Pre-Proposal/Pre-Bid Conference schedule where vendors can receive the same answer to all clarifying written questions
    • A calendar of events (block the time on stakeholder calendars – see template).
    • Instructions to potential vendors on how they should construct and return their response to enable effective and timely evaluation of each offer.
    • Requirements; for example: Functional, Operational, Technical, and Legal.
    • Specification drawings as if applicable.
    • Consider adding vendor management requirements – how do you want to manage the relationship after the deal is done?
    • A pricing template for vendors to complete that facilitates comparison across multiple vendors.
    • Contract terms required by your legal team (or your standard contract for vendors to redline as part of their response and rated/ranked accordingly).
    • Create your RFP with the evaluation process and team in mind to ensure efficiency and timeliness in the process. Be clear, concise, and complete in the document.
    • Consistency and completeness is the foundation for ease of evaluation.
    • Give vendors detailed instruction on how to structure and organize their response.
    • Limit the number of open-ended questions requiring a long narrative response.
    • Be sure to leverage Info-Tech’s proven and field-tested Short-Form, Long-Form, and Lean RFP Templates provided in this blueprint.

    Create a template for the vendors’ response

    Dictating to the vendors the format of their response will increase your evaluation efficiency
    Narrative Response:

    Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include.

    Pricing Response:

    Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees.

    Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require.

    Stock image of a paper checklist in front of a laptop computer's screen.

    4.3.2 Vendor Pricing Tool

    1 hour

    Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)

    Output: Vendor Pricing Tool

    Materials: RFP Requirements Worksheet, Pricing template

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Using a good pricing template will prevent vendors from providing pricing offers that create a strategic advantage designed to prevent you from performing an apples-to-apples comparison.
    2. Provide specific instructions as to how the vendor is to organize their pricing response, which should be submitted separate from the RFP response.
    3. Configure and tailor pricing templates that are specific to the product and/or services.
    4. Upon receipt of all the vendor’s responses, simply cut and paste their total response to your base template for an easy side-by-side pricing comparison.
    5. Do not allow vendors to submit financial proposals outside of your template.

    Download the Vendor Pricing Tool

    Three RFP Templates

    Choose the right template for the right sourcing initiative

    • Short-Form
    • Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.

    • Long-Form
    • We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.

    • Excel-Form
    • Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.

    Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    4.3.3 Short-Form RFP Template

    1-2 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all participants agree to

    Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • This is a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves both your team and the vendors time. Of course, the short-form RFP contains less-specific instructions, guidelines, and rules for vendors’ proposal submissions.
    • We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that don’t require significant vendor risk assessment.

    Download the Short-Form RFP Template

    4.3.4 Long-Form RFP Template

    1-3 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • A long-form or major RFP is an excellent tool for more complex and complicated requirements. This template is for a baseline RFP.
    • It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, legal, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review and the vendors to respond.
    • You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Download the Long-Form RFP Template

    4.3.5 Excel-Form RFP Tool

    Several weeks

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • The Excel-Form RFP Tool is used as an alternative to the other RFP toolsets if you have multiple requirements and have multiple vendors to choose from.
    • Requirements are written as a “statement” and the vendor can select from five answers as to their ability to meet the requirements, with the ability to provide additional context and materials to augment their answers, as needed.
    • Requirements are listed separately in each tab, for example, Business, Legal, Technical, Security, Support, Professional Services, etc.

    Download the Excel-Form RFP Template

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Answer Vendor Questions

    Maintaining your equal and level playing field among vendors

    • Provide an adequate amount of time from the RFP issue date to the deadline for vendor questions. There may be multiple vendor staff/departments that need to read the RFP and then discuss their response approach and gather any clarifying questions, so we generally recommend three to five business days.
    • There should be one point of contact for all Q&A, which should be submitted in writing via email only. Be sure to plan for enough time to get the answers back from the RFP stakeholders.
    • After the deadline, collect all Q&A and begin the process of consolidating into one document.
    Large silver question mark.
    • Be sure to anonymize both vendor questions and your responses, so as not to reveal who asked or answered the question.
    • Send the document to all RFP respondents via your sourcing tool or BCC in an email to the point of contact, with read receipt requested. That way, you can track who has received and opened the correspondence.
    • Provide the answers a few days prior to the Pre-Proposal Conference to allow all respondents time to review the document and prepare any additional questions.
    • Begin the preparation for the Pre-Proposal Conference.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Conduct Pre-Proposal Conference

    Maintain an equal and level playing field

    • Consolidate all Q&A to be presented to all vendors during the Pre-Proposal Conference.
    • If the Pre-Proposal Conference is conducted via conference call, be sure to record the session and advise all participants at the beginning of the call.
    • Be sure to have key stakeholders present on the call to answer questions.
    • Read each question and answer, after which ask if there are any follow up questions. Be sure to capture them and then add them to the Q&A document.
    • Remind respondents that no further questions will be entertained during the remainder of the RFP response period.
    • Send the updated and completed document to all vendors (even if circumstances prevented their attending the Pre-Proposal Conference). Use the same process as when you sent out the initial answers: via email, blind copy the respondents and request read/receipt.

    “Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    Pre-Proposal Conference Agenda

    Modify this agenda for your specific organization’s culture
    1. Opening Remarks & Welcome – RFP Manager
      1. Agenda review
      2. Purpose of the Pre-Proposal Conference
    2. Review Agenda
      1. Introduction of your (customer) attendees
    3. Participating Vendor Introduction (company name)
    4. Executive or Sr. Leadership Comments (limit to five minutes)
      1. Importance of the RFP
      2. High-level business objective or definition of success
    5. Review Key Dates in the RFP

    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)
    1. Review of any Technical Drawings or Information
      1. Key technical requirements and constraints
      2. Key infrastructure requirements and constraints
    2. Review of any complex RFP Issues
      1. Project scope/out of scope
    3. Question &Answer
      1. Vendors’ questions in alphabetical order
    4. Review of Any Specific Instructions for the Respondents
    5. Conclusion/Closing
      1. Review how to submit additional questions
      2. Remind vendors of the single point of contact

    Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Evaluate Responses

    Other important information

    • Consider separating the pricing component from the RFP responses before sending them to reviewers to maintain objectivity until after you have received all ratings on the proposals themselves.
    • Each reviewer should set aside focused time to carefully read each vendor’s response
    • Read the entire vendor proposal – they spent a lot time and money responding to your request, so please read everything.
    • Remind reviewers that they should route any questions to the vendor through the RFP manager.
    • Using the predetermined ranking system for each section, rate each section of the response, capturing any notes, questions, or concerns as you proceed through the document(s).
    Stock photo of a 'Rating' meter with values 'Very Bad to 'Excellent'.

    Use a proven evaluation method

    Two proven methods to reviewing vendors’ proposals are by response and by objective

    The first, by response, is when the evaluator reviews each vendor’s response in its entirety.

    The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.

    By Response

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    By Objective

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    • Each response is thoroughly read all the way through.
    • Response inconsistencies are easily noticed.
    • Evaluators obtain a good feel for the vendor's response.
    • Evaluators will lose interest as they move from one response to another.
    • Evaluation will be biased if the beginning of response is subpar, influencing the rest of the evaluation.
    • Deficiencies of the perceived favorite vendor are overlooked.
    • Evaluators concentrate on how each objective is addressed.
    • Evaluators better understand the responses, resulting in identifying the best response for the objective.
    • Evaluators are less susceptible to supplier bias.
    • Electronic format of the response hampers response review per objective.
    • If a hard copy is necessary, converting electronic responses to hard copy is costly and cumbersome.
    • Discipline is required to score each vendor's response as they go.

    Maintain evaluation objectivity by reducing response evaluation biases

    Evaluation teams can be naturally biased during their review of the vendors’ responses.

    You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.

    Vendor

    The evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
    • Evaluate the responses blind of vendor names, if possible.
    Centerpiece for this table, titled 'BIAS' and surrounding by iconized representations of the four types listed.

    Account Representatives

    Relationships extend beyond business, and an evaluator doesn't want to jeopardize them.
    • Craft RFP objectives that are vendor neutral.

    Technical

    A vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
    • Conduct fair and open solution demonstrations.

    Price

    As humans, we can justify anything at a good price.
    • Evaluate proposals without awareness of price.

    Additional insights when evaluating RFPs

    When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”.
    Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement.

    Establish your evaluation scoring scale

    Define your ranking scale to ensure consistency in ratings

    Within each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.

    Score Criteria for Rating
    5 Outstanding – Complete understanding of current and future needs; solution addresses current and future needs
    4 Competent – Complete understanding and adequate solution
    3 Average – Average understanding and adequate solution
    2 Questionable – Average understanding; proposal questionable
    1 Poor – Minimal understanding
    0 Not acceptable – Lacks understanding
    Stock photo of judges holding up their ratings.

    Weigh the sections of your RFP on how important or critical they are to the RFP

    Obtain Alignment on Weighting the Scores of Each Section
    • There are many ways to score responses, ranging from extremely simple to highly complicated. The most important thing is that everyone responsible for completing scorecards is in total agreement about how the scoring system should work. Otherwise, the scorecards will lose their value, since different weighting and scoring templates were used to arrive at their scores.
    • You can start by weighting the scores by section, with all sections adding up to 100%.
    Example RFP Section Weights
    Pie chart of example RFP section weights, 'Operational, 20%', 'Service-Level Agreements, 20%', 'Financial, 20%', 'Legal/Contractual, 15%', 'Technical, 10%' 'Functional, 15%'.
    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)

    Protect your negotiation leverage with these best practices

    Protect your organization's reputation within the vendor community with a fair and balanced process.
    • Unless you regularly have the evaluators on your evaluation team, always assume that the team members are not familiar nor experienced with your process and procedures.
    • Do not underestimate the amount of preparations required to ensure that your evaluation team has everything they need to evaluate vendors’ responses without bias.
    • Be very specific about the expectations and time commitment required for the evaluation team to evaluate the responses.
    • Explain to the team members the importance of evaluating responses without conflicts of interest, including the fact that information contained within the responses and all discussions within the team are considered company owned and confidential.
    • Include examples of the evaluation and scoring processes to help the evaluators understand what they should be doing.
    • Finally – don’t forget to the thank the evaluation team and their managers for their time and commitment in contributing to this essential decision.
    Stock photo of a cork board with 'best practice' spelled out by tacked bits of paper, each with a letter in a different font.

    Evaluation teams must balance commercial vs. technical requirements

    Do not alter the evaluation weights after responses are submitted.
    • Evaluation teams are always challenged by weighing the importance of price, budget, and value against the technical requirements of “must-haves” and super cool “nice-to-haves.”
    • Encouraging the evaluation team not to inadvertently convert the nice-to-haves to must-haves will prevent scope creep and budget pressure. The evaluation team must concentrate on the vendors’ responses that drive the best value when balancing both commercial and technical requirements.
    Two blocks labelled 'Commercial Requirements' and 'Technical Requirements' balancing on either end of a flat sheet, which is balancing on a silver ball.

    4.6.1 Evaluation Guidebook

    1 hour

    Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard

    Output: One or two finalists for which negotiations will proceed

    Materials: RFP Evaluation Guidebook

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Info-Tech provides an excellent resource for your evaluation team to better understand the process of evaluating vendor response. The guidebook is designed to be configured to the specifics of your RFP, with guidance and instructions to the team.
    2. Use this guidebook to provide instruction to the evaluation team as to how best to score and rate the RFP responses.
    3. Specific definitions are provided for applying the numerical scores to the RFP objectives will ensure consistency among the appropriate numerical score.

    Download the RFP Evaluation Guidebook

    4.6.2 RFP Vendor Proposal Scoring Tool

    1-4 hours

    Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard

    Output: A consolidated ranked and weighted comparison of the vendor responses with pricing

    Materials: Vendor responses, RFP Evaluation Tool

    Participants: Sourcing/Procurement, Vendor management

    1. Using the RFP outline as a base, develop a scorecard to evaluate and rate each section of the vendor response, based on the criteria predetermined by the team.
    2. Provide each stakeholder with the scorecard when you provide the vendor responses for them to review and provide the team with adequate time to review each response thoroughly and completely.
    3. Do not, at this stage, provide the pricing. Allow stakeholders to review the responses based on the technical, business, operational criteria without prejudice as to pricing.
    4. Evaluators should always be reminded that they are evaluating each vendor’s response against the objectives and requirements of the RFP. The evaluators should not be evaluating each vendor’s response against one another.
    5. While the team is reviewing and scoring responses, review and consolidate the vendor pricing submissions into one document for a side-by-side comparison.

    Download the RFP Evaluation Tool

    4.6.3 Total Cost of Owners (TCO)

    1-2 hours

    Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget

    Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.

    Materials: Vendor TCO Tool, Vendor pricing responses

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement

    • Use Info-Tech’s Vendor TCO Tool to normalize each vendor’s pricing proposal and account for the lifetime cost of the product.
    • Fill in pricing information (the total of all annual costs) from each vendor's returned Pricing Proposal.
    • The tool will summarize the net present value of the TCO for each vendor proposal.
    • The tool will also provide the rank of each pricing proposal.

    Download the Vendor TCO Tool

    Conduct an evaluation team results meeting

    Follow the checklist below to ensure an effective evaluation results meeting

    • Schedule the evaluation team’s review meeting well in advance to ensure there are no scheduling conflicts.
    • Collect the evaluation team’s scores in advance.
    • Collate scores and provide an initial ranking.
    • Do not reveal the pricing evaluation results until after initial discussions and review of the scoring results.
    • Examine both high and low scores to understand why the team members scored the response as they did.
    • Allow the team to discuss, debate, and arrive at consensus on the ranking.
    • After consensus, reveal the pricing to examine if or how it changes the ranking.
    • Align the team on the next steps with the applicable vendors.

    4.6.4 Consolidated RFP Response Scoring

    1-2 hours

    Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.

    Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.

    Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Collect from the evaluation team all scorecards and any associated questions requiring further clarification from the vendor(s). Consolidate the scorecards into one for presentation to the team and key decision makers.
    2. Present the final scores to the team, with the pricing evaluation, to determine, based on your needs, two or three finalists that will move forward to the next steps of negotiations.
    3. Discuss any scores that are have large gaps, e.g., a requirement with a score of one from one evaluator and the same requirement with a score five from different evaluator.
    4. Arrive at a consensus of your top one or two potential vendors.
    5. Determine any required follow-up actions with the vendors and include them in the Evaluation Summary.

    Download the Consolidated Vender RFP Response Evaluation Summary

    4.6.5 Vendor Recommendation Presentation

    1-3 hours
    1. Use the Vendor Recommendation Presentation to present your finalist and obtain final approval to negotiate and execute any agreements.
    2. The Vendor Recommendation Presentation provides leadership with:
      1. An overview of the RFP, its primary goals, and key requirements
      2. A summary of the vendors invited to participate and why
      3. A summary of each component of the RFP
      4. A side-by-side comparison of key vendor responses to each of the key/primary requirements, with ranking/weighting results
      5. A summary of the vendor’s responses to key legal terms
      6. A consolidated summary of the vendors’ pricing, augmented by the TCO calculations for the finalist(s).
      7. The RFP team’s vendor recommendations based on its findings
      8. A summary of next steps with dates
      9. Request approval to proceed to next steps of negotiations with the primary and secondary vendor

    Download the Vendor Recommendation Presentation

    4.6.5 Vendor Recommendation Presentation

    Input

    • Consolidated RFP responses, with a focus on key RFP goals
    • Consolidated pricing responses
    • TCO Model completed, approved by Finance, stakeholders

    Output

    • Presentation deck summarizing the key findings of the RFP results, cost estimates and TCO and the recommendation for approval to move to contract negotiations with the finalists

    Materials

    • Consolidated RFP responses, including legal requirements
    • Consolidated pricing
    • TCO Model
    • Evaluators scoring results

    Participants

    • IT
    • Finance
    • Business stakeholders
    • Legal
    • Sourcing/Procurement

    Caution: Configure templates and tools to align with RFP objectives

    Templates and tools are invaluable assets to any RFP process

    • Leveraging templates and tools saves time and provides consistency to your vendors.
    • Maintain a common repository of your templates and tools with different versions and variations. Include a few sentences with instructions on how to use the template and tools for team members who might not be familiar with them.

    Templates/Tools

    RFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague.

    Sourcing

    Regardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal.

    Review

    Then you must carefully examine the components of the deal before creating your final documents.

    Popular RFP templates include:

    • RFP documents
    • Pricing templates
    • Evaluation and scoring templates
    • RFP requirements
    • Info-Tech research

    Phase 5

    Negotiate Agreement(s)

    Steps

    5.1 Perform negotiation process

    Steps in an RFP Process with the fifth step, 'Negotiate Agreement', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • Legal
    • IT stakeholders
    • Finance

    Outcomes of this phase

    A negotiated agreement or agreements that are a result of competitive negotiations.

    Negotiate Agreement(s)

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Negotiate Agreement

    You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.


    Then you should:

    • Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.
    • Select finalist(s).
    • Apply selection criteria.
    • Resolve vendors’ exceptions.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor.

    Centerpiece of the table, titled 'Negotiation Process'.

    Leverage Info-Tech's negotiation process research for additional information

    Negotiate before you select your vendor:
    • Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.
    • Perform legal reviews as necessary.
    • Use sound competitive negotiations principles.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Phase 6

    Purchase Goods and Services

    Steps

    6.1 Purchase Goods & Services

    Steps in an RFP Process with the sixth step, 'Purchase Goods and Services', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • IT stakeholders

    Outcomes of this phase

    A purchase order that completes the RFP process.

    The beginning of the vendor management process.

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Purchase Goods and Services

    Prepare to purchase goods and services

    Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
    • Have the vendor complete applicable tax forms.
    • Set up the vendor in accounts payable for electronic payment (ACH) set-up.
    Then transact day-to-day business:
    • Provide purchasing forecasts.
    • Complete applicable purchase requisition and purchase orders. Be sure to reference the agreement in the PO.
    Stock image of a computer monitor with a full grocery cart shown on the screen.

    Info-Tech Insight

    As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.

    Phase 7

    Assess and Measure Performance

    Steps

    7.1 Assess and measure performance against the agreement

    Steps in an RFP Process with the seventh step, 'Assess and Measure Performance', highlighted.

    This phase involves the following participants:

    • Vendor management
    • Business stakeholders
    • Senior leadership (as needed)
    • IT stakeholders
    • Vendor representatives & senior management

    Outcomes of this phase

    A list of what went well during the period – it’s important to recognize successes

    A list of areas needing improvement that includes:

    • A timeline for each item to be completed
    • The team member(s) responsible

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Assess and Measure Performance

    Measure to manage: the job doesn’t end when the contract is signed.

    • Classify vendor
    • Assess vendor performance
    • Manage improvement
    • Conduct periodic vendor performance reviews or quarterly business reviews
    • Ensure contract compliance for both the vendor and your organization
    • Build knowledgebase for future
    • Re-evaluate and improve appropriately your RFP processes

    Info-Tech Insight

    To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.

    Summary of Accomplishment

    Problem Solved

    Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.

    Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Final Thoughts: RFP Do’s and Don’ts

    DO

    • Leverage your team’s knowledge
    • Document and explain your RFP process to stakeholders and vendors
    • Include contract terms in your RFP
    • Consider vendor management requirements up front
    • Plan to measure and manage performance after contract award leveraging RFP objectives
    • Seek feedback from the RFP team for process improvements

    DON'T

    • Reveal your budget
    • Do an RFP in a vacuum
    • Send an RFP to a vendor your team is not willing to award the business to
    • Hold separate conversations with candidate vendors during your RFP process
    • Skimp on the requirements definition to speed the process
    • Tell the vendor they are selected before negotiating

    Bibliography

    “2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.

    Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019

    “Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.

    Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.

    “RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.

    “State of the RFP 2019.” Bonfire, 2019. Web.

    “What Vendors Want (in RFPs).” Vendorful, 2020. Web.

    Related Info-Tech Research

    Stock photo of two people looking at a tablet. Prepare for Negotiations More Effectively
    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.
    Stock photo of two people in suits shaking hands. Understand Common IT Contract Provisions to Negotiate More Effectively
    • Focus on the terms and conditions, not just the price. Too often, organizations focus on the price contained within their contracts, neglecting to address core terms and conditions that can end up costing multiples of the initial price.
    • Lawyers can’t ensure you get the best business deal. Lawyers tend to look at general terms and conditions for legal risk and may not understand IT-specific components and business needs.
    Stock photo of three people gathered around a computer. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service-level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Create a Right-Sized Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}410|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $83,037 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a disaster recovery plan (DRP).
    • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors but will not be effective in a crisis.
    • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
    • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

    Our Advice

    Critical Insight

    • At its core, disaster recovery (DR) is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
    • Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
    • Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

    Impact and Result

    • Define appropriate objectives for service downtime and data loss based on business impact.
    • Document an incident response plan that captures all of the steps from event detection to data center recovery.
    • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

    Create a Right-Sized Disaster Recovery Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Disaster Recovery Plan (DRP) Research – A step-by-step document that helps streamline your DR planning process and build a plan that's concise, usable, and maintainable.

    Any time a major IT outage occurs, it increases executive awareness and internal pressure to create an IT DRP. This blueprint will help you develop an actionable DRP by following our four-phase methodology to define scope, current status, and dependencies; conduct a business impact analysis; identify and address gaps in the recovery workflow; and complete, extend, and maintain your DRP.

    • Create a Right-Sized Disaster Recovery Plan – Phases 1-4

    2. DRP Case Studies – Examples to help you understand the governance and incident response components of a DRP and to show that your DRP project does not need to be as onerous as imagined.

    These examples include a client who leveraged the DRP blueprint to create practical, concise, and easy-to-maintain DRP governance and incident response plans and a case study based on a hospital providing a wide range of healthcare services.

    • Case Study: Practical, Right-Sized DRP
    • Case Study: Practical, Right-Sized DRP – Healthcare Example

    3. DRP Maturity Scorecard – An assessment tool to evaluate the current state of your DRP.

    Use this tool to measure your current DRP maturity and identify gaps to address. It includes a comprehensive list of requirements for your DRP program, including core and industry requirements.

    • DRP Maturity Scorecard

    4. DRP Project Charter Template – A template to communicate important details on the project purpose, scope, and parameters.

    The project charter template includes details on the project overview (description, background, drivers, and objectives); governance and management (project stakeholders/roles, budget, and dependencies); and risks, assumptions, and constraints (known and potential risks and mitigation strategy).

    • DRP Project Charter Template

    5. DRP Business Impact Analysis Tool – An evaluation tool to estimate the impact of downtime to determine appropriate, acceptable recovery time objectives (RTOs) and recovery point objectives (RPOs) and to review gaps between objectives and actuals.

    This tool enables you to identify critical applications/systems; identify dependencies; define objective scoring criteria to evaluate the impact of application/system downtime; determine the impact of downtime and establish criticality tiers; set recovery objectives (RTO/RPO) based on the impact of downtime; record recovery actuals (RTA/RPA) and identify any gaps between objectives and actuals; and identify dependencies that regularly fail (and have a significant impact when they fail) to prioritize efforts to improve resiliency.

    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool

    6. DRP BIA Scoring Context Example – A tool to record assumptions you made in the DRP Business Impact Analysis Tool to explain the results and drive business engagement and feedback.

    Use this tool to specifically record assumptions made about who and what are impacted by system downtime and record assumptions made about impact severity.

    • DRP BIA Scoring Context Example

    7. DRP Recovery Workflow Template – A flowchart template to provide an at-a-glance view of the recovery workflow.

    This simple format is ideal during crisis situations, easier to maintain, and often quicker to create. Use this template to document the Notify - Assess - Declare disaster workflow, document current and planned future state recovery workflows, including gaps and risks, and review an example recovery workflow.

    • DRP Recovery Workflow Template (PDF)
    • DRP Recovery Workflow Template (Visio)

    8. DRP Roadmap Tool – A visual roadmapping tool that will help you plan, communicate, and track progress for your DRP initiatives.

    Improving DR capabilities is a marathon, not a sprint. You likely can't fund and resource all the measures for risk mitigation at once. Instead, use this tool to create a roadmap for actions, tasks, projects, and initiatives to complete in the short, medium, and long term. Prioritize high-benefit, low-cost mitigations.

    • DRP Roadmap Tool

    9. DRP Recap and Results Template – A template to summarize and present key findings from your DR planning exercises and documents.

    Use this template to present your results from the DRP Maturity Scorecard, BCP-DRP Fitness Assessment, DRP Business Impact Analysis Tool, tabletop planning exercises, DRP Recovery Workflow Template, and DRP Roadmap Tool.

    • DRP Recap and Results Template

    10. DRP Workbook – A comprehensive tool that enables you to organize information to support DR planning.

    Leverage this tool to document information regarding DRP resources (list the documents/information sources that support DR planning and where they are located) and DR teams and contacts (list the DR teams, SMEs critical to DR, and key contacts, including business continuity management team leads that would be involved in declaring a disaster and coordinating response at an organizational level).

    • DRP Workbook

    11. Appendix

    The following tools and templates are also included as part of this blueprint to use as needed to supplement the core steps above:

    • DRP Incident Response Management Tool
    • DRP Vendor Evaluation Questionnaire
    • DRP Vendor Evaluation Tool
    • Severity Definitions and Escalation Rules Template
    • BCP-DRP Fitness Assessment
    [infographic]

    Workshop: Create a Right-Sized Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Parameters for Your DRP

    The Purpose

    Identify key applications and dependencies based on business needs.

    Key Benefits Achieved

    Understand the entire IT “footprint” that needs to be recovered for key applications. 

    Activities

    1.1 Assess current DR maturity.

    1.2 Determine critical business operations.

    1.3 Identify key applications and dependencies.

    Outputs

    Current challenges identified through a DRP Maturity Scorecard.

    Key applications and dependencies documented in the Business Impact Analysis (BIA) Tool.

    2 Determine the Desired Recovery Timeline

    The Purpose

    Quantify application criticality based on business impact.

    Key Benefits Achieved

    Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).

    Activities

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of downtime.

    2.3 Determine desired RTO/RPO targets for applications based on business impact.

    Outputs

    Business impact analysis scoring criteria defined.

    Application criticality validated.

    RTOs/RPOs defined for applications and dependencies.

    3 Determine the Current Recovery Timeline and DR Gaps

    The Purpose

    Determine your baseline DR capabilities (your current state).

    Key Benefits Achieved

    Gaps between current and desired DR capability are quantified.

    Activities

    3.1 Conduct a tabletop exercise to determine current recovery procedures.

    3.2 Identify gaps between current and desired capabilities.

    3.3 Estimate likelihood and impact of failure of individual dependencies.

    Outputs

    Current achievable recovery timeline defined (i.e. the current state).

    RTO/RPO gaps identified.

    Critical single points of failure identified.

    4 Create a Project Roadmap to Close DR Gaps

    The Purpose

    Identify and prioritize projects to close DR gaps.

    Key Benefits Achieved

    DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.

    Activities

    4.1 Determine what projects are required to close the gap between current and desired DR capability.

    4.2 Prioritize projects based on cost, effort, and impact on RTO/RPO reduction.

    4.3 Validate that the suggested projects will achieve the desired DR capability.

    Outputs

    Potential DR projects identified.

    DRP project roadmap defined.

    Desired-state incident response plan defined, and project roadmap validated.

    5 Establish a Framework for Documenting Your DRP, and Summarize Next Steps

    The Purpose

    Outline how to create concise, usable DRP documentation.

    Summarize workshop results. 

    Key Benefits Achieved

    A realistic and practical approach to documenting your DRP.

    Next steps documented. 

    Activities

    5.1 Outline a strategy for using flowcharts and checklists to create concise, usable documentation.

    5.2 Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document.

    5.3 Summarize the workshop results, including current potential downtime and action items to close gaps.

    Outputs

    Current-state and desired-state incident response plan flowcharts.

    Templates to create more detailed documentation where necessary.

    Executive communication deck that outlines current DR gaps, how to close those gaps, and recommended next steps.

    Further reading

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    ANALYST PERSPECTIVE

    An effective disaster recovery plan (DRP) is not just an insurance policy.

    "An effective DRP addresses common outages such as hardware and software failures, as well as regional events, to provide day-to-day service continuity. It’s not just insurance you might never cash in. Customers are also demanding evidence of an effective DRP, so organizations without a DRP risk business impact not only from extended outages but also from lost sales. If you are fortunate enough to have executive buy-in, whether it’s due to customer pressure or concern over potential downtime, you still have the challenge of limited time to dedicate to disaster recovery (DR) planning. Organizations need a practical but structured approach that enables IT leaders to create a DRP without it becoming their full-time job."

    Frank Trovato,

    Research Director, Infrastructure

    Info-Tech Research Group

    Is this research for you?

    This Research Is Designed For:

    • Senior IT management responsible for executing DR.
    • Organizations seeking to formalize, optimize, or validate an existing DRP.
    • Business continuity management (BCM) professionals leading DRP development.

    This Research Will Help You:

    • Create a DRP that is aligned with business requirements.
    • Prioritize technology enhancements based on DR requirements and risk-impact analysis.
    • Identify and address process and technology gaps that impact DR capabilities and day-to-day service continuity.

    This Research Will Also Assist:

    • Executives who want to understand the time and resource commitment required for DRP.
    • Members of BCM and crisis management teams who need to understand the key elements of an IT DRP.

    This Research Will Help Them:

    • Scope the time and effort required to develop a DRP.
    • Align business continuity, DR, and crisis management plans.

    Executive summary

    Situation

    • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a DRP.
    • Industry standards and government regulations are driving external pressure to develop business continuity and IT DR plans.
    • Customers are asking suppliers and partners to provide evidence that they have a workable DRP before agreeing to do business.

    Complication

    • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors, but will not be effective in a crisis.
    • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
    • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

    Resolution

    • Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity:
      • Define appropriate objectives for service downtime and data loss based on business impact.
      • Document an incident response plan that captures all of the steps from event detection to data center recovery.
      • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

    Info-Tech Insight

    1. At its core, DR is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
    2. Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
    3. Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

    An effective DRP is critical to reducing the cost of downtime

    If you don’t have an effective DRP when failure occurs, expect to face extended downtime and exponentially rising costs due to confusion and lack of documented processes.

    Image displayed is a graph that shows that delay in recovery causes exponential revenue loss.

    Potential Lost Revenue

    The impact of downtime tends to increase exponentially as systems remain unavailable (graph at left). A current, tested DRP will significantly improve your ability to execute systems recovery, minimizing downtime and business impact. Without a DRP, IT is gambling on its ability to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks or months – and substantial business impact.

    Adapted from: Philip Jan Rothstein, 2007

    Cost of Downtime for the Fortune 1000

    Cost of unplanned apps downtime per year: $1.25B to $2.5B.

    Cost of critical apps failure per hour: $500,000 to $1M.

    Cost of infrastructure failure per hour: $100,000.

    35% reported to have recovered within 12 hours.

    17% of infrastructure failures took more than 24 hours to recover.

    13% of application failures took more than 24 hours to recover.

    Source: Stephen Elliot, 2015

    Info-Tech Insight

    The cost of downtime is rising across the board, and not just for organizations that traditionally depend on IT (e.g. e-commerce). Downtime cost increase since 2010:

    Hospitality: 129% increase

    Transportation: 108% increase

    Media organizations: 104% increase

    An effective DRP also sets clear recovery objectives that align with system criticality to optimize spend

    The image displays a disaster recovery plan example, where different tiers are in place to support recovery in relation to time.

    Take a practical approach that creates a more concise and actionable DRP

    DR planning is not your full-time job, so it can’t be a resource- and time-intensive process.

    The Traditional Approach Info-Tech’s Approach

    Start with extensive risk and probability analysis.

    Challenge: You can’t predict every event that can occur, and this delays work on your actual recovery procedures.

    Focus on how to recover regardless of the incident.

    We know failure will happen. Focus on improving your ability to failover to a DR environment so you are protected regardless of what causes primary site failure.

    Build a plan for major events such as natural disasters.

    Challenge: Major destructive events only account for 12% of incidents while software/hardware issues account for 45%. The vast majority of incidents are isolated local events.

    An effective DRP improves day-to-day service continuity, and is not just for major events.

    Leverage DR planning to address both common (e.g. power/network outage or hardware failure) as well as major events. It must be documentation you can use, not shelfware.

    Create a DRP manual that provides step-by-step instructions that anyone could follow.

    Challenge: The result is lengthy, dense manuals that are difficult to maintain and hard to use in a crisis. The usability of DR documents has a direct impact on DR success.

    Create concise documentation written for technical experts.

    Use flowcharts, checklists, and diagrams. They are more usable in a crisis and easier to maintain. You aren’t going to ask a business user to recover your SQL Server databases, so you can afford to be concise.

    DR must be integrated with day-to-day incident management to ensure service continuity

    When a tornado takes out your data center, it’s an obvious DR scenario and the escalation towards declaring a disaster is straightforward.

    The challenge is to be just as decisive in less-obvious (and more common) DR scenarios such as a critical system hardware/software failure, and knowing when to move from incident management to DR. Don’t get stuck troubleshooting for days when you could have failed over in hours.

    Bridge the gap with clearly-defined escalation rules and criteria for when to treat an incident as a disaster.

    Image displays two graphs. The graph on the left measures the extent that service management processes account for disasters by the success meeting RTO and RPO. The graph on the right is a double bar graph that shows DRP being integrated and not integrated in the following categories: Incident Classifications, Severity Definitions, Incident Models, Escalation Procedures. These are measured based on the success meeting RTO and RPO.

    Source: Info-Tech Research Group; N=92

    Myth busted: The DRP is separate from day-to-day ops and incident management.

    The most common threats to service continuity are hardware and software failures, network outages, and power outages

    The image displayed is a bar graph that shows the common threats to service continuity. There are two areas of interest that have labels. The first is: 45% of service interruptions that went beyond maximum downtime guidelines set by the business were caused by software and hardware issues. The second label is: Only 12% of incidents were caused by major destructive events.

    Source: Info-Tech Research Group; N=87

    Info-Tech Insight

    Does this mean I don’t need to worry about natural disasters? No. It means DR planning needs to focus on overall service continuity, not just major disasters. If you ignore the more common but less dramatic causes of service interruptions, you are diminishing the business value of a DRP.

    Myth busted: DRPs are just for destructive events – fires, floods, and natural disasters.

    DR isn’t about identifying risks; it’s about ensuring service continuity

    The traditional approach to DR starts with an in-depth exercise to identify risks to IT service continuity and the probability that those risks will occur.

    Here’s why starting with a risk register is ineffective:

    • Odds are, you won’t think of every incident that might occur. If you think of twenty risks, it’ll be the twenty-first that gets you. If you try to guard against that twenty-first risk, you can quickly get into cartoonish scenarios and much more costly solutions.
    • The ability to failover to another site mitigates the risk of most (if not all) incidents (fire, flood, hardware failure, tornado, etc.). A risk and probability analysis doesn’t change the need for a plan that includes a failover procedure.

    Where risk is incorporated in this methodology:

    • Use known risks to further refine your strategy (e.g. if you are prone to hurricanes, plan for greater geographic separation between sites; ensure you have backups, in addition to replication, to mitigate the risk of ransomware).
    • Identify risks to your ability to execute DR (e.g. lack of cross-training, backups that are not tested) and take steps to mitigate those risks.

    Myth busted: A risk register is the critical first step to creating an effective DR plan.

    You can’t outsource accountability and you can’t assume your vendor’s DR capabilities meet your needs

    Outsourcing infrastructure services – to a cloud provider, co-location provider, or managed service provider (MSP) – can improve your DR and service continuity capabilities. For example, a large public cloud provider will generally have:

    • Redundant telecoms service providers, network infrastructure, power feeds, and standby power.
    • Round-the-clock infrastructure and security monitoring.
    • Multiple data centers in a given region, and options to replicate data and services across regions.

    Still, failure is inevitable – it’s been demonstrated multiple times1 through high-profile outages. When you surrender direct control of the systems themselves, it’s your responsibility to ensure the vendor can meet your DR requirements, including:

    • A DR site and acceptable recovery times for systems at that site.
    • An acceptable replication/backup schedule.

    Sources: Kyle York, 2016; Shaun Nichols, 2017; Stephen Burke, 2017

    Myth busted: I outsource infrastructure services so I don’t have to worry about DR. That’s my vendor’s responsibility.

    Choose flowcharts over process guides, checklists over procedures, and diagrams over descriptions

    IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

    In reality, you write a DR plan for knowledgeable technical staff, which allows you to summarize key details your staff already know. Concise, visual documentation is:

    • Quicker to create.
    • Easier to use.
    • Simpler to maintain.

    "Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

    – Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

    A graph is displayed. It shows a line graph where the DR success is higher by using flowcharts, checklists, and diagrams.

    Source: Info-Tech Research Group; N=95

    *DR Success is based on stated ability to meet recovery time objectives (RTOs) and recovery point objectives (RPOs), and reported confidence in ability to consistently meet targets.

    Myth busted: A DRP must include every detail so anyone can execute recovery.

    A DRP is part of an overall business continuity plan

    A DRP is the set of procedures and supporting documentation that enables an organization to restore its core IT services (i.e. applications and infrastructure) as part of an overall business continuity plan (BCP), as described below. Use the templates, tools, and activities in this blueprint to create your DRP.

    Overall BCP
    IT DRP BCP for Each Business Unit Crisis Management Plan
    A plan to restore IT services (e.g. applications and infrastructure) following a disruption. This includes:
    • Identifying critical applications and dependencies.
    • Defining an appropriate (desired) recovery timeline based on a business impact analysis (BIA).
    • Creating a step-by-step incident response plan.
    A set of plans to resume business processes for each business unit. Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization. A set of processes to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage. This includes emergency response plans, crisis communication plans, and the steps to invoke BC/DR plans when applicable. Info-Tech’s Implement Crisis Management Best Practices blueprint provides a structured approach to develop a crisis management process.

    Note: For DRP, we focus on business-facing IT services (as opposed to the underlying infrastructure), and then identify required infrastructure as dependencies (e.g. servers, databases, network).

    Take a practical but structured approach to creating a concise and effective DRP

    Image displayed shows the structure of this blueprint. It shows the structure of phases 1-4 and the related tools and templates for each phase.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech advisory services deliver measurable value

    Info-Tech members save an average of $22,983 and 22 days by working with an Info-Tech analyst on DRP (based on client response data from Info-Tech Research Group’s Measured Value Survey, following analyst advisory on this blueprint).

    Why do members report value from analyst engagement?

    1. Expert advice on your specific situation to overcome obstacles and speed bumps.
    2. Structured project and guidance to stay on track.
    3. Project deliverables review to ensure the process is applied properly.

    Guided implementation overview

    Your trusted advisor is just a call away.

    Define DRP scope (Call 1)

    Scope requirements, objectives, and your specific challenges. Identify applications/ systems to focus on first.

    Define current status and system dependencies (Calls 2-3)

    Assess current DRP maturity. Identify system dependencies.

    Conduct a BIA (Calls 4-6)

    Create an impact scoring scale and conduct a BIA. Identify RTO and RPO for each system.

    Recovery workflow (Calls 7-8)

    Create a recovery workflow based on tabletop planning. Identify gaps in recovery capabilities.

    Projects and action items (Calls 9-10)

    Identify and prioritize improvements. Summarize results and plan next steps.

    Your guided implementations will pair you with an advisor from our analyst team for the duration of your DRP project.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Image displays the workshop overview for this blueprint. It is a workshop that runs for 4 days and covers various activities and produces many deliverables.

    End-user complaints distract from serious IT-based risks to business continuity

    Case Study

    Industry: Manufacturing
    Source: Info-Tech Research Group Client Engagement

    A global manufacturer with annual sales over $1B worked with Info-Tech to improve DR capabilities.

    DRP BIA

    Conversations with the IT team and business units identified the following impact of downtime over 24 hours:

    • Email: Direct Cost: $100k; Goodwill Impact Score: 8.5/16
    • ERP: Direct Cost: $1.35mm; Goodwill Impact Score: 12.5/16

    Tabletop Testing and Recovery Capabilities

    Reviewing the organization’s current systems recovery workflow identified the following capabilities:

    • Email: RTO: minutes, RPO: minutes
    • ERP: RTO: 14 hours, RPO: 24 hours

    Findings

    Because of end-user complaints, IT had invested heavily in email resiliency though email downtime had a relatively minimal impact on the business. After working through the methodology, it was clear that the business needed to provide additional support for critical systems.

    Insights at each step:

    Identify DR Maturity and System Dependencies

    Conduct a BIA

    Outline Incident Response and Recovery Workflow With Tabletop Exercises

    Mitigate Gaps and Risks

    Create a Right-Sized Disaster Recovery Plan

    Phase 1

    Define DRP Scope, Current Status, and Dependencies

    Step 1.1: Set Scope, Kick-Off the DRP Project, and Create a Charter

    This step will walk you through the following activities:

    • Establish a team for DR planning.
    • Retrieve and review existing, relevant documentation.
    • Create a project charter.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team (Key IT SMEs)
    • IT Managers

    Results and Insights

    • Set scope for the first iteration of the DRP methodology.
    • Don’t try to complete your DR and BCPs all at once.
    • Don’t bite off too much at once.

    Kick-off your DRP project

    You’re ready to start your DR project.

    This could be an annual review – but more likely, this is the first time you’ve reviewed the DR plan in years.* Maybe a failed audit might have provided a mandate for DR planning, or a real disaster might have highlighted gaps in DR capabilities. First, set appropriate expectations for what the project is and isn’t, in terms of scope, outputs, and resource commitments. Very few organizations can afford to hire a full-time DR planner, so it’s likely this won’t be your full-time job. Set objectives and timelines accordingly.

    Gather a team

    • Often, DR efforts are led by the infrastructure and operations leader. This person can act as the DRP coordinator or may delegate this role.
    • Key infrastructure subject-matter experts (SMEs) are usually part of the team and involved through the project.

    Find and review existing documentation

    • An existing DRP may have information you can re-purpose rather than re-create.
    • High-level architecture diagrams and network diagrams can help set scope (and will become part of your DR kit).
    • Current business-centric continuity of operations plans (COOPs) or BCPs are important to understand.

    Set specific, realistic objectives

    • Create a project charter (see next slide) to record objectives, timelines, and assumptions.
    *Only 20% of respondents to an Info-Tech Research Group survey (N=165) had a complete DRP; only 38% of respondents with a complete or mostly complete DRP felt it would be effective in a crisis.

    List DRP drivers and challenges

    1(a) Drivers and roadblocks

    Estimated Time: 30 minutes

    Identify the drivers and challenges to completing a functional DRP plan with the core DR team.

    DRP Drivers

    • Past outages (be specific):
      • Hardware and software failures
      • External network and power outages
      • Building damage
      • Natural disaster(s)
    • Audit findings
    • Events in the news
    • Other?

    DRP Challenges

    • Lack of time
    • Insufficient DR budget
    • Lack of executive support
    • No internal DRP expertise
    • Challenges making the case for DRP
    • Other?

    Write down insights from the meeting on flip-chart paper or a whiteboard and use the findings to inform your DRP project (e.g. challenges to address).

    Clarify expectations with a project charter

    1(b) DRP Project Charter Template

    DRP Project Charter Template components:

    Define project parameters, roles, and objectives, and clarify expectations with the executive team. Specific subsections are listed below and described in more detail in the remainder of this phase.

    • Project Overview: Includes objectives, deliverables, and scope. Leverage relevant notes from the “Project Drivers” brainstorming exercise (e.g. past outages and near misses which help make the case).
    • Governance and Management: Includes roles, responsibilities, and resource requirements.
    • Project Risks, Assumptions, and Constraints: Includes risks and mitigation strategies, as well as any assumptions and constraints.
    • Project Sign-Off: Includes IT and executive sign-off (if required).

    Note: Identify the initial team roles and responsibilities first so they can assist in defining the project charter.

    The image is a screenshot of the first page of the DRP Project Charter Template.

    Step 1.2: Assess Current State DRP Maturity

    This step will walk you through the following activities:

    • Complete Info-Tech’s DRP Maturity Scorecard.

    This step involves the following participants:

    • DRP Coordinator
    • IT SMEs

    Results and Insights

    • Identify the current state of the organization’s DRP and continuity management. Set a baseline for improvement.
    • Discover where improvement is most needed to create an effective plan.

    Only 38% of IT departments believe their DRPs would be effective in a real crisis

    Even organizations with documented DRPs struggle to make them actionable.

    • Even when a DRP does become a priority (e.g. due to regulatory or customer drivers), the challenge is knowing where to start and having a methodical step-by-step process for doing the work. With no guide to plan and resource the project, it becomes work that you complete piecemeal when you aren’t working on other projects, or at night after the kids go to bed.
    • Far too many organizations create a document to satisfy auditors rather than creating a usable plan. People in this group often just want a fill-in-the-blanks template. What they will typically find is a template for the traditional 300-page manual that goes in a binder that sits on a shelf, is difficult to maintain, and is not effective in a crisis.
    Two bar graphs are displayed. The graph on the left shows that only 20% of survey respondents indicate they have a complete DRP. The graph on the right shows that 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis.

    Use the DRP Maturity Scorecard to assess the current state of your DRP and identify areas to improve

    1(c) DRP Maturity Scorecard

    Info-Tech’s DRP Maturity Scorecard evaluates completion status and process maturity for a comprehensive yet practical assessment across three aspects of an effective DRP program – Defining Requirements, Implementation, and Maintenance.

    Image has three boxes. One is labelled Completion status, another below it is labelled Process Maturity. There is an addition sign in between them. With an arrow leading from both boxes is another box that is labelled DRP Maturity Assessment

    Completion Status: Reflects the progress made with each component of your DRP Program.

    Process Maturity: Reflects the consistency and quality of the steps executed to achieve your completion status.

    DRP Maturity Assessment: Each component (e.g. BIA) of your DRP Program is evaluated based on completion status and process maturity to provide an accurate holistic assessment. For example, if your BIA completion status is 4 out of 5, but process maturity is a 2, then requirements were not derived from a consistent defined process. The risk is inconsistent application prioritization and misalignment with actual business requirements.

    Step 1.3: Identify Applications, Systems, and Dependencies

    This step will walk you through the following activities:

    • Identify systems, applications, and services, and the business units that use them.
    • Document applications, systems, and their dependencies in the DRP Business Impact Analysis Tool.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Identify core services and the applications that depend on them.
    • Add applications and dependencies to the DRP Business Impact Analysis Tool.

    Select 5-10 services to get started on the DRP methodology

    1(d) High-level prioritization

    Estimated Time: 30 minutes

    Working through the planning process the first time can be challenging. If losing momentum is a concern, limit the BIA to a few critical systems to start.

    Run this exercise if you need a structured exercise to decide where to focus first and identify the business users you should ask for input on the impact of system downtime.

    1. On a whiteboard or flip-chart paper, list business units in a column on the left. List key applications/systems in a row at the top. Draw a grid.
    2. At a high level, review how applications are used by each unit. Take notes to keep track of any assumptions you make.
      • Add a ✓ if members of the unit use the application or system.
      • Add an ✱ if members of the unit are heavy users of the application or system and/or use it for time sensitive tasks.
      • Leave the box blank if the app isn’t used by this unit.
    3. Use the chart to prioritize systems to include in the BIA (e.g. systems marked with an *) but also include a few less-critical systems to illustrate DRP requirements for a range of systems.

    Image is an example of what one could complete from step 1(d). There is a table shown. In the column on the left lists sales, marketing, R&D, and Finance. In the top row, there is listed: dialer, ERP. CRM, Internet, analytics, intranet

    Application Notes
    CRM
    • Supports time-critical sales and billing processes.
    Dialer
    • Used for driving the sales-call queue, integration with CRM.

    Draw a high-level sketch of your environment

    1(e) Sketch your environment

    Estimated Time: 1-2 hours

    A high-level topology or architectural diagram is an effective way to identify dependencies, application ownership, outsourced services, hardware redundancies, and more.

    Note:

    • Network diagrams or high-level architecture diagrams help to identify dependencies and redundancies. Even a rough sketch is a useful reference tool for participants, and will be valuable documentation in the final DR plan.
    • Keep the drawings tidy. Visualize the final diagram before you start to draw on the whiteboard to help with spacing and placement.
    • Collaborate with relevant SMEs to identify dependencies. Keep the drawing high-level.
    • Illustrate connections between applications or components with lines. Use color coding to illustrate where applications are hosted (e.g. in-house, at a co-lo, in a cloud or MSP environment).
    Example of a high-level topology or architectural diagram

    Document systems and dependencies

    Collaborate with system SMEs to identify dependencies for each application or system. Document the dependencies in the DRP Business Impact Analysis Tool (see image below)

    • When listing applications, focus on business-facing systems or services that business users will recognize and use terminology they’ll understand.
    • Group infrastructure components that support all other services as a single core infrastructure service to simplify dependency mapping (e.g. core router, virtual hosts, ID management, and DNS).
    • In general, each data center will have its own core infrastructure components. List each data center separately – especially if different services are hosted at each data center.
    • Be specific when documenting dependencies. Use existing asset tracking tables, discovery tools, asset management records, or configuration management tools to identify specific server names.
    • Core infrastructure dependencies, such as the network infrastructure, power supply, and centralized storage, will be a common set of dependencies for most applications, so group these into a separate category called “Core Infrastructure” to minimize repetition in your DR planning.
    • Document production components in the BIA tool. Capture in-production, redundant components performing the same work on a single dependency line. List standby systems in the notes.

    Info-Tech Best Practice

    In general, visual documentation is easier to use in a crisis and easier to maintain over time. Use Info-Tech’s research to help build your own visual SOPs.

    Document systems and dependencies

    1(f) DRP Business Impact Analysis Tool – Record systems and dependencies

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool.

    Stories from the field: Info-Tech clients find value in Phase 1 in the following ways

    An organization uncovers a key dependency that needed to be treated as a Tier 1 system

    Reviewing the entire ecosystem for applications identified key dependencies that were previously considered non-critical. For example, a system used to facilitate secure data transfers was identified as a key dependency for payroll and other critical business processes, and elevated to Tier 1.

    A picture’s worth a thousand words (and 1600 servers)

    Drawing a simple architectural diagram was an invaluable tool to identify key dependencies and critical systems, and to understand how systems and dependencies were interconnected. The drawing was an aha moment for IT and business stakeholders trying to make sense of their 1600-server environment.

    Make the case for DRP

    A member of the S&P 500 used Info-Tech’s DRP Maturity Scorecard to provide a reliable objective assessment and make the case for improvements to the board of directors.

    State government agency initiates a DRP project to complement an existing COOP

    Info-Tech's DRP Project Charter enabled the CIO to clarify their DRP project scope and where it fit into their overall COOP. The project charter example provided much of the standard copy – objectives, scope, project roles, methodology, etc. – required to outline the project.

    Phase 1: Insights and accomplishments

    Image has two screenshots from Info-Tech's Phase 1 tools and templates.

    Created a charter and identified current maturity

    Image has two screenshots. One is from Info-Tech's DRP Business Impact Analysis Tool and the other is from the example in step 1(d).

    Identified systems and dependencies for the BIA

    Summary of Accomplishments:

    • Created a DRP project charter.
    • Completed the DRP Maturity Scorecard and identified current DRP maturity.
    • Prioritized applications/systems for a first pass through DR planning.
    • Identified dependencies for each application and system.

    Up Next: Conduct a BIA to establish recovery requirements

    Create a Right-Sized Disaster Recovery Plan

    Phase 2

    Conduct a BIA to Determine Acceptable RTOs and RPOs

    Step 2.1: Define an Objective Impact Scoring Scale

    This step will walk you through the following activities:

    • Create a scoring scale to measure the business impact of application and system downtime.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Use a scoring scale tied to multiple categories of real business impact to develop a more objective assessment of application and system criticality.

    Align capabilities to appropriate and acceptable RTOs and RPOs with a BIA

    Too many organizations avoid a BIA because they perceive it as onerous or unneeded. A well-managed BIA is straightforward and the benefits are tangible.

    A BIA enables you to identify appropriate spend levels, maintain executive support, and prioritize DR planning for a more successful outcome. Info-Tech has found that a BIA has a measurable impact on the organization’s ability to set appropriate objectives and investment goals.

    Two bar graphs are depicted. The one on the left shows 93% BIA impact on appropriate RTOs. The graph on the right shows that with BIA, there is 86% on BIA impact on appropriate spending.

    Info-Tech Insight

    Business input is important, but don’t let a lack of it delay a draft BIA. Complete a draft based on your knowledge of the business. Create a draft within IT, and use it to get input from business leaders. It’s easier to edit estimates than to start from scratch; even weak estimates are far better than a blank sheet.

    Pick impact categories that are relevant to your business to develop a holistic view of business impact

    Direct Cost Impact Categories

    • Revenue: permanently lost revenue.
      • Example: one third of daily sales are lost due to a website failure.
    • Productivity: lost productivity.
      • Example: finance staff can’t work without the accounting system.
    • Operating costs: additional operating costs.
      • Example: temporary staff are needed to re-key data.
    • Financial penalties: fines/penalties that could be incurred due to downtime.
      • Example: failure to meet contractual service-level agreements (SLAs) for uptime results in financial penalties.

    Goodwill, Compliance, and Health and Safety Categories

    • Stakeholder goodwill: lost customer, staff, or business partner goodwill due to harm, frustration, etc.
      • Example: customers can’t access needed services because the website is down.
      • Example: a payroll system outage delays paychecks for all staff.
      • Example: suppliers are paid late because the purchasing system is down.
    • Compliance, health, and safety:
      • Example: financial system downtime results in a missed tax filing.
      • Example: network downtime disconnects security cameras.

    Info-Tech Insight

    You don’t have to include every impact category in your BIA. Include categories that could affect your business. Defer or exclude other categories. For example, the bulk of revenue for governmental organizations comes from taxes, which won’t be permanently lost if IT systems fail.

    Modify scoring criteria to help you measure the impact of downtime

    The scoring scales define different types of business impact (e.g. costs, lost goodwill) using a common four-point scale and 24-hour timeframe to simplify BIA exercises and documentation.

    Use the suggestions below as a guide as you modify scoring criteria in the DRP Business Impact Analysis Tool:

    • All the direct cost categories (revenue, productivity, operating costs, financial penalties) require the user to define only a maximum value; the tool will populate the rest of the criteria for that category. Use the suggestions below to find the maximum scores for each of the direct cost categories:
      • Revenue: Divide total revenue for the previous year by 365 to estimate daily revenue. Assume this is the most revenue you could lose in a day, and use this number as the top score.
      • Loss of Productivity: Divide fully-loaded labor costs for the organization by 365 to estimate daily productivity costs. Use this as a proxy measure for the work lost if all business stopped for one day.
      • Increased Operating Costs: Isolate this to known additional costs that result from a disruption (e.g. costs for overtime or temporary staff). Estimate the maximum cost for the organization.
      • Financial Penalties: Isolate this to known financial penalties (e.g. due to failure to meet SLAs or compliance requirements). Use the estimated maximum penalty as the highest value on the scale.
    • Impact on Goodwill: Use an estimate of the percentage of all stakeholders impacted to assess goodwill impact.
    • Impact on Compliance; Impact on Health and Safety: The BIA tool contains default scoring criteria that account for the severity of the impact, the likelihood of occurrence, and in the case of compliance, whether a grace period is available. Use this scale as-is, or adapt this scale to suit your needs.

    Modify the default scoring scale in the DRP Business Impact Analysis Tool to reflect your organization

    2(a) DRP Business Impact Analysis Tool – Scoring criteria


    A screenshot of Info-Tech's DRP Business Impact Analysis Tool's scoring criteria

    Step 2.2: Estimate the Impact of Downtime

    This step will walk you through the following activities:

    • Identify the business impact of service/system/application downtime.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team
    • IT Service SMEs
    • Business-Side Technology Owners (optional)

    Results and Insights

    • Apply the scoring scale to develop a more objective assessment of the business impact of downtime.
    • Create criticality tiers based on the business impact of downtime.

    Estimate the impact of downtime for each system and application

    2(b) Estimate the impact of systems downtime

    Estimated Time: 3 hours

    On tab 3 of the DRP Business Impact Analysis Tool indicate the costs of downtime, as described below:

    1. Have a copy of the “Scoring Criteria” tab available to use as a reference (e.g. printed or on a second display). In tab 3 use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the “Scoring Criteria” tab.
    2. Work horizontally across all categories for a single system or application. This will familiarize you with your scoring scales for all impact categories, and allow you to modify the scoring scales if needed before you proceed much further.
    3. For example, if a core call center phone system was down:

    • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 1 or 2 depending on the percent of sales that are processed by the call center.
    • The Impact on Customers might be a 2 or 3 depending on the extent that some customers might be using the call center to receive support or purchase new products or services.
    • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0, as the call center has no impact in either area.
  • Next, work vertically across all applications or systems within a single impact category. This will allow you to compare scores within the category as you create them to ensure internal consistency.
  • Add impact scores to the DRP Business Impact Analysis Tool

    2(c) DRP Business Impact Analysis Tool

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Record business reasons and assumptions that drive BIA scores

    2(d) DRP BIA Scoring Context Example

    Info-Tech suggests that IT leadership and staff identify the impact of downtime first to create a version that you can then validate with relevant business owners. As you work through the BIA as a team, have a notetaker record assumptions you make to help you explain the results and drive business engagement and feedback.

    Some common assumptions:

    • You can’t schedule a disaster, so Info-Tech suggests you assume the worst possible timing for downtime. Base the impact of downtime on the worst day for a disaster (e.g. year-end close, payroll run).
    • Record assumptions made about who and what are impacted by system downtime.
    • Record assumptions made about impact severity.
    • If you deviate from the scoring scale, or if a particular impact doesn’t fit well into the defined scoring scale, document the exception.

    Screenshot of Info-Tech's DRP BIA Scoring Context Example

    Use Info-Tech’s DRP BIA Scoring Context Example as a note-taking template.

    Info-Tech Insight

    You can’t build a perfect scoring scale. It’s fine to make reasonable assumptions based on your judgment and knowledge of the business. Just write down your assumptions. If you don’t write them down, you’ll forget how you arrived at that conclusion.

    Assign a criticality rating based on total direct and indirect costs of downtime

    2(e) DRP Business Impact Analysis Tool – Assign criticality tiers

    Once you’ve finished estimating the impact of downtime, use the following rough guideline to create an initial sort of applications into Tiers 1, 2, and 3.

    1. In general, sort applications based on the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic for a quick sort: assign a Tier 1 rating where scores are 50% or more of the highest total score, Tier 2 where scores are between 25% and 50%, and Tier 3 where scores are below 25%. Some organizations will also include a Tier 0 for the highest-scoring systems.
      • Then review and validate these scores and assignments.
    2. Next, consider the Total Cost of Downtime.
      • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the impact scores on tab 3.
      • Decide if the total cost impact justifies increasing the criticality rating (e.g. from Tier 2 to Tier 1 due to high cost impact).
    3. Review the assigned impact scores and tiers to check that they’re in alignment. If you need to make an exception, document why. Keep exceptions to a minimum.

    Example: Highest total score is 12

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Step 2.3: Determine Acceptable RTO/RPO Targets

    This step will walk you through the following activities:

    • Review the “Debate Space” approach to setting RTO and RPO (recovery targets).
    • Set preliminary RTOs and RPOs by criticality tier.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Align recovery targets with the business impact of downtime and data loss.

    Use the “Debate Space” approach to align RTOs and RPOs with the impact of downtime

    The business must validate acceptable and appropriate RTOs and RPOs, but IT can use the guidelines below to set an initial estimate.

    Right-size recovery.

    A shorter RTO typically requires higher investment. If a short period of downtime has minimal impact, setting a low RTO may not be justifiable. As downtime continues, impact begins to increase exponentially to a point where downtime is intolerable – an acceptable RTO must be shorter than this. Apply the same thinking to RPOs – how much data loss is unnoticeable? How much is intolerable?

    A diagram to show the debate space in relation to RTOs and RPOs

    The “Debate Space” is between minimal impact and maximum tolerance for downtime.

    Estimate appropriate, acceptable RTOs and RPOs for each tier

    2(f) Set recovery targets

    Estimated Time: 30 minutes

    RTO and RPO tiers simplify management by setting similar recovery goals for systems and applications with similar criticality.

    Use the “Debate Space” approach to set appropriate and acceptable targets.

    1. For RTO, establish a recovery time range that is appropriate based on impact.
      • Overall, the RTO tiers might be 0-4 hours for gold, 4-24 hours for silver, and 24-48 hours for bronze.
    2. RPOs reflect target data protection measures.
      • Identify the lowest RPO within a tier and make that the standard.
      • For example, RPO for gold data might be five minutes, silver might be four hours, and bronze might be one day.
      • Use this as a guideline. RPO doesn’t always align perfectly with RTO tiers.
    3. Review RTOs and RPOs and make sure they accurately reflect criticality.

    Info-Tech Insight

    In general, the more critical the system, the shorter the RPO. But that’s not always the case. For example, a service bus might be Tier 1, but if it doesn’t store any data, RPO might be longer than other Tier 1 systems. Some systems may have a different RPO than most other systems in that tier. As long as the targets are acceptable to the business and appropriate given the impact, that’s okay.

    Add recovery targets to the DRP Business Impact Analysis Tool

    2(g) DRP Business Impact Analysis Tool – Document recovery objectives

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Document recovery objectives

    Stories from the field: Info-Tech clients find value in Phase 2 in the following ways

    Most organizations discover something new about key applications, or the way stakeholders use them, when they work through the BIA and review the results with stakeholders. For example:

    Why complete a BIA? There could be a million reasons

    • A global manufacturer completed the DRP BIA exercise. When email went down, Service Desk phones lit up until it was resolved. That grief led to a high availability implementation for email. However, the BIA illustrated that ERP downtime was far more impactful.
    • ERP downtime would stop production lines, delay customer orders, and ultimately cost the business a million dollars a day.
    • The BIA results clearly showed that the ERP needed to be prioritized higher, and required business support for investment.

    Move from airing grievances to making informed decisions

    The DRP Business Impact Analysis Tool helped structure stakeholder consultations on DR requirements for a large university IT department. Past consultations had become an airing of grievances. Using objective impact scores helped stakeholders stay focused and make informed decisions around appropriate RTOs and RPOs.

    Phase 2: Insights and accomplishments

    Screenshots of the tools and templates from this phase.

    Estimated the business impact of downtime

    Screenshot of a tools from this phase

    Set recovery targets

    Summary of Accomplishments

    • Created a scoring scale tied to different categories of business impact.
    • Applied the scoring scale to estimate the business impact of system downtime.
    • Identified appropriate, acceptable RTOs and RPOs.

    Up Next:Conduct a tabletop planning exercise to establish current recovery capabilities

    Create a Right-Sized Disaster Recovery Plan

    Phase 3

    Identify and Address Gaps in the Recovery Workflow

    Step 3.1: Determine Current Recovery Workflow

    This step will walk you through the following activities:

    • Run a tabletop exercise.
    • Outline the steps for the initial response (notification, assessment, disaster declaration) and systems recovery (i.e. document your recovery workflow).
    • Identify any gaps and risks in your initial response and systems recovery.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs (for systems in scope)
    • Application SMEs (for systems in scope)

    Results and Insights

    • Use a repeatable practical exercise to outline and document the steps you would use to recover systems in the event of a disaster, as well as identify gaps and risks to address.
    • This is also a knowledge-sharing opportunity for your team, and a practical means to get their insights, suggestions, and recovery knowledge down on paper.

    Tabletop planning: an effective way to test and document your recovery workflow

    In a tabletop planning exercise, the DRP team walks through a disaster scenario to map out what should happen at each stage, and effectively defines a high-level incident response plan (i.e. recovery workflow).

    Tabletop planning had the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    A bar graph is displayed that shows that tabletop planning has the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    *Note: Relative importance indicates the contribution an individual testing methodology, conducted at least annually, had on predicting success meeting recovery objectives, when controlling for all other types of tests in a regression model. The relative-importance values have been standardized to sum to 100%.

    Success was based on the following items:

    • RTOs are consistently met.
    • IT has confidence in the ongoing ability to meet RTOs.
    • RPOs are consistently met.
    • IT has confidence in the ongoing ability to meet RPOs.

    Why is tabletop planning so effective?

    • It enables you to play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It easily translates into the backbone of your recovery documentation, as it allows you to review all aspects of your recovery plan.

    Focus first on IT DR

    Your DRP is IT contingency planning. It is not crisis management or BCP.

    The goal is to define a plan to restore applications and systems following a disruption. For your first tabletop exercise, Info-Tech recommends you use a non-life-threatening scenario that requires at least a temporary relocation of your data center (i.e. failing over to a DR site/environment). Assume a gas leak or burst water pipe renders the data center inaccessible. Power is shut off and IT must failover systems to another location. Once you create the master procedure, review the plan to ensure it addresses other scenarios.

    Info-Tech Insight

    When systems fail, you are faced with two high-level options: failover or recover in place. If you document the plan to failover systems to another location, you’ll have documented the core of your DR procedures. This differs from traditional scenario planning where you define separate plans for different what-if scenarios. The goal is one plan that can be adapted to different scenarios, which reduces the effort to build and maintain your DRP.

    Conduct a tabletop planning exercise to outline DR procedures in your current environment

    3(a) Tabletop planning

    Estimated Time: 2-3 hours

    For each high-level recovery step, do the following:

    1. On white cue cards:
      • Record the step.
      • Indicate the task owner (if required for clarity).
      • Note time required to complete the step. After the exercise, use this to build a running recovery time where 00:00 is when the incident occurred.
    2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).
    An example is shown on what can be done during step 3(a). Three cue cards are showing in white, yellow, and red.

    Do:

    • Review the complete workflow from notification all the way to user acceptance testing.
    • Keep focused; stay on task and on time.
    • Revisit each step and record gaps and risks (and known solutions, but don’t dwell on this).
    • Revise and improve the plan with task owners.

    Don't:

    • Get weighed down by tools.
    • Document the details right away – stick to the high-level plan for the first exercise.
    • Try to find solutions to every gap/risk as you go. Save in-depth research/discussion for later.

    Flowchart the current-state incident response plan (i.e. document the recovery workflow)

    3(b) DRP Recovery Workflow Template and Case Study: Practical, Right-Sized DRP

    Why use flowcharts?

    • Flowcharts provide an at-a-glance view, ideal for disaster scenarios where pressure is high and quick upward communication is necessary.
    • For experienced staff, a high-level reminder of key steps is sufficient.

    Use the completed tabletop planning exercise results to build this workflow.

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director, IT Operations, Healthcare Industry

    Source: Info-Tech Research Group Interview

    Screenshot of Info-Tech's DRP Recovery Workflow Template

    For a formatted template you can use to capture your plan, see Info-Tech’s DRP Recovery Workflow Template.

    For a completed example of tabletop planning results, review Info-Tech’s Case Study: Practical, Right-Sized DRP.

    Identify RPA

    What’s my RPA? Consider the following case:

    • Once a week, a full backup is taken of the complete ERP system and is transferred over the WAN to a secondary site 250 miles away, where it is stored on disk.
    • Overnight, an incremental backup is taken of the day’s changes, and is transferred to the same secondary site, and also stored on disk.
    • During office hours, the SAN takes a snapshot of changes which are kept on local storage (information on the accounting system usually only changes during office hours).
    • So what’s the RPA? One hour (snapshots), one day (incrementals), or one week (full backups)?

    When identifying RPA, remember the following:

    You are planning for a disaster scenario, where on-site systems may be inaccessible and any copies of data taken during the disaster may fail, be corrupt, or never make it out of the data center (e.g. if the network fails before the backup file ships). In the scenario above, it seems likely that off-site incremental backups could be restored, leading to a 24-hour RPA. However, if there were serious concerns about the reliability of the daily incrementals, the RPA could arguably be based on the weekly full backups.

    Info-Tech Best Practice

    The RPA is a commitment to the maximum data you would lose in a DR scenario with current capabilities (people, process, and technology). Pick a number you can likely achieve. List any situations where you couldn’t meet this RPA, and identify those for a risk tolerance discussion. In the example above, complete loss of the primary SAN would also mean losing the snapshots, so the last good copy of the data could be up to 24-hours old.

    Add recovery actuals (RTA/RPA) to your copy of the BIA

    3(c) DRP Business Impact Analysis Tool– Recovery actuals

    On the “Impact Analysis” tab in the DRP Business Impact Analysis Tool, enter the estimated maximum downtime and data loss in the RTA and RPA columns.

    1. Estimate the RTA based on the required time for complete recovery. Review your recovery workflow to identify this timeline. For example, if the notification, assessment, and declaration process takes two hours, and systems recovery requires most of a day, the estimated RTA could be 24 hours.
    2. Estimate the RPA based on the longest interval between copies of the data being shipped offsite. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and estimated RPA could be 24 hours. Note: Enter 9999 to indicate that data is unrecoverable.

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Recovery actuals

    Info-Tech Best Practice

    It’s okay to round numbers to the nearest shift, day, or week for simplicity (e.g. 24 hours rather than 22.5 hours, or 8 hours rather than 7.25 hours).

    Test the recovery workflow against additional scenarios

    3(d) Workflow review

    Estimated Time: 1 hour

    Review your recovery workflow with a different scenario in mind.

    • Work from and update the soft copy of your recovery workflow.
    • Would any steps be different if the scenario changes? If yes, capture the different flow with a decision diamond. Identify any new gaps or risks you encounter with red and yellow cards. Use as few decision diamonds as possible.

    Screenshot of testing the workflow against the additional scenarios

    Info-Tech Best Practice

    As you start to consider scenarios where injuries or loss of life are a possibility, remember that health and safety risks are the top priority in a crisis. If there’s a fire in the data center, evacuating the building is the first priority, even if that means foregoing a graceful shut down. For more details on emergency response and crisis management, see Implement Crisis Management Best Practices.

    Consider additional IT disaster scenarios

    3(e) Thought experiment – Review additional scenarios

    Walk through your recovery workflow in the context of additional, different scenarios to ensure there are no gaps. Collaborate with your DR team to identify changes that might be required, and incorporate these changes in the plan.

    Scenario Type Considerations
    Isolated hardware/software failure
    • Failover to the DR site may not be necessary (or only for affected systems).
    Power outage or network outage
    • Do you have standby power? Do you have network redundancy?
    Local hazard (e.g. chemical leak, police incident)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually.
    • An alternate site is required for service continuity.
    Equipment/building damage (e.g. fire, roof collapse)
    • Staff injuries or loss of life are a possibility.
    • Equipment may need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity.
    Regional natural disasters
    • Staff injuries or loss of life are a possibility.
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site may be required for service continuity.

    Step 3.2: Identify and Prioritize Projects to Close Gaps

    This step will walk you through the following activities:

    • Analyze the gaps that were identified from the maturity scorecard, tabletop planning exercise, and the RTO/RPO gaps analysis.
    • Brainstorm solutions to close gaps and mitigate risks.
    • Determine a course of action to close these gaps. Prioritize each project. Create a project implementation timeline.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs

    Results and Insights

    • Prioritized list of projects and action items that can improve DR capabilities.
    • Often low-cost, low-effort quick wins are identified to mitigate at least some gaps/risks. Higher-cost, higher-effort projects can be part of a longer-term IT strategy. Improving service continuity is an ongoing commitment.

    Brainstorm solutions to address gaps and risk

    3(f) Solutioning

    Estimated Time: 1.5 hours

    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip-chart paper. The solutions can range from quick-wins and action items to major capital investments.
    3. Try to avoid debates about feasibility at this point – that should happen later. The goal is to get all ideas on the board.

    An example of how to complete Activity 3(f). Three cue cards showing various steps are attached by arrows to steps on a whiteboard.

    Info-Tech Best Practice

    It’s about finding ways to solve the problem, not about solving the problem. When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution; other ideas can expand on and improve that first idea.

    Select an optimal DR deployment model from a world of choice

    There are many options for a DR deployment. What makes sense for you?

    • Sifting through the options for a DR site can be overwhelming. Simplify by eliminating deployment models that aren’t a good fit for your requirements or organization using Info-Tech’s research.
    • Someone will ask you about DR in the cloud. Cut to the chase and evaluate cloud for fit with your organization’s current capabilities and requirements. Read about the 10 Secrets for Successful DR in the Cloud.
    • Selecting and deploying a DR site is an exercise in risk mitigation. IT’s role is to advise the business on options to address the risk of not having a DR site, including cost and effort estimates. The business must then decide how to manage risk. Build total cost of ownership (TCO) estimates and evaluate possible challenges and risks for each option.

    Is it practical to invest in greater geo-redundancy that meets RTOs and RPOs during a widespread event?

    Info-Tech suggests you consider events that impact both sites, and your risk tolerance for that impact. Outline the impact of downtime at a high level if both the primary and secondary site were affected. Research how often events severe enough to have impacted both your primary and secondary sites have occurred in the past. What’s the business tolerance for this type of event?

    A common strategy: have a primary and DR site that are close enough to support low RPO/RTO, but far enough away to mitigate the impact of known regional events. Back up data to a remote third location as protection against a catastrophic event.

    Info-Tech Insight

    Approach site selection as a project. Leverage Select an Optimal Disaster Recovery Deployment Model to structure your own site-selection project.

    Set up the DRP Roadmap Tool

    3(g) DRP Roadmap Tool – Set up tool

    Use the DRP Roadmap Tool to create a high-level roadmap to plan and communicate DR action items and initiatives. Determine the data you’ll use to define roadmap items.

    Screenshot of Info-Tech's DRP Roadmap Tool

    Plan next steps by estimating timeline, effort, priority, and more

    3(h) DRP Roadmap Tool – Describe roadmap items

    A screenshot of Info-Tech's DRP Roadmap Tool to show how to describe roadmap items

    Review and communicate the DRP Roadmap Tool

    3(i) DRP Roadmap Tool – View roadmap chart

    A screenshot of Info-Tech's DRP Roadmap Tool's Roadmap tab

    Step 3.3: Review the Future State Recovery Process

    This step will walk you through the following activities:

    • Update the recovery workflow to outline your future recovery procedure.
    • Summarize findings from DR exercises and present the results to the project sponsor and other interested executives.

    This step involves the following participants:

    • DRP Coordinator
    • IT SMEs (Future State Recovery Flow)
    • DR Project Sponsor

    Results and Insights

    • Summarize results from DR planning exercises to make the case for needed DR investment.

    Outline your future state recovery flow

    3(j) Update the recovery workflow to outline response and recovery in the future

    Estimated Time: 30 minutes

    Outline your expected future state recovery flow to demonstrate improvements once projects and action items have been completed.

    1. Create a copy of your DRP recovery workflow in a new tab in Visio.
    2. Delete gap and risk cards that are addressed by proposed projects. Consolidate or eliminate steps that would be simplified or streamlined in the future if projects are implemented.
    3. Create a short-, medium-, and long-term review of changes to illustrate improvements over time to the project roadmap.
    4. Update this workflow as you implement and improve DR capabilities.

    Screenshot of the recovery workflow

    Validate recovery targets and communicate actual recovery capabilities

    3(k) Validate findings, present recommendations, secure budget

    Estimated Time: time required will vary

    1. Interview managers or process owners to validate RTO, RPO, and business impact scores.Use your assessment of “heavy users” of particular applications (picture at right) to remind you which business users you should include in the interview process.
    2. Present an overview of your findings to the management team.Use Info-Tech’s DRP Recap and Results Template to summarize your findings.
    3. Take projects into the budget process.With the management team aware of the rationale for investment in DRP, build the business case and secure budget where needed.

    Present DRP findings and make the case for needed investment

    3(I) DRP Recap and Results Template

    Create a communication deck to recap key findings for stakeholders.

    • Write a clear problem statement. Identify why you did this project (what problem you’re solving).
    • Clearly state key findings, insights, and recommendations.
    • Leverage the completed tools and templates to populate the deck. Callouts throughout the template presentation will direct you to take and populate screenshots throughout the document.
    • Use the presentation to communicate key findings to, and gather feedback from, business unit managers, executives, and IT staff.
    Screenshots of Info-Tech's DRP Recap and Results Template

    Stories from the field: Info-Tech clients find value in Phase 3 in the following ways

    Tabletop planning is an effective way to discover gaps in recovery capabilities. Identify issues in the tabletop exercise so you can manage them before disaster strikes. For example:

    Back up a second…

    A client started to back up application data offsite. To minimize data transfer and storage costs, the systems themselves weren’t backed up. Working through the restore process at the DR site, the DBA realized 30 years of COBOL and SQR code – critical business functionality – wasn’t backed up offsite.

    Net… work?

    A 500-employee professional services firm realized its internet connection could be a significant roadblock to recovery. Without internet, no one at head office could access critical cloud systems. The tabletop exercise identified this recovery bottleneck and helped prioritize the fix on the roadmap.

    Someone call a doctor!

    Hospitals rely on their phone systems for system downtime procedures. A tabletop exercise with a hospital client highlighted that if the data center were damaged, the phone system would likely be damaged as well. Identifying this provided more urgency to the ongoing VOIP migration.

    The test of time

    A small municipality relied on a local MSP to perform systems restore, but realized it had never tested the restore procedure to identify RTA. Contacting the MSP to review capabilities became a roadmap item to address this risk.

    Phase 3: Insights and accomplishments

    Screenshot of Info-Tech's DRP recovery workflow template

    Outlined the DRP response and risks to recovery

    Screenshots of activities completed related to brainstorming risk mitigation measures.

    Brainstormed risk mitigation measures

    Summary of Accomplishments

    • Planned and documented your DR incident response and systems recovery workflow.
    • Identified gaps and risks to recovery and incident management.
    • Brainstormed and identified projects and action items to mitigate risks and close gaps.

    Up Next: Leverage the core deliverables to complete, extend, and maintain your DRP

    Create a Right-Sized Disaster Recovery Plan

    Phase 4

    Complete, Extend, and Maintain Your DRP

    Phase 4: Complete, Extend, and Maintain Your DRP

    This phase will walk you through the following activities:

    • Identify progress made on your DRP by reassessing your DRP maturity.
    • Prioritize the highest value major initiatives to complete, extend, and maintain your DRP.

    This phase involves the following participants:

    • DRP Coordinator
    • Executive Sponsor

    Results and Insights

    • Communicate the value of your DRP by demonstrating progress against items in the DRP Maturity Scorecard.
    • Identify and prioritize future major initiatives to support the DRP, and the larger BCP.

    Celebrate accomplishments, plan for the future

    Congratulations! You’ve completed the core DRP deliverables and made the case for investment in DR capabilities. Take a moment to celebrate your accomplishments.

    This milestone is an opportunity to look back and look forward.

    • Look back: measure your progress since you started to build your DRP. Revisit the assessments completed in phase 1, and assess the change in your overall DRP maturity.
    • Look forward: prioritize future initiatives to complete, extend, and maintain your DRP. Prioritize initiatives that are the highest impact for the least requirement of effort and resources.

    We have completed the core DRP methodology for key systems:

    • BIA, recovery objectives, high-level recovery workflow, and recovery actuals.
    • Identify key tasks to meet recovery objectives.

    What could we do next?

    • Repeat the core methodology for additional systems.
    • Identify a DR site to meet recovery requirements, and review vendor DR capabilities.
    • Create a summary DRP document including requirements, capabilities, and change procedures.
    • Create a test plan and detailed recovery documentation.
    • Coordinate the creation of BCPs.
    • Integrate DR in other key operational processes.

    Revisit the DRP Maturity Scorecard to measure progress and identify remaining areas to improve

    4(a) DRP Maturity Scorecard – Reassess your DRP program maturity

    1. Find the copy of the DRP Maturity Scorecard you completed previously. Save a second copy of the completed scorecard in the same folder.
    2. Update scoring where you have improved your DRP documentation or capabilities.
    3. Review the new scores on tab 3. Compare the new scores to the original scores.

    Screenshot of DRP Maturity Assessment Results

    Info-Tech Best Practice

    Use the completed, updated DRP Maturity Scorecard to demonstrate the value of your continuity program, and to help you decide where to focus next.

    Prioritize major initiatives to complete, extend, and maintain the DRP

    4(b) Prioritize major initiatives

    Estimated Time: 2 hours

    Prioritize major initiatives that mitigate significant risk with the least cost and effort.

    1. Use the scoring criteria below to evaluate risk, effort, and cost for potential initiatives. Modify the criteria if required for your organization. Write this out on a whiteboard or flip-chart paper.
    2. Assign a score from 1 to 3. Multiply the scores for each initiative together for an aggregate score. In general, prioritize initiatives with higher scores.
    Score A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative?
    3: High Critical impact on +50% of stakeholders, or major impact to compliance posture, or significant health/safety risk. One sprint, can be completed by a few individuals with minor supervision. Within the IT discretionary budget.
    2: Medium Impacts <50% of stakeholders, or minor impact on compliance, or degradation to health or safety controls. One quarter, and/or some increased effort required, some risk to completion. Requires budget approval from finance.
    1: Low Impacts limited to <25% of stakeholders, no impact on compliance posture or health/safety. One year, and/or major vendor or organizational challenges. Requires budget approval from the board of directors.

    Info-Tech Best Practice

    You can use a similar scoring exercise to prioritize and schedule high-benefit, low-effort, low-cost items identified in the roadmap in phase 3.

    Example: Prioritize major initiatives

    4(b) Prioritize major initiatives continued

    Write out the table on a whiteboard (record the results in a spreadsheet for reference). In the case below, IT might decide to work on repeating the core methodology first as they create the active testing plans, and tackle process changes later.

    Initiative A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative? Aggregate score (A x B x C)
    Repeat the core methodology for all systems 2 – will impact some stakeholders, no compliance or safety impact. 2 – will require about 3 months, no significant complications. 3 – No cost. 12
    Add DR to project mgmt. and change mgmt. 1 – Mitigates some recovery risks over the long term. 1 – Requires extensive consultation and process review. 3 – No cost. 3
    Active failover testing on plan 2 – Mitigates some risks; documentation and cross training is already in place. 2 – Requires 3-4 months of occasional effort to prepare for test. 2 – May need to purchase some equipment before testing. 8

    Info-Tech Best Practice

    Find a pace that allows you to keep momentum going, but also leaves enough time to act on the initial findings, projects, and action items identified in the DRP Roadmap Tool. Include these initiatives in the Roadmap tool to visualize how identified initiatives fit with other tasks identified to improve your recovery capabilities.

    Repeat the core DR methodology for additional systems and applications


    You have created a DR plan for your most critical systems. Now, add the rest:

    • Build on the work you’ve already done. Re-use the BIA scoring scale. Update your existing recovery workflows, rather than creating and formatting an entirely new document. A number of steps in the recovery will be shared with, or similar to, the recovery procedures for your Tier 1 systems.

    Risks and Challenges Mitigated

    • DR requirements and capabilities for less-critical systems have not been evaluated.
    • Gaps in the recovery process for less critical systems have not been evaluated or addressed.
    • DR capabilities for less critical systems may not meet business requirements.
    Sample Outputs
    Add Tier 2 & 3 systems to the BIA.
    Complete another tabletop exercise for Tier 2 & 3 systems recovery, and add the results to the recovery workflow.
    Identify projects to close additional gaps in the recovery process. Add projects to the project roadmap.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Extend your core DRP deliverables

    You’ve completed the core DRP deliverables. Continue to create DRP documentation to support recovery procedures and governance processes:

    • DR documentation efforts fail when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s long, hard to maintain, and ends up as shelfware.
    • Create documentation in layers to keep it manageable. Build supporting documentation over time to support your high-level recovery workflow.

    Risks and Challenges Mitigated

    • Key contact information, escalation, and disaster declaration responsibilities are not identified or formalized.
    • DRP requirements and capabilities aren’t centralized. Key DRP findings are in multiple documents, complicating governance and oversight by auditors, executives, and board members.
    • Detailed recovery procedures and peripheral information (e.g. network diagrams) are not documented.
    Sample Outputs
    Three to five detailed systems recovery flowcharts/checklists.
    Documented team roles, succession plans, and contact information.
    Notification, assessment, and disaster declaration plan.
    DRP summary.
    Layer 1, 2 & 3 network diagrams.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Select an optimal DR deployment model and deployment site

    Your DR site has been identified as inadequate:

    • Begin with the end in mind. Commit to mastering the selected model and leverage your vendor relationship for effective DR.
    • Cut to the chase and evaluate the feasibility of cloud first. Gauge your organization’s current capabilities for DR in the cloud before becoming infatuated with the idea.
    • A mixed model gives you the best of both worlds. Diversify your strategy by identifying fit for purpose and balancing the work required to maintain various models.

    Risks and Challenges Mitigated

    • Without an identified DR site, you’ll be scrambling when a disaster hits to find and contract for a location to restore IT services.
    • Without systems and application data backed up offsite, you stand to lose critical business data and logic if all copies of the data at your primary site were lost.
    Sample Outputs
    Application assessment for cloud DR.
    TCO tool for different environments.
    Solution decision and executive presentation.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Select the Optimal Disaster Recovery Deployment Model, to help you make sense of a world of choice for your DR site.

    Extend DRP findings to business process resiliency with a BCP pilot

    Integrate your findings from DRP into the overall BCP:

    • As an IT leader you have the skillset and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes and requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces.

    Risks and Challenges Mitigated

    • No formal plan exists to recover from a disruption to critical business processes.
    • Business requirements for IT systems recovery may change following a comprehensive review of business continuity requirements.
    • Outside of core systems recovery, IT could be involved in relocating staff, imaging and issuing new end-user equipment, etc. Identifying these requirements is part of BCP.
    Sample Outputs
    Business process-focused BIA for one business unit.
    Recovery workflows for one business unit.
    Provisioning list for one business unit.
    BCP project roadmap.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Develop a Business Continuity Plan, to develop and deploy a repeatable BCP methodology.

    Test the plan to validate capabilities and cross-train staff on recovery procedures

    You don’t have a program to regularly test the DR plan:

    • Most DR tests are focused solely on the technology and not the DR management process – which is where most plans fail.
    • Be proactive – establish an annual test cycle and identify and coordinate resources well in advance.
    • Update DRP documentation with findings from the plan, and track the changes you make over time.

    Risks and Challenges Mitigated

    • Gaps likely still exist in the plan that are hard to find without some form of testing.
    • Customers and auditors may ask for some form of DR testing.
    • Staff may not be familiar with DR documentation or how they can use it.
    • No formal cycle to validate and update the DRP.
    Sample Outputs
    DR testing readiness assessment.
    Testing handbooks.
    Test plan summary template.
    DR test issue log and analysis tool.

    Info-Tech Best Practice

    Uncover deficiencies in your recovery procedures by using Info-Tech’s blueprint Reduce Costly Downtime Through DR Testing.

    “Operationalize” DRP management

    Inject DR planning in key operational processes to support plan maintenance:

    • Major changes, or multiple routine changes, can materially alter DR capabilities and requirements. It’s not feasible to update the DR plan after every routine change, so leverage criticality tiers in the BIA to focus your change management efforts. Critical systems require more rigorous change procedures.
    • Likewise, you can build criticality tiers into more focused project management and performance measurement processes.
    • Schedule regular tasks in your ticketing system to verify capabilities and cross-train staff on key recovery procedures (e.g. backup and restore).

    Risks and Challenges Mitigated

    • DRP is not updated “as needed” – as requirements and capabilities change due to business and technology changes.
    • The DRP is disconnected from day-to-day operations.
    Sample Outputs
    Reviewed and updated change, project, and performance management processes.
    Reviewed and updated internal SLAs.
    Reviewed and updated data protection and backup procedures.

    Review infrastructure service provider DR capabilities

    Insert DR planning in key operational processes to support plan maintenance:

    • Reviewing vendor DR capabilities is a core IT vendor management competency.
    • As your DR requirements change year-to-year, ensure your vendors’ service commitments still meet your DR requirements.
    • Identify changes in the vendor’s service offerings and DR capabilities, e.g. higher costs for additional DR support, new offerings to reduce potential downtime, or conversely, a degradation in DR capabilities.

    Risks and Challenges Mitigated

    • Vendor capabilities haven’t been measured against business requirements.
    • No internal capability exists currently to assess vendor ability to meet promised SLAs.
    • No internal capability exists to track vendor performance on recoverability.
    Sample Outputs
    A customized vendor DRP questionnaire.
    Reviewed vendor SLAs.
    Choose to keep or change service levels or vendor offerings based on findings.

    Phase 4: Insights and accomplishments

    Screenshot of DRP Maturity Assessment Results

    Identified progress against targets

    Screenshot of prioritized further initiatives.

    Prioritized further initiatives

    Screenshot of DRP Planning Roadmap

    Added initiatives to the roadmap

    Summary of Accomplishments

    • Developed a list of high-priority initiatives that can support the extension and maintenance of the DR plan over the long term.
    • Reviewed and update maturity assessments to establish progress and communicate the value of the DR program.

    Summary of accomplishment

    Knowledge Gained

    • Conduct a BIA to determine appropriate targets for RTOs and RPOs.
    • Identify DR projects required to close RTO/RPO gaps and mitigate risks.
    • Use tabletop planning to create and validate an incident response plan.

    Processes Optimized

    • Your DRP process was optimized, from BIA to documenting an incident response plan.
    • Your vendor evaluation process was optimized to identify and assess a vendor’s ability to meet your DR requirements, and to repeat this evaluation on an annual basis.

    Deliverables Completed

    • DRP Maturity Scorecard
    • DRP Business Impact Analysis Tool
    • DRP Roadmap Tool
    • Incident response plan and systems recovery workflow
    • Executive presentation

    Info-Tech’s insights bust the most obstinate myths of DRP

    Myth #1: DRPs need to focus on major events such as natural disasters and other highly destructive incidents such as fire and flood.

    Reality: The most common threats to service continuity are hardware and software failures, network outages, and power outages.

    Myth #2: Effective DRPs start with identifying and evaluating potential risks.

    Reality: DR isn’t about identifying risks; it’s about ensuring service continuity.

    Myth #3: DRPs are separate from day-to-day operations and incident management.

    Reality: DR must be integrated with service management to ensure service continuity.

    Myth #4: I use a co-lo or cloud services so I don’t have to worry about DR. That’s my vendor’s responsibility.

    Reality: You can’t outsource accountability. You can’t just assume your vendor’s DR capabilities will meet your needs.

    Myth #5: A DRP must include every detail so anyone can execute the recovery.

    Reality: IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

    Supplement the core documentation with these tools and templates

    • An Excel workbook workbook to track key roles on DR, business continuity, and emergency response teams. Can also track DR documentation location and any hardware purchases required for DR.
    • A questionnaire template and a response tracking tool to structure your investigation of vendor DR capabilities.
    • Integrate escalation with your DR plan by defining incident severity and escalation rules . Use this example as a template or integrate ideas into your own severity definitions and escalation rules in your incident management procedures.
    • A minute-by-minute time-tracking tool to capture progress in a DR or testing scenario. Monitor progress against objectives in real time as recovery tasks are started and completed.

    Next steps: Related Info-Tech research

    Select the Optimal Disaster Recovery Deployment Model Evaluate cloud, co-lo, and on-premises disaster recovery deployment models.

    Develop a Business Continuity Plan Streamline the traditional approach to make BCP development manageable and repeatable.

    Prepare for a DRP Audit Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Document and Maintain Your Disaster Recovery Plan Put your DRP on a diet: keep it fit, trim, and ready for action.

    Reduce Costly Downtime Through DR Testing Improve your DR plan and your team’s ability to execute on it.

    Implement Crisis Management Best Practices An effective crisis response minimizes the impact of a crisis on reputation, profitability, and continuity.

    Research contributors and experts

    • Alan Byrum, Director of Business Continuity, Intellitech
    • Bernard Jones (MBCI, CBCP, CORP, ITILv3), Owner/Principal, B Jones BCP Consulting, LLC
    • Paul Beaudry, Assistant Vice-President, Technical Services, MIS, Richardson International Limited
    • Yogi Schulz, President, Corvelle Consulting

    Glossary

    • Business Continuity Management (BCM) Program: Ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management. (Source: ISO 22301:2012)
    • Business Continuity Plan (BCP): Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. The BCP is not necessarily one document, but a collection of procedures and information.
    • Crisis: A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action. (Source: ISO 22300)
    • Crisis Management Team (CMT): A group of individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision makers trained in incident management and prepared to respond to any situation.
    • Disaster Recovery Planning (DRP): The activities associated with the continuing availability and restoration of the IT infrastructure.
    • Incident: An event that has the capacity to lead to loss of, or a disruption to, an organization’s operations, services, or functions – which, if not managed, can escalate into an emergency, crisis, or disaster.
    • BCI Editor’s Note: In most countries “incident” and “crisis” are used interchangeably, but in the UK the term “crisis” has been generally reserved for dealing with wide-area incidents involving Emergency Services. The BCI prefers the use of “incident” for normal BCM purposes. (Source: The Business Continuity Institute)

    • Incident Management Plan: A clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services, and actions needed to implement the incident management process.
    • IT Disaster: A service interruption requiring IT to rebuild a service, restore from backups, or activate redundancy at the backup site.
    • Recovery Point: Time elapsed between the last good copy of the data being taken and failure/corruption on the production environment; think of this as data loss.
    • Recovery Point Actual (RPA): The currently achievable recovery point after a disaster event, given existing people, processes, and technology. This reflects expected maximum data loss that could actually occur in a disaster scenario.
    • Recovery Point Objective (RPO): The target recovery point after a disaster event, usually calculated in hours, on a given system, application, or service. Think of this as acceptable and appropriate data loss. RPO should be based on a business impact analysis (BIA) to identify an acceptable and appropriate recovery target.
    • Recovery Time: Time required to restore a system, application, or service to a functional state; think of this as downtime.
    • Recovery Time Actual (RTA): The currently achievable recovery time after a disaster event, given existing people, processes, and technology. This reflects expected maximum downtime that could actually occur in a disaster scenario.
    • Recovery Time Objective (RTO): The target recovery time after a disaster event for a given system, application, or service. RTO should be based on a business impact analysis (BIA) to identify acceptable and appropriate downtime.

    Bibliography

    BCMpedia. “Recovery Objectives: RTO, RPO, and MTPD.” BCMpedia, n.d. Web.

    Burke, Stephen. “Public Cloud Pitfalls: Microsoft Azure Storage Cluster Loses Power, Puts Spotlight On Private, Hybrid Cloud Advantages.” CRN, 16 Mar. 2017. Web.

    Elliot, Stephen. “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified.” IDC, 2015. Web.

    FEMA. Planning & Templates. FEMA, 2015. Web.

    FINRA. “Business Continuity Plans and Emergency Contact Information.” FINRA, 2015. Web.

    FINRA. “FINRA, the SEC and CFTC Issue Joint Advisory on Business Continuity Planning.” FINRA, 2013. Web.

    Gosling, Mel, and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, n.d. Web.

    Homeland Security. Federal Information Security Management Act (FISMA). Homeland Security, 2015. Web.

    Nichols, Shaun. “AWS's S3 Outage Was So Bad Amazon Couldn't Get Into Its Own Dashboard to Warn the World.” The Register, 1 Mar. 2017. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup.” RSA Archer Organization, 2012. Web.

    Rothstein, Philip Jan. “Disaster Recovery Testing: Exercising Your Contingency Plan.” Rothstein Associates Inc., 2007. Web.

    The Business Continuity Institute. “The Good Practice Guidelines.” The Business Continuity Institute, 2013. Web.

    The Disaster Recovery Journal. “Disaster Resource Guide.” The Disaster Recovery Journal, 2015. Web.

    The Disaster Recovery Journal. “DR Rules & Regulations.” The Disaster Recovery Journal, 2015. Web.

    The Federal Financial Institution Examination Council (FFIEC). Business Continuity Planning. IT Examination Handbook InfoBase, 2015. Web.

    York, Kyle. “Read Dyn’s Statement on the 10/21/2016 DNS DDoS Attack.” Oracle, 22 Oct. 2016. Web.

    Cyber Resilience Report 2018

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    "The cyber threat landscape today is highly complex and rapidly changing. Cyber security incidents can have several impacts on organizations and society, both on a physical and non-physical level. Through the use of a computer, criminals can indeed cause IT outages, supply chain disruptions and other physical security incidents"

    -- excerpt from the foreword of the BCI Cyber resilience report 2018 by David Thorp, Executive Director, BCI

    There are a number of things you can do to protect yourself. And they range, as usual, from the fairly simple to the more elaborate and esoteric. Most companies can, with some common sense, if not close the door on most of these issues, at least prepare themselves to limit the consequences.

    Register to read more …

    Build Your IT Cost Optimization Roadmap

    • Buy Link or Shortcode: {j2store}72|cart{/j2store}
    • member rating overall impact (scale of 10): 8.9/10 Overall Impact
    • member rating average dollars saved: $57,297 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Cost optimization is misunderstood and inadequately tackled. IT departments face:

    • Top-down budget cuts within a narrow time frame
    • Absence of adequate governance: financial, project, data, etc.
    • Long-standing bureaucratic practices slowing down progress
    • Short-term thinking

    Our Advice

    Critical Insight

    Cost optimization is not just about reducing costs. In fact, you should aim to achieve three objectives:

    • Reduce your unwarranted IT spending.
    • Optimize your cost-to-value.
    • Sustain your cost optimization.

    Impact and Result

    • Follow Info-Tech’s approach to develop a 12-month cost optimization roadmap.
    • Develop an IT cost optimization strategy based on your specific circumstances and timeline.
    • Info-Tech’s methodology helps you maintain sustainable cost optimization across IT by focusing on four levers: assets, vendors, project portfolio, and workforce.

    Build Your IT Cost Optimization Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IT Cost Optimization Roadmap Deck – A step-by-step methodology to achieve sustainable cost optimization and effectively communicate your strategy to stakeholders.

    This blueprint will help you understand your IT cost optimization mandate, identify your journey, assess your IT spend across four levers, develop your IT cost optimization roadmap, and craft a related communication strategy.

    • Build Your IT Cost Optimization Roadmap – Phases 1-4

    2. IT Cost Optimization Workbook – A structured tool to help you document your IT cost optimization goals and outline related initiatives to develop an effective 12-month roadmap.

    This tool guides an IT department in planning and prioritization activities to build an effective IT cost optimization strategy. The outputs include visual charts and a 12-month roadmap to showcase the implementation timelines and potential cost savings.

    • IT Cost Optimization Workbook

    3. IT Cost Optimization Roadmap Samples and Templates – A proactive journey template to help you communicate your IT cost optimization strategy to stakeholders in a clear, concise, and compelling manner.

    This presentation template uses sample data from "Acme Corp" to demonstrate an IT cost optimization strategy following a proactive journey. Use this template to document your final IT cost optimization strategy outputs, including the adopted journey, IT cost optimization goals, related key initiatives, potential cost savings, timelines, and 12-month roadmap.

    • IT Cost Optimization Roadmap Samples and Templates

    Infographic

    Workshop: Build Your IT Cost Optimization Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Mandate & Objectives

    The Purpose

    Determine your organization’s current context and its cost optimization objectives, IT’s corresponding cost optimization journey, and goals.

    Key Benefits Achieved

    A business-aligned set of specific IT cost optimization goals.

    Activities

    1.1 Understand your organization’s cost optimization objectives and how this impacts IT.

    1.2 Review potential cost optimization target areas based on your ITFM Benchmarking Report.

    1.3 Identify factors constraining cost optimization options.

    1.4 Set concrete IT cost optimization goals.

    1.5 Identify inputs required for decision making.

    Outputs

    IT cost optimization journey and guiding principles for making corresponding decisions

    2 Outline Initiatives for Vendors & Assets

    The Purpose

    Create a longlist of potential cost optimization initiatives focused on two cost optimization levers: assets and vendors.

    Key Benefits Achieved

    A comprehensive list of potential asset- and vendor-focused initiatives including cost savings estimates.

    Activities

    2.1 Identify a longlist of possible initiatives around asset lifecycle management, investment deferral, repurposing, etc., and vendor contract renegotiation, cancelation, etc.

    2.2 Estimate the cost savings of cost optimization initiatives.

    Outputs

    Longlist of potential vendor management and asset optimization IT cost optimization initiatives

    3 Outline Initiatives for Projects & Workforce

    The Purpose

    Create a longlist of potential cost optimization initiatives focused on two cost optimization levers: project portfolio and workforce.

    Key Benefits Achieved

    A comprehensive list of potential initiatives focused on project portfolio and workforce including cost savings estimates.

    Activities

    3.1 Identify a longlist of possible initiatives around project priorities, project backlog reduction, project intake restructuring, etc., and workforce productivity, skills, redeployment, etc.

    3.2 Estimate the cost savings of cost optimization initiatives.

    Outputs

    Longlist of possible cost optimization initiatives and their potential cost savings for project portfolio and workforce levers.

    4 Build an IT Cost Optimization Roadmap

    The Purpose

    Develop a visual IT cost optimization roadmap.

    Key Benefits Achieved

    A prioritized, business-aligned IT cost optimization roadmap

    Activities

    4.1 Assess feasibility of each initiative (effort and risk profile) given cost optimization goals.

    4.2 Prioritize cost optimization initiatives to create a final shortlist.

    4.3 Fine-tune key information about your final cost optimization initiatives and develop a cost optimization roadmap for proposal.

    Outputs

    Prioritized list of key cost optimization initiatives, descriptions, estimated impact, and roadmap.

    5 Communicate & Execute

    The Purpose

    Develop a communication plan and executive presentation.

    Key Benefits Achieved

    A boardroom-ready set of communication materials for gaining buy-in and support for your IT cost optimization roadmap.

    Activities

    5.1 Outline components of a communication plan, including approvers, stakeholders, and governance and management mechanisms to be used.

    5.2 Create an executive presentation.

    5.3 Set up review time for workshop deliverables and post-workshop activities.

    Outputs

    IT cost optimization communication plan and presentation strategy.

    IT Cost Optimization Executive Presentation

    Further reading

    Build Your IT Cost Optimization Roadmap

    Improve cost-to-value in a sustainable manner.

    Analyst Perspective

    Optimize your cost sustainably.

    Whether the industry is in an economic downturn, or your business is facing headwinds in the market, pressure to reduce spending across organizations is inevitable. When it comes to the IT organization, it is often handled as a onetime event. Cost optimization is an industry standard term, but it usually translates into cost cutting. How do you manage this challenge given the day-to-day demands placed on IT? Do you apply cost reduction equally across the IT landscape, or do you apply reductions using a targeted approach? How do you balance the business demands regarding innovation with keeping the lights on? What is the best path forward?

    While the situation isn't unique, all too often the IT organization response is too shortsighted.

    By using the Info-Tech methodology and tools, you will be able to develop an IT cost optimization roadmap based on your specific circumstances and timeline.

    A well-thought-out strategy should help you achieve three objectives:

    1. Reduce your unwarranted IT spending.
    2. Optimize your cost-to-value.
    3. Sustain your cost optimization.

    This blueprint will guide you to understand your mandate, identify your cost optimization journey (reactive, proactive, or strategic), and assess your IT spend across four levers (assets, vendors, project portfolio, and workforce).

    Finally, keep in mind that cost optimization is not a project to be completed, but an ongoing process to be exercised.

    Bilal Alberto Saab, Research Director, IT Financial Management

    Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    Cost optimization is misunderstood and inadequately tackled Common obstacles Follow Info-Tech's approach to develop a 12-month cost optimization roadmap
    • Top-down budget cut within a narrow time frame.
    • Absence of adequate governance: financial, project, data, etc.
    • Long-standing bureaucratic practices slowing down progress.
    • Short-term thinking.
    • Lack of alignment and collaboration among stakeholders: communication and relationships.
    • Absence of a clear plan and adequate process.
    • Lack of knowledge, expertise, and skill set.
    • Inadequate funding and no financial transparency.
    • Poor change management practices.

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Info-Tech's methodology helps you maintain sustainable cost optimization across IT by focusing on four levers:

    1. Assets
    2. Vendors
    3. Project Portfolio
    4. Workforce

    Info-Tech Insight
    Cost optimization is not just about reducing costs. In fact, you should aim to achieve three objectives: (1) reduce your unwarranted IT spending, (2) optimize your cost-to-value, and (3) sustain your cost optimization.

    Your challenge

    IT leaders are often asked to cut costs.

    • Cost management is a long-term challenge. Businesses and IT departments look to have a flexible cost structure focused on maximizing business value while maintaining the ability to adapt to market pressure. However, businesses must also be able to respond to unexpected events.
    • In times of economic downturn, many CEOs and CFOs shift their thinking from growth to value protection. This can force a round of cost cutting across all departments focused on short-term, immediate, and measurable objectives.
    • Many IT departments are then faced with the challenge of meeting cost cutting targets. No one knows exactly how markets will behave, but the effects of rising inflation and increasing interest rates, for example, can manifest very quickly.

    When crisis hits, does IT's hard-won gains around being seen as a partner to the business suddenly disappear and IT becomes just a cost center all over again?

    In times of economic slowdown or downturn, the key challenge of IT leaders is to optimize costs without jeopardizing their strategic and innovative contribution.

    Common obstacles

    The 90% of the budget you keep is more important than the 10% of the budget you cut.

    • While the business responds to fluctuating economic conditions, IT must ensure that its budget remains fully aligned with business strategy and expected business value.
    • However, in the face of sudden pressures, a common tendency is to make quick decisions without fully considering their long-term implications.
    • Avoid costly mistakes with a proactive and strategic mindset. Put in place a well-communicated cost optimization strategy rather than hastily cutting back the biggest line items in your budget.

    How can IT optimize costs to achieve a corporate impact, but not cut so deep that the organization can't take advantage of opportunities to recover and thrive?

    Know how you will strategically optimize IT costs before you are forced to cut cost aggressively in a reactive fashion.

    What is cost optimization?

    It's not just about cutting costs

    • While cost optimization may involve cutting costs, it is more about making smart spend and investment decisions.
    • At its core, cost optimization is a strategic decision-making process that sets out to minimize waste and get the most value for money.
    • Cost optimization encompasses near-term, mid-term, and long-term objectives, all of which are related and build upon one another. It is an accumulative practice, not a onetime exercise.
    • A sound cost optimization practice is inherently flexible, sustainable, and consequence-oriented with the positive goal of generating net benefit for the organization over time.

    Change your mindset ...

    An Info-Tech survey of IT staff reveals that while most agree that cost optimization is an important IT process, nearly 20% fewer of them agree that it's being managed well.

    Chart of cost optimization

    Info-Tech IT Management & Governance Diagnostic, 2022.

    A starting point for cost optimization improvement is adjusting your frame of mind. Know that it's not just about making difficult cuts - in reality, it's a creative pursuit that's about thriving in all circumstances, not just surviving.

    Slow revenue growth expectations generate urgency

    Many IT organizations will be directed to trim costs during turbulent times.

    • Cost optimization implies continuous cost management, which entails long-term strategic initiatives (i.e. organizations and their IT departments seek flexible cost structures and practices focused on maximizing business value while maintaining the ability to adapt to changes in the broader economic environment). However, organizations must also be able to respond to unexpected events.
    • During times of turmoil – poor economic outlook expected to negatively impact an organization's bottom line – CEOs and CFOs think more about survival than growth, driving cost cutting across all departments to create short-term, immediate, and measurable financial benefits.
    • In such situations, many IT departments will be hard-pressed to meet cost cutting targets at short notice. If not planned correctly, with a tunnel vision focus instead of a strategic one, you can end up hurting yourself in the not-so-distant future.

    Build Your IT Cost Optimization Roadmap

    Insight summary

    Sustain an optimal cost-to-value ratio across four levers:

    1. Assets
    2. Vendors
    3. Project Portfolio
    4. Workforce

    Cost optimization is not just about reducing costs

    In fact, you should aim to achieve three objectives:
    (1) reduce your unwarranted IT spending, (2) optimize your cost-to-value, and (3) sustain your cost optimization.

    Reduce unwarranted IT spending

    Stop the bleeding or go for quick wins
    Start by reducing waste and bad spending habits while clearly communicating your intentions to your stakeholders – get buy-in.

    Optimize cost-to-value

    Value means tradeoffs
    Pursue value but know that it will lead you to make tradeoffs between cost, performance, and risk.

    Sustain cost optimization

    Think about tomorrow: reduce, reuse, recalibrate, and repeat
    Standardize and automate your cost optimization processes around a proper governance framework. Cost optimization is not a onetime exercise.

    Info-Tech's methodology for building your IT cost optimization roadmap

    Phase 1: Understand Your Mandate & Objectives

    Know where you stand and where you're going.

    Understand your cost optimization mandate within the context of your organization's situation and direction.

    Phase 2: Outline Your Initiatives

    Evaluate many, pick a few.

    Think of all possible cost optimization initiatives across the four optimization levers (Assets, Vendors, Project Portfolio, and Workforce), but only keep the ones that best help you fulfill your goals.

    Phase 3: Develop Your Roadmap

    Keep one eye on today and the other on tomorrow.

    Prioritize cost optimization initiatives that would help you achieve your near-term objectives first, but don't forget about the medium and long term.

    Phase 4: Communicate and Execute

    Communicate and collaborate - you are not a one-person show.

    Reach out to other business units where necessary. Your success relies on getting buy-in from various stakeholders, especially when cost optimization initiatives impact them in one way or another.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    IT Cost Optimization Roadmap Samples and Templates
    Templates including an abbreviated executive presentation and a final communication presentation based on a 12-month cost optimization roadmap.

    IT Cost Optimization Workbook
    A workbook generating a 12-month cost optimization roadmap.

    Measure the value of this blueprint

    Maintain an optimal IT cost-to-organization revenue ratio.

    This blueprint will guide you to set cost optimization goals across one to three main objectives, depending on your identified journey (reactive, proactive, or strategic):

    • Reduce unwarranted IT spending.
    • Optimize cost-to value.
    • Sustain cost optimization.

    In phase 1 of this blueprint, we will help you establish your goals to satisfy your organization's needs.

    In phase 3, we will help you develop a game plan and a roadmap for achieving those metrics.

    Once you implement your 12-month roadmap, start tracking the metrics below over the next fiscal year (FY) to assess the effectiveness of undertaken measures.

    Cost Optimization Objective Key Success Metric
    Reduce unwarranted IT spending Decrease IT cost in identified key areas
    Optimize cost-to-value Decrease IT cost per IT employee
    Sustain cost optimization Decrease IT cost-to-organization revenue

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.
    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4
    Call #1:
    • Identify cost optimization scope requirements, objectives, and your specific challenges.
    • Review and assess cost optimization goals and objectives.
    Call #2:

    Review potential cost optimization initiatives for assets and vendors levers.

    Call #3:

    Assess cost optimization initiatives' cost and feasibility - for assets and vendors levers.

    Call #4:

    Review potential cost optimization initiatives for project portfolio and workforce levers.

    Call #5:

    Assess cost optimization initiatives' cost and feasibility - for project portfolio and workforce levers.

    Call #6:
    • Identify final decision criteria for cost optimization prioritization.
    • Review prioritized cost optimization initiatives and roadmap outputs.
    Call #7:
    • Review the Cost Optimization Communication Plan and IT Cost Optimization Executive Presentation.
    • Discuss next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI will include multiple calls over the course of one to two months.

    IT cost analysis and optimization workshop overview

    Session 1 Session 2 Session 3 Session 4 Session 5
    Activities Understand Your Mandate and Objectives Outline Initiatives for Assets and Vendors Outline Initiatives for Projects and Workforce Develop an IT Cost Optimization Roadmap Communicate and Execute
    1.1 Understand your organization's cost optimization objectives and how this impacts IT.
    1.2 Review potential cost optimization target areas based on your IT financial management benchmarking report.
    1.3 Identify factors constraining cost optimization options.
    1.4 Set concrete IT cost optimization goals.
    1.5 Identify inputs required for decision making.
    2.1 Identify a longlist of possible initiatives around:
    1. Asset lifecycle management, investment deferral, repurposing, etc.
    2. Vendor contract renegotiation, cancelation, etc.
    2.2 Estimate the cost savings of cost optimization initiatives.
    3.1 Identify a longlist of possible initiatives around:
    1. Project priorities, project backlog reduction, project intake restructuring, etc.
    2. Workforce productivity, skills, redeployment, etc.
    3.2 Estimate the cost savings of cost optimization initiatives.
    4.1 Assess the feasibility of each initiative (effort and risk profile) given cost optimization goals.
    4.2 Prioritize cost optimization initiatives to create a final shortlist.
    4.3 Fine-tune key information about your final cost optimization initiatives and develop a cost optimization roadmap for proposal.
    5.1 Outline components of a communication plan, including approvers, stakeholders, and governance and management mechanisms to be used.
    5.2 Create an executive presentation.
    5.3 Set up review time for workshop deliverables and post-workshop activities.
    Output
    • IT cost optimization journey and guiding principles for making corresponding decisions.
    • Long list of possible cost optimization initiatives and their potential cost savings for assets and vendors levers.
    • Long list of possible cost optimization initiatives and their potential cost savings for project portfolio and workforce levers.
    • Prioritized list of key cost optimization initiatives, descriptions, estimated impact, and roadmap.
    • IT cost optimization communication plan and presentation strategy.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 1

    Understand Your Mandate and Objectives

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • Business context and cost optimization journey
    • Cost constraints and parameters
    • Cost optimization goals

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead

    1.1 Gain consensus on the business context and IT cost optimization journey

    60 minutes

    • Using the questions on slide 20, conduct a brief journey assessment to ensure consensus on the direction you are planning to take.
    • Document your findings in the provided template.
    Input Output
    • Understanding business objectives and identifying your IT mandate
    • Determining the cost optimization journey: reactive, proactive, or strategic
    Materials Participants
    • Whiteboard or flip charts
    • Journey assessment template
    • CIO/IT director
    • IT finance lead

    See the next three slides for guidelines and the journey assessment questions and template.

    Distinguishing between three journeys

    By considering business objectives without forgoing your IT mandate.

    Journey Reactive Proactive Strategic
    Description
    • Business objectives are closely tied to cost reduction, forcing cost cutting across IT.
    • Typically occurs during turbulent economic times, when slow revenue growth is expected.
    • Business objectives do not include clear cost optimization initiatives but mandates IT to be fiscally conservative.
    • Typically occurs when economic turbulence is on the horizon and the organization's revenue is stable - executives only have a fiscal discipline guidance.
    • Business objectives do not include clear cost optimization initiatives.
    • Typically occurs when the overall economy is in good shape and the organization is in positive revenue growth territory.
    Main Focus
    • Quick-to-execute measures with few dependencies and concrete impact in response to business urgency and/or executive directive.
    • Enabling the organization to respond to different types and magnitudes of business change in a more planned and controlled manner.
    • Establishing an efficient, agile, sustainable, and strategically aligned cost optimization practice across all stages of the business cycle, regardless of business conditions.

    Questions to help determine your journey

    Business Objectives Business Strategy
    • What are the current business objectives?
    • Are there any stated cost-related objectives? If yes, what cost-related objectives have been stated by organizational leadership, such as cuts, areas of investment, and any targets for both?
    • Does the organization have a business strategy in place?
    • Was the business strategy reviewed or revised recently?
    • What's the business strategy focus for the next 12 months?
    • Are there any cost optimization implications within the current business strategy?
    IT Objectives IT Strategy and Mandate
    • What are your current IT objectives?
    • Are your IT objectives aligned to business objectives?
    • Do you have any IT cost-related objectives? If yes, what are your current IT cost-related objectives?
    • Are your IT cost-related objectives aligned to business objectives?
    • Do you have an IT strategy in place?
    • Is your IT strategy aligned to your organization's business strategy?
    • Do you have a cost optimization mandate? If yes, what is your cost optimization mandate?
    • What's the fiscal guidance and direction in IT?
    Journey
    Agreed-upon journey: reactive, proactive, or strategic.

    Template & Example

    Journey assessment

    Business Objectives Business Strategy
    • The founder's mission around quality persists despite ownership/leadership changes. Reliability and dependability are really important to everyone.
    • Increase visibility and interconnectivity across the supply chain.
    • Increase market share: younger markets and emerging foreign markets.
    • Economic outlook expected to negatively affect the bottom line - will need to trim and protect the core.
    • Grow Gizmo product sales by 10%.
    • Lower production cost of Gizmo product by 5%.
    IT Objectives IT Strategy and Mandate
    • IT/OT convergence, process automation, and modernization are major opportunities to better position the business for the future and introduce more agility into operations and reduce production cost.
    • Very mature and stable production processes with 100% uptime is a priority.
    • Lower IT cost related to Gizmo product.
    • There's no clear cost optimization mandate, but a fiscally conservative budget is recommended.
    Journey
    Agreed-upon journey: proactive.

    1.2 Review internal and external benchmarking reports

    60-90 minutes

    1. Review the IT spend and staffing results, summarized in your Info-Tech IT Spend & Staffing Benchmarking report.
    2. Identify areas where your IT spend is disproportionately high or low in comparison with your industry peers.
    3. Review and document any causes or rationales for high or low spend in each area identified. Do not be specific about any actual optimization targets or actions at this stage - simply make notes.
    4. Start a list of potential cost optimization initiatives to be further analyzed and investigated for feasibility at a later stage (see next slides for guidance, example, and template).
    InputOutput
    • IT Spend & Staffing Benchmarking report
    • A list of potential cost optimization focus areas
    MaterialsParticipants
    • Whiteboard or flip charts
    • Potential cost optimization initiatives list template
    • CIO/IT director
    • IT finance lead

    Info-Tech's approach

    Our IT cost model maps your IT spending and staffing according to four key views, putting IT spend in language that stakeholders across the organization can relate to.

    IT cost model maps

    Template & Example

    Potential cost optimization initiatives list

    Brainstorm and list potential cost optimization initiatives at a macro level.

    Potential Initiative Source Source Contact Notes
    Reduce application maintenance cost Internal Benchmarking Report CIO Based on current year report
    Rationalize software applications Info-Tech IT Benchmarking Report CIO Based on current year report
    Migrate key business applications to the cloud Latest iteration of the IT strategy CIO New IT strategy will be in development concurrent with cost optimization strategy development
    Align job roles to the current IT structure IT org. chart and salaries HR, CIO Based on information of the current year and will likely change in a few months (beginning of a new year)
    Renegotiate the top five vendor contracts up for renewal this year List of IT vendors Procurement office, CIO, IT infrastructure director, IT applications director, IT services manager Based on a list consolidated last week

    Want help with your IT spend transparency and benchmarking efforts?

    Let us fast-track your IT spend journey.

    The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

    This unique service features:

    • A client-proven approach to meet your IT spend transparency goals.
    • Spend and staff mapping that reveals business consumption of IT.
    • Industry benchmarking to compare your spending and staffing to that of your peers.
    • Results in a fraction of the time with much less effort than going it alone.
    • Expert review of results and ongoing discussions with Info-Tech analysts.

    If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

    1.3 Identify your overarching constraints

    30 minutes

    1. Assess where spend change opportunities are currently limited or nonexistent due to organization edict or policy, industry regulatory requirements, or active contracts. Ask yourself:
      1. Where do IT spend bottlenecks exist and what are they?
      2. What IT spend objectives and practices are absolutely mandatory and nonnegotiable from both a business and an IT perspective?
      3. Are there areas where spend change is possible but would be very difficult to execute due to the stakeholders involved, governance processes, time frames, or another constraining factor?
    2. Identify where reduction or elimination of an IT service would negatively affect required service levels and business continuity or recovery.
    3. List constraints as negotiable or nonnegotiable on the template provided.
    4. Remove areas of focus from your cost optimization scope that land outside achievable parameters, and flag those that are difficult but still possible.
    InputOutput
    • Situational awareness and current state understanding
    • List of negotiable constraints to act on
    • Delimiting the cost optimization scope
    MaterialsParticipants
    • Whiteboard or flip charts
    • Constraints assessment template
    • CIO/IT director
    • IT finance lead

    See the next slides for additional guidance and a constraints assessment template.

    Acknowledge your limitations

    By recognizing your constraints, which will lead you to define your cost optimization scope.

    Constraints Organizational Legal/Regulatory Other
    What An organizational constraint is any work condition that hinders an employee's performance - be it physical, emotional, or otherwise. A legal or regulatory constraint is any law, rule, standard, or regulation - be it industry specific or otherwise - limiting the ability of any stakeholder to get the most out of a certain activity, initiative, or project. Other types of constraints affecting business units.
    Who Collaborate with your IT leaders and business partners to identify all major constraints that would affect cost optimization initiatives.
    How Discussions and information sessions to distinguish between negotiable and nonnegotiable constraints that would thwart cost optimization efforts:
    • Legal/regulatory requirements and related initiatives (past, ongoing, and planned/expected).
      Example: projects cannot be delayed, processes are difficult to simplify, etc.
    • Operational governance - organization policies, processes, methodologies, structure, etc.
      Example: adopting a waterfall model for development instead of an agile one.
    • Financial and accounting practices.
      Example: capital expenditure and operational expenditure classification.
    Challenge Degree to which you can influence certain outcomes within a set time frame:
    • Prioritize negotiating constraints where you can influence the outcome or maximize cost optimization benefits.

    We define a constraint as a restriction controlling the behavior of any of your stakeholders, hence preventing a desired outcome.

    In our context, constraints will determine your playing field: the boundaries of your cost optimization scope.

    Distinguish between constraints

    Negotiable vs. nonnegotiable to delimit your cost optimization scope.

    Distinguish between constraints

    Template & Example

    Constraints assessment

    List high-level limitations that hinder your cost optimization options.

    Nonnegotiable constraints
    Organizational Legal/Regulatory IT/Other
    Prioritization of sales/customer service activities SEC compliance/reporting mandates Production unit incident response service levels
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    Negotiable constraints
    Organizational Legal/Regulatory IT/Other
    Core business operations process design Vendor contracts up for near-term renewal Current capital project commitments
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]

    1.4 Establish overarching cost optimization goals

    60-90 minutes

    1. Establish specific IT cost optimization goals. Depending on your journey, step 1.1. You will have one to three overarching cost optimization goals, as follows:
      1. Reactive: Cost-cutting goal to reduce unwarranted IT spending.
      2. Proactive: Cost-to-value optimization goal.
      3. Strategic: Cost optimization sustainability goal.
      Consider amounts and time frames, as well as likely/suitable approaches you plan to employ to achieve these goals.
    2. Document your final cost optimization goals in the IT Cost Optimization Workbook.
    3. Revisit your goals after outlining your initiatives (phase 2) to ensure feasibility depending on your journey.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Situational awareness and current state understanding
    • Defined goals for IT cost optimization
    MaterialsParticipants
    • Whiteboard or flip charts
    • Set Cost Optimization Goals tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead

    Template & Example

    Document your overarching goals

    Excel Workbook: IT Cost Optimization – Set Optimization Goals Worksheet

    Refer to the example and guidelines below on how to document your goals based on your journey:

    Table of Overarching Goals

    Column ID Input Type Guidelines
    B Dropdown Select the appropriate journey: Reactive, Proactive, or Strategic.
    C Dropdown Select the appropriate cost optimization objective: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, Sustain Cost Optimization.
    D Formula Automatic calculation, no entry required. Reduce Unwarranted IT Spending goal is the first priority, followed by Optimize Cost-to-Value, and Sustain Cost Optimization goals, respectively.
    E Text Enter the overarching goal related to each objective.

    Complete the following fields for each goal depending on your journey in the Excel Workbook as per guidelines:

    1. Navigate to the Set Cost Optimization Goals tab.
    2. Identify your journey and objective for each goal.
    3. Document your goal(s).

    Download the IT Cost Optimization Workbook

    Template & Example

    Break down your goals per quarter

    Excel Workbook: IT Cost Optimization - Set Cost Optimization Goals Worksheet

    Refer to the example and guidelines below on how to break down your goals per quarter and track your progress:

    Table break down your goals per quarter

    Column ID Input Type Guidelines
    F, G, H, I Text Enter the target per quarter: It could be a percentage, dollar amount, or description of the breakdown, depending on the cost optimization goal and objective.

    Complete the following fields for each goal depending on your journey in the Excel Workbook as per guidelines:

    1. Navigate to the Set Cost Optimization Goals tab.
    2. Determine your target per quarter for every goal.
    3. Document your targets.

    Download the IT Cost Optimization Workbook

    1.5 Identify inputs required for decision making

    60-90 minutes

    1. Each of the optimization levers (assets, vendors, project portfolio, and workforce) will require specific and unique sources of information which you will need to collect before moving forward. Examples of important sources of information include:
      1. Latest iteration of the IT strategy.
      2. List of IT assets (hardware, software).
      3. List of IT services or IT service catalog.
      4. List of current and planned IT projects and their resourcing allocations.
      5. List of largest vendor contracts and their key details, such as their expiration/renewal date.
      6. IT department organizational chart and salaries (by role).
    2. Review and analyze each of the documents.
    3. Continue to list potential cost optimization initiatives (step 1.2) to be further analyzed and investigated for feasibility at a later stage.
    InputOutput
    • IT strategy
    • Lists of IT assets, services, and projects
    • Top vendor contracts
    • IT org. chart and salaries
    • Macrolevel list of potential cost optimization initiatives
    MaterialsParticipants
    • Potential cost optimization initiatives list template (slide 24)
    • CIO/IT director
    • IT finance lead

    Prepare all pertinent sources of information

    And start drafting your cost optimization laundry list.

    Documents Benchmarking IT Strategy Other Information Sources
    What
    • Review:
      • Your IT spend trend across several years (ideally three to five years): internal benchmarking report.
      • Your IT spend compared to industry peers: external benchmarking report.
    • Analyze your internal and external benchmarking reports across the four views: service, expense, business, and innovation.
    • Review your business aligned IT strategy to identify cost optimization related initiatives.
    • At a later stage, exploit your IT strategy to prioritize cost optimization initiatives as needed.
    • Review your IT organization chart and salaries to determine whether the IT organization structure is optimal, job descriptions are mapped to the desired structure, employee skillsets and salary scale are adequate and aligned to the job description, etc.
    • Compile and examine lists of assets, vendors, projects, and services.
    • Prepare any other information sources you deem meaningful.
    Who Collaborate with your IT leaders and business partners to:
    • Prepare the necessary reports, documents, and required sources of information.
    • Identify potential cost optimization initiatives around areas of improvement.
    How Discussions and information sessions to analyze and deep dive on raw findings.
    Challenge Time to compile and analyze reports without affecting day-to-day operations:
    • Outsource some activities such as external benchmarking to organizations like Info-Tech.
    • Get consulting support on specific reports or tasks through workshops, calls, etc.

    Phase 2

    Outline Your Cost Optimization Initiatives

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • IT cost optimization initiatives
    • IT cost optimization workbook

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • IT vendor management lead
    • PMO lead
    • IT talent management representative
    • Other IT management

    Outline your cost optimization initiatives

    Across Info-Tech's four levers.

    Levers ASSETS VENDORS PROJECT PORTFOLI WORKFORCE
    What
    • Maintain trustworthy data to optimize cost, reduce risk, and improve services in line with business priorities and requirements:
      • Optimize cost: reallocate unused hardware and software, end unneeded service agreements, and manage renewals and audits.
      • Reduce risk: provide comprehensive asset data for security controls development and incident management - manage equipment disposal.
      • Improve IT service: support incident, problem, request, and change management with ITAM data.
    • Examine your vendor contracts and vendor management practices to optimize your expected value from every IT provider you deal with.
    • Treat vendor management as a proactive, cross-functional practice aiming to create value by improving communication, relationships, processes, performance, and ultimately reducing cost.
    • Reassess your project portfolio to maximize total value in line with business objectives and strategy.
    • Reduce resource waste with a strategic approach to project portfolio management:
      • Ensure that approved projects can be completed by aligning intake with real project capacity.
      • Minimize over-allocation of resources by allocating based on the proportion of project vs. non-project work.
      • Forecast future resource requirements by maintaining accurate resource capacity data.
    • Review your strategic workforce plan to identify cost optimization opportunities.
    • Determine capability gaps to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.
    • Link workforce planning with strategic planning to ensure that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.
    Who Collaborate with your IT leaders and business partners to:
    • Prepare the necessary reports, documents, and required sources of information.
    • Determine cost optimization initiatives across the four levers.
    How You will decide on the best course of action depending on your journey.

    Most common cost optimization challenges

    Across Info-Tech's four levers.

    Levers ASSETS VENDORS PROJECT PORTFOLI WORKFORCE
    Challenge
    • Incomplete or inaccurate data, poor processes, inadequate tools, and lack of support across the organization is leading to bad decision making while damaging value.
    • Spending on IT providers is increasing while vendor contract expected value - results, output, performance, solutions, or outcomes - is not realized.
    • Poor planning, conflicting priorities, and resource scarcity is affecting project outcomes, resulting in suboptimal value.
    • Talent shortages, lack of prioritization, and experience in managing an IT workforce is leading to higher costs and a loss in value.
    Solution
    • Develop a sustainable IT asset management (ITAM) strategy aligned with your business priorities.
    • Establish a vendor management initiative (VMI) with a solid foundation to fit your organization's culture, environment, and goals.
    • Create a coherent strategy to maximize the total value that projects deliver as a portfolio, rather than a collection of individual projects.
    • Develop a strategic workforce plan (SWP) to ensure you have the right people in place at the right time.
    Related Info-Tech Research Develop an IT Asset Management Strategy Jump-start Your Vendor Management Initiative Develop a Project Portfolio Management Strategy Build a Strategic IT Workforce Plan

    2.1 Determine your cost optimization initiatives

    8 hours

    Now that you have identified your journey and understood your constraints:

    1. Review your list of potential cost optimization initiatives and document viable ones in the IT Cost Optimization Workbook.
    2. Think of potential cost optimization initiatives within the four levers: assets, vendors, project portfolio, and workforce. The following slides will help you in this endeavor.

    Download the IT Cost Optimization Workbook

    Input Output
    • Potential cost optimization initiatives list
    • Outline Initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    Plan your cost optimization initiatives

    Your initiatives will differ depending on your journey

    In terms of aggressiveness and objectives.

    Plan cost optimization initiatives

    Cost optimization initiatives pertaining to a reactive journey are characterized by aggressive cost reduction.

    On the other hand, cost optimization initiatives within a strategic journey can vary in aggressiveness across objectives.

    2.1.1 Identify asset optimization initiatives

    2 hours

    1. Review the IT asset management strategy if available. Compile a list of all hardware, software, and facility asset costs for delivery of IT services.
    2. Analyze hardware and software assets for opportunities to consolidate, reduce, eliminate, and/or enhance functionality/automation. Look for:
      1. Redundancy or duplication of functionality not necessary for disaster recovery or business continuity purposes.
      2. Low or no-use software.
      3. Homegrown or legacy systems with high maintenance/support burdens.
      4. Multiple, old, or unsupported versions of current-use software.
      5. Opportunities to delay hardware/software refreshes or upgrades.
      6. Cloud/outsourced options.
      7. Instances of unsanctioned shadow IT.
    3. Reassess your in-house asset management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by asset optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • IT asset management strategy
    • List of current assets including hardware, software, and facilities
    • Outline Initiatives driven by asset optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Example

    Asset optimization

    Some examples to get you started

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Validate the license cost of performance optimization.
    • Review the utilization of software/hardware before renewal or purchase of additional hardware or software.
    • Assess new license cost against projects to determine possibility of differing or canceling software.
    • Postpone the purchases of hardware.
    • Extend the life of hardware.
    • Consolidate and reconfigure hardware.
    • Return damaged/malfunctioning hardware under warranty.
    • Consolidate and reconfigure software.
    • Optimize software/hardware functionality.
    • Implement hardware/software standard or policy.
    • Develop an infrastructure management outsourcing strategy.
    • Optimize cloud management: review utilization, licensing, cost, etc.
    • Develop a sustainable IT asset management (ITAM) strategy aligned with your business priorities.
    • Minimize shadow IT by creating a policy and improving the service request process.
    • Develop or assess a cloud strategy for a certain service.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your asset optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the asset optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.2 Identify vendor optimization initiatives

    2 hours

    1. Revisit the IT vendor classification if available. Identify all existing vendor contracts up for renewal within the current fiscal year and create an inventory.
    2. Examine your vendor contracts to optimize your expected value from every IT provider you deal with. For each contract:
      1. Identify the business purpose/drivers.
      2. Identify the expiration/renewal date to determine time frames for action.
      3. Determine if there is an opportunity to rightsize, cancel, renegotiate costs/service levels, or postpone renewal/purchase.
      4. Identify integrations and interdependencies with other hardware and software systems to understand scope and impact of potential changes.
    3. Reassess your in-house vendor management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by vendor optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor classification
    • Vendors contracts
    • Outline Initiatives driven by vendor optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Example

    Vendor optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Renegotiate and rightsize a vendor contract:
      • Cancel vendor/service/type application contract.
      • Renegotiate vendor/service/type contract.
      • Cancel vendor/service/type licenses.
      • Rationalize number of vendor/service/type licenses.
    • Consolidate vendors/resellers with similar services, products and features.
    • Implement a vendor management initiative to maximize value and minimize risk.
    • Consolidate contracts to take advantage of spending power and volume.
    • Set up custom vendor performance metrics.
    • Establish ongoing monitoring of vendor risk (financial, security, etc.).
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your vendor optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the vendor optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.3 Identify project portfolio optimization initiatives

    2 hours

    1. Review the IT Project Portfolio Strategy if available, and the list of both in-flight and planned projects.
    2. Reassess your project portfolio to maximize total value in line with business objectives and strategy. For each current and pending project on the list, identify a cost optimization initiative, including:
      1. Revisiting, confirming, and documenting actual project rationale with the business in relation to strategic goals.
      2. Rescoping existing projects that are underway.
      3. Accelerating planned or existing projects that enable business cost savings or competitive advantage and revenue growth.
      4. Canceling or postponing projects that are underway or haven't started.
      5. Identifying net-new projects that enhance business capabilities or save business costs.
    3. Reassess your in-house project management and project portfolio management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by project portfolio optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    Input Output
    • Project Portfolio Management Strategy
    • List of current and pending projects
    • Outline Initiatives driven by project portfolio optimization objectives in the IT Cost Optimization Workbook
    Materials Participants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Example

    Project portfolio optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Cancel projects with no executive sponsor.
    • Cancel projects with unacceptable timelines.
    • Postpone projects where there is a more urgent need for related resources.
    • Rescope projects where a more effective business case has been identified.
    • Freeze projects where scope and resourcing are uncertain.
    • Accelerate projects that enable business cost savings or a competitive advantage with revenue growth.
    • Combine projects that are better managed by realigning project managers and coordinators.
    • Break projects into phases to front-load realized value.
    • Outsource projects with commoditized skillset requirements.
    • Reassess the technology requirements when multiple vendors are involved.
    • Reexamine project rationale with the business in relation to strategic goals.
    • Identify net-new projects that offer improved value in relation to current economics.
    • Reassess the strategic drivers for project spending in the face of shifting priorities.
    • Implement a project portfolio governance function.
    • Introduce a benefits realization discipline in relation to the benefits forecasted during project approval.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your project portfolio optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the project portfolio optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.4 Identify workforce optimization initiatives

    2 hours

    1. Review the IT department's strategic workforce plan (SWP) if available, organizational chart, and salaries by role. Do not review IT staffing in terms of named individuals who occupy a given role - focus on functions, roles, and job descriptions.
    2. Determine capability gaps:
      1. Rectify efficiency, effectiveness, and other performance issues.
      2. Train IT staff to enhance or improve skills and effectiveness.
      3. Add roles, skills, or headcount to improve effectiveness.
      4. Integrate teams to improve collaboration and reduce redundancies or break out new ones to increase focus/specialization.
      5. Redesign job roles and responsibilities.
      6. Redeploy/reassign staff to other teams.
      7. Conduct layoff (as a last resort, starting by assessing contractual employees).
    3. Document cost optimization initiatives that could be driven by workforce optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Strategic workforce plan (SWP)
    • Organizational charts
    • Staff lists
    • Outline Initiatives driven by workforce optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Example

    Workforce optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Defer vacancy, position, or role.
    • Freeze all overnight and unessential IT staff travel.
    • Outsource project/function to free internal resources.
    • Postpone nonessential IT staff training as per training plans.
    • Suspend IT team discretionary spend.
    • Streamline workforce related to department/service (develop the process).
    • Relocate role or function from division or group to division or group.
    • Adjust framework and level assignments.
    • Promote and train employees for a certain objective.
    • Implement a strategic workforce plan (SWP) to ensure you have the right people in place, at the right time.
    • Set up a workforce performance monitoring framework or process to optimize staffing capabilities aligned with business value.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your workforce optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the workforce optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.2 Estimate the cost savings of cost optimization initiatives

    8 hours

    Now that you have identified your initiatives:

    1. Review your cost optimization initiatives per lever (Assets, Vendors, Project Portfolio, and Workforce).
    2. Determine whether the implementation cost of each of your initiatives is included as part of your budget.
    3. Estimate your cost savings.
    4. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Potential cost optimization initiatives list
    • Outline Initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    2.2.1 Estimate the costs impacting your asset optimization initiatives

    2 hours

    1. Review each asset optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Asset optimization initiatives
    • Cost and budget information
    • Cost estimates of asset optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each asset optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.2 Estimate the costs impacting your vendor optimization initiatives

    2 hours

    1. Review each vendor optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor optimization initiatives
    • Cost and budget information
    • Cost estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each vendor optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.3 Estimate the costs impacting your project portfolio optimization initiatives

    2 hours

    1. Review each project portfolio optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Cost and budget information
    • Cost estimates of project portfolio optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each project portfolio optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.4 Estimate the costs impacting your workforce optimization initiatives

    2 hours

    1. Review each workforce optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Cost and budget information
    • Cost estimates of workforce optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization –i Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each workforce optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    Phase 3

    Develop Your IT Cost Optimization Roadmap

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • IT cost optimization workbook
    • IT cost optimization roadmap

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • IT vendor management lead
    • PMO lead
    • IT talent management representative
    • Other IT management

    Develop your prioritized and aligned cost optimization roadmap

    The process of developing your roadmap is where you set final cost optimization priorities, conduct a final rationalization to decide what's in and what's out, and document your proposed plan of action.

    First, take a moment to consider if you missed anything. Too often, only the cost cutting elements of the cost optimization equation get attention. Remember that cost optimization also includes making smart investments. Sometimes adding and expanding is better for the business than removing or contracting.

    • Do your proposed initiatives help position the organization to recover quickly if you're dealing with a downturn or recession scenario?
    • Have you fully considered growth or innovation opportunities that will help optimize costs in the long run?

    Feasibility
    Eliminate initiatives from the longlist of potential initiatives that cannot be achieved given the cost optimization goals you determined at the beginning of this exercise.

    Priority
    Rank order the remaining initiatives according to their ability to contribute to goal attainment and dependency relationships with external constraints and one another.

    Action Plan
    Create an overarching visual roadmap that shows how you intend to achieve your cost optimization goals over the short, medium, and long-term.

    3.1 Assess the feasibility of your cost optimization initiatives

    4 hours

    Now that you have identified your initiatives across the four levers and understood the business impacts:

    1. Review each of your cost optimization initiatives and estimate the feasibility in terms of:
      1. Effort required to implement.
      2. Risk: Likelihood of failure and impact on performance.
      3. Approval rights: Within the IT or finance's accountability/domain or not.
    2. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization initiatives
    • Feasibility estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    3.1.1 Estimate the feasibility of your asset optimization initiatives

    1 hour

    1. Review each asset optimization initiative to estimate feasibility implications.
    2. Start by defining the effort required variables. Think in terms of how many dedicated full-time employees you would need to implement the initiative. Document your definition for each of the three variables (High, Medium, or Low) in the IT Cost Optimization Workbook (see next slides). Then, estimate the effort required to implement the related initiative. Consider complexity, scope, and resource availability, before you document it in the IT Cost Optimization Workbook (see next slides).
    3. Define your likelihood of failure variables. Think in terms of probability of failure or percent chance the underlying initiative will not succeed. Document your definition for each of the three variables (High, Medium, or Low) in the IT Cost Optimization Workbook (see next slides). Then, estimate the likelihood of failure to implement the related initiative, and document it in the IT Cost Optimization Workbook (see next slides).
    4. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    5. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    Input Output
    • Asset optimization initiatives
    • Feasibility estimates of asset optimization initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Define your feasibility variables

    Excel Workbook: IT Cost Optimization – Define Variables Worksheet

    Refer to the example and guidelines below on how to define your feasibility variables for standardization purposes. You can adopt a different definition per optimization lever (Assets, Vendors, Project Portfolio, and Workforce), or maintain the same one across initiatives, depending on what makes sense for your organization:

    Define your feasibility variables

    Column ID Input Type Guidelines
    B, G Formula Automatic calculation, no entry required. The ID will populate automatically.
    C, H Text No entry required. Three variables identified: High, Medium, Low.
    D, E Whole Number Review and input the range of each effort required variable, based on the number of dedicated full-time employees needed to implement an initiative, as it works best for your organization.
    I, J Whole Number Review and input the range of each likelihood of failure variable, based on the probability of failure of an initiative, as it works best for your organization. This example should work for most organizations.

    Define your feasibility variables in the Excel Workbook as per guidelines:

    1. Navigate to the Define Variables tab.
    2. Review and enter the range of each effort required and likelihood of failure variable as you see fit for your organization.

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each asset optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.2 Estimate the feasibility of your vendor optimization initiatives

    1 hour

    1. Review each vendor optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor optimization initiatives
    • Feasibility estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each vendor optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.3 Estimate the feasibility of your project portfolio optimization initiatives

    1 hour

    1. Review each project portfolio optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Feasibility estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each project portfolio optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.4 Estimate the feasibility of your workforce optimization initiatives

    1 hour

    1. Review each workforce optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Feasibility estimates of workforce optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each workforce optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.2 Prioritize cost optimization initiatives to create a final shortlist

    4 hours

    Now that you have your cost and feasibility for each cost optimization initiative:

    1. Review each of your cost optimization initiatives and estimate the time and priority by considering:
      1. Preliminary priority assessment based on your cost and feasibility input.
      2. Time frame: start and end date of each initiative.
      3. Current budget cycle: time remaining in the current budget cycle and potential cost savings in this fiscal year.
    2. Determine the final priority of the initiative and decide whether you want to include it in your 12-month roadmap.
    3. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    3.2.1 Prioritize your asset optimization initiatives

    1 hour

    1. Review each asset optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Asset optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each asset optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of estimate cost savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary priority assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority threshold rationale

    Excel Workbook: IT Cost Optimization – Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the priority score and priority level:

    Priority threshold rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each asset optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be permanent or temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each asset optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.2 Prioritize your vendor optimization initiatives

    1 hour

    1. Review each vendor optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    Input Output
    • Vendor optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each vendor optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of estimate cost savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary priority assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization – Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority Threshold Rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each vendor optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each vendor optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.3 Prioritize your project portfolio optimization initiatives

    1 hour

    1. Review each project portfolio optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each project portfolio optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of Estimate Cost Savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary Priority Assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization - Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority threshold rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each project portfolio optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each project portfolio optimization initiative and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.4 Prioritize your workforce optimization initiatives

    1 hour

    1. Review each workforce optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each workforce optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of Estimate Cost Savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary Priority Assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization - Define Priority Threshold

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority Threshold Rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each workforce optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each workforce optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.3 Develop your cost optimization roadmap

    1 hour

    1. Conduct a final evaluation of your timeline, priority decision, and initiatives you wish to include in your 12-month roadmap. Do they make sense, are they achievable, and do they all contribute individually and collectively to reaching your cost optimization goals?
    2. Review your 12-month roadmap outputs in the IT Cost Optimization Workbook (see next slides).
    3. Make adjustments to your 12-month roadmap by adding or removing initiatives as you deem necessary (step 3.2).
    4. Document your final roadmap - including initiatives and relative time frames for execution - in the IT Cost Optimization Roadmap templates provided (see slide 97). The 12-month roadmap outputs from the IT Cost Optimization Workbook (see next slide) can facilitate this task.

    Download the IT Cost Optimization Workbook

    Input Output
    • Outline Initiatives tab in the IT Cost Optimization Workbook, output from previous steps
    • IT Cost Optimization Roadmap
    Materials Participants
    • Outline Initiatives Charts tab in the IT Cost Optimization Workbook
    • Diagram Results tab in the IT Cost Optimization Workbook
    • List Results tab in the IT Cost Optimization Workbook
    • Timeline Result tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT financial lead
    • Other IT management

    Template & Example

    Potential Cost Savings Per Year

    Excel Workbook: IT Cost Optimization - Outline Initiatives Charts Worksheet

    Refer to the example below on charts depicting different views of estimated cost savings per year across the four optimization levers (Assets, Vendors, Project Portfolio, and Workforce) that could help you in your assessment and decision making.

    Potential cost savings per year

    From the Excel Workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to the Outline Initiatives Charts tab.
    2. Review each of the charts.
    3. Navigate back to the Outline Initiatives tab to examine, drill down, and amend individual initiative entries or final decisions as you deem necessary.

    Template & Example

    12-month Roadmap Outputs

    Excel Workbook: IT Cost Optimization - Diagram Results, List Results, and Timeline Result Worksheets

    Refer to the example below depicting different roadmap output that could help you in presentations, assessment, and decision making.

    12-month Roadmap Outputs

    From the Excel Workbook:

    1. Navigate to the Diagram Results tab. This bubble diagram represent cost optimization initiatives by objective where each bubble size is determined by its estimated cost saving per year.
    2. Navigate to the List Results tab. You will find a list of the cost optimizations initiatives you've chosen to include in your roadmap and related charts.
    3. Navigate to the Timeline Result tab. This Gantt chart is a timeline view of the cost optimizations initiatives you've chosen to include in your roadmap.

    Download the IT Cost Optimization Workbook

    IT cost optimization roadmap

    Phase 4

    Communicate and Execute

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • Cost optimization communication plan
    • Cost optimization executive presentation

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Build Your IT Cost Optimization Roadmap

    4.1 Build the communication plan

    45 to 60 minutes

    1. Use the Cost Optimization Communication Plan templates and guidance on the following slides.
    2. Complete the template to develop your communication plan for your cost optimization proposal and initiatives. At a minimum, it should include:
      1. Steps for preparing and presenting your proposal to decision-makers, sponsors, and other stakeholders, including named presenters and points of contact in IT.
      2. Checkpoints for communication throughout the execution of each initiative and the cost optimization roadmap overall, including target audiences, accountabilities, modes and methods of communication, type/scope of information to be communicated at each checkpoint, and any decision/approval steps.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization roadmap
    • Completed draft of the Cost Optimization Communication Plan
    MaterialsParticipants
    • IT Cost Optimization Workbook
    • IT Cost Optimization Roadmap
    • Info-Tech's Cost Optimization Communication Plan template
    • CIO/IT director
    • IT financial lead
    • Other IT management

    Understand a communication strategy's purpose

    Put as much effort into developing your communication strategy as you would into planning and executing the cost optimization initiatives themselves. Don't skip this part.

    Your communication strategy has two major components ...

    1. A tactical plan for how and when you'll communicate with stakeholders about your proposals, activities, and progress toward meeting cost optimization goals.
    2. An executive or board presentation that outlines your final proposed cost optimization initiatives, their respective business cases, and resources/support required with the goal of gaining approval to execute.

    Your communication strategy will need to ...

    • Provide answers to the "What's in it for me?" question from all impacted stakeholders.
    • Roles, responsibilities, and accountabilities before, during, and after initiatives are completed.
    • Descriptions and high-level information about dates, deliverables, and impacts of the specific changes being made.

    You will also develop more detailed operational and project plans for each initiative. IT will use these plans to manage and track the execution of individual initiatives when the time comes.

    Template & Example

    Document the overall what and why of your planned communications

    Component Purpose Context Key Messages Intended Outcomes
    Definition Description of the topic and why you're communicating with this specific audience right now. Background information about the broader situation and how you got to where you are today. The main points you want your target audience to hear/read, absorb, and remember. What you hope you and your audience will get at the end of the communication or effort.
    Our Language
    • IT is proposing an organization-wide array of initiatives in order to reduce IT costs. We are seeking your approval and support to carry out these initiatives.
    • [Purpose]
    • The economy is in active downturn and may become a full recession.
    • IT is anticipating mandatory cost reductions and has opted to take a proactive position.
    • We used an analytical framework to look at all areas of the organization to identify and prioritize IT cost-reduction opportunities.
    • [Context]
    • IT is being proactive.
    • IT is sensitive to the business.
    • IT needs your support.
    • IT is committed to keeping you informed at every step.
    • IT wants to position the organization for rapid recovery when the economy improves.
    • [Message]
    • Buy-in, approval, and ongoing support for cost optimization initiatives proposed.
    • Update on the status of specific initiatives, including what's happened, progress, and what's coming next.
    • [Outcome]

    Template & Example

    Next, note the who, how, and when of your communication plan

    Stakeholder/Approver Initiatives Impact Format Time frame Messenger
    CEO
    • Reduce number of Minitab licenses
    • Defer hiring of new data architecture position
    • Cancel VR simulation project
    Indefinitely delays current strategic projects Monthly meeting discussion Last Wednesday of every month starting Oct. 26, FY1 CIO, IT data analytics project lead, IT VR project lead
    IT Steering Committee
    • Adjust service level framework and level assignments
    • Postpone purchases for network modernization
    • Postpone workstation/laptop upgrades for non-production functions
    • Outsource data analytics project
    Nearly all of these initiatives are enterprise-wide or affect multiple departments. Varying direct and indirect impacts will need to be independently communicated for each initiative if approved by the ITS.

    Formal presentation at quarterly ITS meetings

    Monthly progress updates via email bulletin

    Approval presentation: Oct. 31, FY1

    Quarterly updates: Jan. 31, Apr. 28, and Jul. 28, FY2

    CIO, IT service director, IT infrastructure director, IT data analytics project lead
    VP of Sales
    • Pause Salesforce view redesign project
    Delays new sales tool efficiency improvement. Meeting discussion Nov. FY1 CIO, IT Salesforce view redesign project lead
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]

    4.2 Build the executive presentation

    45-60 minutes

    1. Download Info-Tech's IT Cost Optimization Roadmap Samples and Templates.
    2. Update the content with the outputs of your cost optimization roadmap and data/graph elements from the IT Cost Optimization Workbook. Refer to your organization's standards and norms for executive-level presentations and adapt accordingly.

    Download IT Cost Optimization Roadmap Samples and Templates

    Input Output
    • IT Cost Optimization Roadmap
    • IT Cost Optimization Workbook
    • Completed draft of the IT Cost Optimization Executive Presentation
    Materials Participants
    • IT Cost Optimization Workbook
    • IT Cost Optimization Roadmap Samples and Templates
    • CIO/IT directors
    • IT financial lead
    • Other IT management

    Summary of Accomplishment

    Congratulations! You now have an IT cost optimization strategy and a communication plan.

    Throughout this blueprint, you have:

    1. Identified your IT mandate and cost optimization journey.
    2. Outlined your initiatives across the four levers (assets, vendors, project portfolio, and workforce).
    3. Put together a 12-month IT cost optimization roadmap.
    4. Developed a communication strategy and crafted an executive presentation - your initial step to communicate and discuss IT cost optimization initiatives with your key stakeholders.

    What's next?

    Communicate with your stakeholders, then follow your internal project policies and procedures to get the necessary approvals as required. Once obtained, you can start the execution and implementation of your IT cost optimization strategy.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    Research Contributors and Experts

    Jennifer Perrier, Principal Research Director, IT Financial Management

    Jennifer Perrier
    Principal Research Director, IT Financial Management
    Info-Tech Research Group

    Jack Hakimian, Senior Vice President, Research Development

    Jack Hakimian
    Senior Vice President, Research Development
    Info-Tech Research Group

    Graham Price, Senior Executive Counselor, Executive Services

    Graham Price
    Senior Executive Counselor, Executive Services
    Info-Tech Research Group

    Travis Duncan, Research Director, Project & Portfolio Management

    Travis Duncan
    Research Director, Project & Portfolio Management
    Info-Tech Research Group

    Dave Kish, Practice Lead, IT Financial Management

    Dave Kish
    Practice Lead, IT Financial Management
    Info-Tech Research Group

    Baird Miller, PhD, Senior Executive Advisor, Executive Services

    Baird Miller, PhD
    Senior Executive Advisor, Executive Services
    Info-Tech Research Group

    Other Research Contributors and Experts

    Monica Braun
    Research Director, IT Financial Management
    Info-Tech Research Group

    Sandi Conrad
    Principal Advisory Director, Infrastructure & Operations
    Info-Tech Research Group

    Phil Bode
    Principal Advisory Director, Vendor Management
    Info-Tech Research Group

    Donna Glidden
    Advisory Director, Vendor Management
    Info-Tech Research Group

    Barry Cousins
    Distinguished Analyst & Research Fellow
    Info-Tech Research Group

    Andrew Sharp
    Research Director, Infrastructure & Operations Practice
    Info-Tech Research Group

    Frank Sewell
    Advisory Director, Vendor Management
    Info-Tech Research Group

    Related Info-Tech Research

    Achieve IT Spend & Staffing Transparency
    Most CIOs, CFOs, and business function leaders don't enjoy a shared vocabulary when it comes to talking about technology spend. As a result, truly meaningful conversations about where and how to spend technology funds in support of business goals are rare. Enable these important conversations by transparently mapping your IT spend data against four key stakeholder views.

    Reduce Shadow IT With a Service Request Catalog
    As the business gets more innovative to solve its problems, IT finds itself in reactive mode, dealing with software bloat, managing surprise SaaS renewals, and having to integrate products that they didn't know were purchased. To solve this, IT needs to focus on service and visibility to counter Shadow IT.

    Bibliography

    "A Short Guide to Structured Cost Reduction." National Audit Office, 18 June 2010. Web.

    "IT Cost Savings: A Guide to Application Rationalization." LeanIX, 2021. Web.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 30 April 2020. Web.

    Leinwand, Paul, and Vinay Couto. "How to Cut Costs More Strategically." Harvard Business Review, March 2017. Web.

    "Role & Influence of the Technology Decision-Maker 2022." Foundry, 2022. Web.

    "State of the CIO 2022." CIO, 2022. Web.

    "The Definitive Guide to IT Cost Optimization." LeanIX, n.d. Web.

    "Understand the Principles of Cost Optimization." Google Cloud, n.d. Web.

    Build a Winning Business Process Automation Playbook

    • Buy Link or Shortcode: {j2store}407|cart{/j2store}
    • member rating overall impact (scale of 10): 8.3/10 Overall Impact
    • member rating average dollars saved: $8,065 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Business Analysis
    • Parent Category Link: /business-analysis
    • Organizations often have many business processes that rely on manual, routine, and repetitive data collection and processing work. These processes need to be automated to meet strategic priorities.
    • Your stakeholders may have decided to invest in process automation solutions. They may be ready to begin the planning and delivery of their first automated processes.
    • However, if your processes are costly, slow, defective, and do not generate the value end users want, automation will only magnify these inefficiencies.

    Our Advice

    Critical Insight

    • Put the user front and center. Aim to better understand the end user and their operational environment. Use cases, data models, and quality factors allow you to visualize the human-computer interactions from an end-user perspective and initiate a discussion on how technology and process improvements can be better positioned to help your end users.
    • Build for the future. Automation sets the technology foundations and process governance and management building blocks in your organization. Expect that more automation will be done using earlier investments.
    • Manage automations as part of your application portfolio. Automations are add-ons to your application portfolio. Unmanaged automations, like applications, will sprawl and reduce in value over time. A collaborative rationalization practice pinpoints where automation is required and identifies which business inefficiencies should be automated next.

    Impact and Result

    • Clarify the problem being solved. Gain a grounded understanding of your stakeholders’ drivers for business process automation. Discuss current business operations and systems to identify automation candidates.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes. Take a user-centric perspective to understand how users interact with technology to complete their tasks.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases. This sets the foundations for a broader automation practice.

    Build a Winning Business Process Automation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Business Process Automation Deck – A step-by-step document that walks you through how to optimize and automate your business processes.

    This blueprint helps you develop a repeatable approach to understand your process challenges and to optimize and automate strategic business processes.

    • Build a Winning Business Process Automation Playbook – Phases 1-3

    2. Business Process Automation Playbook – A repeatable set of practices to assess, optimize, and automate your business processes.

    This playbook template gives your teams a step-by-step guide to build a repeatable and standardized framework to optimize and automate your processes.

    • Business Process Automation Playbook

    3. Process Interview Template – A structured approach to interviewing stakeholders about their business processes.

    Info-Tech's Process Interview Template provides a number of sections that you can populate to help facilitate and document your stakeholder interviews.

    • Process Interview Template

    4. Process Mapping Guide – A guide to mapping business processes using BPMN standards.

    Info-Tech's Process Mapping Guide provides a thorough framework for process mapping, including the purpose and benefits, the best practices for facilitation, step-by-step process mapping instructions, and process mapping naming conventions.

    • Process Mapping Guide

    Infographic

    Workshop: Build a Winning Business Process Automation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Opportunities

    The Purpose

    Understand the goals and visions of business process automation.

    Develop your guiding principles.

    Build a backlog of automation opportunities

    Key Benefits Achieved

    Business process automation vision, expectations, and objectives.

    High-priority automation opportunities identified to focus on.

    Activities

    1.1 State your objectives and metrics.

    1.2 Build your backlog.

    Outputs

    Business process automation vision and objectives

    Business process automation guiding principles

    Process automation opportunity backlog

    2 Define Your MVAs

    The Purpose

    Assess and optimize high-strategic-importance business process automation use cases from the end user’s perspective.

    Shortlist your automation solutions.

    Build and plan to deliver minimum viable automations (MVAs).

    Key Benefits Achieved

    Repeatable framework to assess and optimize your business process.

    Selection of the possible solutions that best fit the business process use case.

    Maximized learning with a low-risk minimum viable automation.

    Activities

    2.1 Optimize your processes.

    2.2 Automate your processes.

    2.3 Define and roadmap your MVAs.

    Outputs

    Assessed and optimized business processes with a repeatable framework

    Fit assessment of use cases to automation solutions

    MVA definition and roadmap

    3 Deliver Your MVAs

    The Purpose

    Modernize your SDLC to support business process automation delivery.

    Key Benefits Achieved

    An SDLC that best supports the nuances and complexities of business process automation delivery.

    Activities

    3.1 Deliver your MVAs

    Outputs

    Refined and enhanced SDLC

    Scale Business Process Automation

    • Buy Link or Shortcode: {j2store}241|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Business process automation (BPA) adoption gained significant momentum as your business leaders saw the positive outcomes in your pilots, such as improvements in customer experience, operational efficiencies, and cost optimizations.
    • Your stakeholders are ready to increase their investments in more process automation solutions. They want to scale initial successes to other business and IT functions.
    • However, it is unclear how BPA can be successfully scaled and what benefits can be achieved from it.

    Our Advice

    Critical Insight

    The shift from isolated, task-based automations in your pilot to value-oriented, scaled automations brings new challenges and barriers to your organization such as:

    • Little motivation or tolerance to change existing business operations to see the full value of BPA.
    • Overinvesting in current BPA technologies to maximize the return despite available alternatives that can do the same tasks better.
    • BPA teams are ill-equipped to meet the demands and complexities of scaled BPA implementations.

    Impact and Result

    • Ground your scaling expectations. Set realistic and achievable goals centered on driving business value to the entire organization by optimizing and automating end-to-end business processes.
    • Define your scaling journey. Tailor your scaling approach according to your ability to ease BPA implementation, to broaden BPA adoption, and to loosen BPA constraints.
    • Prepare to scale BPA. Cement your BPA management and governance foundations to support BPA scaling using the lessons learned from your pilot implementation.

    Scale Business Process Automation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Scale Business Process Automation Deck – A guide to learn the opportunities and values of scaling business process automation.

    This research walks you through the level setting of your scaled business process automation (BPA) expectations, factors to consider in defining your scaled BPA journey, and assessing your readiness to scale BPA.

    • Scale Business Process Automation Storyboard

    2. Scale Business Process Automation Readiness Assessment – A tool to help you evaluate your readiness to scale business process automation.

    Use this tool to identify key gaps in the people, processes, and technologies you need to support the scaling of business process automation (BPA). It also contains a canvas to facilitate your discussions around business process automation with your stakeholders and BPA teams.

    • Scale Business Process Automation Readiness Assessment
    [infographic]

    Further reading

    Scale Business Process Automation

    Take a value-first approach to automate the processes that matter

    Analyst Perspective

    Scaling business process automation (BPA) is an organization-wide commitment

    Business and IT must work together to ensure the right automations are implemented and BPA is grown and matured in a sustainable way. However, many organizations are not ready to make this commitment. Managing the automation demand backlog, coordinating cross-functional effort and organizational change, and measuring BPA value are some of the leading factors challenging scaling BPA.

    Pilot BPA with the intent to scale it. Pilots are safe starting points to establish your foundational governance and management practices and build the necessary relationships and collaborations for you to be successful. These factors will then allow you to explore more sophisticated, complicated, and innovative opportunities to drive new value to your team, department, and organization.

    A picture of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Business process automation (BPA) adoption gained significant momentum as your business leaders see the positive outcomes in your pilots, such as improvements in customer experience, operational efficiencies, and cost optimizations.
    • Your stakeholders are ready to increase their investments in more process automation solutions. They want to scale initial successes to other business and IT functions.
    • However, it is unclear how BPA can be successfully scaled and what benefits can be achieved from it.

    Common Obstacles

    The shift from isolated, task-based automations in your pilot to value-oriented and scaled automations brings new challenges and barriers to your organization:

    • Little motivation or tolerance to change existing business operations to see the full value of BPA.
    • Overinvesting in current BPA technologies to maximize return despite available alternatives that can do the same tasks better.
    • BPA teams are ill-equipped to meet the demands and complexities of scaled BPA implementations.

    Info-Tech's Approach

    • Ground your scaling expectations. Set realistic and achievable goals centered on driving business value to the entire organization by optimizing and automating end-to-end business processes.
    • Define your scaling journey. Tailor your scaling approach according to your ability to ease BPA implementation, to broaden BPA adoption, and to loosen BPA constraints.
    • Prepare to scale BPA. Cement your BPA management and governance foundations to support BPA scaling using the lessons learned from your pilot implementation.

    Info-Tech Insight

    Take a value-first approach in your scaling business process automation (BPA) journey. Low-risk, task-oriented automations are good starting points to introduce BPA but constrain the broader returns your organization wants. Business value can only scale when everything and everyone in your processes are working together to streamline the entire value stream rather than the small gains from optimizing small, isolated automations.

    Scale Business Process Automation

    Take a value-first approach to automate the processes that matter

    Pilot Your BPA Capabilities

    • Learn the foundation practices to design, deliver, and support BPA.
    • Understand the fit and value of BPA.
    • Gauge the tolerance for business operational change and system risk.

    See Info-Tech's Build a Winning Business Process Automation Playbook blueprint for more information.

    Build Your Scaling BPA Vision

    Apply Lessons Learned to Scale

    1. Ground Your Scaling Expectations
      Set realistic and achievable goals centered on driving business value to the entire organization by optimizing and automating end-to-end business processes.
    2. Define Your Scaling Journey
      Tailor your scaling approach according to your ability to ease BPA implementation, to broaden BPA adoption, and to loosen BPA constraints.
    3. Prepare to Scale BPA
      Cement your BPA management and governance foundations to support BPA scaling using the lessons learned from your pilot implementation.

    Research deliverable

    Design and communicate your approach to scale business process automation with Info-Tech's Scale Business Process Automation Readiness Assessment:

    • Level set your scaled BPA goals and objectives.
    • Discuss and design your scaled BPA journey.
    • Identify the gaps and improvements needed to scale your BPA practices and implementation.

    A screenshot from Info-Tech's Scale Business Process Automation Readiness Assessment

    Step 1.1

    Ground Your Scaling Expectations

    Activities

    1.1.1 Define Your Scaling Objectives

    This step involves the following participants:

    • Business Process Owners
    • Product Owners
    • Application Directors
    • Business Architects
    • BPA Delivery & Support Teams

    Outcomes of this step

    Scaling BPA objectives

    Organizations want to scale their initial BPA success

    Notable Initial Benefits

    1. Time Saved: "In the first day of live operations, the robots were saving 51 hours each day or the equivalent of six people working an eight-hour shift." – Brendan MacDonald, Director of Customer Compliance Operations, Ladbrokes (UiPath)
    2. Documentation & Knowledge Sharing: "If certain people left, knowledge of some processes would be lost and we realized that we needed a reliable process management system in place." – Peta Kinnane, Acting Audit and Risk Coordinator, Liverpool City Council (Nintex)
    3. Improved Service Delivery: "Thanks to this automation, our percentage of triaged and assigned tickets is now 100%. Nothing falls through the cracks. It has also improved the time to assignment. We assign tickets 2x faster than before." – Sebastian Goodwin, Head of Cybersecurity, Nutanix (Workato)

    Can We Gain More From Automation?

    The Solution

    As industries evolve and adopt more tools and technology, their products, services, and business operating models become more complex. Task- and desktop-based automations are often not enough. More sophisticated and scaled automations are needed to simplify and streamline the process from end-to-end of complex operations and align them with organizational goals.

    Stakeholders see automation as an opportunity to scale the business

    The value of scaling BPA is dependent on the organization's ability to scale with it. In other words, stakeholders should see an increase in business value without a substantial increase in resources and operational costs (e.g., there should be little difference if sending out 10 emails versus 1000).

    Examples of how business can be scaled with automation

    • Processes triggered by incoming documents or email: in these processes, an incoming document or email (that has semi-structured or unstructured data) is collected by a script or an RPA bot. This document is then processed with a machine learning model that validates it either by rules or ML models. The validated and enriched machine-readable data is then passed on to the next system of record.
    • The accounts payable process: this process includes receiving, processing, and paying out invoices from suppliers that provided goods or services to the company. While manual processing can be expensive, take too much time, and lead to errors, businesses can automate this process with machine learning and document extraction technologies like optical characters recognition (OCR), which converts texts containing images into characters that can be readable by computers to edit, compute, and analyze.
    • Order management: these processes include retrieving email and relevant attachments, extracting information that tells the business what its customers want, updating internal systems with newly placed orders or modifications, or taking necessary actions related to customer queries.
    • Enhance customer experience: [BPA tools] can help teams develop and distribute customer loyalty offers faster while also optimizing these offers with customer insights. Now, enterprises can more easily guarantee they are delivering the relevant solutions their clients are demanding.

    Source: Stefanini Group

    Scaling BPA has its challenges

    Perceived Lack of Opportunities

    Pilot BPA implementations often involve the processes that are straightforward to automate or are already shortlisted to optimize. However, these low-hanging fruits will run out. Discovering new BPA opportunities can be challenged for a variety of reasons, such as:

    • Lack of documentation and knowledge
    • Low user participation or drive to change
    • BPA technology limitations and constraints

    Perceived Lack of Opportunities

    BPA is not a cheap investment. A single RPA bot, for example, can cost between $5,000 to $15,000. This cost does not include the added cost for training, renewal fees, infrastructure set up and other variable and reoccurring costs that often come with RPA delivery and support (Blueprint). This reality can motivate BPA owners to favor existing technologies over other cheaper and more effective alternatives in an attempt boost their return on investment.

    Ill-Equipped Support Teams

    Good technical skills and tools, and the right mindset are critical to ensure BPA capabilities are deployed effectively. Low-code no-code (LCNC) can help but success isn't guaranteed. Lack of experience with low-code platforms is the biggest obstacle in low-code adoption according to 60% of respondents (Creatio). The learning curve has led some organizations to hire contractors to onboard BPA teams, hire new employees, or dedicate significant funding and resources to upskill internal resources.

    Shift your objectives from task-based efficiencies to value-driven capabilities

    How can I improve myself?

    How can we improve my team?

    How can we improve my organization?

    Objectives

    • Improve worker productivity
    • Improve the repeatability and predictability of the process
    • Deliver outputs of consistent quality and cadence
    • Increase process, tool, and technology confidence
    • Increase the team's throughput, commitment, and load
    • Apply more focus on cognitive and complex tasks
    • Reduce the time to complete error-prone, manual, and routine collaborations
    • Deliver insightful, personalized, and valuable outputs
    • Drive more value in existing pipelines and introduce new value streams
    • Deliver consistent digital experiences involving different technologies
    • Automatically tailor a customer's experience to individual preferences
    • Forecast and rapidly respond to customer issues and market trends

    Goals

    • Learn the fit of BPA & set the foundations
    • Improve the practices & tools and optimize the performance
    • Scale BPA capabilities throughout the organization

    Gauge the success of your scaled BPA

    BPA Practice Effectiveness

    Key Question: Are stakeholders satisfied with how the BPA practice is meeting their automation needs?

    Examples of Metrics:

    • User satisfaction
    • Automation request turnaround time
    • Throughput of BPA team

    Automation Solution Quality

    Key Question: How do your automation solutions perform and meet your quality standards?

    Examples of Metrics:

    • Licensing and operational costs
    • Service level agreement and uptime/downtime
    • Number of defects

    Business Value Delivery

    Key Question: How has automation improved the value your employees, teams, and the organization delivers?

    Examples of Metrics:
    Increase in revenue generation
    Reduction in operational costs
    Expansion of business capabilities with minimal increases in costs and risks

    1.1.1 Define your scaling objectives

    5 minutes

    1. Complete the following fields to build your scaled business process automation canvas:
      1. Problem that scaling BPA is intending to solve
      2. Your vision for scaling BPA
      3. Stakeholders
      4. Scaled BPA business and IT objectives and metrics
      5. Business capabilities, processes, and application systems involved
      6. Notable constraints, roadblocks, and challenges to your scaled BPA success
    2. Document your findings and discussions in Info-Tech's Scale Business Process Automation Readiness Assessment.

    Output

    Scaled BPA value canvas

    Participants

    • Business Process Owners
    • Product Owners
    • Application Directors
    • Business Architects
    • BPA Delivery & Support Teams

    Record the results in the 2. Value Canvas Tab in the Scale Business Process Automation Readiness Assessment.

    1.1.1 cont'd

    Scaled BPA Value Canvas Template:

    A screenshot of Scaled BPA Value Canvas Template

    Align your objectives to your application portfolio strategy

    Why is an application portfolio strategy important for BPA?

    • All business process optimizations are designed, delivered, and managed to support a consistent interpretation of the business and IT vision and goals.
    • Clear understanding of the sprawl, criticality, and risks of automation solutions and applications to business capabilities.
    • BPA initiatives are planned, prioritized, and coordinated alongside modernization, upgrades, and other changes to the application portfolio.
    • Resources, skills, and capacities are strategically allocated to meet BPA demand considering other commitments in the backlog and roadmap.
    • BPA expectations and practices uphold the persona, values, and principles of the application team.

    What is an application portfolio strategy?

    An application portfolio strategy details the direction, activities, and tactics to deliver on the promise of your application portfolio. It often includes:

    • Portfolio vision and goals
    • Application, automation, and process portfolio
    • Values and principles
    • Portfolio health
    • Risks and constraints
    • Strategic roadmap

    See our Application Portfolio Management Foundations blueprint for more information.

    Leverage your BPA champions to drive change and support scaling initiatives

    An arrow showing the steps to Leverage your BPA champions to drive change and support scaling initiatives

    Expected Outcome From Your Pilot: Your pilot would have recognized the roles that know how to effectively apply good BPA practices (e.g., process analysis and optimization) and are familiar with the BPA toolset. These individuals are prime candidates who can standardize your Build a Winning Business Process Automation Playbook, upskill interested teams, and build relationships among those involved in the delivery and use of BPA.

    Step 1.2

    Define Your Scaling Journey

    Activities

    1.2.1 Discuss Your BPA Opportunities
    1.2.2 Lay Out Your Scaling BPA Journey

    Scale Business Process Automation

    This step involves the following participants:

    • Business Process Owners
    • Product Owners
    • Application Directors
    • Business Architects
    • BPA Delivery & Support Teams

    Outcomes of this step

    • List of scaling BPA opportunities
    • Tailored scaling journey

    Maintain a healthy demand pipeline

    A successful scaled BPA practice requires a continuous demand for BPA capabilities and the delivery of minimum viable automations (MVA) held together by a broader strategic roadmap.

    An image of a healthy demand pipeline.  it flows from opportunities to trends, with inputs from internal and external sources.

    An MVA focuses on a single and small process use case, involves minimal possible effort to improve, and is designed to satisfy a specific user group. Its purpose is to maximize learning and value and inform the further scaling of the BPA technology, approach, or practice.

    See our Build a Winning Business Process Automation Playbook blueprint for more information.

    Investigate how BPA trends can drive more value for the organization

    • Event-Driven Automation
      Process is triggered by a schedule, system output, scenario, or user (e.g., voice-activated, time-sensitive, system condition)
    • Low- & No-Code Automation build and management are completed through an easy-to-learn scripting language and/or a GUI.
    • Intelligent Document Processing
      Transform documents for better analysis, processing and handling (e.g., optical character recognition) by a tool or system.
    • End-to-End Process Automation & Transparency
      Linking cross-functional processes to enable automation of the entire value stream with seamless handoffs or triggers.
    • Orchestration of Different BPA Technologies
      Integrating and sequencing the execution of multiple automation solutions through a single console.
    • Cognitive Automation
      AI and other intelligent technologies automate information-intensive processes, including semi and unstructured data and human thinking simulation.
    • Intelligent Internet-of-Things
      Connecting process automation technologies to physical environments with sensors and other interaction devices (e.g., computer vision).
    • Ethical Design
      Optimizing processes that align to the moral value, principles, and beliefs of the organization (e.g., respects data privacy, resists manipulative patterns).
    • User Profiling & Tailored Experiences
      Customizing process outputs and user experience with user-defined configurations or system and user activity monitoring.
    • Process Mining & Discovery
      Gleaning optimization opportunities by analyzing system activities (mining) or monitoring user interactions with applications (discovery).

    1.2.1 Discuss your BPA opportunities

    5 minutes

    1. Review the goals and objectives of your initiative and the expectations you want to gain from scaling BPA.
    2. Discuss how BPA trends can be leveraged in your organization.
    3. List high priority scaling BPA opportunities.

    Output

    • Scaled BPA opportunities

    Participants

    • Business Process Owners
    • Product Owners
    • Application Directors
    • Business Architects
    • BPA Delivery & Support Teams

    Create your recipe for success

    Your scaling BPA recipe (approach) can involve multiple different flavors of various quantities to fit the needs and constraints of your organization and workers.

    What and how many ingredients you need is dependent on three key questions:

    1. How can we ease BPA implementation?
    2. How can we broaden the BPA scope?
    3. How can we loosen constraints?

    Personalize Scaling BPA To Your Taste

    • Extend BPA Across Business Units (Horizontal)
    • Integrate BPA Across Your Application Architecture (Vertical)
    • Embed AI/ML Into Your Automation Technologies
    • Empower Users With Business-Managed Automations
    • Combine Multiple Technologies for End-to-End Automation
    • Increase the Volume and Velocity of Automation
    • Automate Cognitive Processes and Making Variable Decisions

    Answer these questions in the definition of your scaling BPA journey

    Seeing the full value of your scaling approach is dependent on your ability to support BPA adoption across the organization

    How can we ease BPA implementation?

    • Good governance practices (e.g., role definitions, delivery and management processes, technology standards).
    • Support for innovation and experimentation.
    • Interoperable and plug-and-play architecture.
    • Dedicated technology management and support, including resources, documents, templates and shells.
    • Accessible and easy-to-understand knowledge and document repository.

    How can we broaden BPA scope?

    • Provide a unified experience across processes, fragmented technologies, and siloed business functions.
    • Improve intellectually intensive activities, challenging decision making and complex processes with more valuable insights and information using BPA.
    • Proactively react to business and technology environments and operational changes and interact with customers with unattended automation.
    • Infuse BPA technologies into your product and service to expand their functions, output quality, and reliability.

    How can we loosen constraints?

    • Processes are automated without the need for structured data and optimized processes, and there is no need to work around or avoid legacy applications.
    • Workers are empowered to develop and maintain their own automations.
    • Coaching, mentoring, training, and onboarding capabilities.
    • Accessibility and adoption of underutilized applications are improved with BPA.
    • BPA is used to overcome the limitations or the inefficiencies of other BPA technologies.

    1.2.2 Lay out your scaling BPA journey

    5 minutes

    1. Review the goals and objectives of your initiative, the expectations you want to gain from scaling BPA, and the various scaling BPA opportunities.
    2. Discuss the different scaling BPA flavors (patterns) and how each flavor is applicable to your situation. Ask yourself these key questions:
      1. How can we ease BPA implementation?
      2. How can we broaden the BPA scope?
      3. How can we loosen constraints?
    3. Design the broad steps of your scaling BPA journey. See the following slide for an example.
    4. Document your findings and discussions in Info-Tech's Scale Business Process Automation Readiness Assessment.

    Record the results in the 3. Scaled BPA Journey Tab in the Scale Business Process Automation Readiness Assessment.

    Output

    • Scaled BPA journey

    Participants

    • Business Process Owners
    • Product Owners
    • Application Directors
    • Business Architects
    • BPA Delivery & Support Teams

    1.2.2 cont'd

    An image of the marker used to identify Continuous business process optimization and automation Continuous business process optimization and automation
    An image of the marker used to identify Scope of Info-Tech's Build Your Business Process Automation Playbook blueprintScope of Info-Tech's Build Your Business Process Automation Playbook blueprint

    Example:

    An example of the BPA journey.  Below are the links included in the journey.

    Continuously review and realign expectations

    Optimizing your scaled BPA practices and applying continuous improvements starts with monitoring the process after implementation.

    Purpose of Monitoring

    1. Diligent monitoring confirms your scaled BPA implementation is performing as desired and meeting initial expectations.
    2. Holding reviews of your BPA practice and implementations helps assess the impact of marketplace and business operations changes and allows the organization to stay on top of trends and risks.

    Metrics

    Metrics are an important aspect of monitoring and sustaining the scaled practice. The metrics will help determine success and find areas where adjustments may be needed.

    Hold retrospectives to identify any practice issues to be resolved or opportunities to undertake

    The retrospective gives your organization the opportunity to review themselves and brainstorm solutions and a plan for improvements to be actioned. This session is reoccurring, typically, after key milestones. While it is important to allow all participants the opportunity to voice their opinions, feelings, and experiences, retrospectives must be positive, productive, and time boxed.

    Step 1.3

    Prepare to Scale BPA

    Activities

    1.3.1 Assess Your Readiness to Scale BPA

    This step involves the following participants:

    • Business Process Owners
    • Product Owners
    • Application Directors
    • Business Architects
    • BPA Delivery & Support Teams

    Outcomes of this step

    • Scale BPA readiness assessment

    Prepare to scale by learning from your pilot implementations

    "While most organizations are advised to start with automating the 'low hanging fruit' first, the truth is that it can create traps that will impede your ability to achieve RPA at scale. In fact, scaling RPA into the organizational structure is fundamentally different from implementing a conventional software product or other process automation."
    – Blueprint

    What should be the takeaways from your pilot?

    Degree of Required BPA Support

    • Practices needed to address the organization's tolerance to business process changes and automation adoption.
    • Resources, budget and skills needed to configure and orchestrate automation technologies to existing business applications and systems.

    Technology Integration & Compatibility

    • The BPA technology and application system's flexibility to be enhanced, modified, and removed.
    • Adherence to data and system quality standards (e.g., security, availability) across all tools and technologies.

    Good Practices Toolkit

    • A list of tactics, techniques, templates, and examples to assist teams assessing and optimizing business processes and applying BPA solutions in your organization's context.
    • Strategies to navigate common blockers, challenges, and risks.

    Controls & Measures

    • Defined guardrails aligned to your organization's policies and risk tolerance
    • Key metrics are gathered to gauge the value and performance of your processes and automations for enhancements and further scaling.

    Decide how to architect and govern your BPA solutions

    Centralized

    A single body and platform to coordinate, execute, and manage all automation solutions.

    An image of the Centralized approach to governing BPA solutions.

    Distributed

    Automation solutions are locally delivered and managed whether that is per business unit, type of technology, or vendor. Some collaboration and integration can occur among solutions but might be done without a holistic strategy or approach.

    An image of the Distributed approach to governing BPA solutions.

    Hybrid

    Automation solutions are locally delivered and managed and executed for isolated use cases. Broader and complex automations are centrally orchestrated and administered.

    An image of the Hybrid approach to governing BPA solutions.

    Be prepared to address the risks with scaling BPA

    "Companies tend to underestimate the complexity of their business processes – and bots will frequently malfunction without an RPA design team that knows how to anticipate and prepare for most process exceptions. Unresolved process exceptions rank among the biggest RPA challenges, prompting frustrated users to revert to manual work."
    – Eduardo Diquez, Auxis, 2020

    Scenarios

    • Handling Failures of Dependent Systems
    • Handling Data Corruption & Quality Issues
    • Alignment to Regulatory & Industry Standards
    • Addressing Changes & Regressions to Business Processes
    • "Run Away" & Hijacked Automations
    • Unauthorized Access to Sensitive Information

    Recognize the costs to support your scaled BPA environment

    Cost Factors

    Automation Operations
    How will chaining multiple BPA technologies together impact your operating budget? Is there a limit on the number of active automations you can have at a single time?

    User Licenses
    How many users require access to the designer, orchestrator, and other functions of the BPA solution? Do they also require access to dependent applications, services, and databases?

    System Enhancements
    Are application and system upgrades and modernizations needed to support BPA? Is your infrastructure, data, and security controls capable of handling BPA demand?

    Supporting Resources
    Are dedicated resources needed to support, govern, and manage BPA across business and IT functions? Are internal resources or third-party providers preferred?

    Training & Onboarding
    Are end users and supporting resources trained to deliver, support, and/or use BPA? How will training and onboarding be facilitated: internally or via third party providers?

    Create a cross-functional and supportive body to lead the scaling of BPA

    Your supportive body is a cross-functional group of individuals promoting collaboration and good BPA practices. It enables an organization to extract the full benefits from critical systems, guides the growth and evolution of strategic BPA implementations, and provides critical expertise to those that need it. A supportive body distinctly caters to optimizing and strengthening BPA governance, management, and operational practices for a single technology or business function or broadly across the entire organization encompassing all BPA capabilities.

    What a support body is not:

    • A Temporary Measure
    • Exclusive to Large Organizations
    • A Project Management Office
    • A Physical Office
    • A Quick Fix

    See our Maximize the Benefits from Enterprise Applications With a Center of Excellence blueprint for more information.

    What are my options?

    Center of Excellence (CoE)
    AND
    Community of Practice (CoP)

    CoEs and CoPs provide critical functions

    An image of the critical functions provided by CoE and CoP.

    Shift your principles as you scale BPA

    As BPA scales, users and teams must not only think of how a BPA solution operates at a personal and technical level or what goals it is trying to achieve, but why it is worth doing and how the outcomes of the automated process will impact the organization's reputation, morality, and public perception.

    An image of the journey from Siloed BPA to Scaled BPA.

    "I think you're going to see a lot of corporations thinking about the corporate responsibility of [organizational change from automation], because studies show that consumers want and will only do business with socially responsible companies."

    – Todd Lohr

    Source: Appian, 2018.

    Assess your readiness to scale BPA

    Vision & Objectives
    Clear direction and goals of the business process automation practice.

    Governance
    Defined BPA roles and responsibilities, processes, and technology controls.

    Skills & Competencies
    The capabilities users and support roles must have to be successful with BPA.

    Business Process Management & Optimization
    The tactics to document, analyze, optimize, and monitor business processes.

    Business Process Automation Delivery
    The tactics to review the fit of automation solutions and deliver and support according to end user needs and preferences.

    Business Process Automation Platform
    The capabilities to manage BPA platforms and ensure it supports the growing needs of the business.

    1.3.1 Assess your readiness to scale BPA

    5 minutes

    1. Review your scaling BPA journey and selected patterns.
    2. Conduct a readiness assessment using the 4. Readiness Assessment tab in Info-Tech's Scale Business Process Automation Readiness Assessment.
    3. Brainstorm solutions to improve the capability or address the gaps found in this assessment.

    Output

    • Scaled BPA readiness assessment

    Participants

    • Business Process Owners
    • Product Owners
    • Application Directors
    • Business Architects
    • BPA Delivery & Support Teams

    Record the results in the 4. Readiness Assessment tab in Info-Tech's Scale Business Process Automation Readiness Assessment.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Related Info-Tech Research

    Bibliography

    Alston, Roland. "With the Rise of Intelligent Automation, Ethics Matter Now More than Ever." Appian, 4 Sept. 2018. Web.
    "Challenges of Achieving RPA at Scale." Blueprint, N.d. Web.
    Dilmegani, Cem. "RPA Benefits: 20 Ways Bots Improve Businesses in 2023," AI Multiple, 9 Jan 2023. Web.
    Diquez, Eduardo. "Struggling To Scale RPA? Discover The Secret to Success." Auxis, 30 Sept. 2020. Web.
    "How much does Robotic Process Automation (RPA) Really Cost?" Blueprint, 14 Sept. 2021. Web.
    "Liverpool City Council improves document process with Nintex." Nintex, n.d. Web.
    "The State of Low-Code/No-Code." Creatio, 2021. Web.
    "Using automation to enhance security and increase IT NPS to 90+ at Nutanix." Workato, n.d. Web.
    "What Is Hyperautomation? A Complete Guide To One Of Gartner's Top Tech Trends." Stefanini Group, 26 Mar. 2021. Web.

    Modernize Your Corporate Website to Drive Business Value

    • Buy Link or Shortcode: {j2store}524|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Users are demanding more valuable web functionalities and improved access to your website services. They are expecting development teams to keep up with their changing needs.
    • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

    Our Advice

    Critical Insight

    Complication

    • Organizations are focusing too much on the UI when they optimize the user experience of their websites. The UI is only one of many components involved in successful websites with good user experience.
    • User experience (UX) is often an afterthought in development, risking late and costly fixes to improve end-user reception after deployment.

    Insights

    • Organizations often misinterpret UX as UI. In fact, UX incorporates both the functional and emotional needs of the user, going beyond the website’s UI.
    • Human behaviors and tendencies are commonly left out of the define and design phases of website development, putting user satisfaction and adoption at risk.

    Impact and Result

    • Gain a deep understanding of user needs and behaviors. Become familiar with the human behaviors, emotions, and pain points of your users in order to shortlist the design elements and website functions that will receive the highest user satisfaction.
    • Perform a comprehensive website review. Leverage satisfaction surveys, user feedback, and user monitoring tools (e.g. heat maps) to reveal high-level UX issues. Use these insights to drill down into the execution and composition of your website to identify the root causes of issues.
    • Incorporate modern UX trends in your design. New web technologies are continuously emerging in the industry to enhance user experience. Stay updated on today’s UX trends and validate their fit for the specific needs of your target audience.

    Modernize Your Corporate Website to Drive Business Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your website, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define UX requirements

    Reveal the opportunities to heighten the user experience of your website through a deep understanding of the behaviors, emotions, and needs of your end users in order to design a receptive and valuable website.

    • Modernize Your Corporate Website to Drive Business Value – Phase 1: Define UX Requirements
    • Website Design Document Template

    2. Design UX-driven website

    Design a satisfying and receptive website by leveraging industry best practices and modern UX trends and ensuring the website is supported with reliable and scalable data and infrastructure.

    • Modernize Your Corporate Website to Drive Business Value – Phase 2: Design UX-Driven Website
    [infographic]

    Workshop: Modernize Your Corporate Website to Drive Business Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your UX Requirements

    The Purpose

    List the business objectives of your website.

    Describe your user personas, use cases, and user workflow.

    Identify current UX issues through simulations, website design, and system reviews.

    Key Benefits Achieved

    Strong understanding of the business goals of your website.

    Knowledge of the behaviors and needs of your website’s users.

    Realization of the root causes behind the UX issues of your website.

    Activities

    1.1 Define the business objectives for the website you want to optimize

    1.2 Define your end-user personas and map them to use cases

    1.3 Build your website user workflow

    1.4 Conduct a SWOT analysis of your website to drive out UX issues

    1.5 Gauge the UX competencies of your web development team

    1.6 Simulate your user workflow to identify the steps driving down UX

    1.7 Assess the composition and construction of your website

    1.8 Understand the execution of your website with a system architecture

    1.9 Pinpoint the technical reason behind your UX issues

    1.10 Clarify and prioritize your UX issues

    Outputs

    Business objectives

    End-user personas and use cases

    User workflows

    Website SWOT analysis

    UX competency assessment

    User workflow simulation

    Website design assessment

    Current state of web system architecture

    Gap analysis of web system architecture

    Prioritized UX issues

    2 Design Your UX-Driven Website

    The Purpose

    Design wireframes and storyboards to be aligned to high priority use cases.

    Design a web system architecture that can sufficiently support the website.

    Identify UX metrics to gauge the success of the website.

    Establish a website design process flow.

    Key Benefits Achieved

    Implementation of key design elements and website functions that users will find stimulating and valuable.

    Optimized web system architecture to better support the website.

    Website design process aligned to your current context.

    Rollout plan for your UX optimization initiatives.

    Activities

    2.1 Define the roles of your UX development team

    2.2 Build your wireframes and user storyboards

    2.3 Design the target state of your web environment

    2.4 List your UX metrics

    2.5 Draw your website design process flow

    2.6 Define your UX optimization roadmap

    2.7 Identify and engage your stakeholders

    Outputs

    Roles of UX development team

    Wireframes and user storyboards

    Target state of web system architecture

    List of UX metrics

    List of your suppliers, inputs, processes, outputs, and customers

    Website design process flow

    UX optimization rollout roadmap

    Establish High-Value IT Performance Dashboards and Metrics

    • Buy Link or Shortcode: {j2store}58|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $8,599 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement

    While most CIOs understand the importance of using metrics to measure IT’s accomplishments, needs, and progress, when it comes to creating dashboards to communicate these metrics, they:

    • Concentrate on the data instead of the audience.
    • Display information specific to IT activities instead of showing how IT addresses business goals and problems.
    • Use overly complicated, out of context graphs that crowd the dashboard and confuse the viewer.

    Our Advice

    Critical Insight

    While most CIOs understand the importance of using metrics to measure IT’s accomplishments, needs, and progress, when it comes to creating dashboards to communicate these metrics, they:

    • Concentrate on the data instead of the audience.
    • Display information specific to IT activities instead of showing how IT addresses business goals and problems.
    • Use overly complicated, out of context graphs that crowd the dashboard and confuse the viewer.

    Impact and Result

    Use Info-Tech’s ready-made dashboards for executives to ensure you:

    • Speak to the right audience
    • About the right things
    • In the right quantity
    • Using the right measures
    • At the right time.

    Establish High-Value IT Performance Dashboards and Metrics Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish High-Value IT Performance Metrics and Dashboards – a document that walks you through Info-Tech’s ready-made IT dashboards.

    This blueprint guides you through reviewing Info-Tech’s IT dashboards for your audience and organization, then walks you through practical exercises to customize the dashboards to your audience and organization. The blueprint also gives practical guidance for delivering your dashboards and actioning your metrics.

    • Establish High-Value IT Performance Metrics and Dashboards Storyboard

    2. Info-Tech IT Dashboards and Guide – Ready-made IT dashboards for the CIO to communicate to the CXO.

    IT dashboards with visuals and metrics that are aligned and organized by CIO priority and that allow you to customize with your own data, eliminating 80% of the dashboard design work.

    • Info-Tech IT Dashboards and Guide

    3. IT Dashboard Workbook – A step-by-step tool to identify audience needs, translate needs into metrics, design your dashboard, and track/action your metrics.

    The IT Dashboard Workbook accompanies the Establish High Value IT Metrics and Dashboards blueprint and guides you through customizing the Info-Tech IT Dashboards to your audience, crafting your messages, delivering your dashboards to your audience, actioning metrics results, and addressing audience feedback.

    • Info-Tech IT Dashboards Workbook

    4. IT Metrics Library

    Reference the IT Metrics Library for ideas on metrics to use and how to measure them.

    • IT Metrics Library

    5. HR Metrics Library

    Reference the HR Metrics Library for ideas on metrics to use and how to measure them.

    • HR Metrics Library

    Infographic

    Workshop: Establish High-Value IT Performance Dashboards and Metrics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Test Info-tech’s IT Dashboards Against Your Audience’s Needs and Translate Audience Needs Into Metrics

    The Purpose

    Introduce the Info-Tech IT Dashboards to give the participants an idea of how they can be used in their organization.

    Understand the importance of starting with the audience and understanding audience needs before thinking about data and metrics.

    Explain how audience needs translate into metrics.

    Key Benefits Achieved

    Understanding of where to begin when it comes to considering dashboards and metrics (the audience).

    Identified audience and needs and derived metrics from those identified needs.

    Activities

    1.1 Review the info-Tech IT Dashboards and document impressions for your organization.

    1.2 Identify your audience and their attributes.

    1.3 Identify timeline and deadlines for dashboards.

    1.4 Identify and prioritize audience needs and desired outcomes.

    1.5 Associate metrics to each need.

    1.6 Identify a dashboard for each metric.

    Outputs

    Initial impressions of Info-Tech IT Dashboards.

    Completed Tabs 2 and 3 of the IT Dashboard Workbook.

    2 Inventory Your Data and Assess Data Quality and Readiness

    The Purpose

    Provide guidance on how to derive metrics and assess data.

    Key Benefits Achieved

    Understand the importance of considering how you will measure each metric and get the data.

    Understand that measuring data can be costly and that sometimes you just can’t afford to get the measure or you can’t get the data period because the data isn’t there.

    Understand how to assess data quality and readiness.

    Activities

    2.1 Complete a data inventory for each metric on each dashboard: determine how you will measure the metric, the KPI, any observation biases, the location of the data, the type of source, the owner, and the security/compliance requirements.

    2.2 Assess data quality for availability, accuracy, and standardization.

    2.3 Assess data readiness and the frequency of measurement and reporting.

    Outputs

    Completed Tab 4 of the IT Dashboard Workbook.

    3 Design and Build Your Dashboards

    The Purpose

    Guide participants in customizing the Info-Tech IT Dashboards with the data identified in previous steps.

    This step may vary as some participants may not need to alter the Info-Tech IT Dashboards other than to add their own data.

    Key Benefits Achieved

    Understanding of how to customize the dashboards to the participants’ organization.

    Activities

    3.1 Revisit the Info-Tech IT Dashboards and use the identified metrics to determine what should change in them.

    3.2 Build your dashboards by editing the Info-Tech IT Dashboards with your changes as planned in Step 3.1.

    Outputs

    Assessed Info-Tech IT Dashboards for your audience’s needs.

    Completed Tab 5 of the IT Dashboard Workbook.

    Finalized dashboards.

    4 Deliver Your Dashboard and Plan to Action Metrics

    The Purpose

    Guide participants in learning how to create a story around the dashboards.

    Guide participants in planning to action metrics and where to record results.

    Guide participants in how to address results of metrics and feedback from audience about dashboards.

    Key Benefits Achieved

    Participants understand how to speak to their dashboards.

    Participants understand how to action metrics results and feedback about dashboards.

    Activities

    4.1 Craft your story.

    4.2 Practice delivering your story.

    4.3 Plan to action your metrics.

    4.4 Understand how to record and address your results.

    Outputs

    Completed Tabs 6 and 7 of the IT Dashboard Workbook.

    5 Next Steps and Wrap-Up

    The Purpose

    Finalize work outstanding from previous steps and answer any questions.

    Key Benefits Achieved

    Participants have thought about and documented how to customize the Info-Tech IT Dashboards to use in their organization, and they have everything they need to customize the dashboards with their own metrics and visuals (if necessary).

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Completed IT Dashboards tailored to your organization.

    Completed IT Dashboard Workbook

    Further reading

    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    Analyst Perspective

    A dashboard is a communication tool that helps executives make data-driven decisions

    CIOs naturally gravitate toward data and data analysis. This is their strength. They lean into this strength, using data to drive decisions, track performance, and set targets because they know good data drives good decisions.

    However, when it comes to interpreting and communicating this complex information to executives who may be less familiar with data, CIOs struggle, often falling back on showing IT activity level data instead of what the executives care about. This results in missed opportunities to tell IT’s unique story, secure funding, reveal important trends, or highlight key opportunities for the organization.

    Break through these traditional barriers by using Info-Tech’s ready-made IT dashboards. Spend less time agonizing over visuals and layout and more time concentrating on delivering IT information that moves the organization forward.

    Photo of Diana MacPherson
    Diana MacPherson
    Senior Research Analyst, CIO
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    While most CIOs understand the importance of using metrics to measure IT’s accomplishments, needs, and progress, when it comes to creating dashboards to communicate these metrics, they:

    • Concentrate on the data instead of the audience.
    • Display information specific to IT activities instead of showing how IT addresses business goals and problems.
    • Use overly complicated, out of context graphs that crowd the dashboard and confuse the viewer.

    Common Obstacles

    CIOs often experience these challenges because they:

    • Have a natural bias toward data and see it as the whole story instead of a supporting character in a larger narrative.
    • Assume that the IT activity metrics that are easy to get and useful to them are equally interesting to all their stakeholders.
    • Do not have experience communicating visually to an audience unfamiliar with IT operations or lingo.

    Info-Tech’s Approach

    Use Info-Tech’s ready-made dashboards for executives to ensure you:

    • Speak to the right audience
    • About the right things
    • In the right quantity
    • Using the right measures
    • At the right time

    Info-Tech Insight

    The purpose of a dashboard is to drive decision making. A well designed dashboard presents relevant, clear, concise insights that help executives make data-driven decisions.

    Your challenge

    CIOs struggle to select the right metrics and dashboards to communicate IT’s accomplishments, needs, and progress to their executives. CIOs:

    • Fail to tailor metrics to their audience, often presenting graphs that are familiar and useful to them, but not their executives. This results in dashboards full of IT activities that executives neither understand nor find valuable.
    • Do not consider the timeliness of their metrics, which has the same effect as not tailoring their metrics: the executives do not care about the metrics they are shown.
    • Present too many metrics, which not only clutters the board but also dilutes the message the CIO needs to communicate.
    • Do not act on the results of their metrics and show progress, which makes metrics meaningless. Why measure something if you won’t act on the results?

    The bottom line: CIOs often communicate to the wrong audience, about the wrong things, in the wrong amount, using the wrong metrics, at the wrong time.

    In a survey of 500 executives, organizations that struggled with dashboards identified the reasons as:
    61% Inadequate context
    54% Information overload

    — Source: Exasol

    CXOs and CIOs agree that IT performance metrics need improvement

    When asked which performance indicators should be implemented in your business, CXOs and CIOs both agree that IT needs to improve its metrics across several activity areas: technology performance, cost and salary, and risk.

    A diagram that shows performance indicators and metrics from cxo and cio.

    The Info-Tech IT Dashboards center key metrics around these activities ensuring you align your metrics to the needs of your CXO audience.

    Info-Tech CEO/CIO Alignment Survey Benchmark Report n=666

    The Info-Tech IT Dashboards are organized by the top CIO priorities

    The top six areas that a CIO needs to prioritize and measure outcomes, no matter your organization or industry, are:

    • Managing to a budget: Reducing operational costs and increasing strategic IT spend
    • Customer/constituent satisfaction: Directly and indirectly impacting customer experience.
    • Risk management: Actively knowing and mitigating threats to the organization.
    • Delivering on business objectives: Aligning IT initiatives to the vision of the organization.
    • Employee engagement: Creating an IT workforce of engaged and purpose-driven people.
    • Business leadership relations: Establishing a network of influential business leaders.

    Deliver High-Value IT Dashboards to Your Executives

    A diagram that shows Delivering High-Value IT Dashboards to Your Executives

    Info-Tech’s approach

    Deliver High-Value Dashboards to Your Executives

    A diagram that shows High-Value Dashboard Process.

    Executives recognize the benefits of dashboards:
    87% of respondents to an Exasol study agreed that their organization’s leadership team would make more data-driven decisions if insights were presented in a simpler and more understandable way
    (Source: Exasol)

    The Info-Tech difference:

    We created dashboards for you so you don’t have to!

    1. Eliminate 80% of the dashboard design work by selecting from our ready-made Info-Tech IT Dashboards.
    2. Use our IT Dashboard Workbook to adjust the dashboards to your audience and organization.
    3. Follow our blueprint and IT Dashboard Workbook tool to craft, and deliver your dashboard to your CXO team, then action feedback from your audience to continuously improve.

    Info-Tech’s methodology for establishing high-value dashboards

    1. Test Info-Tech’s IT Dashboards Against Your Audience’s Needs

    Phase Steps

    1. Validate Info-Tech’s IT Dashboards for Your Audience
    2. Identify and Document Your Audience’s Needs

    Phase Outcomes

    1. Initial impressions of Info-Tech IT Dashboards
    2. Completed Tabs 2 of the IT Dashboard Workbook

    2. Translate Audience Needs into Metrics

    Phase Steps

    1. Review Info-Tech’s IT Dashboards for Your Audience
    2. Derive Metrics from Audience Needs
    3. Associate metrics to Dashboards

    Phase Outcomes

    1. Completed IT Tab 3 of IT Dashboard Workbook

    3. Ready Your Data for Dashboards

    Phase Steps

    1. Assess Data Inventory
    2. Assess Data Quality
    3. Assess Data Readiness
    4. Assess Data Frequency

    Phase Outcomes

    1. Assessed Info-Tech IT Dashboards for your audience’s needs
    2. Completed Tab 5 of the IT Dashboard Workbook
    3. Finalized dashboards

    4. Build and Deliver Your Dashboards

    Phase Steps

    1. Design Your Dashboard
    2. Update Your Dashboards
    3. Craft Your Story and Deliver Your Dashboards

    Phase Outcomes

    1. Completed IT Tab 5 and 6 of IT Dashboard Workbook and finalized dashboards

    5. Plan, Record, and Action Your Metrics

    Phase Steps

    1. Plan How to Record Metrics
    2. Record and Action Metrics

    Phase Outcomes

    1. Completed IT Dashboards tailored to your organization
    2. Completed IT Dashboard Workbook

    How to Use This Blueprint

    Choose the path that works for you

    A diagram that shows path of using this blueprint.

    The Info-Tech IT Dashboards address several needs:

    1. New to dashboards and metrics and not sure where to begin? Let the phases in the blueprint guide you in using Info-Tech’s IT Dashboards to create your own dashboards.
    2. Already know who your audience is and what you want to show? Augment the Info-Tech’s IT Dashboards framework with your own data and visuals.
    3. Already have a tool you would like to use? Use the Info-Tech’s IT Dashboards as a design document to customize your tool.

    Insight Summary

    The need for easy-to-consume data is on the rise making dashboards a vital data communication tool.

    70%: Of employees will be expected to use data heavily by 2025, an increase from 40% in 2018.
    — Source: Tableau

    Overarching insight

    A dashboard’s primary purpose is to drive action. It may also serve secondary purposes to update, educate, and communicate, but if a dashboard does not drive action, it is not serving its purpose.

    Insight 1

    Start with the audience. Resist the urge to start with the data. Think about who your audience is, what internal and external environmental factors influence them, what problems they need to solve, what goals they need to achieve, then tailor the metrics and dashboards to suit.

    Insight 2

    Avoid showing IT activity-level metrics. Instead use CIO priority-based metrics to report on what matters to the organization. The Info-Tech IT Dashboards are organized by the CIO priorities: risks, financials, talent, and strategic initiatives.

    Insight 3

    Dashboards show the what not the why. Do not assume your audience will draw the same conclusions from your graphs and charts as you do. Provide the why by interpreting the results, adding insights and calls to action, and marking key areas for discussion.

    Insight 4

    A dashboard is a communication tool and should reflect the characteristics of good communication. Be clear, concise, consistent, and relevant.

    Insight 5

    Action your data. Act and report progress on your metrics. Gathering metrics has a cost, so if you do not plan to action a metric, do not measure it.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Photo of Dashboards

    Key deliverable: Dashboards

    Ready-made risk, financials, talent, and strategic initiatives dashboards that organize your data in a visually appealing way so you can concentrate on the metrics and communication.

    Photo of IT Dashboard Workbook

    IT Dashboard Workbook

    The IT Dashboard Workbook keeps all your metrics, data, and dashboard work in one handy file!

    Photo of IT Dashboard Guide

    IT Dashboard Guide

    The IT Dashboard Guide provides the Info-Tech IT Dashboards and information about how to use them.

    Blueprint benefits

    CIO Benefits

    • Reduces the burden of figuring out what metrics to show executives and how to categorize and arrange the visuals.
    • Increases audience engagement through tools and methods that guide CIOs through tailoring metrics and dashboards to audience needs.
    • Simplifies CIO messages so executives better understand IT needs and value.
    • Provides CIOs with the tools to demonstrate transparency and competency to executive leaders.
    • Provides tools and techniques for regular review and action planning of metrics results, which leads to improved performance, efficiency, and effectiveness.

    Business Benefits

    • Provides a richer understanding of the IT landscape and a clearer connection of how IT needs and issues impact the organization.
    • Increases understanding of the IT team’s contribution to achieving business outcomes.
    • Provides visibility into IT and business trends.
    • Speeds up decision making by providing insights and interpretations to complex situations.

    Measure the value of this blueprint

    Realize measurable benefits after using Info-Tech’s approach:

    Determining what you should measure, what visuals you should use, and how you should organize your visuals, is time consuming. Calculate the time it has taken you to research what metrics you should show, create the visuals, figure out how to categorize the visuals, and layout your visuals. Typically, this takes about 480 hours of time. Use the ready-made Info-Tech IT Dashboards and the IT Dashboard Workbook to quickly put together a set of dashboards to present your CXO. Using these tools will save approximately 480 hours.

    A study at the University of Minnesota shows that visual presentations are 43% more effective at persuading their audiences (Bonsignore). Estimate how persuasive you are now by averaging how often you have convinced your audience to take a specific course of action. After using the Info-Tech IT Dashboards and visual story telling techniques described in this blueprint, average again. You should be 43% more persuasive.

    Further value comes from making decisions faster. Baseline how long it takes, on average, for your executive team to make a decision before using Info-Tech’s IT Dashboards then time how long decisions take when you use your Info-Tech’s IT Dashboards. Your audience should reach decisions 21% faster according to studies at Stanford University and the Wharton School if business (Bonsignore).

    Case Study

    Visuals don’t have to be fancy to communicate clear messages.

    • Industry: Construction
    • Source: Anonymous interview participant

    Challenge

    Year after year, the CIO of a construction company attended business planning with the Board to secure funding for the year. One year, the CEO interrupted and said, “You're asking me for £17 million. You asked me for £14 million last year and you asked me for £12 million the year before that. I don't quite understand what we get for our money.”

    The CEO could not understand how fixing laptops would cost £17 million and for years no one had been able to justify the IT spend.

    Solutions

    The CIO worked with his team to produce a simple one-page bubble diagram representing each IT department. Each bubble included the total costs to deliver the service, along with the number of employees. The larger the bubble, the higher the cost. The CIO brought each bubble to life as he explained to the Board what each department did.

    The Board saw, for example, that IT had architects who thought about the design of a service, where it was going, the life cycle of that service, and the new products that were coming out. They understood what those services cost and knew how many architects IT had to provide for those services.

    Recommendations

    The CEO remarked that he finally understood why the CIO needed £17 million. He even saw that the costs for some IT departments were low for the amount of people and offered to pay IT staff more (something the CIO had requested for years).

    Each year the CIO used the same slide to justify IT costs and when the CIO needed further investment for things like security or new products, an upgrade, or end of life support, the sign-offs came very quickly because the Board understood what IT was doing and that IT wasn't a bottomless pit.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 5 phases.

    Workshop overview

    Day 1: Test Info-tech’s IT Dashboards Against Your Audience’s Needs and Translate Audience Needs Into Metrics

    Activities
    1.1 Review the info-Tech IT Dashboards and document impressions for your organization.
    1.2 Identify your audience’s attributes.
    1.3 Identify timeline and deadlines for dashboards.
    1.4 Identify and prioritize audience needs and desired outcomes.
    1.5 Associate metrics to each need.
    1.6 Identify a dashboard for each metric.

    Deliverables
    1. Initial impressions of Info-Tech IT Dashboards.
    2. Completed Tabs 2 and 3 of the IT Dashboard Workbook.

    Day 2: Inventory Your Data; Assess Data Quality and Readiness

    Activities
    2.1 Complete a data inventory for each metric on each dashboard: determine how you will measure the metric, the KPI, any observation biases, the location of the data, the type of source, and the owner and security/compliance requirements.
    2.2 Assess data quality for availability, accuracy, and standardization.
    2.3 Assess data readiness and frequency of measurement and reporting.

    Deliverables
    1. Completed Tab 4 of the IT Dashboard Workbook.

    Day 3: Design and Build Your Dashboards

    Activities
    3.1 Revisit the Info-Tech IT Dashboards and use the identified metrics to determine what should change on the dashboards.
    3.2 Build your dashboards by editing the Info-Tech IT Dashboards with your changes as planned in Step 3.1.

    Deliverables
    1. Assessed Info-Tech IT Dashboards for your audience’s needs.
    2. Completed Tab 5 of the IT Dashboard Workbook.
    3. Finalized dashboards.

    Day 4: Deliver Your Dashboard and Plan to Action Metrics

    Activities
    4.1 Craft your story.
    4.2 Practice delivering your story.
    4.3 Plan to action your metrics.
    4.4 Understand how to record and address your results.

    Deliverables
    1. Completed Tabs 6 and 7 of the IT Dashboard Workbook.

    Day 5: Next Steps and Wrap-Up (offsite)

    Activities
    5.1 Complete in-progress deliverables from previous four days
    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Completed IT Dashboards tailored to your organization.
    2. Completed IT Dashboard Workbook.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    What is an IT dashboard?

    A photo of Risks - Protect the Organization. A photo of Financials: Transparent, fiscal responsibility
    A photo of talent attrat and retain top talent A photo of Strategic Initiatives: Deliver Value to Customers.

    An IT dashboard is…
    a visual representation of data, and its main purpose is to drive actions. Well-designed dashboards use an easy to consume presentation style free of clutter. They present their audience with a curated set of visuals that present meaningful metrics to their audience.

    Dashboards can be both automatically or manually updated and can show information that is dynamic or a snapshot in time.

    Info-Tech IT Dashboards

    Review the Info-Tech IT Dashboards

    We created dashboards so you don’t have to.

    A photo of Risks - Protect the Organization. A photo of Financials: Transparent, fiscal responsibility A photo of talent attrat and retain top talent A photo of Strategic Initiatives: Deliver Value to Customers.

    Use the link below to download the Info-Tech IT Dashboards and consider the following:

    1. What are your initial reactions to the dashboards?
    2. Are the visuals appealing? If so, what makes them appealing?
    3. Can you use these dashboards in your organization? What makes them usable?
    4. How would you use these dashboards to speak your own IT information to your audience?

    Download the Info-Tech IT Dashboards

    Why Use Dashboards When We Have Data?

    How graphics affect us

    Cognitively

    • Engage our imagination
    • Stimulate the brain
    • Heighten creative thinking
    • Enhance or affect emotions

    Emotionally

    • Enhance comprehension
    • Increase recollection
    • Elevate communication
    • Improve retention

    Visual clues

    • Help decode text
    • Attract attention
    • Increase memory

    Persuasion

    • 43% more effective than text alone

    — Source: (Vogel et al.)

    Phase 1

    Test Info-Tech’s IT Dashboards Against Your Audience’s Needs

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Documenting impressions for using Info-Tech’s IT Dashboards for your audience.
    • Documenting your audience and their needs and metrics for your IT dashboards

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Info-Tech IT Dashboard organization and audience

    We created a compelling way to organize IT dashboards so you don’t have to. The Info-Tech IT Dashboards are organized by CIO Priorities, and these are consistent irrespective of industry or organization. This is a constant that you can organize your metrics around.

    A photo of Info-Tech IT Dashboards

    Dashboard Customization

    The categories represent a constant around which you can change the order; for example, if your CXO is more focused on Financials, you can switch the Financials dashboard to appear first.

    The Info-Tech IT Dashboards are aimed at a CXO audience so if your audience is the CXO, then you may decide to change very little, but you can customize any visual to appeal to your audience.

    Phase 1 will get you started with your audience.

    Always start with the audience

    …and not the data!

    Reliable, accurate data plays a critical role in dashboards, but data is only worthwhile if it is relevant to the audience who consumes it, and dashboards are only as meaningful as the data and metrics they represent.

    Instead of starting with the data, start with the audience. The more IT understands about the audience, the more relevant the metrics will be to their audience and the more aligned leadership will be with IT.

    Don’t forget yourself and who you are. Your audience will have certain preconceived notions about who you are and what you do. Consider these when you think about what you want your audience to know.

    46% executives identify lack of customization to individual user needs as a reason they struggle with dashboards.
    — Source: (Exasol)

    Resist the Data-First Temptation

    If you find yourself thinking about data and you haven’t thought about your audience, pull yourself back to the audience.

    Ask first Ask later
    Who is this dashboard for? What data should I show?
    How will the audience use the dashboard to make decisions? Where do I get the data?
    How can I show what matters to the audience? How much effort is required to get the data?

    Meaningful measures rely on understanding your audience and their needs

    It is crucial to think about who your audience is so that you can translate their needs into metrics and create meaningful visuals for your dashboards.

    A diagram that highlights step 1-3 of understanding your audience in the high-value dashboard process.

    Step 1.1

    Review and Validate Info-Tech’s IT Dashboards for Your Audience

    Activities:
    1.1.1 Examine Info-Tech’s IT Dashboards.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 1.1 & 1.2 to Test Info-Tech’s IT Dashboards Against Your Audience’s Needs.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Info-Tech dashboards reviewed for your organization’s audience.

    1.1.1 Examine the Info-Tech IT Dashboards

    30 minutes

    1. If you haven’t already downloaded the Info-Tech IT Dashboards, click the link below to download.
    2. Complete a quick review of the dashboards and consider how your audience would receive them.
    3. Document your thoughts, with special emphasis on your audience in the Info-Tech Dashboard Impressions slide.

    A diagram that shows Info-Tech IT Dashboards

    Download Info-Tech IT Dashboards

    Reviewing visuals can help you think about how your audience will respond to them

    Jot down your thoughts below. You can refer to this later as you consider your audience.

    Consider:

    • Who is your dashboard audience?
    • Are their needs different from the Info-Tech IT Dashboard audience’s? If so, how?
    • Will the visuals work for your audience on each dashboard?
    • Will the order of the dashboards work for your audience?
    • What is missing?

    Step 1.2

    Identify and Document Your Audience’s Needs

    Activities:
    1.2.1 Document your audience’s needs in the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 1.1 & 1.2 to Test Info-Tech’s IT Dashboards Against Your Audience’s Needs.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Audience details documented in IT Dashboard Workbook

    Identify Your Audience and dig deeper to understand their needs

    Connect with your audience

    • Who is your audience?
    • What does your audience care about? What matters to them?
    • How is their individual success measured? What are their key performance indicators (KPIs)?
    • Connect the challenges and pain points of your audience to how IT can help alleviate those pain points:
      • For example, poor financial performance could be due to a lack of digitization. Identify areas where IT can help alleviate this issue.
      • Try to uncover the root cause behind the need. Root causes are often tied to broad organizational objectives, so think about how IT can impact those objectives.

    Validate the needs you’ve uncovered with the audience to ensure you have not misinterpreted them and clarify the desired timeline and deadline for the dashboard.

    Document audiences and needs on Tab 2 of the IT Dashboard Workbook

    Typical Audience Needs
    Senior Leadership
    • Inform strategic planning and track progress toward objectives.
    • Understand critical challenges.
    • Ensure risks are managed.
    • Ensure budgets are managed.
    Board of Directors
    • Understand organizational risks.
    • Ensure organization is fiscally healthy.
    Business Partners
    • Support strategic workforce planning.
    • Surface upcoming risks to workforce.
    CFO
    • IT Spend
    • Budget Health and Risks

    Prioritize and select audience needs that your dashboard will address

    Prioritize needs by asking:

    • Which needs represent the largest value to the entire organization (i.e. needs that impact more of the organization than just the audience)?
    • Which needs will have the largest impact on the audience’s success?
    • Which needs are likely to drive action (e.g. if supporting a decision, is the audience likely to be amenable to changing the way they make that decision based on the data)?

    Select three to five of the highest priority needs for each audience to include on a dashboard.

    Prioritize needs on Tab 2 of the IT Dashboard Workbook

    A diagram that shows 3 tiers of high priority, medium priority, and low priority.

    1.2.1 Document Your Audience Needs in the IT Dashboard Workbook

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 2. The workbook contains pre-populated text that reflects information about Info-Tech’s IT Dashboards. You may want to keep the pre-populated text as reference as you identify your own audience then remove after you have completed your updates.

    A table of documenting audience, including key attributes, desired timeline, deadline, needs, and priority.

    Download Info-Tech IT Dashboard Workbook

    Phase 2

    Translate Audience Needs Into Metrics

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Revisiting the Info-Tech IT Dashboards for your audience.
    • Documenting your prioritized audience’s needs and the desired outcome of each in the IT Dashboard Workbook.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Linking audience needs to metrics has positive outcomes

    When you present metrics that your audience cares about, you:

    • Deliver real value and demonstrate IT’s value as a trusted partner.
    • Improve the relationship between the business and IT.
    • Enlighten the business about what IT does and how it is connected to the organization.

    29% of respondents to The Economist Intelligence Unit survey cited inadequate collaboration between IT and the business as one of the top barriers to the organization’s digital objectives.
    — Source: Watson, Morag W., et al.

    Dashboard Customization

    The Info-Tech IT Dashboards use measures for each dashboard that correspond with what the audience (CXO) cares about. You can find these measures in the IT Dashboard Workbook. If your audience is the CXO, you may have to change a little but you should still validate the needs and metrics in the IT Dashboard Workbook.

    Phase 2 covers the process of translating needs into metrics.

    Once you know what your audience needs, you know what to measure

    A diagram that highlights step 4-5 of knowing your audience needs in the high-value dashboard process.

    Step 2.1

    Document Desired Outcomes for Each Prioritized Audience Need

    Activities:
    2.1.1 Compare the Info-Tech IT Dashboards with your audience’s needs.
    2.1.2 Document prioritized audience needs and the desired outcome of each in the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 2.1 to 2.3 to translate audience needs into metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Understanding of how well Info-Tech IT Dashboards address audience needs.
    • Documented desired outcomes for each audience need.

    2.1.1 Revisit Info-Tech’s IT Dashboards and Review for Your Audience

    30 minutes

    1. If you haven’t already downloaded the Info-Tech IT Dashboards, click the link below to download.
    2. Click the link below to download the Info-Tech IT Dashboard Workbook.
    3. Recall your first impressions of the dashboards that you recorded on earlier in Phase 1 and open up the audience and needs information you documented in Tab 2 of the IT Dashboard Workbook.
    4. Compare the dashboards with your audience’s needs that you documented on Tab 2.
    5. Record any updates to your thoughts or impressions on the next slide. Think about any changes to the dashboards that you would make so that you can reference it when you build the dashboards.

    Download Info-Tech IT Dashboard Workbook

    A photo of Info-Tech IT Dashboards
    The Info-Tech IT Dashboards contain a set of monthly metrics tailored toward a CXO audience.

    Download Info-Tech IT Dashboards

    Knowing what your audience needs, do the metrics the visuals reflect address them?

    Any changes to the Info-Tech IT Dashboards?

    Consider:

    • Are your audience’s needs already reflected in the visuals in each of the dashboards? If so, validate this in the next activity by reviewing the prioritized needs, desired outcomes, and associated metrics already documented in the IT Dashboard Workbook.
    • Are there any visuals your audience would need that you don’t see reflected in the dashboards? Write them here to use in the next exercise.

    Desired outcomes make identifying metrics easier

    When it’s not immediately apparent what the link between needs and metrics is, brainstorm desired outcomes.

    A diagram that shows an example of desired outcomes

    2.1.2 Document your audience’s desired outcome per prioritized need

    Now that you’ve examined the Info-Tech IT Dashboards and considered the needs of your audience, it is time to understand the outcomes and goals of each need so that you can translate your audience’s needs into metrics.

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 3. The workbook contains pre-populated text that reflects information about Info-Tech’s IT Dashboards. You may want to keep the pre-populated text as reference as you identify your own audience then remove it after you have completed your updates.

    A diagram that shows desired outcome per prioritized need

    Download Info-Tech IT Dashboard Workbook

    Deriving Meaningful Metrics

    Once you know the desired outcomes, you can identify meaningful metrics

    A diagram of an example of meaningful metrics.

    Common Metrics Mistakes

    Avoid the following oversights when selecting your metrics.

    A diagram that shows 7 metrics mistakes

    Step 2.2

    Derive Metrics From Audience Needs

    Activities:
    2.2.1 Derive metrics using the Info-Tech IT Dashboards and the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 2.1 to 2.3 to translate audience needs into metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented metrics for audience needs.

    2.2.1 Derive metrics from desired outcomes

    Now that you have completed the desired outcomes, you can determine if you are meeting those desired outcomes. If you struggle with the metrics, revisit the desired outcomes. It could be that they are not measurable or are not specific enough.

    2 hours

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 3. The workbook contains pre-populated text that reflects information about Info-Tech’s IT Dashboards. You may want to keep the pre-populated text as reference as you identify your own audience then remove it after you have completed your updates.

    A diagram that shows derive metrics from desired outcomes

    Download Info-Tech IT Dashboard Workbook

    Download IT Metrics Library

    Download HR Metrics Library

    Step 2.3

    Associate Metrics to Dashboards

    Activities:
    2.3.1 Review the metrics and identify which dashboard they should appear on.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 2.1 to 2.3 to translate audience needs into metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Metrics associated to each dashboard.

    2.3.1 Associate metrics to dashboards

    30 minutes

    Once you have identified all your metrics from Step 2.2, identify which dashboard they should appear on. As with all activities, if the Info-Tech IT Dashboard meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information.

    A diagram that shows associate metrics to dashboards

    Phase 3

    Ready Your Data for Dashboards

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Inventorying your data
    • Assessing your data quality
    • Determining data readiness
    • Determining data measurement frequency

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Can you measure your metrics?

    Once appropriate service metrics are derived from business objectives, the next step is to determine how easily you can get your metric.

    A diagram that highlights step 5 of measuring your metrics in the high-value dashboard process.

    Make sure you select data that your audience trusts

    40% of organizations say individuals within the business do not trust data insights.
    — Source: Experian, 2020

    Phase 3 covers the process of identifying data for each metric, creating a data inventory, assessing the readiness of your data, and documenting the frequency of measuring your data. Once complete, you will have a guide to help you add data to your dashboards.

    Step 3.1

    Assess Data Inventory

    Activities:
    3.1.1 Download the IT Dashboard Workbook and complete the data inventory section on Tab 4.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to ready your data for dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented data inventory for each metric.

    3.1.1 Data Inventory

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 4. The pre-populated text is arranged into the tables according to the dashboard they appear on; you may need to scroll down to see all the dashboard tables.

    Create a data inventory by placing each metric identified on Tab 3 into the corresponding dashboard table. Complete each column as described below.

    A diagram that shows 9 columns of data inventory.

    Metrics Libraries: Use the IT Metrics Library and HR Metrics Library for ideas for metrics to use and how to measure them.

    Download Info-Tech IT Dashboard Workbook

    Step 3.2

    Assess Data Quality

    Activities:
    3.2.1 Use the IT Dashboard Workbook to complete an assessment of data quality on Tab 4.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to ready your data for dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented data quality assessment for each metric.

    3.2.1 Assess Data Quality

    1 hour

    Document the data quality on Tab 4 of the IT Dashboard Workbook by filling in the data availability, data accuracy, and data standardization columns as described below.

    A diagram that shows data availability, data accuracy, and data standardization columns.

    Data quality is a struggle for many organizations. Consider how much uncertainty you can tolerate and what would be required to improve your data quality to an acceptable level. Consider cost, technological resources, people resources, and time required.

    Download Info-Tech IT Dashboard Workbook

    Step 3.3

    Assess Data Readiness

    Activities:
    3.3.1 Use the IT Dashboard Workbook to determine the readiness of your data.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to ready your data for dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented data readiness for each metric

    3.3.1 Determine Data Readiness

    1 hour

    Once the data quality has been documented and examined, complete the Data Readiness section of Tab 4 in the Info-Tech IT Dashboard Workbook. Select a readiness classification using the definitions below. Use the readiness of your data to determine the level of effort required to obtain the data and consider the constraints and cost/ROI to implement new technology or revise processes and data gathering to produce the data.

    A diagram that shows data readiness section

    Remember: Although in most cases, simple formulas that can be easily understood are the best approach, both because effort is lower and data that is not manipulated is more trustworthy, do not abandon data because it is not perfect but instead plan to make it easier to obtain.

    Download Info-Tech IT Dashboard Workbook

    Step 3.4

    Assess Data Frequency

    Activities:
    3.4.1 Use the IT Dashboard Workbook to determine the readiness of your data and how frequently you will measure your data.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to assess data inventory, quality, and readiness.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented frequency of measurement for each metric.

    3.4.1 Document Planned Frequency of measurement

    10 minutes

    Document the planned frequency of measurement for all your metrics on Tab 4 of the IT Dashboard Workbook.

    For each metric, determine how often you will need to refresh it on the dashboard and select a frequency from the drop down. The Info-tech IT Dashboards assume a monthly refresh.

    Download Info-Tech IT Dashboard Workbook

    Phase 4

    Build and Deliver Your Dashboards

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Designing your dashboards
    • Updating your dashboards
    • Crafting your story
    • Delivering your dashboards

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Using your dashboard to tell your story with visuals

    Now that you have linked metrics to the needs of your audience and you understand how to get your data, it is time to start building your dashboards.

    A diagram that highlights step 6 of creating meaningful visuals in the high-value dashboard process.

    Using visual language

    • Shortens meetings by 24%
    • Increases the ability to reach consensus by 21%
    • Strengthens persuasiveness by 43%

    — Source: American Management Association

    Phase 4 guides you through using the Info-Tech IT Dashboard visuals for your audience’s needs and your story.

    Step 4.1

    Design Your Dashboard

    Activities:
    4.1.1 Plan and validate dashboard metrics, data, level of effort and visuals.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 4.1 to 4.3 to build and deliver your dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Identified and validated metrics, data, and visuals for your IT dashboards.

    Use clear visuals that avoid distracting the audience

    Which visual is better to present?

    Sample A:
    A photo of Sample A visuals

    Sample B:
    A diagram Sample B visuals

    Select the appropriate visuals

    Identify the purpose of the visualization. Determine which of the four categories below aligns with the story and choose the appropriate visual to display the data.

    Relationship

    A photo of Scatterplots
    Scatterplots

    • Used to show relationships between two variables.
    • Can be difficult to interpret for audiences that are not familiar with them.

    Distribution

    A photo of Histogram
    Histogram

    • Use a histogram to show spread of a given numeric variable.
    • Can be used to organize groups of data points.
    • Requires continuous data.
    • Can make comparisons difficult.

    A photo of Scatterplot
    Scatterplot

    • Can show correlation between variables.
    • Show each data plot, making it easier to compare.

    Composition

    A photo of Pie chart
    Pie chart

    • Use pie charts to show different categories.
    • Avoid pie charts with numerous slices.
    • Provide numbers alongside slices, as it can be difficult to compare slices based on size alone.

    A photo of Table
    Table

    • Use tables when there are a large number of categories.
    • Presents information in a simple way.

    Comparison

    A photo of Bar graph
    Bar graph

    • Use to compare categories.
    • Easy to understand, familiar format.

    A photo of Line chart
    Line chart

    • Use to show trends or changes over time.
    • Clear and easy to analyze.

    (Calzon)

    Examples of data visualization

    To compare categories, use a bar chart:
    2 examples of bar chart
    Conclusion: Visualizing the spend in various areas helps prioritize.


    To show trends, use a line graph:
    An example of line graph.
    Conclusion: Overlaying a trend line on revenue per employee helps justify headcount costs.


    To show simple results, text is sometimes more clear:
    A diagram that shows examples of text and graphics.
    Conclusion: Text with meaningful graphics conveys messages quickly.


    To display relative percentages of values, use a pie chart:
    An example of pie chart.
    Conclusion: Displaying proportions in a pie chart gives an at-a-glance understanding of the amount any area uses.

    Choose effective colors and design

    Select colors that will enhance the story

    • Use color strategically to help draw the audience’s attention and highlight key information.
    • Choose two to three colors to use consistently throughout the dashboard, as too many colors will be distracting to the audience.
    • Use colors that connect with the audience (e.g., organization or department colors).
    • Don’t use colors that are too similar in shade or brightness level, as those with colorblindness might have difficulty discerning them.

    Keep the design simple and clear

    • Leave white space to separate sections and keep the dashboard simple.
    • Don’t measure everything; show just enough to address the audience’s needs.
    • Use blank space between data points to provide natural contrast (e.g., leaving space between each bar on a bar graph). Don’t rely on contrast between colors to separate data (Miller).
    • Label each data point directly instead of using a separate key, so anyone who has difficulty discerning color can still interpret the data (Miller).

    Example

    A example that shows colours and design of a chart.

    Checklist to build compelling visuals in your presentation

    Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

    Checklist:

    • Do the visuals grab the audience’s attention?
    • Will the visuals mislead the audience/confuse them?
    • Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
    • Do the visuals present information simply, cleanly, and accurately?
    • Do the visuals illustrate messages and themes from the accompanying text?

    4.1.1 Plan and validate your dashboard visuals

    1 hour

    Click the links below to download the Info-Tech IT Dashboards and the IT Dashboard Workbook. Open the IT Dashboard Workbook and select Tab 5. For each dashboard, represented by its own table, open the corresponding Info-Tech IT Dashboard as reference.

    A diagram of dashboard and its considerations when selecting visuals.

    Download Info-Tech IT Dashboards

    Download Info-Tech IT Dashboard Workbook

    Step 4.2

    Update Your Dashboards

    Activities:
    4.2.1 Update the visuals on the Info-Tech IT Dashboards with data and visuals identified in the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 4.1 to 4.3 to build and deliver your dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Dashboards updated with your visuals, metrics, and data identified in the IT Dashboard Workbook.

    4.2.1 Update visuals with your own data

    2 hours

    1. Get the data that you identified in Tab 4 and Tab 5 of the IT Dashboard Workbook.
    2. Click the link below to go to the Info-Tech IT Dashboards and follow the instructions to update the visuals.

    Do not worry about the Key Insights or Calls to Action; you will create this in the next step when you plan your story.

    Download Info-Tech IT Dashboards

    Step 4.3

    Craft Your Story and Deliver Your Dashboards

    Activities:
    4.3.1 Craft Your Story
    4.3.2 Finalize Your Dashboards
    4.3.3 Practice Delivering Your Story With Your Dashboards

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 4.1 to 4.3 to build and deliver your dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented situations, key insights, and calls to action for each dashboard/visual.
    • A story to tell for each dashboard.
    • Understanding of how to practice delivering the dashboards using stories.

    Stories are more easily understood and more likely to drive decisions

    IT dashboards are valuable tools to provide insights that drive decision making.

    • Monitor: Track and report on strategic areas IT supports.
    • Provide insights: sPresent important data and information to audiences in a clear and efficient way.

    “Data storytelling is a universal language that everyone can understand – from people in STEM to arts and psychology.” — Peter Jackson, Chief Data and Analytics Officer at Exasol

    Storytelling provides context, helping the audience understand and connect with data and metrics.

    • 93% of respondents (business leaders and data professionals) agreed that decisions made as a result of successful data storytelling have the potential to help increase revenue.
    • 92% of respondents agreed that data storytelling was critical to communicate insights effectively.
    • 87% percent of respondents agreed that leadership teams would make more data-driven decisions if insights gathered from data were presented more simply.

    — Exasol

    For more visual guidance, download the IT Dashboard Guide

    Include all the following pieces in your message for an effective communication

    A diagram of an effective message, including consistent, clearn, relevant, and concise.

    Info-Tech Insight

    Time is a non-renewable resource. The message crafted must be considered a value-adding communication to your audience.

    Enable good communication with these components

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.

    Be Clear

    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Avoid jargon.

    Be Relevant

    • Talk about what matters to the audience.
    • Tailor the details of the message to the audience’s specific concerns.
    • IT thinks in processes but wider audiences focus mostly on results; talk in terms of results.
    • IT wants to be understood, but this does not matter to stakeholders. Think: “What’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.
    • If you provide more information than necessary, the clarity and consistency of the message can be lost.

    Draft the core messages to communicate

    1. Hook your audience: Use a compelling introduction that ensures your target audience cares about the message. Start with a story or metaphor and then support with the data on your dashboard. Avoid rushing in with data first.
    2. Demonstrate you can help: Let the audience know that based on the unique problem, you can help. There is value in engaging and working with you further.
    3. Write for the ear: Use concise and clear sentences, avoid technological language, and when you read it aloud ensure it sounds like how you would normally speak.
    4. Interpret visuals for your audience: Do not assume they will reach the same conclusions as you. For example, walk them through what a chart shows even if the axes are labeled, tell them what a trend line indicates or what the comparison between two data points means.
    5. Identify a couple of key insights: Think about one or two key takeaways you want your audience to leave with.
    6. Finish with a call to action: Your concluding statement should not be a thank-you but a call to action that ignites how your audience will behave after the communication. Dashboards exist to drive decisions, so if you have no call to action, you should ask if you need to include the visual.

    4.3.1 Craft Your Story

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 6. The workbook contains grey text that reflects a sample story about the Info-Tech IT Dashboards. You may want to keep the sample text as reference, then remove after you have entered your information.

    A diagram of dashboard to craft your story.

    Download Info-Tech IT Dashboard Workbook

    4.3.2 Finalize Your Dashboards

    30 minutes

    1. Take the Key Insights and Calls to Action that you documented in Tab 6 of the IT Dashboard Workbook and place them in their corresponding dashboard.
    2. Add any text to your dashboard as necessary but only if the visual requires more information. You can add explanations more effectively during the presentation.

    A diagram that shows strategic initiatives: deliver value to customers.

    Tip: Aim to be brief and concise with any text. Dashboards simplify information and too much text can clutter the visuals and obscure the message.

    Download Info-Tech IT Dashboard Workbook

    4.3.3 Practice Delivering Your Story With Your Dashboards

    1 hour

    Ideally you can present your dashboard to your audience so that you are available to clarify questions and add a layer of interpretation that would crowd out boards if added as text.

    1. To prepare to tell your story, consult the Situation, Key Insights, and Call to Action sections that you documented for each dashboard in Tab 6 of the Info-Tech IT Dashboard Workbook.
    2. Practice your messages as you walk through your dashboards. The next two slides provide delivery guidance.
    3. Once you deliver your dashboards, update Tab 6 with audience feedback. Often dashboards are iterative and when your audience sees them, they are usually inspired to think about what else they would like to see. This is good and shows your audience is engaged!

    Don’t overwhelm your audience with information and data. You spent time to craft your dashboards so that they are clear and concise, so spend time practicing delivering a message that matches your clear, concise dashboards

    Download Info-Tech IT Dashboard Workbook

    Hone presentation skills before meeting with key stakeholders

    Using voice and body

    Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, and frame all have an impact on what might be conveyed.

    If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

    Be professional and confident

    State the main points of your dashboard confidently. While this should be obvious, it needs to be stated explicitly. Your audience should be able to clearly see that you believe the points you are stating.

    Present in a way that is genuine to you and your voice. Whether you have an energetic personality or a calm and composed personality, the presentation should be authentic to you.

    Connect with your audience

    Look each member of the audience in the eye at least once during your presentation or if you are presenting remotely, look into the camera. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

    Avoid reading the text from your dashboard, and instead paraphrase it while maintaining eye/camera contact.

    Info-Tech Insight

    You are responsible for the response of your audience. If they aren’t engaged, it is on you as the communicator.

    Communication Delivery Checklist

    • Have you practiced delivering the communication to team members or coaches?
    • Have you practiced delivering the communication to someone with little to no technology background?
    • Are you making yourself open to feedback and improvement opportunities?
    • If the communication is derailed from your plan, are you prepared to handle that change?
    • Can you deliver the communication without reading your notes word for word?
    • Have you adapted your voice throughout the communication to highlight specific components you want the audience to focus on?
    • Are you presenting in a way that is genuine to you and your personality?
    • Can you communicate the message within the time allotted?
    • Are you moving in an appropriate manner based on your communication (e.g., toward the screen, across the stage, hand gestures)
    • Do you have room for feedback on the dashboards? Solicit feedback with your audience after the meeting and record it in Tab 6 of the IT Dashboard Workbook.

    Phase 5

    Plan, record, and action your metrics

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Planning to track your metrics
    • Recording your metrics
    • Actioning your metrics

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Actioning your metrics to drive results

    To deliver real value from your dashboards, you need to do something with the results.

    Don’t fail on execution! The whole reason you labor to create inviting visuals and meaningful metrics is to action those metrics. The metrics results inform your entire story! It’s important to plan and do, but everything is lost if you fail to check and act.

    70%: of survey respondents say that managers do not get insights from performance metrics to improve strategic decision making.
    60%: of survey respondents say that operational teams do not get insights to improve operation decision making.

    (Bernard Marr)

    “Metrics aren’t a passive measure of progress but an active part of an organization’s everyday management….Applying the “plan–do–check–act” feedback loop…helps teams learn from their mistakes and identify good ideas that can be applied elsewhere”

    (McKinsey)

    Step 5.1

    Plan How to Record Metrics

    Activities:
    5.1.1 For each dashboard, add a baseline and target to existing metrics and KPIs.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 5.1 to 5.2 to plan, record, and action your metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Baselines and targets identified and recorded for each metric.

    5.1.1 Identify Baselines and Targets

    1 hour

    To action your metrics, you must first establish what your baselines and targets are so that you can determine if you are on track.

    To establish baselines:
    If you do not have a baseline. Run your metric to establish one.

    To establish targets:

    • Use historical data and trends of performance.
    • If you do not have historical data, establish an initial target based on stakeholder-identified requirements and expectations.
    • You can also run the metrics report over a defined period of time and use the baseline level of achievement to establish an initial target.
    • The target may not always be a number – it could be a trend. The initial target may be changed after review with stakeholders.

    Actions for Success:
    How will you ensure you can get this metric? For example, if you would like to measure delivered value, to make sure the metric is measurable, you will need to ensure that measures of success are documented for an imitative and then measured once complete.

    • If you need help with Action plans, the IT Metrics Library includes action plans for all of its metrics that may help

    A diagram of identify metrics and to identify baselines and targets.

    Download Info-Tech IT Dashboard Workbook

    Step 5.2

    Record and Action Metrics

    Activities:
    5.2.1 Record and Action Results

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 5.1 to 5.2 to plan, record, and action your metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Understanding of what and where to record metrics once run.

    5.2.1 Record and Action Results

    1 hour

    After analyzing your results, use this information to update your dashboards. Revisit Tab 6 of the IT Dashboard Workbook to update your story. Remember to record any audience feedback about the dashboards in the Audience Feedback section.

    Action your measures as well as your metrics

    What should be measured can change over time as your organization matures and the business environment changes. Understanding what creates business value for your organization is critical. If metrics need to be changed, record metrics actions under Identified Actions on Tab 7. A metric will need to be addressed in one of the following ways:

    • Added: A new metric is required or an existing metric needs large-scale changes (example: calculation method or scope).
    • Changed: A minor change is required to the presentation format or data. Note: a major change in a metric would be performed through the Add option.
    • Removed: The metric is no longer required, and it needs to be removed from reporting and data gathering. A final report date for that metric should be determined.
    • Maintained: The metric is still useful and no changes are required to the metric, its measurement, or how it’s reported.

    A diagram of record results and identify how to address results.

    Don’t be discouraged if you need to update your metrics a few times before you get it right. It can take some trial and error to find the measures that best indicate the health of what you are measuring.

    Download Info-Tech IT Dashboard Workbook

    Tips for actioning results

    Sometimes actioning your metrics results requires more analysis

    If a metric deviates from your target, you may need to analyze how to correct the issue then run the metric again to see if the results have improved.

    Identify Root Cause
    Root Cause Analysis can include problem exploration techniques like The 5 Whys, fishbone diagrams, or affinity mapping.

    Select a Solution
    Once you have identified a possible root cause, use the same technique to brainstorm and select a solution then re-run your metrics.

    Consider Tension Metrics
    Consider tension metrics when selecting a solution. Will improving one area affect another? A car can go faster but it will consume more fuel – a project can be delivered faster but it may affect the quality.

    Summary of Accomplishment

    Problem Solved

    1. Using this blueprint and the IT Dashboard Workbook, you validated and customized the dashboards for your audience and organization, which reduced or eliminated time spent searching for and organizing your own visuals.
    2. You documented your dashboards’ story so you are ready to present them to your audience.
    3. You assessed the data for your dashboards and you built a metrics action-tracking plan to maintain your dashboards’ metrics.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    A photo of Info-Tech IT Dashboards
    Review the Info-Tech IT Dashboards
    Determine how you can use the Info-Tech IT Dashboards in your organization and the anticipated level of customization.

    A photo of the IT Dashboard Workbook
    Plan your dashboards
    Complete the IT Dashboard Workbook to help plan your dashboards using Info-Tech’s IT Dashboards.

    Research Contributors and Experts

    Photo of John Corrado
    John Corrado
    Head of IT
    X4 Pharmaceuticals

    As head of IT, John is charged with the creation of strategic IT initiatives that align with X4s vision, mission, culture, and long-term goals and is responsible for the organization’s systems, security, and infrastructure. He works closely developing partnerships with X4tizens across the organization to deliver value through innovative programs and services.

    Photo of Grant Frost
    Grant Frost
    Chief Information & Security Officer
    Niagara Catholic School Board

    Grant Frost is an experienced executive, information technologist and security strategist with extensive experience in both the public and private sector. Grant is known for, and has extensive experience in, IT transformation and the ability to increase capability while decreasing cost in IT services.

    Photo of Nick Scozzaro
    Nick Scozzaro
    CEO and Co-Founder of MobiStream and ShadowHQ
    ShadowHQ

    Nick got his start in software development and mobility working at BlackBerry where he developed a deep understanding of the technology landscape and of what is involved in both modernizing legacy systems and integrating new ones. Working with experts across multiple industries, he innovated, learned, strategized, and ultimately helped push the boundaries of what was possible.

    Photo of Joseph Sanders
    Joseph Sanders
    Managing Director of Technology/Cyber Security Services
    Kentucky Housing Corporation

    In his current role Joe oversees all IT Operations/Applications Services that are used to provide services and support to the citizens of Kentucky. Joe has 30+ years of leadership experience and has held several executive roles in the public and private sector. He has been a keynote speaker for various companies including HP, IBM, and Oracle.

    Photo of Jochen Sievert
    Jochen Sievert
    Director Performance Excellence & IT
    Zeon Chemicals

    Jochen moved to the USA from Duesseldorf, Germany in 2010 to join Zeon Chemicals as their IT Manager. Prior to Zeon, Jochen has held various technical positions at Novell, Microsoft, IBM, and Metro Management Systems.

    Info-Tech Contributors

    Ibrahim Abdel-Kader, Research Analyst
    Donna Bales, Principal Research Director
    Shashi Bellamkonda, Principal Research Director
    John Burwash, Executive Counselor
    Tony Denford, Research Lead
    Jody Gunderman, Senior Executive Advisor
    Tom Hawley, Managing Partner
    Mike Higginbotham, Executive Counselor
    Valence Howden, Principal Research Director
    Dave Kish, Practice Lead
    Carlene McCubbin, Practice Lead
    Jennifer Perrier, Principal Research Director
    Gary Rietz, Executive Counselor
    Steve Schmidt, Senior Managing Partner
    Aaron Shum, Vice President, Security & Privacy
    Ian Tyler-Clarke, Executive Counselor

    Plus, an additional four contributors who wish to remain anonymous.

    Related Info-Tech Research

    Photo of Build an IT Risk Taxonomy

    Build an IT Risk Taxonomy

    Use this blueprint as a baseline to build a customized IT risk taxonomy suitable for your organization.

    Photo of Create a Holistic IT Dashboard

    Create a Holistic IT Dashboard

    This blueprint will help you identify the KPIs that matter to your organization.

    Photo of Develop Meaningful Service Metrics

    Develop Meaningful Service Metrics

    This blueprint will help you Identify the appropriate service metrics based on stakeholder needs.

    Photo of IT Spend & Staffing Benchmarking

    IT Spend & Staffing Benchmarking

    Use this benchmarking service to capture, analyze, and communicate your IT spending and staffing.

    Photo of Key Metrics for Every CIO

    Key Metrics for Every CIO

    This short research piece highlights the top metrics for every CIO, how those align to your CIO priorities, and action steps against those metrics.

    Photo of Present Security to Executive Stakeholders

    Present Security to Executive Stakeholders

    This blueprint helps you identify communication drivers and goals and collect data to support your presentation. It provides checklists for building and delivering a captivating security presentation.

    Bibliography

    “10 Signs You Are Sitting on a Pile of Data Debt.” Experian, n.d. Web.

    “From the What to the Why: How Data Storytelling Is Key to Success.” Exasol, 2021. Web.

    Bonsignore, Marian. “Using Visual Language to Create the Case for Change.” Amarican Management Association. Accessed 19 Apr. 2023.

    Calzon, Bernardita. “Top 25 Dashboard Design Principles, Best Practices & How To’s.” Datapine, 5 Apr. 2023.

    “Data Literacy.” Tableau, n.d. Accessed 3 May 2023.

    “KPIs Don’t Improve Decision-Making In Most Organizations.” LinkedIn, n.d. Accessed 2 May 2023.

    Miller, Amanda. “A Comprehensive Guide to Accessible Data Visualization.” Betterment, 2020. Accessed May 2022.

    “Performance Management: Why Keeping Score Is so Important, and so Hard.” McKinsey. Accessed 2 May 2023.

    Vogel, Douglas, et al. Persuasion and the Role of Visual Presentation Support: The UM/3M Study. Management Information Systems Research Center School of Management University of Minnesota, 1986.

    Watson, Morag W., et al. ”IT’s Changing Mandate in an Age of Disruption.” The Economist Intelligence Unit Limited, 2021.

    Staff the Service Desk to Meet Demand

    • Buy Link or Shortcode: {j2store}490|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $1,900 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Our Advice

    Critical Insight

    • IT managers are stuck with the difficult task of determining the right number of service desk resources to meet demand to executives who perceive the service desk to be already effective.
    • Service desk managers often don’t have accurate historical data and metrics to justify their headcount, or don’t know where to start to find the data they need.
    • They often then fall prey to the common misperception that there is an industry standard ratio of the ideal number of service desk analysts to users. IT leaders who rely on staffing ratios or industry benchmarks fail to take into account the complexity of their own organization and may make inaccurate resourcing decisions.

    Impact and Result

    • There’s no magic, one-size-fits-all ratio to tell you how many service desk staff you need based on your user base alone. There are many factors that come into play, including the complexity of your environment, user profiles, ticket volume and trends, and maturity and efficiency of your processes.
    • If you don’t have historical data to help inform resourcing needs, start tracking ticket volume trends now so that you can forecast future needs.
    • If your data suggests you don’t need more staff, look to other ways to maximize your time and resources to deliver more efficient service.

    Staff the Service Desk to Meet Demand Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize service desk staffing, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine environment and operating model

    Define your business and IT environment, service desk operating model, and existing challenges to inform objectives.

    • Service Desk Staffing Stakeholder Presentation

    2. Determine staffing needs

    Understand why service desk staffing estimates should be based on your unique workload, then complete the Staffing Calculator to estimate your needs.

    • Service Desk Staffing Calculator

    3. Interpret data to plan approach

    Review workload over time to analyze trends and better inform your overall resourcing needs, then plan your next steps to optimize staffing.

    [infographic]

    State of Hybrid Work in IT

    • Buy Link or Shortcode: {j2store}551|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select

    Hybrid work is here, but there is no consensus among industry leaders on how to do it right. IT faces the dual challenge of supporting its own employees while enabling the success of the broader organization. In the absence of a single best practice to adopt, how can IT departments make the right decisions when it comes to the new world of hybrid?

    Our Advice

    Critical Insight

    • Don’t make the mistake of emulating the tech giants, unless they are your direct competition. Instead, look to organizations that have walked your path in terms of scope, organizational goals, industry, and organizational structure. Remember, your competitors are not just those who compete for the same customers but also those who compete for your employees.
    • Hybrid and remote teams require more attention, connection, and leadership from managers. The shift from doing the day-to-day to effectively leading is critical for the success of nontraditional work models. As hybrid and remote work become engrained in society, organizations must ensure that the concept of the “working manager” is as obsolete as the rotary telephone.

    Impact and Result

    Read this concise report to learn:

    • What other IT organizations are doing in the new hybrid world.
    • How hybrid has impacted infrastructure, operations, and business relations.
    • How to succeed at building a highly effective hybrid team.
    • How Info-Tech can help you make hybrid an asset for your IT department.

    State of Hybrid Work in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. State of Hybrid Work in IT: A Trend Report – A walkthrough of the latest data on the impact of the hybrid work revolution in IT.

    Read this report to learn how IT departments are using the latest trends in hybrid work for greater IT effectiveness. Understand what work models are best for IT, how IT can support a remote organization, and how hybrid work changes team dynamics.

    • State of Hybrid Work in IT: A Trends Report

    Infographic

    Further reading

    State of Hybrid Work in IT: A Trend Report

    When tech giants can’t agree and best practices change by the minute, forge your own path to your next normal.

    Hybrid is here. Now how do we do this?

    The pandemic has catapulted hybrid work to the forefront of strategic decisions an organization needs to make. According to our State of Hybrid Work in IT survey conducted in July of 2022, nearly all organizations across all industries are continuing some form of hybrid or remote work long-term (n=518). Flexible work location options are the single greatest concern for employees seeking a new job. IT departments are tasked with not only solving hybrid work questions for their own personnel but also supporting a hybrid-first organization, which means significant changes to technology and operations.

    Faced with decisions that alter the very foundation of how an organization functions, IT leaders are looking for best practices and coming up empty. The world of work has changed quickly and unexpectedly. If you feel you are “winging it” in the new normal, you are not alone.

    95% of organizations are continuing some form of hybrid or remote work.

    n=518

    47% of respondents look at hybrid work options when evaluating a new employer, vs. 46% who look at salary.

    n=518

    Hybrid work model decision tree

    Your organization, your employees, your goals – your hybrid work

    The days of a “typical” workplace have passed. When it comes to the new world of hybrid work, there is no best-of-breed example to follow.

    Among the flood of contradictory decisions made by industry leaders, your IT organization must forge its own path, informed by the needs of your employees and your organizational goals.

    All IT work models can support the broader organization. However, IT is more effective in a hybrid work mode.

    Stay informed on where your industry is headed, but learn from, rather than follow, industry leaders.

    All industries reported primarily using partial, balanced & full hybrid work models.

    All industries reported some fully remote work, ranging from 2-10% of organizations surveyed.

    Construction and healthcare & life sciences did not require any fully in-office work. Other industries, between 1-12% required fully in-office work.

    The image contains a screenshot of the Enablement of Organizational Goals.

    Move beyond following tech giants

    The uncomfortable truth about hybrid work is that there are many viable models, and the “best of breed” depends on who you ask. In the post-pandemic workspace, for every work location model there is an industry leader that has made it functional. And yet this doesn’t mean that every model will be viable for your organization.

    In the absence of a single best practice, rely on an individualized cost-benefit assessment rooted in objective feasibility criteria. Every work model – whether it continues your status quo or overhauls the working environment – introduces risk. Only in the context of your particular organization does that risk become quantifiable.

    Don’t make the mistake of emulating the tech giants, unless they are your direct competition. Instead, look to organizations that have walked your path in terms of scope, organizational goals, industry, and organizational structure.

    External

    Internal

    Political

    Economic

    Social

    Technological

    Legal

    Environmental

    Operations

    Culture

    Resources

    Risk

    Benefit

    Employee Preferences

    Comparative

    Your competitors

    Info-Tech Insight

    Remember, your competitors are not just those who compete for the same customers but also those who compete for your employees.

    IT must balance commitments to both the organization and its employees

    IT has two roles: to effectively support the broader organization and to function effectively within the department. It therefore has two main stakeholder relationships: the organization it supports and the employees it houses. Hybrid work impacts both. Don't make the mistake of overweighting one relationship at the expense of the other. IT will only function effectively when it addresses both.

    Track your progress with the right metrics

    IT and the organization

    • Business satisfaction with IT
    • Perception of IT value

    Diagnostic tool: Business Vision

    IT and its employees

    • Employee engagement

    Diagnostic tool:
    Employee Engagement Surveys

    This report contains:

    1. IT and the Organization
      1. IT Effectiveness
        in a Hybrid World
      2. The Impact of Hybrid on Infrastructure & Operations
    2. IT and Its Employees
      1. What Hybrid Means for the IT Workforce
      2. Leadership for Hybrid IT Teams

    This report is based on organizations like yours

    The image contains graphs that demonstrate demographics of organizations.

    This report is based on organizations like yours

    The image contains two graphs that demonstrate a breakdown of departments in an organization.

    This report is based on organizations like yours

    The image contains two graphs that demonstrate the workforce type and operating budget.


    This report is based on organizations like yours

    The image contains two graphs that demonstrate organization maturity and effectiveness score.

    At a high level, hybrid work in IT is everywhere

    INDUSTRY

    • Arts & Entertainment (including sports)
    • Retail & Wholesale
    • Utilities
    • Transportation & Warehousing
    • Not-for-Profit (incl. professional associations)
    • Education
    • Professional Services
    • Manufacturing
    • Media, Information, Telecom & Technology
    • Construction
    • Gaming & Hospitality
    • Government
    • Healthcare & Life Sciences
    • Financial Services (incl. banking & insurance)

    ORGANIZATIONAL SIZE

    Small

    <100

    Medium

    101-5,000

    Large

    >5,000

    Employees

    POSITION LEVEL

    • Executive
    • Director
    • Supervisor/Manager
    • Student/Contractor/Team Member

    100% of industries, organizational sizes, and position levels reported some form of hybrid or remote work.

    Work model breakdown at the respondent level

    5% 21% 30% 39% 5%

    No Remote
    Work

    Partial Hybrid

    Balanced Hybrid

    Full Hybrid

    Full Remote

    Work

    n=516

    Industry lens: Work location model

    The image contains a screenshot of a graph that demonstrates the work location model with the work model breakdown at the respondent level.

    Percentage of IT roles currently in a hybrid or remote work arrangement

    The image contains a screenshot of two graphs that demonstrate the percentage of IT roles currently in a hybrid or remote work arrangement.

    Work location model by organization size

    The image contains a screenshot of a graph that demonstrates work location model by organization size.

    Hybrid work options

    The image contains a screenshot of two pie graphs that demonstrate hybrid work options.

    Expense reimbursement

    28% 27% 22% 26% 13% 4%

    None

    Internet/home phone

    Just internet

    Home office setup

    Home utilities

    Other

    NOTES

    n=518

    Home office setup: One-time lump-sum payment

    Home utilities: Gas, electricity, lights, etc.

    Other: Office supplies, portion of home rent/mortgage payments, etc.

    01 TECHNOLOGY

    IT and the Organization

    Section 1

    The promise of hybrid work for IT department effectiveness and the costs of making it happen

    In this section:

    1. IT Effectiveness in a Hybrid World
    2. The Impact of Hybrid on Infrastructure & Operations

    Hybrid work models in IT bolster effectiveness

    IT’s effectiveness, meaning its ability to enable organizational goal attainment, is its ultimate success metric. In the post-pandemic world, this indicator is intimately tied to IT’s work location model, as well as IT’s ability to support the work location model used by the broader organization.

    In 2022, 90% of organizations have embraced some form of hybrid work (n=516). And only a small contingent of IT departments have more than 90% of roles still working completely in office, with no remote work offered (n=515).

    This outcome was not unexpected, given the unprecedented success of remote work during the pandemic. However, the implications of this work model were far less certain. Would productivity remain once the threat of layoffs had passed? Would hybrid work be viable in the long term, once the novelty wore off? Would teams be able to function collaboratively without meeting face to face? Would hybrid allow a great culture
    to continue?

    All signs point to yes. For most IT departments, the benefits of hybrid work outweigh its costs. IT is significantly more effective when some degree of remote or hybrid work is present.

    The image contains a screenshot of a graph on how hybrid work models in IT bolster effectiveness.

    n=518

    Remote Work Effectiveness Paradox

    When IT itself works fully onsite, lower effectiveness is reported (6.2). When IT is tasked with supporting fully, 100% remote organizations (as opposed to being fully remote only within IT), lower effectiveness is reported then as well (5.9). A fully remote organization means 100% virtual communication, so the expectations placed on IT increase, as do the stakes of any errors. Of note, hybrid work models yield consistent effectiveness scores when implemented at both the IT and organizational levels.

    IT has risen to the challenge of hybrid

    Despite the challenges initially posed by hybrid and remote organizations, IT has thrived through the pandemic and into this newly common workplace.

    Most organizations have experienced an unchanged or increased level of service requests and incidents. However, for the majority of organizations, service desk support has maintained (58%) or improved (35%). Only 7% of IT organizations report decreased service desk support.

    Is your service desk able to offer the same level of support compared to the pre-pandemic/pre-hybrid work model?

    The image contains a screenshot of a graph that demonstrates service desk levels.

    How has the volume of your service requests/incidents changed?

    The image contains a screenshot of a graph that demonstrates volume of service requests/incidents changed.

    Has hybrid work impacted your customer satisfaction scores?

    The image contains a graph that demonstrates if hybrid work impacted customer satisfaction scores.

    Industry lens: Volume of service requests

    It is interesting to note that service request volumes have evolved similarly across industries, mirroring the remarkable consistency with which hybrid work has been adopted across disparate fields, from construction to government.

    Of note are two industries where the volume of service requests mostly increased: government and media, information, telecom & technology.

    With the global expansion of digital products and services through the pandemic, it’s no surprise to see volumes increase for media, information, telecom & technology. With government, the shift from on premises to rapid and large-scale hybrid or remote work for administrative and knowledge worker roles likely meant additional support from IT to equip employees and end users with the necessary tools to carry out work offsite.

    How has the volume of your service requests/incidents changed?

    The image contains a screenshot of a graph that demonstrates the volume of service requests/incidents changed.

    The transition to hybrid was worth the effort

    Hybrid and remote work have been associated with greater productivity and organizational benefits since before the pandemic. During emergency remote work, doubts arose about whether productivity would be maintained under such extreme circumstances and were quickly dispelled. The promise of remote productivity held up.

    Now, cautiously entering a “new normal,” the question has emerged again. Will long-term hybrid work bring the same benefits?

    The expectations have held up, with hybrid work benefits ranging from reduced facilities costs to greater employee performance.

    Organizational hybrid work may place additional strain on IT,
    but it is clear IT can handle the challenge. And when it does,
    the organizational benefits are tremendous.

    88% of respondents reported increased or consistent Infrastructure & Operations customer satisfaction scores.

    What benefits has the organization achieved as a result of moving to a hybrid work model?

    The image contains a bar graph that demonstrates the benefits of a hybrid work model.

    n=487

    Hybrid has sped up modernization of IT processes and infrastructure

    Of the organizations surveyed, the vast majority reported significant changes to both the process and the technology side of IT operations. Four key processes affected by the move to hybrid were:

    • Incident management
    • Service request support
    • Asset management
    • Change management

    Within Infrastructure & Operations, the area with the greatest degree
    of change was network architecture (reported by 44% of respondents), followed closely by service desk (41%) and recovery workspaces and mitigations (40%).

    63% of respondents reported changes to conference room technology to support hybrid meetings.

    n=496

    IT Infrastructure & Operations changes, upgrades, and modernization

    The image contains a screenshot of a bar graph that demonstrates IT Infrastructure & Operations Changes, Upgrades, and Modernizations.

    What process(es) had the highest degree of change in response to supporting hybrid work?

    The image contains a screenshot of a bar graph that demonstrates the highest degree of change in response to supporting hybrid work.

    Hybrid has permanently changed deployment strategy

    Forty-five percent of respondents reported significant changes to deployment as a result of hybrid work, with an additional 42% reporting minor changes. Only 13% of respondents stated that their deployment processes remained unchanged following the shift to hybrid work.

    With the ever-increasing globalization of business, deployment modernization practices such as the shift to zero touch are no longer optional or a bonus. They are a critical part of business operation that bring efficiency benefits beyond just supporting hybrid work.

    The deployment changes brought on by hybrid span across industries. Even in manufacturing, with the greatest proportion of respondents reporting “no change” to deployment practices (33%), most organizations experienced some degree of change.

    Has a hybrid work model led you to make any changes to your deployment, such as zero touch, to get equipment to end users?

    The image contains a graph to demonstrate if change was possible with hybrid models.

    Industry lens: Deployment changes

    Has a hybrid work model led you to make any changes to your deployment, such as zero touch, to get equipment to end users?

    The image contains a screenshot of a graph that demonstrates deployment changes at an industry lens.

    Hybrid work has accelerated organizational digitization

    Over half of respondents reported significantly decreased reliance on printed copies as a result of hybrid. While these changes were on the horizon for many organizations even before the pandemic, the necessity of keeping business operations running during lockdowns meant that critical resources could be invested in these processes. As a result, digitization has leapt forward.

    This represents an opportunity for businesses to re-evaluate their relationships with printing vendors. Resources spent on printing can be reduced or reallocated, representing additional savings as a result of moving to hybrid. Additionally, many respondents report a willingness – and ability – from vendors to partner with organizations in driving innovation and enabling digitization.

    With respect to changes pertaining to hard copies/printers as a result of your hybrid work model:

    The image contains a screenshot of a bar graph that demonstrates how hybrid work has accelerated organizational digitization.

    Hybrid work necessitates network and communications modernization

    The majority (63%) of respondents reported making significant changes to conference room technology as a result of hybrid work. A significant proportion (30%) report that such changes were not needed, but this includes organizations who had already set up remote communication.

    An important group is the remaining 8% of respondents, who cite budgetary restrictions as a key barrier in making the necessary technology upgrades. Ensure the business case for communication technology appropriately reflects the impact of these upgrades, and reduce the impact of legacy technology where possible:

    • Recognize not just meeting efficiency but also the impact on culture, engagement, morale, and external and internal clients.
    • Connect conference room tech modernization to the overall business goals and work it into the IT strategy.
    • Leverage the scheduling flexibility available in hybrid work arrangements to reduce reliance on inadequate conference technology by scheduling in-person meetings where possible and necessary.

    Have you made changes/upgrades
    to the conference room technology to support hybrid meetings?
    (E.g. Some participants joining remotely, some participants present in a conference room)

    The image contains a screenshot of a graph that demonstrates if network and communications modernization was needed.

    How we can help

    Metrics

    Resources

    Create a Work-From-Anywhere IT Strategy

    Stabilize Infrastructure & Operations During Work-From-Anywhere

    Sustain Work-From-Home in the New Normal

    Establish a Communication & Collaboration Systems Strategy

    Modernize the Network

    Simplify Remote Deployment With Zero-Touch Provisioning

    For a comprehensive list of resources, visit
    Info-Tech’s Hybrid Workplace Research Center

    02 PEOPLE

    IT and Its Employees

    Section 2

    Cultivate the dream team in a newly hybrid world

    In this section:

    1. What Hybrid Means for the IT Workforce
    2. Leadership for IT Hybrid Teams

    Hybrid means permanent change to how IT hires

    Since before the pandemic, the intangibles of having a job that works with your lifestyle have been steadily growing in importance. Considerations like flexible work options, work-life balance, and culture are more important to employees now than they were two years ago, and employers must adapt.

    Salary alone is no longer enough to recruit the best talent, nor is it the key to keeping employees engaged and productive. Hybrid work options are the single biggest concern for IT professionals seeking new employment, just edging out salary. This means employers must not offer just some work flexibility but truly embrace a hybrid environment.

    The image contains a screenshot of several graphs that compare results from 2019 to 2021 on what is important to employees.

    What are you considering when looking at a potential employer?

    The image contains a screenshot of a bar graph that demonstrates what needs to be considered when looking at a potential employer.

    A recession may not significantly impact hybrid work decisions overall

    Declining economic conditions suggest that a talent market shift may be imminent. Moving toward a recession may mean less competition for top talent, but this doesn't mean hybrid will be left behind as a recruitment tactic.

    Just over half of IT organizations surveyed are considering expanding hybrid work or moving to fully remote work even in a recession. Hybrid work is a critical enabler of organizational success when resources are scarce, due to the productivity benefits and cost savings it has demonstrated. Organizations that recognize this and adequately invest in hybrid tools now will have equipped themselves with an invaluable tool for weathering a recession storm, should one come.

    What impact could a potential recession in the coming year have on your decisions around your work location?

    The image contains a screenshot of a graph that demonstrates the potential impact of a recession.

    Hybrid work may help small organizations in a declining economy

    The potential for a recession has a greater impact on the workforce decisions of small organizations. They likely face greater financial pressures than medium and large-sized organizations, pressures that could necessitate halting recruitment efforts or holding firm on current salaries and health benefits.

    A reliance on intangible benefits, like the continuation of hybrid work, may help offset some of negative effects of such freezes, including the risk of lower employee engagement and productivity. Survey respondents indicated that hybrid work options (47%) were slightly more important to them than salary/compensation (46%) and significantly more important than benefits (29%), which could work in favor of small organizations in keeping the critical employees needed to survive an economic downturn.

    Small

    Medium Large
    90% 82% 66%

    Currently considering some form of hiring/salary freeze or cutbacks, if a recession occurs

    NOTES

    n=520

    Small: <101 employees

    Medium: 101-5000 employees

    Large: >5,000 employees

    Hybrid mitigates the main challenge of remote work

    One advantage of hybrid over remote work is the ability to maintain an in-office presence, which provides a failsafe should technology or other barriers stand in the way of effective distance communication. To take full advantage of this, teams should coordinate tasks with location, so that employees get the most out of the unique benefits of working in office and remotely.

    Activities to prioritize for in-office work:

    • Collaboration and brainstorming
    • Team-building activities
    • Introductions and onboarding

    Activities to prioritize for remote work:

    • Individual focus time

    As a leader, what are your greatest concerns with hybrid work?

    The image contains a bar graph that demonstrates concerns about hybrid work as an employer.

    Hybrid necessitates additional effort by managers

    When it comes to leading a hybrid team, there is no ignoring the impact of distance on communication and team cohesion. Among leaders’ top concerns are employee wellbeing and the ability to pick up on signs of demotivation among team members.

    The top two tactics used by managers to mitigate these concerns center on increasing communication:

    • Staying available through instant messaging.
    • Increasing team meetings.

    Tactics most used by highly effective IT departments

    The image contains a screenshot of tactics most used by highly effective IT departments.

    Team success is linked to the number of tools at the manager’s disposal

    The most effective hybrid team management tools focus on overcoming the greatest obstacle introduced by remote work: barriers to communication and connection.

    The most effective IT organizations use a variety of tactics. For managers looking to improve hybrid team effectiveness, the critical factor is less the tactic used and more the ability to adapt their approach to their team’s needs and incorporate team feedback. As such, IT effectiveness is linked to the total number of tactics used by managers.

    IT department effectiveness

    The image contains a screenshot of a graph that demonstrates IT department effectiveness.

    Autonomy is key to hybrid team success

    Not all hybrid work models are created equal. IT leaders working with hybrid teams have many decisions to make, from how many days will be spent in and out of office to how much control employees get over which days they work remotely.

    Employee and manager preferences are largely aligned regarding the number of days spent working remotely or onsite: Two to three days in office is the most selected option for both groups, although overall manager preferences lean slightly toward more time spent in office.

    Comparison of leader and employee preference for days in-office

    The image contains a screenshot of a graph that compares leader and employee preference for days in-office.

    Do employees have a choice in the days they work in office/offsite?

    The image contains a screenshot of a graph that demonstrates if employees have a choice in the days they work in office or offsite.

    For most organizations, employees get a choice of which days they spend working remotely. This autonomy can range from complete freedom to a choice between several pre-approved days depending on team scheduling needs.

    Work is still needed to increase autonomy in hybrid teams

    Organizations’ success in establishing hybrid team autonomy varies greatly post pandemic. Responses are roughly equally split between staff feeling more, less, or the same level of autonomy as before the pandemic. Evaluated in the context of most organizations continuing a hybrid approach, this leads to the conclusion that not all hybrid implementations are being conducted equally effectively when it comes to employee empowerment.

    As an employee, how much control do you have over the decisions related to where, when, and how you work currently?

    The image contains a screenshot of a graph that demonstrates autonomy in hybrid teams.

    Connectedness in hybrid teams lags behind

    A strong case can be made for fostering autonomy and empowerment on hybrid teams. Employees who report lower levels of control than before the pandemic also report lower engagement indicators, such as trust in senior leadership, motivation, and intention to stay with the organization. On the other hand, employees experiencing increased levels of control report gains in these areas.

    The only exception to these gains is the sense of team connectedness, which employees experiencing more control report as lower than before the pandemic. A greater sense of connectedness among employees reporting decreased control may be related to more mandatory in-office time or a sense of connection over shared team-level disengagement.

    These findings reinforce the need for hybrid teams to invest in team building and communication practices and confirm that significant benefits are to be had when a sense of autonomy can be successfully instilled.

    Employees who experience less control than before the pandemic report lowered engagement indicators ... except sense of connectedness

    The image contains a screenshot of a graph that demonstrates less control, means lowered engagement.

    Employees who experience more control than before the pandemic report increased engagement indicators ... except sense of connectedness

    The image contains a screenshot of a graph that demonstrates more control, means increased engagement.

    Case study: Hybrid work at Microsoft Canada

    The Power of Intentionality

    When the pandemic hit, technology was not in question. Flexible work options had been available and widely used, and the technology to support them was in place.

    The leadership team turned their focus to ensuring their culture survived and thrived. They developed a laser-focused approach for engaging their employees by giving their leaders tools to hold conversations. The dialogue was ongoing to allow the organization to adapt to the fast pace of changing conditions.

    Every tactic, plan, and communication started with the question, “What outcome are we striving for?”

    With a clear outcome, tools were created and leaders supported to drive the desired outcome.

    “We knew we had the technology in place. Our concern was around maintaining our strong culture and ensuring continued engagement and connection with our employees.”

    Lisa Gibson, Chief of Staff, Microsoft Canada

    How we can help

    Metrics

    Resources

    Webinar: Effectively Manage Remote Teams

    Build a Better Manager: Manage Your People

    Info-Tech Leadership Training

    Adapt Your Onboarding Process to a Virtual Environment

    Virtual Meeting Primer

    For a comprehensive list of resources, visit
    Info-Tech’s Hybrid Workplace Research Center

    Recommendations

    The last two years have been a great experiment, but it’s not over.

    BE INTENTIONAL

    • Build a team charter on how and when to communicate.
    • Create necessary tools/templates.

    INVOLVE EMPLOYEES

    • Conduct surveys and focus groups.
      Have conversations to understand sentiment.

    ALLOW CHOICE

    • Provide freedom for employees to have some level of choice in hybrid arrangements.

    BE TRANSPARENT

    • Disclose the rationale.
    • Share criteria and decision making.

    Info-Tech Insight

    Hybrid and remote teams require more attention, connection, and leadership from managers. The shift from doing the day-to-day to effectively leading is critical for the success of nontraditional work models. As hybrid and remote work become engrained in society, organizations must ensure that the concept of the “working manager” is as obsolete as the rotary telephone.

    Bibliography

    “8 Unexpected Benefits of Online Learning for Development.” Center for Creative Leadership (CCL), 14 Oct. 2020. Accessed 5 Nov. 2021.
    “2021 Global Workplace Report.” NTT, 2021. Accessed 6 July 2022.
    “Advantages of Online Learning for Leadership Development: What Our Research Says.” CCL, 8 Dec. 2020. 5 Nov. 2021.
    “Annual Work Trend Index Report – Great Expectations: Making Hybrid Work Work.” Microsoft WorkLab, 2022. Accessed 6 July 2022.
    Aten, Jason. “Google’s Employees Return to the Office Today. This Former Exec Says Hybrid Work Won’t Last.” Inc.Com, 4 April 2022. Web.
    Bariso, Justin. “Google Spent 2 Years Researching What Makes a Great Remote Team. It Came Up With These 3 Things.” Inc.Com, 8 April 2019. Web.
    Berger, Chloe. “What Is ‘Hybrid Guilt’? Going to Office Part-Time May Be Worst Option.” Fortune, 22 Aug. 2022. Web.
    Brodkin, Jon. “After Remote-Work Ultimatum, Musk Reveals Plan to Cut 10% of Tesla Jobs.” Ars Technica, 3 June 2022. Web.
    Brown, Brené, host. “Brené with Scott Sonenshein on Why We’ll Never Be the Same Again (and Why It’s Time to Talk About It).” Dare to Lead with Brené Brown, 11 April 2022. Brené Brown, https://brenebrown.com/podcast/why-well-never-be-the-same-again-and-why-its-time-to-talk-about-it/.
    Burgess, Mark. “Most Asset Managers Operating Under Hybrid Work Model: Survey.” Advisor’s Edge, 13 Sept. 2022. Web.
    Caminiti, Susan. “Workers Want Hybrid but Say It’s Exhausting Them. Here’s How Companies Can Fix That.” CNBC, 8 Feb. 2022. Web.
    Capossela, Chris. “The next Chapter of Our Hybrid Workplace: Update on Our Washington State Work Sites.” The Official Microsoft Blog, 14 Feb. 2022. Web.
    Carrigan, John. “Meta Embraces ‘Work From Anywhere’ Ahead of Return to Office.” Human Resources Director, 25 March 2022. Web.
    Chaturvedi, H., and Ajoy Kumar Dey. The New Normal: Reinventing Professional Life and Familial Bonding in the Post COVID 19 Era. Bloomsbury Publishing, 2021.
    Commonwealth of Massachusetts. “Alternative Work Options.” Mass.Gov, n.d. Accessed 17 Sept. 2022.
    Commonwealth of Massachusetts. “Hybrid Work for Commonwealth Employees.” Mass.Gov, n.d. Accessed 17 Sept. 2022.
    “COVID-19 and the Future of Business.” IBM, 21 Sept. 2020. Web.
    Daniel, Will. “The Layoffs at Tesla Show That White-Collar Workers Are Screwed, Hedge Funder Famous from ‘The Big Short’ Predicts.” Fortune, 29 June 2022. Web.
    D’Auria, Gemma, and Aaron De Smet. “Leadership in a Crisis: Responding to Coronavirus.” McKinsey, 16 March 2020. Web.
    Dave, Paresh. “Google Mandates Workers Back to Silicon Valley, Other Offices from April 4.” Reuters, 3 March. 2022. Web.
    Delaney, Kevin. “What We Know Now About the Business Impact of Hybrid Work.” Time, 6 Sept. 2022. Web.
    Dobson, Sarah. “Legal Considerations for Hybrid Work.” Canadian HR Reporter, 15 Sept. 2022. Web.
    Dondo, Jean. “Hybrid Work Is the Way for More Than a Quarter of Canadian Investment Firms.” Wealth Professional, 14 Sept. 2022. Web.
    Elias, Jennifer. “Twitter to Reopen Offices March 15, Though Remote Work Remains an Option.” CNBC, 3 March 2022. Web.
    Esade Business & Law School. “Leadership After Covid-19: Learning To Navigate The Unknown Unknowns.” Forbes, 30 March 2021. Web.
    “Famous Companies Without Offices.” The Hoxton Mix, 19 Oct. 2021. Web.
    Gerdeman, Dina. “COVID Killed the Traditional Workplace. What Should Companies Do Now?” HBS Working Knowledge, 8 March 2021. Web.
    Gleason, Mike. “Apple’s Hybrid Work Plans Draw Worker Pushback.” SearchUnifiedCommunications, TechTarget, 24 Aug. 2022. Web.
    Gleeson, Brent. “13 Tips For Leading And Managing Remote Teams.” Forbes, 26 Aug. 2020. Web.
    Gratton, Lynda. “How to Do Hybrid Right.” Harvard Business Review, 1 May 2021. Web.
    “Guide: Understand team effectiveness.” re:Work, Google, n.d. Accessed 5 Nov. 2021.
    Hardy, Karen. “Your Business Has Decided on Hybrid Work… Now What?” CIO, 12 Sept. 2022. Web.
    Hirsch, Arlene S. “How to Boost Employee Performance in a Hybrid Work Environment.” SHRM, 6 Sept. 2022. Web.
    “How to Get Hybrid Work Right.” CBRE Canada, 14 June 2022. Web.
    “Hybrid Work: When Freedom Benefits from Rules.” Audi, 12 Sept. 2022. Accessed 18 Sept. 2022.
    “Hybrid Workplace | Global Culture Report.” O.C. Tanner, 2022, Web.
    “Intel Is Hiring for Various Roles with Temporary Remote Work Benefits.” SightsIn Plus, 11 June 2022. Web.
    Iyer, Viswanathan. “Council Post: Hybrid Work: Beyond The Point Of No Return.” Forbes, 14 Sept. 2022. Web.
    Johnson, Ricardo. “Securing Hybrid Work All Starts with Zero-Trust.” SC Media, 29 Aug. 2022. Web.
    Jones, Jada. “The Rules of Work Are Changing, and Hybrid Work Is Winning.” ZDNET, 1 Sept. 2022. Web.
    Kowitt, Beth. “Inside Google’s Push to Nail Hybrid Work and Bring Its 165,000-Person Workforce Back to the Office Part-Time.” Fortune, 17 May 2022. Web.
    Kumra, Gautam, and Diaan-Yi Lin. “The Future of (Hybrid) Work.” McKinsey, 2 Sept. 2022. Web.
    Lagowska, Urszula, et al. “Leadership under Crises: A Research Agenda for the Post-COVID-19 Era.” Brazilian Administration Review, vol. 17, no. 2, Aug. 2020. Web.
    Larson, Barbara Z., et al. “A Guide to Managing Your (Newly) Remote Workers.” Harvard Business Review, 18 March 2020. Web.
    “Leadership During COVID-19: Resources for Times of Uncertainty.” CCL, n.d. Accessed 5 Nov. 2021.
    “Managing Remote Employees: How to Lead From a Distance.” CCL, 7 April 2020. Accessed 5 Nov. 2021.
    “Managing Remote Teams.” Know Your Team, n.d. Web. Accessed 5 Nov. 2021.
    Mayhem, Julian. “Virtual Leadership - Essential Skills for Managing Remote Teams.” VirtualSpeech, 4 Nov. 2020. Web.
    McKendrick, Joe. “Keeping Hybrid Workers In Sync, Digitally And In-Person.” Forbes, 22 Aug. 2022. Web.
    McKenna, Karissa, et al. “Webinar: Build Leadership Skills for the New World of Work.” CCL, 15 June 2020. Accessed 5 Nov. 2021.
    Mearian, Lucas. “Microsoft Edges Back to ‘Normal’ with Workplace Reopening Plan.” Computerworld, 14 Feb. 2022. Web.
    “Meta Careers.” Meta, n.d. Accessed 17 Sept. 2022.
    Miller, Mark. “5 Tips to Make Your Hybrid Work Model More Effective.” Entrepreneur, 25 Aug. 2022. Web.
    Nica, Irina. “How to Manage a Remote Team: 14 Effective Tips for Your Business.” Business 2 Community, 8 July 2021. Web.
    O’Halloran, Joe. “Organisations Struggle to Support IT in a Hybrid Work Model.” ComputerWeekly.com, 17 June 2022. Web.
    Ong, Ivan. “Council Post: Why Hybrid Work Is The Way To Go.” Forbes, 12 Sept. 2022. Web.
    Osborne, Charlie. “The End of Fully Remote Work? Google Begins Shift to the Hybrid Office.” ZDNet. 3 March 2022. Web.
    Pazzanese, Christina. “Back to Office? Stay Remote? Go Hybrid?” Harvard Gazette, 24 Aug. 2022. Web.
    “PinFlex.” Pinterest Careers, n.d. Accessed 17 Sept. 2022.
    Rand, Ben. “Does Hybrid Work Actually Work? Insights from 30,000 Emails.” Harvard Business School – Working Knowledge, 6 Sept. 2022. Web.
    “Remote Locations, Working with Flexibility.” Amazon.jobs, n.d. Accessed 17 Sept. 2022.
    Renjen, Punit. “The Heart of Resilient Leadership: Responding to COVID-19.” Deloitte Insights, 16 March 2020. Web.
    Shih, Clara. “Keeping Hybrid Employees Engaged.” Harvard Business Review, 11 Aug. 2022. Web.
    Singerman, Michelle. “Is the Hybrid Work Model Working? CPAs Spill the Beans.” Chartered Professional Accountants Canada, 24 Aug. 2022. Web.
    Stern, Stefan. “Hybrid Working: Why the Office-Home Balance Is Still a Challenge.” Financial Times, 4 Sept. 2022.
    Subramaniam, Vanmala, et al. “Ready to Go Back to the Office? Employers and Workers Are Divided over the Fate of Remote Work.” The Globe and Mail, 1 Sept. 2022. Web.
    Tong, Goh Chiew. “Inflation and Hybrid Work ‘skyrocketed’ Demand for Flexible Workspace, WeWork Says.” CNBC, 6 Sept. 2022. Web.
    Tsipursky, Gleb. “Commentary: The Psychology behind Why Some Leaders Are Resisting a Hybrid Work Model.” Fortune, 8 June 2021. Web.
    Turner, Jack. “Tesla Doubles Down on Remote Working Ban, Tracks Office Attendance.” Tech.Co, 3 July 2022. Web.
    “Virtual Leadership Styles for Remote Businesses.” Maryville Online, 4 Feb. 2021. Web.
    “Webinar: How Leaders Can Build Organizational Resilience.” CCL, 15 June 2020. Accessed 5 Nov. 2021.
    “Why GitLab Uses the Term All-Remote to Describe Its 100% Remote Workforce.” GitLab, 2022. Accessed 17 Sept. 2022.
    Wigert, Ben, and Sangeeta Agrawal. “Returning to the Office: The Current, Preferred and Future State of Remote Work.” Gallup, 31 Aug. 2022. Web.
    Wingard, Jason. “Elon Musk’s Big Bet Against Remote Work: Will Tesla Win?” Forbes, 4 June 2022. Web.

    Make Sense of Strategic Portfolio Management

    • Buy Link or Shortcode: {j2store}447|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As an IT leader, you’re responsible for steering the realization of business strategy through wise investments in and responsible stewardship of assets, applications, portfolios, programs, products, and projects.
    • You need a tool to help align goals and facilitate processes across business units. You’re aware of a tool space called Strategic Portfolio Management, and it looks like it could help, but you’re unsure of how it’s different from some of the existing tools you already pay for and don’t use to their full functionality.

    Our Advice

    Critical Insight

    As a software space, strategic portfolio management lacks a unified definition. In the same way that it took many years for project portfolio management to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. Unpacking what’s truly new and valuable in helping to define strategy and drive strategic outcomes versus what’s just repackaged as SPM is an important first step, but it's not an easy undertaking.

    Impact and Result

    In this concise publication, we will cut through the marketing to unpack what strategic portfolio management is, and what makes it distinct from similar capabilities. We’ll help to situate you in the space and assess the extent to which your tooling needs can be met by a strategic portfolio management offering.

    Make Sense of Strategic Portfolio Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make Sense of Strategic Portfolio Management Storyboard – A guide to help you drive strategic outcomes.

    In this concise publication we introduce you to strategic portfolio management and consider the extent to which your organization can leverage an SPM application to help drive strategic outcomes.

    • Make Sense of Strategic Portfolio Management Storyboard

    2. Strategic Portfolio Management Needs Assessment Tool – Use this tool to determine if your organization can benefit from the features and functionality of an SPM approach.

    Use this Excel workbook to determine if your organization can benefit from the features and functionality of an SPM approach or whether you need something more like a traditional project portfolio management tool.

    • Strategic Portfolio Management Needs Assessment
    [infographic]

    Further reading

    Make Sense of Strategic Portfolio Management

    Separate what's new and valuable from bloated claims on the hype cycle.

    Analyst Perspective

    Do you need strategic portfolio management, or do you need to do portfolio management more strategically?

    Travis Duncan, Research Director, PPM and CIO Strategy

    Travis Duncan
    Research Director, PPM and CIO Strategy
    Info-Tech Research Group

    While the market is eager to get users into what they're calling "strategic portfolio management," there's a lot of uncertainty out there about what this market is and how it's different from other, more established portfolio disciplines – most significantly, project portfolio management.

    Indeed, if you look at how the space is covered within the industry, you'll encounter a dog's breakfast of players, a comparison of apples and oranges: Jira in the same quadrants as Planisware, Smartsheets in the same profiles as Planview and ServiceNow. While each of the individual players is impressive, their areas of focus are unique and the extent to which they should be compared together under the category of strategic portfolio management is questionable.

    It speaks to some of the grey area within the SPM space more generally, which is at a bit of a crossroads: Will it formally shed the guardrails of its antecedents to become its own space, or will it devolve into a bait and switch through which capabilities that struggled to gain much traction beyond IT settings seek to infiltrate the business and grow their market share under a different name?

    Part of it is up to the rest of us as users and potential customers. Clarifying what we need before we jump into something simply because our prior attempts failed will help determine whether we need a unique space for strategic portfolio management or whether we simply need to do portfolio management more strategically.

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    • As an IT leader, you're responsible for steering the realization of business strategy through wise investments in/ and responsible stewardship of: assets, applications, portfolios, programs, products, and projects.
    • You need a tool to help align goals and facilitate processes and communications across business units. You're aware of a tool space called strategic portfolio management, and it looks like it could help, but you're unsure of how it's different from some of the existing tools you already license.
    • As a software space, strategic portfolio management lacks a unified definition. Unpacking what's truly new in helping to define strategy and drive strategic outcomes versus what's just repackaged as SPM is no small undertaking.
    • Because SPM can span different business units, ways of working, and roles, getting buy-in, alignment, and adoption can be even more precarious than it is when implementing other types of solutions.
    • In this concise publication, we will cut through the marketing to unpack what strategic portfolio management is and what makes it distinct from similar capabilities.
    • Assess the extent to which your tooling needs can be met by a strategic portfolio management offering or the extent to which you may need to look at other software categories.
    • With a better understanding of the space, we hope to help facilitate better internal discussions around the value of SPM for your business needs.

    Info-Tech Insight
    In the same way that it took many years for PPM to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. In a space that can be all things to all users, clarify your actual needs before jumping onto a bandwagon and ending up with something that you don't need, and that the organization can't adopt.

    Strategic portfolio management is enterprise portfolio management

    Evolved from various other capabilities and vendor solutions, strategic portfolio management (SPM) seeks to connect strategy to execution.

    While the concept of 'strategic portfolio management' has been written about within project portfolio management circles for nearly 20 years, SPM, as a distinct organizational competence and software category, is a relatively new and largely vendor-driven capability.

    First emerging in the discourse during the mid-to-late 2010s, SPM has evolved from its roots in traditional enterprise project portfolio management. Though, as we will discuss, it has other antecedents not limited to PPM.

    In this publication, we'll unpack what SPM is, how it is distinct (and, in turn, how it is not distinct) from PPM and other capabilities, and we will consider the extent to which your organization can and should leverage an SPM application to help drive strategic outcomes.

    –The increasing need to deliver value from digital initiatives is giving rise to strategic portfolio management, a digital investment management discipline that enables strategy realization in complex dynamic environments."
    – OnePlan, "Is Strategic Portfolio Management the Future of PPM?"

    Only 2% of business leaders are confident that they will achieve 80% to 100% of their strategic objectives.
    Source: Smith, 2022

    Put strategic portfolio management in context

    SPM is a new stage in the history of project portfolio management more generally. While it's emerging as a distinct capability, and it borrows from capabilities beyond PPM, unpacking its distinctiveness is best done by first understanding its source.

    Understand the recent triggers for strategic portfolio management

    Triggers for the emergence of strategic portfolio management in the discourse include the pace of technology-introduced change, the waning of enterprise project management, and challenges around enterprise PPM tool adoption.

    Spot the difference?

    Scope, focus, and audience are just a few of the factors distinguishing what the market calls "SPM" from traditional PPM.

    Project Portfolio Management Differentiator Strategic Portfolio Management
    Work-Level (Tactical) Primary Orientation High-Level (Strategic)
    CIO Accountable for Outcomes CxO
    Project Manager Responsible for Outcomes Product Management Organization
    Project Managers, PMO Staff Targeted Users Business Leaders, ePMO Staff
    Project Portfolio(s) Essential Scope Multi-Portfolio (Project, Application, Product, Program, etc.)
    IT Project Delivery and Business Results Delivery Core Focus Business Strategy and Change Delivery
    Project Scope Change Impact Sensitivity Enterprise Scope
    IT and/or Business Benefit Language of Value Value Stream
    Project Timelines Main View Strategy Roadmaps
    Resource Capacity Primary Currency Money
    Work-Assignment Details Modalities of Planning Value Milestones & OKRs
    Work Management Modalities of Execution Governance (Project, Product, Strategy, Program, etc.)
    Project Completion Definitions of "Done" Business Capability Realization

    Info-Tech Insight
    The distinction between the two capabilities is not necessarily as black and white as the table above would have it (some "PPM" tools offer what we're identifying above as "SPM" capabilities), but it can be helpful to think in these binaries when trying to distinguish the two capabilities. At the very least, SPM broadens its scope to target more executive and business users, and functions best when it's speaking at a higher level, to a business audience.

    Strategic portfolio management offers a more holistic view of the enterprise

    At its best, strategic portfolio management can accommodate various paradigms of work management and incorporate different types of portfolio management.

    Perhaps the biggest evolution from traditional PPM that strategic portfolio management promises is that it casts a wider net in terms of the types of work it tracks (and how it tracks that work) and the types of portfolios it accommodates.

    Not bound to the concepts of "projects" and a "project portfolio" specifically, SPM broadens its scope to encompass capabilities like product and product portfolio management, enterprise architecture management, security and risk management, and more.

    • Where a PPM solution only shows one piece of the puzzle, SPM looks at the entire investment ecosystem, tracking strategic goals, the ideas generated to help achieve those goals, and all the various kinds of investments made in the service of those goals.
    • what's more, where traditional PPM tools required users to adhere to a certain way of working and managing tasks, SPM is more flexible, relying on integrations across various ways of working to provide higher-level insight on the progress of work and the achievement of goals.

    Deliver business strategy and change effectively

    Info-Tech's Strategic Portfolio Management Framework

    "An SPM tool will capture business strategy, business capabilities, operating models, the enterprise architecture and the project portfolio with unmatched visibility into how they all relate. This will give...a robust understanding of the impact of a proposed IT change " and enable IT and business to act like cocreators driving innovation."
    – Paula Ziehr

    You might need a strategic portfolio management tool if–

    If you find yourself facing any of these situations, it might be time to step away from your PPM tool and into an SPM approach:

    • Your organization is facing a large implementation that will cross multiple departmental units and requires alignment across senior leadership (e.g. a digital transformation initiative).
    • You currently have disparate systems tracking different portfolios (project, product, applications, etc.) and types of investments, but lack insight into the whole in terms of how work efforts and investments tie back to strategy realization.
    • You are an ePMO or a strategy realization office that doesn't manage work necessarily, but that rather ensures that the work, assets, and capabilities that are funded connect to strategy and drive the realization of strategy.

    Sixty one percent of leaders acknowledge their companies struggle to bridge the gap between creating a strategy and executing on that strategy.
    Source: StrategyBlocks, 2020

    Get to know your strategic portfolio management stakeholders

    In terms of users, SPM's focus is further up the org chart than most applications, relying on high-level but usable outputs to help drive decision making.

    ePMO or Strategy Realization Office Senior Leadership and Executive Stakeholders Business Leads and IT Directors and Managers
    SPM tools are best facilitated through enterprise PMOs or strategy realization offices. After all, in enterprises, these are the entities charged with the planning, execution, and tracking of strategy.

    Their roles within the tool typically entail:

    • Helping to facilitate processes and collect data.
    • Data quality and curation.
    • Report distribution and consumption.
    As those with the accountability and authority to drive the organization's strategy, you could argue that these stakeholders are the primary stakeholders for an SPM tool.

    Their roles within the tool typically entail:

    • Using strategy map and ideation functionalities.
    • Using reports to steward strategy realization.
    SPM targets more business users as well as senior IT managers and directors.

    Their roles within the tool typically entail:

    • Using strategy map and ideation functionalities.
    • Providing updates to ePMOs on progress.

    What should you look for in a strategic portfolio management tool? (1 of 2)

    Standard features for SPM include:

    Name Description
    Analytics and Reporting SPM should provide access to real-time dashboards and data interpretation, which can be exported as reports in a range of formats.
    Strategy Mapping and Road Mapping SPM should provide access to up-to-date timeline views of strategies and initiatives, including the ability to map such things as dependencies, market needs, funding, priorities, governance, and accountabilities.
    Value Tracking and Measurement SPM should include the ability to forecast, track, and measure return on investment for strategic investments. This includes accommodations for various paradigms of value delivery (e.g. traditional value delivery and measurement, OKRs, as well as value mapping and value streams).
    Ideation and Innovation Management SPM should include the ability to facilitate innovation management processes across the organization, including the ability to support stage gates from ideation through to approval; to articulate, socialize, and test ideas; perform impact assessments; create value canvas and OKR maps; and prioritize.
    Multi-Portfolio Management SPM should include the ability to perform various modalities of portfolio management and portfolio optimization, including project portfolio management, applications portfolio management, asset portfolio management, etc.
    Interoperability/APIs An SPM tool should enable seamless integration with other applications for data interoperability.

    What should you look for in a strategic portfolio management tool? (2 of 2)

    Advanced features for SPM can include:

    Name Description
    Product Management SPM can include product-management-specific functionality, including the ability to connect product families, roadmaps, and backlogs to enterprise goals and priorities, and track team-level activities at the sprint, release, and campaign levels.
    Enterprise Architecture Management SPM can include the ability to define and map the structure and operation of an organization in order to effectively coordinate various domains of architecture and governance (e.g. business architecture, data architecture, application architecture, security architecture, etc.) in order to effectively plan and introduce change.
    Security and Risk Management SPM can include the ability to identify and track enterprise risks and ensure compliance controls are met.
    Lean Portfolio Management SPM can include the ability to plan and report on portfolio performance independent from task level details of product, program, or project delivery.
    Investment and Financial Management SPM can include the ability to forecast, track, and report on financials at various levels (strategy, product, program, project, etc.).
    Multi-Methodology Delivery SPM can include the ability to plan and execute work in a way that accommodates various planning and delivery paradigms (predictive, iterative, Kanban, lean, etc.).

    What's promising within the space?

    As this space continues to stabilize, the following are some promising associations for business and IT enablement.

    1. SPM accommodates various ways of working.
    • Where traditional PPM and work management tools required that users change their processes and tasking paradigms to fit within the tool's rigid task management and data structures, the best SPM tools are those that are adaptable to various ways of working and can accommodate many tasking and work management models.
    • Sometimes this is done through extensive integrations and APIs that pull data from existing work management applications into a single view within the SPM tool, and other times, this is done by abstracting the task-level details into a higher-level reporting structure (it can depend on the solution). In any event, the best SPMs are bound to one work management model.
    2. SPM puts the focus on value and change.
    • With its focus on the planning and execution of strategy, SPM can't avoid putting a spotlight on value and value realization. The best SPM tools include the ability to forecast, track, and measure return on investment for strategic investments, and they accommodate for various paradigms of value delivery (e.g. traditional value delivery and measurement, OKRs, as well as value mapping and value streams).
    • Of course, you can't realize value without successfully fostering change. And while SPM tools don't necessarily offer functionality explicitly identifiable as organizational change management, they can act as agents of change in putting the spotlight on the execution of change at the executive level.
    3. SPM fosters a coherent approach to demand management.
    • With its goal of ensuring that strategy informs the organization of portfolios and guides the selection of projects and delivery of products, SPM can potentially bring some order to what is often a chaotic demand-management landscape, ensuring that planned and in-progress work is well justified from an ROI perspective.

    What's of concern within the space?

    As a progeny from other capabilities, SPM has some risks and connotations potential users should be wary of.

    1. The space is rife with IT buzzwords and, as a concept, is sometimes used as a repackaging of failing concepts.
    • You don't need to spend too much time engaging with the literature around SPM before you notice the marketing appeals heavily to concepts like "digitalization," "digital transformation," "continual innovation," "agility/Agile," and the like. While these are all important concepts, and the pursuit of them is worthwhile in many cases, there's no denying they're used as consultant and vendor buzzwords, deployed to excite our imaginations, without necessarily providing much meat around what they mean or how they're deployed and successfully sustained.
    • Indeed, many concepts and capabilities that appear in relation to SPM are on the downward swing of industry hype cycles, suggesting that SPM may be being used by vendors and consultants as another attempt to repackage and capitalize on these concepts even as practitioners grow weary and suspicious of the marketing claims built up around them.
    2. Some solutions that identify as SPM are not.
    • Because it's on the upward swing of its place in the hype cycle, many established PPM and service management vendors are applying the 'strategic portfolio management" label to their products without necessarily doing anything different from a functionality perspective to fit within the space. As a result, SPM vendor landscapes can compare work management, project management, demand management tools, and more. Users who want SPM functionality need to stay frosty to ensure they get what they pay for.
    3. SPM tools may have a capacity blind spot.
    • The biggest barrier to getting things done and done well in modern enterprises is approving more work than you have the capacity to deliver. While SPM offerings can help with better demand management, not many of them cover the capacity side with the same level of improvement.

    Does your organization need a strategic portfolio management tool?

    Use Info-Tech's Strategic Portfolio Management Needs Assessment to gauge your readiness for SPM.

    • As noted in previous places in this deck, there is often a grey area in the market between project portfolio management tools and strategic portfolio management tools.
    • Some PPM tools offer SPM functionality, while some SPM tools avoid traditional PPM outcomes and stay at a higher, strategic level.
    • Depending on the scope of your PMO or portfolio optimization needs, you may need a tool that has just one, or both, of these capabilities.
    • Use Info-Tech's Strategic Portfolio Management Needs Assessment to help you assess whether you require a high-level strategy management tool, a more low-level project portfolio management tool, or a mix of both.

    Download Info-Tech's Strategic Portfolio Management Needs Assessment

    1.1 Assess your needs

    10 to 20 minutes

    1. The Strategic Portfolio Management Needs Assessment is a 41-question survey broken up into three parts: (1) PMO Type, (2) Features and Functionality, (3) Roles.
    2. Go through each section using the provided dropdowns to help identify the orientation of your PMO, the feature and functionality needs of your office, as well as the roles whose needs will need to be serviced through the potential tool implementation.

    This screenshot shows a sample output from the assessment. Based upon your inputs, you'll be grouped within three ranges:

    1. Green: Based upon your inputs, you will benefit from an SPM tool.
    2. Yellow: You may benefit from an SPM tool, but you may also require something more traditional. Clarify your requirements before proceeding.
    3. Red: you're unlikely to leverage many of the benefits of an SPM tool at this time. Look for a more tactical solution.

    Sample Output from the assessment tool

    Input Output
    • Understanding of existing project management, project portfolio management, and work management applications.
    • Recommendation on PPM/SPM tool type
    Materials Participants
    • Strategic Portfolio Management Needs Assessment tool
    • Portfolio managers and/or ePMO directors
    • Project managers and product managers
    • Business stakeholders

    Explore the SPM vendor landscape

    Use Info-Tech's application selection resources to help find the right solution for your organization.

    If the analysis in the previous slides suggested you can benefit from an SPM tool, you can quick-start your vendor evaluation process with SoftwareReviews.

    SoftwareReviews has extensive coverage of not just the SPM space, but of the project portfolio management (pictured to the top right) and project management spaces as well. So, from the tactical to the strategic, SoftwareReviews can help you find the right tools.

    Further, as you settle in on a shortlist, you can begin your vendor analysis using our rapid application selection methodology (see framework on bottom right). For more information see our The Rapid Application Selection Framework blueprint.

    Info-Tech's Rapid Application Selection Framework

    Info-Tech's Rapid Application Selection Framework (RASF)

    Related Info-Tech Research

    Develop a Project Portfolio Management Strategy
    Drive IT project throughput by throttling resource capacity.

    Prepare an Actionable Roadmap for your PMO
    Turn planning into action with a realistic PMO timeline.

    Maintain an Organized Portfolio
    Align portfolio management practices with COBIT (APO05: Manage Portfolio)

    Bibliography

    Angliss, Katy, and Pete Harpum. Strategic Portfolio Management: In the Multi-Project and Program Organization. Book. Routledge. 30 Dec. 2022.

    Anthony, James. "95 Essential Project Management Statistics: 2022 Market Share & Data Analysis." Finance Online. 2022. Web. Accessed 21 March 2022

    Banham, Craig. "Integrating strategic planning with portfolio management." Sopheon. Webinar. Accessed 6 Feb. 2023.

    Garfein, Stephen J. "Executive Guide to Strategic Portfolio Management: roadmap for closing the gap between strategy and results." PMI. Conference Paper. Oct. 2007. Accessed 6 Feb. 2023.

    Garfein, Stephen J. "Strategic Portfolio Management: A smart, realistic and relatively fast way to gain sustainable competitive advantage." PMI. Conference Paper. 2 March 2005. Accessed 6 Feb. 2023.

    Hontar, Yulia. "Strategic Portfolio Management." PPM Express. Blog 16 June 2022. Accessed 6 Feb. 2023.

    Milsom, James. "6 Strategic Portfolio Management Trends for 2023." i-nexus. Blog. 25 Jan. 2022. Accessed 6 Feb. 2023.

    Milsom, James. "Strategic Portfolio Management 101." i-nexus. 8 Dec. 2021. Blog . Accessed 6 Feb. 2023.

    OnePlan, "Is Strategic Portfolio Management the Future of PPM?" YouTube. 17 Nov. 2022. Accessed 6 Feb. 2023.

    OnePlan. "Strategic Portfolio Management for Enterprise Agile." YouTube. 27 May 2022. Accessed 6 Feb. 2023.

    Piechota, Frank. "Strategic Portfolio Management: Enabling Successful Business Outcomes." Shibumi. Blog . 31 May 2022. Accessed 6 Feb. 2023.

    ServiceNow. "Strategic Portfolio Management—The Thing You've Been Missing." ServiceNow. Whitepaper. 2021. Accessed 6 Feb. 2023.

    Smith, Shepherd, "50+ Eye-Opening Strategic Planning Statistics" ClearPoint Strategy. Blog. 13 Sept. 2022. Accessed 6 Feb. 2023.

    SoftwareAG. "What is Strategic Portfolio Management (SPM)?" SoftwareAG. Blog. Accessed 6 Feb. 2023.

    Stickel, Robert. "What It Means to be Adaptive." OnePlan. Blog. 24 May 2021. Accessed 6 Feb. 2023.

    UMT360. "What is Strategic Portfolio Management?" YouTube. Webinar. 22 Oct. 2020. Accessed 6 Feb. 2023.

    Wall, Caroline. "Elevating Strategy Planning through Strategic Portfolio Management." StrategyBlocks. Blog. 26 Feb. 2020. Accessed 6 Feb. 2023.

    Westmoreland, Heather. "What is Strategic Portfolio Management." Planview. Blog. 19 Oct 2002. Accessed 6 Feb. 2023.

    Wiltshire, Andrew. "Shibumi Included in Gartner Magic Quadrant for Strategic Portfolio Management for the 2nd Straight Year." Shibumi. Blog. 20 Apr. 2022. Accessed 6 Feb. 2023.

    Ziehr, Paula. "Keep your eye on the prize: Align your IT investments with business strategy." SoftwareAG. Blog. 5 Jul. 2022. Accessed 6 Feb. 2023.

    Project Management

    • Buy Link or Shortcode: {j2store}48|cart{/j2store}
    • Related Products: {j2store}48|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.7/10
    • member rating average dollars saved: $303,499
    • member rating average days saved: 42
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects

    The challenge

    • Ill-defined or even lack of upfront project planning will increase the perception that your IT department cannot deliver value because most projects will go over time and budget.
    • The perception is those traditional ways of delivering projects via the PMBOK only increase overhead and do not have value. This is less due to the methodology and more to do with organizations trying to implement best-practices that far exceed their current capabilities.
    • Typical best-practices are too clinical in their approach and place unrealistic burdens on IT departments. They fail to address the daily difficulties faces by staff and are not sized to fit your organization.
    • Take a flexible approach and ensure that your management process is a cultural and capacity fit for your organization. Take what fits from these frameworks and embed them tailored into your company.

    Our advice

    Insight

    • The feather-touch is often the right touch. Ensure that you have a lightweight approach for most of your projects while applying more rigor to the more complex and high-risk developments.
    • Pick the right tools. Your new project management processes need the right tooling to be successful. Pick a tool that is flexible enough o accommodate projects of all sizes without imposing undue governance onto smaller projects.
    • Yes, take what fits within your company from frameworks, but there is no cherry-picking. Ensure your processes stay in context: If you do not inform for effective decision-making, all will be in vain. Develop your methods such that guide the way to big-picture decision taking and support effective portfolio management.

    Impact and results 

    • The right amount of upfront planning is a function of the type of projects you have and your company. The proper levels enable better scope statements, better requirements gathering, and increased business satisfaction.
    • An investment in a formal methodology is critical to projects of all sizes. An effective process results in more successful projects with excellent business value delivery.
    • When you have a repeatable and consistent approach to project planning and execution, you can better communicate between the IT project managers and decision-makers.
    • Better communication improves the visibility of the overall project activity within your company.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should tailor project management practices to the type of projects you do and your company and review our methodology. We show you how we can support you.

    Lay the groundwork for project management success

    Assess your current capabilities to set the right level of governance.

    • Tailor Project Management Processes to Fit Your Projects – Phase 1: Lay the Groundwork for PM Success (ppt)
    • Project Management Triage Tool (xls)
    • COBIT BAI01 (Manage Programs and Projects) Alignment Workbook (xls)
    • Project Level Definition Matrix (xls)
    • Project Level Selection Tool (xls)
    • Project Level Assessment Tool (xls)
    • Project Management SOP Template (doc)

    Small project require a lightweight framework

    Increase small project's throughput.

    • Tailor Project Management Processes to Fit Your Projects – Phase 2: Build a Lightweight PM Process for Small Initiatives (ppt)
    • Level 1 Project Charter Template (doc)
    • Level 1 Project Status Report Template (doc)
    • Level 1 Project Closure Checklist Template (doc)

    Build the standard process medium and large-scale projects

    The standard process contains fully featured initiation and planning.

    • Tailor Project Management Processes to Fit Your Projects – Phase 3: Establish Initiation and Planning Protocols for Medium-to-Large Projects (ppt)
    • Project Stakeholder and Impact Assessment Tool (xls)
    • Level 2 Project Charter Template (doc)
    • Level 3 Project Charter Template (doc)
    • Kick-Off Meeting Agenda Template (doc)
    • Scope Statement Template (doc)
    • Project Staffing Plan(xls)
    • Communications Management Plan Template (doc)
    • Customer/Sponsor Project Status Meeting Template (doc)
    • Level 2 Project Status Report Template (doc)
    • Level 3 Project Status Report Template (doc)
    • Quality Management Workbook (xls)
    • Benefits Management Plan Template (xls)
    • Risk Management Workbook (xls)

    Build a standard process for the execution and closure of medium to large scale projects

    • Tailor Project Management Processes to Fit Your Projects – Phase 4: Develop Execution and Closing Procedures for Medium-to-Large Projects (ppt)
    • Project Team Meeting Agenda Template (doc)
    • Light Project Change Request Form Template (doc)
    • Detailed Project Change Request Form Template (doc)
    • Light Recommendation and Decision Tracking Log Template (xls)
    • Detailed Recommendation and Decision Tracking Log Template (xls)
    • Deliverable Acceptance Form Template (doc)
    • Handover to Operations Template (doc)
    • Post-Mortem Review Template (doc)
    • Final Sign-Off and Acceptance Form Template (doc)

    Implement your project management standard operating procedures (SOP)

    Develop roll-out and training plans, implement your new process and track metrics.

    • Tailor Project Management Processes to Fit Your Projects – Phase 5: Implement Your PM SOP (ppt)
    • Level 2 Project Management Plan Template (doc)
    • Project Management Process Costing Tool (xls)
    • Project Management Process Training Plan Template (doc)
    • Project Management Training Monitoring Tool (xls)
    • Project Management Process Implementation Timeline Tool (MS Project)
    • Project Management Process Implementation Timeline Tool (xls)

     

     

    Analyze Your Service Desk Ticket Data

    • Buy Link or Shortcode: {j2store}483|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $6,499 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Leverage your service desk ticket data to gain insights for your service desk strategy.

    Our Advice

    Critical Insight

    • Properly analyzing ticket data is challenging for the following reasons:
      • Poor ticket hygiene and unclear ticket handling means the data is often inaccurate or incomplete.
      • Service desk personnel are not sure where to start with analysis.
      • Too many metrics are tracked to parse actionable data from the noise.
    • Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Impact and Result

    • Create an iterative framework for tracking metrics, keeping data clean, and actioning your data on day-to-day and month-to-month timelines.

    Analyze Your Service Desk Ticket Data Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should analyze your service desk ticket data, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Import your ticket data

    Enter your data into our tool. Compare your own ITSM ticket fields to improve ticket data moving forward.

    • Service Desk Ticket Analysis Tool

    2. Analyze your ticket data

    Use the ticket analysis tool as a guide to build your own operational dashboards to measure metrics over time. Gain actionable insights from your data.

    • Ticket Analysis Report

    3. Action your ticket data

    Use the data to communicate your findings to the business and leadership using the Ticket Analysis Report.

    [infographic]

    Further reading

    INFO-TECH RESEARCH GROUP

    Analyze Your Service Desk Ticket Data

    Take a data-driven approach to service desk optimization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Photo of Benedict Chang, Research Analyst, Infrastructure & Operations, Info-Tech Research Group

    Benedict Chang
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Photo of Ken Weston ITIL MP, PMP, Cert.APM, SMC, Research Director, Infrastructure & Operations, Info-Tech Research Group

    Ken Weston ITIL MP, PMP, Cert.APM, SMC
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    The perfect time to start analyzing your ticket data is now

    Service desks improve their services by leveraging ticket data to inform their actions. However, many organizations don’t know where to start. It’s tempting to wait for perfect data, but there’s a lot of value in analyzing your ticket data as it exists today.

    Start small. Track key tension metrics based on the out-of-the-box functionality in your tool. Review the metrics regularly to stay on track.

    By reviewing your ticket data, you’re going to get better organically. You’re going to learn about the state of your environment, the health of your processes, and the quality of your services. Regularly analyze your data to drive improvements.

    Make ticket analysis a weekly habit. Every week, you should be evaluating how the past week went. Every month, you should be looking for patterns and trends.

    Executive Summary

    Your Situation

    Leverage your service desk ticket data to gain insights for improving your operations:

    1. Use a data-based approach to allocate service desk resources.
    2. Design appropriate SLOs and SLAs to better service end users.
    3. Gain efficiencies for your shift-left strategy.
    4. Communicate the current and future value of the service desk to the business.

    Common Obstacles

    Properly analyzing ticket data is challenging for the following reasons:

    • Poor ticket hygiene and unclear ticket handling guidelines can lead to untrustworthy results.
    • Undocumented tickets from various intake channels prevents you from seeing the whole picture.
    • Service desk personnel are not sure where to start with analysis and are too busy to find time.
    • Too many metrics are tracked to parse actionable insights from the noise.

    Info-Tech’s Approach

    Info-Tech’s approach to improvement:

    • To reduce the noise, standardize your ticket data in a format that will ease analysis.
    • Start with common analyses using the cleaned data set.
    • Identify action items based on your ticket data.

    Analyze your ticket data to help continually improve your service desk.

    Slow down. Give yourself time.

    Give yourself time to observe the new metrics and draw enough insights to make recommendations for improvement. Then, execute on those recommendations. Slow and steady improvement of the service desk only adds business value and will have a positive impact on customer satisfaction.

    Your challenge

    This research is designed to help service desk managers analyze their ticket data

    Analyzing ticket data involves:

    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    36% of organizations are prioritizing ticket handling in IT for 2021 (Source: SDI, 2021)

    12% of organizations are focusing directly on service desk improvement (Source: SDI, 2021)

    Common obstacles

    Many organizations face these barriers to analyzing their ticket data:

    • Finding time to properly analyze ticket data is a challenge. Not knowing where to start can lead to not analyzing the proper data. Service desks end up either tracking too much data or not tracking the proper metrics.
    • Data, even if clean, can be housed in various tools and databases. It’s difficult to aggregate data if the data is stored throughout various tools. Comparisons may also be difficult if the data sets aren’t consistent.
    • Shifting left to move tickets toward self-service is difficult when there is no visibility into which tickets should be shifted left.

    What your peers are saying about why they can’t start analyzing their ticket data:

    • “My technicians do not consistently update and close tickets.”
    • “My ITSM doesn’t have the capabilities I need to make informed decisions on shifting tickets left.”
    • “My tickets are always missing data”
    • “I’m constantly firefighting. I have no time for ticket data analysis.”
    • “I have no idea where to start with the amount of data I have.”
    (Source: Info-Tech survey, 2021; N=20.)

    Common obstacles that prevent effective ticket analysis

    We asked IT service desk managers and teams about their biggest hurdles

    Missing or Inaccurate Information
    • Lack of information in the ticket
    • Categories are too general/specific to draw insights
    • Poor ticket hygiene
    Missing Updates
    • Tickets aren’t updated while being resolved
    Correlating Tickets to Identify Trends
    • Not sure where to start with all the data at hand
    No Time
    • No time to figure out the tool or analyze the data properly
    Ineffective Categorization Schemes
    • Reduces the power of ticket data
    Tool Limitations
    • Can’t be easily customized
    • Too customized to be effective
    • Desired dashboards unavailable
    (Source: Info-Tech survey, 2021; N=20)

    Info-Tech’s approach

    Repeat this analysis every business cycle:

    • Gather Your Data
      Collect your ticket data OR start measuring the right metrics.
    • Extract & Analyze
      Organize and visualize your data to extract insights
    • Action the Results
      Implement low-effort improvements and celebrate quick successes.
    • Implement Larger Changes
      Reference your ticket data while implementing process, tooling, and other changes.
    • Communicate the Results
      Use your data to show the value of your effort.

    Measure the value of this blueprint

    Track these metrics as you improve

    Use the data to tell you which aspects of IT need to be shifted left and which need to be automated

    Your data will show you where you can improve.

    As you act on your data, you should see:

    • Lower costs per ticket
    • Decreased average time to resolve
    • Increased end-user satisfaction
    • Fewer tickets escalated beyond Tier 1

    An illustration of the 'Shift Left Strategy' using three line graphs arranged in a table with the same axes but representing different metrics. The header row is 'Metrics,' then values of the x-axes are 'Auto-Fix,' 'User,' 'Tier 1,' 'Tier2/Tier3,' and 'Vendor.' Under 'Metrics' we see 'Cost,' 'Time,' and 'Satisfaction.' The 'Cost' graph begins 'Low' at 'Auto-Fix' and gradually moves to 'High' at 'Vendor.' The 'Time' graph begins 'Low' at 'Auto-Fix' and gradually moves to 'High' at 'Vendor.' The 'Satisfaction' graph begins 'High' at 'Auto-Fix' and gradually moves to 'Low' at 'Vendor.' Below is an arrow directing us away from the 'Vendor' option and toward the 'Auto-Fix' option, 'Shift Ticket Resolution Left.'

    See Info-Tech’s blueprint Optimize the Service Desk With a Shift-Left Strategy.

    Info-Tech’s methodology for analyzing service desk tickets

    1. Import Your Ticket Data 2. Analyze Your Ticket Data 3. Communicate Your Insights
    Phase Steps
    1. Import Your Ticket Data
    1. Analyze High-Level Ticket Data
    2. Analyze Incidents, Service Requests, and Ticket Categories
    1. Build Recommendations
    2. Action and Communicate Your Ticket Data
    Phase Outcomes Enter your data into our tool. Compare your own ITSM ticket fields to improve ticket data moving forward. Use the Service Desk Ticket Analysis Tool as a guide to build your own operational dashboards to measure metrics over time. Gain actionable insights from your data. Use the data to communicate your findings to the business and leadership using the Ticket Analysis Report.

    Insight summary

    Slow down. Give yourself time.

    Give yourself time to observe the new metrics and draw enough insights to make recommendations for improvement. Then, execute on those recommendations. Slow and steady improvement of the service desk only adds business value and will have a positive impact on customer satisfaction.

    Iterate on what to track rather than trying to get it right the first time.

    Tracking the right data in your ticket can be challenging if you don’t know what you’re looking for. Start with standardized fields and iterate on your data analysis to figure out your gaps and needs.

    If you don’t know where to go, ticket data can point you in the right direction.

    If you have service desk challenges, you will need to allocate time to process improvement. However, prioritizing your initiatives is easier if you have the ticket data to point you in the right direction.

    Start with data from one business cycle.

    Service desks don’t need three years’ worth of data. Focus on gathering data for one business cycle (e.g. three months). That will give you enough information to start generating value.

    Let the data do the talking.

    Leverage the data to drive organizational and process change in your organization by tracking meaningful metrics. Choose those metrics using business-aligned goals.

    Paint the whole picture.

    Single metrics in isolation, even if measured over time, may not tell the whole story. Make sure you design tension metrics where necessary to get a holistic view of your service desk.

    Blueprint deliverables

    This blueprint’s key deliverable is a ticket analysis tool. Many of the activities throughout this blueprint will direct you to complete and interpret this tool. The other main deliverable is a stakeholder presentation template to help you document the outcomes of the project.
    Service Desk Ticket Analysis Tool Ticket Analysis Report
    Use this tool to identify trends and patterns in your ticket data to action improvement initiatives.

    Sample of the Service Desk Ticket Analysis Tool blueprint deliverable.

    Use this template to document the justification for addressing service desk improvement, the results of your analysis, and your next steps.

    Sample of the Ticket Analysis Report blueprint deliverable.

    Blueprint benefits

    IT Benefits

    • Discover and implement the proper metrics to improve your service desk
    • Use a data-based approach to improve your customer service and operational goals
    • Increase visibility with the business and other IT departments using a structured presentation

    Business Benefits

    • Quicker resolutions to incidents and service requests
    • Better expectations for the service desk and IT
    • Better visibility into the current state, challenges, and goals of the service desk
    • More effective support when contacting the service desk

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 3-4 calls over the course of 2-3 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Scope requirements, objectives, and your specific challenges. Enter your data into the tool.
    • Phase 2

    • Call #2: Assess the current state across the different dashboards.
    • Phase 3

    • Call #3: Identify improvements and insights to include in the communication report.
    • Call #4: Review the service desk ticket analysis report.

    PHASE 1

    Import Your Ticket Data

    This phase will walk you through the following activities:

    • 1.1.1 Define your objectives for analyzing ticket data
    • 1.1.2 Identify success metrics
    • 1.1.3 Import your ticket data into the tool
    • 1.1.4 Update your ticket fields for future analysis

    This phase involves the following participants:

    • Service Desk Manager
    • ITSM Manager
    • Service Desk Technician

    1.1.1 Define your objectives for analyzing ticket data

    Input: Understanding of current service desk process and ticket routing

    Output: Defined objectives for the project

    Materials: Whiteboard/flip charts, Ticket Analysis Report

    Participants: Service Desk Staff, Service Desk Manager, IT Director, CIO

    Use the discussion questions below as a guide
    1. Identify your main objective for analyzing ticket data. Use these three sample objectives as a starting point:
      • Demonstrate value to the business by improving customer service.
      • Improve service desk operations.
      • Reduce the number of recurring incidents.
    2. Answer the following questions as a group:
      • What challenges do you have getting accurate data for this objective?
      • What data is missing for supporting this objective?
      • What kind of issues must be solved for us to make progress on achieving this objective?
      • What decisions are held up from a lack of data?
      • How can better ticket data help us to more effectively manage our services and operations?

    Document in the Ticket Analysis Report.

    1.1.2 Identify success metrics

    Select metrics that will track your progress on meeting the objective identified in Activity 1.1.1.

    Input: Understanding of current service desk process and ticket routing

    Output: Defined objectives for the project

    Materials: Whiteboard/flip charts, Ticket Analysis Report

    Participants: Service Desk Manager, IT Director, CIO

    Use these sample metrics as a starting point:
    Demonstrate value to the business by improving customer service
    Ticket trends by category by month # tickets by business department % SLAs met by IT teams
    Average customer satisfaction rating % incident tickets closed in one day Service request SLAs met by % Annual IT satisfaction survey result
    Improve service desk operations
    Incident tickets assigned, sorted by age and priority Scheduled requests for today and tomorrow Knowledgebase articles due for renewal this month Top 5-10 tickets for the quarter
    Unassigned tickets by age # incident tickets assigned by tech Open tickets by category Backlog summary by age
    Reducing the number of recurring incidents
    # incidents by category and resolution code Number of problem tickets opened and resolved Correlation of ticket volume trends to events Reduction of volume of recurring tickets
    Use of knowledgebase by users Use of self-service for ticket creation Use of service catalog Use of automated features (e.g. password resets)
    Average call hold time % calls abandoned Average resolution time Number of tickets reopened

    Document in the Ticket Analysis Report.

    Inefficient ticket-handling processes lead to SLA breaches and unplanned downtime

    Analyze the ticket data to catch mismanaged or lost tickets that lead to unnecessary escalations and impact business profitability

    • Ticket Category – Are your tickets categorized by type of asset? By service?
    • Average Ticket Times – How long does it take to resolve or fulfill tickets?
    • Ticket Priority – What is the impact and urgency of the ticket?
    • SLA/OLA Violations – Did we meet our SLA objectives? If not, why?
    • Ticket Channel – How was the issue reported or ticket received?
    • Response and Fulfillment – Did we complete first contact resolution? How many times was it transferred?
    • Associated Tasks and Tickets – Is this incident associated with any other tasks like change tickets or problem tickets?

    Encourage proper ticket-handling procedures to enable data quality

    Ensure everyone understands the expectations and the value created from having ticket data that follows these expectations

    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along within the ticket to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Ticket templates for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledgebase article as the documented steps taken to resolve the incident.
    • Validate with the client that the incident is resolved; automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.

    Info-Tech Insight

    Ticket handling ensures clean handovers, whether it is to higher tiers or back to the customer. When filling the ticket out with information intended for another party, ensure the information is written for their benefit and from their point of view.

    Service Desk Ticket Analysis Tool overview

    The Service Desk Ticket Analysis Tool will help you standardize your ticket data in a meaningful format that will allow you to apply common analyses to identify the actions you need to take to improve service desk operations

    TABS 1 & 2
    INSTRUCTIONS & DATA ENTRY
    TAB 3 : TICKET SUMMARY
    TICKET SUMMARY DASHBOARDS
    TABS 4 to 8: DASHBOARDS
    INCIDENT SERVICE REQUEST CATEGORY
    Sample of the Service Desk Ticket Analysis Tool, tabs 1 & 2.
    Input at least three months of your exported ticket data into the corresponding columns in the tool to feed into the common analysis graphs in the other tabs.
    Sample of the Service Desk Ticket Analysis Tool, tab 3.
    This tab contains multiple dashboards analyzing how tickets come in, who requests them, who resolves them, and how long it takes to resolve them.
    Sample of the Service Desk Ticket Analysis Tool, tabs 4 to 8.
    These tabs each have dashboards outlining analysis on incidents and service requests. The category tab will allow you to dive deeper on commonly reported issues.

    1.1.3 Import your data into our Service Desk Ticket Analysis Tool

    You can still leverage your current data, but use this opportunity to improve your service desk ticket fields down the line

    Input: ITSM data log

    Output: Populated Service Desk Ticket Data Analysis Tool

    Materials: Whiteboard/flip charts, Service Desk Ticket Analysis Tool

    Participants: Service Desk Manager, Service Desk Technicians

    Start here:

    • Extract your ticket data from your ITSM tool in an Excel or text format.
    • Look at the fields on the data entry tab of the Service Desk Ticket Analysis Tool.
    • Fill the fields with your ticket data by copying and pasting relevant sections. It is okay if you don’t have all the fields, but take note of the fields you are missing.
    • With the list of the fields you are missing, run through the following activity to decide if you will need to adopt or add fields to your own service desk ticket tool.
    Fields Captured
    Ticket Number Open Date
    Open Time Closed Date
    Closed Time Intake Channel
    Time to Resolve Site Location
    First Contact Resolution Resolution Code
    Category (I, II, III) Ticket Type (Request or Incident)
    Status of Ticket Resolved by Tier
    Ticket Priority Requestor/Department
    SLA Fulfilled Subject
    Technician

    When entering your data, pay close attention to the following fields:

    • Time to Resolve: This is automatically calculated using data in the Open Date, Open Time, Close Date, and Close Time fields. You have three options for entering your data in these fields:
      1. Enter your data as the fields describe. Ensure your data contain only the field description (e.g. Open Date separated from Open Time). If your data contain Open Date AND Open Time, Excel will not show both.
      2. Enter your data only in Open Date and Close Date. If your ITSM does not separate date and time, you can keep the data in a single cell and enter it in the column. The formula in Time to Resolve will still be accurate.
      3. If your ITSM outputs Time to Resolve, overwrite the formula in the Time to Resolve column.
    • SLA: If your ITSM outputs SLA fulfilled: Y/N, enter that directly into the SLA Fulfilled column.
    • Blank Columns: If you do not have data for all the columns, that is okay. Continue with the following activity. Note that some stock dashboards will be empty if that is the case.
    • Incidents vs. Service Requests: If you separate incidents and service requests, be sure to capture that in the SR/Incident for Tabs 4 and 5. If you do not separate the two, then you will only need to analyze Tab 3.
    Fields Captured
    Ticket Number Open Date
    Open Time Closed Date
    Closed Time Intake Channel
    Time to Resolve Site Location
    First Contact Resolution Resolution Code
    Category (I, II, III) Ticket Type (Request or Incident)
    Status of Ticket Resolved by Tier
    Ticket Priority Requestor/Department
    SLA Fulfilled Subject
    Technician

    Use Info-Tech’s tool instead of building your own. Download the Service Desk Ticket Analysis Tool.

    1.1.4 Update your ticket fields for future analysis

    Input: Populated Service Desk Ticket Data Analysis Tool

    Output: New ticket fields to track

    Materials: Whiteboard/flip charts, Service Desk Ticket Analysis Tool

    Participants: Service Desk Manager, Service Desk Technicians

    As a group, pay attention to the ticket fields populated in the tool as well as the ticket fields that you were not able to populate. Use the example “Fields Captured” table to the right, which lists all fields present in the ticket analysis tool.

    Discuss the following questions:

    1. Consider the fields not captured. Would it be valuable to start capturing that data for future analysis?
    2. If so, does your ITSM support that field?
    3. Can you make the change in-house or do you have to bring in an external ITSM administrator to make the change?
    4. Capture the results in the Ticket Analysis Report.
    Example: Fields Captured - Fields Not Captured
    Ticket Number Open Date
    Open Time Closed Date
    Closed Time Intake Channel
    Time to Resolve Site Location
    First Contact Resolution Resolution Code
    Category (I, II, III) Ticket Type (Request or Incident)
    Status of Ticket Resolved by Tier
    Ticket Priority Requestor/Department
    SLA Fulfilled Subject
    Technician

    Document in the Ticket Analysis Report.

    Info-Tech Insight

    Don’t wait for your ticket quality to be perfect. You can still draw actions from your ticket data. They will likely be process improvements initially, but the exercise of pulling the data is a necessary first step.

    Common ticket fields tracked by your peers

    Which of these metrics do you track and action?

    • Remember you don’t have to track every metric. Only track metrics that are actionable.

    For each metric that you end up tracking:

    • Look for trends over time.
    • Brainstorm reasons why the metric could rise or fall.

    Associate a metric with each improvement you execute.

    • Performing this step will allow you to better see the value from your team’s efforts.
    • It will also give you a quicker response than waiting for spikes in your data.

    A bar chart of 'Metrics tracked by other organizations' with the x-axis populated by different metrics and the y-axis as '% organizations who track the metric'. The highest percentage of businesses track 'Ticket volume', then 'Ticket trends by category', then 'Tickets by business units'. The lowest three shown are 'Reopened tickets', 'Cost per ticket', and 'Other'.(Source: Info-Tech survey, 2021; N=20)

    PHASE 2

    Analyze Your Ticket Data

    This phase will walk you through the following activities:

    • 2.1.1 Review high-level ticket dashboards
    • 2.2.1 Review incident, service request, and ticket category dashboards

    This phase involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Visualize your ticket data as a first step to analysis

    Identifying trends is easier when looking at diagrams, graphs, and figures

    Start your analysis with common visuals employed by other service desk professionals

    • Phase 2 will walk you through visualizing your data to get a better understanding of your ticket intake, incident management, and service request management.
    • Each step will walk you through:
      • Common visualizations used by service desks
      • Patterns to look for in your visualizations
      • Actions to take to address negative patterns and to continue positive trends
    • Share diagrams that underscore both the value being provided by the service desk as well as the scope of the pain points. Use Info-Tech’s Ticket Analysis Report template as a starting point.

    “Being able to tell stories with data is a skill that’s becoming ever more important in our world of increasing data and desire for data-driven decision making. An effective data visualization can mean the difference between success and failure when it comes to communicating the findings of your study, raising money for your nonprofit, presenting to your board, or simply getting your point across to your audience.” - Cole Knaflic, Founder and CEO, Storytelling with Data: A Data Visualization Guide for Business Professionals

    Use the detailed dashboards to determine the next steps for improvement

    A single number doesn’t tell the whole picture

    Analyze trends over time:

    • Analyze trends by day, by week, by month, and by year to determine:
      • When are the busy periods? (E.g. Do tickets tend to spike every morning, every Monday, or every September?)
      • When are the slow periods? (E.g. Do tickets drop at the end of the day, at midday, on Fridays, or over the summer?)
    • Are spikes or drops in volume consistent trends or one-time anomalies?

    Then build a plan to address them:

    • How will you handle volume spikes, if they’re consistent?
    • What can your resources work on during slow times, if they are consistent?
    • If you assume no shrinkage, can you handle the peaks in volume if you make all FTEs available to work on tickets at a certain time of day?

    Sample of a bar chart comparing tickets that were 'Backlog versus Closed by Month Opened'.

    Look for seasonal trends. In this example, we see high ticket volumes in May and January, with lower ticket volumes in June and July when many staff are taking holidays. However, also be careful to look at the big picture of how you pulled the data. August through October sees a high volume of open tickets because the data set is pulled in November, not because there’s a seasonal spike on tickets not closing at the end of the fiscal year.

    Track ticket data over time

    Make low-effort adjustments before major changes

    Don’t rush to a decision based off the first numbers you see

    Review ticket summary dashboard

    Ideally, you should track ticket patterns over an entire year to get a full sense of trends within each month of the year. At minimum, track for 30 days, then 60, then 90, and see if anything changes. The longer you can track ticket patterns, the more accurate your picture will be.

    Review additional dashboards

    If you separate incidents and service requests, and you have accurate ticket categories, then you can use these dashboards to further break down the data to identify ticket trends.

    The output of the ticket analysis will only be as accurate as its input.
    To get the most accurate results, first ensure your data is accurate, then analyze it over as much time as possible. Aggregating with accurate data will give you a better picture of the trends in demand that your service desk sees.

    Not separating incidents and service requests? Need to fix your ticket categories? Visit Standardize the Service Desk to get started.

    Analyze incidents and requests separately

    Each type has its own set of customer experiences and expectations

    • Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.
    • If you fail to distinguish between ticket types, your metrics will obscure service desk performance.
    • From a ticket analysis standpoint, separating ticket types prior to analysis or, better yet, at intake allows for cleaner data. In turn, this means more structured analyses, better insights, and more meaningful actions. Not separating ticket types may still get you to the same conclusions, but it will be much more difficult to sift through the data.

    Incident

    An unanticipated interruption of a service.
    The goal of incident management is to restore the service as soon as possible, even if the resolution involves a workaround.

    Request

    A generic description for a small change or service access.
    Requests are small, frequent, and low risk. They are best handled by a process distinct from incident, change, and project management.

    Not separating incidents and service requests? Need to fix your ticket categories? Visit Standardize the Service Desk to get started.

    Step 2.1

    Analyze Your High-Level Ticket Data

    Dashboards
    • Ticket Volume
    • Ticket Intake
    • Ticket Handling and Resolution
    • Ticket Categorization

    This step will walk you through the following activities:

    Visualize the current state of your service desk.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Outcomes of this step

    Build your metrics baseline to compare with future metric results.

    Dashboards: Ticket Volume

    Example of a dashboard for ticket volume with two bar charts, one breaking down volume by month, and the other marking certain days or weeks in each month.

    Analyze your data for insights

    • Analyze volume trends by day, by week, by month, and by year to determine:
      • When are the busy periods? (E.g. Do tickets tend to spike every morning, every Monday, or every September?)
      • When are slow periods? (E.g. Do tickets drop at the end of the day, at midday, on Fridays, or over the summer?)
    • Are spikes or drops in volume consistent trends or one-time anomalies?
    • What can your resources be working on during slow times? Are you able to address ticket backlog?

    Dashboards: Ticket Intake

    Example of a dashboard for ticket intake with three bar charts, one breaking it down by 'Intake Channel', one by 'Requestor/Department', and one by 'Location'.

    Analyze your data for insights

    • Determine how to drive intake to the most appropriate solution for your organization:
      • A web portal is the most efficient intake method, but it must be user friendly to increase its adoption.
      • The phone should be available for urgent requests or incidents. Encourage those who call with a request to submit a ticket through the portal.
      • Discourage use of email if it is unstructured, as users don’t provide enough detail, and often two or three transactions are required for triage.
      • If walk-ups are encouraged, structure and formalize the support so it can be resourced and managed rather than interrupt-driven.

    Dashboard: Ticket Handling and Resolution

    Example of a dashboard for ticket handling and resolution with three bar charts, one breaking down 'Tickets Resolved by Technician', one by 'Tier', and one by 'Average Time to Resolve (Hours)'.

    Analyze your data for insights

    • Look at your ticket load by technician and by tier. This is an essential step to set your baseline to measure your shift-left initiatives. If you are focusing on self-service or Tier 1 training, the ticket load from higher tiers should decrease over time.
    • If Tiers 2 and 3 are handling the majority of the tickets, this could be a red flag indicating tickets are inappropriately escalated or Tier 1 could use more training and support.
    • For average time to resolve and average time to resolve by tier, are you meeting your SLAs? If not, are your SLAs too aggressive? Are tickets left open and not properly closed?

    Dashboard: Ticket Categorization

    Analyze your data for insights

    • Ticket categorization is critical to clean data. Having a categorization scheme with categories that are miscellaneous, too specific, or too general easily leads to inaccurate reporting or confusing workflows for technicians.
    • When looking at your ticket categories, first look for duplicate categories that could be collapsed into one.
    • Also look at your top five to seven categories and see if they make sense. Are these good candidates in your organization for automation or shift-left?
    • Compare your Tier 1 categories. The level of specificity for these categories should be comparable to easily run reports. If they are not, assess the need for a category redesign.

    Example of a dashboard for ticket categorization with one horizontal bar chart, 'Incident Ticket Volume by Level 1 Category'.

    Step 2.2

    Analyze Incidents, Service Requests, and Ticket Categories

    Dashboards
    • Incidents
    • Service Requests
    • Volume by Ticket Category
    • Resolution Times by Priority and/or Category
    • Tabs for More Granular Investigation and Reporting

    This step will walk you through the following activities:

    Visualize your incident and service request ticket load and analyze trends. Use this information and cross reference data sets to gain a holistic view of how the service desk interacts with IT and the business.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Outcomes of this step

    Gain actionable, data-driven improvements based on your incident and service request data. Show the value of the service desk and highlight improvements needed.

    Incident and Service Requests Dashboard: Priority and SLA

    Example of an Incident and Service Requests dashboard for priority and SLA with three charts, one breaking down 'Incident Priority', one 'Average time to resolve (in hours) by priority', and one '% of SLA met'.

    Analyze your data for insights

    • Your ticket priority distribution for overall load and time to resolve (TTR) should look something like above with low-priority tickets having higher load and TTR and high/critical-priority tickets having a lower load and lower TTR. If it is reversed, that is a good indication that the service desk is too reactive or isn’t properly prioritizing its work.
    • If your SLA has a high failure rate, consider reassessing your targets with SLOs that you can meet before publishing them as achievable SLAs.

    Incident and Service Requests Dashboard: Priority and SLA

    Example of an Incident and Service Requests dashboard for resolution and close with three bar charts, one breaking down 'Incident Volume by Resolution Code', one 'Incidents Resolved by Tier', and one 'Average time to resolve (in hours) by Resolution Code'.

    Analyze your data for insights

    • Examine your ticket handling by looking at ticket status and resolution codes.
      • If you have a lot of blanks, then tickets are not properly handled. Consider reinforcing your standards for close codes and statuses.
      • Alternatively, if tickets are left open, you may have to build follow-ups on stale tickets into your process or introduce proper auto-close processes.

    Category, Resolution Time, and Resolution Code Dashboards

    These PivotCharts allow you to dig deeper

    Investigate whether there are trends in ticket volume and resolution times within specific categories and subcategories

    Tab 6, Category Dashboard; tab 7, Resolution Time Dashboard; and tab 8, Resolution Code Dashboard are PivotCharts. Use these tabs to investigate whether there are trends in ticket volume, resolution times, and resolution codes within specific categories and subcategories.

    Start with the charts that are available. The +/- buttons will allow you to show more granular information. By default, this granularity will be into the levels of the ticket categorization scheme.

    For most categorization schemes, there will be too many categories to properly graph. You can apply a filter to investigate specific categories by clicking on the drop-down buttons.

    Example of dashboards featured on next slide

    Use these tabs for more granular investigation and reporting

    TAB 6
    CATEGORY DASHBOARD
    TAB 7
    RESOLUTION TIME DASHBOARD
    TAB 8
    RESOLUTION TIME DASHBOARD
    Sample of the 'Ticket Volume by Second, Third Level Category' dashboard tab.
    Investigate ticket distributions in first, second, and third levels. Are certain categories overcrowded, suggesting they can be split? Are certain categories not being used?
    Sample of the 'Average Resolution Times' dashboard tab.
    Do average resolution times match your service level agreements? Do certain categories have significantly different resolution times? Are there areas that can benefit from shift-left?
    Sample of the 'Volume of Resolution Codes' dashboard tab.
    Are resolution codes being accurately used? Are there trends in resolution codes? Are these codes providing sufficient information for problem management?

    PHASE 3

    Communicate Your Insights

    This phase will walk you through the following activities:

    • 3.1.1 Review common recommendations
    • 3.2.1 Review ticket reports daily
    • 3.2.2 Incorporate ticket data into retrospectives and team updates
    • 3.2.3 Regularly review trends with business leaders
    • 3.2.4 Tell a story with your data

    This phase involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Step 3.1

    Build Recommendations Based on Your Ticket Data

    Activities
    • 3.1.1 Review common recommendations

    This step will walk you through the following activities:

    Review common recommendations as a first step to extracting insights from your own data.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians

    Outcomes of this step

    You will gain an understanding of the common challenges with service desks and ticket analysis in general. See which ones apply to you to inform your ticket data analysis moving forward.

    Review these common recommendations

    1. Fix your ticket categories
      Organize your ticket categorization scheme for proper routing and reporting.
    2. Focus more on self-service
      Self-service is essential to enable shift-left strategies. Focus on knowledgebase processes and portal ease of use.
    3. Update your service catalog
      Improve your service catalog, if necessary, to make it easy for end users to request services and for the service desk to provide those services.
    4. Direct volume toward other channels
      Walk-ups make it more difficult to properly log tickets and assign service desk resources. Drive volume to other channels to improve your ticket quality.
    5. Crosstrain Tier 1 on certain topics
      Tier 1 breadth of knowledge is essential to drive up first contact resolution.
    6. Build more automation
      Identify bottlenecks and challenges with your ticket data to streamline ticket handling and resolution.
    7. Revisit service level agreements
      Update your SLAs and/or SLOs to prioritize expectation management for your end users.
    8. Improve your data quality
      You can only analyze data that exists. Revisit your ticket-handling guidelines and more regularly check tickets to ensure they comply with those standards.

    Optimize your processes and look for opportunities for automation

    Leverage Info-Tech research to improve service desk processes

    Review your service desk processes and tools for optimization opportunities:

    • Clearly establish ticket-handling guidelines.
    • Use ticket templates to reduce time spent entering tickets.
    • Document incident management and service request fulfillment workflows and eliminate any unnecessary steps.
    • Automate manual tasks wherever possible.
    • Build or improve a self-service portal with a knowledgebase to allow users to resolve their own issues, reducing incoming ticket volume to the service desk.
    • Optimize your internal knowledgebase to reduce time spent troubleshooting recurring issues.
    • Leverage AI capabilities to speed up ticket processing and resolution.

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Step 3.2

    Action and Communicate Your Ticket Data

    Activities
    • 3.2.1 Review your ticket queues daily
    • 3.2.2 Incorporate ticket data into retrospectives and team status updates
    • 3.2.3 Regularly review trends with business leaders
    • 3.2.4 Tell a story with your data

    This step will walk you through the following activities:

    Organize your scrums to report on the metrics that will inform daily and monthly operations.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Outcomes of this step

    Use the dashboards and data to inform your daily and monthly scrums.

    3.2.1 Review your ticket queues daily

    Clean data is still useless if not used properly

    • The metrics you’ve chosen to measure and visualize in the previous step are useful for informing your day-to-day, week-to-week, and month-to-month strategies for the service desk and IT. Conduct scrums daily to action your dashboard data to help clear ticket queues.
    • Reference your dashboards daily with each IT team.
    • You need to have a dashboard of open tickets assigned to each team.

    Review Daily

    • Ticket volume over the last day (look for spikes)
    • SLA breach risks/SLA breaches
    • Recurring incidents
    • Tickets open
    • Tickets handed over (confirmation of handover)

    3.2.2 Incorporate ticket data into retrospectives and team status updates

    Explain your metric spikes and trends

    • Hold weekly or monthly meetings to review the ticket trends selected during Phases 1 and 2 of this blueprint.
    • Review ticket spikes, identify seasonal trends, and discuss root causes (e.g. projects/changes going live, onboarding blitz).
    • Discuss any actions associated with spikes and seasonal trends (e.g. resource allocation, hiring, training).
    • You can incorporate other IT leaders or departments in this meeting as needed to discuss action items for improvement, quality assurance concerns, customer service concerns, and/or operating level agreement concerns.

    Review Weekly/Monthly

    • Ticket volume
    • Ticket category by priority level over time
    • Tickets from different business groups, VIP groups, and different vertical levels
    • Tickets escalated, tickets that didn’t need to be escalated, tickets that were incorrectly escalated
    • Ticket priority levels over time
    • Most requested services
    • Tickets resolved by which group over time
    • Ability to meet SLAs and OLAs over time by different groups

    3.2.3 Regularly review trends with business leaders

    Use your data to help improve business relationships

    Review the following with business leaders:

    • Volume of work done this past time cycle for the leader’s group
    • Trends and spikes in the data and possible explanations for them (note: get their input on the potential causes of trends)
    • Improvements you plan to execute within the service desk
    • Action items you need from the business leader

    Use your data to show the value you provide to the group. Schedule quarterly meetings with the heads of different business groups to discuss the work that the service desk does for each group.

    Show trends in incidents and service requests: “I see you have a spike in CRM tickets. I’ve been working with the CRM team to address this issue.”

    3.2.4 Tell a story with your data

    Effectively communicate with the business and leadership

    • With your visualized metrics, organize your story into a presentation for different stakeholder groups. You can use the Ticket Analysis Report as a starting point to provide data about:
      • Value provided by the service desk
      • Successes
      • Opportunities for Improvements
      • Current state of KPIs
    • Include information about the causes of data trends and actions you will take in response to the data.
    • For each of these themes, look at the metrics you’ve chosen to track and see which ones fit to tell the story. Let the data do the talking.
    • Consider supplementing the ticket data with data from other systems. For example, you can include data on transactional customer satisfaction surveys, knowledgebase utilization, and self-service utilization.

    Sample of the Ticket Analysis Report.

    Download the Ticket Analysis Report.

    Ticket Analysis Report

    Include the following information as you build your ticket analysis report:

    • Value Provided by the Service Desk
      Start with the value provided by the service desk to different areas of the business. Include information about first contact resolution, average resolution times, ticket volume (e.g. by category, priority, location, requestor).
    • Successes
      Successes is a general field that can include how process improvements have impacted the service desk or how initiatives have enhanced shift-left opportunities. Highlight any positive trends over time.
    • Opportunities for Improvement
      Let the data guide the conversation to where improvements can be made. Day-to-day ops, self-service tools, shifting work left from Tier 2, Tier 3, standardizing a non-standard service, and staffing adjustments are possibilities for this section.
    • Current State of KPIs
      Mean time to resolve, FCR, ticket volume, and end-user satisfaction are great KPIs to include as a starting point.

    Sample of the Ticket Analysis Report.

    Download the Ticket Analysis Report.

    Summary of Accomplishment

    Problem Solved

    You now have a better understanding of how to action your service desk ticket data, including improvements to your current ticket templates for incidents and service requests.

    You also have the data to craft a story to different stakeholder groups to celebrate the successes of the service desk and highlight possible improvements. Continue this exercise iteratively to continue improving the service desk.

    Remember, ticket analysis is not a single event but an ongoing initiative. As you track, analyze, and action more data, you will find more improvements.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Benedict Chang.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of dashboards we saw earlier. Sample of the 'Ticket Analysis Report'.
    Analyze your dashboards
    An analyst will walk through the ticket data and dashboards with you and your team to help interpret the data and tailor improvements
    Populate your ticket data report
    Given the action items from this solution set, an analyst will help you craft a report to celebrate the successes and highlight needed improvements in the service desk.

    Related Info-Tech Research

    Optimize the Service Desk With a Shift-Left Strategy

    The best type of service desk ticket is the one that doesn’t exist.

    Incident & Problem Management

    Don’t let persistent problems govern your department.

    Design & Build a User-Facing Service Catalog

    Improve user satisfaction with IT with a convenient menu-like catalog.

    Bibliography

    Bayes, Scarlett. “ITSM: 2021 & Beyond.” Service Desk Institute, 2021. Web.

    “Benchmarking Report v.9.” Service Desk Institute, 17 Jan. 2020. Web.

    Bennett, Micah. “The 9 Help Desk Metrics That Should Guide Your Customer Support.” Zapier, 3 Dec. 2015. Web.

    “Global State of Customer Service: The transformation of customer service from 2015 to present day.” Microsoft Dynamics 365, Microsoft, 2020. Web.

    Goodey, Ben. “How to Manually Analyze Support Tickets.” SentiSum, 26 July 2021. Web.

    Jadhav, Megha. “Four Metrics to Analyze When Using Ticketing Software.” Vision Helpdesk Blog, 21 Mar. 2016. Web.

    Knaflic, Cole Nussbaumer. Storytelling with Data: A Data Visualization Guide for Business Professionals. Wiley, 2015.

    Li, Ta Hsin, et al. “Incident Ticket Analytics for IT Application Management Services.” 2014 IEEE International Conference on Services Computing, 2014. Web.

    Olson, Sarah. “10 Help Desk Metrics for Service Desks and Internal Help Desks.” Zendesk Blog, Sept. 2021. Web.

    Paramesh, S.P., et al. “Classifying the Unstructured IT Service Desk Tickets Using Ensemble of Classifiers.” 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions (CSITSS), 2018. Web.

    Volini, Erica, et al. “2021 Global Human Capital Trends: Special Report.” Deloitte Insights, 21 July 2021. Web.

    “What Kind of Analysis You Can Perform on a Ticket Management System.” Commence, 3 Dec. 2019. Web.

    INFO-TECH RESEARCH GROUP

    Build a More Effective Brand Architecture

    • Buy Link or Shortcode: {j2store}571|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Neglecting to maintain the brand architecture can have the following consequences:

    • Inconsistent branding across product lines, services, and marketing communications.
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.

    Our Advice

    Critical Insight

    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Impact and Result

    Establishing and upholding a well-defined brand architecture is critical to achieve:

    • Easy recognition and visibility
    • Consistent branding
    • Operational efficiency
    • Customer loyalty
    • Ability to easily adapt to changes
    • Competitive differentiation
    • Distinctive brand image
    • Business success

    Build a More Effective Brand Architecture Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a More Effective Brand Architecture Storyboard – Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    We recommend a two-step approach that involves defining or reimagining the brand architecture. This means choosing the right strategy by analyzing the current brand portfolio, identifying the core brand elements, and determining and developing the structure that fits with the brand and business goals. A well-thought-out brand architecture also facilitates the integration of new brands and new product launches.

    • Build a More Effective Brand Architecture Storyboard

    2. Brand Architecture Strategy Template – The brand architecture template is a tool for creating a coherent brand identity.

    Create a brand identity that helps you launch new products and services, prepare for acquisitions, and modify your brand strategy. Allocate resources more effectively and identify new opportunities for growth. A brand architecture can provide insights into how different brands fit together and contribute to the overall brand strategy.

    • Brand Architecture Strategy Template

    Infographic

    Workshop: Build a More Effective Brand Architecture

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Brand Mind Mapping

    The Purpose

    The brand mind mapping workshop is an exercise that helps with visualizing brand architecture and improving coherence and effectiveness in brand portfolio management.

    Key Benefits Achieved

    This exercise can help businesses:

    Allocate their resources more effectively.

    Identify new opportunities for growth.

    Gain a competitive advantage in their market.

    Activities

    1.1 Brand Mind Mapping

    Outputs

    Visual representation of the brand architecture and its various components

    Further reading

    Build a More Effective Brand Architecture

    Strategically optimize your portfolio to increase brand recognition and value.

    Analyst perspective

    Brand Architecture

    Nathalie Vezina, Marketing Research Director, SoftwareReviews Advisory

    Nathalie Vezina
    Marketing Research Director
    SoftwareReviews Advisory

    This blueprint highlights common brand issues faced by companies, such as inconsistencies in branding and sub-branding due to absent or inadequate planning and documentation or non-compliance with the brand architecture. It emphasizes the importance of aligning or modifying the company's brand strategy with the existing architecture to create a consistent brand when launching new products, services, or divisions or preparing for acquisitions.

    Changing the brand architecture can be challenging, as it often requires significant resources, time, and effort. Additionally, there may be resistance from stakeholders who have become attached to the existing brand architecture and may not see the value in making changes. However, it's important for companies to address suboptimal brand architecture to ensure consistency and clarity in brand messaging and support business growth and success.

    This blueprint guides brand leaders on building and updating their brand architecture for optimal clarity, consistency, adaptability, and efficiency.

    Executive summary

    Your Challenge Common Obstacles SoftwareReviews’ Approach
    A company's brand architecture can help brand managers build a stronger brand that supports the company's goals and increases brand value. Failing to maintain the brand architecture can have the following consequences:
    • Inconsistent branding across product lines, services, and marketing communications
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.
    Establishing and maintaining a clear brand architecture can pose significant issues for brand leaders. Despite these obstacles, defining the brand architecture can yield substantial benefits for businesses. Common constraints are:
    • Lack of knowledge on the subject, resulting in difficulties securing buy-in from stakeholders.
    • Siloed teams and competing priorities.
    • Limited resources and time constraints.
    • Resistance to change from employees or customers.
    • Inconsistent execution and adherence to brand guidelines.
    • Lack of communication and coordination when acquiring new brands.
    With focused and effective efforts and guidance, brand leaders can define or reimagine their brand architecture. Developing and maintaining a clear and consistent brand architecture involves:
    • Defining the brand architecture strategy.
    • Analyzing the current brand portfolio and identifying the core brand elements.
    • Determining and developing the proper brand structure.
    • Updating brand guidelines and messaging.
    • Rolling out the brand architecture across touchpoints and assets.
    • Facilitating the integration of new brands.
    • Monitoring and adjusting the architecture as needed for relevance to business goals.

    "[B]rand architecture is like a blueprint for a house...the foundation that holds all the pieces together, making sure everything fits and works seamlessly."
    Source: Verge Marketing

    The basics of brand architecture

    The significance of brand hierarchy organization

    Brand architecture is the hierarchical organization and its interrelationships. This includes shaping the brand strategy and structuring the company's product and service portfolio.

    A well-designed brand architecture helps buyers navigate a company's product offerings and creates a strong brand image and loyalty.

    A company's brand architecture typically includes three levels:

    • Master or parent brand
    • Sub-brands
    • Endorsed brands

    Choosing the right architecture depends on business strategy, products and services, and target audience. It should be reviewed periodically as the brand evolves, new products and services are launched, or new brands are acquired.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Enhancing a company's brand hierarchy for better business outcomes

    Maximize brand strategy with a well-defined and managed brand architecture.

    Align brand architecture with business goals
    A well-defined brand architecture aligned with business objectives contributes to building brand recognition, facilitating brand extension, and streamlining brand portfolio management. In addition, it improves marketing effectiveness and customer experience.
    With a clear and consistent brand architecture, companies can strengthen their brand equity, increase awareness and loyalty, and grow in their competitive environment.

    Effectively engage with the desired buyers
    A clear and consistent brand architecture enables companies to align their brand identity and value proposition with the needs and preferences of their target audience, resulting in increased customer loyalty and satisfaction.
    Establishing a unique market position and reinforcing brand messaging and positioning allows companies to create a more personalized and engaging customer experience, driving business growth.

    Maintain a competitive edge
    An effective brand architecture allows companies to differentiate themselves from their competitors by establishing their unique position in the market. It also provides a structured framework for introducing new products or services under the same brand, leveraging the existing one.
    By aligning their brand architecture with their business objectives, companies can achieve sustainable growth and outperform their competitors in the marketplace.

    "A well-defined brand architecture provides clarity and consistency in how a brand is perceived by its audience. It helps to create a logical framework that aligns with a brand's overall vision and objectives."
    Source: LinkedIn

    Pitfalls of neglecting brand guidelines

    Identifying the negative effects on business and brand value.

    Deficient brand architecture can manifest in various ways.

    Here are some common symptoms:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line

    Brand architecture helps to ensure that your company's brands are aligned with your business goals and objectives, and that they work together to create a cohesive and consistent brand image.

    The most common obstacles in developing and maintaining a clear brand architecture

    Establishing and maintaining a clear brand architecture requires the commitment of the entire organization and a collaborative effort.

    Lack of stakeholder buy-in > Resistance to change

    Siloed teams > Inconsistent execution

    Limited resources > Lack of education and communication

    Types of brand architectures

    Different approaches to structuring brand hierarchy

    Brand architecture is a framework that encompasses three distinct levels, each comprising a different type of branding strategy.

    Types of brand architectures

    Examples of types of brand architectures

    Well-known brands with different brand and sub-brands structures

    Examples of types of brand architectures

    Pros and cons of each architecture types

    Different approaches to organizing a brand portfolio

    The brand architecture impacts the cohesiveness, effectiveness, and market reach. Defining or redefining organization changes is crucial for company performance.

    Branded House Endorsed Brands House of Brands
    Other Designations
    • "Monolithic brands"
    • "Sub-brands"
    • "Freestanding brands"
    Description
    • Single brand name for all products/services
    • Creates a unique and powerful image that can easily be identified
    • The master brand name endorses a range of products/services marketed under different sub-brands
    • Decentralized brands
    • Can target diverse markets with separate brand names for each product/service
    Marketing & Comms
    • Highly efficient
    • Eliminates split branding efforts by product/service
    • Product differentiation and tailoring messages to specific customer segments are limited
    • Each brand has its unique identity
    • Benefit from the support and resources of the master brand
    • Allows for unique branding and messaging per products/services for specific customer segments
    • Can experiment with different offerings and strategies
    Impact on Sales
    • Good cross-selling opportunities by leveraging a strong brand name
    • Benefit from the master brand's credibility, building customer trust and increasing sales
    • Tailored marketing to specific segments can increase market share and profitability
    • Creates competitive advantage and builds loyalty
    Cost Effectiveness
    • Cost-effective
    • No separate branding efforts per product/service
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    Reputation and Image
    • More control over the brand image, messages, and perception, leading to strong recognition
    • Increased vulnerability to negative events can damage the entire brand, products/services offered
    • Mitigated risk, protecting the master brand's reputation and financial performance
    • Negative events with one brand can damage the master and other brands, causing a loss of credibility
    • Reduced risk, safeguarding the master brand's reputation and financial performance
    • Each brand builds its own equity, enhancing the company's financial performance and value
    Consistency
    • Ensures consistency with the company's brand image, values, and messaging
    • Helps build trust and loyalty
    • Inconsistent branding and messaging can cause confusion and misunderstandings
    • Unclear link between master/endorsed brands
    • Reduces trust and brand loyalty
    • Difficult to establish a clear and consistent corporate identity
    • Can reduce overall brand recognition and loyalty

    Brand naming decision tree

    Create a naming process for brand alignment and resonance with the target audience

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Brand naming decision tree

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Advantages of defining brand architecture

    Maximize your brand potential with a clear architecture strategy.

    Clear offering

    Adaptability

    Consistent branding

    Competitive differentiation

    Operational efficiency

    Strong brand identity

    Customer loyalty

    Business success

    "Responding to external influences, all brands must adapt and change over time. A clear system can aid in managing the process, ensuring that necessary changes are implemented effectively and efficiently."
    Source: The Branding Journal

    SoftwareReviews' brand architecture creation methodology

    Develop and Implement a Robust Brand Architecture

    Phase Steps

    Step 1 Research and Analysis
    1.1 Define brand architecture strategy
    1.2 Brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture

    Phase Outcomes
    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments are made on an ongoing basis for consistency and relevance to business goals

    Insight summary

    Brand Architecture: Organize and manage your portfolio of brands
    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Aligning brand architecture to business strategy
    Effective brand architecture aligns with the company's business strategy, marketing objectives, and customer needs. It provides clarity and coherence to the brand portfolio, helps customers navigate product offerings, and maximizes overall equity of the brand.

    Choosing between three types of brand architecture
    A company's choice of brand architecture depends on factors like product range, target markets, and strategic objectives. Each approach, Branded House, Endorsed, or House of Brands, has its own pros and cons, and the proper option relies on the company's goals, resources, and constraints.

    A logical brand hierarchy for more clarity
    The order of importance of brands in the portfolio, including the relationships between the master and sub-brands, and the positioning of each in the market is fundamental. A clear and logical hierarchy helps customers understand the value proposition of each brand and reduces confusion.

    A win-win approach
    Clear brand architecture can help customers easily navigate and understand the product offering, reinforce the brand identity and values, and improve customer loyalty and retention. Additionally, it can help companies optimize their marketing strategies, streamline their product development and production processes, and maximize their revenue and profitability.

    Brand architecture, an ongoing process
    Brand architecture is not a one-time decision but an ongoing process that requires regular review and adjustment. As business conditions change, companies may need to revise their brand portfolio, brand hierarchy, or brand extension and acquisition strategies to remain competitive and meet customer needs.

    Brand architecture creation tools

    This blueprint comes with tools to help you develop your brand architecture.

    Brand Architecture Toolkit

    This kit includes a Brand Architecture Mini-Audit, a Brand Architecture template, and templates for Brand Matrix, Ecosystem, and Development Strategy.

    Use this kit to develop a strong brand architecture that aligns with your business goals, clarifies your brand portfolio, and enhances overall brand equity.

    Brand Architecture Toolkit

    Brand Architecture

    Develop a robust brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Consequences of Neglected Brand Guidelines

    When a company neglects its brand architecture and guidelines, it can result in a number of negative consequences, such as:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line.

    Benefits of SoftwareReviews' Methodology

    By following SoftwareReviews' methodology to develop and maintain a brand architecture, businesses can:

    • Establish a unique market position and stand out from competitors
    • Ensure that marketing efforts are focused and effective
    • Create personalized and engaging customer experiences
    • Reinforce messaging and positioning
    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness

    Marq, formerly Lucidpress, surveyed over 400 brand management experts and found that "if the brand was consistent, revenue would increase by 10-20%."

    Methodology for Defining Brand Architecture

    Who benefits from this research?

    This research is designed for:

    • Organizations that value their brand and want to ensure that it is communicated effectively and consistently across all touchpoints.
    • Business owners, marketers, brand managers, creative teams, and anyone involved in the development and implementation of brand strategy.

    This research will also assist:

    • Sales and customer experience teams
    • Channel partners
    • Buyers

    This research will help you:

    • Establish a unique market position and stand out from competitors.
    • Create a more personalized and engaging customer experience.
    • Ensure that marketing efforts are focused and effective.
    • Reinforce brand messaging and positioning.

    This research will help them:

    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness
    • Drive business growth and profitability.

    SoftwareReviews offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
    Included Within Advisory Membership Optional Add-Ons

    Guided Implementation

    What does a typical GI on this topic look like?

    Research & Analysis
    Call #1: Discuss brand architecture strategy (define objectives, scope and stakeholders). Call #3: Identify core brand components and ensure they align with the brand strategy. Call #5: Develop or update brand guidelines. Optional Calls:
    • Brand Diagnostic
    • Brand Strategy and Tactics
    • Brand Voice Guidelines
    • Asset Creation and Management
    • Brand Messaging
    Call #2: Conduct a brand audit. Call #4: Define and document the brand hierarchy. Call #6: Roll out the brand architecture and monitoring.

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    Brand Mind Mapping Workshop Overview

    Total duration: 3-4 hours

    Activities
    Visually map out the different elements of your brand portfolio, including corporate brands, sub-brands, product brands, and their relationships with each other.

    The workshop also aims to explore additional elements, such as brand expansions, acquisitions, and extensions, and brand attributes and positioning.

    Deliverables
    Get a mind map that represents the brand architecture and its various components, which can be used to evaluate and improve the overall coherence and effectiveness of the brand portfolio. The mind map can also provide insights into how different brands fit together and contribute to the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template, slides 7 and 8

    Brand Mind Mapping

    Contact your account representative for more information
    workshops@infotech.com | 1-888-670-8889

    Get started!

    Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    Develop and Implement a Robust Brand Architecture

    Step 1 Research and Analysis
    1.1 Define architecture strategy
    1.2 Perform brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture

    Phase Outcome

    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments made on an ongoing basis for consistency and relevance to business goals

    Develop and implement a robust brand architecture

    Steps 1.1, 1.2 & 1.3 Define architecture strategy, audit brand, and identify core elements.

    Total duration: 2.5-4.5 hours

    Objective
    Define brand objectives (hierarchy, acquired brand inclusion, product distinction), scope, and stakeholders. Analyze the brand portfolio to identify gaps or inconsistencies. Identify brand components (name, logo, tagline, personality) and align them with the brand and business strategy.

    Output
    By completing these steps, you will assess your current brand portfolio and evaluate its consistency and alignment with the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Diagnose Brand Health to Improve Business Growth Blueprint (optional)
    • Brand Awareness Strategy Template (optional)

    1.1 Define Brand Architecture Strategy
    (60-120 min.)

    Define

    Define brand objectives (hierarchy, inclusion of an acquired brand, product distinction), scope, and stakeholders.

    1.2 Conduct Brand Audit
    (30-60 min.)

    Assess

    Assess the state of your brand architecture using the "Brand architecture mini-audit checklist," slide 9 of the Brand Architecture Strategy Template. Check the boxes that correspond to the state of your brand architecture. Those left unchecked represent areas for improvement.

    For a more in-depth analysis of your brand performance, follow the instructions and use the tools provided in the Diagnose Brand Health to Improve Business Growth blueprint (optional).

    1.3 Identify Core Brand Elements
    (60-90 min.)

    Identify

    Define brand components (name, logo, tagline, personality). Align usage with strategy. You can develop your brand strategy, if not already existing, using the Brand Awareness Strategy Template (optional).

    Tip!

    Continuously monitor and adjust your brand architecture - it's not static and should evolve over time. You can also adapt your brand strategy as needed to stay relevant and competitive.

    Develop and implement a robust brand architecture

    Steps 2.1. 2.2 & 2.3 Develop brand hierarchy, guidelines, and rollout architecture.

    Total duration: 3.5-5.5 hours

    Objective
    Define your brand structure and clarify the role and market position of each. Create concise brand expression guidelines, implement them across all touchpoints and assets, and adjust as needed to stay aligned with your business goals.

    Output
    This exercise will help you establish and apply your brand structure, with a plan for ongoing updates and adjustments to maintain consistency and relevance.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template
    • Brand Voice Guidelines
    • Brand Messaging Template
    • Asset Creation and Management List Template

    2.1 Determine Brand Hierarchy
    (30-60 min.)

    Analyze & Document

    In the Brand Architecture Strategy Template, complete the brand matrix, ecosystem, development strategy matrix, mind mapping, and architecture, to develop a strong brand architecture that aligns with your business goals and clarifies your brand portfolio and market position.

    2.2 Develop/Update Brand Guidelines
    (120-180 min.)

    Develop/Update

    Develop (or update existing) clear, concise, and actionable brand expression guidelines using the Brand Voice Guidelines and Brand Messaging Template.

    2.2 Rollout Brand Architecture
    Preparation (60-90 min.)

    Create & Implement

    Use the Asset Creation and Management List Template to implement brand architecture across touchpoints and assets.

    Monitor and Adjust

    Use slide 8, "Brand Strategy Development Matrix," of the Brand Architecture Strategy Template to identify potential and future brand development strategies to build or enhance your brand based on your current brand positioning and business goals. Monitor, and adjust as needed, for relevance to the brand and business strategy.

    Tip!

    Make your brand architecture clear and simple for your target audience, employees, and stakeholders. This will avoid confusion and help your audience understand your brand structure.

    Prioritizing clarity and simplicity will communicate your brand's value proposition effectively and create a strong brand that resonates with your audience and supports your business goals.

    Related SoftwareReviews research

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix them.

    • Increase brand awareness and equity.
    • Build trust and improve customer retention and loyalty.
    • Achieve higher and faster growth.

    Accelerate Business Growth and Valuation by Building Brand Awareness

    Successfully build awareness and help the business grow. Stand out from the competition and continue to grow in a sustainable way.

    • Get a clear understanding of the buyer's needs and your key differentiator.
    • Achieve strategy alignment and readiness.
    • Create and manage assets.

    Bibliography

    "Brand Architecture: Definition, Types, Strategies, and Examples." The Branding Journal, 2022.

    "Brand Architecture: What It Is and How to Build Your Brand's Framework." HubSpot, 2021.

    "Brand Architecture Framework." Verge Marketing, 2021.

    "Brand consistency-the competitive advantage and how to achieve it." Marq/Lucidpress, 2021.

    "Building brands for growth: A fresh perspective." McKinsey & Company. Accessed on 31 March 2023.

    Daye, Derrick. "Brand Architecture Strategy Guide." Branding Strategy Insider, The Blake Project, 13 May 2021.

    Todoran, Adrian. "Choosing the Perfect Brand Architecture Strategy for Your Business." LinkedIn, 2023.

    Take a Realistic Approach to Disaster Recovery Testing

    • Buy Link or Shortcode: {j2store}414|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    You have made significant investments in availability and disaster recovery – but your ability to recover hasn’t been tested in years. Testing will:

    • Improve your DR capabilities.
    • Identify required changes to planning documentation and procedures.
    • Validate DR capabilities for interested customers and auditors.

    Our Advice

    Critical Insight

    • If you treat testing as a pass/fail exercise, you aren’t meeting the end goal of improving organizational resilience.
    • Focus on identifying gaps and risks, and addressing them, before a real disaster hits.
    • Take a realistic, iterative approach to resilience testing that starts with small, low-risk tests and builds on lessons learned.

    Impact and Result

    • Identify testing scenarios and scope that can deliver value to your organization.
    • Create practical test plans with Info-Tech’s template.
    • Demonstrate value from testing to gain buy-in for additional tests.

    Take a Realistic Approach to Disaster Recovery Testing Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take a Realistic Approach to Disaster Recovery Testing Storyboard – A guide to establishing a right-sized approach to DR testing that delivers durable value to your organization.

    Use this research to understand the different types of tests, prioritize and plan tests for your organization, review the results, and establish a cadence for testing.

    • Take a Realistic Approach to Disaster Recovery Testing Storyboard

    2. Disaster Recovery Test Plan Template – A template to document your organization's DR test plan.

    Use this template to document scope and goals, participants, key pre-test milestones, the test-day schedule, and your findings from the testing exercise.

    • Disaster Recovery Test Plan Template

    3. Disaster Recovery Testing Program Summary – A template to outline your organization's DR testing program.

    Identify the tests you will run over the next year and the expertise, governance, process, and funding required to support testing.

    • Disaster Recovery Testing Program Summary

    [infographic]

     

    Further reading

    Take a Realistic Approach to Disaster Recovery Testing

    Reduce costly downtime with a right-sized testing program that improves IT resilience.

    Analyst Perspective

    Reduce costly downtime with a right-sized testing program that improves IT resilience.

    Andrew Sharp

    Most businesses make significant investments in disaster recovery and technology resilience. Redundant sites and systems, monitoring, intrusion prevention, backups, training, documentation: it all costs time and money.

    But does this investment deliver expected value? Specifically, can you deliver service continuity in a way that meets business requirements?

    You can’t know the answer without regularly testing recovery processes and systems. And more than just validation, testing helps you deliver service continuity by finding and addressing gaps in your plans and training your staff on recovery procedures.

    Use the insights, tools, and templates in this research to create a streamlined and effective resilience testing program that helps validate recovery capabilities and enhance service reliability, availability, and continuity.

    Andrew Sharp

    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    You have made significant investments in availability and disaster recovery (DR) – but your ability to recover hasn’t been tested in years. Testing will:

    • Improve your DR capabilities.
    • Identify required changes to planning documentation and procedures.
    • Validate DR capabilities for interested customers and auditors.

    Common Obstacles

    Despite the value testing can offer, actually executing on DR tests is difficult because:

    • Testing is often an IT-driven initiative, and it can be difficult to secure business buy-in to redirect resources away from other urgent projects or accept risks that come with testing.
    • Previous tests have been overly complex and challenging to coordinate and leave a hangover so bad that no one wants to do them again.

    Info-Tech's Approach

    Take a realistic approach to resilience testing by starting with small, low-risk tests, then iterating with the lessons you’ve learned:

    • Identify testing scenarios and scope that can deliver value to your organization.
    • Create practical test plans with Info-Tech’s template.
    • Get buy-in for regular DR testing from key stakeholders with a testing program summary.

    Info-Tech Insight

    If you treat testing as a pass/fail exercise, you aren’t meeting the end goal of improving organizational resilience. Focus on identifying gaps and risks so you can address them before a real disaster hits.

    Process and Outputs

    This research is accompanied by templates to help you achieve your goals faster.

    1 - Establish the business rationale for DR testing.
    2 - Review a range of options for testing.
    3 - Prioritize tests that are most valuable to your business.
    4 - Create a disaster recovery test plan.
    5 - Establish a Test Program to support a regular testing cycle.

    Outputs:

    DR Test Plan
    DR Testing Program Summary

    Example Orange Activity slide.
    Orange activity slides like the one on the left provide directions to help you make key decisions.

    Key Deliverable:

    Disaster Recovery Test Plan Template

    Build a plan for your first disaster recovery test.

    This document provides a complete example you can use to quickly build your own plan, including goals, milestones, participants, the test-day schedule, and findings from the after-action review.

    Why test?

    Testing helps you avoid costly downtime

    • In a disaster scenario, speed matters. Immediately after an outage, the impact on the organization is small, but impact increases rapidly the longer the outage continues.
    • A quick and reliable response and recovery can protect the organization from significant losses.
    • A DRP testing and maintenance program helps ensure you’re ready to recover when you need to, rather than figuring it out as you go.

    “Routine testing is vital to survive a disaster… that’s when muscle memory sets in. If you don’t test your DR plan it falls [in importance], and you never see how routine changes impact it.”

    – Jennifer Goshorn
    Chief Administrative Officer
    Gunderson Dettmer LLP

    Info-Tech members estimated even one day of system downtime could lead to significant revenue losses. Estimated loss of revenue over 24 hours. Core Infrastructure has the highest potential for lost revenue.

    Average estimated potential loss* in thousands of USD due to a 24-hour outage (N=41)

    *Data aggregated from 41 business impact analyses (BIAs) conducted with Info-Tech advisory assistance. BIAs evaluate potential revenue loss due to a full day of system downtime, at the worst possible time.

    Run tests to enhance disaster recovery plans

    Testing improves organizational resilience

    • Identify and address gaps in your plans before a real disaster strikes.
    • Cross-train staff on systems recovery.
    • Go beyond testing technology to test recovery processes.
    • Establish a culture that centers resilience in everyday decision-making.

    Testing keeps DR documentation ready for action

    • Update documentation ahead of tests to prepare for the testing exercise.
    • Update documentation after testing to incorporate any lessons learned.

    Testing validates that investments in resilience deliver value

    • Confirm your organization can meet defined recovery time objectives (RTOs) and recovery point objectives (RPOs).
    • Provide proof of testing for auditors, prospective customers, and insurance applications

    Overcome testing challenges

    Despite the value of effective recovery testing, most IT organizations struggle to test recovery plans

    Common challenges

    • Key resources don’t have time for testing exercises.
    • You don’t have the technology to support live recovery testing.
    • Tests are done ad hoc and lessons learned are lost.
    • A lack of business support for test exercises as the value isn’t understood.
    • Tests are always artificially simple because RTOs and RPOs must be met to satisfy customer or auditor inquiries

    Overcome challenges with a realistic approach:

    • Start small with tabletop and recovery tests for specific systems.
    • Include recovery tests in operational tasks (e.g. restore systems when you have a maintenance window).
    • Create testing plans for larger testing exercises.
    • Build on successful tests to streamline testing exercises in the future.
    • Don’t make testing a pass-fail exercise. Focus on identifying gaps and risks so you can address them before a real disaster hits.

    Go beyond traditional testing

    Different test techniques help validate recovery against different threats

    • There are many threats to service continuity, including ransomware, severe weather events, geopolitical conflict, legacy systems, staff turnover, and day-to-day outages caused by human error, software updates, hardware failures, or network outages.
    • At its core, disaster recovery planning is about recovery. A plan for service recovery will help you mitigate against many threats at once. The testing approaches on the right will help you validate different aspects of that recovery process.
    • This research will provide an overview of the approaches outlined on the right and help you prioritize tests that are most valuable to your organization.
    Different test techniques for disaster recover training: System Failover tests, tabletop exercises, ransomware recovery tests, etc.

    00 Identify a working group

    30 minutes

    Identify a group of participants who can fill the following roles and inform the discussions around testing in this research. A single person could fill multiple roles and some roles could be filled by multiple people. Many participants will be drawn from the larger DRP team.

    Roles and expectations for Disaster Recovery Planning. DRP sponsor, Testing coordinator, System testers, business liaisons, executive team.

    Input

    • Organizational context

    Output

    • A list of key participants for test planning and execution

    Participants

    • Typically, start by identifying the sponsor and coordinator and have them identify the other members of the working group.

    Start by updating your disaster recovery plan (DRP)

    Use Info-Tech’s Create a Right-Sized Disaster Recovery Plan research to identify recovery objectives based on business impact and outline recovery processes. Both are tremendously valuable inputs to your test plans.

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT services (e.g. applications and infrastructure) following a disruption. A DRP:

    • Identifies critical applications and dependencies.
    • Defines appropriate recovery objectives based on a business impact analysis (BIA).
    • Creates a step-by-step incident response plan.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit. A business continuity plan (BCP) is also sometimes called a continuity of operations plan (COOP).

    BCPs are created and owned by each business unit, and creating a BCP requires deep involvement from the leadership of each business unit.

    Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    01 Confirm: why test at all?

    15-30 minutes

    Identify the value recovery testing for your organization. Use language appropriate for a nontechnical audience. Start with the list below and add, modify, or delete bullet points to reflect your own organization.

     

    Drivers for testing – Examples:

     

    • Improve service continuity.
    • Identify and address gaps in recovery plans before a real disaster strikes.
    • Cross-train staff on systems recovery to minimize single points of failure.
    • Identify how we coordinate across teams during a major systems outage.
    • Exercise both recovery processes and technology.
    • Support a culture that centers system resilience in everyday decision-making.
    • Keep recovery documentation up-to-date and ready for action.
    • Confirm that our stated recovery objectives can be met.
    • Provide proof of testing for auditors, prospective customers, and insurance applications.
    • We require proof of testing to pass audits and renew cybersecurity insurance.

    Info-Tech Insight

    Time-strapped technical staff will sometimes push back on planning and testing, objecting that the team will “figure it out” in a disaster. But the question isn’t whether recovery is possible – it’s whether the recovery aligns with business needs. If your plan is to “MacGyver” a solution on the fly, you can’t know if it’s the right solution for your organization.

    Input

    • Business drivers and context for testing

    Output

    • Specific goals that are driving testing

    Participants

    • DR sponsor
    • Test coordinator

    Think about what and how you test

    Different layers of the stack to test: Network, Authentication, compute and storage, visualization platforms, database services, middleware, app servers, web servers.

    Find gaps and risks with tabletop testing

    Tabletop planning had the greatest impact on meeting recovery objectives (RTOs/RPOs).

    In a tabletop planning exercise, the team walks through a disaster scenario to outline the recovery workflow, and risks or gaps that could disrupt that workflow.

    Tabletops are particularly effective because:

    • It enables you to play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more easily than other testing methodologies.
    • The exercise translates into recovery documentation: you create a workflow as you go.
    • A major site or service recovery scenario will review all aspects of the recovery process and create the backbone of your recovery plan.

    02 Run a tabletop exercise

    2 hours

    Tabletop testing is part of our core DRP methodology, Create a Right-Sized Disaster Recovery Plan. This exercise can be run using cue cards, sticky notes, or on a whiteboard; many of our facilitators find building the workflow directly in flowchart software to be very effective.

    Use our Recovery Workflow Template as a starting point.

    Some tips for running your first tabletop exercise:

    Do

    • Review the complete workflow from notification all the way to user acceptance testing.
    • Keep focused; stay on task and on time.
    • Revisit each step and record gaps and risks (and known solutions, but don’t dwell on this).
    • Revise and improve the plan with task owners.

    Don't

    • Get weighed down by tools.
    • Try to find solutions to every gap/risk as you go. Save in-depth research/discussion for later.
    • Document the details right away – stick to the high-level plan for the first exercise.
    1. Ahead of the exercise, decide on a scenario, identify participants, and book a meeting time.
      • For your first walkthrough of a DR scenario, we often recommend a scenario that considers a site failure requiring failover to a DR site.
      • For the first exercise, focus on technical aspects of recovery before bringing in members of the business. The technical team may need space to discuss the appropriate steps in the recovery process before you bring in business liaisons to discuss user acceptance testing (UAT).
      • A complete failover considers all systems, the viability of your second site, and can help identify parts of the process that require additional exercises.
    2. Review the scenario with participants. Then, discuss and document the recovery process, starting with initial notification of an event.
      • Record steps in the process on white cards or boxes.
      • On yellow and red cards, document gaps and risks in people process and technology requirements.
    3. Once you’ve walked through the process, return to the start.
      • Record the time required to complete each step. Consider identifying who is responsible for key steps. Identify any additional gaps and risks.
    4. Clean up and record the results of the workflow. Save a copy with your DRP documentation.

    Input

    • Expert knowledge on systems recovery

    Output

    • Recovery workflow, including gaps and risks

    Participants

    • Test coordinator
    • Technical SMEs

    Move from tabletop testing to functional exercises

    See how your plans fare in the real world

    In live exercises, some portion of your recovery plans are executed in a way that mimics a real recovery scenario. Some advantages of live testing:

    • See how standby systems behave. A tabletop exercise can miss small issues that can make or break the recovery process. For example, connectivity or integration issues on a new subnet might be difficult to predict prior to actually running services in that environment.
    • Hands-on practice: Familiarize the team with the steps, commands, and interfaces of your recovery toolset.
    • Manage the pressure of the DR scenario: Nothing’s quite like the real thing, but a live exercise may be the closest your team can get to a disaster situation without experiencing it firsthand.

    Examples of live exercises

    Boot and smoke test Turn on a standby system and confirm it boots up correctly.
    Restore and validate data Restore data or servers from backup. Confirm data integrity.
    Parallel testing Send familiar transactions to production and standby systems. Confirm both systems produce the same result.
    Failover systems Shut down the production system and use the standby system in production.

    Run local tests ahead of releases

    Think small

    Most unacceptable downtime is caused by localized issues, such as hardware or software failures, rather than widespread destructive events. Regular local testing can help validate the recovery plan for local issues and improve overall service continuity.

    Make local testing a standard step in maintenance work and new deployments to embed resilience considerations in day-to-day activities. Run the same tests in both your primary and your DR environment.

    Some examples of localized tests:

    • Review backup logs and check for errors.
    • Restore files or whole systems from backup.
    • Run application-based tests as part of release management, including unit, regression, and performance tests.
      • Ensure application tests are run for both the primary and DR environment.
      • For a deep-dive on application testing, see Info-Tech’s research Automate Testing to Get More Done.

    Info-Tech Insight

    Local tests will vary between different services, and local test design is usually best left to the system SMEs. At the same time, centralize reporting to understand where tests are being done.

    Investigate whether your IT Service Management or ticketing system can create recurring tasks or work orders to schedule, document, and track test exercises. Tasks can be pre-populated with checklists and documentation to support the test and provide a record of completed tests to support oversight and reporting.

    Have the business validate recovery

    If your business doesn’t think a system’s recovered, it’s not recovered.

    User acceptance testing (UAT) after system recovery is a key step in the recovery process. Like any step in the process, there’s value in testing it before it actually needs to be done. Assign responsibility for building UATs to the person who will be responsible for executing them.

    An acceptance test script might look something like the checklist below.

    • Does the application open?
    • Does the interface look right?
    • Do you see any unusual notifications or warnings?
    • Can you conduct a key transaction with dummy data?
    • Can you run key reports?

    “I cannot stress how important it is to assign ownership of responsibilities in a test; this is the only way to truly mitigate against issues in a test.”

    – Robert Nardella
    IT Service Management
    Certified z/OS Mainframe Professional

    Info-Tech Insight

    Build test scripts and test transactions ahead of time to minimize the amount of new work required during a recovery scenario.

    Beyond the Basics: Full Failover Testing

    • A failover test – a full failover of your production environment to a secondary environment – is what many IT and businesspeople think about when they think of disaster recovery testing.
    • A full test can validate previous local or tabletop tests, identify additional gaps and risks, and provide hands-on training experience with recovery processes and technologies.
    • Setting a date for failover testing can also inject some urgency into otherwise low-priority (but high importance) disaster recovery planning and documentation exercises, which need to be completed prior to the test.
    • Despite these benefits, full failover tests carry significant risk and require a great deal of effort and cost. Typically, only businesses that already have an active-active environment capable of supporting in-scope production systems are able to run a full environment failover.
    • This is especially true the first time you test. While in theory a DR plan should be ready to go at any time, there will be documents to update, gaps to address, and risks to mitigate before you go ahead with the test.

    Full Failover Testing

    What you get:

    • Provide hands-on experience with recovery processes and technology.
    • Confirm that site failover works in practice as you assumed in tabletop or local testing exercises.
    • Identify critical gaps you might have missed without a full failover test.

    What you need:

    • An active-active secondary site, with sufficient standby equipment, data, and licensed standby software to support production.
    • A completed tabletop exercise and documented recovery workflow.
    • A documented test plan, backout plan, and formal sign-off.
    • An off-hours downtime window.
    • Time from technical SMEs and business resources, both for creating the plan and executing the test.

    Beyond the Basics: Site Reliability Engineering

    • Site reliability engineering (SRE) is an application of skills and approaches from software engineering to improve system resilience.
    • SRE is focused on “availability, latency, performance, efficiency, change management, monitoring, emergency response, and capacity planning” across a set portfolio of services (Sloss, 2017).
    • In many organizations, SRE is implemented as a team that supports separate applications teams.
    • Applications must have defined and granular resilience requirements, translated into service objectives. The SRE team and applications teams will work together to meet these objectives.
    • Site reliability engineers (the folks that do SRE, and often also abbreviated as SREs) are expected to build solutions and processes to ensure services remain stable and performant, not just respond when they fail. For example, Google allows their SREs to spend just half their time on incident response, with the rest of their time focused on development and automation tasks.

    Site Reliability Testing

    What you get:

    • Improved reliability and reduced frequency and impact of downtime.
    • Increased use of automation to address problems before they cause an incident.
    • Granular resilience objectives.

    What you need:

    • Systems running on software-defined infrastructure.
    • Specialized skills in programming, infrastructure-as-code.
    • Business & product owners able to define and fund acceptable and appropriate resilience objectives.
    • Technical experts able to translate product requirements into technical design requirements.

    Beyond the Basics: Chaos Engineering

    • Chaos engineering, a term and approach first popularized by the team at Netflix, aims to improve the resilience of particularly large and distributed systems by simulating system failures and evaluating performance against a baseline.
    • Experiments simulate a variety of real-world events that could cause outages (e.g. network slowdowns or server failures). Experiments run continuously, and the recommendation is to run them in production where feasible while minimizing the impact on customers.
    • Tools to help you run chaos testing exist, including open-source toolkits like Chaos Monkey or Mangle and paid software as a service (SaaS) solutions like Gremlin.
    • Deciding whether the long-term benefits of tests that can degrade production are worth the potential risk of system slowdowns or outages is a business or product decision. Technical considerations aside, if the business owner of a particular system doesn’t see the value of continuous testing outweighing the introduced risk, this approach to testing isn’t going to happen.

    Chaos Engineering

    What you get:

    • Confidence that systems can weather volatile and unpredictable conditions in a production environment.
    • An embedded resilience culture.

    What you need:

    • High-maturity IT incident, monitoring and event practices.
    • Standby/resilient systems to minimize downtime impact.
    • Business buy-in for introducing risk into the production environment.
    • Specialized skills to identify, develop, and run tests that degrade production performance in a controlled way.
    • Budget and time to act on issues identified through testing.

    Beyond the Basics: Security Event Simulations

    • Ransomware is driving demands for proof of recovery testing from customers, executives, auditors, and insurance companies. Systems recovery is part of ransomware recovery, but recovering from a breach includes detection, analysis, containment, and eradication of the attack vector before systems recovery can begin.
    • Beyond technical recovery, internal legal and communications teams will have a role, as will your insurance provider, consultants specialized in ransomware recovery, or professional ransom negotiators.
    • A tabletop exercise focused on ransomware incident response is a key first step. You can find Info-Tech’s methodology for a ransomware tabletop in Phase 3 of Build Resilience Against Ransomware Attacks.
    • Live testing approaches can offer hands-on experience and further insight into how your systems are vulnerable to malware. A variety of open source and proprietary tools can simulate ransomware and help you identify problems, though it’s important to understand the limitations of different simulators (Allon, 2022).
    • A “red team” exercise simulates an adversarial attack against your processes and systems. A specialized penetration tester will often take on the role of the red team and provide a report of identified gaps and risks after the engagement.

    Security Event Simulation

    What you get:

    • Hands-on experience managing and recovering from a ransomware attack in a controlled environment.
    • A better understanding of gaps in your response process.

    What you need:

    • A completed ransomware tabletop exercise and mature security incident response processes.
    • For Ransomware Simulators: An air-gapped sandbox environment hosting a copy of your production systems and security tools, and time from your technical SMEs.
    • For Red Team Exercises: A trusted provider, scope for your testing plans, and time from your security incident response team.

    Prioritize tests by asking these three questions

    1. Will the scope of this test deliver sufficient value?

    • Yes, these are critical systems with low tolerance for downtime or data loss.
    • Yes, major changes or new systems require validation of DR capabilities.
    • Yes, there’s high probability of an outage, or recent experience of an outage.
    • •Yes, we have audit requirements or customer demands for testing.

    2. Are we ready for this test?

    • Yes, recovery plans and recovery objectives are documented.
    • Yes, key technical and business resources have time to commit to testing exercises.
    • Yes, technology is currently able to support proposed tests.

    3. Is it easy to do?

    • Yes, effort required to complete the test is low (i.e. minimal work, few participants).
    • Yes, the risks related to testing are low.
    • Yes, it won’t cost much.

    Info-Tech Insight

    More complex, challenging, risky, or costly tests, such as full failover tests, can deliver value. But do the high-value, low-effort stuff first!

    03 Brainstorm and prioritize test ideas

    30-60 minutes

    Even if you have an idea of what you need to test and how you want to run those tests, this brainstorming exercise can generate useful ideas for testing that might otherwise have been missed.

      1. Review the slides above to develop ideas on how and what you want to test. These slides may be enough to kickstart a brainstorming process. Don’t debate or discount ideas at this point. Write down these ideas in a space where all participants can see them (e.g. whiteboard or shared screen).

    The next steps will help you prioritize the list – if needed – to tests that are highest value and lowest effort.

    1. Discuss where you have the greatest need to test. Assign a score of 0 – 3 for each test, with a score of 3 being high-need and a score of zero being low-need. Consider whether:
      • These applications have a low tolerance for downtime.
      • There’s a high chance of an outage, or recent experience with an outage.
      • There’s a need to train or cross-train staff on recovery for the system(s) in question.
      • Major changes require a review or validation of DR capabilities.
      • Audit requirements or customer/executive demands can be met via testing.
    2. Discuss which tests will require the least effort to complete – where readiness is high and tests are easier to do. Assign a score between 0 and 3 for each test, with a score of 3 being least effort and a score of 0 being high effort. Consider whether:
      • Recovery plans and recovery objectives are documented for these systems.
      • Technical experts are available to work on testing exercises.
      • For active testing, standby/sandbox systems are available and capable of supporting proposed tests.
      • The effort required to complete the test is low (e.g. minimal new work, few participants).
      • The risks related to testing are low.
      • You will need to secure additional funding.
    3. Sum together the assigned scores for each test. Higher scores should be the highest priority, but of course use your judgement to validate the results and select one or two tests to execute in the coming year.

    “There are different levels of testing and it is very progressive. I do not recommend my clients to do anything, unless they do it in a progressive fashion. Don’t try to do a live failover test with your users, right out of the box.”

    – Steve Tower
    Principal Consultant
    Prompta Consulting Group

    Input

    • Organizational and technical context

    Output

    • Prioritize list of DR testing ideas

    Participants

    • DR sponsor
    • Test coordinator

    04 Build a test plan

    3-5 days

    Building a test plan helps the test run smoothly and can uncover issues with the underlying DRP as you dig into the details.

    The test coordinator will own the plan document but will rely on the sponsor to confirm scope and goals, technical SMEs to develop system recovery plans, and business liaisons to create UAT scripts.

    Download Info-Tech’s Disaster Recovery Test Plan Template. Use the structure of the template to build your own document, deleting example data as you go. Consider saving a separate copy of this document as an example and working from a second copy.

    Key sections of the document include:

    • Goals, scenario, and scope of the test.
    • Assumptions, constraints, risks, and mitigation strategies.
    • Test participants.
    • Key pre-test milestones, and test-day schedule.
    • After-action review.

    Download the Disaster Recovery Test Plan Template

    Input

    • Scope
    • High-level goals

    Output

    • Test plan, including goals, scope, key milestones, risks and mitigations, and test-day schedule

    Participants

    • Test coordinator develops the plan with support from:
      • Technical SMEs
      • Business liaisons
      • DR sponsor

    05 Run an after-action review

    30-60 minutes

    Take time after test exercises – especially large-scale tests with many participants – to consider what went well, what didn’t, and where you can improve future testing exercises. Track lessons learned and next steps at the bottom of your test plan.

    1. Start with a short (5-10 minute) debrief of the test and allow participants to ask questions. Confirm:
      • Did we meet the goals we set for the exercise, including RTOs and RPOs?
      • What was done well? What issues, gaps, and risks were identified?
    2. Work through variations of the following questions:
      • Was the test plan effective, and was the test well organized?
      • Was the documentation effective? Where did we follow the plan as documented, and where did we deviate from the plan?
      • Was our communication/collaboration during the test effective?
      • Have gaps and issues found during the test been reported to the testing coordinator? Could some of the issues uncovered apply more broadly to other IT services as well?
      • What could we test next, based on what was discovered?
      • Are there other tools or approaches that could be useful?

    Input

    • Insights and experience from a recent testing exercise

    Output

    • Identified gaps and risks, and action items to address them
    • Ideas to improve future test exercises

    Participants

    • Test coordinator develops the plan with support from:
      • Test coordinator
      • Test participants

    Follow a testing cycle

    All tests are expected to drive actions to improve resilience, as appropriate. Experience from previous tests will be applied to future testing exercises.

    The testing cycle: 1. Plan a test, 2. Run test, 3. Take action.

    Use your experience to simplify testing

    The fifth testing exercise should be easier than the first

    Outputs and lessons learned from testing should help you run future tests.

    • With past experience under their belt, participants should have a better understanding of their role, and of their peers’ roles, and the goal of the exercise.
    • Facilitators will be more comfortable facilitating the exercise, and everyone should be more confident in the steps required to recover their systems.
    • Gather feedback from participants through after-action reviews to identify what worked and what didn’t.
    • Documentation from previous tests can provide a template for future tests.
    • Gaps identified in previous tests can provide ideas for future tests.

    Experience, lessons learned, improved process, new test targets, repeat.

    Info-Tech Insight

    Testing should get easier over time. But if you’re easily passing every test, it’s a sign that you’re ready to run more challenging tests.

    06 Create a test program summary

    2-4 hours

    Regular testing allows you to build on prior tests and helps keep plans current despite changes to your environment.

    Keeping a regular testing schedule requires expertise, a process to coordinate your efforts, and a level of governance to provide oversight and ensure testing continues to deliver value. Create a call to action using Info-Tech’s Disaster Recovery Testing Program Summary Template.

    The result is a summary document that:

    • Identifies key takeaways and testing goals
    • Presents key elements of the testing program
    • Outlines the testing cycle
    • Lists expected milestones for the next year
    • Identifies participants
    • Recommends next steps

    “It is extremely important in the early stages of development to concentrate the focus on actual recoverability and data protection, enhancing these capabilities over time into a fully matured program that can truly test the recovery, and not simply focusing on the testing process itself.”

    – Joe Starzyk
    Senior Business Development Executive
    IBM Global Services

    Research Contributors and Experts

    • Bernard A. Jones, Business Continuity & Disaster Recovery Expert
    • Robert Nardella, IT Service Management, Certified z/OS Mainframe Professional
    • Larry Liss, Chief Technology Officer, Blank Rome LLP
    • Jennifer Goshorn, Chief Administrative and Chief Compliance Officer, Gunderson Dettmer LLP
    • Paul Kirvan, FBCI, CISA, Independent IT Consultant/Auditor, Paul Kirvan Associates
    • Steve Tower, Principal Consultant, Prompta Consulting Group
    • Joe Starzyk, Senior Business Development Executive, IBM Global Services
    • Thomas Bronack, Enterprise Resiliency and Corporate Certification Consultant, DCAG
    • Paul S. Randal, CEO & Owner, SQLskills.com
    • Tom Baumgartner, Disaster Recovery Analyst, Catholic Health

    Bibliography

    Alton, Yoni. “Ransomware simulators – reality or a bluff?” Palo Alto Blog, 2 May 2022. Accessed 31 Jan 2023.
    https://www.paloaltonetworks.com/blog/security-operations/ransomware-simulators-reality-or-a-bluff/

    Brathwaite, Shimon. “How to Test your Business Continuity and Disaster Recovery Plan,” Security Made Simple, 13 Nov 2022. Accessed 31 Jan 2023.
    https://www.securitymadesimple.org/cybersecurity-blog/how-to-test-your-business-continuity-and-disaster-recovery-plan

    The Business Continuity Institute. Good Practice Guidelines: 2018 Edition. The Business Continuity Institute, 2017.

    Emigh, Jacqueline. “Disaster Recovery Testing: Ensuring Your DR Plan Works,” Enterprise Storage Forum, 28 May 2019. Accessed 31 Jan 2023.
    Disaster Recovery Testing: Ensuring Your DR Plan Works | Enterprise Storage Forum

    Gardner, Dana. "Case Study: Strategic Approach to Disaster Recovery and Data Lifecycle Management Pays off for Australia's SAI Global." ZDNet. BriefingsDirect, 26 Apr 2012. Accessed 31 Jan 2023.
    http://www.zdnet.com/article/case-study-strategic-approach-to-disaster-recovery-and-data-lifecycle-management-pays-off-for-australias-sai-global/.

    IBM. “Section 11. Testing the Disaster Recovery Plan.” IBM, 2 Aug 2021. Accessed 31 Jan 2023. Section 11. Testing the disaster recovery plan - IBM Documentation Lutkevich, Ben and Alexander Gillis. “Chaos Engineering”. TechTarget, Jun 2021. Accessed 31 Jan 2023.
    https://www.techtarget.com/searchitoperations/definition/chaos-engineering

    Monperrus, Martin. “Principles of Antifragility.” Arxiv Forum, 7 June 2017. Accessed 31 Jan 2023.
    https://arxiv.org/ftp/arxiv/papers/1404/1404.3056.pdf

    “Principles of Chaos Engineering.” Principles of Chaos Engineering, 2019 March. Accessed 31 Jan 2023.
    https://principlesofchaos.org/

    Sloss, Benjamin Treynor. “Introduction.” Site Reliability Engineering. Ed. Betsy Beyer. O’Reilly Media, 2017. Accessed 31 Jan 2023.
    https://sre.google/sre-book/introduction/

    Build Resilience Against Ransomware Attacks

    • Buy Link or Shortcode: {j2store}317|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $68,467 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Sophisticated ransomware attacks are on the rise and evolving quickly.
    • Executives want reassurance but are not ready to write a blank check. We need to provide targeted and justified improvements.
    • Emerging strains can exfiltrate sensitive data, encrypt systems, and destroy backups in hours, which makes recovery a grueling challenge.

    Our Advice

    Critical Insight

    • Malicious agents design progressive, disruptive attacks to pressure organizations to pay a ransom.
    • Organizations misunderstand ransomware risk scenarios, which obscures the likelihood and impact of an attack.
    • Conventional approaches focus on response and recovery, which do nothing to prevent an attack and are often ineffective against sophisticated attacks.

    Impact and Result

    • Conduct a thorough assessment of your current state; identify potential gaps and assess the possible outcomes of an attack.
    • Analyze attack vectors and prioritize controls that prevent ransomware attacks, and implement ransomware protections and detection to reduce your attack surface.
    • Visualize, plan, and practice your response and recovery to reduce the potential impact of an attack.

    Build Resilience Against Ransomware Attacks Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Resilience Against Ransomware Attacks

    Use this step-by-step guide to assess your ransomware readiness and implement controls that will improve your ability to prevent incursions and defend against attacks.

    • Build Resilience Against Ransomware Attacks – Phases 1-4

    2. Ransomware Resilience Assessment – Complete the ransomware resilience assessment and establish metrics.

    Use this assessment tool to assess existing protection, detection, response, and recovery capabilities and identify potential improvements.

    • Ransomware Resilience Assessment

    3. Threat Preparedness Workbook – Improve protection and detection capabilities.

    Use this threat preparedness workbook to evaluate the threats and tactics in the ransomware kill chain using the MITRE framework and device appropriate countermeasures.

    • Enterprise Threat Preparedness Workbook

    4. Tabletop Planning Exercise and Example Results – Improve response and recovery capabilities with a tabletop exercise for your internal IT team.

    Adapt this tabletop planning session template to plan and practice the response of your internal IT team to a ransomware scenario.

    • Tabletop Exercise – Internal (Ransomware Template)
    • Ransomware Tabletop Planning Results – Example (Visio)
    • Ransomware Tabletop Planning Results – Example (PDF)

    5. Ransomware Response Runbook and Workflow – Document ransomware response steps and key stakeholders.

    Adapt these workflow and runbook templates to coordinate the actions of different stakeholders through each stage of the ransomware incident response process.

    • Ransomware Response Runbook Template
    • Ransomware Response Workflow Template (Visio)
    • Ransomware Response Workflow Template (PDF)

    6. Extended Tabletop Exercise and Leadership Guide – Run a tabletop test to plan and practice the response of your leadership team.

    Adapt this tabletop planning session template to plan leadership contributions to the ransomware response workflow. This second tabletop planning session will focus on communication strategy, business continuity plan, and deciding whether the organization should pay a ransom.

    • Tabletop Exercise – Extended (Ransomware Template)
    • Leadership Guide for Extended Ransomware

    7. Ransomware Resilience Summary Presentation – Summarize status and next steps in an executive presentation.

    Summarize your current state and present a prioritized project roadmap to improve ransomware resilience over time.

    • Ransomware Resilience Summary Presentation

    Infographic

    Workshop: Build Resilience Against Ransomware Attacks

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Ransomware Resilience

    The Purpose

    Set workshop goals, review ransomware trends and risk scenarios, and assess the organization’s resilience to ransomware attacks.

    Key Benefits Achieved

    Develop a solid understanding of the likelihood and impact of a ransomware attack on your organization.

    Complete a current state assessment of key security controls in a ransomware context.

    Activities

    1.1 Review incidents, challenges, and project drivers.

    1.2 Diagram critical systems and dependencies and build risk scenario.

    1.3 Assess ransomware resilience.

    Outputs

    Workshop goals

    Ransomware Risk Scenario

    Ransomware Resilience Assessment

    2 Protect and Detect

    The Purpose

    Improve your capacity to protect your organization from ransomware and detect attacks along common vectors.

    Key Benefits Achieved

    Identify targeted countermeasures that improve protection and detection capabilities.

    Activities

    2.1 Assess ransomware threat preparedness.

    2.2 Determine the impact of ransomware techniques on your environment.

    2.3 Identify countermeasures to improve protection and detection capabilities.

    Outputs

    Targeted ransomware countermeasures to improve protection and detection capabilities.

    Targeted ransomware countermeasures to improve protection and detection capabilities.

    Targeted ransomware countermeasures to improve protection and detection capabilities.

    3 Respond and Recover

    The Purpose

    · Improve your organization’s capacity to respond to ransomware attacks and recover effectively.

    Key Benefits Achieved

    Build response and recovery capabilities that reduce the potential business disruption of successful ransomware attacks.

    Activities

    3.1 Review the workflow and runbook templates.

    3.2 Update/define your threat escalation protocol.

    3.3 Define scenarios for a range of incidents.

    3.4 Run a tabletop planning exercise (IT).

    3.5 Update your ransomware response runbook.

    Outputs

    Security Incident Response Plan Assessment.

    Tabletop Planning Session (IT)

    Ransomware Workflow and Runbook.

    4 Improve Ransomware Resilience.

    The Purpose

    Identify prioritized initiatives to improve ransomware resilience.

    Key Benefits Achieved

    Identify the role of leadership in ransomware response and recovery.

    Communicate workshop outcomes and recommend initiatives to improve ransomware resilience.

    Activities

    4.1 Run a tabletop planning exercise (Leadership).

    4.2 Identify initiatives to close gaps and improve resilience.

    4.3 Review broader strategies to improve your overall security program.

    4.4 Prioritize initiatives based on factors such as effort, cost, and risk.

    4.5 Review the dashboard to fine tune your roadmap.

    4.6 Summarize status and next steps in an executive presentation.

    Outputs

    Tabletop Planning Session (Leadership)

    Ransomware Resilience Roadmap and Metrics

    Ransomware Workflow and Runbook

    Further reading

    Build Ransomware Resilience

    Prevent ransomware incursions and defend against ransomware attacks

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Ransomware is a high-profile threat that demands immediate attention:

    • Sophisticated ransomware attacks are on the rise and evolving quickly.
    • Emerging strains can exfiltrate sensitive data, encrypt systems, and destroy backups in only a few hours, which makes recovery a grueling challenge.
    • Executives want reassurance but aren't ready to write a blank check. Improvements must be targeted and justified.

    Common Obstacles

    Ransomware is more complex than other security threats:

    • Malicious agents design progressive, disruptive attacks to pressure organizations to pay a ransom.
    • Organizations misunderstand ransomware risk scenarios, which obscures the likelihood and impact of an attack.
    • Conventional approaches focus on response and recovery, which do nothing to prevent an attack and are often ineffective against sophisticated attacks.

    Info-Tech's Approach

    To prevent a ransomware attack:

    • Conduct a through assessment of your current state, identify potential gaps, and assess the possible outcomes of an attack.
    • Analyze attack vectors and prioritize controls that prevent ransomware attacks, and implement ransomware protection and detection to reduce your attack surface.
    • Visualize, plan, and practice your response and recovery to reduce the potential impact of an attack.

    Info-Tech Insight

    Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to work through challenges. Focus on what is in your organization's control, and cultivate strengths that allow you to protect assets, detect incursions, respond effectively, and recovery quickly.

    Analyst Perspective

    Ransomware is an opportunity and a challenge.

    As I write, the frequency and impact of ransomware attacks continue to increase, with no end in sight. Most organizations will experience ransomware in the next 24 months, some more than once, and business leaders know it. You will never have a better chance to implement best practice security controls as you do now.

    The opportunity comes with important challenges. Hackers need to spend less time in discovery before they deploy an attack, which have become much more effective. You can't afford to rely solely on your ability to respond and recover. You need to build a resilient organization that can withstand a ransomware event and recover quickly.

    Resilient organizations are not impervious to attack, but they have tools to protect assets, detect incursions, and respond effectively. Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to overcome challenges and work through problems. But eventually you reach the top and look back at how far you've come.

    This is an image of Michael Hébert

    Michel Hébert
    Research Director, Security and Privacy
    Info-Tech Research Group

    Ransomware attacks are on the rise and evolving quickly.

    Three factors contribute to the threat:

    • The rise of ransomware-as-a-service, which facilitates attacks.
    • The rise of crypto-currency, which facilitates anonymous payment.
    • State sponsorship of cybercrime.

    Elementus maps ransomware payments made through bitcoin. Since 2019, victims made at least $2B in payments.

    A handful of criminal organizations, many of whom operate out of cybercrime hotbeds in Russia, are responsible for most of the damage. The numbers capture only the ransom paid, not the clean-up cost and economic fallout over attacks during this period.

    Total ransom money collected (2015 – 2021): USD 2,592,889,121

    This image contains a bubble plot graph showing the total ransom money collected between the years 2015 - 2021.

    The frequency and impact of ransomware attacks are increasing

    Emerging strains can exfiltrate sensitive data, encrypt systems and destroy backups in only a few hours, which makes recovery a grueling challenge.

    Sophos commissioned a vendor agnostic study of the real-world experience of 5,600 IT professionals in mid-sized organizations across 31 countries and 15 industries.

    The survey was conducted in Jan – Feb 2022 and asked about the experience of respondents over the previous year.

    66%
    Hit by ransomware in 2021
    (up from 37% in 2020)

    90%
    Ransomware attack affected their ability to operate

    $812,360 USD
    Average ransom payment

    $4.54M
    Average remediation cost (not including ransom)

    ONE MONTH
    Average recovery time

    Meanwhile, organizations continue to put their faith in ineffective ransomware defenses.

    Of the respondents whose organizations weren't hit by ransomware in 2021 and don't expect to be hit in the future, 72% cited either backups or cyberinsurance as reasons why they anticipated an attack.

    While these elements can help recover from an attack, they don't prevent it in the first place.

    Source: Sophos, State of Ransomware (2022)
    IBM, Cost of A Data Breach (2022)

    The 3-step ransomware attack playbook

    • Get in
    • Spread
    • Profit

    At each point of the playbook, malicious agents need to achieve something before they can move to the next step.

    Resilient organizations look for opportunities to:

    • Learn from incursions
    • Disrupt the playbook
    • Measure effectiveness

    Initial access

    Execution

    Privilege Escalation

    Credential Access

    Lateral Movement

    Collection

    Data Exfiltration

    Data encryption

    Deliver phishing email designed to avoid spam filter.

    Launch malware undetected.

    Identify user accounts.

    Target an admin account.

    Use brute force tactics to crack it.

    Move through the network and collect data.

    Infect as many critical systems and backups as possible to limit recovery options.

    Exfiltrate data to gain leverage.

    Encrypt data, which triggers alert.

    Deliver ransom note.

    Ransomware is more complex than other security threats

    Ransomware groups thrive through extortion tactics.

    • Traditionally, ransomware attacks focused on encrypting files as an incentive for organizations to pay up.
    • As organizations improved backup and recovery strategies, gangs began targeting, encrypting, and destroying back ups.
    • Since 2019, gangs have focused on a double-extortion strategy: exfiltrate sensitive or protected data before encrypting systems and threaten to publish them.

    Organizations misunderstand ransomware risk scenarios, which obscures the potential impact of an attack.

    Ransom is only a small part of the equation. Four process-related activities drive ransomware recovery costs:

    • Detection and Response – Activities that enable detection, containment, eradication and recovery.
    • Notification – Activities that enable reporting to data subjects, regulators, law enforcement, and third parties.
    • Lost Business – Activities that attempt to minimize the loss of customers, business disruption, and revenue.
    • Post Breach Response – Redress activities to victims and regulators, and the implementation of additional controls.

    Source: IBM, Cost of a Data Breach (2022)

    Disrupt the attack each stage of the attack workflow.

    An effective response with strong, available backups will reduce the operational impact of an attack, but it won't spare you from its reputational and regulatory impact.

    Put controls in place to disrupt each stage of the attack workflow to protect the organization from intrusion, enhance detection, respond quickly, and recover effectively.

    Shortening dwell time requires better protection and detection

    Ransomware dwell times and average encryption rates are improving dramatically.

    Hackers spend less time in your network before they attack, and their attacks are much more effective.

    Avg dwell time
    3-5 Days

    Avg encryption rate
    70 GB/h

    Avg detection time
    11 Days

    What is dwell time and why does it matter?

    Dwell time is the time between when a malicious agent gains access to your environment and when they are detected. In a ransomware attack, most organizations don't detect malicious agents until they deploy ransomware, encrypt their files, and lock them out until they pay the ransom.

    Effective time is a measure of the effectiveness of the encryption algorithm. Encryption rates vary by ransomware family. Lockbit has the fastest encryption rate, clocking in at 628 GB/h.

    Dwell times are dropping, and encryption rates are increasing.

    It's more critical than ever to build ransomware resilience. Most organizations do not detect ransomware incursions in time to prevent serious business disruption.

    References: Bleeping Computers (2022), VentureBeat, Dark Reading, ZDNet.

    Resilience depends in part on response and recovery capabilities

    This blueprint will focus on improving your ransomware resilience to:

    • Protect against ransomware.
    • Detect incursions.
    • Respond and recovery effectively.

    Response

    Recovery

    This image depicts the pathway for response and recovery from a ransomware event.

    For in-depth assistance with disaster recovery planning, refer to Info-Tech's Create a Right-Sized Disaster Recovery.

    Info-Tech's ransomware resilience framework

    Disrupt the playbooks of ransomware gangs. Put controls in place to protect, detect, respond and recover effectively.

    Prioritize protection

    Put controls in place to harden your environment, train savvy end users, and prevent incursions.

    Support recovery

    Build and test a backup strategy that meets business requirements to accelerate recovery and minimize disruption.

    Protect Detect Respond

    Recover

    Threat preparedness

    Review ransomware threat techniques and prioritize detective and mitigation measures for initial and credential access, privilege escalation, and data exfiltration.

    Awareness and training

    Develop security awareness content and provide cybersecurity and resilience training to employees, contractors and third parties.

    Perimeter security

    Identify and implement network security solutions including analytics, network and email traffic monitoring, and intrusion detection and prevention.

    Respond and recover

    Identify disruption scenarios and develop incident response, business continuity, and disaster recovery strategies.

    Access management

    Review the user access management program, policies and procedures to ensure they are ransomware-ready.

    Vulnerability management

    Develop proactive vulnerability and patch management programs that mitigate ransomware techniques and tactics.

    This image contains the thought map for Info-Tech's Blueprint: Build Resilience Against Ransomware Attacks.

    Info-Tech's ransomware resilience methodology

    Assess resilience Protect and detect Respond and recover Improve resilience
    Phase steps
    1. Build ransomware risk scenario
    2. Conduct resilience assessment
    1. Assess attack vectors
    2. Identify countermeasures
    1. Review Security Incident Management Plan
    2. Run Tabletop Test (IT)
    3. Document Workflow and Runbook
    1. Run Tabletop Test (Leadership)
    2. Prioritize Resilience Initiatives
    Phase outcomes
    • Ransomware Resilience Assessment
    • Risk Scenario
    • Targeted ransomware countermeasures to improve protection and detection capabilities
    • Security Incident Response Plan Assessment
    • Tabletop Test (IT)
    • Ransomware Workflow and Runbook
    • Tabletop Test (Leadership)
    • Ransomware Resilience Roadmap & Metrics

    Insight Summary

    Shift to a ransomware resilience model

    Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to work through challenges.

    Focus on what is in your organization's control, and cultivate strengths that allow you to protect assets, detect incursions, and respond and recover quickly

    Visualize challenges

    Build risk scenarios that describe how a ransomware attack would impact organizational goals.

    Understand possible outcomes to motivate initiatives, protect your organization, plan your response, and practice recovery.

    Prioritize protection

    Dwell times and effective times are dropping dramatically. Malicious agents spend less time in your network before they deploy an attack, and their attacks are much more effective. You can't afford to rely on your ability to respond and recover alone.

    Seize the moment

    The frequency and impact of ransomware attacks continue to increase, and business leaders know it. You will never have a better chance to implement best practice security controls than you do now.

    Measure ransomware resilience

    The anatomy of ransomware attack is relatively simple: malicious agents get in, spread, and profit. Deploy ransomware protection metrics to measure ransomware resilience at each stage.

    Key deliverable

    Ransomware resilience roadmap

    The resilience roadmap captures the key insights your work will generate, including:

    • An assessment of your current state and a list of initiatives you need to improve your ransomware resilience.
    • The lessons learned from building and testing the ransomware response workflow and runbook.
    • The controls you need to implement to measure and improve your ransomware resilience over time.

    Project deliverables

    Info-Tech supports project and workshop activities with deliverables to help you accomplish your goals and accelerate your success.

    Ransomware Resilience Assessment

    Measure ransomware resilience, identify gaps, and draft initiatives.

    Enterprise Threat Preparedness Workbook

    Analyze common ransomware techniques and develop countermeasures.

    Ransomware Response Workflow & Runbook

    Capture key process steps for ransomware response and recovery.

    Ransomware Tabletop Tests

    Run tabletops for your IT team and your leadership team to gather lessons learned.

    Ransomware Resilience Roadmap

    Capture project insights and measure resilience over time.

    Plan now or pay later

    Organizations worldwide spent on average USD 4.62M in 2021 to rectify a ransomware attack. These costs include escalation, notification, lost business and response costs, but did not include the cost of the ransom. Malicious ransomware attacks that destroyed data in destructive wiper-style attacks cost an average of USD 4.69M.

    Building better now is less expensive than incurring the same costs in addition to the clean-up and regulatory and business disruption costs associated with successful ransomware attacks.

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research and advisory services helped them achieve.

    Source: IBM, Cost of a Data Breach (2022)

    See what members have to say about the ransomware resilience blueprint:

    • Overall Impact: 9.8 / 10
    • Average $ Saved: $98,796
    • Average Days Saved: 17

    "Our advisor was well-versed and very polished. While the blueprint alone was a good tool to give us direction, his guidance made it significantly faster and easier to accomplish than if we had tried to tackle it on our own."

    CIO, Global Manufacturing Organization

    Blueprint benefits

    IT benefits

    Business benefits

    • Provide a structured approach for your organization to identify gaps, quantify the risk, and communicate status to drive executive buy-in.
    • Create a practical ransomware incident response plan that combines a high-level workflow with a detailed runbook to coordinate response and recovery.
    • Present an executive-friendly project roadmap with resilience metrics that summarizes your plan to address gaps and improve your security posture.
    • Enable leadership to make risk-based, informed decisions on resourcing and investments to improve ransomware readiness.
    • Quantify the potential impact of a ransomware attack on your organization to drive risk awareness.
    • Identify existing gaps so they can be addressed, whether by policy, response plans, technology, or a combination of these.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Executive brief case study

    SOURCE: Interview with CIO of large enterprise

    Organizations who "build back better" after a ransomware attack often wish they had used relevant controls sooner.

    Challenge

    In February 2020, a large organization found a ransomware note on an admin's workstation. They had downloaded a local copy of the organization's identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.

    Complication

    Because private information was breached, the organization informed the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.

    The organization decided not to pay the ransom because it had a copy on an unaffected server.

    Resolution

    The organization was praised for its timely and transparent response.

    The breach motivated the organization to put more protections in place, including:

    • The implementation of a deny-by-default network.
    • The elimination of remote desktop protocol and secure shell.
    • IT mandating MFA.
    • New endpoint-detection and response systems.

    Executive brief case study

    SOURCE: Info-Tech Workshop Results
    iNDUSTRY: Government

    Regional government runs an Info-Tech workshop to fast-track its ransomware incident response planning

    The organization was in the middle of developing its security program, rolling out security awareness training for end users, and investing in security solutions to protect the environment and detect incursions. Still, the staff knew they still had holes to fill. They had not yet fully configured and deployed security solutions, key security policies were missing, and they had didn't have a documented ransomware incident response plan.

    Workshop results

    Info-Tech advisors helped the organization conduct a systematic review of existing processes, policies, and technology, with an eye to identify key gaps in the organization's ransomware readiness. The impact analysis quantified the potential impact of a ransomware attack on critical systems to improve the organizational awareness ransomware risks and improve buy-in for investment in the security program.

    Info-Tech's tabletop planning exercise provided a foundation for the organization's actual response plan. The organization used the results to build a ransomware response workflow and the framework for a more detailed runbook. The workshop also helped staff identifies ways to improve the backup strategy and bridge further gaps in their ability to recover.

    The net result was a current-state response plan, appropriate capability targets aligned with business requirements, and a project roadmap to achieve the organization's desired state of ransomware readiness.

    Guided implementation

    What kind of analyst experiences do clients have when working through this blueprint?

    Scoping Call Phase 1 Phase 2 Phase 3 Phase 4

    Call #1:

    Discuss context, identify challenges, and scope project requirements.

    Identify ransomware resilience metrics.

    Call #2:

    Build ransomware risk scenario.

    Call #4:

    Review common ransomware attack vectors.

    Identify and assess mitigation controls.

    Call #5:

    Document ransomware workflow and runbook.

    Call #7:

    Run tabletop test with leadership.

    Call #3:

    Assess ransomware resilience.

    Call #6:

    Run tabletop test with IT.

    Call #8:

    Build ransomware roadmap.

    Measure ransomware resilience metrics.

    A guided implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 4 to 6 months.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities

    Assess ransomware resilience

    Protect and detect

    Respond and recover

    Improve ransomware resilience

    Wrap-up (offsite and offline)

    1.1 1 Review incidents, challenges, and project drivers.

    1.1.2 Diagram critical systems and dependencies.

    1.1.3 Build ransomware risk scenario.

    2.1 1. Assess ransomware threat preparedness.

    2.2 2. Determine the impact of ransomware techniques on your environment.

    2.3 3. Identify countermeasures to improve protection and detection capabilities.

    3.1.1 Review the workflow and runbook templates.

    3.1.2 Update/define your threat escalation protocol.

    3.2.1 Define scenarios for a range of incidents.

    3.2.2 Run a tabletop planning exercise (IT).

    3.3.1 Update your ransomware response workflow.

    4.1.1 Run a tabletop planning exercise (leadership).

    4.1.2 Identify initiatives to close gaps and improve resilience.

    4.1.3 Review broader strategies to improve your overall security program.

    4.2.1 Prioritize initiatives based on factors such as effort, cost, and risk.

    4.2.2 Review the dashboard to fine tune your roadmap.

    4.3.1 Summarize status and next steps in an executive presentation.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    5.3 Revisit ransomware resilience metrics in three months.

    Deliverables
    1. Workshop goals
    2. Ransomware Risk Scenario
    3. Ransomware Resilience Assessment
    1. Targeted ransomware countermeasures to improve protection and detection capabilities.
    1. Security Incident Response Plan Assessment
    2. Tabletop Planning Session (IT)
    3. Ransomware Workflow and Runbook
    1. Tabletop Planning Session (Leadership)
    2. Ransomware Resilience Roadmap and Metrics
    3. Ransomware Summary Presentation
    1. Completed Ransomware Resilience Roadmap
    2. Ransomware Resilience Assessment
    3. Ransomware Resilience Summary Presentation

    Phase 1

    Assess ransomware resilience

    Phase 1 Phase 2 Phase 3 Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will walk you through the following activities:

    • Conducting a maturity assessment.
    • Reviewing selected systems and dependencies.
    • Assessing a ransomware risk scenario.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Build Ransomware Resilience

    Step 1.1

    Build ransomware risk scenario

    Activities

    1.1.1 Review incidents, challenges and project drivers

    1.1.2 Diagram critical systems and dependencies

    1.1.3 Build ransomware risk scenario

    Assess ransomware resilience

    This step will guide you through the following activities:

    • Reviewing incidents, challenges, and drivers.
    • Diagraming critical systems and dependencies.
    • Building a ransomware risk scenario.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • Subject-Matter Experts

    Outcomes of this step

    • Establish a repeatable process to evaluate and improve ransomware readiness across your environment.
    • Build a ransomware risk scenario to assess the likelihood and impact of an attack.

    1.1.1 Review incidents, challenges, and project drivers

    1 hour

    Brainstorm the challenges you need to address in the project. Avoid producing solutions at this stage, but certainly record suggestions for later. Use the categories below to get the brainstorming session started.

    Past incidents and other drivers

    • Past incidents (be specific):
      • Past security incidents (ransomware and other)
      • Close calls (e.g. partial breach detected before damage done)
    • Audit findings
    • Events in the news
    • Other?

    Security challenges

    • Absent or weak policies
    • Lack of security awareness
    • Budget limitations
    • Other?

    Input

    • Understanding of existing security capability and past incidents.

    Output

    • Documentation of past incidents and challenges.
    • Level-setting across the team regarding challenges and drivers.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    1.1.2 Diagram critical systems and dependencies (1)

    1 hour

    Brainstorm critical systems and their dependencies to build a ransomware risk scenario. The scenario will help you socialize ransomware risks with key stakeholders and discuss the importance of ransomware resilience.

    Focus on a few key critical systems.

    1. On a whiteboard or flip chart paper, make a list of systems to potentially include in scope. Consider:
      1. Key applications that support critical business operations.
      2. Databases that support multiple key applications.
      3. Systems that hold sensitive data (e.g. data with personally identifiable information [PII]).
    2. Select five to ten systems from the list.
      1. Select systems that support different business operations to provide a broader sampling of potential impacts and recovery challenges.
      2. Include one or two non-critical systems to show how the methodology addresses a range of criticality and context.

    Input

    • High-level understanding of critical business operations and data sets.

    Output

    • Clarify context, dependencies, and security and recovery challenges for some critical systems.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)
    • System SMEs (if not covered by SIRT members)

    1.1.2 Diagram critical systems and dependencies (2)

    1 hour

    1. A high-level topology or architectural diagram is an effective way to identify dependencies and communicate risks to stakeholders.

    Start with a WAN diagram, then your production data center, and then each critical
    system. Use the next three slides as your guide.

    Notes:

    • If you have existing diagrams, you can review those instead. However, if they are too detailed, draw a higher-level diagram to provide context. Even a rough sketch is a useful reference tool for participants.
    • Keep the drawings tidy and high level. Visualize the final diagram before you start to draw on the whiteboard to help with spacing and placement.
    • Collaborate with relevant SMEs to identify dependencies.

    Input

    • High-level understanding of critical business operations and data sets.

    Output

    • Clarify context, dependencies, and security and recovery challenges for some critical systems.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)
    • System SMEs (if not covered by SIRT members)

    For your WAN diagram, focus on data center and business locations

    Start with a high-level network diagram like this one, and then dig deeper (see following slides) to provide more context. Below is an example; of course, your sketched diagrams may be rougher.

    This image contains a nexample of a High level Network Diagram.

    Diagram your production data center to provide context for the systems in scope

    Creating a high-level diagram provides context across different IT disciplines involved in creating your DRP. If you have multiple production data centers, focus on the data center(s) relevant to the selected systems. Below is an example.

    This image contains a nexample of a high level diagram which focuses on the data centers relevent to the selected system.

    Diagram each selected system to identify specific dependencies and redundancies

    Diagram the "ecosystem" for each system, identifying server, storage, and network dependencies. There may be overlap with the production data center diagram – but aim to be specific here. Below is an example that illustrates front-end and back-end components.

    When you get to this level of detail, use this opportunity to level-set with the team. Consider the following:

    • Existing security (Are these systems protected by your existing security monitoring and threat detection tools?).
    • Security challenges (e.g. public-facing systems).
    • Recovery challenges (e.g. limited or infrequent backups).
    This is an example of a diagram of a system ecosystem.

    Note the limitations of your security, backup, and DR solutions

    Use the diagrams to assess limitations. Gaps you identify here will often apply to other aspects of your environment.

    1. Security limitations
    • Are there any known security vulnerabilities or risks, such as external access (e.g. for a customer portal)? If so, are those risks mitigated? Are existing security solutions being fully used?
  • Backup limitations
    • What steps are taken to ensure the integrity of your backups (e.g. through inline or post-backup scanning, or the use of immutable backups)? Are there multiple restore points to provide more granularity when determining how far back you need to go for a clean backup?
  • Disaster recovery limitations
    • Does your DR solution account for ransomware attacks or is it designed only for one-way failover (i.e. for a smoking hole scenario)?
  • We will review the gaps we identify through the project in phase 4.

    For now, make a note of these gaps and continue with the next step.

    Draft risk scenarios to illustrate ransomware risk

    Risk scenarios help decision-makers understand how adverse events affect business goals.

    • Risk-scenario building is the process of identifying the critical factors that contribute to an adverse event and crafting a narrative that describes the circumstances and consequences if it were to happen.
    • Risk scenarios set up the risk analysis stage of the risk assessment process. They are narratives that describe in detail:
      • The asset at risk.
      • The threat that can act against the asset.
      • Their intent or motivation.
      • The circumstances and threat actor model associated with the threat event.
      • The potential effect on the organization.
      • When or how often the event might occur.

    Risk scenarios are further distilled into a single sentence or risk statement that communicates the essential elements from the scenario.

    Risk identification → Risk scenario → Risk statement

    Well-crafted risk scenarios have four components

    The slides walk through how to build a ransomware risk scenario

    THREAT Exploits an ASSET Using a METHOD Creating an EFFECT.

    An actor capable of harming an asset

    Anything of value that can be affected and results in loss

    Technique an actor uses to affect an asset

    How loss materializes

    Examples: Malicious or untrained employees, cybercriminal groups, malicious state actors

    Examples: Systems, regulated data, intellectual property, people

    Examples: Credential compromise, privilege escalation, data exfiltration

    Examples: Loss of data confidentiality, integrity, or availability; impact on staff health and safety

    Risk scenarios are concise, four to six sentence narratives that describe the core elements of forecasted adverse events.

    Use them to engage stakeholders with the right questions and guide them to make informed decisions about how to address ransomware risks.

    1.1.3 Build ransomware risk scenario (1)

    2 hours

    In a ransomware risk scenario, the threat, their motivations, and their methods are known. Malicious agents are motivated to compromise critical systems, sabotage recovery, and exfiltrate data for financial gain.

    The purpose of building the risk scenario is to highlight the assets at risk and the potential effect of a ransomware attack.

    As a group, consider critical or mission-essential systems identified in step 1.1.2. On a whiteboard, brainstorm the potential adverse effect of a loss of system availability, confidentiality or integrity.

    Consider the impact on:

    • Information systems.
    • Sensitive or regulated data.
    • Staff health and safety.
    • Critical operations and objectives.
    • Organizational finances.
    • Reputation and brand loyalty.

    Input

    • Understanding of critical systems and dependencies.

    Output

    • Ransomware risk scenario to engage guide stakeholders to make informed decisions about addressing risks.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    1.1.3 Build ransomware risk scenario (2)

    2 hours

    1. On a whiteboard, brainstorm how threat agents will exploit vulnerabilities in critical assets to reach their goal. Redefine attack vectors to capture what could result from a successful initial attack.
    2. Bring together the critical risk elements into a single risk scenario.
    3. Distill the risk scenario into a single risk statement that captures the threat, the asset it will exploit, the method it will use, and the impact it will have on the organization.
    4. You can find a sample risk scenario and risk statement on the next slide.

    THREAT Exploits an ASSET Using a METHOD Creating an EFFECT.

    Inputs for risk scenario identification

    Risk analysis

    Critical assets

    ERP, CRM, FMS, LMS

    Operational technology

    Sensitive or regulated data

    Threat agents

    Cybercriminals

    Methods

    Compromise end user devices through social engineering attacks,. Compromise networks through external exposures and software vulnerabilities.

    Identify and crack administrative account. Escalate privileges. Move laterally.

    Collect data, destroy backups, exfiltrate data for leverage, encrypt systems,.

    Threaten to publish exfiltrated data and demand ransom.

    Adverse effect

    Serious business disruption

    Financial damage

    Reputational damage

    Potential litigation

    Average downtime: 30 Days

    Average clean-up costs: USD 1.4M

    Sample ransomware risk scenario

    Likelihood: Medium
    Impact: High

    Risk scenario

    Cyber-criminals penetrate the network, exfiltrate critical or sensitive data, encrypt critical systems, and demand a ransom to restore access.

    They threaten to publish sensitive data online to pressure the organization to pay the ransom, and reach out to partners, staff, and students directly to increase the pressure on the organization.

    Network access likely occurs through a phishing attack, credential compromise, or remote desktop protocol session.

    Risk statement

    Cybercriminals penetrate the network, compromise backups, exfiltrate and encrypt data, and disrupt computer systems for financial gain.

    Threat Actor:

    • Cybercriminals

    Assets:

    • Critical systems (ERP, FMS, CRM, LMS)
    • HRIS and payroll
    • Data warehouse
    • Office 365 ecosystem (email, Teams)

    Effect:

    • Loss of system availability
    • Lost of data confidentiality

    Methods:

    • Phishing
    • Credential compromise
    • Compromised remote desktop protocol
    • Privilege escalation
    • Lateral movement
    • Data collection
    • Data exfiltration
    • Data encryption

    Step 1.2

    Conduct resilience assessment

    Activities

    1.2.1 Complete resilience assessment

    1.2.2 Establish resilience metrics

    This step will guide you through the following activities :

    • Completing a ransomware resilience assessment
    • Establishing baseline metrics to measure ransomware resilience.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • Subject-matter experts

    .Outcomes of this step

    • Current maturity, targets, and initial gap analysis

    Maturity levels in this blueprint draw on the CMMI framework

    The maturity levels are based on the Capability Maturity Model Integration framework. We outline our modifications below.

    CMMI Maturity Level – Default Descriptions:

    CMMI Maturity Level – Modified for This Assessment:

    • Level 1 – Initial: Unpredictable and reactive. Work gets completed but is often delayed and over budget.
    • Level 2 – Managed: Managed on the project level. Projects are planned, performed, measured, and controlled.
    • Level 3 – Defined: Proactive rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
    • Level 4 – Quantitatively managed: Measured and controlled. Organization is data-driven, with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
    • Level 5 – Optimizing: Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization's stability provides a platform for agility and innovation.
    • Level 1 – Initial/ad hoc: Not well defined and ad hoc in nature.
    • Level 2 – Developing: Established but inconsistent and incomplete.
    • Level 3 – Defined: Formally established, documented, and repeatable.
    • Level 4 – Managed and measurable: Managed using qualitative and quantitative data to ensure alignment with business requirements.
    • Level 5 – Optimizing: Qualitative and quantitative data is used to continually improve.

    (Source: CMMI Institute, CMMI Levels of Capability and Performance)

    Info-Tech's ransomware resilience framework

    Disrupt the playbooks of ransomware gangs. Put controls in place to protect, detect, respond and recover effectively.

    Prioritize protection

    Put controls in place to harden your environment, train savvy end users, and prevent incursions.

    Support recovery

    Build and test a backup strategy that meets business requirements to accelerate recovery and minimize disruption.

    Protect Detect Respond

    Recover

    Threat preparedness

    Review ransomware threat techniques and prioritize detective and mitigation measures for initial and credential access, privilege escalation, and data exfiltration.

    Awareness and training

    Develop security awareness content and provide cybersecurity and resilience training to employees, contractors and third parties.

    Perimeter security

    Identify and implement network security solutions including analytics, network and email traffic monitoring, and intrusion detection and prevention.

    Respond and recover

    Identify disruption scenarios and develop incident response, business continuity, and disaster recovery strategies.

    Access management

    Review the user access management program, policies and procedures to ensure they are ransomware-ready.

    Vulnerability management

    Develop proactive vulnerability and patch management programs that mitigate ransomware techniques and tactics.

    1.2.1 Complete the resilience assessment

    2-3 hours

    Use the Ransomware Resilience Assessment Tool to assess maturity of existing controls, establish a target state, and identify an initial set of initiatives to improve ransomware resilience.

    Keep the assessment tool on hand to add gap closure initiatives as you proceed through the project.

    Download the Ransomware Resilience Assessment

    Outcomes:

    • Capture baseline resilience metrics to measure progress over time.
      • Low scores are common. Use them to make the case for security investment.
      • Clarify the breadth of security controls.
      • Security controls intersect with a number of key processes and technologies, each of which are critical to ransomware resilience.
    • Key gaps identified.
      • Allocate more time to subsections with lower scores.
      • Repeat the scorecard at least annually to clarify remaining areas to address.

    Input

    • Understanding of current security controls

    Output

    • Current maturity, targets, and gaps

    Materials

    • Ransomware Resilience Assessment Tool

    Participants

    • Security Incident Response Team (SIRT)

    This is an image of the Ransomeware Resilience Assessment Table from Info-Tech's Ransomware Resilience Assessment Blueprint.

    1.2.2 Establish resilience metrics

    Ransomware resilience metrics track your ability to disrupt a ransomware attack at each stage of its workflow.

    Measure metrics at the start of the project to establish a baseline, as the project nears completion to measure progress.

    Attack workflow Process Metric Target trend Current Goal
    GET IN Vulnerability Management % Critical patches applied Higher is better
    Vulnerability Management # of external exposures Fewer is better
    Security Awareness Training % of users tested for phishing Higher is better
    SPREAD Identity and Access Management Adm accounts / 1000 users Lower is better
    Identity and Access Management % of users enrolled for MFA Higher is better
    Security Incident Management Avg time to detect Lower is better
    PROFIT Security Incident Management Avg time to resolve Lower is better
    Backup and Disaster Recovery % critical assets with recovery test Higher is better
    Backup and Disaster Recovery % backup to immutable storage Higher is better

    Phase 2

    Improve protection and detection capabilities

    Phase 1Phase 2Phase 3Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will walk you through the following activities:

    • Assessing common ransomware attack vectors.
    • Identifying countermeasures to improve protection and detection capabilities.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Build Ransomware Resilience

    Step 2.1

    Assess attack vectors

    Activities

    2.1.1 Assess ransomware threat preparedness

    2.1.2 Determine the impact of ransomware techniques on your environment

    This step involves the following activities:

    • Assessing ransomware threat preparedness.
    • Configuring the threat preparedness tool.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Outcomes of this step

    Assess risks associated with common ransomware attack vectors.

    Improve protection and detection capabilities

    Use the MITRE attack framework to prepare

    This phase draws on MITRE to improve ransomware protection and detection capabilities

    • The activities in this phase provide guidance on how to use the MITRE attack framework to protect your organizations against common ransomware techniques and tactics, and detect incursions.
    • You will:
      • Review common ransomware tactics and techniques.
      • Assess their impact on your environment.
      • Identify relevant countermeasures.
    • The Enterprise Threat Preparedness Workbook included with the project blueprint will be set up to deal with common ransomware threats and tactics.

    Download the Enterprise Threat Preparedness Workbook

    Review ransomware tactics and techniques

    Ransomware attack workflow

    Deliver phishing email designed to avoid spam filter.

    Launch malware undetected.

    Identify user accounts.

    Target an admin account.

    Use brute force tactics to crack it.

    Move through the network. Collect data.

    Infect critical systems and backups to limit recovery options.

    Exfiltrate data to gain leverage.

    Encrypt data, which triggers alert.

    Deliver ransom note.

    Associated MITRE tactics and techniques

    • Initial access
    • Execution
    • Privilege escalation
    • Credential access
    • Lateral movement
    • Collection
    • Data Exfiltration
    • Data encryption

    Most common ransomware attack vectors

    • Phishing and social engineering
    • Exploitation of software vulnerabilities
    • Unsecured external exposures
      • e.g. remote desktop protocols
    • Malware infections
      • Email attachments
      • Web pages
      • Pop-ups
      • Removable media

    2.1.1 Assess ransomware threat preparedness

    Estimated Time: 1-4 hours

    1. Read through the instructions in the Enterprise Threat Preparedness Workbook.
    2. Select ransomware attack tactics to analyze. Use the workbook to understand:
      1. Risks associated with each attack vector.
      2. Existing controls that can help you protect the organization and detect an incursion.
    3. This initial analysis is meant to help you understand your risk before you apply additional controls.

    Once you're comfortable, follow the instructions on the following pages to configure the MITRE ransomware analysis and identify how to improve your protection and detection capabilities.

    Download the Enterprise Threat Preparedness Workbook

    Input

    • Knowledge about existing infrastructure.
    • Security protocols.
    • Information about ransomware attack tactics, techniques, and mitigation protocols.

    Output

    • Structured understanding of the risks facing the enterprise based on your current preparedness and security protocols.
    • Protective and detective measures to improve ransomware resilience.

    Materials

    • Enterprise Threat Preparedness Workbook

    Participants

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    2.1.2 Determine the impact of techniques

    Estimated Time: 1-4 hours

    1. The Enterprise Threat Preparedness Workbook included with the project blueprint is set up to deal with common ransomware use cases.

    If you would like to change the set-up, go through the following steps.

    • Review the enterprise matrix. Select the right level of granularity for your analysis. If you are new to threat preparedness exercises, the Technique Level is a good starting point.
    • As you move through each tactic, align each sheet to your chosen technique domain to ensure the granularity of your analysis is consistent.
    • Read the tactics sheet from left to right. Determine the impact of the technique on your environment. For each control, indicate current mitigation levels using the dropdown list.

    The following slides walk you through the process with screenshots from the workbook.

    Download the Enterprise Threat Preparedness Workbook

    Input

    • Knowledge about existing infrastructure.
    • Security protocols.
    • Information about ransomware attack tactics, techniques, and mitigation protocols.

    Output

    • Structured understanding of the risks facing the enterprise based on your current preparedness and security protocols.
    • Protective and detective measures to improve ransomware resilience.

    Materials

    • Enterprise Threat Preparedness Workbook

    Participants

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Select the domain for the analysis

    • The Tactics Dashboard is a live feed of your overall preparedness for the potential attack vectors that your organization may face. These 14 tactics correspond to the Enterprise Matrix used by the MITRE ATT&CK® framework.
    • The technique domain on the right side of the sheet is split in two main groups:
    • The Technique Level
      • - High-level techniques that an attacker may use to gain entry to your network.
      • - The Technique Level is a great starting point if you are new to threat preparedness.
    • The Sub-Technique Level
      • - Individual sub-techniques found throughout the MITRE ATT&CK® Framework.
      • - More mature organizations will find the Sub-Technique Level generates a deeper and more precise understanding of their current preparedness.

    Info-Tech Insight

    Dwell times and effective times are dropping dramatically. Malicious agents spend less time in your network before they deploy an attack, and their attacks are much more effective. You can't afford to rely on your ability to respond and recover alone.

    This is the first screenshot from Info-Tech's Tactic Preparedness Assessment Dashboard.

    Keep an eye on the enterprise matrix

    As you fill out the Tactic tabs with your evaluation, the overall reading will display the average of your overall preparedness for that tactic.

    Choosing the Technique Domain level will increase the accuracy of the reporting at the cost of speed.

    The Technique level is faster but provides less specifics for each control and analyzes them as a group.

    The Sub-Technique level is much more granular, but each tactic and technique has several sub-techniques that you will need to account for.

    Check with the dashboard to see the associated risk level for each of the tactics based on the legend. Tactics that appear white have not yet been assessed or are rated as "N/A" (not applicable).

    This is the second screenshot from Info-Tech's Tactic Preparedness Assessment Dashboard.

    When you select your Technique Domain, you cannot change it again. Changing the domain mid-analysis will introduce inaccuracies in your security preparedness.

    Configure the tactics tabs

    • Each tactic has a corresponding tab at the bottom of the Excel workbook.
      Adjusting the Technique Domain level will change the number of controls shown.
    • Next, align the sheet to the domain you selected on Tab 2 before you continue. As shown in the example to the right,
      • Select "1" for Technique Level.
      • Select "2" for Sub-Technique Level.
    • This will collapse the controls to your chosen level of granularity.

    This is a screenshot showing how you can configure the tactics tab of the Ransomware Threat Preparedness Workbook

    Read tactic sheets from left to right

    This is a screenshot of the tactics tab of the Ransomware Threat Preparedness Workbook

    Technique:

    How an attacker will attempt to achieve their goals through a specific action.

    ID:

    The corresponding ID number on the MITRE ATT&CK® Matrix for quick reference.

    Impact of the Technique(s):

    If an attack of this type is successful on your network, how deep does the damage run?

    Current Mitigations:

    What security protocols do you have in place right now that can help prevent an attacker from successfully executing this attack technique? The rating is based on the CMMI scale.

    Determine the impact of the technique

    • For each control, indicate the current mitigation level using the dropdown list.
    • Only use "N/A" if you are confident that the control is not required in your organization.

    Info-Tech Insight

    We highly recommend that you write comments about your current-state security protocols. First, it's great to have documented your thought processes in the event of a threat modeling session. Second, you can speak to deficits clearly, when asked.

    This is the second screenshot from Info-Tech's Reconnaissance Tactic Analysis

    Review technique preparedness

    • If you have chosen the Technique level, the tool should resemble this image:
      • High-level controls are analyzed, and sub-controls hidden.
      • The sub-techniques under the broader technique show how a successful attack from this vector would impact your network.
    • Each sub-technique has a note for additional context:
      • Under Impact, select the overall impact for the listed controls to represent how damaging you believe the controls to be.
      • Next select your current preparedness maturity in terms of preparedness for the same techniques. Ask yourself "What do I have that contributes to blocking this technique?"

    This is the third screenshot from Info-Tech's Reconnaissance Tactic Analysis

    Info-Tech Insight

    You may discover that you have little to no mitigation actions in place to deal with one or many of these techniques. However, look at this discovery as a positive: You've learned more about the potential vectors and can actively work toward remediating them rather than hoping that a breach never happens through one of these avenues.

    Review sub-technique preparedness

    If you have chosen the Sub-Technique level, the tool should resemble this image.

    • The granular controls are being analyzed. However, the grouped controls will still appear. It is important to not fill the grouped sections, to make sure the calculations run properly.
    • The average of your sub-techniques will be calculated to show your overall preparedness level.
    • Look at the sub-techniques under the broader technique and consider how a successful attack from this vector would impact your network.

    Each sub-technique has a note for additional context and understanding about what the techniques are seeking to do and how they may impact your enterprise.

    • Because of the enhanced granularity, the final risk score is more representative of an enterprise's current mitigation capabilities.
    This is the fourth screenshot from Info-Tech's Reconnaissance Tactic Analysis

    Step 2.2

    Identify countermeasures

    Activities

    2.2.1 Identify countermeasures

    This step involves the following activities:

    • Identifying countermeasures

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Outcomes of this step

    Identification of countermeasures to common ransomware techniques, and tactics to improve protection and detection capabilities.

    Improve Protection and Detection Capabilities

    Review technique countermeasures

    As you work through the tool, your dashboard will prioritize your threat preparedness for each of the various attack techniques to give you an overall impression of your preparedness.

    For each action, the tool includes detection and remediation actions for you to consider either for implementation or as table stakes for your next threat modeling sessions.

    Note: Some sheets will have the same controls. However, the context of the attack technique may change your answers. Be sure to read the tactic and technique that you are on when responding to the controls.

    This is an image of the Privilege Escalation Tactic Analysis Table

    This is an image of the Defense Evasion Tactic Analysis Table

    Prioritize the analysis of ransomware tactics and sub-techniques identified on slide 45. If your initial analysis in Activity 2.2.1 determined that you have robust security protocols for some of the attack vectors, set these domains aside.

    2.2.1 Identify countermeasures

    Estimated Time: 1-4 hours

    1. Review the output of the Enterprise Threat Preparedness Workbook. Remediation efforts are on the right side of the sheet. These are categorized as either detection actions or mitigation actions.
      1. Detection actions:
      • What can you do before an attack occurs, and how can you block attacks? Detection actions may thwart an attack before it ever occurs.
    2. Mitigation actions:
      • If an attacker is successful through one of the attack methods, how do you lessen the impact of the technique? Mitigation actions address this function to slow and hinder the potential spread or damage of a successful attack.
  • Detection and mitigation measures are associated with each technique and sub-technique. Not all techniques will be able to be detected properly or mitigated. However, understanding their relationships can better prepare your defensive protocols.
  • Add relevant control actions to the initiative list in the Ransomware Resilience Assessment.
  • Input

    • Knowledge about existing infrastructure.
    • Security protocols.
    • Information about ransomware attack tactics, techniques, and mitigation protocols.
    • Outputs from the Threat Preparedness Workbook.

    Output

    • Structured understanding of the risks facing the enterprise based on your current preparedness and security protocols.
    • Protective and detective measures to improve ransomware resilience.

    Materials

    • Enterprise Threat Preparedness Workbook
    • Ransomware Resilience Assessment

    Participants

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Phase 3

    Improve response and recovery capabilities

    Phase 1Phase 2Phase 3Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will guide you through the following steps:

    • Documenting your threat escalation protocol.
    • Identify response steps and gaps.
    • Update your response workflow and runbook.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)

    Build Ransomware Resilience

    Step 3.1

    Review security incident management plan

    Activities

    3.1.1 Review the workflow and runbook templates

    3.1.2 Update/define your threat escalation protocol

    This step will walk you through the following activities:

    • Reviewing the example Workflow and Runbook
    • Updating and defining your threat escalation protocol.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • Clear escalation path for critical incidents.
    • Common understanding of incident severity that will drive escalation.

    Improve response and recovery capabilities

    3.1.1 Review the workflow and runbook templates

    30 minutes

    This blueprint includes sample information in the Ransomware Response Workflow Template and Ransomware Response Runbook Template to use as a starting points for the steps in Phase 3, including documenting your threat escalation protocol.

    • The Ransomware Response Workflow Template contains an example of a high-level security incident management workflow for a ransomware attack. This provides a structure to follow for the tabletop planning exercise and a starting point for your ransomware response workflow.
      The Workflow is aimed at incident commanders and team leads. It provides an at-a-glance view of the high-level steps and interactions between stakeholders to help leaders coordinate response.
    • The Ransomware Response Runbook Template is an example of a security incident management runbook for a ransomware attack. This includes a section for a threat escalation protocol that you can use as a starting point.
      The Runbook is aimed at the teams executing the response. It provides more specific actions that need to be executed at each phase of the incident response.

    Download the Ransomware Response Workflow Template

    Download the Ransomware Response Runbook Template

    Input

    • No Input Required

    Output

    • Visualize the end goal

    Materials

    • Example workflow and runbook in this blueprint

    Participants

    • Security Incident Response Team (SIRT)

    Two overlapping screenshots are depicted, including the table of contents from the Ransomware Response Runbook.

    3.1.2 Update/define your threat escalation protocol

    1-2 hours

    Document the Threat Escalation Protocol sections in the Ransomware Response Workflow Template or review/update your existing runbook. The threat escalation protocol defines which stakeholders to involve in the incident management process, depending on impact and scope. Specifically, you will need to define the following:

    Impact and scope criteria: Impact considers factors such as the criticality of the system/data, whether PII is at risk, and whether public notification is required. Scope considers how many systems or users are impacted.

    Severity assessment: Define the severity levels based on impact and scope criteria.

    Relevant stakeholders: Identify stakeholders to notify for each severity level, which can include external stakeholders.

    If you need additional guidance, see Info-Tech's Develop and Implement a Security Incident Management Program blueprint, which takes a broader look at security incidents.

    Input

    • Current escalation process (formal or informal).

    Output

    • Define criteria for severity levels and relevant stakeholders.

    Materials

    • Ransomware Response Workflow Template

    Participants

    • Security Incident Response Team (SIRT)

    This is an image of the Threat Escalation Protocol Criteria and Stakeholders.

    Step 3.2

    Run Tabletop Test (IT)

    Activities

    3.2.1 Define scenarios for a range of incidents

    3.2.2 Run a tabletop planning exercise

    This step will guide you through the following activities:

    • Defining scenarios for a range of incidents.
    • Running a tabletop planning exercise.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • Other stakeholders (as relevant)

    Outcomes of this step

    • Current-state incident response workflow, including stakeholders, steps, timeline.
    • Process and technology gaps to be addressed.

    Improve response and recovery capabilities

    3.2.1 Define scenarios for a range of incidents

    30 minutes

    As a group, collaborate to define scenarios that enable you to develop incident response details for a wide range of potential incidents. Below are example scenarios:

    • Scenario 1: An isolated attack on one key system. The database for a critical application is compromised. Assume the attack was not detected until files were encrypted, but that you can carry out a repair-in-place by wiping the server and restoring from backups.
    • Scenario 2: A site-wide impact that warrants broader disaster recovery. Several critical systems are compromised. It would take too long to repair in-place, so you need to failover to your DR environment, in addition to executing security response steps. (Note: If you don't have a DRP, see Info-Tech's Create a Right-Sized Disaster Recovery Plan.)
    • Scenario 3: A critical outsourced service or cloud service is compromised. You need to work with the vendor to determine the scope of impact and execute a response. This includes determining if your on-prem systems were also compromised.
    • Scenario 4: One or multiple end-user devices are compromised. Your response to the above scenarios would include assessing end-user devices as a possible source or secondary attack, but this scenario would provide more focus on the containing an attack on end-user devices.

    Note: The above is too much to execute in one 30-minute session, so plan a series of exercises as outlined on the next slide.

    Input

    • No input required

    Output

    • Determine the scope of your tabletop planning exercises

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    Optimize the time spent by participants by running a series of focused exercises

    Not all stakeholders need to be present at every tabletop planning exercise. First, run an exercise with IT that focuses on the technical response. Run a second tabletop for non-IT stakeholders that focuses on the non-IT response, such as crisis communications, working with external stakeholders (e.g. law enforcement, cyberinsurance).

    Sample schedule:

    • Q1: Hold two sessions that run Scenarios 1 and 2 with relevant IT participants (see Activity 3.2.1). The focus for these sessions will be primarily on the technical response. For example, include notifying leadership and their role in decision making, but don't expand further on the details of their process. Similarly, don't invite non-IT participants to these sessions so you can focus first on understanding the IT response. Invite executives to the Q2 exercise, where they will have more opportunity to be involved.
    • Q2: Hold one session with the SIRT and non-IT stakeholders. Use the results of the Q1 exercises as a starting point and expand on the non-IT response steps (e.g. notifying external parties, executive decisions on response options).
    • Q3 and Q4: Run other sessions (e.g. for Scenarios 3 and 4) with relevant stakeholders. Ensure your ransomware incident response plan covers a wide range of possible scenarios.
    • Run ongoing exercises at least annually. Once you have a solid ransomware incident response plan, incorporate ransomware-based tabletop planning exercises into your overall security incident management testing and maintenance schedule.

    Info-Tech Insight

    Schedule these sessions well in advance to ensure appropriate resources are available. Document this in an annual test plan summary that outlines the scope, participants, and dates and times for the planned sessions.

    3.2.2 Run a tabletop planning exercise

    1-2 hours

    Remember that the goal is a deeper dive into how you would respond to an attack so you can clarify steps and gaps. This is not meant to just be a read-through of your plan. Follow the guidelines below:

    1. Select your scenario and invite relevant participants (see the previous slides).
    2. Guide participants through the incident and capture the steps and gaps along the way. Focus on one stakeholder at a time through each phase but be sure to get input from everyone. For example, focus on the Service Desk's steps for detection, then do the same as relevant to other stakeholders. Move on to analysis and do the same. (Tip: The distinction between phases is not always clear, and that's okay. Similarly, eradication and recovery might be the same set of steps. Focus on capturing the detail; you can clarify the relevant phase later.)
    3. Record the results (e.g. capture it in Visio) for reference purposes. (Tip: You can run the exercise directly in Visio. However, there's a risk that the tool may become a distraction. Enlist a scribe who is proficient with Visio so you don't need to wait for information to be captured and plan to save the detailed formatting and revising for later. )

    Refer to the Ransomware Tabletop Planning Results – Example as a guide for what to capture. Aim for more detail than found in your Ransomware Response Workflow (but not runbook-level detail).

    Download the Ransomware Tabletop Planning Results – Example

    Input

    • Baseline ransomware response workflow

    Output

    • Clarify your response workflow, capabilities, and gaps

    Materials

    • Whiteboard or sticky notes or index cards, or a shared screen

    Participants

    • Security Incident Response Team (SIRT)

    This is an example of a Ransomware Response Tabletop Planning Results Page.

    Step 3.3

    Document Workflow and Runbook

    Activities

    3.3.1 Update your ransomware response workflow

    3.3.2 Update your ransomware response runbook

    This step will guide you through the following activities:

    • Updating your ransomware response workflow.
    • Updating your ransomware response runbook.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • An updated incident response workflow and runbook based on current capabilities.

    Improve response and recovery capabilities

    3.3.1 Update your ransomware response workflow

    1 hour

    Use the results from your tabletop planning exercises (Activity 3.2.2) to update and clarify your ransomware response workflow. For example:

    • Update stakeholder swim-lanes: Clarify which stakeholders need a swim lane (e.g. where interactions between groups needs to be clarified). For example, consider an SIRT swim-lane that combines the relevant technical response roles, but have separate swim-lanes for other groups that the SIRT interacts with (e.g. Service Desk, the Executive Team).
    • Update workflow steps: Use the detail from the tabletop exercises to clarify and/or add steps, as well as further define the interactions between swim-lanes.(Tip: Your workflow needs to account for a range of scenarios. It typically won't be as specific as the tabletop planning results, which focus on only one scenario.)
    • Clarify the overall the workflow: Look for and correct any remaining areas of confusion and clutter. For example, consider adding "Go To" connectors to minimize lines crossing each other, adding color-coding to highlight key related steps (e.g. any communication steps), and/or resizing swim-lanes to reduce the overall size of the workflow to make it easier to read.
    • Repeat the above after each exercise: Continue to refine the workflow as needed until you reach the stage where you just need to validate that your workflow is still accurate.

    Input

    • Results from tabletop planning exercises (Activity 3.2.2)

    Output

    • Clarify your response workflow

    Materials

    • Ransomware Response Workflow

    Participants

    • Security Incident Response Team (SIRT)

    This is a screenshot from the ransomeware response tabletop planning

    3.3.2 Update your ransomware response runbook

    1 hour

    Use the results from your tabletop planning exercises (Activity 3.2.2) to update your ransomware response runbook. For example:

    • Align stakeholder sections with the workflow: Each stakeholder swim-lane in the workflow needs its own section in the runbook.
    • Update incident response steps: Use the detail from the tabletop exercise to clarify instructions for each stakeholder. This can include outlining specific actions, defining which stakeholders to work with, and referencing relevant documentation (e.g. vendor documentation, step-by-step restore procedures). (Tip: As with the workflow, the runbook needs to account for a range of scenarios, so it will include a list of actions that might need to be taken depending on the incident, as illustrated in the example runbook.)
    • Review and update your threat escalation protocol: It's best to define your threat escalation protocol before the tabletop planning exercise to help identify participants and avoid confusion. Now use the exercise results to validate or update that documentation.
    • Repeat the above after each exercise. Continue to refine your runbook as needed until you reach the stage where you just need to validate that your runbook is still accurate.

    Input

    • Results from tabletop planning exercises (Activity 3.2.2)

    Output

    • Clarified response runbook

    Materials

    • Ransomware Response Workflow

    Participants

    • Security Incident Response Team (SIRT)

    This is a screenshot of the Ransomware Response Runbook

    Phase 4

    Improve ransomware resilience

    Phase 1Phase 2Phase 3Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will guide you through the following steps:

    • Identifying initiatives to improve ransomware resilience.
    • Prioritizing initiatives in a project roadmap.
    • Communicating status and recommendations.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)

    Build Ransomware Resilience

    Step 4.1

    Run Tabletop Test (leadership)

    Activities

    • 4.1.1 Identify initiatives to close gaps and improve resilience
    • 4.1.2 Review broader strategies to improve your overall security program

    This step will walk you through the following activities:

    • Identifying initiatives to close gaps and improve resilience.
    • Reviewing broader strategies to improve your overall security program.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • Specific potential initiatives based on a review of the gaps.
    • Broader potential initiatives to improve your overall security program.

    Improve ransomware resilience

    4.1.1 Identify initiatives to close gaps and improve resilience

    1 hour

    1. Use the results from the activities you have completed to identify initiatives to improve your ransomware readiness.
    2. Set up a blank spreadsheet with two columns and label them "Gaps" and "Initiatives." (It will be easier to copy the gaps and initiatives from this spreadsheet to you project roadmap, rather than use the Gap Initiative column in the Ransomware Readiness Maturity Assessment Tool.)
    3. Review your tabletop planning results:
      1. Summarize the gaps in the "Gaps" column in your spreadsheet created for this activity.
      2. For each gap, write down potential initiatives to address the gap.
      3. Where possible, combine similar gaps and initiatives. Similarly, the same initiative might address multiple gaps, so you don't need to identify a distinct initiative for every gap.
    4. Review the results of your maturity assessment completed in Phase 1 to identify additional gaps and initiatives in the spreadsheet created for this activity.

    Input

    • Tabletop planning results
    • Maturity assessment

    Output

    • Identify initiatives to improve ransomware readiness

    Materials

    • Blank spreadsheet

    Participants

    • Security Incident Response Team (SIRT)

    4.1.2 Review broader strategies to improve your overall security program

    1 hour

    1. Review the following considerations as outlined on the next few slides:
      • Implement core elements of an effective security program – strategy, operations, and policies. Leverage the work completed in this blueprint to provide context and address your immediate gaps while developing an overarching security strategy based on business requirements, risk tolerance, and overall security considerations. Security operations and policies are key to executing your overall security strategy and day to day incident management.
      • Update your backup strategy to account for ransomware attacks. Consider what your options would be today if your primary backups were infected? If those options aren't very good, your backup strategy needs a refresh.
      • Consider a zero-trust strategy. Zero trust reduces your reliance on perimeter security and moves controls to where the user accesses resources. However, it takes time to implement. Evaluate your readiness for this approach.
    2. As a team, discuss the merits of these strategies in your organization and identify potential initiatives. Depending on what you already have in place, the project may be to evaluate options (e.g. if you have not already initiated zero trust, assign a project to evaluate your options and readiness).

    Input

    • An understanding of your existing security practices and backup strategy.

    Output

    • Broader initiatives to improve ransomware readiness.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    Implement core elements of an effective security program

    There is no silver bullet. Ransomware readiness depends on foundational security best practices. Where budget allows, support that foundation with more advanced AI-based tools that identify abnormal behavior to detect an attack in progress.

    Leverage the following blueprints to implement the foundational elements of an effective security program:

    • Build an Information Security Strategy: Consider the full spectrum of information security, including people, processes, and technologies. Then base your security strategy on the risks facing your organization – not just on best practices – to ensure alignment with business goals and requirements.
    • Develop a Security Operations Strategy: Establish unified security operations that actively monitor security events and threat information, and turn that into appropriate security prevention, detection, analysis, and response processes.
    • Develop and Deploy Security Policies: Improve cybersecurity through effective policies, from acceptable use policies aimed at your end users to system configuration management policies aimed at your IT operations.

    Supplement foundational best practices with AI-based tools to counteract more sophisticated security attacks:

    • The evolution of ransomware gangs and ransomware as a service means the most sophisticated tools designed to bypass perimeter security and endpoint protection are available to a growing number of hackers.
    • Rather than activate the ransomware virus immediately, attackers will traverse the network using legitimate commands to infect as many systems as possible and exfiltrate data without generating alerts, then finally encrypt infected systems.
    • AI-based tools learn what is normal behavior and therefore can recognize unusual traffic (which could be an attack in progress) before it's too late. For example, a "user" accessing a server they've never accessed before.
    • Engage an Info-Tech analyst or consult SoftwareReviews to review products that will add this extra layer of AI-based security.

    Update your backup strategy to account for ransomware attacks

    Apply a defense-in-depth strategy. A daily disk backup that goes offsite once a week isn't good enough.

    In addition to applying your existing security practices to your backup solution (e.g. anti-malware, restricted access), consider:

    • Creating multiple restore points. Your most recent backup might be infected. Frequent backups allow you to be more granular when determining how far you need to roll back.
    • Having offsite backups and using different storage media. Reduce the risk of infected backups by using different storage media (e.g. disk, NAS, tape) and backup locations (e.g. offsite). If you can make the attackers jump through more hoops, you have a greater chance of detecting the attack before all backups are infected.
    • Investing in immutable backups. Most leading backup solutions offer options to ensure backups are immutable (cannot be altered after they are written).
    • Using the BIA you completed in Phase 2 to help decide where to prioritize investments. All the above strategies add to your backup costs and might not be feasible for all data. Use your BIA results to decide which data sets require higher levels of protection.

    This example strategy combines multiple restore points, offsite backup, different storage media, and immutable backups.

    This is an example of a backup strategy to account for ransomware attacks.

    Refer to Info-Tech's Establish an Effective Data Protection Plan blueprint for additional guidance.

    Explore zero-trust initiatives

    Zero trust is a set of principles, not a set of controls.

    Reduces reliance on perimeter security.

    Zero trust is a strategy that reduces reliance on perimeter security and moves controls to where your user accesses resources. It often consolidates security solutions, reduces operating costs, and enables business mobility.

    Zero trust must benefit the business first.

    IT security needs to determine how zero trust initiatives will affect core business processes. It's not a one-size-fits-all approach to IT security. Zero trust is the goal – but some organizations can only get so close to that ideal.

    For more information, see Build a Zero-Trust Roadmap.

    Info-Tech Insight

    A successful zero-trust strategy should evolve. Use an iterative and repeatable process to assess available zero-trust technologies and principles and secure the most relevant protect surfaces. Collaborate with stakeholders to develop a roadmap with targeted solutions and enforceable policies.

    Step 4.2

    Prioritize resilience initiatives

    Activities

    • 4.2.1 Prioritize initiatives based on factors such as effort, cost, and risk
    • 4.2.2 Review the dashboard to fine tune your roadmap

    This step will guide you through the following activities:

    • Prioritizing initiatives based on factors such as effort, cost, and risk.
    • Reviewing the dashboard to fine-tune your roadmap.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • An executive-friendly project roadmap dashboard summarizing your initiatives.
    • A visual representation of the priority, effort, and timeline required for suggested initiatives.

    Review the Ransomware Resilience Assessment

    Tabs 2 and 3 list initiatives relevant to your ransomware readiness improvement efforts.

    • At this point in the project, the Ransomware Resilience Assessment should contain a number of initiatives to improve ransomware resilience.
    • Tab 2 is prepopulated with examples of gap closure actions to consider, which are categorized into initiatives listed on Tab 3.
    • Follow the instructions in the Ransomware Resilience Assessment to:
      • Categorize gap control actions into initiatives.
      • Prioritize initiatives based on cost, effort, and benefit.
      • Construct a roadmap for consideration.

    Download the Ransomware Resilience Assessment

    4.2.1 Prioritize initiatives based on factors such as effort, cost, and risk

    1 hour

    Prioritize initiatives in the Ransomware Resilience Assessment.

    1. The initiatives listed on Tab 3 Initiative List will be copied automatically on Tab 5 Prioritization.
    2. On Tab 1 Setup:
      1. Review the weight you want to assign to the cost and effort criteria.
      2. Update the default values for FTE and Roadmap Start as needed.
    3. Go back to Tab 5 Prioritization:
      1. Fill in the cost, effort, and benefit evaluation criteria for each initiative. Hide optional columns you don't plan to use, to avoid confusion.
      2. Use the cost and benefit scores to prioritize waves and schedule initiatives on Tab 6 Gantt Chart.

    Input

    • Gaps and initiatives identified in Step 4.1

    Output

    • Project roadmap dashboard

    Materials

    • Ransomware Resilience Assessment

    Participants

    • Security Incident Response Team (SIRT)

    4.2.2 Review the dashboard to fine-tune the roadmap

    1 hour

    Review and update the roadmap dashboard in your Ransomware Resilience Assessment.

    1. Review the Gantt chart to ensure:
      1. The timeline is realistic. Avoid scheduling many high-effort projects at the same time.
      2. Higher-priority items are scheduled sooner than low-priority items.
      3. Short-term projects include quick wins (e.g. high-priority, low-effort items).
      4. It supports the story you wish to communicate (e.g. a plan to address gaps, along with the required effort and timeline).
    2. Update the values on the 5 Prioritization and 6 Gantt Chart tabs based on your review.

    Input

    • Gaps and initiatives identified in Step 4.1

    Output

    • Project roadmap dashboard

    Materials

    • Ransomware Resilience Assessment

    Participants

    • Security Incident Response Team (SIRT)

    This is an image of a sample roadmap for the years 2022-2023

    Step 4.3

    Measure resilience metrics

    Activities

    4.3.1 Summarize status and next steps in an executive presentation

    This step will guide you through the following activities:

    • Summarizing status and next steps in an executive presentation.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • Gain stakeholder buy-in by communicating the risk of the status quo and achievable next steps to improve your organization's ransomware readiness.

    Improve ransomware resilience

    4.3.1 Summarize status and next steps in an executive presentation

    1 hour

    Gain stakeholder buy-in by communicating the risk of the status quo and recommendations to reduce that risk. Specifically, capture and present the following from this blueprint:

    • Phase 1: Maturity assessment results, indicating your organization's overall readiness as well as specific areas that need to improve.
    • Phase 2: Business impact results, which objectively quantify the potential impact of downtime and data loss.
    • Phase 3: Current incident response capabilities including steps, timeline, and gaps.
    • Phase 4: Recommended projects to close specific gaps and improve overall ransomware readiness.

    Overall key findings and next steps.

    Download the Ransomware Readiness Summary Presentation Template

    Input

    • Results of all activities in Phases 1-4

    Output

    • Executive presentation

    Materials

    • Ransomware Readiness Summary Presentation Template

    Participants

    • Security Incident Response Team (SIRT)

    This is a screenshot of level 2 of the ransomware readiness maturity tool.

    Revisit metrics

    Ransomware resilience metrics track your ability to disrupt a ransomware attack at each stage of its workflow.

    Revisit metrics as the project nears completion and compare them against your baseline to measure progress.

    Attack workflow Process Metric Target trend Current Goal
    GET IN Vulnerability Management % Critical patches applied Higher is better
    Vulnerability Management # of external exposures Fewer is better
    Security Awareness Training % of users tested for phishing Higher is better
    SPREAD Identity and Access Management Adm accounts / 1000 users Lower is better
    Identity and Access Management % of users enrolled for MFA Higher is better
    Security Incident Management Avg time to detect Lower is better
    PROFIT Security Incident Management Avg time to resolve Lower is better
    Backup and Disaster Recovery % critical assets with recovery test Higher is better
    Backup and Disaster Recovery % backup to immutable storage Higher is better

    Summary of accomplishments

    Project overview

    Project deliverables

    This blueprint helped you create a ransomware incident response plan for your organization, as well as identify ransomware prevention strategies and ransomware prevention best practices.

    • Ransomware Resilience Assessment: Measure your current readiness, then identify people, policy, and technology gaps to address.
    • Ransomware Response Workflow: An at-a-glance summary of the key incident response steps across all relevant stakeholders through each phase of incident management.
    • Ransomware Response Runbook: Includes your threat escalation protocol and detailed response steps to be executed by each stakeholder.
    • Ransomware Tabletop Planning : This deep dive into a ransomware scenario will help you develop a more accurate incident management workflow and runbook, as well as identify gaps to address.
    • Ransomware Project Roadmap: This prioritized list of initiatives will address specific gaps and improve overall ransomware readiness.
    • Ransomware Readiness Summary Presentation: Your executive presentation will communicate the risk of the status quo, present recommended next steps, and drive stakeholder buy-in.

    Project phases

    Phase 1: Assess ransomware resilience

    Phase 2: Protect and detect

    Phase 3: Respond and recover

    Phase 4: Improve ransomware resilience

    Related Info-Tech Research

    Tab 3. Initiative List in the Ransomware Resilience Assessment identifies relevant Info-Tech Research to support common ransomware resilience initiatives.

    Related security blueprints:

    Related disaster recovery blueprints:

    Research Contributors and Experts

    This is an image of Jimmy Tom

    Jimmy Tom
    AVP of Information Technology and Infrastructure
    Financial Horizons

    This is an image of Dan Reisig

    Dan Reisig
    Vice President of Technology
    UV&S

    This is an image of Samuel Sutto

    Samuel Sutton
    Computer Scientist (Retired)
    FBI

    This is an image of Ali Dehghantanha

    Ali Dehghantanha
    Canada Research Chair in Cybersecurity and Threat Intelligence,
    University of Guelph

    This is an image of Gary Rietz

    Gary Rietz
    CIO
    Blommer Chocolate Company

    This is an image of Mark Roman

    Mark Roman
    CIO
    Simon Fraser University

    This is an image of Derrick Whalen

    Derrick Whalen
    Director, IT Services
    Halifax Port Authority

    This is an image of Stuart Gaslonde

    Stuart Gaslonde
    Director of IT & Digital Services
    Falmouth-Exeter Plus

    This is an image of Deborah Curtis

    Deborah Curtis
    CISO
    Placer County

    This is an image of Deuce Sapp

    Deuce Sapp
    VP of IT
    ISCO Industries

    This is an image of Trevor Ward

    Trevor Ward
    Information Security Assurance Manager
    Falmouth-Exeter Plus

    This is an image of Brian Murphy

    Brian Murphy
    IT Manager
    Placer County

    This is an image of Arturo Montalvo

    Arturo Montalvo
    CISO
    Texas General Land Office and Veterans Land Board

    No Image Available

    Mduduzi Dlamini
    IT Systems Manager
    Eswatini Railway

    No Image Available

    Mike Hare
    System Administrator
    18th Circuit Florida Courts

    No Image Available

    Linda Barratt
    Director of Enterprise architecture, IT Security, and Data Analytics, Toronto Community Housing Corporation

    This is an image of Josh Lazar

    Josh Lazar
    CIO
    18th Circuit Florida Courts

    This is an image of Douglas Williamson

    Douglas Williamson
    Director of IT
    Jamaica Civil Aviation Authority

    This is an image of Ira Goldstein

    Ira Goldstein
    Chief Operating Officer
    Herjavec Group

    This is an image of Celine Gravelines

    Celine Gravelines
    Senior Cybersecurity Analyst
    Encryptics

    This is an image of Dan Mathieson

    Dan Mathieson
    Mayor
    City of Stratford

    This is an image of Jacopo Fumagalli

    Jacopo Fumagalli
    CISO
    Omya

    This is an image of Matthew Parker

    Matthew Parker
    Program Manager
    Utah Transit Authority

    Two Additional Anonymous Contributors

    Bibliography

    2019-Data-Breach-Investigations-Report.-Verizon,-May-2019.
    2019-Midyear-Security-Roundup:-Evasive-Threats,-Persistent-Effects.-Trend-Micro,-2019.
    Abrams,-Lawrence.-"Ryuk-Ransomware-Uses-Wake-on-Lan-to-Encrypt-Offline-Devices."-Bleeping-Computer,-14-Jan.-2020.
    Abrams,-Lawrence.-"Sodinokibi-Ransomware-Publishes-Stolen-Data-for-the-First-Time."-Bleeping-Computer,-11-Jan.-2020.
    Canadian-Center-for-Cyber-Security,-"Ransomware-Playbook,"-30-November-2021.-Accessed-21-May-2022.-
    Carnegie-Endowment-for-International-Peace.-"Ransomware:-Prevention-and-Protection."-Accessed-May-2022.-
    Cawthra,-Jennifer,-Michael-Ekstrom,-Lauren-Lusty,-Julian-Sexton,-John-Sweetnam.-Special-Publication-1800-26-Data-Integrity:-Detecting-and-Responding-to-Ransomware-and-Other-Destructive-Events.-NIST,-Jan.-2020.
    Cawthra,-Jennifer,-Michael-Ekstrom,-Lauren-Lusty,-Julian-Sexton,-John-Sweetnam.-Special-Publication-1800-25-Data-Integrity:-Identifying-and-Protecting-Assets-Against-Ransomware-and-Other-Destructive-Events.-NIST,-Jan.-2020.-
    Cichonski,-P.,-T.-Millar,-T.-Grance,-and-K.-Scarfone.-"Computer-Security-Incident-Handling-Guide."-SP-800-61-Rev.-2.-NIST,-Aug.-2012.
    Cimpanu,-Catalin.-"Company-shuts-down-because-of-ransomware,-leaves-300-without-jobs-just-before-holidays."-ZDNet,-3-Jan.-2020.
    Cimpanu,-Catalin.-"Ransomware-attack-hits-major-US-data-center-provider."-ZDNet,-5-Dec.-2019.
    CISA,-"Stop-Ransomware,"-Accessed-12-May-2022.
    "CMMI-Levels-of-Capability-and-Performance."-CMMI-Institute.-Accessed-May-2022.-
    Connolly,-Lena-Yuryna,-"An-empirical-study-of-ransomware-attacks-on-organizations:-an-assessment-of-severity-and-salient-factors-affecting-vulnerability."-Journal-of-Cybersecurity,-2020,.-1-18.
    "Definitions:-Backup-vs.-Disaster-Recovery-vs.-High-Availability."-CVM-IT-&-Cloud-Services,-12-Jan.-2017.
    "Don't-Become-a-Ransomware-Target-–-Secure-Your-RDP-Access-Responsibly."-Coveware,-2019.-
    Elementus,-"Rise-of-the-Ransomware-Cartels-"(2022).-YouTube.-Accessed-May-2022.-
    Global-Security-Attitude-Survey.-CrowdStrike,-2019.
    Graham,-Andrew.-"September-Cyberattack-cost-Woodstock-nearly-$670,00:-report."-
    Global-News,-10-Dec.-2019.
    Harris,-K.-"California-2016-Data-Breach-Report."-California-Department-of-Justice,-Feb.-2016.
    Hiscox-Cyber-Readiness-Report-2019.-Hiscox-UK,-2019.
    Cost-of-A-Data-Breach-(2022).-IBM.-Accessed-June-2022.--
    Ikeda,-Scott.-"LifeLabs-Data-Breach,-the-Largest-Ever-in-Canada,-May-Cost-the-Company-Over-$1-Billion-in-Class-Action-Lawsuit."-CPO-Magazine,-2020.
    Kessem,-Limor-and-Mitch-Mayne.-"Definitive-Guide-to-Ransomware."-IBM,-May-2022.
    Krebs,-Brian.-"Ransomware-Gangs-Now-Outing-Victim-Businesses-That-Don't-Pay-Up."-Krebson-Security,-16-Dec.-2019.
    Jaquith,-Andrew-and-Barnaby-Clarke,-"Security-metrics-to-help-protect-against-ransomware."-Panaseer,-July-29,-2021,-Accessed-3-June-2022.
    "LifeLabs-pays-ransom-after-cyberattack-exposes-information-of-15-million-customers-in-B.C.-and-Ontario."-CBC-News,-17-Dec.-2019.
    Matthews,-Lee.-"Louisiana-Suffers-Another-Major-Ransomware-Attack."-Forbes,-20-Nov.-2019.
    NISTIR-8374,-"Ransomware-Risk-Management:-A-Cybersecurity-Framework-Profile."-NIST-Computer-Security-Resource-Center.-February-2022.-Accessed-May-2022.-
    "Ransomware-attack-hits-school-district-twice-in-4-months."-Associated-Press,-10-Sept.-2019.
    "Ransomware-Costs-Double-in-Q4-as-Ryuk,-Sodinokibi-Proliferate."-Coveware,-2019.
    Ransomware-Payments-Rise-as-Public-Sector-is-Targeted,-New-Variants-Enter-the-Market."-Coveware,-2019.
    Rector,-Kevin.-"Baltimore-to-purchase-$20M-in-cyber-insurance-as-it-pays-off-contractors-who-helped-city-recover-from-ransomware."-The-Baltimore-Sun,-16-Oct.-2019.
    "Report:-Average-time-to-detect-and-contain-a-breach-is-287-days."-VentureBeat,-May-25,-2022.-Accessed-June-2022.-
    "Five-Lessons-Learned-from-over-600-Ransomware-Attacks."-Riskrecon.-Mar-2022.-Accessed-May-2022.-
    Rosenberg,-Matthew,-Nicole-Perlroth,-and-David-E.-Sanger.-"-'Chaos-is-the-Point':-Russian-Hackers-and-Trolls-Grow-Stealthier-in-2020."-The-New-York-Times,-10-Jan.-2020.
    Rouse,-Margaret.-"Data-Archiving."-TechTarget,-2018.
    Siegel,-Rachel.-"Florida-city-will-pay-hackers-$600,000-to-get-its-computer-systems-back."-The-Washington-Post,-20-June-2019.
    Sheridan,-Kelly.-"Global-Dwell-Time-Drops-as-Ransomware-Attacks-Accelerate."-DarkReading,-13-April-2021.-Accessed-May-2022.-
    Smith,-Elliot.-"British-Banks-hit-by-hacking-of-foreign-exchange-firm-Travelex."-CNBC,-9-Jan.-2020.
    "The-State-of-Ransomware-2022."-Sophos.-Feb-2022.-Accessed-May-2022.-
    "The-State-of-Ransomware-in-the-U.S.:-2019-Report-for-Q1-to-Q3."-Emsisoft-Malware-Lab,-1-Oct.2019.
    "The-State-of-Ransomware-in-the-U.S.:-Report-and-Statistics-2019."-Emsisoft-Lab,-12-Dec.-2019.
    "The-State-of-Ransomware-in-2020."-Black-Fog,-Dec.-2020.
    Toulas,-Bill.-"Ten-notorious-ransomware-strains-put-to-the-encryption-speed-test."-Bleeping-Computers,-23-Mar-2022.-Accessed-May-2022.
    Tung,-Liam-"This-is-how-long-hackers-will-hide-in-your-network-before-deploying-ransomware-or-being-spotted."-zdnet.-May-19,-2021.-Accessed-June-2022.-

    Create an Effective SEO Keyword Strategy

    • Buy Link or Shortcode: {j2store}568|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Digital Marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Our Advice

    Critical Insight

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Impact and Result

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Create an Effective SEO Keyword Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Effective SEO Keyword Strategy

    Update your on-page SEO strategy with competitively relevant keywords.

    • Create an Effective SEO Keyword Strategy Storyboard
    [infographic]

    Further reading

    Create an Effective SEO Keyword Strategy
    Update your on-page SEO strategy with competitively relevant keywords.

    Analyst Perspective

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.

    Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.

    SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.

    This is a picture of Terra Higginson

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Digital marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.

    Common Obstacles

    Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:

    • SEO practitioners that focus on gaming the system
    • Ever-changing SEO technology
    • Lack of understanding of the best SEO techniques
    • SEO techniques focus on the needs of computers, not people
    • Lack of continued investment

    SoftwareReviews' Approach

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.

    SoftwareReviews' SEO Methodology

    In this blueprint, we will cover:

    Good SEO vs. Poor SEO Techniques

    The difference between good and bad SEO techniques.

    Common Good
    SEO Techniques

    Common Poor
    SEO Techniques

    • Writing content for people, not machines.
    • Using SEO tools to regularly adjust and update SEO content, keywords, and backlinks.
    • Pillar and content cluster strategy in addition to a basic on- and off-page strategy.
    • Keyword stuffing and content duplication.
    • A strategy that focuses on computers first and people second.
    • Low-quality or purchased backlinks.

    Companies With Great SEO…

    Keyword Strategy

    • Have identified a keyword strategy that carves out targets within the white space available between themselves and the competition.

    Error-Free Site

    • Have error-free sites without duplicate content. Their URLs and redirects are all updated. Their site is responsive, and every page loads in under two seconds.

    Pillar & Content Clusters

    • Employ a pillar and content cluster strategy to help move the buyer through their journey.

    Authentic Off-Page Strategy

    • Build an authentic backlink strategy that incorporates the right information on the right sites to move the buyer through their journey.

    SEO Terms Defined

    A glossary to define common Phase 1 SEO terms.

    Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).

    Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).

    Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).

    On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.

    Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).

    H1: HTML code that tells a search engine the title of the page (neilpatel.com).

    SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.

    Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
    – An excerpt from Google's mission statement

    Your Challenge

    Google makes over 4.5k algorithm changes per year1, directly impacting digital marketing search engine optimization efforts.

    Digital marketers with SEO problems will often see the following issues:

    • Keyword ranking – A decline in keyword ranking is alarming and results in decreased PageRank.
    • Bounce rate – Attracting the wrong audience to your site will increase the bounce rate because the H1 doesn't resonate with your audience.
    • Outdated keywords – Many companies are operating on a poor keyword strategy, or even worse, no keyword strategy. In addition, many marketers haven't updated their strategy to include pillar and cluster content.
    • Errors – Neglected sites often have a large number of errors.
    • Bad backlinks – Neglected sites often have a large number of toxic backlinks.

    The best place to hide a dead body is on page two of the search results.
    – Huffington Post

    Common Obstacles

    Digital marketers are responsible for developing and executing a competitive SEO strategy but increasingly encounter the following obstacles:

    • Inefficient and ineffective SEO practitioners.
    • Changing SEO technology and search engine algorithms.
    • Lack of understanding of the best-in-class SEO techniques.
    • Lack of a sustainable plan to manage the strategy and invest in SEO.

    SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
    – Google Search Central Blog

    Benefits of Proper SEO

    A good SEO keyword strategy will create long-term, sustainable SEO growth:

    • Write content for people, not algorithms – Good SEO prioritizes the needs of humans over the needs of computers, being ever thoughtful of the meaning of content and keywords.
    • Content that aligns with intent – Content and keyword intent will align with the buyer journey to help move prospects through the funnel.
    • Competitive keyword strategy – Find keyword white space for your brand. Keywords will be selected to optimize your ranking among competition with reasonable and sustainable targets.
    • Actionable and impactful fixes – By following the SoftwareReviews phases of SEO, you will be able to take a very large task and divide it into conquerable actions. Small improvements everyday lead to very large improvements over time.

    Digital Marketing SEO Stats

    61%
    61% of marketers believe that SEO is the key to online success.
    Source: Safari Digital

    437%
    Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
    Source: Safari Digital

    Good SEO Aligns With Search Intent

    What type of content is the user searching for? Align your keyword to the logical search objective.

    Informational

    This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.

    Commercial

    This term categorizes search intent for when a user wants to do research before making a purchase.

    Transactional

    This term categorizes search intent for when a user wants to purchase something.

    Navigational

    This term categorizes search intent for when a user wants to find a specific page.

    SoftwareReviews' Methodology toCreate an Effective SEO Strategy

    1. Competitive Analysis & Keyword Discovery 2. On-Page Keyword Optimization
    Phase Steps
    1. Make a list of keywords in your current SEO strategy – including search volume, keyword difficulty percentage, intent.
    2. Research the keywords of top competitors.
    3. Make a list of target keywords you would like to own – including the search volume, keyword difficulty percentage, and intent. Make sure that these keywords align with your buyer persona.
    1. List product and service pages, along with the URL and current ranking(s) for the keyword(s) for that URL.
    2. Create a new individual page strategy for each URL. Record the current keyword, rank, title tag, H1 tag, and meta description. Then, with keyword optimization in mind, develop the new title tag, new H1 tag, and new meta description. Build the target keywords into the pages and tags.
    3. Record the current ranking for the pages' keywords then reassess after three to six months.
    Phase Outcomes
    • Understanding of competitive landscape for SEO
    • A list of target new keywords
    • Keyword optimized product and service pages

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    SoftwareReviews offers various levels of support to best suit your needs

    Included Within an Advisory Membership Optional Add-Ons
    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Insight Summary

    People-First Content

    Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.

    Find White Space

    A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.

    Optimize On-Page Keywords

    By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.

    Understand the Strategy

    If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.

    Quality Trumps Quantity

    The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.

    Stop Here and Ask Yourself:

    • Do I have an updated (completed within the last two years) buyer persona and journey?
    • Do I know who the ICP (ideal client profile) is for my product or company?

    If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.

    The Steps to SEO Phase 1

    The Keyword Strategy

    1. Current Keywords
      • Identify the keywords your SEO strategy is currently targeting.
    2. Competitive Analysis
      • Research the keywords of competitor(s). Identify keyword whitespace.
    3. New Target Keywords
      • Identify and rank keywords that will result in more quality leads and less competition.
    4. Product & Service Pages
      • Identify your current product and service pages. These pages represent the easiest content to update on your site.
    5. Individual Page Update
      • Develop an SEO strategy for each of your product and service pages, include primary target keyword, H1, and title tags, as well as keyword-rich description.

    Resources Needed for Search Engine Optimization

    Consider the working skills required for search engine optimization.

    Required Skills/Knowledge

    • SEO
    • Web development
    • Competitive analysis
    • Content creation
    • Understanding of buyer persona and journey
    • Digital marketing

    Suggested Titles

    • SEO Analyst
    • Competitive Intelligence Analyst
    • Content Marketing Manager
    • Website Developer
    • Digital Marketing Manager

    Digital Marketing Software

    • CMS that allows you to easily access and update your content

    SEO Software

    • SEO tool

    Step 1: Current Keywords

    Use this sheet to record your current keyword research.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify current keywords.

    Step 2: Competitive Analysis

    Use this sheet to guide the research on your competitors' keywords.

    Use your SEO tool to find the following:

    1. Top organic keywords
    2. Ranking of keywords
    3. Domain authority and trust
    4. Position changes

    This is a screenshot of the SEO tool SEMRush, which can be used to perform an competitive analysis

    Step 3: New Target Keywords

    Use this sheet to record target keywords that have a good volume but are less competitive. The new target keywords should align with your buyer persona and their journey.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify new target keywords.

    Step 4: Product & Service Pages

    Duplicate this page so that you have a separate page for each URL from Step 4

    Use this sheet to identify your current product and service pages.

    Use your SEO tool to find the following:

    1. Current rank
    2. Current keywords

    This is a screenshot of the SEO tool SEMRush, showing where you can display product and service pages.

    Step 5: Individual Page Strategy

    Develop a keyword strategy for each of your product and service pages. Use a fresh page for each URL.

    Date last optimized:
    mm/dd/yyyy

    This is a screenshot of the SEO tool SEMRush, with an example of how you can use an individual page strategy to develop a keyword strategy.

    Bibliography

    Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.

    "Our approach – How Google Search works." Google Search. Accessed September 2022.

    "The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.

    Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Develop a Cloud Testing Strategy for Today's Apps

    • Buy Link or Shortcode: {j2store}470|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • The growth of the Cloud and the evolution of business operations have shown that traditional testing strategies do not work well with modern applications.
    • Organizations require a new framework around testing cloud applications that account for on-demand scalability and self-provisioning.
    • Expectations of application consumers are continually increasing with speed-to-market and quality being the norm.

    Our Advice

    Critical Insight

    • Cloud technology does not change the traditional testing processes that many organizations have accepted and adopted. It does, however, enhance traditional practices with increased replication capacity, execution speed, and compatibility through its virtual infrastructure and automated processes. Consider these factors when developing the cloud testing strategy.
    • Involving the business in strategy development will keep them engaged and align business drivers with technical initiatives.
    • Implement cloud testing solutions in a well-defined rollout process to ensure business objectives are realized and cloud testing initiatives are optimized.
    • Cloud testing is green and dynamic. Realize the limitations of cloud testing and play on its strengths.

    Impact and Result

    • Engaging in a formal and standardized cloud testing strategy and consistently meeting business needs throughout the organization maintains business buy-in.
    • The Cloud compounds the benefits from virtualization and automation because of the Cloud’s scalability, speed, and off-premise and virtual infrastructure and data storage attributes.
    • Cloud testing presents a new testing avenue. Realize that only certain tests are optimized in the Cloud, i.e., load, stress, and functional testing.

    Develop a Cloud Testing Strategy for Today's Apps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a cloud testing strategy.

    Obtain organizational buy-ins and build a standardized and formal cloud testing strategy.

    • Storyboard: Develop a Cloud Testing Strategy for Today's Apps
    • None

    2. Assess the organization's readiness for cloud testing.

    Assess your people, process, and technology for cloud testing readiness and realize areas for improvement.

    • Cloud Testing Readiness Assessment Tool

    3. Plan and manage the resources allocated to each project task.

    Organize and monitor cloud project planning tasks throughout the project's duration.

    • Cloud Testing Project Planning and Monitoring Tool
    [infographic]

    Review and Improve Your IT Policy Library

    • Buy Link or Shortcode: {j2store}193|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $34,724 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Your policies are out of date, disorganized, and complicated. They don’t reflect current regulations and don’t actually mitigate your organization’s current IT risks.
    • Your policies are difficult to understand, aren’t easy to find, or aren’t well monitored and enforced for compliance. As a result, your employees don’t care about your policies.
    • Policy issues are taking up too much of your time and distracting you from the real issues you need to address.

    Our Advice

    Critical Insight

    A dynamic and streamlined policy approach will:

    1. Right-size policies to address the most critical IT risks.
    2. Clearly lay out a step-by-step process to complete daily tasks in compliance.
    3. Obtain policy adherence without having to be “the police.”

    To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.

    Impact and Result

    • Develop more effective IT policies. Clearly express your policy goals and objectives, standardize the approach to employee problem solving, and write policies your employees will actually read.
    • Improve risk coverage. Ensure full coverage on the risk landscape, including legal regulations, and establish a method for reporting, documenting, and communicating risks.
    • Improve employee compliance. Empathize with your employees and use policy to educate, train, and enable them instead of restricting them.

    Review and Improve Your IT Policy Library Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to write better policies that mitigate the risks you care about and get the business to follow them, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess

    Assess your risk landscape and design a plan to update your policy network based on your most critical risks.

    • Review and Improve Your IT Policy Library – Phase 1: Assess
    • Policy Management RACI Chart Template
    • Policy Management Tool
    • Policy Action Plan

    2. Draft and implement

    Use input from key stakeholders to write clear, consistent, and concise policies that people will actually read and understand. Then publish them and start generating policy awareness.

    • Review and Improve Your IT Policy Library – Phase 2: Draft and Implement
    • Policy Template
    • Policy Communication Plan Template

    3. Monitor, enforce, revise

    Use your policies to create a compliance culture in your organization, set KPIs, and track policy effectiveness.

    • Review and Improve Your IT Policy Library – Phase 3: Monitor, Enforce, Revise
    [infographic]

    Workshop: Review and Improve Your IT Policy Library

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish & Assess

    The Purpose

    Identify the pain points associated with IT policies.

    Establish the policy development process.

    Begin formulating a plan to re-design the policy network.

    Key Benefits Achieved

    Establish the policy process.

    Highlight key issues and pain points regarding policy.

    Assign roles and responsibilities.

    Activities

    1.1 Introduce workshop.

    1.2 Identify the current pain points with policy management.

    1.3 Establish high-level goals around policy management.

    1.4 Select metrics to measure achievement of goals.

    1.5 Create an IT policy working group (ITPWG).

    1.6 Define the scope and purpose of the ITPWG.

    Outputs

    List of issues and pain points for policy management

    Set of six to ten goals for policy management

    Baseline and target measured value

    Amended steering committee or ITPWG charter

    Completed RACI chart

    Documented policy development process

    2 Assess Your Risk Landscape & Map Policies to Risks; Create a Policy Action Plan

    The Purpose

    Identify key risks.

    Develop an understanding of which risks are most critical.

    Design a policy network that best mitigates those risks.

    Key Benefits Achieved

    Use a risk-driven approach to decide which policies need to be written or updated first.

    Activities

    2.1 Identify risks at a high level.

    2.2 Assess each identified risk scenario on impact and likelihood.

    2.3 Map current and required policies to risks.

    2.4 Assess policy effectiveness.

    2.5 Create a policy action plan.

    2.6 Select policies to be developed during workshop.

    Outputs

    Ranked list of IT’s risk scenarios

    Prioritized list of IT risks (simplified risk register)

    Policy action plan

    3 Develop Policies

    The Purpose

    Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.

    Key Benefits Achieved

    Write policies that work and get them approved.

    Activities

    3.1 Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.

    3.2 Draft two to four policies

    Outputs

    Drafted policies

    4 Create a Policy Communication and Implementation Plan and Monitor & Reassess the Portfolio

    The Purpose

    Build an understanding of how well the organization’s value creation activities are being supported.

    Key Benefits Achieved

    Identify an area or capability that requires improvement.

    Activities

    4.1 Review draft policies and update if necessary.

    4.2 Create a policy communication plan.

    4.3 Select KPIs.

    4.4 Review root-cause analysis techniques.

    Outputs

    Final draft policies

    Policy communications plan

    KPI tracking log

    Collaborate Effectively in Microsoft Teams

    • Buy Link or Shortcode: {j2store}63|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Your organization has adopted Microsoft Teams, but users are not maximizing their use of it.

    • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end users to use Teams creatively.
    • IT must follow best practices for evaluation of new functionality when integrating Microsoft and third-party apps and also communicate changes to end users.
    • Due in part to the frequent addition of new features and lack of communication and training, many organizations don’t know which apps would benefit their users.

    Our Advice

    Critical Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Impact and Result

    Use Info-Tech’s Collaborate Effectively in Microsoft Teams to help collaboration flourish:

    • Collate key organizational collaboration use cases.
    • Prioritize the most important Teams apps and features to support use cases.
    • Implement request process for new Teams apps.
    • Communicate new Teams collaboration functionality.

    Collaborate Effectively in Microsoft Teams Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Collaborate Effectively in Microsoft Teams Deck – Maximize the use of your chosen collaboration software solution.

    Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

    • Collaborate Effectively in Microsoft Teams Storyboard

    2. Microsoft Teams End-User Satisfaction Survey – Capture end-user feedback on their collaborative use of Microsoft Teams.

    The survey responses will inform your organization's collaboration use cases for Teams and help you to identify which features and apps to enable.

    • Microsoft Teams End-User Satisfaction Survey

    3. Microsoft Teams Planning Tool – A tool to help prioritize features to implement.

    Use this Excel tool to help you document the organization’s key collaboration use cases and prioritize which Teams apps to implement and encourage adoption on.

    • Microsoft Teams Planning Tool
    [infographic]

    Further reading

    Collaborate Effectively in Microsoft Teams

    Empower your users to explore Teams collaboration beyond the basics.

    Analyst Perspective

    Life after Teams implementation

    You have adopted Teams, implemented it, and painted an early picture for your users on the basics. However, your organization is not yet maximizing its use of Teams' collaboration capabilities. Although web conferencing, channel-based collaboration, and chat are the most obvious ways Teams supports collaboration, users must explore Teams' functionality further to harness the application's full potential.

    You should enable your users to expand their collaboration use cases in Teams, but not at the risk of being flooded with app requests, nor user confusion or dissatisfaction. Instead, develop a process to evaluate and integrate new apps that will benefit the organization. Encourage your users to request new apps that will benefit them, while proactively planning for app integration that users should be alerted to.

    Photo of Emily Sugerman, Research Analyst, Infrastructure and Operations, Info-Tech Research Group. Emily Sugerman
    Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization has adopted Microsoft Teams, but users are not getting the maximum benefit.

    • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while enabling end-user creativity.
    • IT must follow best practices for evaluating new functionality when integrating Microsoft and third-party apps, while communicating changes to end users.
    • Due partly to the frequent addition of new features and lack of communication and training, many organizations don't know which apps would benefit their users.

    Common Obstacles

    • Users are unenthusiastic about exploring Teams further due to negative past experiences, preference for other applications, or indifference.
    • End users are unaware of the available range of features. When they become aware and try to add unapproved or unlicensed apps, they experience the frustration of being declined.
    • Users seek support from IT who are unfamiliar with new Teams features an apps, or with supporting Teams beyond the basics.
    • IT teams have no process to raise end-user awareness of these apps and functionality.

    Info-Tech's Approach

    Use Info-Tech's Collaborate Effectively in Microsoft Teams to help collaboration flourish:

    • Collate key organizational collaboration use cases
    • Prioritize the most important Teams apps and features to support use cases
    • Implement request process for new Teams apps
    • Communicate new Teams collaboration functionality

    Info-Tech Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Are your users in a Teams rut?

    Are users failing to maximize their use of Teams to collaborate and get work done?

    Teams can do much more than chat, video conferencing, and document sharing. A fully-deployed Teams also lets users leverage apps and advanced collaboration features.

    However, IT must create a process for evaluating and approving Microsoft and third-party apps, and for communicating changes to end users.

    In the end, IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end-user creativity.

    Third-party app use in Teams is rising:

    “Within Teams, the third-party apps with 10,000 users and above rose nearly 40% year-over-year.”
    Source: UC Today, 2023.

    Collaborate effectively in Microsoft Teams

    Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

    Challenges with Teams collaboration

    • Lack of motivation to explore available features
    • Scattered information
    • Lack of comfort using Teams beyond the basics
    • Blocked apps
    • Overlapping features
    • Confusing permissions

    Empowering Collaboration in Microsoft Teams

    1. Identify current collaboration challenges and use cases in Teams
    2. Create Teams app request workflows
    3. Set up communication hubs in Teams
    4. Empower end users to customize their Teams for effective collaboration

    Solution

    • Collate key organizational collaboration use cases
    • Prioritize the most important Teams apps and features to support use cases
    • Implement request process for new Teams apps
    • Communicate new Teams collaboration functionality

    Project deliverables

    Use these tools to develop your plan to enable effective collaboration in Microsoft Teams.

    Key deliverable:

    Microsoft Teams Planning Tool

    An Excel tool for documenting the organization's key collaboration use cases and prioritizing which Teams apps to implement and encourage adoption of.

    Sample of the Microsoft Teams Planning Tool deliverable.

    Additional support:

    Microsoft Teams End-User Satisfaction Survey

    Use or adapt this survey to capture user perception of how effectively Teams supports collaboration needs.

    Sample of the End-user satisfaction survey deliverable.

    Insight Summary

    Key Insight:

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Additional insights:

    Insight 1

    Users can browse the Teams app store and attempt to add unapproved apps, but they may not be able to distinguish between available and blocked apps. To avoid a bad user experience, communicate which apps they can add without additional approval and which they will need to send through an approval process.

    Insight 2

    Teams lets you customize the message users see when they request unapproved apps and/or redirect their request to your own URL. Review this step in the request process to ensure users are seeing the instructions that they need to see.

    Insight 3

    A Teams hub is where users can access a service catalog of approved Teams apps and submit service requests for new ones via the Make a Request button.

    Section 1: Collaborating Effectively in Teams for IT

    Section 1

    Collaborating Effectively in Teams for IT

    Section 2

    Collaborating Effectively in Teams for End Users

    Stop: Do you need the Teams Cookbook?

    If you:

    • are at the Teams implementation stage,
    • require IT best practices for initial governance of Teams creation, or
    • require end-user best practices for basic Teams functionality …

    Consult the Microsoft Teams Cookbook first.

    Understand the Microsoft vision of Teams collaboration

    Does it work for you?

    Microsoft's vision for Teams collaboration is to enable end-user freedom. For example, out of the box, users can create their own teams and channels unless IT restricts this ability.

    Teams is meant to be more than just chats and meetings. Microsoft is pushing Teams app integration so that Teams becomes, essentially, a landing page from which users can centralize their work and org updates.

    In partnership with the business, IT must determine which guardrails are necessary to balance end-user collaboration and creativity with the need for governance and control.

    Why is it difficult to increase the caliber of collaboration in Teams?

    Because collaboration is inherently messy, complex, and creative

    Schubert & Glitsch find that enterprise collaboration systems (such as Teams) have characteristics that reflect the unstructured and creative nature of collaboration. These systems “are designed to support joint work among people in the workplace. . . [They] contain, for the most part, unstructured content such as documents, blogs, or news posts,” and their implementations “are often reported to follow a ‘bottom up' and rather experimental introduction approach.” The open-endedness of the tool requires users to be able to creatively and voluntarily apply it, which in turn requires more enterprise effort to help increase adoption over time through trial and error.

    Source: Procedia Computer Science, 2015

    Info-Tech Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Activity 1: Identify current challenges

    Input: Team input, Survey results
    Output: List of Teams challenges experienced by the organization
    Materials: Whiteboard (digital or physical)
    Participants: Teams collaboration working group

    First, identify what works and what doesn't for your users in Teams

    • Have users reported any challenges with Teams as their primary means of channel-based collaboration? Run a short survey to capture end-user sentiment on how Teams works for them. This survey can be set up and distributed through Microsoft Forms. Distribute either to the whole organization or a specific focus group. Gather feedback from users on the following: What are the major ways they need to collaborate to do their jobs? What IT-supported tools do they need to support this collaboration? What specific aspects of Teams do they want to better exploit?
    • If you send out transactional surveys on service desk tickets, run a report on Teams-related tickets to identify common complaints.
    • Brainstorm Teams challenges IT has experienced personally or have seen reported – especially difficulties with collaboration.
    • Once you have the data, group the challenges into themes. Are the challenges specifically related to collaboration? Data issues? Support issues? Access issues? Technical issues? Document them in tab 2 of the Microsoft Teams Planning Tool.

    Download the Microsoft Teams End-User Satisfaction Survey template

    Define your organization's key collaboration scenarios

    Next, identify what users need to do in Teams

    The term collaboration scenarios has been proposed to describe the types of collaboration behavior your software – in this case, Teams – must support (Schubert & Glitsch, 2015). A successful implementation of this kind of tool requires that you “identif[y] use cases and collaboration scenarios that best suit a specific company and the people working in it” (Schubert & Glitsch, 2016).

    Teams tends to support the following kinds of collaboration and productivity goals (see list).

    What types of collaboration scenarios arise in the user feedback in the previous activity? What do users most need to do?

    Be proactive: Configure Microsoft Teams to match collaboration scenarios/use cases your users must engage in. This will help prevent an increase in shadow IT, where users attempt to bring in unapproved/unreviewed software that might duplicate your existing service catalog and/or circumvent the proper review and procurement process.

    MS Teams Use Cases

    1. Gather feedback
    2. Collaboratively create content
    3. Improve project & task management
    4. Add media content
    5. Conduct knowledge management
    6. Increase meeting effectiveness
    7. Increase employee engagement
    8. Enhance professional development
    9. Provide or access support
    10. Add third-party apps

    Activity 2: Match your collaboration scenarios to Teams capabilities

    Input: Collaboration scenarios, Teams use cases
    Output: Ranked list of Teams features to implement and/or promote
    Materials: Microsoft Teams Planning Tool
    Participants: Teams collaboration working group

    Which features support the key collaboration use cases?

    1. Using the Microsoft Teams Planning Tool, list your organization's key collaboration scenarios. Draw on the data returned in the previous activity. List them in Tab 2.
    2. See the following slide for the types of collaboration use cases Teams is designed to support. In the planning tool, select use cases that best match your organizational collaboration scenarios.
    3. Dive into more specific features on Tab 3, which are categorized by collaboration use case. Where do users' collaboration needs align with Teams' inherent capabilities? Add lines in Tab C for the third-party apps that you are considering adding to Teams.
    4. In columns B and C of Tab 3, decide and prioritize the candidates for implementation. Review the list of prioritized features on tab 4.

    NB: Microsoft has introduced a Teams Premium offering, with additional capabilities for meetings and webinars (including customized banding, meeting watermarks, and virtual webinar green rooms) and will paywall some features previously available without Premium (live caption translations, meeting data on attendee departure/arrival times) (“What is Microsoft Teams Premium?”, n.d.)

    Download the Microsoft Teams Planning Tool

    MS Teams productivity & collab features

    Teams apps & collaboration features enable the following types of work. When designing collaboration use cases, identify which types of collaboration are necessary, then explore each category in depth.

    1. Gather feedback

      Solicit feedback and comments, and provide updates
    2. Collaboratively create content

      Compose as a group, with live-synced changes
    3. Improve project & task management

      Keep track of projects and tasks
    4. Add media content

      Enrich Teams conversations with media, and keep a library of video resources
    5. Knowledge management

      Pull together document libraries and make information easier to find
    6. Increase meeting effectiveness

      Facilitate interactions and document meeting outcomes
    7. Increase employee engagement

      Use features that enhance social interaction among Teams users
    8. Enhance professional development

      Find resources to help achieve professional goals
    9. Provide or access support

      IT and user-facing resources for accessing and/or providing support
    10. Add third-party apps

      Understand the availability/restrictions of the built-in Teams app catalog

    The Teams app store

    • The lure of the app store: Your users will encounter a mix of supported and unsupported applications, some of which they can access, some for which you have no licenses, some built by your organization, some built by Microsoft or third parties. However, the distinction between these categories may not be immediately apparent to users. Microsoft does not remove blocked apps from users' view.
    • Users may attempt to add unsupported apps and then receive error messages or prompts to send a request through Teams to IT for approval.
    • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that can provide value.
    • However, their third-party status introduces another set of complications.
    • Attempting to add third-party apps may expose users to sales pitches and encourage the implementation of shadow IT, circumventing the IT request process.

    Info-Tech Insight

    Users can browse and attempt to add unapproved apps in the Teams app store, but they may have difficulty distinguishing between available and blocked apps. To avoid a bad user experience, communicate to your users which apps they can add without additional approval, and which must be sent through an approval process.

    Decide how you will evaluate requests for new Teams apps

    • As you encourage users to explore and fully utilize Teams, you may see increased requests for admin approval for apps you do not currently support.
    • To prevent disorganized response and user dissatisfaction, build out a workflow for handling new/unapproved Teams app requests. Ensure the workflow accounts for Microsoft and third-party apps.
    • What must you consider when integrating third-party tools? You must have control over what users may add. These requests should follow, or build upon, your existing process for non-standard requests, including a process for communicating the change.
    • Track the fulfillment time for Teams app requests. The longer the user must wait for a response, the more their satisfaction will decline.

    icrosoft suggests that you regularly review the app usage report in the Teams admin center as “a signal about the demand for an app within your organization.” This will help you proactively determine which apps to evaluate for approval.

    Build request workflow for unsupported Teams apps

    What are the key steps?

    1. Request comes in
    2. Review by a technical review team
    3. Review by service desk or business analyst
    4. Additional operational technical reviews if necessary
    5. Procurement and installation
    6. Communication of result to requester
    7. App added to the catalog so it can be used by others

    Example workflow of a 'Non-Standard Software Request Process'.

    Info-Tech Insight

    Teams allows you to customize the message users see when they request an unapproved app and/or redirect their request to your own URL. Review this step in the request process to ensure your users are seeing the instructions that they need to see.

    Download the Service Request Workflow library

    Incorporate new approved service requests into a service request catalog

    Follow the process in Reduce Shadow IT With a Service Request Catalog to build out a robust request management process and service catalog to continuously incorporate new non-standard requests and advertise new Teams apps:

    • Design the service
    • Design the catalog
    • Build the catalog
    • Market the service

    Sample of the 'Reduce Shadow IT With a Service Request Catalog' blueprint.

    Add a company hub to Teams

    Use Teams to help users access the company intranet for organizational information that is relevant to their roles.

    This can be done in two ways:

    1. By adding a SharePoint home site to Teams.
    2. By leveraging Viva Connections: A hub to access other apps and Viva services. The user sees a personalized dashboard, feed, and resources.

    Venn diagram with two circles 'Viva Connections - App-based employee experience where individuals get their work done' and 'Home Sites - Portal that features organizational news, events, and supplemental resources'. The overlapping middle has a list: 'News, Shared navigation, Integrates with M365, Developer platforms & management, Audience targeting, Web parts, Permissions'. (Venn diagram recreated from Microsoft Learn, 2023.)

    Info-Tech Insight

    The hub is where users can access a service catalog of approved Teams apps and submit service requests for a new one via a Make a Request button.

    Communicate changes to Teams

    Let end users know what's available and how to add new productivity tools.

    Where will users find approved Teams apps? How will you inform people about what's available? Once a new app is available, how is this communicated?

    Options:

    • Communicate new Teams features in high-visibility places (e.g. the Hub).
    • Leverage the Power Apps Bulletins app in Teams to communicate regular announcements about new features.
    • Create a company-wide Team with a channel called “What's New in Teams.” Post updates on new features and integrations, and link to more detailed knowledgebase articles on how to use the new features.
    • Aim for the sweet spot of communication frequency: not too much nor too little.

    Measure your success

    Determine how you will evaluate the success of your efforts to improve the Teams collaboration experience

    Improved satisfaction with Teams: Increased net promoter score (NPS)

    Utilization of features: Increased daily average users on key features, apps, integrations

    Timeliness: % of SLAs met for service request fulfillment

    Improved communication to end users about Teams' functionality: Satisfaction with knowledgebase articles on Teams

    Satisfaction with communication from IT

    Section 2: Collaborating Effectively in Teams for End Users

    Section 1

    Collaborating Effectively in Teams for IT

    Section 2

    Collaborating Effectively in Teams for End Users

    For IT: Use this section to help users understand Teams collaboration features

    Share the collateral in this section with your users to support their deeper exploration of Teams collaboration.

    • Use the Microsoft Teams Planning Tool to prepare a simple service catalog of the features and apps available to your users.
    • Edit Tab 2 (MS Teams Collab Features & Apps) by deleting the blocked apps/features.
    • Share this document with your users by linking to it via this image on the following slides:
    Sample of the Microsoft Teams Planning Tool deliverable.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    End-user customization of Teams

    Consider how you want to set up your Teams view. Add the apps you already use to have them at your fingertips in Teams.

    You can . . .

    1. Customize your navigation bar by pinning your preferred apps and working with them within Teams (Microsoft calls these personal apps).
    2. Customize your message bar by adding the app extensions you find most useful. Screenshot of the message bar with the 3-dot highlighted.
    3. Customize chats and Teams by adding tabs with content your group needs frequent access to. Screenshot of MS Teams tabs with the plus sign highlighted.
    4. Set up connectors to send notifications from apps to a Team and bots to answer questions and automate simple tasks. Screenshot of the 'Set up a connector' button.

    Learn more from Microsoft here

    MS Teams productivity & collab features

    The Apps catalog includes a range of apps that users may add to channels, chat, or the navigation bar. Teams also possesses other collaboration features that may be underused in your organization.

    1. Gather feedback

      Solicit feedback and comments, and provide updates
    2. Collaboratively create content

      Compose as a group, with live-synced changes
    3. Improve project & task management

      Keep track of projects and tasks
    4. Add media content

      Enrich Teams conversations with media, and keep a library of video resources
    5. Knowledge management

      Pull together document libraries and make information easier to find
    6. Increase meeting effectiveness

      Facilitate interactions and document meeting outcomes
    7. Increase employee engagement

      Use features that enhance social interaction among Teams users
    8. Enhance professional development

      Find resources to help achieve professional goals
    9. Provide or access support

      IT and user-facing resources for accessing and/or providing support
    10. Add third-party apps

      Understand the availability/restrictions of the built-in Teams app catalog

    Samples of four features: 'Prioritize with a voting table', 'Launch a live meeting poll', 'Launch a survey', and 'Request an update'.

    Download the Microsoft Teams Collaboration Tool for an expanded list of features & apps

    Use integrated Teams features to gather feedback and provide updates

    • Vote: Create a list of items for teams to brainstorm pros and cons, and then tabulate votes on. This component can be edited inline by anyone with whom the component is shared. The edits will sync anywhere the component is shared.
    • Meeting polls: Capture instant feedback from teams, chat, and call participants. Participant anonymity can be set by the poll organizer. Results can be exported.
    • Create surveys and quizzes and share the results. Results can be exported.
    • Create, track, and review updates and progress reports from teams and individuals.

    Collaboratively create content

    Samples of four features: 'Add Office suite docs', 'Brainstorm in Whiteboard', 'Add Loop components', and 'Take notes in OneNote'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Use integrated Teams features composed as a group, with live-synced changes

    • Microsoft Office documents: Add/upload files to a chat or channel discussion. Find them again in the Files tab or add the file itself as a tab to a chat or channel and edit it within Teams.
    • Brainstorm with the Whiteboard application. Add a whiteboard to a tab or to a meeting.
    • Add Loop components to a chat: Create a list, checklist, paragraph, or table that can be edited in real time by anyone in the chat.
    • Add OneNote to a chat or channel tab or use during a meeting to take notes. Pin OneNote to your app bar if it's one of your most frequently-used apps.

    Improve project & task management

    Samples of four features: 'Request approvals and updates', 'Add & track tasks', 'Create a personal notespace', and 'Manage workflows'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Keep track of projects and tasks

    • Use the Approvals and Update apps to create, track, and respond to requests for approvals and progress reports within Teams.
    • Use Tasks by Planner & To Do to track both individual and team tasks. Pin the Tasks app to the app bar, add a plan as a tab to a Team, and turn any Teams message into a task by right-clicking on it.
    • Start a chat with yourself to maintain a private space to jot down quick notes.
    • Add Lists to a Teams channel.
    • Explore automation: Add pre-built Teams workflows from the Workflows app, or build new ones in PowerAutomate
    • IT teams may leverage Teams apps like Azure Boards, Pipelines, Repos, AD notifications, and GitHub.

    Add media content

    Samples of four features: 'Share news stories', 'Share YouTube videos', 'Share Stream content', and 'Add RSS feeds'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Enrich Teams conversations with media, and keep a library of video resources

    • Search for and add specific news stories to a chat or channel. See recent news stories in search.
    • Search, share, and watch YouTube videos.
    • Share video links from Microsoft Stream.
    • Add RSS feeds.

    Knowledge management

    Samples of four features: 'SharePoint Pages', 'SharePoint document library', 'SharePoint News', and 'Who'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Pull together document libraries and make information easier to find

    • Add a page from an existing SharePoint site to a Team as a tab.
    • Add a SharePoint document library to a Team as a tab.
    • Search names of members of your organization to learn about their role, place in the organizational structure, and contact information.

    Increase meeting effectiveness

    Samples of four features: 'Take meeting notes', 'Set up a Q&A', 'Use live captions', and 'Record and transcribe meetings'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Facilitate interactions and document meeting outcomes

    • Take simple notes during a meeting.
    • Start conversations and ask and answer questions in a dedicated Q&A space during the Teams meeting.
    • Turn on live captions during the meeting.
    • Record a meeting and automatically generate a transcript of the meeting.
    • Assign attendees to breakout rooms.
    • Track the effectiveness of the meeting by producing an attendance report with the number of attendees, the meeting start/end time, a list of the attendees, and participation in activities.

    Increase employee engagement

    Samples of four features: 'Send praise', 'Build an avatar', 'Add video effects', and 'Play games during meetings'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Use features that enhance social interaction among Teams users

    • Send supportive comments to colleagues using Praise.
    • Build out digital avatars to toggle on during meetings instead of your own video.
    • Apply different visual effects, filters, and backgrounds to your screen during meetings.
    • Games for Work: Launch icebreaker games during a meeting.
    • Translate a Teams message from another language to your default language.
    • Send emojis, GIFs, and stickers in messages or as reactions to others' messages. You can also send reactions live during meetings to increase meeting engagement.

    Enhance professional development

    Samples of four features: 'Launch Viva Learning', 'Turn on Speaker Coach', 'Viva Insights', and 'Viva Goals'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Connect with learning resources and apply data-driven feedback based on Teams usage

    • Add learning materials from various course catalogs in Viva Learning.
    • Speaker Coach: Receive AI feedback on your performance as a speaker during a meeting.
    • Receive automatically generated insights and suggestions from Viva Insights on work habits and time allocation to different work activities.
    • Viva Goals: Track organizational "objectives and key results"/manage organizational goals

    Provide or access support

    Samples of four features: 'Access MS Support', 'Manage Teams & M365', 'Deploy power virtual agents', and 'Consult MS resource center'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    IT and user-facing resources for accessing or providing support

    • Admin: Carry out simple Teams management tasks (for IT).
    • Power Virtual Agents: Build out chatbots to answer user questions (can be built by IT and end users for their customers).
    • Resource Center: A combination of pre-built Microsoft resources (tips, templates) with resources provided by organizational IT.
    • Support: Access Microsoft self-serve knowledgebase articles (for IT).

    Add third-party apps

    Understand the availability/restrictions of the built-in Teams app catalog

    • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that may provide value.
    • However, being able to view an app in the app store does not necessarily mean it's supported or licensed by your organization.
    • Teams will allow users to request access to apps, which will then be evaluated by your IT support team. Follow your service desk's recommended request process for requesting and justifying the addition of a new Teams app that is not currently supported.
    • Before making the request, investigate existing Teams features to determine if the functionality is already available.

    Research contributors

    Mike Cavanagh
    Global Service Desk Manager
    Clearwater Seafoods LP

    Info-Tech contributors:

    Benedict Chang, Senior Advisory Analyst

    John Donovan, Principal Research Director

    Allison Kinnaird, Practice Lead

    P.J. Ryan, Research Director

    Natalie Sansone, Research Director

    Christine West, Managing Partner

    Related Info-Tech Research

    Sample of the 'Reduce Shadow IT with a Service Request Catalog' blueprint.

    Reduce Shadow IT With a Service Request Catalog

    Foster business relationships through sourcing-as-a-service. There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

    Sample of the 'Microsoft Teams Cookbook' blueprint.

    Microsoft Teams Cookbook

    Recipes for best practices and use cases for Teams. Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with M365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    Sample of the 'Govern Office 365 (M365)' blueprint.

    Govern Office 365

    You bought it. Use it right. Map your organizational goals to the administration features available in the Office 365/M365 console. Your governance should reflect your requirements.

    Bibliography

    Mehta, Tejas. “The Home Site App for Microsoft Teams.” Microsoft Community Hub. https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/the-home-site-app-for-microsoft-teams/ba-p/1714255.

    Overview: Viva Connections. 7 Mar. 2023, https://learn.microsoft.com/en-us/viva/connections/viva-connections-overview.

    Rogers, Laura. “SharePoint Home Site in Teams.” Wonderlaura, 24 Jun 2021. https://wonderlaura.com/2021/06/24/sharepoint-home...

    Schubert, Petra, and Johannes H. Glitsch. “Adding Structure to Enterprise Collaboration Systems: Identification of Use Cases and Collaboration Scenarios.” Procedia Computer Science, vol. 64, Jan. 2015, pp. 161–69. ScienceDirect, https://doi.org/10.1016/j.procs.2015.08.477.

    Schubert, Petra, and Johannes Glitsch. “Use Cases and Collaboration Scenarios: How Employees Use Socially-Enabled Enterprise Collaboration Systems (ECS).” International Journal of Information Systems and Project Management, vol. 4, no. 2, Jan. 2016, pp. 41–62.

    Thompson, Mark. “User Requests for Blocked Apps in the Teams Store.” Supersimple365, 5 Apr 2022, https://supersimple365.com/user-requests-for-apps-...

    “What is Microsoft Teams Premium?” Breakwater IT, n.d., https://breakwaterit.co.uk/guides/microsoft-teams-...

    Wills, Jonny. “Microsoft Teams Monthly Users Hits 280 Million.” UC Today, 25 Jan. 2023, https://www.uctoday.com/unified-communications/microsoft-teams-monthly-users-hits-280-million/.

    Prepare for Negotiations More Effectively

    • Buy Link or Shortcode: {j2store}224|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $6,000 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT budgets are increasing, but many CIOs feel their budgets are inadequate to accomplish what is being asked of them.
    • Eighty percent of organizations don’t have a mature, repeatable, scalable negotiation process.
    • Training dollars on negotiations are often wasted or ineffective.

    Our Advice

    Critical Insight

    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.

    Impact and Result

    A good negotiation process can help:

    • Maximize budget dollars.
    • Improve vendor performance.
    • Enhance relationships internally and externally.

    Prepare for Negotiations More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Before

    Throughout this phase, the 12 steps for negotiation preparation are identified and reviewed.

    • Prepare for Negotiations More Effectively – Phase 1: Before
    • Before Negotiating Tool
    [infographic]

    Workshop: Prepare for Negotiations More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation preparation.

    Understand how to use the Info-Tech Before Negotiating Tool.

    Key Benefits Achieved

    A scalable framework for negotiation preparation will be created.

    The Before Negotiating Tool will be configured for the customer’s environment.

    Activities

    1.1 Establish specific negotiation goals and ranges.

    1.2 Identify and assess alternatives to a negotiated agreement.

    1.3 Identify and evaluate assumptions made by the parties.

    1.4 Conduct research.

    1.5 Identify and evaluate relationship issues.

    1.6 Identify and leverage the team structure.

    1.7 Identify and address leverage issues.

    1.8 Evaluate timeline considerations.

    1.9 Create a strategy.

    1.10 Draft a negotiation agenda.

    1.11 Draft and answer questions.

    1.12 Rehearse (informal and formal).

    Outputs

    Sample negotiation goals and ranges will be generated via a case study to demonstrate the concepts and how to use the Before Negotiating Tool (this will apply to each Planned Activity)

    Sample alternatives will be generated

    Sample assumptions will be generated

    Sample research will be generated

    Sample relationship issues will be generated

    Sample teams will be generated

    Sample leverage items will be generated

    Sample timeline issues will be generated

    A sample strategy will be generated

    A sample negotiation agenda will be generated

    Sample questions and answers will be generated

    Sample rehearsals will be conducted

    Acquire the Right Hires with Effective Interviewing

    • Buy Link or Shortcode: {j2store}576|cart{/j2store}
    • member rating overall impact (scale of 10): 8.5/10 Overall Impact
    • member rating average dollars saved: $15,749 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • Scope: Acquiring the best talent relies heavily on an effective interviewing process, which involves the strategic preparation of stakeholders, including interviewers. Asking the most effective questions will draw out the most appropriate information to best assess the candidate. Evaluating the interview process and recording best practices will inspire continuous interviewing improvement within the organization.
    • Challenge: The majority of organizations do not have a solid interviewing process in place, and most interviewers are not practiced at interviewing. This results in many poor hiring decisions, costing the organization in many ways. Upsizing is on the horizon, the competition for good talent is escalating, and distinguishing between a good interviewee and a good candidate fit for a position is becoming more difficult.
    • Pain/Risk: Although properly preparing for and conducting an interview requires additional time on the part of HR, the hiring manager, and all interviewers involved, the long-term benefits of an effective interview process positively affect the organization’s bottom line and company morale.

    Our Advice

    Critical Insight

    • Most interviewers are not as good as they think they are, resulting in many poor hiring decisions. A poor hire can cost an organization up to 15 times the position’s annual salary, as well as hurt employee morale.
    • The Human Resources department needs to take responsibility for an effective interview process, but the business needs to take responsibility for developing its new hire needs, and assessing the candidates using the best questions and the most effective interview types and techniques.
    • All individuals with a stake in the interview process need to invest sufficient time to help define the ideal candidate, understand their roles and decision rights in the process, and prepare individually to interview effectively.
    • There are hundreds of different interview types, techniques, and tools for an organization to use, but the most practiced and most effective is behavioral interviewing.
    • There is no right interview type and technique. Each hiring scenario needs to be evaluated to pick the appropriate type and technique that should be practiced, and the right questions that should be asked.

    Impact and Result

    • Gain insight into and understand the need for a strong interview process.
    • Strategize and plan your organization’s interview process, including how to make up an ideal candidate profile, who should be involved in the process, and how to effectively match interview types, techniques, and questions to assess the ideal candidate attributes.
    • Understand various hiring scenarios, and how an interview process may be modified to reflect your organization’s scenario.
    • Learn about the most common interview types and techniques, when they are appropriate to use, and best practices around using them effectively.
    • Evaluate your interview process and yourself as an interviewer to better inform future candidate interviewing strategy.

    Acquire the Right Hires with Effective Interviewing Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Implement an effective interview and continuous improvement process

    Acquire the right hire.

    • Storyboard: Acquire the Right Hires with Effective Interviewing

    2. Document all aspects of your interview strategy and plan with stakeholders

    Ensure an effective and seamless interview process.

    • Candidate Interview Strategy and Planning Guide

    3. Recognize common interviewing errors and study best practices to address these errors

    Be an effective interviewer.

    • Screening Interview Template
    • Interview Guide Template
    • Supplement: Quick Fixes to Common Interview Errors
    • Pre-interview Guide for Interviewers
    • Candidate Communication Template
    [infographic]

    Negotiate SaaS Agreements That Are Built to Last

    • Buy Link or Shortcode: {j2store}137|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $72,298 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Internal stakeholders usually have different – and often conflicting – needs and expectations that require careful facilitation and management.
    • SaaS solutions bring forth a unique form of “switching costs” that can make a decision to migrate solutions financially, technically, and politically painful.

    Our Advice

    Critical Insight

    • Conservatively, it’s possible to save 5% of the overall IT budget through comprehensive software and SaaS contract review.
    • Focus on the terms and conditions, not just the price.
    • Learning to negotiate is crucial.

    Impact and Result

    • Take control of your SaaS contract negotiations from the beginning.
    • Look at your contract holistically to find cost savings.
    • Guide communication between vendors and your organization for the duration of contract negotiations.
    • Redline the terms and conditions of your SaaS contract.
    • Prioritize crucial terms and conditions to negotiate.

    Negotiate SaaS Agreements That Are Built to Last Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to redline and negotiate a SaaS agreement, review Info-Tech’s methodology, and understand the different ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather requirements

    Build and manage the stakeholder team, and then document the business use case.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 1: Gather Requirements
    • RASCI Chart
    • Vendor Communication Management Plan
    • Software Business Use Case Template
    • SaaS TCO Calculator

    2. Redline contract

    Redline the proposed SaaS contract.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 2: Redline Contract
    • SaaS Terms and Conditions Evaluation Tool

    3. Negotiate contract

    Create a thorough negotiation plan.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 3: Negotiate Contract
    • SaaS Contract Negotiation Terms Prioritization Checklist
    • Controlled Vendor Communications Letter
    • Key Vendor Fiscal Year End Calendar
    • Contract Negotiation Tactics Playbook
    [infographic]

    Workshop: Negotiate SaaS Agreements That Are Built to Last

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Collect and Review Data

    The Purpose

    Assemble documentation.

    Key Benefits Achieved

    Understand current position before going forward.

    Activities

    1.1 Assemble existing contracts.

    1.2 Document their strategic and tactical objectives.

    1.3 Identify current status of the vendor relationship and any historical context.

    1.4 Clarify goals for ideal future state.

    Outputs

    Business Use Case.

    2 Define the Business Use Case and Build a Stakeholder Team

    The Purpose

    Define the business use case and build a stakeholder team.

    Key Benefits Achieved

    Create a business use case to document functional and non-functional requirements.

    Build an internal cross-functional stakeholder team to negotiate the contract.

    Activities

    2.1 Establish a negotiation team and define roles.

    2.2 Write a communication plan.

    2.3 Complete a business use case.

    Outputs

    RASCI Matrix

    Communications Plan

    SaaS TCO Calculator

    Business Use Case

    3 Redline the Contract

    The Purpose

    Examine terms and conditions and prioritize for negotiation.

    Key Benefits Achieved

    Discover cost savings.

    Improve agreement terms.

    Prioritize terms for negotiation.

    Activities

    3.1 Review general terms and conditions.

    3.2 Review license and application specific terms and conditions.

    3.3 Match to business and technical requirements.

    3.4 Redline the agreement.

    Outputs

    SaaS Terms and Conditions Evaluation Tool

    SaaS Contract Negotiation Terms Prioritization Checklist

    4 Build a Negotiation Strategy

    The Purpose

    Create a negotiation strategy.

    Key Benefits Achieved

    Controlled communication established.

    Negotiation tactics chosen.

    Negotiation timeline plotted.

    Activities

    4.1 Review vendor and application specific negotiation tactics.

    4.2 Build negotiation strategy.

    Outputs

    Contract Negotiation Tactics Playbook

    Controlled Vendor Communications Letter

    Key Vendor Fiscal Year End Calendar

    Build a Data Architecture Roadmap

    • Buy Link or Shortcode: {j2store}124|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $8,846 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data architecture involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.
    • Data architects must account for the constantly growing data and application complexity, more demanding needs from the business, an ever-increasing number of data sources, and a growing need to integrate components to ensure that performance isn’t compromised.

    Our Advice

    Critical Insight

    • Data architecture needs to evolve with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.
    • Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.
    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Impact and Result

    • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed.
      • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Build a Data Architecture Roadmap Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should optimize its data architecture as it evolves with the drivers of the business to get the most from its data.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prioritize your data architecture with business-driven tactics

    Identify the business drivers that necessitate data architecture improvements, then create a tactical plan for optimization.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 1: Prioritize Your Data Architecture With Business-Driven Tactics
    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template

    2. Personalize your tactics to optimize your data architecture

    Analyze how you stack up to Info-Tech’s data architecture capability model to uncover your tactical plan, and discover groundbreaking data architecture trends and how you can fit them into your action plan.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 2: Personalize Your Tactics to Optimize Your Data Architecture
    • Data Architecture Tactical Roadmap Tool
    • Data Architecture Trends Presentation

    3. Create your tactical data architecture roadmap

    Optimize your data architecture by following tactical initiatives and managing the resulting change brought on by those optimization activities.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 3: Create Your Tactical Data Architecture Roadmap
    • Data Architecture Decision Template
    [infographic]

    Workshop: Build a Data Architecture Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for Optimizing Data Architecture

    The Purpose

    Explain approach and value proposition.

    Review the common business drivers and how the organization is driving a need to optimize data architecture.

    Understand Info-Tech’s five-tier data architecture model.

    Determine the pattern of tactics that apply to the organization for optimization.

    Key Benefits Achieved

    Understanding of the current data architecture landscape.

    Priorities for tactical initiatives in the data architecture practice are identified.

    Target state for the data quality practice is defined.

    Activities

    1.1 Explain approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.

    1.3 Understand Info-Tech’s five-tier data architecture model.

    1.4 Determine the pattern of tactics that apply to the organization for optimization.

    Outputs

    Five-tier logical data architecture model

    Data architecture tactic plan

    2 Determine Your Tactics For Optimizing Data Architecture

    The Purpose

    Define improvement initiatives.

    Define a data architecture improvement strategy and roadmap.

    Key Benefits Achieved

    Gaps, inefficiencies, and opportunities in the data architecture practice are identified.

    Activities

    2.1 Create business unit prioritization roadmap.

    2.2 Develop subject area project scope.

    2.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    3 Create a Strategy for Data Quality Project 2

    The Purpose

    Define improvement initiatives.

    Define a data quality improvement strategy and roadmap.

    Key Benefits Achieved

    Improvement initiatives are defined.

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

    A roadmap is defined to depict when and how to tackle the improvement initiatives.

    Activities

    3.1 Create business unit prioritization roadmap.

    3.2 Develop subject area project scope.

    3.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis.

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    Further reading

    Build a Data Architecture Roadmap

    Optimizing data architecture requires a plan, not just a data model.

    ANALYST PERSPECTIVE

    Integral to an insight-driven enterprise is a modern and business-driven data environment.

    “As business and data landscapes change, an organization’s data architecture needs to be able to keep pace with these changes. It needs to be responsive so as to not only ensure the organization continues to operate efficiently but that it supports the overall strategic direction of the organization.

    In the dynamic marketplace of today, organizations are constantly juggling disruptive forces and are finding the need to be more proactive rather than reactive. As such, organizations are finding their data to be a source of competitive advantage where the data architecture has to be able to not only support the increasing amount, sources, and rate at which organizations are capturing and collecting data but also be able to meet and deliver on changing business needs.

    Data architecture optimization should, therefore, aid in breaking down data silos and creating a more shared and all-encompassing data environment for better empowering the business.” (Crystal Singh, Director, Research, Data and Information Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:
    • Data architects or their equivalent, looking to optimize and improve the efficiency of the capture, movement and storage of data for a variety of business drivers.
    • Enterprise architects looking to improve the backbone of the holistic approach of their organization’s structure.
    This Research Will Help You:
    • Identify the business drivers that are impacted and improved by best-practice data architecture.
    • Optimize your data architecture using tactical practices to address the pressing issues of the business to drive modernization.
    • Align the organization’s data architecture with the grander enterprise architecture.
    This Research Will Also Assist:
    • CIOs concerned with costs, benefits, and the overall structure of their organizations data flow.
    • Database administrators tasked with overseeing crucial elements of the data architecture.
    This Research Will Help Them:
    • Get a handle on the current situation of data within the organization.
    • Understand how data architecture affects the operations of the data sources within the enterprise.

    Executive summary

    Situation

    • The data architecture of a modern organization involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.

    Complication

    • Data architects must account for the constantly growing data and application complexity, and more demanding needs from the business.
    • There is an ever-increasing number of data sources and a growing need to integrate components to ensure that performance isn’t compromised.
    • There isn’t always a clearly defined data architect role, yet the responsibilities must be filled to get maximum value from data.

    Resolution

    • To deal with these challenges, a data architect must have a framework in place to identify the appropriate solution for the challenge at hand.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed to customize your solution.
      • Discover the best practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Info-Tech Insight

    1. Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify the priorities of your business and adapt your data architecture to those needs.
    2. Changes to data architecture are typically driven by four common business driver patterns. Use these as a shortcut to understand how to evolve your data architecture.
    3. Data is used differently across the layers of an organization’s data architecture; therefore, the capabilities needed to optimize the use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Your data is the foundation of your organization’s knowledge and ability to make decisions

    Data should be at the foundation of your organization’s evolution.

    The transformational insights that executives are constantly seeking to leverage can be uncovered with a data practice that makes high quality, trustworthy information readily available to the business users who need it.

    50% Organizations that embrace data are 50% more likely to launch products and services ahead of their competitors. (Nesta, 2016)

    Whether hoping to gain a better understanding of your business or trying to become an innovator in your industry, any organization can get value from its data regardless of where you are in your journey to becoming a data-driven enterprise:

    Business Monitoring
    • Data reporting
    • Uncover inefficiencies
    • Monitor progress
    • Track inventory levels
    Business Insights
    • Data analytics
    • Expose patterns
    • Predict future trends
    Business Optimization
    • Data-based apps
    • Build apps to automate actions based on insights
    Business Transformation
    • Monetary value of data
    • Create new revenue streams
    (Journey to Data Driven Enterprise, 2015)

    As organizations seek to become more data driven, it is imperative to better manage data for its effective use

    Here comes the zettabyte era.

    A zettabyte is a billion terabytes. Organizations today need to measure their data size in zettabytes, a challenge that is only compounded by the speed at which the data is expected to move.

    Arriving at the understanding that data can be the driving force of your organization is just the first step. The reality is that the true hurdles to overcome are in facing the challenges of today’s data landscape.

    Challenges of The Modern Data Landscape
    Data at rest Data movement
    Greater amounts Different types Uncertain quality Faster rates Higher complexity

    “The data environment is very chaotic nowadays. Legacy applications, data sprawl – organizations are grappling with what their data landscape looks like. Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    Solution

    Well-defined and structured data management practices are the best way to mitigate the limitations that derive from these challenges and leverage the most possible value from your data.

    Refer to Info-Tech’s capstone Create a Plan For Establishing a Business-Aligned Data Management Practice blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

    Data architecture is an integral aspect of data management

    Data Architecture

    The set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.

    In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    54% of leading “analytics-driven” enterprises site data architecture as a required skill for data analytics initiatives. (Maynard 2015)

    MYTH

    Data architecture is purely a model of the technical requirements of your data systems.

    REALITY

    Data architecture is largely dependent on a human element. It can be viewed as “the bridge between defining strategy and its implementation”. (Erwin 2016)

    Functions

    A strong data architecture should:

    • Define, visualize, and communicate data strategy to various stakeholders.
    • Craft a data delivery environment.
    • Ensure high data quality.
    • Provide a roadmap for continuous improvement.

    Business value

    A strong data architecture will help you:

    • Align data processes with business strategy and the overall holistic enterprise architecture.
    • Enable efficient flow of data with a stronger focus on quality and accessibility.
    • Reduce the total cost of data ownership.

    Data architects must maintain a comprehensive view of the organization’s rapidly proliferating data

    The data architect:
    • Acts as a “translator” between the business and data workers to communicate data and technology requirements.
    • Facilitates the creation of the data strategy.
    • Manages the enterprise data model.
    • Has a greater knowledge of operational and analytical data use cases.
    • Recommends data management policies and standards, and maintains data management artifacts.
    • Reviews project solution architectures and identifies cross impacts across the data lifecycle.
    • Is a hands-on expert in data management and warehousing technologies.
    • Is not necessarily it’s own designated position, but a role that can be completed by a variety of IT professionals.

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Many are experiencing the pains of poor data architecture, but leading organizations are proactively tackling these issues

    Outdated and archaic systems and processes limit the ability to access data in a timely and efficient manner, ultimately diminishing the value your data should bring.

    59%

    of firms believe their legacy storage systems require too much processing to meet today’s business needs. (Attivio, Survey Big Data decision Makers, 2016)

    48%

    of companies experience pains from being reliant on “manual methods and trial and error when preparing data.” (Attivio, Survey Big Data decision Makers, 2016)

    44%
    +
    22%

    44% of firms said preparing data was their top hurdle for analytics, with 22% citing problems in accessing data. (Data Virtualization blog, Data Movement Killed the BI Star, 2016)

    Intuitive organizations who have recognized these shortcomings have already begun the transition to modernized and optimized systems and processes.

    28%

    of survey respondents say they plan to replace “data management and architecture because it cannot handle the requirements of big data.” (Informatica, Digital Transformation: Is Your Data Management Ready, 2016)

    50%

    Of enterprises plan to replace their data warehouse systems and analytical tools in the next few years. (TDWI, End of the Data Warehouse as we know it, 2017)

    Leading organizations are attacking data architecture problems … you will be left behind if you do not start now!

    Once on your path to redesigning your data architecture, neglecting the strategic elements may leave you ineffective

    Focusing on only data models without the required data architecture guidance can cause harmful symptoms in your IT department, which will lead to organization-wide problems.

    IT Symptoms Due to Ineffective Data Architecture

    Poor Data Quality

    • Inconsistent, duplicate, missing, incomplete, incorrect, unstandardized, out of date, and mistake-riddled data can plague your systems.

    Poor Accessibility

    • Delays in accessing data.
    • Limits on who can access data.
    • Limited access to data remotely.

    Strategic Disconnect

    • Disconnect between owner and consumer of data.
    • Solutions address narrow scope problems.
    • System barriers between departments.
    Leads to Poor Organizational Conditions

    Inaccurate Insights

    • Inconsistent and/or erroneous operational and management reports.
    • Ineffective cross-departmental use of analytics.

    Ineffective Decision Making

    • Slow flow of information to executive decision makers.
    • Inconsistent interpretation of data or reports.

    Inefficient Operations

    • Limits to automated functionality.
    • Increased divisions within organization.
    • Regulatory compliance violations.
    You need a solution that will prevent the pains.

    Follow Info-Tech’s methodology to optimize data architecture to meet the business needs

    The following is a summary of Info-Tech’s methodology:

    1

    1. Prioritize your core business objectives and identify your business driver.
    2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
    3. Determine the appropriate tactical pattern that addresses your most important requirements.
    Visualization of the process described on the left: Business drivers applying to Info-Tech's five-tier data architecture, then determining tactical patterns, and eventually setting targets of your desired optimized state.

    2

    1. Select the areas of the five-tier architecture to focus on.
    2. Measure current state.
    3. Set the targets of your desired optimized state.

    3

    1. Roadmap your tactics.
    2. Manage and communicate change.
    A roadmap leading to communication.

    Info-Tech will get you to your optimized state faster by focusing on the important business issues

    First Things First

    1. Info-Tech’s methodology helps you to prioritize and establish the core strategic objectives behind your goal of modernizing data architecture. This will narrow your focus to the appropriate areas of your current data systems and processes that require the most attention.

    Info-Tech has identified these four common drivers that lead to the need to optimize your data architecture.

    • Becoming More Data Driven
    • Regulations and Compliance
    • Mergers and Acquisitions
    • New Functionality or Business Rule

    These different core objectives underline the motivation to optimize data architecture, and will determine your overall approach.

    Use the five-tier architecture to provide a consumable view of your data architecture

    Every organization’s data system requires a unique design and an assortment of applications and storage units to fit their business needs. Therefore, it is difficult to paint a picture of an ideal model that has universal applications. However, when data architecture is broken down in terms of layers or tiers, there exists a general structure that is seen in all data systems.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'Apps', 'Excel and other documents', and 'Access database(s)'; 'Integration and Translation' the 'Movement and transformation of data'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'; and 'Presentation' which includes 'Reports' and 'Dashboards'.

    Thinking of your data systems and processes in this framework will allow you to see how different elements of the architecture relate to specific business operations.

    1. This blueprint will demonstrate how the business driver behind your redesign requires you to address specific layers of the five-tier data architecture.
    1. Once you’ve aligned your business driver to the appropriate data tiers, this blueprint will provide you with the best practice tactics you should apply to achieve an optimized data architecture.

    Use the five-tier architecture to prioritize tactics to improve your data architecture in line with your pattern

    Info-Tech’s Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.
    1. Based on your business driver, the relevant data tiers, and your organization’s own specific requirements you will need to establish the appropriate data architecture capabilities.
    2. This blueprint will help you measure how you are currently performing in these capabilities…
    3. And help you define and set targets so you can reach your optimized state.
    1. Once completed, these steps will be provided with the information you will need to create a comprehensive roadmap.
    2. Lastly, this blueprint will provide you with the tools to communicate this plan across your organization and offer change management guidelines to ensure successful adoption.
    Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach.

    The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Do not forget: data architecture is not a standalone concept; it fits into the more holistic design of enterprise architecture

    Data Architecture in Alignment

    Data architecture can not be designed to simply address the focus of data specialists or even the IT department.

    It must act as a key component in the all encompassing enterprise architecture and reflect the strategy and design of the entire business.

    Data architecture collaborates with application architecture in the delivery of effective information systems, and informs technology architecture on data related infrastructure requirements/considerations

    Please refer to the following blueprints to see the full picture of enterprise architecture:

    A diagram titled 'Enterprise Architecture' with multiple forms of architecture interacting with each other. At the top is 'Business Architecture' which feeds into 'Data Architecture' and 'Application Architecture' which feed into each other, and influence 'Infrastructure Architecture' and 'Security Architecture'.
    Adapted from TOGAF
    Refer to Phase C of TOGAF and Bizbok for references to the components of business architecture that are used in data architecture.

    Info-Tech’s data architecture optimization methodology helped a monetary authority fulfill strict regulatory pressures

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'. Look for this symbol as you walk through the blueprint for details on how Info-Tech Consulting assisted this monetary authority.

    Situation: Strong external pressures required the monetary authority to update and optimize its data architecture.

    The monetary authority is responsible for oversight of the financial situation of a country that takes in revenue from foreign incorporation. Due to increased pressure from international regulatory bodies, the monetary authority became responsible for generating multiple different types of beneficial ownership reports based on corporation ownership data within 24 hours of a request.

    A stale and inefficient data architecture prevented the monetary authority from fulfilling external pressures.

    Normally, the process to generate and provide beneficial ownership reports took a week or more. This was due to multiple points of stale data architecture, including a dependence on outdated legacy systems and a broken process for gathering the required data from a mix of paper and electronic sources.

    Provide a structured approach to solving the problem

    Info-Tech helped the monetary authority identify the business need that resulted from regulatory pressures, the challenges that needed to be overcome, and actionable tactics for addressing the needs.

    Info-Tech’s methodology was followed to optimize the areas of data architecture that address the business driver.

    • External Requirements
    • Business Driver
        Diagnose Data Architecture Problems
      • Outdated architecture (paper, legacy systems)
      • Stale data from other agencies
      • Incomplete data
          Data Architecture Optimization Tactics
        1. Optimized Source Databases
        2. Improved Integration
        3. Data Warehouse Optimization
        4. Data Marts for Reports
        5. Report Delivery Efficiency

    As you walk through this blueprint, watch for additional case studies that walk through the details of how Info-Tech helped this monetary authority.

    This blueprint’s three-step process will help you optimize data architecture in your organization

    Phase 1
    Prioritize Your Data Architecture With Business-Driven Tactics
    Phase 2
    Personalize Your Tactics to Optimize Your Data Architecture
    Phase 3
    Create Your Tactical Data Architecture Roadmap
    Step 1: Identify Your Business Driver for Optimizing Data Architecture
    • Learn about what data architecture is and how it must evolve with the drivers of the business.
    • Determine the business driver that your organization is currently experiencing.
    • Data Architecture Driver Pattern Identification Tool

    Step 2: Determine Actionable Tactics to Optimize Data Architecture
    • Create your data architecture optimization plan to determine the high-level tactics you need to follow.
    • Data Architecture Optimization Template

    Step 1: Measure Your Data Architecture Capabilities
    • Determine where you currently stand in the data architecture capabilities across the five-tier data architecture.
    • Data Architecture Tactical Roadmap Tool

    Step 2: Set a Target for Data Architecture Capabilities
    • Identify your targets for the data architecture capabilities.
    • Data Architecture Tactical Roadmap Tool

    Step 3: Identify the Tactics that Apply to Your Organization
    • Understand the trends in the field of data architecture and how they can help to optimize your environment.
    • Data Architecture Trends Presentation

    Step 1: Personalize Your Data Architecture Roadmap
    • Personalize the tactics across the tiers that apply to you to build your personalized roadmap.
    • Data Architecture Tactical Roadmap Tool

    Step 2: Manage Your Data Architecture Decisions and the Resulting Changes
    • Document the changes in the organization’s data architecture.
    • Data architecture involves change management – learn how data architects should support change management in the organization.
    • Data Architecture Decision Template

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Build a Business-Aligned Data Architecture Optimization Strategy – project overview

    PHASE 1
    Prioritize Your Data Architecture With Business-Driven Tactics
    PHASE 2
    Personalize Your Tactics to Optimize Your Data Architecture
    PHASE 3
    Create Your Tactical Data Architecture Roadmap
    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Identify Your Business Driver for Optimizing Data Architecture

    1.2 Determine Actionable Tactics to Optimize Data Architecture

    2.1 Measure Your Data Architecture Capabilities

    2.2 Set a Target for Data Architecture Capabilities

    2.3 Identify the Tactics that Apply to Your Organization

    3.1 Personalize Your Data Architecture Roadmap

    3.2 Manage Your Data Architecture Decisions and the Resulting Changes

    Guided Implementations

    • Understand what data architecture is, how it aligns with enterprise architecture, and how data architects support the needs of the business.
    • Identify the business drivers that necessitate the optimization of the organization’s data architecture.
    • Create a tactical plan to optimize data architecture across Info-Tech’s five-tier logical data architecture model.
    • Understand Info-Tech’s tactical data architecture capability model and measure the current state of these capabilities at the organization.
    • Determine the target state of data architecture capabilities.
    • Understand the trends in the field of data architecture and identify how they can fit into your environment.
    • Use the results of the data architecture capability gap assessment to determine the priority of activities to populate your personalized data architecture optimization roadmap.
    • Understand how to manage change as a data architect or equivalent.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Identify the Drivers of the Business for Optimizing Data Architecture
    Module 2:
    Create a Tactical Plan for Optimizing Data Architecture
    Module 3:
    Create a Personalized Roadmap for Data Architecture Activities

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Preparation

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5

    Organize and Plan Workshop Identify the Drivers of the Business for Optimizing Data Architecture Determine the Tactics For Optimizing Data Architecture Create Your Roadmap of Optimization Activities Create Your Personalized Roadmap Create a Plan for Change Management

    Morning Activities

    • Finalize workshop itinerary and scope.
    • Identify workshop participants.
    • Gather strategic documentation.
    • Engage necessary stakeholders.
    • Book interviews.
    • 1.1 Explain approach and value proposition.
    • 1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.
    • 2.1 Create your data architecture optimization plan.
    • 2.2 Interview key business stakeholders for input on business drivers for data architecture.
    • 3.1 Align with the enterprise architecture by interviewing the enterprise architect for input on the data architecture optimization roadmap.
    • 4.1 As a group, determine the roadmap activities that are applicable to your organization and brainstorm applicable initiatives.
    • 5.1 Use the Data Architecture Decision Documentation Template to document key decisions and updates.

    Afternoon Activities

    • 1.3 Understand Info-Tech’s Five-Tier Data Architecture.
    • 1.4 Determine the pattern of tactics that apply to the organization for optimization.
    • 2.3 With input from the business and enterprise architect, determine the current data architecture capabilities.
    • 3.3 With input from the business and enterprise architect, determine the target data architecture capabilities.
    • 4.2 Determine the timing and effort of the roadmap activities.
    • 5.2 Review best practices for change management.
    • 5.3 Present roadmap and findings to the business stakeholders and enterprise architect.

    Deliverables

    • Workshop Itinerary
    • Workshop Participant List
    1. Five-Tier Logical Data Architecture Model
    2. Data Architecture Tactic Plan
    1. Five-Tier Data Architecture Capability Model
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Decision Template

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 1

    Prioritize Your Data Architecture With Business-Driven Tactics

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prioritize Your Data Architecture With Business-Driven Tactics

    Proposed Time to Completion: 2 weeks
    Step 1.1: Identify Your Business Driver for Optimizing Data Architecture Step 1.2: Determine Actionable Tactics to Optimize Data Architecture
    Start with an analyst kick-off call:
    • Understand what data architecture is, what it is not, and how it fits into the broader enterprise architecture program.
    • Determine the drivers that fuel the need for data architecture optimization.
    Review findings with analyst:
    • Understand the Five-Tier Data Architecture Model and how the drivers of the business inform your priorities across this logical model of data architecture.
    Then complete these activities…
    • Complete the Data Architecture Driver Pattern Identification Tool.
    Then complete these activities…
    • Create a tactical data architecture optimization plan based on the business driver input.
    With these tools & templates:
    • Data Architecture Driver Pattern Identification Tool
    With these tools & templates:
    • Data Architecture Optimization Template

    Phase 1 Results & Insights

    • Data Architecture is not just about data models. The approach that Phase 1 guides you through will help to not only plan where you need to focus your efforts as a data architect (or equivalent) but also give you guidance in how you should go about optimizing the holistic data architecture environment based on the drivers of the business.

    Phase 1 will help you create a strategy to optimize your data architecture using actionable tactics

    In this phase, you will determine your focus for optimizing your data architecture based on the business drivers that are commonly felt by most organizations.

    1. Identify the business drivers that necessitate data architecture optimization efforts.
    2. Understand Info-Tech’s Five-Tier Data Architecture, a logical architecture model that will help you prioritize tactics for optimizing your data architecture environment.
    3. Identify tactics for optimizing the organization’s data architecture across the five tiers.

    “To stay competitive, we need to become more data-driven. Compliance pressures are becoming more demanding. We need to add a new functionality.”

    Info-Tech’s Five-Tier Data Architecture:

    1. Data Sources
    2. Data Integration and Translation
    3. Data Warehousing
    4. Data Analytics
    5. Data Presentation

    Tactical plan for Data Architecture Optimization

    Phase 1, Step 1: Identify Your Business Driver for Optimizing Data Architecture

    PHASE 1

    1.1 1.2
    Identify Your Business Driver for Optimizing Data Architecture Determine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand how data architecture fits into the organization’s larger enterprise architecture.
    • Understand what data architecture is and how it should be driven by the business.
    • Identify the driver that is creating a need for data architecture optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • A starting point for the many responsibilities of the data architect role. Balancing business and technical requirements can be challenging, and to do so you need to first understand what is driving the need for data architecture improvements.
    • Holistic understanding of the organization’s architecture environment, including enterprise, application, data, and technology architectures and how they interact.

    Data architecture involves planning, communication, and understanding of technology

    Data Architecture

    A description of the structure and interaction of the enterprise’s major types and sources of data, logical data assets, physical data assets, and data management resources (TOGAF 9).

    The subject area of data management that defines the data needs of the enterprise and designs the master blueprints to meet those needs (DAMA DMBOK, 2009).

    IBM (2007) defines data architecture as the design of systems and applications that facilitate data availability and distribution across the enterprise.

    Definitions vary slightly across major architecture and management frameworks.

    However, there is a general consensus that data architecture provides organizations with:

    • Alignment
    • Planning
    • Road mapping
    • Change management
    • A guide for the organization’s data management program

    Data architecture must be based on business goals and objectives; developed within the technical strategies, constraints, and opportunities of the organization in support of providing a foundation for data management.

    Current Data Management
    • Alignment
    • Planning
    • Road mapping
    Goal for Data Management

    Info-Tech Insight

    Data Architecture is not just data models. Data architects must understand the needs of the business, as well as the existing people and processes that already exist in the organization to effectively perform their job.

    Review how data architecture fits into the broader architectural context

    A flow diagram starting with 'Business Processes/Activities' to 'Business Architecture' which through a process of 'Integration' flows to 'Data Architecture' and 'Application Architecture', the latter of which also flows into to the former, and they both flow into 'Technology Architecture' which includes 'Infrastructure' and 'Security'.

    Each layer of architecture informs the next. In other words, each layer has components that execute processes and offer services to the next layer. For example, data architecture can be broken down into more granular activities and processes that inform how the organization’s technology architecture should be arranged.

    Data does not exist on its own. It is informed by business architecture and used by other architectural domains to deliver systems, IT services, and to support business processes. As you build your practice, you must consider how data fits within the broader architectural framework.

    The Zachman Framework is a widely used EA framework; within it, data is identified as the first domain.

    The framework aims to standardize artifacts (work-products) within each architectural domain, provides a cohesive view of the scope of EA and clearly delineates data components. Use the framework to ensure that your target DA practice is aligned to other domains within the EA framework.

    'The Zachman Framework for Enterprise Architecture: The Enterprise Ontology', a complicated framework with top and bottom column headers and left and right row headers. Along the top are 'Classification Names': 'What', 'How', 'Where', 'Who', 'When', and 'Why'. Along the bottom are 'Enterprise Names': 'Inventory Sets', 'Process Flows', 'Distribution Networks', 'Responsibility Assignments', 'Timing Cycles', and 'Motivation Intentions'. Along the left are 'Audience Perspectives': 'Executive Perspective', 'Business Mgmt. Perspective', 'Architect Perspective', 'Engineer Perspective', 'Technician Perspective', and 'Enterprise Perspective'. Along the right are 'Model Names': 'Scope Contexts', 'Business Concepts', 'System Logic', 'Technology Physics', 'Tool Components', and 'Operations Instances'.
    (Source: Zachman International)

    Data architects operate in alignment with the other various architecture groups

    Data architects operate in alignment with the other various architecture groups, with coordination from the enterprise architect.

    Enterprise Architect
    The enterprise architect provides thought leadership and direction to domain architects.

    They also maintain architectural standards across all the architectural domains and serve as a lead project solution architect on the most critical assignments.

    • Business Architect
      A business subject matter expert who works with the line-of-business team to assist in business planning through capability-based planning.
    • Security Architect
      Plays a pivotal role in formulating the security strategy of the organization, working with the business and CISO/security manager. Recommends and maintains security standards, policies, and best practices.
    • Infrastructure Architect
      Recommends and maintains standards across the compute, storage, and network layers of the organization. Reviews project solution architectures to ensure compliance with infrastructure standards, regulations, and target state blueprints.
    • Application Architect
      Manages the business effectiveness, satisfaction, and maintainability of the application portfolio. Conduct application architecture assessments to document expected quality attribute standards, identify hotspots, and recommend best practices.
    • Data Architect
      Facilitates the creation of data strategy and has a greater understanding of operational and analytical data use cases. Manages the enterprise data model which includes all the three layers of modelling - conceptual, logical, and physical. Recommends data management policies and standards, and maintains data management artefacts. Reviews project solution architectures and identifies cross impacts across the data lifecycle.

    As a data architect, you must maintain balance between the technical and the business requirements

    The data architect role is integral to connecting the long-term goals of the business with how the organization plans to manage its data for optimal use.

    Data architects need to have a deep experience in data management, data warehousing, and analytics technologies. At a high level, the data architect plans and implements an organization’s data, reporting, and analytics roadmap.

    Some of the role’s primary duties and responsibilities include:

    1. Data modeling
    2. Reviewing existing data architecture
    3. Benchmark and improve database performance
    4. Fine tune database and SQL queries
    5. Lead on ETL activities
    6. Validate data integrity across all platforms
    7. Manage underlying framework for data presentation layer
    8. Ensure compliance with proper reporting to bureaus and partners
    9. Advise management on data solutions

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Info-Tech Insight

    The data architect role is not always clear cut. Many organizations do not have a dedicated data architect resource, and may not need one. However, the duties and responsibilities of the data architect must be carried out to some degree by a combination of resources as appropriate to the organization’s size and environment.

    Understand the role of a data architect to ensure that essential responsibilities are covered in the organization

    A database administrator (DBA) is not a data architect, and data architecture is not something you buy from an enterprise application vendor.

    Data Architect Role Description

    • The data architect must develop (along with the business) a short-term and long-term vision for the enterprise’s data architecture.
    • They must be able to create processes for governing the identification, collection, and use of accurate and valid metadata, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    Skills Necessary

    • Hands-on experience with data architecting and management, data mining, and large-scale data modeling.
    • Strong understanding of relational and non-relational data structures, theories, principles, and practices.
    • Strong familiarity with metadata management.
    • Knowledge of data privacy practices and laws.

    Define Policies, Processes, and Priorities

    • Policies
      • Boundaries of the data architecture.
      • Data architecture standards.
      • Data architecture security.
      • Responsibility of ownership for the data architecture and data repositories.
      • Responsibility for data architecture governance.
    • Processes
      • Data architecture communication.
      • Data architecture change management.
      • Data architecture governance.
      • Policy compliance monitoring.
    • Priorities
      • Align architecture efforts with business priorities.
      • Close technology gaps to meet service level agreements (SLAs).
      • Determine impacts on current or future projects.

    See Info-Tech’s Data Architect job description for a comprehensive description of the data architect role.

    Leverage data architecture frameworks to understand how the role fits into the greater Enterprise Architecture framework

    Enterprise data architectures are available from industry consortiums such as The Open Group (TOGAF®), and open source initiatives such as MIKE2.0.

    Logo for The Open Group.

    The Open Group TOGAF enterprise architecture model is a detailed framework of models, methods, and supporting tools to create an enterprise-level architecture.

    • TOGAF was first developed in 1995 and was based on the Technical Architecture Framework for Information Management (TAFIM) developed by the US Department of Defense.
    • TOGAF includes application, data, and infrastructure architecture domains providing enterprise-level, product-neutral architecture principles, policies, methods, and models.
    • As a member of The Open Group, it is possible to participate in ongoing TOGAF development initiatives.

    The wide adoption of TOGAF has resulted in the mapping of it to several other industry standards including CoBIT and ITIL.

    Logo for MIKE2.0.

    MIKE2.0 (Method for an Integrated Knowledge Environment), is an open source method for enterprise information management providing a framework for information development.

    • SAFE (Strategic Architecture for the Federated Enterprise) provides the technology solution framework for MIKE2.0
    • SAFE includes application, presentation, information, data, Infrastructure, and metadata architecture domains.

    Info-Tech Best Practice

    If an enterprise-level IT architecture is your goal, TOGAF is likely a better model. However, if you are an information and knowledge-based business then MIKE2.0 may be more relevant to your business.

    The data architect must identify what drives the need for data from the business to create a business-driven architecture

    As the business landscape evolves, new needs arise. An organization may undergo new compliance requirements, or look to improve their customer intimacy, which could require a new functionality from an application and its associated database.

    There are four common scenarios that lead to an organization’s need to optimize its data architecture and these scenarios all present unique challenges for a data architect:

    1. Becoming More Data Driven As organizations are looking to get more out of their data, there is a push for more accurate and timely data from applications. Data-driven decision making requires verifiable data from trustworthy sources. Result: Replace decisions made on gut or intuition with real and empirical data - make more informed and data-driven decisions.
    2. New Functionality or Business Rule In order to succeed as business landscapes change, organizations find themselves innovating on products or services and the way they do things. Changes in business rules, product or service offering, and new functionalities can subsequently demand more from the existing data architecture. Result: Prepare yourself to successfully launch new business initiatives with an architecture that supports business needs.
    3. Mergers and Acquisitions If an organization has recently acquired, been acquired, or is merging with another, the technological implications require careful planning to ensure a seamless fit. Application consolidation, retirement, data transfer, and integration points are crucial. Result: Leverage opportunities to incorporate and consolidate new synergistic assets to realize the ROI.
    4. Risk and Compliance Data in highly regulated organizations needs to be kept safe and secure. Architectural decisions around data impact the level of compliance within the organization. Result: Avoid the fear of data audits, regulatory violations, and privacy breaches.

    Info-Tech Best Practice

    These are not the only reasons why data architects need to optimize the organization’s data architecture. These are only four of the most common scenarios, however, other business needs can be addressed using the same concept as these four common scenarios.

    Use the Data Architecture Driver tool to identify your focus for data architecture

    Supporting Tool icon 1.1 Data Architecture Driver Pattern Identification Tool

    Follow Info-Tech’s process of first analyzing the needs of the business, then determining how best to architect your data based on these drivers. Data architecture needs to be able to rapidly evolve to support the strategic goals of the business, and the Data Architecture Driver Pattern Identification Tool will help you to prioritize your efforts to best do this.

    Tab 2. Driver Identification

    Objective: Objectively assess the most pressing business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2.

    Tab 3. Tactic Pattern Plan, Section 1

    Purpose: Review your business drivers that require architectural changes in your environment.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 1.

    Tab 3. Tactic Pattern Plan, Section 2

    Purpose: Determine a list of tactics that will help you address the business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 2.

    Step
    • Evaluate business drivers to determine the data architecture optimization priorities and tactics.
    Step
    • Understand how each business driver relates to data architecture and how each driver gives rise to a specific pattern across the five-tier data architecture.
    Step
    • Review the list of high-level tactics presented to optimize your data architecture across the five tier architecture.

    Identify the drivers for improving your data architecture

    Associated Activity icon 1.1.1 1 hour

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Instructions

    In Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, assess the degree to which the organization is feeling the pains of the four most common business drivers:

    1. Is there a present or growing need for the business to be making data-driven decisions?
    2. Does the business want to explore a new functionality and hence require a new application?
    3. Is your organization acquiring or merging with another entity?
    4. Is your organization’s regulatory environment quick to change and require stricter reporting?

    Data architecture improvements need to be driven by business need.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    “As a data architect, you have to understand the functional requirements, the non-functional requirements, then you need to make a solution for those requirements. There can be multiple solutions and multiple purposes. (Andrew Johnston, Independent Consultant)

    Interview the business to get clarity on business objectives and drivers

    Associated Activity icon 1.1.2 1 hour per interview

    INPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    OUTPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Business representatives, IT representatives

    Identify 2-3 business units that demonstrate enthusiasm for or a positive outlook on improving how organizational data can help them in their role and as a unit.

    Conducting a deep-dive interview process with these key stakeholders will help further identify high-level goals for the data architecture strategy within each business unit. This process will help to secure their support throughout the implementation process by giving them a sense of ownership.

    Key Interview Questions:

    1. What are your primary activities? What do you do?
    2. What challenges do you have when completing your activities?
    3. How is poor data impacting your job?
    4. If [your selected domain]’s data is improved, what business issues would this help solve?

    Request background information and documentation from stakeholders regarding the following:

    • What current data management policies and processes exist (that you know of)?
    • Who are the data owners and end users?
    • Where are the data sources within the department stored?
    • Who has access to these data sources?
    • Are there existing or ongoing data issues within those data sources?

    Interview the enterprise architect to get input on the drivers of the business

    Associated Activity icon 1.1.3 2 hours

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Data architecture improvements need to be driven by business need.

    Instructions

    As you work through Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, consult with the enterprise architect or equivalent to assist you in rating the importance of each of the symptoms of the business drivers. This will help you provide greater value to the business and more aligned objectives.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    Once you know what that need is, go to Step 2.

    Phase 1, Step 2: Establish Actionable Tactics to Optimize Data Architecture

    PHASE 1

    1.11.2
    Identify Your Business Driver for Optimizing Data ArchitectureDetermine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand Info-Tech’s five-tier data architecture to begin focusing your architectural optimization.
    • Create your Data Architecture Optimization Template to plan your improvement tactics.
    • Prioritize your tactics based on the five-tier architecture to plan optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect
    • DBAs

    Outcomes of this step

    • A tactical and prioritized plan for optimizing the organization’s data architecture according to the needs of the business.

    To plan a business-driven architecture, data architects need to keep the organization’s big picture in mind

    Remember… Architecting an organization involves alignment, planning, road mapping, design, and change management functions.

    Data architects must be heavily involved with:

    • Understanding the short- and long-term visions of the business to develop a vision for the organization’s data architecture.
    • Creating processes for governing the identification, collection, and use of accurate and valid data, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    To do this, you need a framework. A framework provides you with the holistic view of the organization’s data environment that you can use to design short- and long-term tactics for improving the use of data for the needs of the business.

    Use Info-Tech’s five-tier data architecture to model your environment in a logical, consumable fashion.

    Info-Tech Best Practice

    The more complicated an environment is, the more need there is for a framework. Being able to pick a starting point and prioritize tasks is one of the most difficult, yet most essential, aspects of any architect’s role.

    The five tiers of an organization’s data architecture support the use of data throughout its lifecycle

    Info-Tech’s five-tier data architecture model summarizes an organization’s data environment at a logical level. Data flows from left to right, but can also flow from the presentation layer back to the warehousing layer for repatriation of data.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'; 'Integration and Translation' which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM', and 'Data Lakes & Warehouse(s) (Derived Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', 'BI Tools', and the 'Protected Zone: Data Marts - BDG Class Ref. MDM'; and 'Presentation' which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'.

    Use the Data Architecture Optimization Template to build your improvement roadmap

    Supporting Tool icon 1.2 Data Architecture Optimization Template

    Download the Data Architecture Optimization Template.

    Overview

    Use this template to support your team in creating a tactical strategy for optimizing your data architecture across the five tiers of the organization’s architecture. This template can be used to document your organization’s most pressing business driver, the reasons for optimizing data architecture according to that driver, and the tactics that will be employed to address the shortcomings in the architecture.

    Sample of Info-Tech’s Data Architecture Optimization Template. Info-Tech’s Data Architecture Optimization Template Table of Contents
    1. Build Your Current Data Architecture Logical Model Use this section to document the current data architecture situation, which will provide context for your plan to optimize your data architecture.
    2. Optimization Plan Use this section to document the tactics that will be employed to optimize the current data architecture according to the tactic pattern identified by the business driver.

    Fill out as you go

    As you read about the details of the five-tier data architecture model in the following slides, start building your current logical data architecture model by filling out the sections that correspond to the various tiers. For example, if you identified that the most pressing business driver is becoming compliant with regulations, document the sources of data required for compliance, as well as the warehousing strategy currently being employed. This will help you to understand the organization’s data architecture at a logical level.

    Tier 1 represents all of the sources of your organization’s data

    Tier 1 of Info-Tech's Five Tier Data Architecture, 'Sources', which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'.
    –› Data to integration layer

    Tier 1 is where the data enters the organization.

    All applications, data documents such as MS Excel spreadsheets, documents with table entries, manual extractions from other document types, user-level databases including MS Access and MySQL, other data sources, data feeds, big datasets, etc. reside here.

    This tier typically holds the siloed data that is so often not available across the enterprise because the data is held within department-level applications or systems. This is also the layer where transactions and operational activities occur and where data is first created or ingested.

    There are any number of business activities from transactions through business processes that require data to flow from one system to another, so it is often at this layer we see data created more than once, data corruption occurs, manual re-keying of data from system to system, and spaghetti-like point-to-point connections are built that are often fragile. This is usually the single most problematic area within an enterprise’s data environment. Application- or operational-level (siloed) reporting often occurs at this level.

    Info-Tech Best Practice

    An optimized Tier 1 has the following attributes:

    • Rationalized applications
    • Operationalized database administration
    • Databases governed, monitored, and maintained to ensure optimal performance

    Tier 2 represents the movement of data

    Tier 2 of Info-Tech's Five Tier Data Architecture, 'Integration and Translation', which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'.
    –› Data to Warehouse Environment

    Find out more

    For more information on data integration, see Info-Tech’s Optimize the Organization’s Data Integration Practices blueprint.

    Tier 2 is where integration, transformation, and aggregation occur.

    Regardless of how you integrate your systems and data stores, whether via ETL, ESB, SOA, data hub, ODS, point-to-point, etc., the goal of this layer is to move data at differing speeds for one of two main purposes:

    1) To move data from originating systems to downstream systems to support integrated business processes. This ensures the data is pristine through the process and improves trustworthiness of outcomes and speed to task and process completion.

    2) To move data to Tier 3 - The Data Warehouse Architecture, where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store.

    Also, this is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data masking, scrambling, aggregation, cleansing and matching, and other data related blending tasks occur at this layer.

    Info-Tech Best Practice

    An optimized Tier 2 has the following attributes:

    • Business data glossary is leveraged
    • ETL is governed
    • ETL team is empowered
    • Data matching is facilitated
    • Canonical data model is present

    Tier 3 is where data comes together from all sources to be stored in a central warehouse environment

    Tier 3 is where data rests in long-term storage.

    This is where data rests (long-term storage) and also where an enterprise’s information, documents, digital assets, and any other content types are stored. This is also where derived and contrived data creations are stored for re-use, and where formulas, thought models, heuristics, algorithms, report styles, templates, dashboard styles, and presentations-layer widgets are all stored in the enterprise information management system.

    At this layer there may be many technologies and many layers of security to reflect data domains, classifications, retention, compliance, and other data needs. This is also the layer where data lakes exist as well as traditional relational databases, enterprise database systems, enterprise content management systems, and simple user-level databases.

    Info-Tech Best Practice

    An optimized Tier 3 has the following attributes:

    • Data warehouse is governed
    • Data warehouse operations and planning
    • Data library is comprehensive
    • Four Rosetta Stones of data are in place: BDG, data classification, reference data, master data.
    Data from integration layer –›
    Tier 3 of Info-Tech's Five Tier Data Architecture, 'Data Warehouse Environment' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM'.
    –› Analytics

    Find out more

    For more information on Data Warehousing, see Info-Tech’s Build an Extensible Data Warehouse Foundation and Drive Business Innovation With a Modernized Data Warehouse Environment blueprints.

    Tier 4 is where knowledge and insight is born

    Tier 4 represents data being used for a purpose.

    This is where you build fit-for-purpose data sets (marts, cubes, flat files) that may now draw from all enterprise data and information sources as held in Tier 3. This is the first place where enterprise views of all data may be effectively done and with trust that golden records from systems of record are being used properly.

    This is also the layer where BI tools get their greatest use for performing analysis. Unlike Tier 3 where data is at rest, this tier is where data moves back into action. Data is brought together in unique combinations to support reporting, and analytics. It is here that the following enterprise analytic views are crafted:
    Exploratory, Inferential, Causal, Comparative, Statistical, Descriptive, Diagnostic, Hypothesis, Predictive, Decisional, Directional, Prescriptive

    Info-Tech Best Practice

    An optimized Tier 4 has the following attributes:

    • Reporting meets business needs
    • Data mart operations are in place
    • Governance of data marts, cubes, and BI tools in place
    Warehouse Environment –›
    Tier 4 of Info-Tech's Five Tier Data Architecture, 'Analytics', which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'.
    –› Presentation

    Find out more

    For more information on BI tools and strategy, see Info-Tech’s Select and Implement a Business Intelligence and Analytics Solution and Build a Next Generation BI with a Game-Changing BI Strategy blueprints.

    The presentation layer, Tier 5, is where data becomes presentable information

    Tier 5 represents data in knowledge form.

    This is where the data and information combine in information insight mapping methods (presentations, templates, etc.). We craft and create new ways to slice and dice data in Tier 4 to be shown and shared in Tier 5.

    Templates for presenting insights are extremely valuable to an enterprise, both for their initial use, and for the ability to build deeper, more insightful analytics. Re-use of these also enables maximum speed for sharing, consuming the outputs, and collective understanding of these deeper meanings that is a critical asset to any enterprise. These derived datasets and the thought models, presentation styles, templates, and other derived and contrived assets should be repatriated into the derived data repositories and the enterprise information management systems respectively as shown in Tier 3.

    Find out more

    For more information on enterprise content management and metadata, see Info-Tech’s Develop an ECM Strategy and Break Open Your DAM With Intuitive Metadata blueprints.

    Tier 5 of Info-Tech's Five Tier Data Architecture, 'Presentation', which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'. The 'Repatriation of data' feeds the derived data back into Warehousing.

    Info-Tech Best Practice

    An optimized Tier 5 has the following attributes:

    • Metadata creation is supervised
    • Metadata is organized
    • Metadata is governed
    • Content management capabilities are present

    Info-Tech Insight

    Repatriation of data and information is an essential activity for all organizations to manage organizational knowledge. This is the activity where information, knowledge, and insights that are stored in content form are moved back to the warehousing layer for long-term storage. Because of this, it is crucial to have an effective ECM strategy as well as the means to find information quickly and efficiently. This is where metadata and taxonomy come in.

    As a data architect, you must prioritize your focus according to business need

    Determine your focus.

    Now that you have an understanding of the drivers requiring data architecture optimization, as well as the current data architecture situation at your organization, it is time to determine the actions that will be taken to address the driver.

    1. Business driver

    Screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.
    Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan

    3. Documented tactic plan

    Data Architecture Optimization Template

    2. Tactics across the five tiers

    Another screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.

    The next four slides provide an overview of the priorities that accompany the four most common business drivers that require updates to a stale data architecture.

    Business driver #1: Adding a new functionality to an application can have wide impacts on data architecture

    Does the business wants to add a new application or supplement an existing application with a new functionality?

    Whether the business wants to gain better customer intimacy, achieve operational excellence, or needs to change its compliance and reporting strategy, the need for collecting new data through a new application or a new functionality within an existing application can arise. This business driver has the following attributes:

    • Often operational oriented and application driven.
    • An application is changed through an application version upgrade, migration to cloud, or application customization, or as a result of application rationalization or changes in the way that application data is generated.
    • However, not all new functionalities trigger this scenario. Non-data-related changes, such as a new interface, new workflows, or any other application functionality changes that do not involve data, will not have data architecture impacts.
    Stock photo of someone using a smartphone with apps.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality. Tactics for this business driver should address the following pattern:
    Tiers 1 and 2 highlighted.

    Business driver #2: Organizations today are looking to become more data driven

    Does the business wants to better leverage its data?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    “Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” (Carl Anderson, Creating a Data-Driven Organization)

    Tactics for this business driver should address the following pattern:
    Tiers 3, 4, and 5 highlighted.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality.
    Stock photo of someone sitting at multiple computers with analytics screens open.
    • This scenario is typically project driven and analytical oriented.
    • The business is looking to leverage data and information by processing data through BI tools and self-service.
    • Example: The organization wants to include new third-party data, and needs to build a new data mart to provide a slice of data for analysis.

    Business driver #3: Risk and compliance demands can put pressure on outdated architectures

    Is there increasing pressure on the business to maintain compliance requirements as per regulations?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    There are different types of requirements:
    • Can be data-element driven. For example, PII, PHI are requirements around data elements that are associated with personal and health information.
    • Can be process driven. For example, some requirements restrict data read/write to certain groups.
    Stock photo of someone pulling a block out of a Jenga tower.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture where data is stored: at the sources, the warehouse environment, and analytics layer. Tactics for this business driver should address the following pattern:
    Tiers 1, 3, and 4 highlighted.

    Business driver #4: Mergers and acquisitions can require a restructuring of the organization’s data architecture

    Is the organization looking to acquire or merge with another organization or line of business?

    There are three scenarios that encompass the mergers and acquisitions business driver for data architecture:

    1. The organization acquires/merges with another organization and wants to integrate the data.
    2. The organization acquires/merges a subset of an organization (a line of business, for example) and wants to integrate the data.
    3. The organization acquires another organization for competitive purposes, and does not need to integrate the data.
    Regardless of what scenario your organization falls into, you must go through the same process of identifying the requirements for the new data:
    1. Understand what data you are getting.
      The business may acquire another organization for the data, for the technology, and/or for algorithms (for example). If the goal is to integrate the new data, you must understand if the data is unstructured, structured, how much data, etc.
    2. Plan for the integration of the new data into your environment.
      Do you have the expertise in-house to integrate the data? Database structures and systems are often mismatched (for example, acquired company could have an Oracle database whereas you are an SAP shop) and this may require expertise from the acquired company or a third party.
    3. Integrate the new data.
      Often, the extraction of the new data is the easy part. Transforming and loading the data is the difficult and costly part.
    “As a data architect, you must do due diligence of the acquired firm. What are the workflows, what are the data sources, what data is useful, what is useless, what is the value of the data, and what are the risks of embedding the data?” (Anonymous Mergers and Acquisitions Consultant)
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier, the warehousing layer, and analytics. Tiers 1, 3, and 4 highlighted.

    Determine your tier priority pattern and the tactics that you should address based on the business drivers

    Associated Activity icon 1.2.1 30 minutes

    INPUT: Business driver assessment

    OUTPUT: Tactic pattern and tactic plan

    Materials: Data Architecture Driver Pattern Identification Tool, Data Architecture Optimization Template

    Participants: Data architect, Enterprise architect

    Instructions
    1. After you have assessed the organization’s business driver on Tab 1. Driver Identification, move to Tab 2. Tactic Pattern Plan.
    2. Here, you will find a summary of the business driver that applies to you, as well as the tier priority pattern that will help you to focus your efforts for data architecture.
    3. Document the Tier Priority Pattern and associated tactics in Section 2. Optimization Plan of the Data Architecture Optimization Plan.
    Screenshot of Data Architecture Driver Tool.
    Data Architecture Driver Tool
    Arrow pointing right. Sample of Data Architecture Optimization Template
    Data Architecture Optimization Template

    Info-Tech Insight

    Our approach will help you to get to the solution of the organization’s data architecture problems as quickly as possible. However, keep in mind that you should still address the other tiers of your data architecture even if they are not part of the pattern we identified. For example, if you need to become more data driven, don’t completely ignore the sources and the integration of data. However, to deliver the most and quickest value, focus on tiers 3, 4, and 5.

    This phase helped you to create a tactical plan to optimize your data architecture according to business priorities

    Phase 1 is all about focus.

    Data architects and those responsible for updating an organization’s data architecture have a wide-open playing field with which to take their efforts. Being able to narrow down your focus and generate an actionable plan will help you provide more value to the organization quickly and get the most out of your data.

      Phase 1
      • Business Drivers
        • Tactic Pattern
          • Tactical Plan

    Now that you have your prioritized tactical plan, move to Phase 2. This phase will help you map these priorities to the essential capabilities and measure where you stack up in these capabilities. This is an essential step in creating your data architecture roadmap and plan for coming years to modernize the organization’s data architecture.

    To identify what the monetary authority needed from its data architecture, Info-Tech helped determine the business driver

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 1

    Prior to receiving new external requirements, the monetary Authority body had been operating with an inefficient system. Outdated legacy systems, reports in paper form, incomplete reports, and stale data from other agencies resulted in slow data access. The new requirements demanded speeding up this process.

    Diagram comparing the 'Original Reporting' requirement of 'Up to 7 days' vs the 'New Requirement' of 'As soon as 1 hour'. The steps of reporting in that time are 'Report Request', 'Gather Data', and 'Make Report'.

    Although the organization understood it needed changes, it first needed to establish what were the business objectives, and which areas of their architecture they would need to focus on.

    The business driver in this case was compliance requirements, which directed attention to the sources, aggregation, and insights tiers.

    Tiers 1, 3, and 4 highlighted.

    Looking at the how the different tiers relate to certain business operations, the organization uncovered the best practise tactics to achieving an optimized data architecture.

    1. Source Tactics: 3. Warehousing Tactics: 4. Analytics Tactics:
    • Identify data sources
    • Ensure data quality
    • Properly catalogue data
    • Properly index data
    • Provide the means for data accessibility
    • Allow for data reduction/space for report building

    Once the business driver had been established, the organization was able to identify the specific areas it would eventually need to evaluate and remedy as needed.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1

    Sample of activity 1.1.1 'Identify the drivers for improving your data architecture'. Identify the business driver that will set the direction of your data architecture optimization plan.

    In this activity, the facilitator will guide the team in identifying the business driver that is creating the need to improve the organization’s data architecture. Data architecture needs to adapt to the changing needs of the business, so this is the most important step of any data architecture improvements.

    1.2.1

    Sample of activity 1.2.1 'Determine your tier priority pattern and the tactics that you should address based on the business drivers'. Determine the tactics that you will use to optimize data architecture.

    In this activity, the facilitator will help the team create a tactical plan for optimizing the organization’s data architecture across the five tiers of the logical model. This plan can then be followed when addressing the business needs.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 2

    Personalize Your Tactics to Optimize Your Data Architecture

    Phase 2 will determine your tactics that you should implement to optimize your data architecture

    Business Drivers
    Each business driver requires focus on specific tiers and their corresponding capabilities, which in turn correspond to tactics necessary to achieve your goal.
    New Functionality Risk and Compliance Mergers and Acquisitions Become More Data Driven
    Tiers 1. Data Sources 2. Integration 3. Warehousing 4. Insights 5. Presentation
    Capabilities Current Capabilities
    Target Capabilities
    Example Tactics Leverage indexes, partitions, views, and clusters to optimize performance.

    Cleanse data source.

    Leverage integration technology.

    Identify matching approach priorities.

    Establish governing principles.

    Install performance enhancing technologies.

    Establish star schema and snowflake principles.

    Share data via data mart.

    Build metadata architecture:
    • Data lineage
    • Sharing
    • Taxonomy
    • Automatic vs. manual creation

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Personalize Your Tactics to Optimize Your Data Architecture

    Proposed Time to Completion: 2 weeks
    Step 2.1: Measure Your Data Architecture Capabilities Step 2.2: Set a Target for Data Architecture Capabilities Step 2.3: Identify the Tactics That Apply to Your Organization
    Start with an analyst kick-off call:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    Review findings with analyst:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    Finalize phase deliverable:
    • Learn about the trends in data architecture that can be leveraged to develop tactics.
    Then complete these activities…
    • Measure your current state across the tiers of the capability model that will help address your business driver.
    Then complete these activities…
    • Measure your target state for the capabilities that will address your business driver.
    Then complete these activities…
    • Review the tactical roadmap that was created with guidance from the capability gap analysis.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Trends Presentation Template

    Phase 2 Results & Insights

    • Data architecture is not just data models. Understand the essential capabilities that your organization needs from its data architecture to develop a tactical plan for optimizing data architecture across its people, processes, and technology.

    Phase 2, Step 1: Measure Your Data Architecture Capabilities

    PHASE 2

    2.1 2.2 2.3
    Measure Your Data Architecture Capabilities Set a Target for Data Architecture Capabilities Identify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • As you walk through the data architecture capability model, measure your current state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    To personalize your tactical strategy, you must measure up your base data architecture capabilities

    What is a capability?

    Capabilities represent a mixture of people, technology, and processes. The focus of capability design is on the outcome and the effective use of resources to produce a differentiating capability or an essential supporting capability.

    To personalize your tactics, you have to understand what the essential capabilities are across the five tiers of an organization’s data architecture. Then, assess where you currently stand in these capabilities and where you need to go in order to build your optimization plan.

    'Capability' as a mixture of 'People', 'Technology', 'Process', and 'Assets'.

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Use Info-Tech’s data architecture capability model as a resource to assess and plan your personalized tactics

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.

    Use the Data Architecture Tactical Roadmap Tool to create a tailored plan of action

    Supporting Tool icon 2.1.1 Data Architecture Tactical Roadmap Tool

    Instructions

    Use the Data Architecture Tactical Roadmap Tool as your central tool to develop a tactical plan of action to optimize the organization’s data architecture.

    This tool contains the following sections:

    1. Business Driver Input
    2. Capability Assessment
    3. Capability Gap Analysis
    4. Tactical Roadmap
    5. Metrics
    6. Initiative Roadmap

    INFO-TECH DELIVERABLE

    Sample of the Info-Tech deliverable Data Architecture Tactical Roadmap Tool.

    Benefits of using this tool:

    • Comprehensive documentation of data architecture capabilities present in leading organizations.
    • Generates an accurate architecture roadmap for your organization that is developed in alignment with the broader enterprise architecture and related architectural domains.

    To create a plan for your data architecture priorities, you must first understand where you currently stand

    Now that you understand the business problem that you are trying to solve, it is time to take action in solving the problem.

    The organization likely has some of the capabilities that are needed to solve the problem, but also a need to improve other capabilities. To narrow down the capabilities that you should focus on, first select the business driver that was identified in Phase 1 in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. This will customize the roadmap tool to deselect the capabilities that are likely to be less relevant to your organization.

    For Example: If you identified your business driver as “becoming more data-driven”, you will want to focus on measuring and building out the capabilities within Tiers 3, 4, and 5 of the capability model.

    Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted.

    Note

    If you want to assess your organization for all of the capabilities across the data architecture capability model, select “Comprehensive Data Architecture Assessment” in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool.

    Determine your current state across the related architecture tiers

    Associated Activity icon 2.1.2 1 hour

    INPUT: Current data architecture capabilities.

    OUTPUT: An idea of where you currently stand in the capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect, Enterprise architect, Business representatives

    Use the Data Architecture Tactical Roadmap Tool to evaluate the baseline and target capabilities of your practice in terms of how data architecture is approached and executed.

    Instructions
    1. Invite the appropriate stakeholders to participate in this exercise.
    2. On Tab 2. Practice Components, assess the current and target states of each capability on a scale of 1–5.
    3. Note: “Ad hoc” implies a capability is completed, but randomly, informally, and without a standardized method.
      These results will set the baseline against which you will monitor performance progress and keep track of improvements over time.
    To assess data architecture maturity, Info-Tech uses the Capability Maturity Model Integration (CMMI) program for rating capabilities on a scale of 1 to 5:

    1 = Initial/Ad hoc

    2 = Developing

    3 = Defined

    4 = Managed and Measurable

    5 = Optimized

    Info-Tech Insight

    Focus on Early Alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Objectively facilitate any debate and only finalize capability assessments when there is full alignment. Remind everyone that data architecture should ultimately serve business needs wherever possible.

    Phase 2, Step 2: Set a Target for Data Architecture Capabilities

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Determine your target state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A holistic understanding of where the organization’s data architecture currently sits, where it needs to go, and where the biggest gaps lie.

    To create a plan for your data architecture priorities, you must also understand where you need to get to in the future

    Keep the goal in mind by documenting target state objectives. This will help to measure the highest priority gaps in the organization’s data architecture capabilities.

    Example driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Current Capabilities Arrow pointing right. Target Capabilities
    Gaps and Priorities
    Stock photo of a hand placing four shelves arranged as stairs. On the first step is a mini-cut-out of a person walking.

    Determine your future state across the relevant tiers of the data architecture capability model

    Associated Activity icon 2.2.1 2 hours

    INPUT: Current state of data architecture capabilities.

    OUTPUT: Target state of data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    The future of data architecture is now.

    Determine the state of data architecture capabilities that the organization needs to reach to address the drivers of the business.

    For example: If you identified your business driver as “becoming more data driven”, you will want to focus on the capabilities within Tiers 3, 4, and 5 of the capability model.

    Driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Target Capabilities

    Identify where gaps in your data architecture capabilities lie

    Associated Activity icon 2.2.2 1 hour

    INPUT: Current and target states of data architecture capabilities.

    OUTPUT: Holistic understanding of where you need to improve data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Visualization of gap assessment of data quality practice capabilities

    To enable deeper analysis on the results of your capability assessment, Tab 4. Capability Gap Analysis in the Data Architecture Tactical Roadmap Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

    Gap Assessment of Data Source Capabilities

    Sample of the Data Architecture Tactical Roadmap Tool, tab 4. Capability Gap Analysis.

    Use Tab 3. Data Quality Practice Scorecard to enhance your data quality project.

    1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
    2. Put these up on display to improve discussion in the gap analyses and prioritization sessions.
    3. Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.

    Phase 2, Step 3: Identify the Tactics That Apply to Your Organization

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Before making your personal tactic plan, identify the trends in data architecture that can benefit your organization.
    • Understand Info-Tech’s data architecture capability model.
    • Initiate the Data Architecture Roadmap Tool to begin creating a roadmap for your optimization plan.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    Capitalize on trends in data architecture before you determine the tactics that apply to you

    Stop here. Before you begin to plan for optimization of the organization’s data environment, get a sense of the sustainability and scalability of the direction of the organization’s data architecture evolution.

    Practically any trend in data architecture is driven by an attempt to solve one or more the common challenges of today’s tumultuous data landscape, otherwise known as “big data.” Data is being produced in outrageous amounts, at very high speeds, and in a growing number of types and structures.

    To meet these demands, which are not slowing down, you must keep ahead of the curve. Consider the internal and external catalysts that might fuel your organization’s need to modernize its data architecture:

    Big Data

    Data Storage

    Advanced analytics

    Unstructured data

    Integration

    Hadoop ecosystem

    The discussion about big data is no longer about what it is, but how do businesses of all types operationalize it.

    Is your organization currently capturing and leveraging big data?

    Are they looking to do so in the near future?

    The cloud

    The cloud offers economical solutions to many aspects of data architecture.

    Have you dealt with issues of lack of storage space or difficulties with scalability?

    Do you need remote access to data and tools?

    Real-time architecture

    Advanced analytics (machine learning, natural language processing) often require data in real-time. Consider Lambda and Kappa architectures.

    Has your data flow prevented you from automation, advanced analytics, or embracing the world of IoT?

    Graph databases

    Self-service data access allows more than just technical users to participate in analytics. NoSQL can uncover buried relationships in your data.

    Has your organization struggled to make sense of different types of unstructured data?

    Is ETL enough?

    What SQL is to NoSQL, ETL is to NoETL. Integration techniques are being created to address the high variety and high velocity of data.

    Have your data scientists wasted too much time and resources in the ETL stage?

    Read the Data Architecture Trends Presentation to understand the current cutting edge topics in data architecture

    Supporting Tool icon 2.1 Data Architecture Trends Presentation

    The speed at which new technology is changing is making it difficult for IT professionals to keep pace with best practices, let alone cutting edge technologies.

    The Info-Tech Data Architecture Trends Presentation provides a glance at some of the more significant innovations in technology that are driving today’s advanced data architectures.

    This presentation also explains how these trends relate to either the data challenges you may be facing, or the specific business drivers you are hoping to bring to your organization.

    Sample of the Data Architecture Trends Presentation.
    Data Architecture Trends Presentation

    Gaps between your current and future capabilities will help you to determine the tactics that apply to you

    Now that you know where the organization currently stands, follow these steps to begin prioritizing the initiatives:

    1. What are you trying to accomplish? Determine target states that are framed in quantifiable objectives that can be clearly communicated. The more specific the objectives are the better.
    2. Evaluate the “delta,” or difference between where the organization currently stands and where it needs to go. This will be expressed in terms of gap closure strategies, and will help clarify the initiatives that will populate the road map.
    3. Determine the relative business value of each initiative, as well as the relative complexities of successfully implementing them. These scores should be created with stakeholder input, and then plotted in an effort/transition quadrant map to determine where the quickest and most valuable wins lie.
    Current State Gap Closure Strategies Target State Data Architecture Tactical Roadmap
    • Organization objectives
    • Functional needs
    • Current operating models
    • Technology assets
    Initiatives involving:
    • Organizational changes
    • Functional changes
    • Technology changes
    • Process changes
    • Performance objectives (revenue growth, customer intimacy, growth of organization)
    • Operating model improvements
    • Prioritized, simplified, and compelling vision of how the organization will optimize data architecture

    (Source: “How to Build a Roadmap”)

    Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Each of the layers of an organization’s data architecture have associated challenges to optimization

    Stop! Before you begin, recognize these “gotchas” that can present roadblocks to creating an effective data architecture environment.

    Before diving headfirst into creating your tactical data architecture plan, documenting the challenges associated with each aspect of the organization’s data architecture can help to identify where you need to focus your energy in optimizing each tier. The following table presents the common challenges across the five tiers:

    Source Tier

    Integration Tier

    Warehousing Tier

    Analytics Tier

    Presentation Tier

    Inconsistent data models Performance issues Scalability of the data warehouse Data currency, flexibility Model interoperability
    Data quality measures: data accuracy, timeliness, accessibility, relevance Duplicated data Infrastructure needed to support volume of data No business context for using the data in the correct manner No business context for using the data in the correct manner
    Free-form field and data values beyond data domain Tokenization and other required data transformations Performance
    Volume
    Greedy consumers can cripple performance
    Insufficient infrastructure
    Inefficiencies in building the data mart Report proliferation/chaos (“kitchen sink dashboards”)
    Reporting out of source systems DB model inefficiencies
    Manual errors;
    Application usability
    Elasticity

    Create metrics before you plan to optimize your data architecture

    Associated Activity icon 2.2.3 1 hour

    INPUT: Tactics that will be used to optimize data architecture.

    OUTPUT: Metrics that can be used to measure optimization success.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Metrics will help you to track your optimization efforts and ensure that they are providing value to the organization.

    There are two types of metrics that are useful for data architects to track and measure: program metrics and project metrics. Program metrics represent the activities that the data architecture program, which is the sum of multiple projects, should help to improve. Project metrics are the more granular metrics that track each project.

    Program Metrics

    • TCO of IT
      • Costs associated with applications, databases, data maintenance
      • Should decrease with better data architecture (rationalized apps, operationalized databases)
    • Cost savings:
      • Retiring a legacy system and associated databases
      • Consolidated licensing
      • Introducing shared services
    • Data systems under maintenance (maintenance burden)
    • End-user data requests fulfilled
    • Improvement of time of delivery of reports and insights

    Project Metrics

    • Percent of projects in alignment with EA
    • Percent of projects compliant with the EA governance process (architectural due diligence rate)
    • Reducing time to market for launching new products
      • Reducing human error rates
      • Speeding up order delivery
      • Reducing IT costs
      • Reducing severity and frequency of security incidents

    Use Tab 6. Metrics of the Data Architecture Tactical Roadmap Tool to document and track metrics associated with your optimization tactics.

    Use Info-Tech’s resources to build your data architecture capabilities

    The following resources from Info-Tech can be used to improve the capabilities that were identified as having a gap. Read more about the details of the five-tier architecture in the blueprints below:

    Data Governance

    Data architecture depends on effective data governance. Use our blueprint, Enable Shared Insights With an Effective Data Governance Engine to get more out of your architecture.

    Data Quality

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach.

    Master Data Management

    When you start your data governance program, you will quickly realize that you need an effective MDM strategy for managing your critical data assets. Use our blueprint, Develop a Master Data Management Strategy and Roadmap to Better Monetize Data to get started with MDM.

    Data Warehouse

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Drive Business Innovation With a Modernized Data Warehouse Environment.

    With the optimal tactics identified, the monetary authority uncovered areas needing improvement

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 2

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Best Practice Tactic Current State Solution
    Tier 1 - Data Sources Identify data sources Data coming from a number of locations. Create data model for old and new systems.
    Ensure data quality Internal data scanned from paper and incomplete. Data cleansing and update governance and business rules for migration to new system.
    External sources providing conflicting data.
    Tier 3 - Data Warehousing Data catalogue Data aggregated incompletely. Built proper business data glossary for searchability.
    Indexing Data warehouse performance sub-optimal. Architected data warehouse for appropriate use (star schema).
    Tier 4 - Data Analytics Data accessibility Relevant data buried in warehouse. Build data marts for access.
    Data reduction Accurate report building could not be performed in current storage. Built interim solution sandbox, spin up SQL database.

    Establishing these solutions provided the organization with necessary information to build their roadmap and move towards implementing an optimized data architecture.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 – 2.2.2

    Sample of activities 2.1.1 and 2.2.2, the first being 'Determine your current state across the related architecture tiers'. Evaluate your current capabilities and design your target data quality practice from two angles

    In this assessment and planning activity, the team will evaluate the current and target capabilities for your data architecture’s ability to meet business needs based on the essential capabilities across the five tiers of an organization’s architectural environment.

    2.2.3

    Sample of activity 2.2.3 'Create metrics before you plan to optimize your data architecture'. Create metrics to track the success of your optimization plan.

    The Info-Tech facilitator will guide you through the process of creating program and project metrics to track as you optimize your data architecture. This will help to ensure that the tactics are helping to improve crucial business attributes.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 3

    Create Your Tactical Data Architecture Roadmap

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create Your Tactical Data Architecture Roadmap

    Proposed Time to Completion: 2 weeks
    Step 3.1: Personalize Your Data Architecture RoadmapStep 3.2: Manage Your Data Architecture Decisions and the Resulting Changes
    Start with an analyst kick-off call:
    • Review the tactical plan that addresses the business drivers by optimizing your data architecture in the relevant focus areas.
    Review findings with analyst:
    • Discuss and review the roadmap of optimization activities, including dependencies, timing, and ownership of activities.
    • Understand how change management is an integral aspect of any data architecture optimization plan.
    Then complete these activities…
    • Create your detailed data architecture initiative roadmap.
    Then complete these activities…
    • Create your Data Architecture Decision Template to document the changes that are going to be made to optimize your data architecture environment.
    • Review how change management fits into the data architecture improvement program.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Decision Template

    Phase 3 Results & Insights

    • Phase 3 will help you to build a personalized roadmap and plan for optimizing data architecture in your organization. In carrying out this roadmap, changes will, by necessity, occur. Therefore, an integral aspect of a data architect’s role is change management. Use the resources included in Phase 3 to smoothen the change management process.

    Phase 3, Step 1: Personalize Your Data Architecture Roadmap

    PHASE 3

    3.1 3.2
    Personalize Your Data Architecture Roadmap Manage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • Determine the timing, effort, and ownership of the recommended optimization initiatives.
    • Brainstorm initiatives that are not yet on the roadmap but apply to you.

    This step involves the following participants:

    • Data Architect
    • DBAs
    • Enterprise Architect

    Outcomes of this step

    • A roadmap of specific initiatives that map to the tactical plan for optimizing your organization’s data architecture.
    • A plan for communicating high-level business objectives to data workers to address the issues of the business.

    Now that you have tactical priorities, identify the actionable steps that will lead you to an optimized data architecture

    Phase 1 and 2 helped you to identify tactics that address some of the most common business drivers. Phase 3 will bring you through the process of practically planning what those tactics look like in your organization’s environment and create a roadmap to plan how you will generate business value through optimization of your data architecture environment.

    Diagram of the three phases and the goals of each one. The first phase says 'Identify your data architecture business driver' and highlights 'Business Driver 3' out of four to focus on in Phase 2. Phase 2 says 'Optimization tactics across the five-tier logical data architecture' and identifies four of six 'Tactics' to use in Phase 3. Phase 3 is a 'Practical Roadmap of Initiatives' and utilizes a timeline of initiatives in which to apply the chosen tactics.

    Use the Data Architecture Tactic Roadmap Tool to personalize your roadmap

    Supporting Tool icon 3.1.1 Data Architecture Tactic Roadmap Tool
    Generating Your Roadmap
    1. On Tab 5. Tactic and Initiative Planning, you will find a list of tactics that correspond to every capability that applies to your chosen driver and where there is a gap. In addition, each tactic has a sequence of “Suggested Initiatives,” which represent the best-practice steps that you should take to optimize your data architecture according to your priorities and gaps.
    2. Customize this list of initiatives according to your needs.
    3. The Gantt chart is generated in Tab 7. Initiative Roadmap, and can be used to organize your plan and ensure that all of the essential aspects of optimizing data architecture are addressed.
    4. The roadmap can be used as an “executive brief” roadmap and as a communication tool for the business.
    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning.
    Tab 5. Tactic and Initiative Planning

    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap.
    Tab 7. Initiative Roadmap

    Determine the details of your data architecture optimization activities

    Associated Activity icon 3.1.2 1 hour

    INPUT: Timing of initiatives for optimizing data architecture.

    OUTPUT: Optimization roadmap

    Materials: Data Architecture Tactic Roadmap Tool

    Participants: Data architect, Enterprise Architect

    Instructions

    1. With the list of suggested activities in place on Tab 5. Tactic and Initiative Planning, select whether or not the initiatives will be included in the roadmap. By default, all of the initiatives are set to “Yes.”
    2. Plan the sequence, starting time, and length of each initiative, as well as the assigned responsibility of the initiative in Tab 5. Tactic and Initiative Planning of the Data Architecture Tactic Roadmap Tool.
    3. The tool will a generate a Gantt chart based on the start and length of your initiatives.
    4. The Gantt chart is generated in Tab 7. Initiative Roadmap.
    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning. Tab 5. Tactic and Initiative Planning Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap. Tab 7. Initiative Roadmap

    Info-Tech Insight

    The activities that populate the roadmap can be taken as best practice activities. If you want an actionable, comprehensive, and prescriptive plan for optimizing your data architecture, fill in the timing of the activities and print the roadmap. This can serve as a rapid communication tool for your data architecture plan to the business and other architects.

    Optimizing data architecture relies on communication between the business and data workers

    Remember: Data architects bridge the gap between strategic and technical requirements of data.

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    Therefore, as you plan the data and its interactions with applications, it is imperative that you communicate the plan and its implications to the business and the data workers. Stock photo of coworkers communicating.
    Also remember: In Phase 1, you built your tactical data architecture optimization plan.
    Sample 1 of the Data Architecture Optimization Template. Sample 2 of the Data Architecture Optimization Template.
    Use this document to communicate your plan for data architecture optimization to both the business and the data workers. Socialize this document as a representation of your organization’s current data architecture as well as where it is headed in the future.

    Communicate your data architecture optimization plan to the business for approval

    Associated Activity icon 3.1.3 2 hours

    INPUT: Data Architecture Tactical Roadmap

    OUTPUT: Communication plan

    Materials: Data Architecture Optimization Template

    Participants: Data Architect, Business representatives, IT representatives

    Instructions

    Begin by presenting your plan and roadmap to the business units who participated in business interviews in activity 1.1.3 of Phase 1.

    If you receive feedback that suggests that you should make revisions to the plan, consult Info-Tech Research Group for suggestions on how to improve the plan.

    If you gain approval for the plan, communicate it to DBAs and other data workers.

    Iterative optimization and communication plan:
    Visualization of the Iterative optimization and communication plan. 'Start here' at 'Communicate Plan and Roadmap to the Business', and then continue in a cycle of 'Receive Approval or Suggested Modifications', 'Get Advice for Improvements to the Plan', 'Revise Plan', and back to the initial step until you receive 'Approval', then 'Present to Data Workers'.

    With a roadmap in place, the monetary authority followed a tactical and practical plan to repair outdated data architecture

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 3

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Challenge

    A monetary authority was placed under new requirements where it would need to produce 6 different report types on its clients to a regulatory body within a window potentially as short as 1 hour.

    With its current capabilities, it could complete such a task in roughly 7 days.

    The organization’s data architecture was comprised of legacy systems that had poor searchability. Moreover, the data it worked with was scanned from paper, regularly incomplete and often inconsistent.

    Solution

    The solution first required the organization to establish the business driver behind the need to optimize its architecture. In this case, it would be compliance requirements.

    With Info-Tech’s methodology, the organization focused on three tiers: data sources, warehousing, and analytics.

    Several solutions were developed to address the appropriate lacking capabilities. Firstly, the creation of a data model for old and new systems. The implementation of governance principles and business rules for migration of any data. Additionally, proper indexing techniques and business data glossary were established. Lastly, data marts and sandboxes were designed for data accessibility and to enable a space for proper report building.

    Results

    With the solutions established, the monetary authority was given information it needed to build a comprehensive roadmap, and is currently undergoing the implementation of the plan to ensure it will experience its desired outcome – an optimized data architecture built with the capacity to handle external compliance requirements.

    Phase 3, Step 2: Manage Your Data Architecture Decisions and the Resulting Changes

    PHASE 3

    3.13.2
    Personalize Your Data Architecture RoadmapManage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • With a plan in place, document the major architectural decisions that have been and will be made to optimize data architecture.
    • Create a plan for change and release management, an essential function of the data architect role.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • Resources for documenting and managing the inevitable change associated with updates to the organization’s data architecture environment.

    To implement data architecture changes, you must plan to accommodate the issues that come with change

    Once you have a plan in place, one the most challenging aspects of improving an organization is yet to come…overcoming change!

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    Stock photo of multiple hands placing app/website design elements on a piece of paper.

    Create roadmap

    Arrow pointing down.

    Communicate roadmap

    Arrow pointing down.

    Implement roadmap

    Arrow pointing down.

    Change management

    Use the Data Architecture Decision Template when architectural changes are made

    Supporting Tool icon 3.2 Data Architecture Decision Template
    Document the architectural decisions made to provide context around changes made to the organization’s data environment.

    The goal of this Data Architecture Decision Template is to provide data architects with a template for managing the changes that accompany major architectural decisions. As you work through the Build a Business-Aligned Data Architecture Optimization Strategy blueprint, you will create a plan for tactical initiatives that address the drivers of the business to optimize your data architecture. This plan will bring about changes to the organization’s data architecture that need change management considerations.

    Document any major changes to the organization’s data architecture that are required to evolve with the organization’s drivers. This will ensure that major architectural changes are documented, tracked, and that the context around the decision is maintained.

    “Environment is very chaotic nowadays – legacy apps, sprawl, ERPs, a huge mix and orgs are grappling with what our data landscape look like? Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    Sample of the Data Architecture Decision Template.

    Use Info-Tech’s Data Architecture Decision Template to document any major changes in the organization’s data architecture.

    Leverage Info-Tech’s resources to smooth change management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the change management considerations that come with major architectural decisions.

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    See Info-Tech’s resources on change management to smooth changes:
    Banner for the blueprint set 'Optimize Change Management' with subtitle 'Turn and face the change with a right-sized change management process'.
    Sample of the Optimize Change Management blueprint.

    Change Management Blueprint

    Sample of the Change Management Roadmap Tool.

    Change Management Roadmap Tool

    Use Info-Tech’s resources for effective release management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the release management considerations around new hardware and software releases or updates.

    Release management is a process that encompasses the planning, design, build, configuration, and testing of hardware and software releases to create a defined set of release components (ITIL). Release activities can include the distribution of the release and supporting documentation directly to end users. See Info-Tech’s resources on Release Management to smooth changes:

    Banner for the blueprint set 'Take a Holistic View to Optimize Release Management' with subtitle 'Build trust by right-sizing your process using appropriate governance'.
    Samples of the Release Management blueprint.

    Release Management Blueprint

    Sample of the Release Management Process Standard Template.

    Release Management Process Standard Template

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1

    Sample of activity 3.1.2 'Determine the timing of your data architecture optimization activities'. Create your personalized roadmap of activities.

    In this activity, the facilitator will guide the team in evaluating practice gaps highlighted by the assessment, and compare these gaps at face value so general priorities can be documented. The same categories as in 3.1.1 are considered.

    3.1.3

    Sample of activity 3.1.3 'Communicate your Data Architecture Optimization Plan to the business for approval'. Communicate your data architecture optimization plan.

    The facilitator will help you to identify the optimal medium and timing for communicating your plan for optimizing your data architecture.

    Insight breakdown

    Insight 1

    • Data architecture needs to evolve along with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.

    Insight 2

    • Data architecture is not just about models.
      Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.

    Insight 3

    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of what data architecture is, how data architects can provide value to the organization, and how data architecture fits into the larger enterprise architecture picture.
    • The capabilities required for optimization of the organization’s data architecture across the five tiers of the logical data architecture model.

    Processes Optimized

    • Prioritization and planning of data architect responsibilities across the five tiers of the five-tier logical data architecture model.
    • Roadmapping of tactics that address the most common business drivers of the organization.
    • Architectural change management.

    Deliverables Completed

    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template
    • Data Architecture Trends Presentation
    • Data Architecture Roadmap Tool
    • Data Architecture Decision Template

    Research contributors and experts

    Photo of Ron Huizenga, Senior Product Manager, Embarcadero Technologies, Inc. Ron Huizenga, Senior Product Manager
    Embarcadero Technologies, Inc.

    Ron Huizenga has over 30 years of experience as an IT executive and consultant in enterprise data architecture, governance, business process reengineering and improvement, program/project management, software development, and business management. His experience spans multiple industries including manufacturing, supply chain, pipelines, natural resources, retail, healthcare, insurance, and transportation.

    Photo of Andrew Johnston, Architect, Independent Consultant. Andrew Johnston, Architect Independent Consultant

    An independent consultant with a unique combination of managerial, commercial, and technical skills, Andrew specializes in the development of strategies and technical architectures that allow businesses to get the maximum benefit from their IT resources. He has been described by clients as a "broad spectrum" architect, summarizing his ability to engage in many problems at many levels.

    Research contributors

    Internal Contributors
    Logo for Info-Tech Research Group.
    • Steven J. Wilson, Senior Director, Research & Advisory Services
    • Daniel Ko, Research Manager
    • Bernie Gilles, Senior Director, Research & Advisory Services
    External Contributors
    Logo for Embarcadero.
    Logo for Questa Computing. Logo for Geha.
    • Ron Huizenga, Embercardo Technologies
    • Andrew Johnston, Independent Consultant
    • Darrell Enslinger, Government Employees Health Association
    • Anonymous Contributors

    Bibliography

    Allen, Mark. “Get the ETL Out of Here.” MarkLogic. Sep, 2016. Web. 25 Apr 2017.[http://www.marklogic.com/blog/get-the-etl-out-of-here/]

    Anadiotis, George. “Streaming hot: Real-time big data architecture matters.” ZDNet. Jan, 2017. Web. 25 Apr 2017. [http://www.zdnet.com/article/streaming-hot-real-time-big-data-architecture-matters/]

    Aston, Dan. “The Economic value of Enterprise Architecture and How to Show It.” Erwin. Aug, 2016. Web. 20 Apr 2017. [http://erwin.com/blog/economic-value-enterprise-architecture-show/]

    Baer, Tony. “2017 Trends to Watch: Big Data.” Ovum. Nov, 2016. Web. 25 Apr 2017.

    Bmc. “Benefits & Advantages of Hadoop.” Bmc. Web. 25 Apr 2017. [http://www.bmcsoftware.ca/guides/hadoop-benefits-business-case.html]

    Boyd, Ryan, et al. “Relational vs. Graph Data Modeling” DZone. Mar 2016. Web. 25 Apr 2017. [https://dzone.com/articles/relational-vs-graph-data-modeling]

    Brahmachar, Satya. “Theme To Digital Transformation - Journey to Data Driven Enterprise” Feb, 2015. Web. 20 Apr 2017. [http://satyabrahmachari-thought-leader.blogspot.ca/2015/02/i-smac-theme-to-digital-transformation.html]

    Capsenta. “NoETL.” Capsenta. Web. 25 Apr 2017. [https://capsenta.com/wp-content/uploads/2015/03/Capsenta-Booklet.pdf]

    Connolly, Shaun. “Implementing the Blueprint for Enterprise Hadoop” Hortonworks. Apr, 2014. Web. 25 Apr 2017. https://hortonworks.com/blog/implementing-the-blue...

    Forbes. “Cloud 2.0: Companies Move From Cloud-First To Cloud-Only.” Forbes. Apr, 2017. Web. 25 Apr 2017. [https://www.forbes.com/sites/vmware/2017/04/07/cloud-2-0-companies-move-from-cloud-first-to-cloud-only/#5cd9d94a4d5e]

    Forgeat, Julien. “Lambda and Kappa.” Ericsson. Nov 2015. Web 25 Apr 2017. [https://www.ericsson.com/research-blog/data-knowledge/data-processing-architectures-lambda-and-kappa/]

    Grimes, Seth. “Is It Time For NoETL?” InformationWeek. Mar, 2010. Web. 25 Apr 2017. [http://www.informationweek.com/software/information-management/is-it-time-for-noetl/d/d-id/1087813]

    Gupta, Manav. et al. “How IB‹ leads in building big data analytics solutions in the cloud.” IBM. Feb, 2016. Web. 25 Apr 2017. [https://www.ibm.com/developerworks/cloud/library/cl-ibm-leads-building-big-data-analytics-solutions-cloud-trs/index.html#N102DE]

    “How To Build A Roadmap.” Hub Designs Magazine. Web 25 Apr 2017. [https://hubdesignsmagazine.com/2011/03/05/how-to-build-a-roadmap/]

    IBM. “Top industry use cases for stream computing.” IBM. Oct, 2015. Web. 25 Apr 2017. [https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=IMW14704USEN]

    Mateos-Garcia, Juan, et al. “Skills Of The Datavores.” Nesta. July. 2015. Web. 8 Aug 2016. [https://www.nesta.org.uk/sites/default/files/skills_of_the_datavores.pdf].

    Maynard, Steven. “Analytics: Don’t Forget The Human Element” Forbes. 2015. Web. 20 Apr. 2017. [http://www.ey.com/Publication/vwLUAssets/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015/$FILE/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015.pdf]

    Neo4j. “From Relational to Neo4j.” Neo4j. Web. 25 Apr 2017. [https://neo4j.com/developer/graph-db-vs-rdbms/#_from_relational_to_graph_databases]

    NoETL “NoETL.” NoETL. Web. 25 Apr 2017. [http://noetl.org/]

    Nolan, Roger. “Digital Transformation: Is Your Data Management Ready?” Informatica. Jun, 2016. Web. 20 Apr 2017. [https://blogs.informatica.com/2016/06/10/digital-transformation-data-management-ready/#fbid=hmBYQgS6hnm]

    OpsClarity. “2016 State of Fast Data & Streaming Applications.” OpsClarity. Web. 25 Apr 2017. [https://www.opsclarity.com/wp-content/uploads/2016/07/2016FastDataSurvey.pdf]

    Oracle. “A Relational Database Overview.” Oracle. Web. 25 Apr 2017. [https://docs.oracle.com/javase/tutorial/jdbc/overview/database.html]

    Ponemon Institute LLC. “Big Data Cybersecurity Analytics Research Repor.t” Cloudera. Aug, 2016. Web. 25 Apr 2017. [https://www.cloudera.com/content/dam/www/static/documents/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf]

    Sanchez, Jose Juan. “Data Movement Killed the BI Star.” DV Blog. May, 2016. Web. 20 Apr. 2017. [http://www.datavirtualizationblog.com/data-movement-killed-the-bi-star/]

    SAS. “Hadoop; What it is and why does it matter?” SAS. Web. 25 Apr 2017. [https://www.sas.com/en_ca/insights/big-data/hadoop.html#hadoopusers]

    Schumacher, Robin. “A Quick Primer on graph Databases for RDBMS Professionals.” Datastax. Jul, 2016. Web. 25 Apr 2017. [http://www.datastax.com/2016/07/quick-primer-on-graph-databases-for-rdbms-professionals]

    Swoyer, Steve. “It’s the End of the Data Warehouse as We Know It.” TDWI. Jan, 2017. Web. 20 Apr. 2017. [https://upside.tdwi.org/articles/2017/01/11/end-of-the-data-warehouse-as-we-know-it.aspx]

    Webber, Jim, and Ian Robinson. “The Top 5 Use Cases of Graph Databases.” Neo4j. 2015. Web. 25 Apr 2017. [http://info.neo4j.com/rs/773-GON-065/images/Neo4j_Top5_UseCases_Graph%20Databases.pdf]

    Zachman Framework. [https://www.zachman.com/]

    Zupan, Jane. “Survey of Big Data Decision Makers.” Attiv/o. May, 2016. Web. 20 Apr 2017. [https://www.attivio.com/blog/post/survey-big-data-decision-makers]

    COVID-19 Work Status Tracking Guide

    • Buy Link or Shortcode: {j2store}594|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Keeping track of the multiple and frequently changing work arrangements on your team.
    • Ensuring you have a fast and easy way to keep an up-to-date record of where and how employees are working.

    Our Advice

    Critical Insight

    • During these critical times, keeping track of employees’ work status doesn’t have to be complicated – the right tool is one that does the job.
    • Keeping track of your employees is a health and safety issue – deployed well, it is an aid in keeping the business running and an additional communication channel, not a sign of lack of trust.

    Impact and Result

    • An Excel spreadsheet is all you need to ensure you have a way to record work arrangements that can change by the day.
    • An easy-to-use tool means minimal administrative overhead to ensuring you have this critical information at hand.

    COVID-19 Work Status Tracking Guide Research & Tools

    Start here – read the Work Status Tracking Guide

    Read our recommendations and use the accompanying tool to quickly get a handle on your team’s work arrangements.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • COVID-19 Work Status Tracking Guide Storyboard
    • COVID-19 Work Status Tracking Tool
    [infographic]