Application Development Quality
- Buy Link or Shortcode: {j2store}26|cart{/j2store}
- Parent Category Name: Applications
- Parent Category Link: /applications
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand your applications team.
Understand your stakeholders.
Design and plan your applications strategy.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the expectations, structure, and dynamics of your applications team.
Review your team’s current capacity.
Gauge the team’s effectiveness to execute their operating model.
Clear understanding of the current responsibilities and accountabilities of your teams.
Identification of improvement opportunities based on your team’s performance.
1.1 Define your team’s role and responsibilities.
1.2 Understand your team’s application and project portfolios.
1.3 Understand your team’s values and expectations.
1.4 Gauge your team’s ability to execute your operating model.
Current team structure, RACI chart, and operating model
Application portfolios currently managed by applications team and projects currently committed to
List of current guiding principles and team expectations
Team effectiveness of current operating model
Understand the expectations of stakeholders.
Review the services stakeholders consume to support their applications.
Gauge stakeholder satisfaction of the services and applications your team provides and supports.
Grounded understanding of the drivers and motivators of stakeholders that teams should accommodate.
Identification of improvement opportunities that will increase the value your team delivers to stakeholders.
2.1 Understand your stakeholders and applications services.
2.2 Define stakeholder expectations.
2.3 Gauge stakeholder satisfaction of applications services and portfolio.
Expectations stakeholders have on the applications team and the applications services they use
List of applications expectations
Stakeholder satisfaction of current operating model
Align and consolidate a single set of applications expectations.
Develop key initiatives to alleviate current pain points and exploit existing opportunities to deliver new value.
Create an achievable roadmap that is aligned to organizational priorities and accommodate existing constraints.
Applications team and stakeholders are aligned on the core focus of the applications department.
Initiatives to address the high priority issues and opportunities.
3.1 Define your applications expectations.
3.2 Investigate your diagnostic results.
3.3 Envision your future state.
3.4 Create a tactical plan to achieve your future state.
3.5 Finalize your applications strategy.
List of applications expectations that accommodates the team and stakeholder needs
Root causes to issues and opportunities revealed in team and stakeholder assessments
Future-state applications portfolio, operating model, supporting people, process, and technologies, and applications strategic model
Roadmap that lays out initiatives to achieve the future state
Completed applications strategy
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess current prevention, detection, analysis, and response capabilities.
Design your optimized state of operations.
Identify opportunities for collaboration within your security program.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine current prevention, detection, analysis, and response capabilities, operational inefficiencies, and opportunities for improvement.
Determine why you need a sound security operations program.
Understand Info-Tech’s threat collaboration environment.
Evaluate your current security operation’s functions and capabilities.
1.1 Understand the benefits of refining your security operations program.
1.2 Gauge your current prevention, detection, analysis, and response capabilities.
Security Operations Preliminary Maturity Assessment Tool
Begin developing and prioritizing gap initiatives in order to achieve the optimal state of operations.
Establish your goals, obligations, scope, and boundaries.
Assess your current state and define a target state.
Develop and prioritize gap initiatives.
Define the cost, effort, alignment, and security benefits of each initiative.
Develop a security strategy operational roadmap.
2.1 Assess your current security goals, obligations, and scope.
2.2 Design your ideal target state.
2.3 Prioritize gap initiatives.
Information Security Strategy Requirements Gathering Tool
Security Operations Maturity Assessment Tool
Identify opportunities for collaboration.
Formalize your operational process flows.
Develop a comprehensive and actionable measurement program.
Understand the current security operations process flow.
Define the security operations stakeholders and their respective deliverables.
Formalize an internal information-sharing and collaboration plan.
3.1 Identify opportunities for collaboration.
3.2 Formalize a security operations collaboration plan.
3.3 Define operational roles and responsibilities.
3.4 Develop a comprehensive measurement program.
Security Operations RACI & Program Plan Tool
Security Operations Collaboration Plan
Security Operations Cadence Schedule Template
Security Operations Metrics Summary
“A reactive security operations program is no longer an option. The increasing sophistication of threats demands a streamlined yet adaptable mitigation and remediation process. Protect your assets by preparing for the inevitable; unify your prevention, detection, analysis, and response efforts and provide assurance to your stakeholders that you are making information security a top priority.”
Edward Gray,
Consulting Analyst, Security, Risk & Compliance
Info-Tech Research Group
This Research Is Designed For:
|
This Research Will Help You:
|
This Research Will Also Assist:
|
This Research Will Help Them
|
![]() Average data breach costs per compromised record hit an all-time high of $217 (in 2015); $74 is direct cost (e.g. legal fees, technology investment) and $143 is indirect cost (e.g. abnormal customer churn). (Source: Ponemon Institute, “2015 Cost of Data Breach Study: United States”) |
![]() ![]() ![]() ![]() ![]() (Source: The Network, “ Cisco 2017 Security Capabilities Benchmark Study”) |
60% Of organizations say security operation teams have little understanding of each other’s requirements.
40% Of executives report that poor coordination leads to excessive labor and IT operational costs.
38-100% Increase in efficiency after closing operational gaps with collaboration.
(Source: Forbes, “The Game Plan for Closing the SecOps Gap”)
![]() |
“Empower a few administrators with the best information to enable fast, automated responses.” Insufficient security personnel resourcing has been identified as the most prevalent challenge in security operations… When an emergency security incident strikes, weak collaboration and poor coordination among critical business functions will magnify inefficiencies in the incident response (IR) process, impacting the organization’s ability to minimize damage and downtime. The solution: optimize your SOC. Info-Tech has seen SOCs with five analysts outperform SOCs with 25 analysts through tools and process optimization. Sources: |
Legacy security operations centers (SOCs) fail to address gaps between data sources, network controls, and human capital. There is limited visibility and collaboration between departments, resulting in siloed decisions that do not support the best interests of the organization. | ||
![]() Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address cyberthreats affecting the organization’s brand, business operations, and technology infrastructure on a daily basis. |
Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Diligent patching and vulnerability management, endpoint protection, and strong human-centric security (amongst other tactics) are essential. | Detect: There are two types of companies – those who have been breached and know it and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs |
Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. | Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook in order to reduce incident remediation time and effort. |
![]() |
Vulnerability Management
Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating. |
Deliverables
|
![]() |
Threat Intelligence
Threat intelligence addresses the collection, analysis, and dissemination of external threat data. Analysts act as liaisons to their peers, publishing actionable threat alerts, reports, and briefings. Threat intelligence proactively monitors and identifies whether threat indicators are impacting your organization. |
|
![]() |
Operations
Security operations include the real-time monitoring and analysis of events based on the correlation of internal and external data sources. This also includes incident escalation based on impact. Analysts are constantly tuning and tweaking rules and reporting thresholds to further help identify which indicators are most impactful during the analysis phase of operations. |
|
![]() Develop and Implement a Security Incident Management Program |
Incident Response
Effective and efficient management of incidents involves a formal process of analysis, containment, eradication, recovery, and post-incident activities. IR teams coordinate root-cause analysis and incident gathering while facilitating post-incident lessons learned. Incident response can provide valuable threat data that ties specific indicators to threat actors or campaigns. |
|
…better protect your organization with an interdependent and collaborative security operations program.
Phase 01Assess your operational requirements. |
Phase 02Optimize and further mature your security operations processes |
Phase 3aDevelop the process flow and specific interaction points between functions |
Phase 3bTest your current capabilities with a table top exercise |
Briefly assess your current prevention, detection, analysis, and response capabilities.
Highlight operational weak spots that should be addressed before progressing. |
Develop a prioritized list of security-focused operational initiatives.
Conduct a holistic analysis of your operational capabilities. |
Define the operational interaction points between security-focused operational departments.
Document the results in comprehensive operational interaction agreement. |
Test your operational processes with Info-Tech’s security operations table-top exercise. |
![]() |
![]() |
Effective security operations management will help you do the following:
|
ImpactShort term:
Long term:
|
A practical approach, justifying the value of security operations, is to identify the assets at risk and calculate the cost to the company should the information assets be compromised (i.e. assess the damage an attacker could do to the business).
Cost Structure | Cost Estimation ($) for SMB (Small and medium-sized business) |
Cost Estimation ($) for LE (Large enterprise) |
|
Security controls | Technology investment: software, hardware, facility, maintenance, etc.
Cost of process implementation: incident response, CMBD, problem management, etc. Cost of resource: salary, training, recruiting, etc. |
$0-300K/year | $200K-2M/year |
Security incidents (if no security control is in place) |
Explicit cost:
|
$15K-650K/year | $270K-11M/year |
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
Activities |
|
|
|
|
|
Deliverables |
|
|
|
All Final Deliverables |
1Assess Operational Requirements |
2Develop Maturity Initiatives |
3Define Interdependencies |
Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
Estimated time to completion: 30 minutes
Discussion: Why are we pursuing this project?What are the objectives for optimizing and developing sound security operations? Stakeholders Required:
Resources Required
|
|
Don’t develop a security operations program with the objective of zero incidents. This reliance on prevention results in over-engineered security solutions that cost more than the assets being protected.
Security operations must provide several fundamental functions:
|
![]() At its core, a security operations program is responsible for the prevention, detection, analysis, and response of security events. |
Optimized security operations can seamlessly integrate threat and incident management processes with monitoring and compliance workflows and resources. This integration unlocks efficiency.
Foundational | ![]() |
Operational | ![]() |
Strategic |
|
|
|
||
——Security Operations Capabilities—–› |
![]() | Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address threats impacting the organization’s brand, operations, and technology infrastructure.
Info-Tech Best PracticeEnsure that information flows freely throughout the threat collaboration environment – each function should serve to feed and enhance the next. | |||||
![]() | ||||||
![]() | ||||||
![]() Develop and Implement a Security Incident Management Program |
The value of a SOC can be achieved with fewer prerequisites than you think. While it is difficult to cut back on process and technology requirements, human capital is transferrable between roles and functions and can be cross-trained to satisfy operational gaps.
![]() |
People. Effective human capital is fundamental to establishing an efficient security operations program, and if enabled correctly, can be the driving factor behind successful process optimization. Ensure you address several critical human capital components:
|
Processes. Formal and informal mechanisms that bridge security throughout the collaboration environment and organization at large. Ask yourself:
|
|
Technology. The composition of all infrastructure, systems, controls, and tools that enable processes and people to operate and collaborate more efficiently. Determine:
|
![]() | ![]() At a high level, assess your organization’s operational maturity in each of the threat collaboration environment functions. Determine whether the foundational processes exist in order to mature and streamline your security operations. |
![]() | |
![]() | |
![]() Develop and Implement a Security Incident Management Program |
Prioritize the component most important to the development of your security operations program. |
![]() |
|
![]() |
||
Each “security capability” covers a component of the overarching “security function.” | Assign a current and target maturity score to each respective security capability. (Note: The CMMI maturity scores are further explained on the following slide.) | Document any/all comments for future Info-Tech analyst discussions. |
![]() |
Ad Hoc | ||
1 | ![]() |
Initial/Ad Hoc: Activity is not well defined and is ad hoc, e.g. no formal roles or responsibilities exist, de facto standards are followed on an individual-by-individual basis. | |
2 | ![]() |
Developing: Activity is established and there is moderate adherence to its execution, e.g. while no formal policies have been documented, content management is occurring implicitly or on an individual-by-individual basis. | |
3 | ![]() |
Defined: Activity is formally established, documented, repeatable, and integrated with other phases of the process, e.g. roles and responsibilities have been defined and documented in an accessible policy, however, metrics are not actively monitored and managed. | |
4 | ![]() |
Managed and Measurable: Activity execution is tracked by gathering qualitative and quantitative feedback, e.g. metrics have been established to monitor the effectiveness of tier-1 SOC analysts. | |
5 | ![]() |
Optimized: Qualitative and quantitative feedback is used to continually improve the execution of the activity, e.g. the organization is an industry leader in the respective field; research and development efforts are allocated in order to continuously explore more efficient methods of accomplishing the task at hand. | |
Optimized |
Notes: Info-Tech seldom sees a client achieve a CMMI score of 4 or 5. To achieve a state of optimization there must be a subsequent trade-off elsewhere. As such, we recommend that organizations strive for a CMMI score of 3 or 4.
![]() |
Review the report cards for each of the respective threat collaboration environment functions.
|
Self-Assessment Questions
1Assess Operational Requirements | 2Develop Maturity Initiatives | 3Define Interdependencies |
Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives
A common challenge for security leaders is learning to express their initiatives in terms that are meaningful to business executives.
Frame the importance of your security operations program to Oftentimes resourcing and funding is dependent on the |
Corporate goals and objectives can be categorized into three major buckets:
|
Developing a security operations strategy is a proactive activity that enables you to get in front of any upcoming business projects or industry trends rather than having to respond reactively later on. Consider as many foreseeable variables as possible!
It is important to define all security-related areas of responsibility. Upon completion you should clearly understand what you are trying to secure.
Ask yourself:
|
The organizational scope and boundaries and can be categorized into four major buckets:
|
This also includes what is not within scope. For some outsourced services or locations you may not be responsible for security. For some business departments you may not have control of security processes. Ensure that it is made explicit at the outset, what will be included and what will be excluded from security considerations.
Explicitly understanding how security aligns with the core business mission is critical for having a strategic plan and fulfilling the role of business enabler.
Download and complete the information security goals, obligations and scope activities (Section 1.3) within the Info-Tech security strategy research publication. If previously completed, take the time to review your results. GOALS and OBLIGATIONS
|
Goals & Obligations
![]() |
PROGRAM SCOPE & BOUNDARIES
If a well-defined corporate strategy does not exist, these questions can help pinpoint objectives:
|
Program Scope & Boundaries
![]() |
For more information on how to complete the goals & obligations activity please reference Section 1.3 of Info-Tech’s Build an Information Security Strategy blueprint.
On tab 1. Goals and Obligations:
|
![]() |
On tab 2. Scope and Boundaries:
|
![]() |
For the purpose of this security operations initiative please IGNORE the risk tolerance activities on tab 3. |
A common challenge for security leaders is expressing their initiatives in terms that are meaningful to business executives. This exercise helps make explicit the link between what the business cares about and what security is trying to do.
Define your current and target state
Self-assess your current security operations capabilities and determine your intended state. |
Create your gap initiatives
Determine the operational processes that must be completed in order to achieve the target state. |
Prioritize your initiatives
Define your prioritization criteria (cost, effort, alignment, security benefit) based on your organization |
Build a Gantt chart for your upcoming initiatives
The final output will be a Gantt to action your prioritized initiatives |
Progressive improvements provide the most value to IT and your organization. Leaping from pre-foundation to complete optimization is an ineffective goal. Systematic improvements to your security performance delivers value to your organization, each step along the way.
Dashboards: Centralized visibility, threat analytics, and orchestration enable faster threat detection with fewer resources. |
Adding more controls to a network never increases resiliency. Identify technological overlaps and eliminate unnecessary costs. |
Automation: There is shortfall in human capital in contrast to the required tools and processes. Automate the more trivial processes. |
SOCs with 900 employees are just as efficient as those with 35-40. There is an evident tipping point in marginal value. |
There are no plug-and-play technological solutions – each is accompanied by a growing pain and an affiliated human capital cost. |
Planning: Narrow the scope of operations to focus on protecting assets of value. |
Cross-train employees throughout different silos. Enable them to wear multiple hats. |
Practice: None of the processes happen in a vacuum. Make the most of tabletop exercises and other training exercises. |
Define appropriate use cases and explicitly state threat escalation protocol. Focus on automating the tier-1 analyst role. |
1. Review:
The heading in blue is the security domain, light blue is the subdomain and white is the specific control. |
2. Determine and Record:
Ask participants to identify your organization’s current maturity level for each control. Next, determine a target maturity level that meets the requirements of the area (requirements should reflect the goals and obligations defined earlier). |
3.
In small groups, have participants answer “what is required to achieve the target state?” Not all current/target state gaps will require additional description, explanation, or an associated imitative. You can generate one initiative that may apply to multiple line items. |
When customizing your gap initiatives consider your organizational requirements and scope while remaining realistic. Below is an example of lofty vs. realistic initiatives:
Lofty: Perform thorough, manual security analysis. Realistic: Leverage our SIEM platform to perform more automated security analysis through the use of log information.
Initiatives | Consolidated Initiatives | ||
Document data classification and handling in AUP | —› | Document data classification and handling in AUP | Keep urgent or exceptional initiatives separate so they can be addressed appropriately. |
Document removable media in AUP | —› | Define and document an Acceptable Use Policy | Other similar or related initiatives can be consolidated into one item. |
Document BYOD and mobile devices in AUP | —› | ||
Document company assets in Acceptable Use Policy (AUP) | —› |
After inputting your current and target scores and defining your gap initiatives in tab 2, review tab 3. Current Maturity and tab 4. Maturity Gap in Info-Tech’s Security Operations Maturity Assessment Tool. Automatically built charts and tables provide a clear visualization of your current maturity. Presenting these figures to stakeholders and management can help visually draw attention to high-priority areas and contextualize the gap initiatives for which you will be seeking support. |
![]() |
Communicate the value of future security projects to stakeholders by copying relevant charts and tables into an executive stakeholder communication presentation (ask an Info-Tech representative for further information).
Define low, medium, and high resource allocation, and other variables for your gap initiatives in the Concept of Operations Maturity Assessment Tool. These variables include:
| ![]() Info-Tech Best PracticeWhen considering these parameters, aim to use already existing resource allocations. For example, if there is a dollar value that would require you to seek approval for an expense, this might be the difference between a medium and a high cost category. |
| ![]() Info-Tech Best PracticeMake sure you consider the value of AND/OR. For either alignment with business or security benefit, the use of AND/OR can become useful thresholds to rank similar importance but different value initiatives. Example: with alignment with business, an initiative can indirectly support a key compliance requirement OR meet a key corporate goal. |
You cannot do everything – and you probably wouldn’t want to. Make educated decisions about which projects are most important and why.
Identify easy-win tasks and high-value projects worth fighting for. | ||
Categorize the InitiativeSelect the gap initiative type from the down list. Each category (Must, Should, Could, and Won’t) is considered to be an “execution wave.” There is also a specific order of operations within each wave. Based on dependencies and order of importance, you will execute on some “must-do” items before others. |
Assign CriteriaFor each gap initiative, evaluate it based on your previously defined parameters for each variable.
|
Overall Cost/Effort RatingAn automatically generated score between 0 and 12. The higher the score attached to the initiative, the more effort required. The must-do, low-scoring items are quick wins and must be prioritized first. |
CASE STUDY |
Industry: Financial Services | Source: Info-Tech Research Group |
Framework Components | |||||||||||||||||||||||||||||
Security Domains & Accompanied Initiatives
(A portion of completed domains and initiatives) |
CSC began by creating over 100 gap initiatives across Info-Tech’s seven security domains. | ||||||||||||||||||||||||||||
Current-State Assessment | Context & Leadership | Compliance, Audit & Review | Security Prevention | ||||||||||||||||||||||||||
Gap Initiatives Created | 12
Initiatives |
14
Initiatives |
45
Initiatives |
||||||||||||||||||||||||||
Gap Initiative Prioritization |
|
CSC’s defined low, medium, and high for cost and staffing are specific to the organization.
CSC then consolidated its initiatives to create less than 60 concise tasks. *Initiatives and variables have been changed or modified to maintain anonymity |
In the Gantt chart, go through each wave in sequence and determine the planned start date and planned duration for each gap initiative. As you populate the planned start dates, take into consideration the resource constraints or dependencies for each project. Go back and revise the granular execution wave to resolve any conflicts you find.
![]() |
|
Review considerations
|
This is a living management document
|
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. | |||||||
Onsite workshops offer an easy way to accelerate your project. If a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to successfully complete your project. |
|
||||||
If you are not communicating, then you are not secure. |
Call 1-888-670-8889 or email workshops@infotech.com for more information.
Self-Assessment Questions
1Assess Operational Requirements | 2Develop Maturity Initiatives | 3Define Interdependencies |
If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.
If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.
Define Strategic Needs and Requirements | Participate in Information Sharing | Communicate Clearly |
|
|
|
Simple collaborative activities, such as a biweekly meeting, can unite prevention, detection, analysis, and response teams to help prevent siloed decision making.
![]() |
|||
Document your security operations’ functional capabilities and operational tasks to satisfy each capability. | What resources will you leverage to complete the specific task/capability? Identify your internal and external collection sources to satisfy the individual requirement. | Identify the affiliated product, service, or output generated from the task/capability. | Determine your escalation protocol. Who are the stakeholders you will be sharing this information with? |
Capabilities
The major responsibilities of a specific function. These are the high-level processes that are expected to be completed by the affiliated employees and/or stakeholders. |
Tasks
The specific and granular tasks that need to be completed in order to satisfy a portion of or the entire capability. |
Download Info-Tech’s Security Operations RACI Chart & Program Plan.
|
![]() |
Title: Output #1
Download Info-Tech’s Security Operations RACI Chart & Program Plan.
Security Operations Collaboration Plan
Security operations provides a single pane of glass through which the threat collaboration environment can manage its operations.
How to customize
The security operations interaction agreement identifies opportunities for optimization through collaboration and cross-training. The document is composed of several components:
|
![]() |
Understand the operational cut-off points. While collaboration is encouraged, understand when the onus shifts to the rest of the threat collaboration environment.
Security Operations RACI Chart & Program Plan
Formally documenting roles and responsibilities helps to hold those accountable and creates awareness as to everyone’s involvement in various tasks.
How to customize
|
![]() Download Info-Tech’s Security Operations RACI Chart & Program Plan. |
Internal Consumers | External Consumers |
|
Note: Your organization might not be the final target, but it could be a primary path for attackers. If you exist as a third-party partner to another organization, your responsibility in your technology ecosystem extends beyond your own product or service offerings.
|
“In order to support a healthy constituency, network operations and security operations should be viewed as equal partners, rather than one subordinate to the other.” (Mitre world-class CISO)
Security Operations Program Service & Product Catalog
Create an informal security operations program service and product catalog. Work your way backwards – map each deliverable to the respective stakeholders and functions.
Action/Output | ![]() |
Frequency | ![]() |
Stakeholders/Function | |
Document the key services and outputs produced by the security operations program. For example:
|
Define the frequency for which each deliverable or service is produced or conducted. Leverage this activity to establish a state of accountability within your threat collaboration environment. | Identify the stakeholders or groups affiliated with each output. Remember to include potential MSSPs.
|
|||
Remember to include any target-state outputs or services identified in the maturity assessment. | Use this exercise as an opportunity to organize your security operations outputs and services. |
Develop a central web/knowledge portal that is easily accessible throughout the threat collaboration environment.
Ensure information is shared in a format that relates to the particular end user. Internal consumers fall into two categories:
Collaboration includes the exchange of:
|
Collaboration can be achieved through:
|
Isolation prevents businesses from learning from each others’ mistakes and/or successes. |
Security Operations Program Cadence Schedule Template
Design your meetings around your security operations program’s outputs and capabilities
How to customize
Don’t operate in a silo. Formalize a cadence schedule to develop a state of accountability, share information across the organization, and discuss relevant trends. A detailed cadence schedule should include the following:
|
![]() |
Schedule regular meetings composed of key members from different working groups to discuss concerns, share goals, and communicate operational processes pertaining to their specific roles.
(Source: iSIGHT, “ Definitive Guide to Threat Intelligence”)
Refrain from using scare tactics such as fear, uncertainty, and doubt (FUD). While this may be a short-term solution, it limits the longevity of your operations as senior management is not truly invested in the initiative.
Example: Align your strategic needs with that of management.
Identify assets of value, current weak security measures, and potential adversaries. Demonstrate how an optimized security operations program can mitigate those threats.
There are three types of metrics pertaining to security operations: | ||
1) Operations-focusedOperations-focused metrics are typically communicated through a centralized visualization such as a dashboard. These metrics guide operational efforts, identifying operational and control weak points while ensuring the appropriate actions are taken to fix them. Examples include, but are not limited to:
|
2) Business-focusedThe evaluation of operational success from a business perspective. Example metrics include:
|
3) Initiative-focusedThe measurement of security operations project progress. These are frequently represented as time, resource, or cost-based metrics. Note: Remember to measure end-user feedback. Asking stakeholders about their current expectations via a formal survey is the most effective way to kick-start the continuous improvement process. |
Info-Tech Best PracticeOperational metrics have limited value beyond security operations – when communicating to management, focus on metrics that are actionable from a business perspective. | Download Info-Tech’s Security Operations Metrics Summary Document. | ![]() |
Leverage Info-Tech’s Security Operations Tabletop Exercise to guide simulations to validate your operational procedures. How to customize
|
![]() This tabletop exercise is available through an onsite workshop as we can help establish and design a tabletop capability for your organization. |
Self-Assessment Questions
Insights
|
![]() |
Best Practices
|
Protect your organization with an interdependent and collaborative security operations program. |
“2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB).” Ponemon Institute, June 2016. Web. 10 Nov. 2016.
Ahmad, Shakeel et al. “10 Tips to Improve Your Security Incident Readiness and Response.” RSA, n.d. Web. 12 Nov. 2016.
Anderson, Brandie. “ Building, Maturing & Rocking a Security Operations Center.” Hewlett Packard, n.d. Web. 4 Nov. 2016.
Barnum, Sean. “Standardizing cyber threat intelligence information with the structured threat information expression.” STIX, n.d. Web. 03 Oct. 2016.
Bidou, Renaud. “Security Operation Center Concepts & Implementation.” IV2-Technologies, n.d. Web. 20 Nov. 2016.
Bradley, Susan. “Cyber threat intelligence summit.” SANS Institute InfoSec Reading Room, n.d. Web. 03 Oct. 2016.
“Building a Security Operations Center.” DEF CON Communications, Inc., 2015. Web. 14 Nov. 2016.
“Building a Successful Security Operations Center.” ArcSight, 2015. Web. 21 Nov. 2016.
“Building an Intelligence-Driven Security Operations Center.” RSA, June 2014. Web. 25 Nov. 2016.
Caltagirone, Sergio, Andrew Pendergast, and Christopher Betz. “Diamond Model of Intrusion Analysis,” Center for Cyber Threat Intelligence and Threat Research, 5 July 2013. Web. 25 Aug. 2016.
“Cisco 2017 Annual Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches and the Actions Organizations Are Taking.” The Network. Cisco, 31 Jan. 2017. Web. 11 Nov. 2017.
“CITP Training and Education.” Carnegie Mellon University, 2015. Web. 03 Oct. 2016.
“Creating and Maintaining a SOC.” Intel Security, n.d. Web. 14 Nov. 2016.
“Cyber Defense.” Mandiant, 2015. Web. 10 Nov. 2016.
“Cyber Security Operations Center (CSOC).” Northrop Grumman, 2014. Web. 14 Nov. 2016.
Danyliw, Roman. “Observations of Successful Cyber Security Operations.” Carnegie Mellon, 12 Dec. 2016. Web. 14 Dec. 2016.
“Designing and Building Security Operations Center.” SearchSecurity. TechTarget, Mar. 2016. Web. 14 Dec. 2016.
EY. “Managed SOC.” EY, 2015. Web. 14 Nov. 2016.
Fishbach, Nicholas. “How to Build and Run a Security Operations Center.” Securite.org, n.d. Web. 20 Nov. 2016.
“Framework for improving critical infrastructure cybersecurity.” National Institute of Standards and Technology, 12 Feb. 2014. Web.
Friedman, John, and Mark Bouchard. “Definitive Guide to Cyber Threat Intelligence.” iSIGHT, 2015. Web. 1 June 2015.
Goldfarb, Joshua. “The Security Operations Hierarchy of Needs.” Securityweek.com, 10 Sept. 2015. Web. 14 Dec. 2016.
“How Collaboration Can Optimize Security Operations.” Intel, n.d. Web. 2 Nov. 2016.
Hslatman. “Awesome threat intelligence.” GitHub, 16 Aug. 2016. Web. 03 Oct. 2016.
“Implementation Framework – Collection Management.” Carnegie Mellon University, 2015. Web.
“Implementation Framework – Cyber Threat Prioritization.” Carnegie Mellon University, 03 Oct. 2016. Web. 03 Oct. 2016.
“Intelligent Security Operations Center.” IBM, 25 Feb. 2015. Web. 15 Nov. 2016.
Joshi Follow , Abhishek. “Best Practices for Security Operations Center.” LinkedIn, 01 Nov. 2015. Web. 14 Nov. 2016.
Joshi. “Best Practices for a Security Operations Center.” Cybrary, 18 Sept. 2015. Web. 14 Dec. 2016.
Kelley, Diana and Ron Moritz. “Best Practices for Building a Security Operations Center.” Information Security Today, 2006. Web. 10 Nov. 2016.
Killcrece, Georgia, Klaus-Peter Kossakowski, Robin Ruefle, and Mark Zajicek. ”Organizational Models for Computer Security Incident Response Teams (CSIRTs).” Carnegie Mellon Software Engineering Institute, Dec. 2003. Carnegie Mellon. Web. 10 Nov. 2016.
Kindervag , John. “SOC 2.0: Three Key Steps toward the Next-generation Security Operations Center.” SearchSecurity. TechTarget, Dec. 2010. Web. 14 Dec. 2016.
Kvochko, Elena. “Designing the Next Generation Cyber Security Operations Center.” Forbes Magazine, 14 Mar. 2016. Web. 14 Dec. 2016.
Lambert, P. “ Security Operations Center: Not Just for Huge Enterprises.” TechRepublic, 31 Jan. 2013. Web. 10 Nov. 2016.
Lecky, M. and D. Millier. “Re-Thinking Security Operations.” SecTor Security Education Conference. Toronto, 2014.
Lee, Michael. “Three Elements That Every Advanced Security Operations Center Needs.” CSO | The Resource for Data Security Executives, n.d. Web. 16 Nov. 2016.
Linch, David and Jason Bergstrom. “Building a Culture of Continuous Improvement in an Age of Disruption.” Deloitte LLP, 2014.
Lynch, Steve. “Security Operations Center.” InfoSec Institute, 14 May 2015. Web. 14 Dec. 2016.
Macgregor, Rob. “Diamonds or chains – cyber security updates.” PwC, n.d. Web. 03 Oct. 2016.
“Make Your Security Operations Center (SOC) More Efficient.” Making Your Data Center Energy Efficient (2011): 213-48. Intel Security. Web. 20 Nov. 2016.
Makryllos, Gordon. “The Six Pillars of Security Operations.” CSO | The Resource for Data Security Executives, n.d. Web. 14 Nov. 2016.
Marchany, R. “ Building a Security Operations Center.” Virginia Tech, 2015. Web. 8 Nov. 2016.
Marty, Raffael. “Dashboards in the Security Operations Center (SOC).” Security Bloggers Network, 15 Jan. 2016. Web. 14 Nov. 2016.
Minu, Adolphus. “Discovering the Value of Knowledge Portal.” IBM, n.d. Web. 1 Nov. 2016.
Muniz, J., G. McIntyre, and N. AlFardan. “Introduction to Security Operations and the SOC.” Security Operations Center: Building, Operating, and Maintaining your SOC. Cisco Press, 29 Oct. 2015. Web. 14 Nov. 2016.
Muniz, Joseph and Gary McIntyre. “ Security Operations Center.” Cisco, Nov. 2015. Web. 14 Nov. 2016.
Muniz, Joseph. “5 Steps to Building and Operating an Effective Security Operations Center (SOC).” Cisco, 15 Dec. 2015. Web. 14 Dec. 2016.
Nathans, David. Designing and Building a Security Operations Center. Syngress, 2015. Print.
National Institute of Standards and Technology. “SP 800-61 Revision 2: Computer Security Incident Handling Guide.” 2012. Web.
National Institute of Standards and Technology. “SP 800-83 Revision 1.” 2013. Web.
National Institute of Standards and Technology. “SP 800-86: Guide to Integrating Forensic Techniques into Incident Response.” 2006. Web.
F5 Networks. “F5 Security Operations Center.” F5 Networks, 2014. Web. 10 Nov. 2016.
“Next Generation Security Operations Center.” DTS Solution, n.d. Web. 20 Nov. 2016.
“Optimizing Security Operations.” Intel, 2015. Web. 4 Nov. 2016.
Paganini, Pierluigi. “What Is a SOC ( Security Operations Center)?” Security Affairs, 24 May 2016. Web. 14 Dec. 2016.
Ponemon Institute LLC. “Cyber Security Incident Response: Are we as prepared as we think?” Ponemon, 2014. Web.
Ponemon Institute LLC. “The Importance of Cyber Threat Intelligence to a Strong Security Posture.” Ponemon, Mar. 2015. Web. 17 Aug. 2016.
Poputa-Clean, Paul. “Automated defense – using threat intelligence to augment.” SANS Institute InfoSec Reading Room, 15 Jan. 2015. Web.
Quintagroup. “Knowledge Management Portal Solution.” Quintagroup, n.d. Web.
Rasche, G. “Guidelines for Planning an Integrated Security Operations Center.” EPRI, Dec. 2013. Web. 25 Nov. 2016.
Rehman, R. “What It Really Takes to Stand up a SOC.” Rafeeq Rehman – Personal Blog, 27 Aug. 2015. Web. 14 Dec. 2016.
Rothke, Ben. “Designing and Building Security Operations Center.” RSA Conference, 2015. Web. 14 Nov. 2016.
Ruks, Martyn and David Chismon. “Threat Intelligence: Collecting, Analysing, Evaluating.” MWR Infosecurity, 2015. Web. 24 Aug. 2016.
Sadamatsu, Takayoshi. “Practice within Fujitsu of Security Operations Center.” Fujitsu, July 2016. Web. 15 Nov. 2016.
Sanders, Chris. “Three Useful SOC Dashboards.” Chris Sanders, 24 Oct. 2016. Web. 14 Nov. 2016.
SANS Institute. “Incident Handler's Handbook.” 2011. Web.
Schilling, Jeff. “5 Pitfalls to Avoid When Running Your SOC.” Dark Reading, 18 Dec. 2014. Web. 14 Nov. 2016.
Schinagl, Stef, Keith Schoon, and Ronald Paans. “A Framework for Designing a Security Operations Centre (SOC).” 2015 48th Hawaii International Conference on System Sciences. Computer.org, 2015. Web. 20 Nov. 2016.
“Security – Next Gen SOC or SOF.” InfoSecAlways.com, 31 Dec. 2013. Web. 14 Nov. 2016.
“Security Operations Center Dashboard.” Enterprise Dashboard Digest, n.d. Web. 14 Dec. 2016.
“Security Operations Center Optimization Services.” AT&T, 2015. Web. 5 Nov. 2016.
“Security Operations Centers — Helping You Get Ahead of Cybercrime Contents.” EY, 2014. Web. 6 Nov. 2016.
Sheikh, Shah. “DTS Solution - Building a SOC (Security Operations Center).” LinkedIn, 4 May 2013. Web. 20 Nov. 2016.
Soto, Carlos. “ Security Operations Center (SOC) 101.” Tom's IT Pro, 28 Oct. 2015. Web. 14 Dec. 2016.
“Standardizing and Automating Security Operations.” National Institute of Standards and Technology, 3 Sept. 2006. Web.
“Strategy Considerations for Building a Security Operations Center.” IBM, Dec. 2013. Web. 5 Nov. 2016.
“Summary of Key Findings.” Carnegie Mellon University, 03 Oct. 2016. Web. 03 Oct. 2016.
“Sustainable Security Operations.” Intel, 2016. Web. 20 Nov. 2016.
“The Cost of Malware Containment.” Ponemon Institute, Jan. 2015. Web.
“The Game Plan for Closing the SecOps Gap.” BMC. Forbes Magazine, Jan. 2016. Web. 10 Jan. 2017.
Veerappa Srinivas, Babu. “Security Operations Centre (SOC) in a Utility Organization.” GIAC, 17 Sept. 2014. Web. 5 Nov. 2016.
Wang, John. “Anatomy of a Security Operations Center.” NASA, 2015. Web. 2 Nov. 2016.
Weiss, Errol. “Statement for the Record.” House Financial Services Committee, 1 June 2012. Web. 12 Nov. 2016.
Wilson, Tim. “SOC 2.0: A Crystal-Ball Glimpse of the Next-Generation Security Operations Center.” Dark Reading, 22 Nov. 2010. Web. 10 Nov. 2016.
Zimmerman, Carson. “Ten Strategies of a World-Class Cybersecurity Operations Center.” Mitre, 2014. Web. 24 Aug. 2016.
Price IT services so that business consumers find them meaningful, measurable, and manageable:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Make the case for IT chargeback, then assess the financial maturity of the organization and identify a pathway to success. Create a chargeback governance model.
Develop a chargeback model, including identifying user-facing IT services, allocating IT costs to services, and setting up the chargeback program.
Communicate the rollout of the IT chargeback model and establish a process for recovering IT services costs from business units.
Gather and analyze feedback from business owners, making necessary modifications to the chargeback model and communicating the implications.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Make the case for IT chargeback.
Identify the current and target state of chargeback maturity.
Establish a chargeback governance model.
Investigated the benefits and challenges of implementing IT chargeback.
Understanding of the reasons why traditional chargeback approaches fail.
Identified the specific pathway to chargeback success.
1.1 Investigate the benefits and challenges of implementing IT chargeback
1.2 Educate business owners and executives on IT chargeback
1.3 Identify the current and target state of chargeback maturity
1.4 Establish chargeback governance
Defined IT chargeback mandate
IT chargeback kick-off presentation
Chargeback maturity assessment
IT chargeback governance model
Develop a chargeback model.
Identify the customers and user-facing services.
Allocate IT costs.
Determine chargeable service units.
Identified IT customers.
Identified user-facing services and generated descriptions for them.
Allocated IT costs to IT services.
Identified meaningful, measurable, and manageable chargeback service units.
2.1 Identify user-facing services and generate descriptions
2.2 Allocate costs to user-facing services
2.3 Determine chargeable service units and pricing
2.4 Track consumption
2.5 Determine service charges
High-level service catalog
Chargeback model
Communicate the implementation of IT chargeback.
Establish a process for recovering the costs of IT services from business units.
Share the financial results of the charge cycle with business owners.
Managed the transition to charging and recovering the costs of IT services from business units.
Communicated the implementation of IT chargeback and shared the financial results with business owners.
3.1 Create a communication plan
3.2 Deliver a chargeback rollout presentation
3.3 Establish a process for recovering IT costs from business units
3.4 Share the financial results from the charge cycle with business owners
IT chargeback communication plan
IT chargeback rollout presentation
IT service cost recovery process
IT chargeback financial presentation
Gather and analyze feedback from business owners on the chargeback model.
Make necessary modifications to the chargeback model and communicate implications.
Gathered business stakeholder feedback on the chargeback model.
Made necessary modifications to the chargeback model to increase satisfaction and accuracy.
Managed changes by communicating the implications to business owners in a structured manner.
4.1 Address stakeholder pain points and highly disputed costs
4.2 Update the chargeback model
4.3 Communicate the chargeback model changes and implications to business units
Revised chargeback model with business feedback, change log, and modifications
Chargeback change communication
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Know where to begin and where to go in implementation of a social media program.
Bring order to chaos among different business units.
Process large volumes of social inquiries more efficiently, and monitor real-time social media metrics to improve critical response times.
Don’t wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and the future.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
What cloud networking topology should you use? How do you provide access to shared resources in the cloud or hybrid infrastructure? What sits in the hub and what sits in the spoke?
Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.
Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.
An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.
Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.
Nitin Mukesh
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group
The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.
The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.
A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.
The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.
Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.
Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.
Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.
Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.
Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.
Finding the right cloud networking infrastructure for:
Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.
A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.
In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.
While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.
Mesh Network on AWS
Source: AWS, 2018
Number of virtual networks | 10 | 20 | 50 | 100 |
Peering links required [(n-1)*n]/2 |
45 | 190 | 1225 | 4950 |
Proportional relationship of virtual networks to required peering links in a mesh topology
INDUSTRY: Blockchain
SOURCE: Microsoft
An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.
The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.
Source: Microsoft, 2017
In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.
Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.
A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.
While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.
The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.
With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.
Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.
Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.
Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.
Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.
Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.
Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.
The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.
However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.
An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.
An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.
Benefits Of Mesh |
Use Cases For Mesh |
---|---|
Security: Setting up a peering connection between two VPCs comes with the benefit of improving security since the connection can be private between the networks and can isolate public traffic from the internet. The traffic between the networks never has to leave the cloud provider's network, which helps reduce a class of risks. Reduced network costs: Since the peered networks communicate internally through the cloud's internal networks, the data transfer costs are typically cheaper than over the public internet. Communication speed: Improved network latency is a key benefit from using mesh because the peered traffic does not have to go over the public internet but rather the internal network. The network traffic between the connections can also be quickly redirected as needed. Higher flexibility for backend services: Mesh networks can be desirable for back-end services if egress traffic needs to be blocked to the public internet from the deployed services/servers. This also helps avoid having to set up public IP or network address translation (NAT) configurations. |
Connecting two or more networks for full access to resources: For example, consider an organization that has separate networks for each department, which don't all need to communicate with each other. Here, a peering network can be set up only between the networks that need to communicate with full or partial access to each other such as finance to HR or accounting to IT. Specific security or compliance need: Mesh or VPC peering can also come in handy to serve specific security needs or logging needs that require using a network to connect to other networks directly and in private. For example, global organizations that face regulatory requirements of storing or transferring data domestically with private connections. Systems with very few networks that do not need internet access: Workloads deployed in networks that need to communicate with each other but do not require internet access or network address translation (NAT) can be connected using mesh especially when there are security reasons to keep them from being connected to the main system, e.g. backend services such as testing environments, labs, or sandboxes can leverage this design. |
The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.
This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.
The two networking patterns in the cloud have layered complexities that need to be systematically addressed.
If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.
Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.
Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.
Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.
For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.
Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.
A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.
While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.
Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.
Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.
The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.
For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.
Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
"What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.
Endpoint management solutions are becoming an essential solution: Deploying the right devices and applications to the right user and the need for zero-touch provisioning are indispensable parts of a holistic strategy for improving customer experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.
Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering a concrete business value.
Investigate vendors’ roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements, without any unnecessary investment in features that are not currently useful for you. Make sure you don’t purchase capabilities that you will never use.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you understand endpoint management solution core capabilities and prepare you to select an appropriate tool.
Use this spreadsheet to brainstorm use cases and features to satisfy your requirements. This document will be help you score solutions and narrow down the field to a list of candidates who can meet your requirements.
The endpoint management market has an ever-expanding and highly competitive landscape. The market has undergone tremendous evolution in past years, from device management to application deployments and security management. The COVID-19 pandemic forced organizations to service employees and end users remotely while making sure corporate data is safe and user satisfaction doesn't get negatively affected. In the meantime, vendors were forced to leverage technology enhancements to satisfy such requirements.
That being said, endpoint management solutions have become more complex, with many options to manage operating systems and run applications for relevant user groups. With the work-from-anywhere model, customer support is even more important than before, as a remote workforce may face more issues than before, or enterprises may want to ensure more compliance with policies.
Moreover, the market has become more complex, with lots of added capabilities. Some features may not be beneficial to corporations, and with a poor market validation, businesses may end up paying for some capabilities that are not useful.
In this blueprint, we help you quickly define your requirements for endpoint management and narrow down a list to find the solutions that fulfill your use cases.
Mahmoud Ramin, PhD
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group
Endpoint management solutions are becoming increasingly essential – deploying the right devices and applications to the right users and zero-touch provisioning are indispensable parts of a holistic strategy for improving customers' experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.
Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering concrete business value.
Despite the importance of selecting the right endpoint management platform, many organizations struggle to define an approach to picking the most appropriate vendor and rolling out the solution in an effective and cost-efficient manner. There are many options available, which can cause business and IT leaders to feel lost.
The endpoint management market is evolving quickly, making the selection process tedious. On top of that, IT has a hard time defining their needs and aligning solution features with their requirements.
Determine what you require from an endpoint management solution.
Review the market space and product offerings, and compare the capabilities of key players.
Create a use case – use top-level requirements to determine use cases and short-list vendors.
Conduct a formal process for interviewing vendors, using Info-Tech's templates to select the best platform for your requirements.
Investigate vendors' roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements without any unnecessary investment in features that are not currently useful for you. Make sure you don't purchase capabilities that you will never use.
Our definition: Endpoint management solutions are platforms that enable IT with appropriate provisioning, security, monitoring, and updating endpoints to ensure that they are in good health. Typical examples of endpoints are laptops, computers, wearable devices, tablets, smart phones, servers, and the Internet of Things (IoT).
Endpoint management includes:
As endpoint management encompasses a broad range of solution categories including MDM, EMM, and UEM, look for your real requirements. Don't pay for something that you won't end up using.
As UEM covers all of MDM and EMM capabilities, we overview market trends of UEM in this blueprint to give you an overall view of market in this space.
MarketsandMarkets predicted that global cloud infrastructure services would increase from US$73 billion in 2019 to US$166.6 billion in 2024 (2019).
A study by the Ponemon Institute showed that 68% of respondents believe that security attacks increased over the past 12 months (2020).
The study reveals that over half of IT security professionals who participated in the survey believe that organizations are not very efficient in securing their endpoints, mainly because they're not efficient in detecting attacks.
IT professionals would like to link endpoint management and security platforms to unify visibility and control, to determine potential risks to endpoints, and to manage them in a single solution.
Businesses will continue to be compromised by the vulnerabilities of cloud services, which pose a challenge to organizations trying to maintain control of their data.
Trends in endpoint management have been undergoing a tremendous change
In 2020, about 5.2 million users subscribed to mobile services, and smartphones accounted for 65% of connections. This will increase to 80% by 2025.
Source: Fortune Business Insights, 2021
1. Understand Core Features and Build Your Use Case |
2. Discover the Endpoint Management Market Space and Select the Right Vendor |
|
---|---|---|
Phase Steps |
|
|
Phase Outcomes |
|
|
What does a typical GI on this topic look like?
Phase 1 | Phase 2 |
---|---|
Call #1: Understand what an endpoint management platform is and learn how it evolved. Discuss core capabilities and key trends. |
Call #3: Define your core endpoint management platform requirements. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
The endpoint management purchase process should be broken into segments:
The Info-Tech difference: | |
---|---|
Analyze needs |
Evaluate solutions |
Determine where you need to improve the tools and processes used to support the company. |
Determine the best fit for your needs by scoring against features. |
Assess existing solution |
Features |
Determine if your solution can be upgraded or easily updated to meet your needs. |
Determine which features will be key to your success |
Create a business case for change |
Use Cases |
A two-part business case will focus on a need to change and use cases and requirements to bring stakeholders onboard. |
Create use cases to ensure your needs are met as you evaluate features |
Improve existing |
High-Level Requirements |
Work with Info-Tech's analysts to determine next steps to improve your process and make better use of the features you have available. |
Use the high-level requirements to determine use cases and shortlist vendors |
Create a quick business case and requirements document to align stakeholders to your vision with Info-Tech's Rapid Application Selection Framework.
See what your peers are saying about these vendors at SoftwareReviews.com.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Phase 1 |
Phase 2 |
---|---|
Define endpoint management platforms Explore endpoint management trends Classify table stakes & differentiating capabilities Streamline the requirements elicitation process for a new endpoint management platform |
Discover key players across the vendor landscape Engage the shortlist and select finalist Prepare for implementation |
Define use cases and core features for meeting business and technical goals
Mobile Device Management |
Enterprise Mobile Management |
---|---|
MDM applies security over corporate-owned devices. What is MDM and what can you do with it?
|
EMM solutions solve the restrictions arose with BYOD (Bring Your Own Device) and COPE (Corporate Owned, Personally Enabled) provisioning models.
|
MDM solutions function at the level of corporate devices. Something else was needed to enable personal device management.
Mobile Application Management (MAM)
Allows organizations to control individual applications and their associated data. It restricts malicious apps and enables in-depth application management, configuration, and removal.
Containerization
Enables separation of work-related data from private data. It provides encrypted containers on personal devices to separate the data, providing security on personal devices while maintaining users' personal data.
Mobile Content Management (MCM)
Helps remote distribution, control, management, and access to corporate data.
Mobile Security Management (MSM)
Provides application and data security on devices. It enables application analysis and auditing. IT can use MSM to provide strong passwords to applications, restrict unwanted applications, and protect devices from unsecure websites by blacklisting them.
Mobile Expense Management (MEM)
Enables mobile data communication expenses auditing. It can also set data limits and restrict network connections on devices.
Identity Management
Sets role-based access to corporate data. It also controls how different roles can use data, improving application and data security. Multifactor authentication can be enforced through the identity management featured of an EMM solution.
IT admins used to provide customer service such as installation, upgrades, patches, and account administration via desktop support. IT support is not on physical assistance over end users' desktops anymore.
The rise of BYOD enhanced the need to be able to control sensitive data outside corporate network connection on all endpoints, which was beyond the capability of MDM and EMM solutions.
Organizations once needed to worry about company connectivity assets such as computers and laptops. To manage them, traditional client management tools like Microsoft Configuration Manager would be enough.
With the increase in the work-from-anywhere model, it is very hard to control, manage, and monitor devices that are not connected to a VPN. UEM solutions enable IT to tackle this challenge and have full visibility into and management of any device.
UEM helps corporates save on their investments as it consolidates use-case management in a single console. Businesses don't need to invest in different device and application management solutions.
From the employee perspective, UEM enables them to work on their own devices while enforcing security on their personal data.
UEM streamlines mundane admin tasks and simplifies user issues.
Even with a COPE or COBO provisioning model, without any IT intervention, users can decide on when to install relevant updates. It also may lead to shadow IT.
Endpoint management, and UEM more specifically, enables IT to enforce administration over user devices, whether they are corporate or personally owned. This is enabled without interfering with private/personal data.
Despite the fast evolution of the UEM market, many organizations do not move as fast as technological capabilities. Although over half of all organizations have at least one UEM solution, they may not have a good strategy or policies to maximize the value of technology (Tech Orchard, 2022). As opposed to such organizations, there are others that use UEM to transform their endpoint management strategy and move service management to the next level. That integration between endpoint management and service management is a developing trend (Ivanti, 2021).
Only 27% of organizations have "fully deployed" UEM "with easy management across all endpoints"
Source: IT Pro Today, 2018.
Support the organization's operating systems:
Many UEM vendors support the most dominant operating systems, Windows and Mac; however, they are usually stronger in one particular OS than the other. For instance, Intune supports both Windows and Mac, although there are some drawbacks with MacOS management by Intune. Conversely, Jamf is mainly for MacOS and iOS management. Enterprises look to satisfy their end users' needs. The more UEM vendors support different systems, the more likely enterprises will pick them. Although, as mentioned, in some instances, enterprises may need to select more than one option, depending on their requirements.
Support BYOD and remote environments:
With the impact of the pandemic on work model, 60-70% of workforce would like to have more flexibility for working remotely (Ivanti, 2022). BYOD is becoming the default, and SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. As BYOD can boost productivity (Samsung Insights, 2016), you may be interested in how your prospective UEM solution will enable this capability with remote wipe (corporate wipe capability vs. wiping the whole device), data and device tracking, and user activity auditing.
Integration with the enterprise's IT products:
To get everything in a single platform and to generate better metrics and dashboards, vendors provide integrations with ticketing and monitoring solutions. Many large vendors have strong integrations with multiple ITSM and ITAM platforms to streamline incident management, request management, asset management, and patch management.
Support security and compliance policies:
With the significant boost in work-from-anywhere, companies would like to enable endpoint security more than ever. This includes device threat detection, malware detection, anti-phishing, and more. All UEMs provide these, although the big difference between them is how well they enable security and compliance, and how flexible they are when it comes to giving conditional access to certain data.
Provide a fully automated vs manual deployment:
Employees want to get their devices faster, IT wants to deploy devices faster, and businesses want to enable employees faster to get them onboard sooner. UEMs have the capability to provide automated and manual deployment. However, the choice of solution depends on enterprise's infrastructure and policies. Full automation of deployment is very applicable for corporate devices, while it may not be a good option for personally owned devices. Define your user groups and provisioning models, and make sure your candidate vendors satisfy requirements.
Phase 1 | Phase 2 |
---|---|
Define endpoint management platforms Explore endpoint management trends Classify table stakes & differentiating capabilities Streamline the requirements elicitation process for a new endpoint management platform | Discover key players across the vendor landscape Engage the shortlist and select finalist Prepare for implementation |
This phase will walk you through the following activity:
Define top-level features for meeting business and technical goals
This phase involves the following participants:
Understanding business needs through requirements gathering is the key to defining everything about what is
being purchased. However, it is an area where people often make critical mistakes.
Review Info-Tech's blueprint Improve Requirements Gathering to improve your requirements gathering process.
SoftwareReviews | |
---|---|
![]() |
![]() |
|
|
Comprehensive software reviews
to make better IT decisions
We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.
Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today's technology.
With the insight of our expert analysts, our members receive unparalleled support in their buying journey.
The following slides provide a top-level overview of the popular players you will encounter in the endpoint management shortlisting process in alphabetical order.
Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF, and NPS scores are pulled from live data as of January 2023.
A good option for enterprises that want a single-pane-of-glass UEM that is easy to use, with a modern-looking dashboard, high threat-management capability, and high-quality customer support.
Est. 1984 | CA, USA | NASDAQ: CSCO
8.8 |
9.1 |
+92 |
91% |
---|---|---|---|
COMPOSITE SCORE |
CX SCORE |
EMOTIONAL FOOTPRINT |
LIKELINESS TO RECOMMEND |
Screenshot of CISCO Meraki's dashboard. Source: Cisco
Strengths: |
Areas to improve: |
---|---|
|
|
A tool that enables you to access corporate resources on personal devices. It is adaptable to your budget. SoftwareReviews reports that 75% of organizations have received a discount at initial purchase or renewal, which makes it a good candidate if looking for a negotiable option.
Est. 1989 | TX, USA | Private
7.9 | 8.0 | 8.0 | 83% |
---|---|---|---|
COMPOSITE SCORE | CX SCORE | EMOTIONAL FOOTPRINT | LIKELINESS TO RECOMMEND |
Screenshot of Citrix Endpoint Management's dashboard. Source: Citrix
Strengths: | Areas to improve: |
---|---|
|
|
A perfect option to boost cybersecurity. Remote administration and installation are made very easy and intuitive on the platform. It is very user friendly, making implementation straightforward. It comes with four licensing options: Essential, Deluxe, Premier, and Enterprise. Check IBM's website for information on pricing and offerings.
Est. 1911 | NY, USA | NYSE: IBM
7.7 | 8.4 | +86 | 76% |
---|---|---|---|
COMPOSITE SCORE | CX SCORE | EMOTIONAL FOOTPRINT | LIKELINESS TO RECOMMEND |
Screenshot of IBM MaaS360's dashboard. Source: IBM
Strengths: | Areas to improve: |
---|---|
|
|
A powerful tool for patch management with a great user interface. You can automate patching and improve cybersecurity, while having complete visibility into devices. According to SoftwareReviews, 100% of survey participants plan to renew their contract with Ivanti.
Est. 1985 | CA, USA | Private
8.0 | 8.0 | +81 | 83% |
---|---|---|---|
COMPOSITE SCORE | CX SCORE | EMOTIONAL FOOTPRINT | LIKELINESS TO RECOMMEND |
Screenshot of Ivanti Neurons UEM's dashboard. Source: Ivanti
Strengths: | Areas to improve: |
---|---|
|
|
An Apple-focused UEM with a great interface. Jamf can manage and control macOS and iOS, and it is one of the best options for Apple products, according to users' sentiments. However, it may not be a one-stop solution if you want to manage non-Apple products as well. In this case, you can use Jamf in addition to another UEM. Jamf has some integrations with Microsoft, but it may not be sufficient if you want to fully manage Windows endpoints.
Est. 2002 | MN, USA | NASDAQ: JAMF
8.8 | 8.7 | +87 | 95% |
---|---|---|---|
COMPOSITE SCORE | CX SCORE | EMOTIONAL FOOTPRINT | LIKELINESS TO RECOMMEND |
Screenshot of Jamf PRO's dashboard. Source: Jamf
Strengths: | Areas to improve: |
---|---|
|
|
A strong choice for patch management, software deployment, asset management, and security management. There is a free version of the tool available to try get an understanding of the platform before purchasing a higher tier of the product.
Est. 1996 | India | Private
8.3 | 8.3 | +81 | 88% |
---|---|---|---|
COMPOSITE SCORE | CX SCORE | EMOTIONAL FOOTPRINT | LIKELINESS TO RECOMMEND |
Screenshot of ME Endpoint Central's dashboard. Source: ManageEngine
Strengths: | Areas to improve: |
---|---|
|
|
A solution that combines Intune and ConfigMgr's capabilities into a single endpoint management suite for enrolling, managing, monitoring, and securing endpoints. It's a very cost-effective solution for enterprises in the Microsoft ecosystem, but it also supports other operating systems.
Est. 1975 | NM, USA | NASDAQ: MSFT
8.0 | 8.5 | +83 | 85% |
---|---|---|---|
COMPOSITE SCORE | CX SCORE | EMOTIONAL FOOTPRINT | LIKELINESS TO RECOMMEND |
Screenshot of MS Endpoint Manager's dashboard. Source: Microsoft
Strengths: | Areas to improve: |
---|---|
|
|
A strong tool for managing and controlling mobile devices. It can access all profiles through Google and Apple, and it integrates with various IT management solutions.
Est. 1998 | CA, USA | NYSE: VMW
7.5 | 7.4 | +71 | 75% |
---|---|---|---|
COMPOSITE SCORE | CX SCORE | EMOTIONAL FOOTPRINT | LIKELINESS TO RECOMMEND |
Screenshot of Workspace ONE's dashboard. Source: VMware
Strengths: | Areas to improve: |
---|---|
|
|
Your Info-Tech analysts can help you narrow down the list of vendors that will meet your requirements.
Next steps will include:
As there are many solutions in the market that share capabilities, it is imperative to closely evaluate how well they fulfill your endpoint management requirements.
Use the UEM Requirements Workbook to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.
The output of this activity can be used for a detailed evaluation of UEM vendors. The next steps will be vendor briefing and having further discussion on technical capabilities and conducting demos of solutions. Info-Tech's blueprint, The Rapid Application Selection Framework, takes you to these next steps.
Use Info-Tech Research Group's blueprints for selection and implementation processes to guide your own planning.
If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.
Teams must have some type of communication strategy. This can be broken into:
Distributed teams create complexity because communication can break down more easily. This can be mitigated by:
Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:
Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
Be clear and realistic in your requirements to the vendor about the level of involvement you need to be successful.
Primary reasons to use a vendor:
Source: SoftwareReviews, January 2020 to January 2023, N= 20,024 unique reviews
To ensure your SOW is mutually beneficial, download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable.
Create a PoC charter that will enable a quick evaluation of the defined use cases and functions. These key dimensions should form the PoC.
To create a full proof of concept plan, download the Proof of Concept Template and see the instructions in Phase 3 of the blueprint Exploit Disruptive Infrastructure Technology.
This selection guide allows organizations to execute a structured methodology for picking a UEM platform that aligns with their needs. This includes:
This formal UEM selection initiative will map out requirements and identify technology capabilities to fill the gap for better endpoint management. It also allows a formal roll-out of a UEM platform that is highly likely to satisfy all stakeholder needs.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?
Compare and evaluate Unified Endpoint Management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best Unified Endpoint Management software for your organization.
This blueprint walks you through a process for a fast and efficient selection of your prospective application. You will be enabled to use a data-driven approach to select the right application vendor for your needs, shatter stakeholder expectations with truly rapid application selections, boost collaboration and crush the broken telephone with concise and effective stakeholder meetings, and lock in hard savings.
"BYOD Security Report." Cybersecurity Insiders, 2021. Accessed January 2023.
"Cloud Infrastructure Services Market." MarketsAnd Markets, 2019. Accessed December 2022.
Evans, Alma. "Mastering Mobility Management: MDM Vs. EMM Vs. UEM." Hexnode, 2019. Accessed November 2022.
"Evercore-ISI Quarterly Enterprise Technology Spending Survey." Evercore-ISI, 2022. Accessed January 2023.
"5G Service Revenue to Reach $315 Billion Globally in 2023." Jupiter Research, 2022. Accessed January 2023.
Hein, Daniel. "5 Common Unified Endpoint Management Use Cases You Need to Know." Solutions Review, 2020. Accessed January 2023.
"Mobile Device Management Market Size, Share & COVID-19 Impact Analysis." Fortune Business Insights, 2021. Accessed December 2022.
Ot, Anina. "The Unified Endpoint Management (UEM) Market." Datamation, 14 Apr. 2022. Accessed Jan. 2023.
Poje, Phil. "CEO Corner: 4 Trends in Unified Endpoint Management for 2023." Tech Orchard, 2022. Accessed January 2023.
"The Future of UEM November 2021 Webinar." Ivanti, 2021. Accessed January 2023.
"The Third Annual Study on the State of Endpoint Security Risk." Ponemon Institute, 2020. Accessed December 2022.
"The Ultimate Guide to Unified Endpoint Management (UEM)." MobileIron. Accessed January 2023.
"Trends in Unified Endpoint Management." It Pro Today, 2018. Accessed January 2023.
Turek, Melanie. "Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research." Samsung Insights, 3 Aug. 2016.
"2023 State of Security Report." Cybersecurity Insiders, 2022. Accessed January 2023.
Violino, Bob. "Enterprise Mobility 2022: UEM Adds User Experience, AI, Automation." Computerworld, 2022. Accessed January 2023.
Violino, Bob. "How to Choose the Right UEM Platform." Computerworld, 2021. Accessed January 2023.
Violino, Bob. "UEM Vendor Comparison Chart 2022." Computerworld, 2022. Accessed January 2023.
Wallent, Michael. "5 Endpoint Management Predictions for 2023." Microsoft, 2022. Accessed January 2023.
"What Is the Difference Between MDM, EMM, and UEM?" 42Gears, 2017. Accessed November 2022.
Summary of the deck.
ChatGPT is a generative AI tool developed by OpenAI, a non-profit founded by Silicon Valley titans, including Elon Musk and Sam Altman. It is designed to interact with users in a way that mimics human dialogue. The tool became available via a research release on November 30, 2022, and was an immediate hit – within a week; it attracted more than a million users. Functionally, ChatGPT is designed to answer questions, but it is not the first one. The concept has existed for decades. While it is very powerful, it has also attracted criticism.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Start by documenting your recovery workflow. Create supporting documentation in the form of checklists, flowcharts, topology diagrams, and contact lists. Finally, summarize your DR capabilities in a DRP Summary Document for stakeholders and auditors.
Select criteria for assessing DRP tools, and evaluate whether a business continuity management tool, document management solution, wiki site, or manually distributing documentation is best for your DR team.
Learn how to integrate DRP maintenance into core IT processes, and learn what to look for during testing and during annual reviews of your DRP.
Model your DRP after the XMPL case study disaster recovery plan documentation.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Teach your team how to create visual-based documentation.
Learn how to create visual-based DR documentation.
1.1 Conduct a table-top planning exercise.
1.2 Document your high-level incident response plan.
1.3 Identify documentation to include in your playbook.
1.4 Create an initial collection of supplementary documentation.
1.5 Discuss what further documentation is necessary for recovering from a disaster.
1.6 Summarize your DR capabilities for stakeholders.
Documented high-level incident response plan
List of documentation action items
Collection of 1-3 draft checklists, flowcharts, topology diagrams, and contact lists
Action items for ensuring that the DRP is executable for both primary and backup DR personnel
DRP Summary Document
Learn the considerations for publishing your DRP.
Identify the best strategy for publishing your DRP.
2.1 Select criteria for assessing DRP tools.
2.2 Evaluate categories for DRP tools.
Strategy for publishing DRP
Address the common pain point of unmaintained DRPs.
Create an approach for maintaining your DRP.
3.1 Alter your project intake considerations.
3.2 Integrate DR considerations into change management.
3.3 Integrate documentation into performance measurement and performance management.
3.4 Learn best practices for maintaining your DRP.
Project Intake Form Addendum Template
Change Management DRP Checklist Template
“This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:
Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan
This blueprint walks you through building these inputs.
Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)
The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.
Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.
Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:
![]() (Source: Info-Tech Research Group, N=165) |
![]() (Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed)) |
If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.
DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.
DR success scores are based on:
“Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)
Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain. | ➔ | “Easy to maintain” leads to a 46% higher rate of DR success. |
![]() |
Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.
Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.
Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.
Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.
Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.
Phases |
Phase 1: Streamline DRP documentation | Phase 2: Select the optimal DRP publishing strategy | Phase 3: Keep your DRP relevant through maintenance best practices | |||
Phases |
1.1 |
Start with a recovery workflow |
2.1 |
Decide on a publishing strategy |
3.1 |
Incorporate DRP maintenance into core IT processes |
1.2 |
Create supporting DRP documentation |
3.2 |
Conduct an annual focused review | |||
1.3 |
Write the DRP Summary | |||||
Tools and Templates |
End-to-End Sample DRP | DRP Publishing Evaluation Tool | Project In-take/Request Form
Change Management Checklist |
Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.
XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.
Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.
XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.
XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.
Recovery Workflow:
Recovery Procedures (Systems Recovery Playbook):
Additional Reference Documentation:
Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
1. Streamline DRP Documentation | 2. Select the Optimal DRP Publishing Strategy | 3. Keep Your DRP Relevant | |
---|---|---|---|
![]() Best-Practice Toolkit |
1.1 Start with a recovery workflow 1.2 Create supporting DRP documentation 1.3 Write the DRP summary |
2.1 Create Committee Profiles |
3.1 Build Governance Structure Map 3.2 Create Committee Profiles |
Guided Implementations |
|
|
|
![]() Onsite Workshop |
Module 1:
Streamline DRP documentation |
Module 2:
Select the optimal DRP publishing strategy |
Module 3:
Learn best practices for keeping your DRP relevant |
Phase 1 Outcome:
|
Phase 2 Outcome:
|
Phase 3 Outcome:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 Info-Tech Analysts Finalize Deliverables |
|
---|---|---|---|---|---|
Activities |
Assess DRP Maturity and Review Current Capabilities0.1 Assess current DRP maturity through Info-Tech’s Maturity Scorecard. 0.2 Identify the IT systems that support mission-critical business activities, and select 2 or 3 key applications to be the focus of the workshop. 0.3 Identify current recovery strategies for selected applications. 0.4 Identify current DR challenges for selected applications. |
Document Your Recovery Workflow1.1 Create a recovery workflow: review tabletop planning, walk through DR scenarios, identify DR gaps, and determine how to fill them. |
Create Supporting Documentation1.2 Create supporting DRP documentation. 1.3 Write the DRP summary. |
Establish a DRP Publishing, Management, and Maintenance Strategy2.1 Decide on a publishing strategy. 3.1 Incorporate DRP maintenance into core IT. 3.2 Considerations for reviewing your DRP regularly. |
|
Deliverables |
|
|
|
|
Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.
PHASE 1 |
PHASE 2 |
PHASE 3 |
|||
1.1 | 1.2 | 1.3 | 2.1 | 3.1 | 3.2 |
Start with a Recovery Workflow | Create Supporting Documentation | Write the DRP Summary | Select DRP Publishing Strategy | Integrate into Core IT Processes | Conduct an Annual Focused Review |
A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.
Recovery Workflow |
➔ |
The recovery workflow maps out the incident response plan from event detection, assessment, and declaration to systems recovery and validation. This documentation includes:
|
Recovery Procedures (Playbook) | ||
Additional Reference Documentation |
“We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)
Specifically, review the following from your BIA:
CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.
Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.
1.1.1 Tabletop Planning Exercise
Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.
Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.
The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.
Note:
Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.
Use the sample DRP to guide your own flowchart. Some notes on the example are:
This sample flowchart is included in XMPL Recovery Workflows.
PHASE 1 | PHASE 2 | PHASE 3 | |||
1.1 | 1.2 | 1.3 | 2.1 | 3.1 | 3.2 |
Start with a Recovery Workflow | Create Supporting Documentation | Write the DRP Summary | Select DRP Publishing Strategy | Integrate into Core IT Processes | Conduct an Annual Focused Review |
Recovery Workflow |
Write your recovery procedures playbook to be effective and usable. Your playbook documentation should include:
Reference vendors’ technical information in your flowcharts and checklists where appropriate. |
|
Recovery Procedures (Playbook) |
➔ | |
Additional Reference Documentation |
➔ |
Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.
XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.
Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.
Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.
Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
“Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)
You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.
Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:
DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?
PHASE 1 | PHASE 2 | PHASE 3 | |||
1.1 | 1.2 | 1.3 | 2.1 | 3.1 | 3.2 |
Start with a Recovery Workflow | Create Supporting Documentation | Write the DRP Summary | Select DRP Publishing Strategy | Integrate into Core IT Processes | Conduct an Annual Focused Review |
1.3.1 DRP Summary Document
XMPL’s DRP Summary is organized into the following categories:
Application tier | Desired RTO (hh:mm) | Desired RPO (hh:mm) | Achievable RTO (hh:mm) | Achievable RPO (hh:mm) |
Tier 1 | 4:00 | 1:00 | *90:00 | 1:00 |
Tier 2 | 8:00 | 1:00 | *40:00 | 1:00 |
Tier 3 | 48:00 | 24:00 | *96:00 | 24:00 |
The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).
In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.
PHASE 1 | PHASE 2 | PHASE 3 | |||
1.1 | 1.2 | 1.3 | 2.1 | 3.1 | 3.2 |
Start with a Recovery Workflow | Create Supporting Documentation | Write the DRP Summary | Select DRP Publishing Strategy | Integrate into Core IT Processes | Conduct an Annual Focused Review |
Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.
Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options. | ➔ |
![]() Note: Percentages total more than 100% due to respondents using more than one portability strategy. (Source: Info-Tech Research Group, N=118) |
Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version. | ||
Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company. |
This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:
The tool enables you to compare two possible solutions based on these key considerations discussed in this section:
The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.
For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.
The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.
About this approach:
BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.
The business case for a BCM tool is built by answering the following questions:
If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.
“We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)
About this approach:
DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.
Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.
For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.
“Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)
About this approach:
Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.
While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.
Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:
If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.
About this approach:
With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.
Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.
This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.
About this approach:
Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.
A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.
One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.
The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.
Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:
This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.
As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.
PHASE 1 | PHASE 2 | PHASE 3 | |||
1.1 | 1.2 | 1.3 | 2.1 | 3.1 | 3.2 |
Start with a Recovery Workflow | Create Supporting Documentation | Write the DRP Summary | Select DRP Publishing Strategy | Integrate into Core IT Processes | Conduct an Annual Focused Review |
Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.
Assess how new projects impact service criticality and DR requirements upfront during project intake |
![]() |
Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.
This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.
Leverage your change management process to identify required DRP updates as they occur |
![]() |
This template asks the submitter to fill out the availability and criticality requirements for the project.
For change management best practices beyond DRP considerations, please see Optimize Change Management.
Integrate documentation into performance measurement and performance management |
![]() |
Why documentation is such a challenge |
How management can address these challenges |
We all know that IT staff typically do not like to write documentation. That’s not why they were hired, and good documentation is not what gets them promoted. | Include documentation deliverables in your IT staff’s performance appraisal to stress the importance of ensuring documentation is up to date, especially where it might impact DR success. |
Similarly, documentation is secondary to more urgent tasks. Time to write documentation is often not allocated by project managers. | Schedule time for developing documentation, just like any other project, or it won’t happen. |
Writing manuals is typically a time-intensive task. | Focus on what is necessary for another experienced IT professional to execute the recovery. As discussed earlier, often a diagram or checklist is good enough and actually far more usable in a crisis. |
“Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)
PHASE 1 | PHASE 2 | PHASE 3 | |||
1.1 | 1.2 | 1.3 | 2.1 | 3.1 | 3.2 |
Start with a Recovery Workflow | Create Supporting Documentation | Write the DRP Summary | Select DRP Publishing Strategy | Integrate into Core IT Processes | Conduct an Annual Focused Review |
Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.
The COBIT 5 Enablers provide a foundation for this analysis. Consider:
COBIT 5 Enablers
What changes need to be reflected in your DRP?
Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing
Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.
XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.
Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.
XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.
XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.
Recovery Workflow:
Recovery Procedures (Systems Recovery Playbook):
Additional Reference Documentation:
Use our structure to create your practical disaster recovery plan.
Use visual-based documentation instead of a traditional DRP manual.
Create your DRP in layers to keep the work manageable.
Prioritize quick wins to make DRP maintenance easier and more likely to happen.
Knowledge Gained
Processes Optimized
Deliverables Completed
Client Project: Document and Maintain Your Disaster Recovery Plan
This project has the ability to fit the following formats:
Create a Right-Sized Disaster Recovery Plan
Close the gap between your DR capabilities and service continuity requirements.
Reduce Costly Downtime Through DR Testing
Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.
Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.
Prepare for a DRP Audit
Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.
A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.
“APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.
Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.
COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.
“EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.
Risk Management. ISO 31000:2009.
Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.
Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.
Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.
Understanding and Articulating Risk Appetite. KPMG, 2008.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s licensing best practices to avoid shelfware with VMware licensing and remain compliant in case of an audit.
Use Info-Tech’s licensing best practices to avoid shelfware with VMware licensing and remain compliant in case of an audit.
Manage your renewals and transition to the cloud subscription model.
EXECUTIVE BRIEF
![]() |
The mechanics of negotiating a deal with VMware may seem simple at first as the vendor is willing to provide a heavy discount on an enterprise license agreement (ELA). However, come renewal time, when a reduction in spend or shelfware is needed, or to exit the ELA altogether, the process can be exceedingly frustrating as VMware holds the balance of power in the negotiation. Negotiating a complete agreement with VMware from the start can save you from an immense headache and unforeseen expenditures. Many VMware customers do not realize that the terms and conditions in the Volume Purchasing Program (VPP) and Enterprise Purchasing Program (EPP) agreements limit how and where they are able to use their licenses. Furthermore, after the renewal is complete, organizations must still worry about the management of various license types, accurate discovery of what has been deployed, visibility into license key assignments, and over and under use of licenses. Preventive and proactive measures enclosed within this blueprint will help VMware clients mitigate this minefield of challenges. |
Scott Bickley |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
VMware's dominant position in the virtualization space can create uncertainty to your options in the long term as well as the need to understand:
Make an informed decision with your VMware investments to allow for continued ROI. |
There are several hurdles that are presented when considering a VMware ELA:
Overcoming these and other obstacles are key to long-term satisfaction with your VMware infrastructure. |
Info-Tech has a two-phase approach:
A tactical roadmap approach to VMware ELA and the cloud will ensure long-term success and savings. |
VMware customers almost always have incomplete price information from which to effectively negotiate a “best in class” ELA.
ELAs and EPPs are generally the only way to get a deep discount from VMware.
Competition is a key driver of price
1. Manage Your VMware Agreements |
2. Transition to the VMware Cloud |
|
---|---|---|
Phase Steps |
1.1 Establish licensing requirements 1.2 Evaluate licensing options 1.3 Evaluate agreement options 1.4 Purchase and manage licenses 1.5 Understand SnS renewal management |
2.1 Understand the VMware subscription model 2.2 Migrate workloads and licenses 2.3 Manage SnS and cloud subscriptions |
Phase Outcomes |
Understanding of your licensing requirements and what agreement option best fits your needs for now and the future. Knowledge of VMware’s sales model and how to negotiate the best deal. |
Knowledge of the evolving cloud subscription model and how to plan your cloud migration and transition to the new licensing. |
Overarching insight With the introduction of the subscription licensing model, VMware licensing and renewals are becoming more complex and require a deeper understanding of the license program options to best manage renewals and cloud deployments as well as to maximize legacy ROI. |
||
Phase 1 insight Contracts are typically overweighted with a discount at the expense of contractual T&Cs that can restrict license usage and expose you to unpleasant financial surprises and compliance risk. |
Phase 1 insight VMware has a large lead in being first to market and it realizes running dual virtualization stacks is complex, unwieldy, and expensive. To further complicate the issues, most skill sets in the industry are skewed toward VMware. |
Phase 2 insight VMware has purposefully reduced a focus on the actual license terms and conditions; most customers focus on the transactional purchase or the ELA document, but the rules governing usage are on a website and can be changed by VMware regularly. |
Tactical insight Beware of out-year pricing and ELA optimization reviews that may provide undesirable surprises and more spend than was planned. |
Tactical insight Negotiate desired terms and conditions at the start of the agreement, and prioritize which use rights may be more important than an additional discount percentage. |
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
VMware ELA Analysis Tool |
VMware ELA RFQ Template Tool |
VPP Transaction Purchase Tool |
---|---|---|
VMware ELA Analysis Tool |
Use this tool as a template for an RFQ with VMware ELA contracts. |
Use this tool to analyze cost breakdown and discount based on your volume purchasing program (VPP) level. |
![]() |
![]() |
![]() |
VMware Business as Usual SnS Renewal Only Tool
Use this tool to analyze discounts from a multi-year agreement vs. prepay. See how you can get the best discount.
Why VMware |
What to Know |
The Future |
---|---|---|
VMware is the leader in OS virtualization, however, this is a saturated market, which is being pressured by public and hybrid cloud as a competitive force taking market share. There are few viable alternatives to VMware for virtualization due to vendor lock-in of existing IT infrastructure footprint. It is too difficult and cost prohibitive to make a shift away from VMware even when alternative solutions are available. |
ELAs are the preferred method of contracting as it sets the stage for a land-and-expand product strategy; once locked into the ELA model, customers must examine VMware alternatives with preference or risk having Support and Subscription Services (SnS) re-priced at retail. VMware does not provide a great deal of publicly available information regarding its enterprise license agreement (ELA) options, leaving a knowledge gap that allows the sales team to steer the customer. |
VMware is taking countermeasures against increasing competition. Recent contract terms changed to eliminate perpetual caps on SnS renewals; they are now tied to a single year of discounted SnS, then they go to list price. Migration of list pricing to a website versus contract, where pricing can now be changed, reducing discount percentage effectiveness. Increased audits of customers, especially those electing to not renew an ELA.
|
|
|
---|
INDUSTRY: Finance
SOURCE: VMware.com
“We’ll have network engineers, storage engineers, computer engineers, database engineers, and systems engineers all working together as one intact team developing and delivering goals on specific outcomes.” – Vipul Nagrath, CIO, ADP
Improving developer capital management
Constant innovation helped ADP keep ahead of customer needs in the human resources space, but it also brought constant changes to the IT environment. Internally, the company found it was spending too long working on delivering the required infrastructure and system updates. IT staff wanted to improve velocity for refreshes to better match the needs of ADP developers and encourage continued development innovation.
Business needs
Impact
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
---|---|---|---|
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” | “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” | “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” | “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” |
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
Call #1: Discuss scope requirements, objectives, and your specific challenges. Call #2: Assess the current state. Determine licensing position. Call #3: Complete a deployment count, needs analysis, and internal audit. |
Call #4: Review findings with analyst:
Call #5: Select licensing option. Document forecasted costs and benefits. |
Call #6: Review final contract:
Call #7: Negotiate final contract. Evaluate and develop a roadmap for SAM. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 2 to 6 calls over the course of 1 to 2 months.
Phase 1 | Phase 2 |
---|---|
1.1 Establish licensing requirements 1.2 Evaluate licensing options 1.3 Evaluate agreement options 1.4 Purchase and manage licenses | 2.1 Understand the VMware subscription model 2.2 Migrate workloads and licenses 2.3 Discuss the VMware sales approach 2.4 Manage SnS and cloud subscriptions |
This phase will walk you through the following activities:
This phase will take you thorough:
vSphere Main Editions Overview
Review vSphere Edition Features
Download the vSphere Edition 7 Features List
VMware agreement types
Review purchase options to align with your requirements.
Transactional | VPP | EPP | ELA |
---|---|---|---|
Transactional |
Entry-level volume license purchasing program |
Mid-level purchasing program |
Highest-level purchasing program |
|
|
Deal size of initial purchase typically is:
Minimum deal size of top-up purchase:
|
Minimum deal size of initial purchase:
|
How the program works
Benefits
VPP Point & Discount Table
Level |
Point Range |
Discount |
---|---|---|
1 |
250-599 |
4% |
2 |
600-999 |
6% |
3 |
1,000-1,749 |
9% |
4 |
1,750+ |
12% |
1-3 hours
Instructions:
Input | Output |
|
|
Materials | Participants |
|
|
Download the VPP Transactional Purchase Tool
What to know when using a token/credit-based agreement.
Token/credit-based agreements carry high risk as customers are purchasing a set number of tokens/credits to be redeemed during the ELA term for licenses.
How the program works
Benefits
EPP Level & Point Table
Level | Point Range |
---|---|
7 | 2,500-3,499 |
8 | 3,500-4,499 |
9 | 4,500-5,999 |
10 | 6,000+ |
If a legacy ELA exists that has “deploy or lose” language, engage VMware to recapture any lost license rights as VMware has changed this language effective with 2016 agreements and there is an “appeals” process for affected customers.
The advantages of an ELA are:
General disadvantages are:
ELA Type |
Description |
Pros and Cons |
---|---|---|
Capped (max quantities) |
Used to purchase a specific quantity and type of license. |
Pro – Clarity on what will be purchased Pro – Lower risk of over licensing Con – Requires accurate forecasting |
All you can eat or unlimited |
Used to purchase access to specified products that can be deployed in unlimited quantities during the ELA term. |
Pro – Acquire large quantity of licenses Pro – Accurate forecasting not critical Con – Deployment can easily exceed forecast, leading to high renewal costs |
Burn-down |
A form of capped ELA purchase that uses prepaid tokens that can be used more flexibly to acquire a variety of licenses or services. This can include the hybrid purchasing program (HPP) credits. However, the percentage redeemable for VMware subscription services may be limited to 10% of the MSRP value of the HPP credit. |
Pro – Accurate demand forecast not critical Pro – Can be used for products and services Con – Unused tokens or credits are forfeited |
True-up |
Allows for additional purchases during the ELA term on a determined schedule based on the established ELA pricing. |
Pro – Consumption payments matched after initial purchase Pro – Accurate demand forecast not critical Con – Potentially requires transaction throughout term |
Editable copies of VMware’s license and governance documentation are a requirement to initiate the dialogue and negotiation process over T&Cs.
VMware’s licensing is complex and although documentation is publicly available, it is often hidden on VMware’s website.
Many VMware customers often overlook reviewing the license T&Cs, leaving them open to compliance risks.
It is imperative for customers to understand:
Build in time to obtain, review, and negotiate these documents (easily weeks to months).
Use Rights
Product details that go beyond the sales pitch |
|
---|---|
Different support levels (e.g. basic, enterprise, per incident) |
|
Details to ensure the product being purchased matches the business needs |
|
SnS renewals pricing is based on the (1) year SnS list price |
|
Governing agreements, VPP program details |
|
2-4 hours
Instructions:
Input | Output |
|
|
Materials | Participants |
|
|
Download the VMware ELA Analysis Tool
Securing “out years” pricing for SnS or the cost of SnS is critical or it will default to a set percentage (25%) of MSRP, removing the ELA discount. |
|
↓ | |
Typically, the out year is one year; maximum is two years. |
|
↓ | |
Negotiate the “go forward” SnS pricing post-ELA term as part of the ELA negotiations when you have some leverage. |
Default after (1) out year is to rise to 25% of current MSRP versus as low as 20% of net license price within the ELA. |
↓ | |
Carefully incorporate the desired installed-base licenses that were acquired pre-ELA into the agreement, but ensure unwanted licenses are removed. |
|
↓ | |
Ancillary but binding support policies, online terms and conditions, and other hyperlinked documentation should be negotiated and incorporated as part of the agreement whenever possible. |
1-3 hours
Use this tool for as a template for an RFQ with VMware ELA contracts.
Input | Output |
|
|
Materials | Participants |
|
|
Download the VMware ELA RFQ Template
Shift to Subscription
VMware has a license cost calculator and additional licensing documents that can be used to help determine what spend should be.
Phase 1 | Phase 2 |
---|---|
1.1 Establish licensing requirements 1.2 Evaluate licensing options 1.3 Evaluate agreement options 1.4 Purchase and manage licenses | 2.1 Understand the VMware subscription model 2.2 Migrate workloads and licenses 2.3 Discuss the VMware sales approach 2.4 Manage SnS and cloud subscriptions |
This phase will walk you through the following activities:
This phase will take you thorough:
VMware Cloud Assist
Combine SaaS and on-premises capabilities for automation, operations, log analytics, network visibility, security, and compliance into one license.
INFO-TECH TIP: Create your own assumptions as inputs into the BAU model and then evaluate the ELA value proposition instead of depending on VMware’s model.
Use Info-Tech Research Group’s customized RFQ template to discover true discount levels and model various purchase options for VMware ELA proposals.
Processes Optimized
Prepare for Negotiations More Effectively
Price Benchmarking & Negotiation
You need to achieve an objective assessment of vendor pricing in your IT contracts, but you have limited knowledge about:
VMware vRealize Cloud Management
VMware vCloud Suite is an integrated offering that brings together VMware’s industry-leading vSphere hypervisor and VMware vRealize Suite multi-vendor hybrid cloud management platform. VMware’s new portable licensing units allow vCloud Suite to build and manage both vSphere-based private clouds and multi-vendor hybrid clouds.
Barrett, Alex. “vSphere and vCenter licensing and pricing explained -- a VMware license guide.” TechTarget, July 2010. Accessed 7 May 2018.
Bateman, Kayleigh. “VMware licensing, pricing and features mini guide.” Computer Weekly, May 2011. Accessed 7 May 2018.
Blaisdell, Rick. “What Are The Common Business Challenges The VMware Sector Faces At This Point In Time?” CIO Review, n.d. Accessed 7 May 2018.
COMPAREX. “VMware Licensing Program.” COMPAREX, n.d. Accessed 7 May 2018.
Couesbot, Erwann. “Using VMware? Oracle customers hate this licensing pitfall.” UpperEdge, 17 October 2016. Accessed 7 May 2018.
Crayon. “VMware Licensing Programs.” Crayon, n.d. Accessed 7 May 2018.
Datanyze." Virtualization Software Market Share.” Datanyze, n.d. Web.
Demers, Tom. “Top 18 Tips & Quotes on the Challenges & Future of VMware Licensing.” ProfitBricks, 1 September 2015. Accessed 7 May 2018.
Fenech, J. “A quick look at VMware vSphere Editions and Licensing.” VMware Hub by Altaro, 17 May 2017. Accessed 7 May 2018.
Flexera. “Challenges of VMware Licensing.” Flexera, n.d. Accessed 5 February 2018.
Fraser, Paris. “A Guide for VMware Licensing.” Sovereign, 11 October 2016. Accessed 7 May 2018.
Haag, Michael. “IDC Data Shows vSAN is the Largest Share of Total HCI Spending.” VMware Blogs, 1 December 2017. Accessed 7 May 2018.
Kealy, Victoria. “VMware Licensing Quick Guide 2015.” The ITAM Review, 17 December 2015. Accessed 7 May 2018.
Kirsch, Brian. “A VMware licensing guide to expanding your environment.” TechTarget, August 2017. Accessed 7 May 2018.
Kirupananthan, Arun. “5 reasons to get VMware licensing right.” Softchoice, 16 April 2018. Accessed 7 May 2018.
Knorr, Eric. “VMware on AWS: A one-way ticket to the cloud.” InfoWorld, 17 October 2016. Accessed 7 May 2018
Leipzig. “Help, an audit! License audits by VMware. Are you ready?” COMPAREX Group, 2 May 2016. Accessed 7 May 2018.
Mackie, Kurt. “VMware Rips Microsoft for Azure “Bare Metal” Migration Solution.” Redmond Magazine, 27 November 2017. Accessed 7 May 2018.
Micromail. “VMware vSphere Software Licensing.” Micromail, n.d. Accessed 7 May 2018.
Microsoft Corportation. “Migrating VMware to Microsoft Azure” Microsoft Azure, November 2017. Accessed 7 May 2018.
Peter. “Server Virtualization and OS Trends.” Spiceworks, 30 August 2016. Accessed 7 May 2018.
Rich. “VMware running on Azure.” The ITAM Review, 28 November 2017. Accessed 7 May 2018.
Robb, Drew. “Everything you need to know about VMware’s licensing shake up.” Softchoice, 4 March 2016. Accessed 7 May 2018.
Rose, Brendan. “How to determine which VMware licensing option is best.” Softchoice, 28 July 2015. Accessed 7 May 2018.
Scholten, Eric. “New VMware licensing explained.” VMGuru, 12 July 2011. Accessed 7 May 2018.
Sharwood, Simon. “Microsoft to run VMware on Azure, on bare metal. Repeat. Microsoft to run VMware on Azure.” The Register, 22 November 2017. Accessed 7 May 2018.
Siebert, Eric. “Top 7 VMware Management Challenges.” Veeam, n.d. Web.
Smith, Greg. “Will The Real HCI Market Leader Please Stand Up?” Nutanix, 29 September 2017. Accessed 7 May 2018.
Spithoven, Richard. “Licensing Oracle software in VMware vCenter 6.0.” LinkedIn, 2 May 2016. Accessed 7 May 2018.
VMTurbo, Inc. “Licensing, Compliance & Audits in the Cloud Era.” Turbonomics, November 2015. Web.
VMware. “Aug 1st – Dec 31st 2016 Solution Provider Program Requirements & Incentives & Rewards.” VMware, n.d. Web.
VMware. “Global Support and Subscription Services “SnS” Renewals Policy.” VMware, n.d. Web.
VMware. “Support Policies.” VMware, n.d. Accessed 7 May 2018.
VMware. “VMware Cloud Community.” VMware Cloud, n.d. Accessed 7 May 2018.
VMware. “VMware Cloud on AWS” VMware Cloud, n.d. Accessed 7 May 2018.
VMware. “VMware Enterprise Purchasing Program.” VMware, 2013. Web.
VMware. “VMware Product Guide.” VMware, May 2018. Web.
VMware. “VMware Volume Purchasing Program.” VMware, April 2019. Web.
VMware. "VMware Case Studies." VMware, n.d. Web.
Wiens, Rob. “VMware Enterprise Licensing – What You Need To Know. House of Brick, 14 April 2017. Accessed 7 May 2018
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Standardize your product quality definition and your QA roles, processes, and guidelines according to your business and IT priorities.
Build a solid set of good practices to define your defect tolerances, recognize the appropriate test coverage, and communicate your test results.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss your quality definition and how quality is interpreted from both business and IT perspectives.
Review your case for strengthening your QA practice.
Review the standardization of QA roles, processes, and guidelines in your organization.
Grounded understanding of quality that is accepted across IT and between the business and IT.
Clear QA roles and responsibilities.
A repeatable QA process that is applicable across the delivery pipeline.
1.1 List your QA objectives and metrics.
1.2 Adopt your foundational QA process.
Quality definition and QA objectives and metrics.
QA guiding principles, process, and roles and responsibilities.
Discuss the practices to reveal the sufficient degree of test coverage to meet your acceptance criteria, defect tolerance, and quality definition.
Review the technologies and tools to support the execution and reporting of your tests.
QA practices aligned to industry good practices supporting your quality definition.
Defect tolerance and acceptance criteria defined against stakeholder priorities.
Identification of test scenarios to meet test coverage expectations.
2.1 Define your defect tolerance.
2.2 Model and prioritize your tests.
2.3 Develop and execute your QA activities.
2.4 Communicate your QA activities.
Defect tolerance levels and courses of action.
List of test cases and scenarios that meet test coverage expectations.
Defined test types, environment and data requirements, and testing toolchain.
Test dashboard and communication flow.
Most business leaders think that the best way to beat the competition is to push their development teams harder and demand faster delivery. I've seen the opposite happen many times.
When you prioritize "shipping fast" and "getting to market first," you often end up taking the longest time to succeed, because your team must spend months, sometimes years, addressing the problems caused by your haste. On the surface, things appear to be improving, but internally, they can feel overwhelming. You will notice this impact on your staff.
This is the harsh truth about rushing IT development:
Here's what really happens in the codebase when you tell your team to "just get it done fast": you don't do proper input validation and sanitization because you say, "We'll add that later." And then you have to deal with SQL injection attacks and data breaches for months. This wasted time could have been avoided by using simple parameterized queries and validation frameworks.
In 2024, the average cost of a data breach was $4.88 million. 73% of these breaches require more than 200 days to resolve. You only code for the happy flow, but real users submit incorrect data, experience network timeouts, and encounter failures with third-party APIs.
Your app crashes more than it should because you didn't set up proper error handling, or circuit breakers, or graceful degradation patterns. I know these take time to implement, but what would you rather have? Customers abandoning it?
Businesses lose an average of $5,600 per minute when their systems go down, and e-commerce sites can lose up to $300,000 per hour during busy times. Instead of fixing the root causes of problems, you just patch them up with quick fixes. Instead of proper garbage collection, that memory leak gets a band-aid restart script. Instead of being optimized, the slow database query is cached.
Soon, you will find yourself struggling to keep your building intact.
To keep up with technical debt, companies usually have to spend 23–42% of their total IT budget each year.
You don't do full testing because "writing unit tests takes longer than manual testing." This approach does not include load testing, test-driven development, or integration testing. Your first real test is when you have paying customers in production. Companies that don't test their software properly have 60% more bugs in their products and spend 40% more time fixing them than companies that do.
You start without being able to properly monitor and see what's going on. There are no logging frameworks, no application performance monitoring, and no health checks in place. When things go wrong—and they will—it's difficult to figure out what's amiss. Without proper monitoring, it takes an average of 4.5 hours to find and fix IT problems. With full observability tools, it only takes 45 minutes.
It's easy to see that every shortcut you take today will cause two new problems tomorrow. Each of those problems makes two more. You're going to be in a lot of trouble with technical debt, security holes, and unstable systems soon. All because you were in a hurry to meet some random deadline.
The true cost of rushing in those "move fast and break things" success stories is often overlooked. You don't guarantee a quick time to market when you rush code to market. You're just making sure that failure to market happens quickly. Remember that most Silicon Valley break-movers lose millions, but you never read about those; you only read about the 1 in 350 VC-backed companies that make it. That is a staggering 0.29%. I would not bet on that strategy just yet.
Because code that is rushed doesn't just break once. It breaks all the time. In production. This issue arises when dealing with real customers. At the worst times. Your developers are putting out fires instead of adding new features. Instead of adding the features that the customer asked for, they're fixing race conditions at 2 AM. They're patching vulnerabilities in dependencies rather than creating the next version.
According to research, developers in environments with a lot of technical debt spend 42% of their time on maintenance and bug fixes, while those in well-architected systems spend only 23% of their time on these tasks. Bad code drives up your infrastructure costs by requiring more servers to handle the same load. Your database runs slower because no one took the time to make the right indexes or make the queries run faster. Unoptimized applications typically require 3 to 5 times more infrastructure resources, directly impacting your cloud computing and operational costs.
The costs of getting new customers go up because products that are rushed have higher churn rates. People stop using apps that crash a lot or don't work well. For example, 53% of mobile users will stop using an app if it takes longer than 3 seconds to load. It costs 5 to 25 times more to get a new customer than to keep an old one.
In the meantime, what about your competitor who took an extra month to set up proper error handling, security controls, and performance optimization? They're growing smoothly while you're still working on the base.
Let me tell you a myth that is costing you millions: The race isn't about speed unless you're in a real winner-take-all market with huge network effects. It's about lasting.
There is usually room for more than one winner in most markets. Your real job isn't to be the first to market; it's to still be there when the "fast movers" fail because they owe too much money. The businesses that are the biggest in their markets aren't usually the first ones there. They are the ones who took the time to use excellent software engineering practices from the start. They used well-known security frameworks like the OWASP guidelines to make their systems safe, set up the right authentication and authorization patterns, and made sure their APIs were designed with security and resilience in mind from the start.
Companies that have good security practices have 76% fewer security incidents and save an average of $1.76 million for every breach they avoid. They wrote code for failure scenarios using patterns like retry logic with exponential backoff, circuit breakers to stop failures from spreading, and bulkhead isolation to keep problems from spreading.
They set up full logging and monitoring so they could find problems before customers did. Systems that are built well and have the right resilience patterns are up 99.9% of the time, while systems that are built quickly are up 95% to 98% of the time. While you may believe that 95% to 98% uptime is an acceptable figure to agree to, take a moment to consider what that actually translates to in terms of downtime for your availability metrics. Remember that you should only calculate the times you really want to be available. This is due to the fact that any unavailability during your downtime is not taken into account. But failures do not take your opening hours into consideration.
Successful companies used domain-driven design to get the business requirements right, made complete API documentation, and built automated testing suites that found regressions before deployment. Companies that do a lot of testing deliver features 2.5 times faster and with 50% fewer bugs after deployment.
They made sure that their environments were always the same by using infrastructure as code, setting up the right CI/CD pipelines with automated security scanning and regression testing, and planning for horizontal scaling from the start.
Companies that have mature DevOps practices deploy 208 times more often and have lead times that are 106 times faster, all while being more reliable.
The truth is that your development schedule isn't about meeting deadlines. The purpose is to create systems that function effectively when real people use them in real-life situations with actual data and at a large scale. If your code crashes under load because you didn't use the right caching strategies or database connection pooling, it doesn't matter how fast it is to market.
If you neglect to conduct security code reviews and utilize static analysis tools, the likelihood of hacking increases significantly.
Think about the return on investment: putting in an extra 20–30% up front for the right architecture, security, and testing usually cuts the total cost of ownership by 60–80% over the life of the application.
The first "delay" of 2 to 4 weeks for proper engineering practices saves 6 to 12 months of fixing technical debt later on.
You have a simple choice: either take the time to follow excellent software engineering practices now, or spend the next two years telling customers why your system is down again while your competitors take your market share. The companies that last and eventually take over choose quality engineering over random speed. I leave it up to your imagination as to what multi-trillion-dollar company immediately comes to mind.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Analyze the current mix of programs and projects in your portfolio and assess the maturity of your current PPM processes.
Enhance and optimize your portfolio management processes to ensure portfolio criteria are clearly defined and consistently applied across the project lifecycle when making decisions about which projects to include or remove from the portfolio.
Implement your portfolio management improvement initiatives to ensure long-term sustainable adoption of new PPM practices.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Analyze the current mix of the portfolio to determine how to better organize it according to organizational goals and constraints.
Assess which PPM processes need to be enhanced to better organize the portfolio.
An analysis of the existing portfolio of projects (highlighting areas of concern).
An analysis of the maturity of current PPM processes and their ability to support the maintenance of an organized portfolio.
1.1 Pre-work: Prepare a complete project list.
1.2 Define existing portfolio categories, criteria, and targets.
1.3 Analyze the current portfolio mix.
1.4 Identify areas of concern with current portfolio mix.
1.5 Review the six COBIT sub-processes for portfolio management (APO05.01-06).
1.6 Assess the degree to which these sub-processes have been currently achieved at the organization.
1.7 Assess the degree to which portfolio-supporting IT governance and management processes exist.
1.8 Perform a gap analysis.
Analysis of the current portfolio mix
Assessment of COBIT alignment and gap analysis.
Define clear and usable portfolio criteria.
Record/design portfolio management processes that will support the consistent use of portfolio criteria at all stages of the project lifecycle.
Clearly defined and usable portfolio criteria.
A portfolio management framework that supports the consistent use of the portfolio criteria across all stages of the project lifecycle.
2.1 Identify determinants of the portfolio mix, criteria, and constraints.
2.2 Define the target mix, portfolio criteria, and portfolio metrics.
2.3 Identify sources of funding and resourcing.
2.4 Review and record the portfolio criteria based upon the goals and constraints.
2.5 Create a PPM improvement roadmap.
Portfolio criteria
Portfolio metrics for intake, monitoring, closure, termination, reprioritization, and benefits tracking
Portfolio Management Improvement Roadmap
Ensure that the portfolio criteria are used to guide decision making at each stage of the project lifecycle when making decisions about which projects to include or remove from the portfolio.
Processes that support decision making based upon the portfolio criteria.
Processes that ensure the portfolio remains consistently organized according to the portfolio criteria.
3.1 Ensure that the metrics used for each sub-process are based upon the standard portfolio criteria.
3.2 Establish the roles, accountabilities, and responsibilities for each sub-process needing improvement.
3.3 Outline the workflow for each sub-process needing improvement.
A RACI chart for each sub-process
A workflow for each sub-process
Ensure that the portfolio management improvement initiatives are sustainably adopted in the long term.
Stakeholder engagement.
Sustainable long-term adoption of the improved portfolio management practices.
4.1 Conduct a change impact analysis.
4.2 Create a stakeholder engagement plan.
Change Impact Analysis
Stakeholder Engagement Plan
Completed Portfolio Management SOP
A good negotiation process can help:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Throughout this phase, the 12 steps for negotiation preparation are identified and reviewed.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Improve negotiation preparation.
Understand how to use the Info-Tech Before Negotiating Tool.
A scalable framework for negotiation preparation will be created.
The Before Negotiating Tool will be configured for the customer’s environment.
1.1 Establish specific negotiation goals and ranges.
1.2 Identify and assess alternatives to a negotiated agreement.
1.3 Identify and evaluate assumptions made by the parties.
1.4 Conduct research.
1.5 Identify and evaluate relationship issues.
1.6 Identify and leverage the team structure.
1.7 Identify and address leverage issues.
1.8 Evaluate timeline considerations.
1.9 Create a strategy.
1.10 Draft a negotiation agenda.
1.11 Draft and answer questions.
1.12 Rehearse (informal and formal).
Sample negotiation goals and ranges will be generated via a case study to demonstrate the concepts and how to use the Before Negotiating Tool (this will apply to each Planned Activity)
Sample alternatives will be generated
Sample assumptions will be generated
Sample research will be generated
Sample relationship issues will be generated
Sample teams will be generated
Sample leverage items will be generated
Sample timeline issues will be generated
A sample strategy will be generated
A sample negotiation agenda will be generated
Sample questions and answers will be generated
Sample rehearsals will be conducted
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Complete three unique assessments to define the ideal security architecture maturity for your organization.
Use the results of the assessments from Phase 1 of this research to create a roadmap for improving the security program.
During peak business hours, I witnessed a straightforward database field addition bring down a whole e-commerce platform. It was meant to be standard procedure, the type of “standard change” that is automatically approved because we have performed it innumerable times.
Adding a field to the end of a table and having applications retrieve data by field name instead of position made the change itself textbook low-impact. There is no need to alter the application or the functional flow. This could have been problematic in the past if you added a field in the middle of the list and it affected the values of other fields, but adding it at the end? That ought to have been impenetrable.
However, it wasn't.
Before I tell you what went wrong, let me explain why this is important to all of the IT professionals who are reading this.
Over the past three decades, industry data has repeatedly supported what this incident taught me: our presumptions about “safe” changes are frequently our greatest weakness. Upon reviewing the ITIL research, I was not surprised to learn that failed changes, many of which were categorized as “standard” or “low-risk,” are responsible for about 80% of unplanned outages.
When you look more closely, the numbers become even more concerning. Since I've been following the Ponemon Institute's work for years, I wasn't surprised to learn that companies with well-established change management procedures have 65% fewer unscheduled outages. The paradox surprised me: many of these “mature” procedures still operate under the premise that safety correlates with repetition.
What I had been observing in the field for decades was confirmed when Gartner released their research showing that standard changes are responsible for almost 40% of change-related incidents. The very changes we consider safe enough to avoid thorough review subtly create some of our greatest risks. IBM's analysis supports the pattern I've seen in innumerable organizations: standard changes cause three times as much business disruption due to their volume and our decreased vigilance around them, whereas emergency changes receive all the attention and scrutiny.
Aberdeen Group data indicates that the average cost of an unplanned outage has increased to $300,000 per hour, with change-related failures accounting for the largest category of preventable incidents. This data makes the financial reality stark.
What precisely went wrong with the addition of that database field that caused our e-commerce platform to crash?
We were unaware that the addition of this one field would cause the database to surpass an internal threshold, necessitating a thorough examination of its execution strategy. In its algorithmic wisdom, the database engine determined that the table structure had changed enough to necessitate rebuilding its access and retrieval mechanisms. Our applications relied on high-speed requests, and the new execution plan was terribly unoptimized for them.
Instead of completing quotes or purchases, customers were spending minutes viewing error pages. All applications began to time out while they awaited data that just wasn't showing up in the anticipated amounts of time. Thousands of transactions were impacted by a single extra field that should have been invisible to the application layer.
The field addition itself was not the primary cause. We assumed that since we had made similar adjustments dozens of times previously, this one would also act in the same way. Without taking into account the hidden complexities of database optimization thresholds, we had categorized it as a standard change based on superficial similarities.
My approach to standard changes was completely altered by this experience, and it is now even more applicable in DevOps-driven environments. Many organizations use pipeline deployments, which produce a standard change at runtime. It's great for speed and reliability, but it can easily fall into the same trap.
However, I have witnessed pipeline deployments result in significant incidents for non-code-related reasons. Due to timing, resource contention, or environmental differences that weren't noticeable in earlier runs, a deployment that performed flawlessly in development and staging abruptly fails in production. Although the automation boosts our confidence, it may also reveal blind spots.
Over the course of thirty years, I have come to the unsettling realization that there is no such thing as a truly routine change in complex systems. Every modification takes place in a slightly different setting, with varying environmental factors, data states, and system loads. What we refer to as “standard changes” are actually merely modifications with comparable processes rather than risk profiles.
For this reason, I support contextual change management. We must consider the system state, timing, dependencies, and cumulative effect of recent changes rather than just categorizing them based on their technical features. After three other changes have changed the system's behavior patterns, a change made at two in the morning on a Sunday with little system load is actually different from the same change made during peak business hours.
Effective change advisory boards must therefore go beyond assessing individual changes separately. I've worked with organizations where the change board carefully considered and approved each modification on its own merits, only to find that the cumulative effect of seemingly unrelated changes led to unexpected interactions and stress on the system. The most developed change management procedures I've come across mandate that their advisory boards take a step back and look at the whole change portfolio over a specified period of time. They inquire whether we are altering the database too frequently during a single maintenance window. Could there be unanticipated interactions between these three different application updates? What is the total resource impact of this week's approved changes?
It's the distinction between forest management and tree management. While each change may seem logical individually, when combined, they can create situations beyond the scope of any single change assessment.
Having worked in this field for thirty years, I've come to the conclusion that our greatest confidences frequently conceal our greatest vulnerabilities. Our primary blind spots frequently arise from the changes we've made a hundred times before, the procedures we've automated and standardized, and the adjustments we've labeled as “routine.”
Whether we should slow down our deployment pipelines or stop using standard changes is not the question. In the current competitive environment, speed and efficiency are crucial. The issue is whether we are posing the appropriate queries before carrying them out. Are we taking into account not only what the change accomplishes but also when it occurs, what else is changing at the same time, and how our systems actually look right now?
I've discovered that the phrase “we've done this before” is more dangerous in IT operations than “what could go wrong?” Because, despite what we may believe, we never actually perform the same action twice in complex systems.
Here is what I would like you to think about: which everyday modifications are subtly putting your surroundings at risk? Which procedures have you standardized or automated to the extent that you no longer challenge their presumptions? Most importantly, when was the last time your change advisory board examined your changes as a cohesive portfolio of system modifications rather than as discrete items on a checklist?
Remember that simple addition to a database field the next time you're tempted to accept a standard change. The most unexpected outcomes can occasionally result from the most routine adjustments.
I'm always up for a conversation if you want to talk about your difficulties with change management.
Today, we're talking about a concept that’s both incredibly simple and dangerously overlooked: the single point of failure, or SPOF for short.
Imagine you’ve built an impenetrable fortress. It has high walls, a deep moat, and strong gates. But the entire fortress can only be accessed through a single wooden bridge. That bridge is your single point of failure. If it collapses or is destroyed, your magnificent fortress is completely cut off. It doesn't matter how strong the rest of it is; that one weak link renders the entire system useless.
In your work, your team, and your processes and technology, these single bridges are everywhere. A SPOF is any part of a system that, if it stops working, will cause the entire system to shut down. It’s the one critical component, the one indispensable person, or the one vital process that everything else depends on.
When you identify and fix these weak points you aren't being pessimistic; you're fixing the very foundation of something that can withstand shocks and surprises. It’s about creating truly resilient systems and teams, not just seemingly strong ones. So, let’s explore where these risks hide and what you can do about them.
For those of you who know me, saying something like this feels at odds with who I am. And yet, it's one of the most common and riskiest areas in any organization. Human single points of failure don't happen because of malicious intent. They typically grow out of good intentions, hard work, and necessity. But the result is the same: a fragile system completely dependent on an individual.
We all know a colleague like this. The “hero” is the one person who has all the answers. When a critical system goes down at 3 AM, they're the only one who can fix it. They understand the labyrinthine codebase nobody else dares to touch. They have the historical context for every major decision made in the last decade. On the surface, this person is invaluable. Management loves them because they solve problems. The team relies on them because they’re a walking encyclopedia.
But here’s the inconvenient truth: your hero is your biggest liability.
This isn’t their fault. They likely became the hero by stepping up when no one else would or could. The hero may actually feel like they are the only ones qualified to handle the issue because “management” does not take the necessary actions to train other people. Or “management” places other priorities. Be aware, this is a perception thing. The manager is very likely to be very concerned about the well-being of their employee. (I'm taking "black companies", akin to black sites, out of the equation for a moment and concentrating on generally healthy workplaces.) The hero will likely feel a strong bond to their environment. Also, every hero is different. There is a single point of failure, but not a single type of person. Every person has a different driver.
I watched a YouTube video by a famous entrepreneur the other day. And she said something that triggered a response in me, because it sows the seeds of the hero. She said, Would you rather have an employee who just fixes it, handles it, and deals with it? Or an employee that talks about it? Obviously, the large majority will take the person behind door number 1. I would too. But then you need to step up as a manager, as an owner, as an executive, and enforce knowledge sharing.
If you channel all critical knowledge and capabilities through one person, if you let this person become your go-to specialist for everything, you've created a massive SPOF. What happens when your hero gets sick, takes a well deserved two week vacation to a place with no internet, or leaves the company for a new opportunity? The system grinds to a halt. A minor issue becomes a major crisis because the only person who can fix it is unavailable.
This overreliance doesn't just create a risk; it stifles growth. Other team members don't get the opportunity to learn and develop new skills because the hero is always there to swoop in and save the day. The answer? I guess that depends on your situation and what your ability is to keep this person happy without alienating the rest of the team. The answer may lie in the options discussed later in the article around KPIs.
A step beyond the individual hero is the team that acts as a collective SPOF. This is the team that “protects” its know how. They might use complex, undocumented tools, speak in a language of acronyms only they understand, or resist any attempts to standardize their processes. They've built a silo around their work, making themselves indispensable as a unit.
Unlike the hero, this often comes from a place of perceived self preservation. If they are the only ones who understand how something works, their jobs are secure, right? But this behavior is incredibly damaging to the organization's resilience. Not to mention that it is just plain wrong. The team becomes inundated with requests for new features, but also for help in solving incidents. The result in numerous instances is that the team succeeds in neither. Next the manager is called to the senior management because the business is complaining that things don't progress as expected.
This team thus has become a bottleneck. Any other team that needs to interact with their system is completely at their mercy. Progress slows to a crawl, dependent on their availability and willingness to cooperate. Preservation has turned into survival.
The real root cause at the heart of both the hero and the knowledge hoarding team is a failure of knowledge management. When information isn't shared, documented, and made accessible, you are actively choosing to create single points of failure. We'll dive deeper into building a robust knowledge sharing culture in a future article, but for now, recognize that knowledge kept in one person's or team's head is a disaster waiting to happen.
People aren't the only source of fragility. The way you build and manage your technology stacks can easily create critical SPOFs that leave you vulnerable. These are often less obvious at first, but they can cause dangerous failures when they finally break.
Let's start with the most straightforward technical SPOF: the single node setup. Imagine you have a critical application like maybe your company's main website or an internal database. If you run that entire application on one single server (a single “node”), you've created a classic SPOF.
It’s like a restaurant with only one chef. If that chef goes home, the kitchen closes. It doesn't matter how many waiters or tables you have. If that single server experiences a hardware failure, a software crash, or even just needs to be rebooted for an update, your entire service goes offline. There is no failover. The service is simply down until that one machine is fixed, patched or rebooted.
You need to set up your systems so that when one node goes down, the other takes over. This is not just something for large enterprises. SMEs must do the same. I've had numerous calls from business owners who did something to their web server or system and now “it doesn't work!” Not only are they down, now they have to call me and I then must arrange for subject matter experts to fix it immediately. Typically at a cost much larger than if they had set up their system with active, warm or even cold standbys.
Another major risk comes from an overreliance on closed, proprietary technologies. This happens when you build a core part of your business on a piece of software or hardware that you don't control and can't inspect. It’s a “black box.” You know what it’s supposed to do, but you have no idea how it does it, and you can’t fix it if it breaks. When something goes wrong, you are completely at the mercy of the company that created it. You have to submit a support ticket and wait.
This is actually relatable to the next chapter, please follow along and take the advice there.
Closely related to closed technology is the concept of vendor lock-in. This is a subtle but powerful SPOF. It happens when you become so deeply integrated with a single vendor's ecosystem that the cost and effort of switching to a competitor are impossibly high. Your vendor effectively becomes a strategic single point of failure. Your ability to innovate, control costs, and pivot your strategy is now tied to the decisions of another company.
This may even run afoul of legal standards. In Europe, we have the DORA and NIS2 regulations. DORA specifically mandates that companies have exit plans for their systems, starting with their critical and important functions. Functions refers to business services, to be clear.
But we get there so easily. The native functions of AWS, Azure and Google Cloud, just to name a few, are very enticing to use. They offer convenience, low code, and performance on tap. It's just that, once you integrate deeply with them, you are taken, hook, line, and sinker. And then you have people like me, or worse, your regulator, who demands “What is your exit plan?”
Identifying your single points of failure is the first step. The real work is in systematically eliminating them. This isn't about a single, massive project; it's about building new habits and principles into your daily work. Here's a playbook I think you can start using today.
The cure for depending on one person is to create a culture where knowledge is fluid and shared by default. Your goal is to move from individual heroics to collective resilience.
Mandate real vacations. This might sound strange, but one of the best ways to reveal and fix a “hero” problem is to make sure your hero takes a real, disconnected vacation. This isn't a punishment; it's a benefit to them and a necessary stress test for the team. It forces others to step up and document their processes in preparation. The first time will be painful, but it gets easier each time as the team builds its own knowledge.
Adopt the “teach, don't just do” rule. Coach your senior experts to see their role as multipliers. When someone asks them a question, their first instinct should be to show, not just to do. This can be a five minute screen sharing session, grabbing a colleague to pair program on a fix, or taking ten minutes to write down the answer in a shared knowledge base so it never has to be asked again.
Many companies have knowledge sharing solutions in place. Take a moment to actually use them. Prepare for when new people come into the company. Have a place where they can get into the groove and learn the heart beat of the company. There is a reason why the Madonna song is so captivating to so many people. Getting into the groove elevates you. And the same thing happens in your company.
Rotate responsibilities and run "game days". Actively move people around. Let a developer handle support tickets for a week to understand common customer issues. Have your infrastructure expert sit with the product team. Also, create “game days” where you simulate a crisis. For example: "Okay team, our lead developer is 'on vacation' today. Let's practice a full deployment without them.” This makes learning safe and proactive.
Celebrate team success, not individual firefighting. Shift your praise and recognition. Instead of publicly thanking a single person for working all night to resolve a problem, celebrate the team that built a system so resilient it didn't break in the first place. Reward the team that wrote excellent documentation that allowed a junior member to solve a complex issue. Culture follows what you celebrate. At the same time, if the team does not pony up, definitely praise the person and follow up with the team to fix this.
Host internal demos and tech talks. Create a regular, informal forum where people can share what they're working on. This could be a “brown bag lunch” session or a Friday afternoon demo. It demystifies what other teams are doing, breaks down silos, and encourages people to ask questions in a low pressure environment.
Remunerate sharing. Make sharing knowledge a bonus-eligible key performance indicator. The more sharing an expert does, with their peers acknowledging this, the more the expert earns. You can easily incorporate this into your peer feedback system.
Run DRP exercises without your top engineers: This is taking a leap of faith, and I would never recommend this until all of the above are in place and proven.
The core principle here is to assume failure will happen and to design for it. A resilient system isn't one where parts never fail, but one where the system as a whole keeps working even when they do.
Embrace the rule of three. This is a simple but powerful guideline. For critical data, aim to have three copies on two different types of media, with one copy stored off-site (or in a different cloud region). For critical services, aim for at least three instances running in different availability zones. This simple rule protects you from a wide range of common failures.
Automate everything you can. Every manual process is a potential SPOF. It relies on a person remembering a series of steps perfectly, often under pressure. Automate your testing, your deployments, your server setup, and your backup procedures. Scripts are consistent and repeatable; tired humans at 3 AM are not.
Use health checks and smart monitoring. It's not enough to have a backup server; you need to know that it's healthy and ready to take over. Implement automated health checks that constantly monitor your primary and redundant systems. Your monitoring should alert you the moment a backup component fails, not just when the primary one does.
Practice chaos engineering. Don't wait for a real failure to test your resilience. Intentionally introduce failures in a controlled environment. This is known as chaos engineering. Start small. What happens if you turn off a non-critical service during work hours? Does the system handle it gracefully? Does the team know how to respond? This turns a potential crisis into a planned, educational drill.
Your resilience also depends on the choices you make about the technology and partners you rely on. The goal is to maintain control over your destiny.
Build abstraction layers. Instead of having your application code talk directly to a specific vendor's service, create an intermediary layer that you control. This “abstraction layer” acts as a buffer. If you ever need to switch vendors, you only have to update your abstraction layer, not your entire application. It’s more work up front but gives you immense flexibility later.
Make “ease of exit” a key requirement. When you evaluate a new technology or vendor, make portability a primary concern. Ask tough questions: How do we get our data out? What is the process for migrating to a competitor? Is the technology based on open standards? Run a small proof of concept to test how hard it would be to leave before you commit fully.
Consider a multi-vendor strategy. For your most critical dependencies, like cloud hosting, avoid going all in on a single provider if you can. Using services from two or more vendors is an advanced strategy, but it provides the ultimate protection against a massive, platform wide outage or unfavorable changes in pricing or terms.
You will never be “ready.” Building resilience by eliminating single points of failure isn't a one time project you can check off a list. It’s a continuous process. New SPOFs will emerge as your systems evolve, people change roles, and your business grows.
The key is to make this thinking a part of your culture. Make “What's the bus factor for this project?” a regular question in your planning meetings. Make redundancy and documentation a non negotiable requirement for new systems. By constantly looking for the one thing that can bring everything down, you can build teams and technology that don't just survive shocks—they eat them for breakfast.
At Info-Tech, we take pride in our research and have established the most rigorous publication standards in the industry. However, we understand that engaging with all our analysts to gauge the future may not always be possible. Hence, we have curated some compelling recently published research along with forthcoming research insights to assist you in navigating the next quarter.
We offer a quarterly Research Agenda Outcomes deck that thoroughly summarizes our recently published research, supplying decision makers with valuable insights and best practices to make informed and effective decisions. Our research is supported by our team of seasoned analysts with decades of experience in the IT industry.
By leveraging our research, you can stay updated with the latest trends and technologies, giving you an edge over the competition and ensuring the optimal performance of your IT department. This way, you can make confident decisions that lead to remarkable success and improved outcomes.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
A guide to our top research published to date for 2023 (Q2/Q3).
Gord Harrison
Head of Research & Advisory
Info-Tech Research Group
Generative AI is here, and it's time to find its best uses – systematically and responsibly.
Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.
If integrated risk is your destination, your IT risk taxonomy is the road to get you there.
Beyond the hype: How it can help you become more customer-focused?
Generative AI is here, and it's time to find its best uses – systematically and responsibly.
Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.
Make relationship management a daily habit with a personalized action plan.
Spend less time struggling with visuals and more time communicating about what matters to your executives.
Your implementation doesn't start with technology but with an effective plan that the team can align on.
As you scale your business automations, focus on what matters most.
Agile and requirements management are complementary, not competitors.
Adapt to changes in the cyber insurance market.
Focus first on business value.
Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.
AI prominence across the enterprise value chain.
Bans aren't the answer, but what is?
Business capability maps, value streams, and strategy maps for the wholesale industry.
A strategy for modernizing mainframe systems to meet the needs of modern retail banking.
Building upon the collective wisdom for the art of the possible.
CIO
Strategy & Governance
Bill Wong
Principal Research Director
Download this research or book an analyst call on this topic
CIO
Strategy & Governance
Brian Jackson
Principal Research Director
Download this report or book an analyst call on this topic
CIO
Strategy & Governance
Donna Bales
Principal Research Director
Download this research or book an analyst call on this topic
CIO
Strategy & Governance
Manish Jain
Principal Research Director
Download this research or book an analyst call on this topic
CIO
People & Leadership
Brittany Lutes
Research Director
Diana MacPherson
Senior Research Analyst
Download this research or book an analyst call on this topic
CIO
People & Leadership
Jane Kouptsova
Research Director
Download this research or book an analyst call on this topic
CIO
Value & Performance
Mike Tweedle
Practice Lead
Download this research or book an analyst call on this topic
CIO
Value & Performance
Diana MacPherson
Senior Research Analyst
Download this research or book an analyst call on this topic
Applications
Business Processes
Ricardo de Oliveira
Research Director
Download this research or book an analyst call on this topic
Applications
Business Processes
Andrew Kum-Seun
Research Director
Download this research or book an analyst call on this topic
Applications
Application Development
Vincent Mirabelli
Principal Research Director
Download this research or book an analyst call on this topic
Security
Security Risk, Strategy & Governance
Logan Rohde
Senior Research Analyst
Download this research or book an analyst call on this topic
Security
Security Risk, Strategy & Governance
Michel Hébert
Research Director
Download this research or book an analyst call on this topic
Infrastructure & Operations
I&O Process Management
Andrew Sharp
Research Director
Download this research or book an analyst call on this topic
Industry Coverage
Retail
Rahul Jaiswal
Principal Research Director
Download this research or book an analyst call on this topic
Industry Coverage
Education
Mark Maby
Research Director
Download this research or book an analyst call on this topic
Industry Coverage
Wholesale
Rahul Jaiswal
Principal Research Director
Download this research or book an analyst call on this topic
Industry Coverage
Retail Banking
David Tomljenovic
Principal Research Director
Download this research or book an analyst call on this topic
Industry Coverage
Utilities
Jing Wu
Principal Research Director
Download this research or book an analyst call on this topic
Gord Harrison
Head of Research & Advisory
Info-Tech Research Group
Gord Harrison
Head of Research & Advisory
Info-Tech Research Group
Jack Hakimian
Senior Vice President
Research Development
Aaron Shum
Vice President
Security & Privacy Research
Larry Fretz
Vice President
Industry Research
Mark Tauschek
Vice President
Research Fellowships
Tom Zehren
Chief Product Officer
Rick Pittman
Vice President
Advisory Quality & Delivery
Nora Fisher
Vice President
Shared Services
Becca Mackey
Vice President
Workshops
Geoff Nielson
Senior Vice President
Global Services & Delivery
Brett Rugroden
Senior Vice President
Global Market Programs
Hannes Scheidegger
Senior Vice President
Global Public Sector
Info-Tech Research Group produces unbiased and highly relevant research to help leaders make strategic, timely, and well-informed decisions. We partner closely with your teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for the organization.
Our world-class leadership team is continually focused on building disruptive research and products that drive measurable results and save money.
Our team of experts is composed of the optimal mix of former CIOs, CISOs, PMOs, and other IT leaders and IT and management consultants as well as academic researchers and statisticians.
We enable over 30,000 members to share their insights and best practices that you can use by having direct access to over 100 analysts as an extension of your team.
Contact
Jack Hakimian
jhakimian@infotech.com
We interview hundreds of experts and practitioners to help ensure our research is practical and focused on key member challenges.
For information on Info-Tech's products and services and to participate in our research process, please contact:
Jack Hakimian
jhakimian@infotech.com
Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build your IT steering committee charter using results from the stakeholder survey.
Define your high level steering committee processes using SIPOC, and select your steering committee metrics.
Customize Info-Tech’s stakeholder presentation template to gain buy-in from your key IT steering committee stakeholders.
Build the new project intake and prioritization process for your new IT steering committee.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Lay the foundation for your IT steering committee (ITSC) by surveying your stakeholders and identifying the opportunities and threats to implementing your ITSC.
An understanding of the business environment affecting your future ITSC and identification of strategies for engaging with stakeholders
1.1 Launch stakeholder survey for business leaders.
1.2 Analyze results with an Info-Tech advisor.
1.3 Identify opportunities and threats to successful IT steering committee implementation.
1.4 Develop the fit-for-purpose approach.
Report on business leader governance priorities and awareness
Refined workshop agenda
Define the goals and roles of your IT steering committee.
Plan the responsibilities of your future committee members.
Groundwork for completing the steering committee charter
2.1 Review the role of the IT steering committee.
2.2 Identify IT steering committee goals and objectives.
2.3 Conduct a SWOT analysis on the five governance areas
2.4 Define the key responsibilities of the ITSC.
2.5 Define ITSC participation.
IT steering committee key responsibilities and participants identified
IT steering committee priorities identified
Document the information required to create an effective ITSC Charter.
Create the procedures required for your IT steering committee.
Clearly defined roles and responsibilities for your steering committee
Completed IT Steering Committee Charter document
3.1 Build IT steering committee participant RACI.
3.2 Define your responsibility cadence and agendas.
3.3 Develop IT steering committee procedures.
3.4 Define your IT steering committee purpose statement and goals.
IT steering committee charter: procedures, agenda, and RACI
Defined purpose statement and goals
Define and test your IT steering committee processes.
Get buy-in from your key stakeholders through your stakeholder presentation.
Stakeholder understanding of the purpose and procedures of IT steering committee membership
4.1 Define your high-level IT steering committee processes.
4.2 Conduct scenario testing on key processes, establish ITSC metrics.
4.3 Build your ITSC stakeholder presentation.
4.4 Manage potential objections.
IT steering committee SIPOC maps
Refined stakeholder presentation
5.1 Create prioritization criteria
5.2 Customize the project prioritization tool
5.3 Pilot test the tool
5.4 Define action plan and next steps
IT Steering Committee Project Prioritization Tool
Action plan
Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee. These include:
Effective IT governance critical in driving business satisfaction with IT. Yet 88% of CIOs believe that their governance structure and processes are not effective. The IT steering committee (ITSC) is the heart of the governance body and brings together critical organizational stakeholders to enable effective decision making (Info-Tech Research Group Webinar Survey).
"Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?"
– Martha Heller, President, Heller Search Associates
67% of CIOs/CEOs are misaligned on the target role for IT.
47% of CEOs believe that business goals are going unsupported by IT.
64% of CEOs believe that improvement is required around IT’s understanding of business goals.
28% of business leaders are supporters of their IT departments.
A well devised IT steering committee ensures that core business partners are involved in critical decision making and that decisions are based on business goals – not who shouts the loudest. Leading to faster decision-making time, and better-quality decisions and outcomes.
Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.
The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.
Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.
These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.
IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.
Strategic | IT Steering Committee | |
Tactical | Project Governance Service Governance Risk Governance Information Governance |
IT Management |
Operational | Risk Task Force |
This blueprint focuses exclusively on building the IT steering committee. For more information on IT governance see Info-Tech’s blueprint Tailor an IT Governance Plan to Fit Organizational Needs.
As CIO I find that there is a lack of alignment between business and IT strategies. |
I’ve noticed that projects are thrown over the fence by stakeholders and IT is expected to comply. |
I’ve noticed that IT projects are not meeting target project metrics. |
I’ve struggled with a lack of accountability for decision making, especially by the business. |
I’ve noticed that the business does not understand the full cost of initiatives and projects. |
I don’t have the authority to say “no” when business requests come our way. |
We lack a standardized approach for prioritizing projects. |
IT has a bad reputation within the organization, and I need a way to improve relationships. |
Business partners are unaware of how decisions are made around IT risks. |
Business partners don’t understand the full scope of IT responsibilities. |
There are no SLAs in place and no way to measure stakeholder satisfaction with IT. |
Info-Tech’s IT steering committee development blueprint will provide you with the required tools, templates, and deliverables to implement a right-sized committee that’s effective the first time.
1 | 2 | 3 | 4 |
Build the Steering Committee Charter | Define ITSC Processes | Build the Stakeholder Presentation | Define the Prioritization Criteria |
|
|
|
|
COBIT METRICS | Alignment
|
Accountability
|
Value Generation
|
INFO-TECH METRICS | Survey Metrics:
|
Industry: Consumer Goods
Source: Interview
A newly hired CIO at a large consumer goods company inherited an IT department with low maturity from her predecessor. Satisfaction with IT was very low across all business units, and IT faced a lot of capacity constraints. The business saw IT as a bottleneck or red tape in terms of getting their projects approved and completed.
The previous CIO had established a steering committee for a short time, but it had a poorly established charter that did not involve all of the business units. Also the role and responsibilities of the steering committee were not clearly defined. This led the committee to be bogged down in politics.
Due to the previous issues, the business was wary of being involved in a new steering committee. In order to establish a new steering committee, the new CIO needed to navigate the bad reputation of the previous CIO.
The CIO established a new steering committee engaging senior members of each business unit. The roles of the committee members were clearly established in the new steering committee charter and business stakeholders were informed of the changes through presentations.
The importance of the committee was demonstrated through the new intake and prioritization process for projects. Business stakeholders were impressed with the new process and its transparency and IT was no longer seen as a bottleneck.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Build the Steering Committee Charter | Define ITSC Processes | Build the Stakeholder Presentation | Define the Prioritization Criteria | |
---|---|---|---|---|
Best-Practice Toolkit | 1.1 Survey Your Steering Committee Stakeholders 1.2 Build Your ITSC Charter |
2.1 Build a SIPOC 2.2 Define Your ITSC Process |
3.1 Customize the Stakeholder Presentation | 4.1 Establish your Prioritization Criteria 4.2 Customize the Project Prioritization Tool 4.3 Pilot Test Your New Prioritization Criteria |
Guided Implementations |
|
|
|
|
Onsite Workshop | Module 1: Build a New ITSC Charter |
Module 2: Design Steering Committee Processes |
Module 3: Present the New Steering Committee to Stakeholders |
Module 4: Establish Project Prioritization Criteria |
Phase 1 Results:
|
Phase 2 Results:
|
Phase 3 Results:
|
Phase 4 Results:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
---|---|---|---|---|---|
Activities | Build the IT Steering Committee 1.1 Launch stakeholder survey for business leaders 1.2 Analyze results with an Info-Tech Advisor 1.3 Identify opportunities and threats to successful IT steering committee implementation. 1.4 Develop the fit-for-purpose approach |
Define the ITSC Goals 2.1 Review the role of the IT steering committee 2.2 Identify IT steering committee goals and objectives 2.3 Conduct a SWOT analysis on the five governance areas 2.4 Define the key responsibilities of the ITSC 2.5 Define ITSC participation |
Define the ITSC Charter 3.1 Build IT steering committee participant RACI 3.2 Define your responsibility cadence and agendas 3.3 Develop IT steering committee procedures 3.4 Define your IT steering committee purpose statement and goals |
Define the ITSC Process 4.1 Define your high-level IT steering committee processes 4.2 Conduct scenario testing on key processes, establish ITSC metrics 4.3 Build your ITSC stakeholder presentation 4.4 Manage potential objections |
Define Project Prioritization Criteria 5.1 Create prioritization criteria 5.2 Customize the Project Prioritization Tool 5.3 Pilot test the tool 5.4 Define action plan and next steps |
Deliverables |
|
|
|
|
|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 1: Formalize the Security Policy Program Proposed Time to Completion: 1-2 weeks |
---|
Select Your ITSC Members Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
|
Review Stakeholder Survey Results Review findings with analyst:
Then complete these activities…
With these tools & templates:
|
Finalize the ITSC Charter Finalize phase deliverable:
Then complete these activities…
With these tools & templates:
|
Be exclusive with your IT steering committee membership. Determine committee participation based on committee responsibilities. Select only those who are key decision makers for the activities the committee is responsible for and, wherever possible, keep membership to 5-8 people.
A charter is the organizational mandate that outlines the purpose, scope, and authority of the ITSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.
Start by reviewing Info-Tech’s template. Throughout this section we will help you to tailor its contents.
Committee Purpose: The rationale, benefits of, and overall function of the committee.
Responsibilities: What tasks/decisions the accountable committee is making.
Participation: Who is on the committee
RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.
Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with business units.
Leverage Info-Tech’s IT Steering Committee Stakeholder Surveyand reports to quickly identify business priorities and level of understanding of how decisions are made around the five governance areas.
Use these insights to drive the IT steering committee responsibilities, participation, and communication strategy.
The Stakeholder Survey consists of 17 questions on:
To simplify your data collection and reporting, Info-Tech can launch a web-based survey, compile the report data and assist in the data interpretation through one of our guided implementations.
Also included is a Word document with recommended questions, if you prefer to manage the survey logistics internally.
You get:
So you can:
You get:
So you can:
INPUT
OUTPUT
Materials
Participants
Governance of risk establishes the risk framework, establishes policies and standards, and monitors risks.
Governance of risk ensures that IT is mitigating all relevant risks associated with IT investments, projects, and services.
Governance of the IT portfolio achieves optimum ROI through prioritization, funding, and resourcing.
PPM practices create value if they maximize the throughput of high-value IT projects at the lowest possible cost. They destroy value when they foster needlessly sophisticated and costly processes.
Governance of projects improves the quality and speed of decision making for project issues.
Don’t confuse project governance and management. Governance makes the decisions regarding allocation of funding and resources and reviews the overall project portfolio metrics and process methodology.
Management ensures the project deliverables are completed within the constraints of time, budget, scope, and quality.
Governance of services ensures delivery of a highly reliable set of IT services.
Effective governance of services enables the business to achieve the organization’s goals and strategies through the provision of reliable and cost-effective services.
Governance of information ensures the proper handling of data and information.
Effective governance of information ensures the appropriate classification, retention, confidentiality, integrity, and availability of data in line with the needs of the business.
Note: The bolded responsibilities are the ones that are most common to IT steering committees, and greyed out responsibilities are typical of a larger governance structure. Depending on their level of importance to your organization, you may choose to include the responsibility.
INPUT
OUTPUT
Materials
Participants
The bolded responsibilities are those that are most common to IT steering committees, and responsibilities listed in grey are typical of a larger governance structure.
MUNICIPALITY
EDUCATION
HEALTHCARE
PRIVATE ORGANIZATIONS
INPUT
OUTPUT
Materials
Participants
It is not enough to participate in committee meetings; there needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the committee.
Each committee responsibility should have one person who is accountable, and at least one person who is responsible. This is the best way to ensure that committee work gets done.
An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities. Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity. In this model, accountable means end-to-end accountability for the process.
RESPONSIBLE: The one responsible for getting the job done.
ACCOUNTABLE: Only one person can be accountable for each task.
CONSULTED: Involvement through input of knowledge and information.
INFORMED: Receiving information about process execution and quality.
INPUT
OUTPUT
Materials
Participants
49% of people consider unfocused meetings as the biggest workplace time waster.*
63% of the time meetings do not have prepared agendas.*
80% Reduction of time spent in meetings by following a detailed agenda and starting on time.*
*(Source: http://visual.ly/fail-plan-plan-fail).
A consent agenda is a tool to free up time at meetings by combining previously discussed or simple items into a single item. Items that can be added to the consent agenda are those that are routine, noncontroversial, or provided for information’s sake only. It is expected that participants read this information and, if it is not pulled out, that they are in agreement with the details.
Members have the option to pull items out of the consent agenda for discussion if they have questions. Otherwise these are given no time on the agenda.
Agendas
Procedures:
INPUT
OUTPUT
Materials
Participants
INPUT
OUTPUT
Materials
Participants
Industry: Consumer Goods
Source: Interview
The new CIO at a large consumer goods company had difficulty generating interest in creating a new IT steering committee. The previous CIO had created a steering committee that was poorly organized and did not involve all of the pertinent members. This led to a committee focused on politics that would often devolve into gossip. Also, many members were dissatisfied with the irregular meetings that would often go over their allotted time.
In order to create a new committee, the new CIO needed to dispel the misgivings of the business leadership.
The new CIO decided to build the new steering committee from the ground up in a systematic way.
She collected information from relevant stakeholders about what they know/how they feel about IT and used this information to build a detailed charter.
Using this info she outlined the new steering committee charter and included in it the:
The new steering committee included all the key members of business units, and each member was clear on their roles in the meetings. Meetings were streamlined and effective. The adjustments in the charter and the improvement in meeting quality played a role in improving the satisfaction scores of business leaders with IT by 21%.
1.1
Survey your ITSC stakeholders
Prior to the workshop, Info-Tech’s advisors will work with you to launch the IT Steering Committee Stakeholder Survey to understand business priorities and level of understanding of how decisions are made. Using this data, we will create the IT steering committee responsibilities, participation, and communication strategy.
1.7
Define a participant RACI for each of the responsibilities
The analyst will facilitate several exercises to help you and your stakeholders create an authority matrix. The output will be defined responsibilities and authorities for members.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 2: Define your ITSC Processes Proposed Time to Completion: 2 weeks |
---|
Review SIPOCs and Process Creation Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates: Phase 2 of the Establish an Effective IT Steering Committee blueprint | Finalize the SIPOC Review Draft SIPOC:
Then complete these activities…
With these tools & templates: Phase 2 of the Establish an Effective IT Steering Committee blueprint | Finalize Metrics Finalize phase deliverable:
Then complete these activities…
With these tools & templates: Phase 2 of the Establish an Effective IT Steering Committee blueprint |
Building high-level IT steering committee processes brings your committee to life. Having a clear process will ensure that you have the right information from the right sources so that committees can operate and deliver the appropriate output to the customers who need it.
The IT steering committee is only valuable if members are able to successfully execute on responsibilities.
One of the most common mistakes organizations make is that they build their committee charters and launch into their first meeting. Without defined inputs and outputs, a committee does not have the needed information to be able to effectively execute on responsibilities and is unable to meet its stated goals.
The arrows in this picture represent the flow of information between the IT steering committee, other committees, and IT management.
Building high-level processes will define how that information flows within and between committees and will enable more rapid decision making. Participants will have the information they need to be confident in their decisions.
Strategic | IT Steering Committee | |
Tactical | Project Governance Service Governance Risk Governance Information Governance |
IT Management |
Operational | Risk Task Force |
Info-Tech recommends using SIPOC as a way of defining how the IT steering committee will operate.
Derived from the core methodologies of Six Sigma process management, SIPOC – a model of Suppliers, Inputs, Processes, Outputs, Customers – is one of several tools that organizations can use to build high level processes. SIPOC is especially effective when determining process scope and boundaries and to gain consensus on a process.
By doing so you’ll ensure that:
Remember: Your IT steering committee is not a working committee. Enable effective decision making by ensuring participants have the necessary information and appropriate recommendations from key stakeholders to make decisions.
Supplier | Input |
Who provides the inputs to the governance responsibility. | The documented information, data, or policy required to effectively respond to the responsibility. |
Process | |
In this case this represents the IT steering committee responsibility defined in terms of the activity the ITSC is performing. | |
Output | Customer |
The outcome of the meeting: can be approval, rejection, recommendation, request for additional information, endorsement, etc. | Receiver of the outputs from the committee responsibility. |
For atypical responsibilities:
INPUT
OUTPUT
Materials
Participants
SIPOC: Establish the target investment mix | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: The IT steering committee shall review and approve the target investment mix. | |
Output | Customer |
|
|
SIPOC: Endorse the IT budget | |
Supplier | Input |
CIO |
See Info-Tech’s blueprint IT Budget Presentation |
Process | |
Responsibility: Review the proposed IT budget as defined by the CIO and CFO. |
|
Output | Customer |
|
|
SIPOC: Monitor IT value metrics | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: Review recommendations and either accept or reject recommendations. Refine go-forward metrics. |
|
Output | Customer |
|
|
SIPOC: Evaluate and select programs/projects to fund | |
Supplier | Input |
PMO |
See Info-Tech’s blueprint Grow Your Own PPM Solution |
Process | |
Responsibility: The ITSC will approve the list of projects to fund based on defined prioritization criteria – in line with capacity and IT budget. It is also responsible for identifying the prioritization criteria in line with organizational priorities. |
|
Output | Customer |
|
|
SIPOC: Endorse the IT strategy | |
Supplier | Input |
CIO |
See Info-Tech’s blueprint IT Strategy and Roadmap |
Process | |
Responsibility: Review, understand, and endorse the IT strategy. | |
Output | Customer |
|
|
SIPOC: Monitor project management metrics | |
Supplier | Input |
PMO |
|
Process | |
Responsibility: Review recommendations around PM metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
SIPOC: Approve launch of planned and unplanned project | |
Supplier | Input |
CIO |
See Info-Tech’s Blueprint: Grow Your Own PPM Solution |
Process | |
Responsibility: Review the list of projects and approve the launch or reprioritization of projects. | |
Output | Customer |
|
|
SIPOC: Monitor stakeholder satisfaction with services and other service metrics | |
Supplier | Input |
Service Manager |
|
Process | |
Responsibility: Review recommendations around service metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
SIPOC: Approve plans for new or changed service requirements | |
Supplier | Input |
Service Manager |
|
Process | |
Responsibility: Review IT recommendations, approve changes, and communicate those to staff. |
|
Output | Customer |
|
|
SIPOC: Monitor risk management metrics | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: Review recommendations around risk metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
SIPOC: Review the prioritized list of risks | |
Supplier | Input |
Risk Manager |
|
Process | |
Responsibility: Accept the risk registrar and define any additional action required. | |
Output | Customer |
|
|
SIPOC: Define information lifecycle process ownership | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: Define responsibility and accountability for information lifecycle ownership. |
|
Output | Customer |
|
|
SIPOC: Monitor information lifecycle metrics | |
Supplier | Input |
Information lifecycle owner |
|
Process | |
Responsibility: Review recommendations around information management metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
New Metrics:
INPUT
OUTPUT
Materials
Participants
Industry: Consumer Goods
Source: Interview
"IT steering committee’s reputation greatly improved by clearly defining its process."
One of the major failings of the previous steering committee was its poorly drafted procedures. Members of the committee were unclear on the overall process and the meeting schedule was not well established.
This led to low attendance at the meetings and ineffective meetings overall. Since the meeting procedures weren’t well understood, some members of the leadership team took advantage of this to get their projects pushed through.
The first step the new CIO took was to clearly outline the meeting procedures in her new steering committee charter. The meeting agenda, meeting goals, length of time, and outcomes were outlined, and the stakeholders signed off on their participation.
She also gave the participants a SIPOC, which helped members who were unfamiliar with the process a high-level overview. It also reacquainted previous members with the process and outlined changes to the previous, out-of-date processes.
The participation rate in the committee meetings improved from the previous rate of approximately 40% to 90%. The committee members were much more satisfied with the new process and felt like their contributions were appreciated more than before.
2.1
Define a SIPOC for each of the ITSC responsibilities
Create SIPOCs for each of the governance responsibilities with the help of an Info-Tech advisor.
2.2
Establish the reporting metrics for the ITSC
The analyst will facilitate several exercises to help you and your stakeholders define the reporting metrics for the ITSC.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 3: Build the Stakeholder Presentation Proposed Time to Completion: 1 week |
---|
Customize the Presentation Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates: IT Steering Committee Stakeholder Presentation
| Review and Practice the Presentation Review findings with analyst:
Then complete these activities…
With these tools & templates:
| Review the First ITSC Meeting Finalize phase deliverable:
Then complete these activities…
With these tools & templates: Establish an Effective IT Steering Committee blueprint |
Stakeholder engagement will be critical to your ITSC success, don't just focus on what is changing. Ensure stakeholders know why you are engaging them and how it will help them in their role.
Don’t take on too much in your first IT steering committee meeting. Many participants may not have participated in an IT steering committee before, or some may have had poor experiences in the past.
Use this meeting to explain the role of the IT steering committee and why you are implementing one, and help participants to understand their role in the process.
Quickly customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to explain the goals and benefits of the IT steering committee, and use your own data to make the case for governance.
At the end of the meeting, ask committee members to sign the committee charter to signify their agreement to participate in the IT steering committee.
Review the IT Steering Committee Stakeholder Presentation template. This document should be presented at the first IT steering committee meeting by the assigned Committee Chair.
Customization Options
Overall: Decide if you would like to change the presentation template. You can change the color scheme easily by copying the slides in the presentation deck and pasting them into your company’s standard template. Once you’ve pasted them in, scan through the slides and make any additional changes needed to formatting.
Slide 2-3: Review the text on each of the slides and see if any wording should be changed to better suite your organization.
Slide 4: Review your list of the top 10 challenges and opportunities as defined in section 2 of this blueprint. Document those in the appropriate sections. (Note: be careful that the language is business-facing; challenges and opportunities should be professionally worded.)
Slide 5: Review the language on slide 5 to make any necessary changes to suite your organization. Changes here should be minimal.
INPUT
OUTPUT
Materials
Participants
Customization Options
Slide 6: The goal of this slide is to document and share the names of the participants on the IT steering committee. Document the names in the right-hand side based on your IT Steering Committee Charter.
Slides 7-9:
Slide 10: Review and understand the rollout timeline. Make any changes needed to the timeline.
INPUT
OUTPUT
Materials
Participants
INPUT
Participants
By this point, you should have customized the meeting presentation deck and be ready to meet with your IT steering committee participants.
The meeting should be one hour in duration and completed in person.
Before holding the meeting, identify who you think is going to be most supportive and who will be least. Consider meeting with those individuals independently prior to the group meeting to elicit support or minimize negative impacts on the meeting.
Customize this calendar invite script to invite business partners to participate in the meeting.
Hello [Name],
As you may have heard, we recently went through an exercise to develop an IT steering committee. I’d like to take some time to discuss the results of this work with you, and discuss ways in which we can work together in the future to better enable corporate goals.
The goals of the meeting are:
I look forward to starting this discussion with you and working with you more closely in the future.
Warm regards,
Industry:Consumer Goods
Source: Interview
"CIO gains buy-in from the company by presenting the new committee to its stakeholders."
Communication was one of the biggest steering committee challenges that the new CIO inherited.
Members were resistant to joining/rejoining the committee because of its previous failures. When the new CIO was building the steering committee, she surveyed the members on their knowledge of IT as well as what they felt their role in the committee entailed.
She found that member understanding was lacking and that their knowledge surrounding their roles was very inconsistent.
The CIO dedicated their first steering committee meeting to presenting the results of that survey to align member knowledge.
She outlined the new charter and discussed the roles of each member, the goals of the committee, and the overarching process.
Members of the new committee were now aligned in terms of the steering committee’s goals. Taking time to thoroughly outline the procedures during the first meeting led to much higher member engagement. It also built accountability within the committee since all members were present and all members had the same level of knowledge surrounding the roles of the ITSC.
3.1
Create a presentation for ITSC stakeholders to be presented at the first ITSC meeting
Work with an Info-Tech advisor to customize our IT Steering Committee Stakeholder Presentation template. Use this presentation to gain stakeholder buy-in by making the case for an ITSC.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation : Define the Prioritization Criteria Proposed Time to Completion: 4 weeks |
---|
Discuss Prioritization Criteria Start with an analyst kick-off call:
Then complete these activities...
With these tools & templates: IT Steering Committee Project Prioritization Tool | Customize the IT Steering Committee Project Prioritization Tool Review findings with analyst:
Then complete these activities…
With these tools & templates: IT Steering Committee Project Prioritization Tool | Review Results of the Pilot Test Finalize phase deliverable:
Then complete these activities…
With these tools & templates: IT Steering Committee Project Prioritization Tool |
The steering committee sets and agrees to principles that guide prioritization decisions. The agreed upon principles will affect business unit expectations and justify the deferral of requests that are low priority. In some cases, we have seen the number of requests drop substantially because business units are reluctant to propose initiatives that do not fit high prioritization criteria.
One of the key roles of the IT steering committee is to review and prioritize the portfolio of IT projects.
What is the prioritization based on? Info-Tech recommends selecting four broad criteria with two dimensions under each to evaluate the value of the projects. The criteria are aligned with how the project generates value for the organization and the execution of the project.
What is the role of the steering committee in prioritizing projects? The steering committee is responsible for reviewing project criteria scores and making decisions about where projects rank on the priority list. Planning, resourcing, and project management are the responsibility of the PMO or the project owner.
Info-Tech’s Sample Criteria |
---|
Value Strategic Alignment: How much a project supports the strategic goals of the organization. Customer Satisfaction: The impact of the project on customers and how visible a project will be with customers. Operational Alignment: Whether the project will address operational issues or compliance. |
Execution Financial: Predicted ROI and cost containment strategies. Risk: Involved with not completing projects and strategies to mitigate it. Feasibility: How easy the project is to complete and whether staffing resources exist. |
INPUT
OUTPUT
Materials
Participants
INPUT
OUTPUT
Materials
Participants
Document the prioritization criteria weightings in Info-Tech’s IT Steering Committee Project Prioritization Tool.
Download Info-Tech’s Project Intake and Prioritization Tool.
Rank: Project ranking will dynamically update relative to your portfolio capacity (established in Settings tab) and the Size, Scoring Progress, Remove from Ranking, and Overall Score columns. The projects in green represent top priorities based on these inputs, while yellow projects warrant additional consideration should capacity permit.
Scoring Progress: You will be able to determine some items on the scorecard earlier in the scoring progress (such as strategic and operational alignment). As you fill in scoring columns on the Project Data tab, the Scoring Progress column will dynamically update to track progress.
The Overall Score will update automatically as you complete the scoring columns (refer to Activity 4.2).
Days in Backlog: This column will help with backlog management, automatically tracking the number of days since an item was added to the list based on day added and current date.
INPUT
OUTPUT
Materials
Participants
Projects that are scored but not prioritized will populate the portfolio backlog. Items in the backlog will need to be rescored periodically, as circumstances can change, impacting scores. Factors necessitating rescoring can include:
Score projects using the Project Data tab in Info-Tech’s IT Steering Committee Project Prioritization Tool
Consult these Info-Tech blueprints on project portfolio management to create effective portfolio project management resourcing processes.
Industry: Consumer Goods
Source: Interview
"Clear project intake and prioritization criteria allow for the new committee to make objective priority decisions."
One of the biggest problems that the previous steering committee at the company had was that their project intake and prioritization process was not consistent. Projects were being prioritized based on politics and managers taking advantage of the system.
The procedure was not formalized so there were no objective criteria on which to weigh the value of proposed projects. In addition to poor meeting attendance, this led to the overall process being very inconsistent.
The new CIO, with consultation from the newly formed committee, drafted a set of criteria that focused on the value and execution of their project portfolio. These criteria were included on their intake forms to streamline the rating process.
All of the project scores are now reviewed by the steering committee, and they are able to facilitate the prioritization process more easily.
The objective criteria process also helped to prevent managers from taking advantage of the prioritization process to push self-serving projects through.
This was seen as a contributor to the increase in satisfaction scores for IT, which improved by 12% overall.
The new streamlined process helped to reduce capacity constraints on IT, and it alerted the company to the need for more IT employees to help reduce these constraints further. The IT department was given permission to hire two new additional staff members.
4.1
IT Steering Committee Project Prioritization Tool.">
Define your prioritization criteria and customize our IT Steering Committee Project Prioritization Tool
With the help of Info-Tech advisors, create criteria for determining a project’s priority. Customize the tool to reflect the criteria and their weighting. Run pilot tests of the tool to verify the criteria and enter your current project portfolio.
Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.
The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.
Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.
These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.
IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.
Strategic | IT Steering Committee | |
Tactical | Project Governance Service Governance Risk Governance Information Governance | IT Management |
Operational | Risk Task Force |
This blueprint focuses exclusively on building the IT Steering committee. For more information on IT governance see Info-Tech’s related blueprint: Tailor an IT Governance Plan to Fit Organizational Needs.
By bucketing responsibilities into these areas, you’ll be able to account for most key IT decisions and help the business to understand their role in governance, fostering ownership and joint accountability.
The five governance areas are:
Governance of the IT Portfolio and Investments: Ensures that funding and resources are systematically allocated to the priority projects that deliver value.
Governance of Projects: Ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.
Governance of Risks: Ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.
Governance of Services: Ensures that IT delivers the required services at the acceptable performance levels.
Governance of Information and Data: Ensures the appropriate classification and retention of data based on business need.
Overall, survey respondents indicated a lack of understanding about how decisions are made around risk, services, projects, and investments, and that business involvement in decision making was too minimal.
72% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).
62% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).
70% of stakeholders do not understand how decisions around projects selection, success, and changes are made.
78% of stakeholders do not understand how decisions around risk are made
67% of stakeholders believe they do understand how decisions around information (data) retention and classification are made.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.
This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.
This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.
This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.
Small businesses are often challenged by the growth and complexity of their vendor ecosystem, including the degree to which the vendors control them. Vendors are increasing, obtaining more and more budget dollars, while funding for staff or headcount is decreasing as a result of cloud-based applications and an increase in our reliance on Managed Service Providers. Initiating a vendor management initiative (VMI) vs. creating a fully staffed vendor management office will get you started on the path of proactively controlling your vendors instead of consistently operating in a reactionary mode. This blueprint is designed with that very thought: to assist small businesses in creating the essentials of a vendor management initiative.
Steve Jeffery
Principal Research Director, Vendor Management
Info-Tech Research Group
Each year, IT organizations "outsource" tasks, activities, functions, and other items. During 2021:
This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.
As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don't have a VMI to help:
Vendor Management is a proactive, cross-functional lifecycle. It can be broken down into four phases:
The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and sets a solid foundation for its growth and maturity.
Vendor management is not a one-size-fits-all initiative. It must be configured:
Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape.
38% 2021 |
16% 2021 |
47% 2021 |
---|---|---|
Spend on as-a-service providers |
Spend on managed services providers |
IT services merger & acquisition growth (transactions) |
Source: Information Services Group, Inc., 2022.
When organizations execute, renew, or renegotiate a contract, there is an "expected value" associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.
A contract's realized value with and without a vendor management initiative
Source: Based on findings from Geller & Company, 2003.
A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).
Phase 1 - Plan | Phase 2 - Build | Phase 3 - Run | Phase 4 - Review | |
---|---|---|---|---|
Phase Steps |
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities |
2.1 Classification Model 2.2 Risk Assessment Tool 2.3 Scorecards and Feedback 2.4 Business Alignment Meeting Agenda 2.5 Relationship Alignment Document 2.6 Vendor Orientation 2.7 3-Year Roadmap 2.8 90-Day Plan 2.9 Quick Wins2.10 Reports |
3.1 Classify Vendors 3.2 Compile Scorecards 3.3 Conduct Business Alignment Meetings 3.4 Work the 90-Day Plan 3.5 Manage the 3-Year Roadmap 3.6 Develop/Improve Vendor Relationships |
4.1 Incorporate Leading Practices 4.2 Leverage Lessons Learned 4.3 Maintain Internal Alignment |
Phase Outcomes | This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI. | This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan. | This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI. | This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment. |
Vendor management is not "plug and play" – each organization's vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won't look exactly like another organization's. The key is to adapt vendor management principles to fit your needs.
All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization's investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.
Having a solid foundation is critical to the VMI's ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates "informally", starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.
Phase 1 |
Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities |
2.1 Classification Model 2.2 Risk Assessment Tool 2.3 Scorecards and Feedback 2.4 Business Alignment Meeting Agenda 2.5 Relationship Alignment Document 2.6 Vendor Orientation 2.7 3-Year Roadmap 2.8 90-Day Plan 2.9 Quick Wins 2.10 Reports |
3.1 Classify Vendors 3.2 Compile Scorecards 3.3 Conduct Business Alignment Meetings 3.4 Work the 90-Day Plan 3.5 Manage the 3-Year Roadmap 3.6 Develop/Improve Vendor Relationships |
4.1 Incorporate Leading Practices 4.2 Leverage Lessons Learned 4.3 Maintain Internal Alignment |
Phase 1 – Plan focuses on getting organized. Foundational elements (Mission Statement, Goals, Scope, Strengths and Obstacles, Roles and Responsibilities, and Process Mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of starting up your VMI and running it.
Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to "the good stuff." To a certain extent, the process provided here is like building a house. You wouldn't start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.
Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a Mission Statement and Goals. Although this is the easiest way to proceed, it is far from easy.
The Mission Statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The Mission Statement should be no longer than one or two sentences.
The complement to the Mission Statement is the list of goals for the VMI. Your goals should not be a reassertion of your Mission Statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.
Although the VMI's Mission Statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be reevaluated periodically using a SMART filter, and adjusted as needed.
Download the Info-Tech Phase 1 Tools and Templates Compendium
Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn't do, and the answers cannot always be found in the VMI's Mission Statement and Goals.
One component of helping others understand the VMI landscape is formalizing the VMI Scope. The Scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI's territory begins and ends. Ultimately, this will help clarify the VMI's roles and responsibilities, improve workflow, and reduce errant assumptions.
When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work). Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI Scope, and make sure executives and stakeholders are onboard with the final version.
Download the Info-Tech Phase 1 Tools and Templates Compendium
A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.
Your output will be two lists: the strengths associated with the VMI and the obstacles the VMI is facing. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.
The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).
For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).
As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.
Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the VMI's strengths and obstacles.
Be specific to avoid ambiguity and improve clarity.
Go back and forth between strengths and obstacles as needed; it is not necessary to list all the strengths first and then all the obstacles.
It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.
Review the lists to make sure there is enough specificity.
Determine how you will leverage each strength and how you will manage each obstacle.
Use the Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles to document the results.
Obtain signoff on the strengths and obstacles from stakeholders and executives as required.
Download the Info-Tech Phase 1 Tools and Templates Compendium
One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI's Scope referenced in Step 1.2, but additional information is required to avoid stepping on each other's toes; many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or department). While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.
As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* Chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.
This step will lead your through the creation of an OIC* Chart to determine vendor management lifecycle roles and responsibilities. Afterward, you'll be able to say, "Oh, I see clearly who is involved in each part of the process and what their role is."
*RACI – Responsible, Accountable, Consulted, Informed
*RASCI – Responsible, Accountable, Support, Consulted, Informed
*OIC – Owner, Informed, Contributor
To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but don't let the chart get out of hand. For each role and step of the lifecycle, ask whether the entry is necessary; does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps. 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is "negotiate contract documents" sufficient or do you need negotiate the contract and negotiate the renewal? The answer will depend on your culture and environment but be wary of creating a spreadsheet that requires an 85-inch monitor to view it.
After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:
This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.
Download the Info-Tech Phase 1 Tools and Templates Compendium
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities | 2.1 Classification Model 2.2 Risk Assessment Tool 2.3 Scorecards and Feedback 2.4 Business Alignment Meeting Agenda 2.5 Relationship Alignment Document 2.6 Vendor Orientation 2.7 3-Year Roadmap 2.8 90-Day Plan 2.9 Quick Wins 2.10 Reports | 3.1 Classify Vendors 3.2 Compile Scorecards 3.3 Conduct Business Alignment Meetings 3.4 Work the 90-Day Plan 3.5 Manage the 3-Year Roadmap 3.6 Develop/Improve Vendor Relationships | 4.1 Incorporate Leading Practices 4.2 Leverage Lessons Learned 4.3 Maintain Internal Alignment |
Phase 2 – Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug and play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.
During this Phase you'll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you'll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.
One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech's COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.
COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.
The easiest way to think of the COST model is as a 2 x 2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor's classification align with what is important to you and your organization. However, at this point in your VMI's maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get your started, and that is discussed on the activity slide associated with this Step 2.1.
Operational |
Strategic |
---|---|
|
|
Commodity |
Tactical |
|
|
Source: Compiled in part from Guth, Stephen. "Vendor Relationship Management Getting What You Paid for (And More)." 2015.
Download the Info-Tech Phase 2 Vendor Classification Tool
One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and others. However, security risk is the high-profile risk, and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.
Risk management is a program, not a project; there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.
While the VMI won't necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function (see Steps 2.12 and 3.8).
At a minimum, your risk management strategy should involve:
Vendor risk is a fact of life, but you do have options for how to handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.
Download the Info-Tech Phase 2 Vendor Classification Tool
A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.
Conceptually, a scorecard is similar to a school report card. At the end of a learning cycle, you receive feedback on how well you do in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some nuances and additional benefits and objectives when compared to a report card.
Although scorecards can be used in a variety of ways, the focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.
The Info-Tech scorecard includes five areas:
An overall score is calculated based on the rating for each criteria and the measurement category weights.
Scorecards can be used for a variety of reasons. Some of the common ones are:
Identifying and resolving issues before they impact performance or the relationship.
Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out, and containing meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.
Our recommendation of five categories is provided below. Choose three to five of the categories that help you accomplish your scorecard goals and objectives:
Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.
*Source: The Decision Lab, n.d.
After you've built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.
You may be tempted to create a formal scorecard for the vendor to use; avoid that temptation until later in your maturity or development of the VMI. You'll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.
For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful – information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.
Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don't be in a rush; as long as the informal method works, keep using it.
Download the Info-Tech Phase 2 Tools and Templates Compendium
Download the Info-Tech Phase 2 Tools and Templates Compendium
A business alignment meeting (BAM) is a multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional operational meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed, and other purposes are served. For example:
As you build your BAM Agenda, someone in your organization may say, "Oh, that's just a quarterly business review (QBR) or top-to-top meeting." In most instances, an existing QBRs or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, procurement, or another department, "We're going to start running some QBRs for our strategic vendors." The typical response is, "There's no need; we already run QBRs/top-to-top meetings with our important vendors." This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.
As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI's needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.
BAMs are conducted at the vendor level, not the contract level. As a result, the frequency of the BAMs will depend on the vendor's classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:
BAMs can help you achieve some additional benefits not previously mentioned:
As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:
BAM Agenda
Download the Info-Tech Phase 2 Tools and Templates Compendium
Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.3]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other's expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the Relationship Alignment Document (RAD). Depending upon the Scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.
Early in the VMI's maturation, the easiest approach is to develop a short document (1 one page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on:
The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. You may want vendors to know about your gift policy (e.g. employees may not accept vendor gifts above a nominal value, such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website's vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.
The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)
Download the Info-Tech Phase 2 Tools and Templates Compendium
Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and "customers" (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations' VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.
Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:
Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).
To continue the analogy from orientation, debrief is like an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization - all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.
Similar to orientation and reorientation, debrief activities will be based on the vendor's classification category within the COST model. Strategic vendors don't go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.
The debrief should provide you with feedback on the vendor's experience with your organization and their participation in your VMI. Additionally, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.
End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don't burn bridges!
As you create your vendor orientation materials, focus on the message you want to convey.
The level of detail you provide strategic vendors during orientation and reorientation may be different from the information you provide tactical and operational vendors. Commodity vendors are not typically involved in the vendor orientation process. The orientation meetings can be conducted on a one-to-one basis for strategic vendors and a one-to-many basis for operational and tactical vendors; reorientation and debrief are best conducted on a one-to-one basis. Lastly, face-to-face or video meetings work best for vendor orientation; voice-only meetings, recorded videos, or distributing only written materials seldom hit their mark or achieve the desired results.
It focuses on different timelines or horizons (e.g., the past, the present, and the future). Creating a three-year roadmap facilitates the VMI's ability to function effectively across these multiple landscapes.
The VMI roadmap will be influenced by many factors. The work product from Phase 1 – Plan, input from executives, stakeholders, and internal clients, and the direction of the organization are great sources of information as you begin to build your roadmap.
To start, identify what you would like to accomplish in year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won't change during the first year of the VMI, but expectations are usually lower, and the short event horizon makes things more predictable during the year-1 ramp-up period.
Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the year-1 plan into subsequent years and adds to the scope or maturity. For example, you may start year 1 with BAMs and scorecards for three of your strategic vendors; during year 2, you may increase that to five vendors; and during year 3, you may increase that to nine vendors. Or, you may not conduct any market research during year 1, waiting to add it to your roadmap in year 2 or 3 as you mature.
Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.
Download the Info-Tech Phase 2 Tools and Templates Compendium
Now that you have prepared a three-year roadmap, it's time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year.
The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:
Activities.
The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the three-year roadmap and the leadership team, as necessary.
Download the Info-Tech Phase 2 Tools and Templates Compendium
As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.
As you evaluate your list of potential candidates, look for things that:
As you look for quick wins, you may find that everything you identify does not meet the criteria. That's okay; don't force the issue. Return your focus to the 90-day plan and three-year roadmap and update those documents if the brainstorming activity associated with Step 2.9 identified anything new.
Download the Info-Tech Phase 2 Tools and Templates Compendium
Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI's internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.
Before building a report, think about your intended audience:
Use the following guidelines to create reports that will resonate with your audience:
Download the Info-Tech Phase 2 Tools and Templates Compendium
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities | 2.1 Classification Model 2.2 Risk Assessment Tool 2.3 Scorecards and Feedback 2.4 Business Alignment Meeting Agenda 2.5 Relationship Alignment Document 2.6 Vendor Orientation 2.7 3-Year Roadmap 2.8 90-Day Plan 2.9 Quick Wins 2.10 Reports | 3.1 Classify Vendors 3.2 Compile Scorecards 3.3 Conduct Business Alignment Meetings 3.4 Work the 90-Day Plan 3.5 Manage the 3-Year Roadmap 3.6 Develop/Improve Vendor Relationships | 4.1 Incorporate Leading Practices 4.2 Leverage Lessons Learned 4.3 Maintain Internal Alignment |
All the hard work invested in Phase 1 – Plan and Phase 2 – Build begins to pay off in Phase 3 – Run. It's time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There's more hard work ahead, but the foundational elements are in place. This doesn't mean there won't be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.
Phase 3 – Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:
Step 3.1 sets the table for many of the subsequent steps in Phase 3 – Run. The results of your classification process will determine which vendors go through the scorecarding process (Step 3.2); which vendors participate in BAMs (Step 3.3), and which vendors you will devote relationship-building resources to (Step 3.6).
As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.
Additional classification considerations:
As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all your vendors are of equal importance.
Operational | Strategic |
---|---|
|
|
Commodity | Tactical |
|
|
For decades, vendors have used the term "partner" to refer to the relationship they have with their clients and customers. This is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms "partner" and "partnership", let's evaluate them through two more objective, less cynical lenses.
If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.
What about a "business" partnership — one that doesn't involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):
By now you might be thinking, "What's all the fuss? Why does it matter?" At Info-Tech, we've seen firsthand how referring to the vendor as a partner can have the following impact:
Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: be strategic in how you refer to vendors and know the risks.
Begin scoring your top vendors
The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprised of sub-teams where necessary.
The VMI will compile the scores, calculate the final results, and aggregate all the comments into one scorecard. There are two common ways to approach this task:
Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure he right mix of data is provided. For example:
Where one person is contributing exclusively to limited criteria, make it easy for them to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus as a group.
After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.
Make sure your process timeline has a buffer built in. You'll be sending the final scorecard to the vendor three to five days before the BAM, and you'll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other "priorities" will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared, due to things beyond its control.
At their core, BAMs aren't that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs. Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.
Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time you'll add vendors until all your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all your strategic, tactical, and operational vendors.
Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 minutes to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.
Set up a recurring meeting whenever possible. Changes will be inevitable but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won't change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is usually sufficient, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor's leadership team (and maybe yours as well!).
Internal invitees should include those with a vested interest in the vendor's performance and the relationship. Other functional areas may be invited based on need or interest. Be careful the attendee list doesn't get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.
From the vendor's side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the product or service delivery area is a good choice. Bottom line: get as high into the vendor's organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.
Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior, as well.
Decide who will run the meeting. Some customers like to lead, and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.
Make sure the vendor knows what materials they should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don't want the vendor to be caught off guard and unable to discuss a matter of importance to you.
Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor's, not IT's, not Procurement's or Sourcing's. Don't let anyone hijack it.
Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.
Remember, this is not a sales call, and it is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.
Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won't take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn't created in vain.
Keep an eye on the future since it will feed the present
The three-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three "crystal balls" attempting to tell you what the future holds. The vision for year 1 may be clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and year 2 becomes year 1.
To help navigate through the roadmap and maximize its potential, follow these principles:
One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don't happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.
In many respects, the VMI should mirror a vendor's sales organization by establishing relationships at multiple levels within the vendor organizations, not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.
Business relationships are comprised of many components, not all of which must be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities | 2.1 Classification Model 2.2 Risk Assessment Tool 2.3 Scorecards and Feedback 2.4 Business Alignment Meeting Agenda 2.5 Relationship Alignment Document 2.6 Vendor Orientation 2.7 3-Year Roadmap 2.8 90-Day Plan 2.9 Quick Wins 2.10 Reports | 3.1 Classify Vendors 3.2 Compile Scorecards 3.3 Conduct Business Alignment Meetings 3.4 Work the 90-Day Plan 3.5 Manage the 3-Year Roadmap 3.6 Develop/Improve Vendor Relationships | 4.1 Incorporate Leading Practices 4.2 Leverage Lessons Learned 4.3 Maintain Internal Alignment |
As the adage says, "The only thing constant in life is change." This is particularly true for your VMI. It will continue to mature, people inside and outside of the VMI will change, resources will expand or contract from year to year, your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you'll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.
Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person's health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up-to-date and running smoothly takes hard work.
Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.
Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won't happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, not reactive!
The VMI's world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we're looking at you COVID and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.
At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.
Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit in your culture and environment; in other instances, you will elect not to implement them at all (in any form).
There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4 - Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:
Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is deposited in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular input meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics; timeliness of the deposits is a crucial element.
Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes, as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:
The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.
the lessons learned process should be blameless. The goal is to share insightful information, not to reward or punish people based on outcomes or results.
Review the plans of other internal areas to stay in sync
Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI's alignment within the enterprise helps reduce any breakdowns that could derail the organization.
To ensure internal alignment:
Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is it's scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.
Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization's investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.
At the heart of a good VMI is the relationship component. Don't overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.
Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
Prepare for Negotiations More Effectively
Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.
Understand Common IT Contract Provisions to Negotiate More Effectively
Info-Tech's guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.
Capture and Market the ROI of Your VMO
Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech's tools and templates help you account for the contributions made by your VMO.
Slide 5 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.
Slide 6 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.
Slide 7 – Geller & Company. "World-Class Procurement — Increasing Profitability and Quality." Spend Matters. 2003. Web. Accessed 4 Mar. 2019.
Slide 26 – Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print. Protiviti. Enterprise Risk Management. Web. 16 Feb. 2017.
Slide 34 – "Why Do We Perform Better When Someone Has High Expectations of Us?" The Decision Lab. Accessed January 31, 2022.
Slide 56 - Top 10 Tips for Creating Compelling Reports," October 11, 2019, Design Eclectic. Accessed March 29, 2022.
Slide 56 – "Six Tips for Making a Quality Report Appealing and Easy To Skim," Agency for Health Research and Quality. Accessed March 29, 2022.
Slide 56 –Tucker, Davis. Marketing Reporting: Tips to Create Compelling Reports, March 28, 2020, 60 Second Marketer. Accessed March 29, 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the purpose of your committee, determine the capabilities of the committee, and define roles and responsibilities.
Determine how information will flow and the process behind that.
Define your meeting agendas and the procedures to support those meetings. Hold your kick-off meeting. Identify metrics to measure the committee’s success.
"Having your security organization’s steering committee subsumed under the IT steering committee is an anachronistic framework for today’s security challenges. Conflicts in perspective and interest prevent holistic solutions from being reached while the two permanently share a center stage.
At the end of the day, security is about existential risks to the business, not just information technology risk. This focus requires its own set of business considerations, information requirements, and delegated authorities. Without an objective and independent security governance body, organizations are doomed to miss the enterprise-wide nature of their security problems."
– Daniel Black, Research Manager, Security Practice, Info-Tech Research GroupEven though security is a vital consideration of any IT governance program, information security has increasingly become an important component of the business, moving beyond the boundaries of just the IT department.
This requires security to have its own form of steering, beyond the existing IT Steering Committee, that ensures continual alignment of the organization’s security strategy with both IT and business strategy.
Ensuring proper governance over your security program is a complex task that requires ongoing care and feeding from executive management to succeed.
Your ISSC should aim to provide the following core governance functions for your security program:
Creation of an ISSC is deemed the most important governance and oversight practice that a CISO can implement, based on polling of IT security leaders analyzing the evolving role of the CISO.
Relatedly, other key governance practices reported – status updates, upstream communications, and executive-level sponsorship – are within the scope of what organizations traditionally formalize when establishing their ISSC.
83% of organizations have not established formal steering committees to evaluate the business impact and risks associated with security decisions. (Source: 2017 State of Cybersecurity Metrics Report)
70% of organizations have delegated cybersecurity oversight to other existing committees, providing security limited agenda time. (Source: PwC 2017 Annual Corporate Director Survey)
"This is a group of risk managers an institution would bring together to deal with a response anyway. Having them in place to do preventive discussions and formulate policy to mitigate the liability sets and understand compliance obligations is just powerful." (Kirk Bailey, CISO, University of Washington)
Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
1. Define Committee Purpose and Responsibilities |
2. Determine Information Flows, Membership & Accountabilities |
3. Operate the Information Security Steering Committee |
|
![]() Best-Practice Toolkit |
1.1 Tailor Info-Tech’s Information Security Steering Committee Charter Template to define terms of reference for the ISSC 1.2 Conduct a SWOT analysis of your information security governance capabilities 1.3 Identify the responsibilities and duties of the ISSC 1.4 Draft the committee purpose statement of your ISSC |
2.1 Define your SIPOC model for each of the ISSC responsibilities 2.2 Identify committee participants and responsibility cadence 2.3 Define ISSC participant RACI for each of the responsibilities |
3.1 Define the ISSC meeting agendas and procedures 3.2 Define which metrics you will report to the ISSC 3.3 Hold a kick-off meeting with your ISSC members to explain the process, responsibilities, and goals 3.4 Tailor the Information Security Steering Committee Stakeholder Presentation template 3.5 Present the information to the security leadership team 3.6 Schedule your first meeting of the ISSC |
Guided Implementations |
|
|
|
![]() Onsite Workshop |
This blueprint can be combined with other content for onsite engagements, but is not a standalone workshop. | ||
Phase 1 Outcome:
|
Phase 2 Outcome:
|
Phase 3 Outcome:
|
Balance vision with direction. Purpose and responsibilities should be defined so that they encompass your mission and objectives to the enterprise in clear terms, but provide enough detail that you can translate the charter into operational plans for the security team.
A charter is the organizational mandate that outlines the purpose, scope, and authority of the ISSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.
Download the Information Security Steering Committee Charter to customize your organization’s charter
INPUT: Survey outcomes, Governance overview handouts
OUTPUT: SWOT analysis, Top identified challenges and opportunities
INPUT: SWOT analysis, Survey reports
OUTPUT: Defined ISSC responsibilities
Add or modify responsibilities in Info-Tech’s Information Security Steering Committee Charter.
Use the following list of responsibilities to customize the list of responsibilities your ISSC may take on. These should link directly to the Responsibilities and Duties section of your ISSC charter.
Use the following list of responsibilities to customize the list of responsibilities your ISSC may take on. These should link directly to the Responsibilities and Duties section of your ISSC charter.
The ISSC should consistently evolve to reflect the strategic purpose of the security program. If you completed Info-Tech’s Security Strategy methodology, review the results to inform the scope of your committee. If you have not completed Info-Tech’s methodology, determining these details should be achieved through iterative stakeholder consultations.
Strategy Components |
ISSC Considerations |
Security Pressure Analysis |
Review the ten security domains and your organization’s pressure levels to review the requisite maturity level of your security program. Consider how this may impact the focus of your ISSC. |
Security Drivers/Obligations |
Review how your security program supports the attainment of the organization’s business objectives. By what means should the ISSC support these objectives? This should inform the rationale, benefits, and overall function of the committee. |
Security Strategy Scope and Boundaries |
Consider the scope and boundaries of your security program to reflect on what the program is responsible for securing. Is this reflected adequately in the language of the committee’s purpose? Should components be added or redacted? |
INPUT: SWOT Analysis, Security Strategy
OUTPUT: ISSC Committee Purpose
Alter the Committee Purpose section in the Information Security Steering Committee Charter.
Business and IT leaders aiming to build and keep successful teams in 2022 must:
This report includes:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Discover Info-Tech’s 2022 talent trends for IT leaders, which will provide insight into taking a strategic approach to navigate the post-pandemic IT talent landscape.
Over the past two years, organizations have ventured into unprecedented ways of working and supporting their employees, as they tried to maintain productivity through the pandemic. This experiment has made lasting changes to both business models and employee expectations, and these effects will continue to be seen long after we return to a “new normal.”
While the pandemic forced us to work differently for the past two years, looking forward, successful organizations will incorporate new ways of working into their business models – beyond simply having a remote work policy.
How we work, source roles, and develop talent continue to evolve as we navigate a different world with employees being more vocal in their desires, and leaders continue to play a key role.
The IT talent market will never be the same, and organizations must reevaluate their employee experience from the bottom up to successfully weather the shift to the new normal.
Strategic Recruiting Finds Good Talent
Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough. |
The (Not So) Great Resignation
IT is faring better than other functions; however, specific industries need to pay attention. |
Grow Your DEI Practices Into Meaningful Actions
Good intentions are not enough. |
Remote Work Is Here – Can Your Culture Adapt?
The Great Experiment is over. Are leaders equipped to capitalize on its promises? |
Management Skills Drive Success in a Remote World
Despite the need for remote team management training, it is still not happening. |
If 2021 was about beginning to act on employee needs, 2022 will be about strategically examining each trend to ensure that the actions taken by the organization are more than lip service.
Employees have always been able to see through disingenuous attempts to engage them, but in 2022 the stakes are higher due to increased talent mobility.
Trends that were just starting to come into focus last year have established themselves as critical determinants of the employee experience in 2022.
2021 | DEI: A Top Talent Objective | Remote Work Is Here to Stay | Uncertainty Unlocks Performance | A Shift in Skills Priorities | A Greater Emphasis on Wellbeing | ||
![]() | ![]() | ![]() | |||||
2022 | Strategic Recruiting Finds Good Talent Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough. | The (Not So) Great Resignation IT is faring better than other functions; however, specific industries need to pay attention. | Grow Your DEI Practices Into Meaningful Actions Good intentions are not enough. | Remote Work Is Here – Can Your Culture Adapt? The Great Experiment is over. Are leaders equipped to capitalize on its promises? | Management Skills Drive Success in a Remote World Despite the need for remote team management training, it is still not happening. |
Superficial elements of traditional office culture were stripped away by the quick shift to a remote environment, giving employees the opportunity to reevaluate what truly matters to them in a job.
The biggest change from 2019 (pre-pandemic) to today is increases in the importance of culture, flexible/remote work, and work-life balance.
Organizations that fail to keep up with this shift in priorities will see the greatest difficulty in hiring and retaining staff.
2019 | 2021 | ||
Flexible Work | ![]() n=275 |
![]() |
![]() n=206 |
Work-Life Balance | ![]() n=277 |
![]() |
![]() n=206 |
Culture | ![]() n=277 |
![]() |
![]() n=206 |
Source: Info-Tech Talent Trends Survey data collected in 2019 and 2021 | ![]() ![]() ![]() |
IT’s top Talent priorities reflect a post-pandemic focus on optimizing talent to fulfill strategic objectives: | Top challenges for IT departments, by average rank, with 1 being the top priority.
Important |
|
In the 2022 IT Talent Trends Survey, IT departments’ top priorities continue to be learning and innovation in support of organizational objectives. | —› Enabling leaning and development within IT
—› Enabling departmental innovation |
5.01
5.54 |
With employees being clearer and more vocal about their needs than ever before, employee experience has risen to the forefront of IT’s concern as a key enabler of strategic objectives. | —› Providing a great employee experience for IT | 5.66 |
Supporting departmental change | 6.01 | |
With organizations finally on the way to financial stability post pandemic, recruiting is a major focus. | —› Recruiting (e.g. quickly filling vacant roles in IT with quality external talent) | 6.18 |
However, IT’s key efforts are threatened by critical omissions: | Fostering a positive employee relations climate in the department | 6.32 |
Despite a focus on learning and development, leadership skills are not yet a top focus. | —› Developing the organization's IT leaders | 6.33 |
Rapidly moving internal IT employees to staff strategic priorities | 6.96 | |
Facilitating data-driven people decisions within IT | 7.12 | |
Controlling departmental labor costs and maximizing the value of the labor spend | 7.13 | |
Despite the need to provide a great employee experience, the focus on diversity, equity, and inclusion is low. | —› Fostering an environment of diversity, equity, and inclusion in the department | 7.31 |
Despite prioritizing recruiting, IT departments see candidate experience as a last priority, either not focusing on it or relegating it to HR. | —› Providing a great candidate experience for IT candidates | 8.43 |
Above Ground
Focusing on what you see 'Above the line" won't solve the problem. Talent isn't a checklist. |
Strategic Recruiting Finds Good TalentFinding talent in a strained talent market requires a marketing approach. Posting a job description isn't enough.
|
The (Not So) Great ResignationIT is faring better than other functions; however, specific industries need to pay attention.
|
Grow Your DEI Practices Into Meaningful ActionsGood intentions are not enough.
|
Remote Work is Here. Can Your Culture Adapt?The Great Experiment is over. Are you equipped to capitalize on its promises?
|
Management Skills Drive Success in a Remote WorldDespite the need for remote team management training, it is still not happening.
|
![]() |
|||||
Beneath the Surface
For each trend, a strategic approach to get "under the line" will help form your response. Talent needs a holistic approach, as under the line everything is connected. If you are experiencing challenges in one area, analyzing data (e.g. engagement, exit surveys, effectiveness of DEI program and leader training) can help drive overall experience. |
|
|
|
|
|
Solutions
Recommendations depending on your department's maturity level. |
Attention is required for candidate experience underpinned by a realistic employee value proposition. | Gather and review existing data (e.g. early retirements, demographics) to understand your turnover rate. | Use employee engagement tools to gauge employee sentiment among impacted groups and build out an engagement strategy to meet those needs. | Conduct a cultural assessment to reveal hidden biases that may stand in the way of remote work efficacy. | Provide management training on performance management and development coaching. |
Survey timeline = October 2021
Total respondents = 245 IT professionals
![]() |
|||||
01 | United States | 45% | 08 | Middle East | 2% |
02 | Canada | 23% | 09 | Other (Asia) | 2% |
03 | Africa | 8% | 10 | Germany | 1% |
04 | Great Britain | 6% | 11 | India | 1% |
05 | Latin America, South America or Caribbean | 4% | 12 | Netherlands | 1% |
06 | Other (Europe) | 4% | 13 | New Zealand | 1% |
07 | Australia | 2% | (N-245) |
(n=191)
![]() (n=225) |
Innovator – Transforms the Business
Business Partner – Expands the Business
Trusted Operator – Optimizes Business
Firefighter – Supports the Business
Unstable – Struggles to Support
|
Which of the following ethnicities (ethnicity refers to a group with a shared or common identity, culture, and/or language) do you identify with? Select all that apply. | What gender do you identify most with? |
![]() (N=245) |
![]() (n=228) |
What is your sub-department of IT? | Which title best describes your position? |
![]() (n=227) |
![]() (N=245) |
Each trend is introduced with key questions you can ask yourself to see how your department fares in that area.
The report is based on statistics from a survey of 245 of your peers.
It includes recommendations of next steps and a key metric to track your success.
It lists Info-Tech resources that you, as a member, can leverage to begin your journey to improve talent management in your department.
Strategic Recruiting Finds Good Talent
Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough. |
The (Not So) Great Resignation
IT is faring better than other functions; however, specific industries need to pay attention. |
Grow Your DEI Practices Into Meaningful Actions
Good intentions are not enough. |
Remote Work Is Here – Can Your Culture Adapt?
The Great Experiment is over. Are leaders equipped to capitalize on its promises? |
Management Skills Drive Success in a Remote World
Despite the need for remote team management training, it is still not happening. |
The report is based on data gathered from Info-Tech Research Group’s 2022 IT Talent Trends Survey. The data was gathered in September and October of 2021.
As the economy has stabilized, more jobs have become available, creating a job seeker’s market. This is a clear sign of confidence in the economy, however fragile, as new waves of the pandemic continue.
Recruiting tactics are an outcome of a well-defined candidate experience and employee value proposition.
![]() |
During our interviews, members that focused on sharing their culture with a strong employee value proposition were more likely to be successful in hiring their first-choice candidates. |
Questions to ask yourself
|
47% of respondents are hiring external talent to fill existing gaps, with 40% using external training programs to upgrade current employees. (Info-Tech IT Talent Trends 2022 Survey)
In October, the available jobs (in the USA) unexpectedly rose to 11 million, higher than the 10.4 million experts predicted. (CNN Business, 2021)
Talent scarcity is focused in areas with specialized skill sets such as security and architecture that are dynamic and evolving faster than other skill sets.
“It depends on what field you work in,” said ADP chief economist Nela Richardson. “There were labor shortages in those fields pre-pandemic and two years forward, there is even more demand for people with those skills” (CNBC, 19 Nov. 2021).
37% of IT departments are outsourcing roles to fill internal skill shortages. (Info-Tech Talent Trends 2022 Survey)
(Info-Tech Talent Trends 2022 Survey)
This case study is happening in real time. Please check back to learn more as Goddard continues to recruit for the position.
Goddard Space Center is the largest of NASA’s space centers with approximately 11,000 employees. It is currently recruiting for a senior technical role for commercial launches. The position requires consulting and working with external partners and vendors.
NASA is a highly desirable employer due to its strong culture of inclusivity, belonging, teamwork, learning, and growth. Its culture is anchored by a compelling vision, “For the betterment of Humankind,” and amplified by a strong leadership team that actively lives their mission and vision daily.
Firsthand lists NASA as #1 on the 50 most prestigious internships for 2022.
The position is in a rural area of Eastern Shore Virginia with a population of approximately 60,000 people, which translates to a small pool of candidates. Any hire from outside the area will be expected to relocate as the senior technician must be onsite to support launches twice a month. Financial relocation support is not offered and the position is a two-year assignment with the option of extension that could eventually become permanent.
“Looking for a Talent Unicorn; a qualified, experienced candidate with both leadership skills and deep technical expertise that can grow and learn with emerging technologies.”
Steve Thornton
Acting Division Chief, Solutions Division,
Goddard Space Flight Center, NASA
Culture takes the lead in NASA's job postings, which attract a high number of candidates. Postings begin with a link to a short video on working at NASA, its history, and how it lives its vision. The video highlights NASA's diversity of perspectives, career development, and learning opportunities.
NASA's company brand and employer brand are tightly intertwined, providing a consistent view of the organization.
The employer vision is presented in the best place to reach NASA's ideal candidate: usajobs.gov, the official website of the United States Government and the “go-to” for government job listings. NASA also extends its postings to other generic job sites as well as LinkedIn and professional associations.
Interview with Robert Leahy
Chief Information Officer
Goddard Space Flight Center, NASA
Liteshia Dennis,
Office Chief, Headquarter IT Office, Goddard Space Flight Center, NASA
Candidate experience is listed as one of the bottom IT challenges, but without a positive experience, securing the talent you want will be difficult.
Candidate experience starts with articulating your unique culture, benefits, and opportunities for development and innovative work as well as outlining flexible working options within an employer brand. Defining an employee value proposition is key to marketing your roles to potential employees.
81% of respondents' rate culture as very important when considering a potential employer. (Info-Tech IT Talent Trends 2022 Survey)
(Info-Tech IT Talent Trends 2022 Survey)
Info-Tech Research Group is an IT research & advisory firm helping IT leaders make strategic, timely, and well-informed decisions. Our actionable tools and analyst guidance ensure IT organizations achieve measurable results.
The business has grown rapidly over the last couple of years, creating a need to recruit additional talent who were highly skilled in technical applications and approaches.
In response, approval was given to expand headcount within Research for fiscal year 2022 and to establish a plan for continual expansion as revenue continues to grow.
Hiring for our research department requires talent who are typically subject matter experts within their own respective IT domains and interested in and capable of developing research and advising clients through calls and workshops.
This combination of skills, experience, and interest can be challenging to find, especially in an IT labor market that is more competitive than ever.
Interview with Practice Lead Tracy-Lynn Reid
The senior leadership team established a project to focus on recruiting for net-new and open roles. A dedicated resource was assigned and used guidance from our research to enhance our hiring process to reduce time to hire and expand our candidate pool. Senior leaders stayed actively involved to provide feedback.
The hiring process was improved by including panel interviews with interview protocols and a rubric to evaluate all candidates equitably.
The initial screening conversation now includes a discussion on benefits, including remote and flexible work offerings, learning and development budget, support for post-secondary education, and our Buy-a-Book program.
As a result, about 70% of the approved net-new headcount was hired within 12 weeks, with recruitment ongoing.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand your current innovation capabilities and create a mandate for the future of your innovation program.
Assess opportunities for your innovation program on a personnel and project level, and provide direction on how to improve along these dimensions.
Formalize the innovation improvements you identified earlier in the blueprint by mapping them to your IT strategy.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Gather data that will be analyzed in the workshop.
Information gathered with which analysis can be performed.
1.1 Do an inventory of innovations/prototypes underway.
1.2 High-level overview of all existing project charters, and documentation of innovation program.
1.3 Poll working group or key stakeholders in regards to scope of innovation program.
Up-to-date inventory of innovations/prototypes
Document review of innovation program and its results to date
Draft scope of the innovation program and understanding of the timelines
Scope the innovation program and gain buy-in from major stakeholders.
Buy-in from IT steering committee for innovation program improvements.
2.1 Establish or re-affirm values for the program.
2.2 Run an initial assessment of the organization’s innovation potential (macro level).
2.3 Set/reaffirm scope and budget for the program.
2.4 Define or refine goals and outcomes for the program.
2.5 Confirm/re-confirm risk tolerance of organization.
2.6 Update/document innovation program.
2.7 Create presentation to gain support from the IT steering committee.
Innovation program and terms of reference
Presentation on organization innovation program for IT steering committee
Analyze the current performance of the innovation program and identify areas for improvement.
Identify actionable items that can be undertaken in order to improve the performance of the innovation program.
3.1 Assess your level of innovation per innovation project (micro level).
3.2 Update the risk tolerance level of the program.
3.3 Determine if your blend of innovation projects is ideal.
3.4 Re-prioritize your innovation projects (if needed).
3.5 Plan update to IT steering committee.
3.6 Assess positive innovation assessment of team.
3.7 Opportunity analysis of innovation program and team.
Positive innovation assessment
Re-prioritized innovation projects
Updated presentation for IT steering committee
Formalize the innovation program by tying it into the IT strategy.
A formalized innovation program that is closely tied to the IT strategy.
4.1 Update business context in terms of impact on IT implications.
4.2 Update IT strategy in terms of impact and benefits of innovation program.
4.3 Update/create innovation program implementation plan.
4.4 Plan update for IT steering committee.
Updated business context
Updated IT strategy
Innovation implementation plan, including roadmap
Updated presentation given to IT steering committee
Learn and explore the technology and practice initiatives in this report to determine which initiatives should be prioritized in your application strategy and align to your business organizational objectives:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the ambitions of your organization.
Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.
As organizations continue to strengthen business continuity, disaster recovery, and system resilience, activities to simply "keep the lights on" are not enough. Be pragmatic in the prioritization and planning of your applications initiatives, and use your technologies as a foundation for your growth.
Your applications must meet the top business goals of your CXOs
Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.
Applications are critical components in any business strategic plan. They can directly influence an organization's internal and external brand and reputation, such as their:
Therefore, business leaders are continuously looking for innovative ways to better position their application portfolios to satisfy their goals and objectives, i.e. applications priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfy
the different needs of very different customers, stakeholders, and users.
Today's business applications are good but leave room for improvement
72%
Average business application satisfaction score among IT leadership in 1582 organizations.
Source: CIO Business Vision, August 2021 to July 2022, N=190.
In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the Ambitions of your organization.
Easily attainable and insightful measurements to gauge the progress of meeting strategic objectives and goals (KPIs), and the performance of individual teams, practices and processes (metrics).
Gain an accurate understanding and interpretation of stakeholder, end-user, and customer expectations and priorities. These define the success of business products and services considering the priorities of individual business units and teams.
Software delivery and support roles, processes, and tools are collaborative, well equipped and resourced, and optimized to meet changing stakeholder expectations.
Ensuring data is continuously reliable and trustworthy. Data structure and integrations are defined, governed, and monitored.
Complete inventory and rationalization of the product and service portfolio, prioritized backlogs, roadmaps, and clear product and service ownership with good governance. This helps ensure this portfolio is optimized to meet its goals and objectives.
Manage the adoption of new and modified processes and technologies considering reputational, human, and operational concerns.
Continuous monitoring and upkeep of products and services to assure business continuity, and system reliability, robustness and disaster recovery.
A set of principles and standards that guides the consistent, sustainable and scalable growth of enterprise technologies. Changes to the architecture are made in collaboration with affected parties, such as security and infrastructure.
The measures, controls, and tactics at the application layer that prevent vulnerabilities against external and internal threats and ensure compliance to industry and regulatory security frameworks and standards.
Expectations on your applications team have increased, while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.
CIOs agree that at least some improvement is needed across key IT activities
Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.
Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.
While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing.
62% of organizations reported increased working hours, while 80% reported an increase in flexibility.
Source: McLean & Company, 2022; n=394.
Be strategic in how you fill and train key IT skills and capabilities
Source: Harvey Nash Group, 2021; n=2120.
Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.
Only 64% of applications were identified as effective by end users.
Effective applications are identified as at least highly important and have high feature and usability satisfaction.
Source: Application Portfolio Assessment, August 2021 to July 2022; N=315.
"Regardless of the many definitions of modernization floating around, the one characteristic that we should be striving for is to ensure our applications do an outstanding job of supporting the users and the business in the most effective and efficient manner possible."
Source: looksoftware.
"Going digital" reshapes how the business operates and drives value by optimizing how digital and traditional technologies and tactics work together. This shift often presents significant business and technical risks to business processes, enterprise data, applications, and systems which stakeholders and teams are not aware of or prepared to accommodate.
The shift to digital processes is starting, but slowly.
62% of respondents indicated that 1-20% of their processes were digitized during the past year.
Source: Tech Trends and Priorities 2023; N=500
Resistance to change and time/budget constraints are top barriers preventing companies from modernizing their applications.
Source: Konveyor, 2022; n=600.
Enterprise products and services are not used, operated, or branded in isolation. The various parties involved may have competing priorities, which often leads to disagreements on when certain business and technology changes should be made and how resources, budget, and other assets should be allocated. Without a broader product vision, portfolio vision, and roadmap, the various dependent or related products and services will not deliver the same level of value as if they were managed collectively.
55% of CXOs stated some improvement is necessary in activities to understand business goals.
Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.
CXOs are moderately satisfied with IT's performance as a business partner (average score of 69% among all CXOs). This sentiment is similarly felt among CIOs (64%).
Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.
Culture impacts business results, including bottom-line revenue and productivity metrics. Leaders appreciate the impact culture can have on applications initiatives and wish to leverage this. How culture translates from an abstract concept to something that is measurable and actionable is not straightforward. Executives need to clarify how the desired culture will help achieve their applications strategy and need to focus on the items that will have the most impact.
Agile does not solve team culture challenges.
43% of organizations cited organizational culture as a significant barrier to adopting and scaling Agile practices.
Source: Digital.ai, 2021.
"Providing a great employee experience" as the second priority (after recruiting) highlights the emphasis organizations are placing on helping employees adjust after having been forced to change the way work gets done.
Source: McLean & Company, 2022; N=826.
Applications Priorities | |||||
---|---|---|---|---|---|
Digital Experience (DX) | Intelligent Automation | Proactive Application Management | Multisource Systems | Digital Organization as a Platform | |
Attracting and Retaining Talent | Enhance the employee experience | Be transparent and support role changes | Shift focus from maintenance to innovation | Enable business-managed applications | Promote and showcase achievements and successes |
Maximizing the Return on Technology | Modernize or extend the use of existing investments | Automate applications across multiple business functions | Improve the reliability of mission-critical applications | Enhance the functionality of existing applications | Increase visibility of underused applications |
Confidently Shifting to Digital | Prioritize DX in your shift to digital | Select the capabilities that will benefit most from automation | Prepare applications to support digital tools and technologies | Use best-of-breed tools to meet specific digital needs | Bring all applications up to a common digital standard |
Addressing Competing Priorities | Ground your digital vision, goals, and objectives | Recognize and evaluate the architectural impact | Rationalize the health of the applications | Agree on a common philosophy on system composition | Map to a holistic platform vision, goals, and objectives |
Fostering a Collaborative Culture | Involve all perspectives in defining and delivering DX | Involve the end user in the delivery and testing of the automated process | Include the technical perspective in the viability of future applications plans | Discuss how applications can work together better in an ecosystem | Ensure the platform is configured to meet the individual needs of the users |
Creating High-Throughput Teams | Establish delivery principles centered on DX | Remove manual, error-prone, and mundane tasks | Simplify applications to ease delivery and maintenance | Alleviate delivery bottlenecks and issues | Abstract the enterprise system to expedite delivery |
Delivering valuable digital experiences requires the adoption of good management, governance, and operational practices to accommodate stakeholder, employee, customer, and end-user expectations of digital experiences (e.g. product management, automation, and iterative delivery). Technologies are chosen based on what best enables, delivers, and supports these expectations.
Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience
Digital experience (DX) refers to the interaction between a user and an organization through digital products and services. Digital products and services are tools, systems, devices, and resources that gather, store, and process data; are continuously modernized; and embody eight key attributes that are described on the following slide. DX is broken down into four distinct perspectives*:
Digital Products and Services | |||
---|---|---|---|
Customer Experience | Brand Experience | Employee Experience | End-User Experience |
Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience
A good DX has become a key differentiator that gives organizations an advantage over their competition and peers. Shifts in working environments; employee, customer, and stakeholder expectations; and the advancements in modern technologies have raised the importance of adopting and transitioning to digital processes and tools to stay relevant and responsive to changing business and technology conditions.
Applications teams are critical to ensuring the successful delivery and operation of these digital processes and tools. However, they are often under-resourced and challenged to meet their DX goals.
![]() |
of organizations stated that at least 1% of processes were shifted from being manually completed to digitally completed in the last year. 29% of organizations stated at least 21% were shifted. Source: Tech Trends and Priorities 2023; N=500. |
![]() |
of organizations recognized digital transformation is important for competitive advantage. 94% stated it is important to enhance customer experience, and 91% stated it will have a positive impact on revenue. Source: Cyara, 2021. |
Customers are swayed by the innovations and advancements in digital technologies and expect your applications team to deliver and support them. Your leaders recognize the importance of these expectations and are integrating them into their business strategy and brand (how the organization presents itself to its customers, employees and the public). They hope that their actions will improve and shape the company's reputation (public perception of the company) as effective, customer-focused, and forward-thinking.
As you evolve and adopt more complex tools and technology, your stakeholders will expect more from business units and IT teams. Unfortunately, teams employing manual processes and legacy systems will struggle to meet these expectations. Digital products and services promote the simplification of complex operations and applications and help the business and your teams better align operational practices with strategic goals and deliver valuable DX.
Legacy processes, systems, and ways of working are no longer suitable for meeting the strategic digital objectives and DX needs stakeholders expect. They drive up operational costs without increased benefits, impede business growth and innovation, and consume scarce budgets that could be used for other priorities. Shifting to digital tools and technologies will bring these challenges to light and demonstrate how modernization is an integral part of DX success.
Employees and customers can choose how they want to access, modify, and consume digital products and services. They can be tailored to meet the specific functional needs, behaviors, and habits of the end user.
The customer, end user, brand, and employee drive selection, design, and delivery of digital products and services. Even the most advanced technologies will fail if key roles do not see the value in their use.
Digital products and services are delivered with technical quality built into them, ensuring they meet the industry, regulatory, and company standards throughout their lifespan and in various conditions.
Some stakeholders may not be willing to change due to their familiarity and comfort of business practices.
Competing and conflicting priorities of strategic products and services undermine digital transformation and broader modernization efforts.
Business processes are often burdened by wasteful activities. Digital products and services are only as valuable as the processes they support.
The performance and support of your digital products and services are hampered due to unmanageable technical debt because of a deliberate decision to bypass or omit quality good practices.
Success can be dependent on your ability to address your pressure points.
Attracting and Retaining Talent |
Enhance the employee experience.Design the digital processes, tools, and technologies to meet the individual needs of the employee. |
---|---|
Maximizing the Return on Technology |
Modernize or extend the use of existing investments.Drive higher adoption of applications and higher user value and productivity by implementing digital capabilities to the applications that will gain the most. |
Confidently Shifting to Digital |
Prioritize DX in your shift to digital. Include DX as part of your definition of success.Your products and services are not valuable if users, customers, and employees do not use them. |
Addressing Competing Priorities |
Ground your digital vision, goals, and objectivesEstablish clear ownership of DX and digital products and services with a cross-functional prioritization framework. |
Fostering a Collaborative Culture |
Involve all perspectives in defining and delivering DX.Maintain a committee of owners, stakeholders, and delivery teams to ensure consensus and discuss how to address cross-functional opportunities and risks. |
Creating High-Throughput Teams |
Establish delivery principles centered on DX.Enforce guiding principles to streamline and simplify DX delivery, such as plug-and-play architecture and quality standards. |
A digital business strategy clearly articulates the goals and ambitions of the business to adopt digital practices, tools, and technologies. This document:
Related Research:
Related Research:
User, customer, employee, and brand are integral perspectives on the software development lifecycle (SDLC) and the management and governance practices supporting digital products and services. It ensures quality standards and controls are consistently upheld while maintaining alignment with various needs and priorities. The goal is to come to a consensus on a universal definition and approach to embed quality and DX-thinking throughout the delivery process.
Related Research:
Today's rapidly scaling and increasingly complex digital products and services create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality. This pressure is further compounded by the competing priorities of individual stakeholders and the nuances among different personas of digital products and services.
A collaborative delivery practice sets the activities, channels, and relationships needed to deliver a valuable and quality product or service with cross-functional awareness, accountability, and agreement.
Related Research:
Today's modern digital products and services are tomorrow's shelfware. They gradually lose their value, and the supporting technologies will become obsolete. Modernization is a continuous need.
Data-driven insights help decision makers decide which products and services to retire, upgrade, retrain on, or maintain to meet the demands of the business.
Enhancements focusing on critical business capabilities strengthen the case for investment and build trust with all stakeholders.
Related Research:
Chief Marketing Officer M.V. Rajamannar (Raja) wanted to change Mastercard's iconic "Priceless" ad campaign (with the slogan "There are some things money can't buy. For everything else there's Mastercard."). The main reasons were that the campaign relied on one-way communication and targeted end customers, even though Mastercard doesn't issue cards directly to customers; partner banks do. To drive the change in campaign, Raja and his team created a digital engine that leveraged digital and social media. Digital engine is a seven-step process based on insights gleaned from data and real-time optimization.
Source: Harvard Business Review Press
Focus on the customer journey
The Mastercard case highlights important lessons on how to engage customers:
AI and ML are rapidly growing. Organizations see the value of machines intelligently executing high-performance and dynamic tasks such as driving cars and detecting fraud. Senior leaders see AI and ML as opportunities to extend their business process automation investments.
Intelligent automation is the next step in your business process automation journey
Intelligent automation (IA) is the combination of traditional automation technologies, such as business process management (BPM) and robotic process automation (RPA), with AI and ML. The goal is to further streamline and scale decision making across various business processes by:
"For IA to succeed, employees must be involved in the transformation journey so they can experience firsthand the benefits of a new way of working and creating business value," (Cognizant).
"Hyperautomation is the act of automating everything in an organization that can be automated. The intent is to streamline processes across an organization using intelligent automation, which includes AI, RPA and other technologies, to run without human intervention. … Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible" (IBM, 2021).
Note that hyperautomation often enables IA, but teams solely adopting IA do not need to abide to its automation-first principles.
Process automation is an executive priority and requires organizational buy-in
Stakeholders recognize the importance of business process automation and AI and are looking for ways to deliver more value using these technologies.
However, the advertised benefits to vendors of enabling these desired automations may not be easily achievable because of:
![]() |
of CXOs stated staff sufficiency, skill and engagement issues as a minor IT pain point compared to 51% of CIOs stated this issue as a major pain point. Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568. |
![]() |
of organizations have already invested in AI or machine learning. Source: Tech Trends and Priorities 2023; N=662 |
Products and services delivered through an undefined and manual process risk the creation of preventable and catchable defects, security flaws and holes, missing information, and other quality issues. IA solutions consistently reinforce quality standards the same way across all products and services while tailoring outputs to meet an individual's specific needs. Success is dependent on the accurate interpretation and application of quality standards and the user's expectations.
IA removes the tedious, routine, and mundane tasks that distract and restrict employees from doing more valuable, impactful, and cognitively focused activities. Practical insights can also be generated through IA tools that help employees make data-driven decisions, evaluate problems from different angles, and improve the usability and value of the products and services they produce.
Automation magnifies existing inefficiencies of a business process management practice, such as unclear and outdated process documentation and incorrect assumptions. IA reinforces the importance of good business process optimization practices, such as removing waste and inefficiencies in a thoughtful way, choosing the most appropriate automation solution, and configuring the process in the right way to maximize the solution's value.
All business processes must be mapped and documented to be automated, including business rules, data entities, applications, and control points.
IA can be configured and orchestrated to automatically execute when certain business, process, or technology conditions are met in an unattended or attended manner.
IA is applicable in use cases beyond traditional business processes, such as automated testing, quality control, audit, website scraping, integration platform, customer service, and data transfer.
The accuracy and relevance of the decisions IA makes are dependent on the overall quality of the data
used to train it.
Some decisions can have significant reputational, moral, and ethical impacts if made incorrectly.
The question is whether it is appropriate for a non-human to make that decision.
IA is composed of technologies that can be compromised or fail. Without the proper monitoring, controls,
and recovery protocols, impacted IA will generate significant business and IT costs and can potentially harm customers, employees, and the organization.
Low- and no-code capabilities ease and streamline IA development, which makes it susceptible to becoming unmanageable. Discipline is needed to ensure IA owners are aware of the size and health of the IA portfolio.
Success can be dependent on your ability to address your pressure points.
Attracting and Retaining Talent |
Be transparent and support role changes.Plan to address the human sentiment with automation (e.g. job security) and the transition of the role to other activities. |
---|---|
Maximizing the Return on Technology |
Automate applications across multiple business functions.Recognize the value opportunities of improving and automating the integration of cross-functional processes. |
Confidently Shifting to Digital |
Maximize the learning of automation fit.Select the right capabilities to demonstrate the value of IA while using lessons learned to establish the appropriate support. |
Addressing Competing Priorities |
Recognize automation opportunities with capability maps.Use a capability diagram to align strategic IA objectives with tactical and technical IA initiatives. |
Fostering a Collaborative Culture |
Involve the user in the delivery process.Maximize automation adoption by ensuring the user finds value in its use before deployment. |
Creating High-Throughput Teams |
Remove manual, error-prone, and mundane tasks.Look for ways to improve team throughput by removing wasteful activities, enforcing quality, and automating away tasks driving down productivity. |
Formalize your business process automation practice with a good toolkit and a repeatable set of tactics and techniques.
Related Research:
Each IA tool will address a different problem. Which tool to choose is dependent on a variety of factors, such as functional suitability, technology suitability, delivery and support capabilities, alignment to strategic business goals, and the value it is designed to deliver.
Related Research:
Despite the many promises of AI, organizations are struggling to fully realize its potential. The reasons boil down to a lack of understanding of when these technologies should and shouldn't be used, as well as a fear of the unknown. The plan to adopt AI should include:
Related Research:
Biases can be introduced into an IA system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used and what assumptions were made. In most cases, AI and ML bias is a is a social, political, and business problem.
While bias may not be intentional nor completely prevented or eliminated, early detection, good design, and other proactive preventative steps can be taken to minimize its scope and impact.
Related Research:
University Hospitals Cleveland (UH) faces the same challenge that every major hospital confronts regarding how to deliver increasingly complex, high-quality healthcare to a diverse population efficiently and economically. In 2017, UH embarked on a value improvement program aiming to improve quality while saving $400 million over a five-year period.
In emergency department (ED) and inpatient units, leaders found anticipating demand difficult, and consequently units were often over-staffed when demand was low and under-staffed when demand was high. Hospital leaders were uncertain about how to reallocate resources based on capacity needs.
UH turned to Hospital IQ's Census Solution to proactively manage capacity, staff, and flow in the ED and inpatient areas.
By applying AI, ML, and external data (e.g. weather forecasts) to the hospital's own data (including EMR data and hospital policies), the solution helped UH make two-day census forecasts that managers used to determine whether to open or close in-patient beds and, when necessary, divert low-acuity patients to other hospitals in the system to handle predicted patient volume.
Source: University Hospitals
ED boarding hours have declined by 10% and the hospital has seen a 50% reduction in the number of patients who leave the hospital without
being seen.
UH also predicts in advance patients ready for discharge and identifies roadblocks, reducing the average length of stay by 15%. UH is able to better manage staff, reducing overtime and cutting overall labor costs.
The hospital has also increased staff satisfaction and improved patient safety by closing specific units on weekends and increasing the number of rooms that can be sterilized.
Application management is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on application management when it becomes a problem. The lack of governance and practice accountability leaves this practice in a chaotic state: politics take over, resources are not strategically allocated, and customers are frustrated. As a result, application management is often reactive and brushed aside for new development.
Application management ensures valuable software is successfully delivered and is maintained for continuous and sustainable business operations. It contains a repeatable set of activities needed to rationalize and roadmap products and services while balancing priorities of new features and maintenance tasks.
Unfortunately, application management is commonly perceived as a practice that solely addresses issues, updates, and incidents. However, application management teams are also tasked with new value delivery that was not part of the original release.
Application maintenance is the "process of modifying a software system or its components after delivery to correct faults, improve performance or other attributes, or adapt to a changed environment or business process," (IEEE, 1998). While it is critical to quickly fix defects and issues when they occur, reactively addressing them is more expensive than discovering them early and employing the practices to prevent them.
Even if an application is working well, its framework, architecture, and technology may not be compatible with the possible upcoming changes stakeholders and vendors may want to undertake. Applications may not be problems now, but they soon can be.
Proactive application management practices are critical to maintaining business continuity. They require continuous review and modification so that applications are resilient and can address current and future scenarios. Depending on the value of the application, its criticality to business operations, and its susceptibility to technology change, a more proactive management approach may be warranted. Stakeholders can then better manage resources and budget according to the needs of specific products.
Fix and enhance the product when it breaks. In most cases, a plan is in place ahead of a failure, so that the problem can be addressed without significant disruption and costs.
Regularly inspect and optimize the product to reduce the likelihood that it will fail in the future. Schedule inspections based on a specific timeframe or usage threshold.
Predict failures before they happen using performance and usage data to alert teams when products are at risk of failure according to specified conditions.
Analyze all possible failure scenarios for each component of the product and create tailored delivery plans to improve the stability, reliability, and value of each product.
Applications begin to degrade as soon as they are used
Today's applications are tomorrow's shelfware. They gradually lose their value, stability, robustness, and compatibility with other enterprise technologies. The longer these applications are left unattended or simply "keeping the lights on," the more risks they will bring to the application portfolio, such as:
These impacts are further compounded by the continuous work done on a system burdened with technical debt. Technical debt describes the result of avoided costs that, over time, cause ongoing business impacts. Left unaddressed, technical debt can become an existential threat that risks your organization's ability to effectively compete and serve its customers. Unfortunately, most organizations have a significant, growing, unmanageable technical debt portfolio.
![]() |
of respondents stated they saw an increase in perceived change in technical debt during the past three years. A quarter of respondents indicated that it stayed the same. Source: McKinsey Digital, 2020. |
US |
is the average cost of a data breach in 2022. This figure represents a 2.6% increase from last year. The average cost has climbed 12.7% since 2020. Source: IBM, 2022; N=537. |
---|
Historical decisions to meet business demands by deferring key quality, architectural, or other software delivery activities often lead to inefficient and incomplete code, fragile legacy systems, broken processes, data quality problems, and the other contributors to technical debt. The impacts for this challenge is further heightened if organizations are not actively refactoring and updating their applications behind the scenes. Proactive application management is intended to raise awareness of application fragility and prioritize comprehensive refactoring activities alongside new feature development.
Applications are designed, developed, and tested against a specific set of parameters which may become less relevant over time as the business matures, technology changes, and user behaviors and interactions shift. Continuous monitoring of the application system, regular stakeholder and user feedback, and active technology trend research and vendor engagement will reveal tasks to prepare an application for future value opportunities or stability and resilience concerns.
Innovative approaches to infiltrating and compromising applications are becoming prevailing stakeholder concerns. The loopholes and gaps in existing application security protocols, control points, and end-user training are exploited to gain the trust of unsuspecting users and systems. Proactive application management enforces continuous security reviews to determine whether applications are at risk. The goal is to prevent an incident from happening by hardening or complementing measures already in place.
Users expect the same level of performance and experience from their applications in all scenarios. A proactive approach ensures the configurations meet the current needs of users and dependent technologies.
Proactively managed applications are resilient to the latest security concerns and upcoming trends.
Continuous improvements to the underlying architecture, codebase, and interfaces can minimize the cost to maintain and operate the application, such as the transition to a loosely coupled architecture and the standardization of REST APIs.
Stakeholders may not see the association between the application's value and its technical quality.
Updates and enhancements are system changes much like any application function. Depending
on the priority of these changes, new functions may be pushed off to a future release cycle.
Applications teams require dedicated capacity to proactively manage applications, but they are often occupied meeting other stakeholder demands.
Overinvesting in certain application management activities (such as refactoring, re-architecture, and redesign) can create more challenges. Knowing how much to do is important.
Attracting and Retaining Talent |
Shift focus from maintenance to innovation. Work on the most pressing and critical requests first, with a prioritization framework reflecting cross-functional priorities. |
---|---|
Maximizing the Return on Technology |
Improve the reliability of mission-critical applications.Regularly verify and validate applications are up to date with the latest patches and fixes and comply with industry good practices and regulations. |
Confidently Shifting to Digital |
Prepare applications to support digital tools and technologies.Focus enhancements on the key components required to support the integration, performance, and security needs of digital. |
Addressing Competing Priorities |
Rationalize the health of the applications.Use data-driven, compelling insights to justify the direction and prioritization of applications initiatives. |
Fostering a Collaborative Culture |
Include the technical perspective in the viability of future applications plans.Demonstrate how poorly maintained applications impede the team's ability to deliver confidently and quickly. |
Creating High-Throughput Teams |
Simplify applications to ease delivery and maintenance.Refactor away application complexities and align the application portfolio to a common quality standard to reduce the effort to deliver and test changes. |
Maintenance is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on maintenance when it becomes a problem.
Ensure product issues, incidents, defects, and change requests are promptly handled to minimize business and IT risks.
Related Research:
Apply the appropriate management approaches to maintain business continuity and balance priorities and commitments among maintenance and new development requests.
This practice serves as the foundation for creating exceptional customer experience by emphasizing cross-functional accountability for business value and product and service quality.
Related Research:
Technical debt is a type of technical risk, which in turn is business risk. It's up to the business to decide whether to accept technical debt or mitigate it. Create a compelling argument to stakeholders as to why technical debt should be a business priority rather than just an IT one.
Related Research:
Application portfolio management is nearly impossible to perform without an honest and thorough understanding of your portfolio's alignment to business capabilities, business value, total cost of ownership, end-user reception and satisfaction, and technical health.
Develop data-driven insights to help you decide which applications to retire, upgrade, retrain on, or maintain to meet the demands of the business.
Related Research:
Site reliability engineering (SRE) is an operational model for running online services more reliably by a team of dedicated reliability-focused engineers.
DevOps, an operational philosophy promoting development and operations collaboration, can bring the critical insights to make application management practices through SRE more valuable.
Related Research:
A government agency needed to implement a disciplined, sustainable application delivery, planning, and management process so their product delivery team could deliver features and changes faster with higher quality. The goal was to ensure change requests, fixes, and new features would relieve requester frustrations, reduce regression issues, and allow work to be done on agreeable and achievable priorities organization-wide. The new model needed to increase practice efficiency and visibility in order to better manage technical debt and focus on value-added solutions.
This organization recognized a number of key challenges that were inhibiting its team's ability to meet its goals:
Source: Info-Tech Workshop
Various market and company factors are motivating a review on resource and system sourcing strategies. The right sourcing model provides key skills, resources, and capabilities to meet innovation, time to market, financial, and quality goals of the business. However, organizations struggle with how best to support sourcing partners and to allocate the right number of resources to maximize success.
A multisource system is an ecosystem of integrated internally and externally developed applications, data, and infrastructure. These technologies can be custom developed, heavily configured vendor solutions, or they may be commercial off-the-shelf (COTS) solutions. These systems can also be developed, supported, and managed by internal staff, in partnership with outsourced contractors, or be completely outsourced. Multisource systems should be configured and orchestrated in a way that maximizes the delivery of specific value drivers for the targeted audience.
Defining and executing a sourcing approach can be a significant investment and risk because of the close interactions third-party services and partners will have with internal staff, enterprise applications and business capabilities. A careful selection and design is necessary.
The selection of a sourcing partner is not simple. It involves the detailed inspection and examination of different candidates and matching their fit to the broader vision of the multisource system. In cases where control is critical, technology stack and resource sourcing consolidation to a few vendors and partners is preferred. In other cases, where worker productivity and system flexibility are highly prioritized, a plug-and-play best-of-breed approach is preferred.
The image that your applications department and teams want to reflect is frequently dependent on the applications they deliver and support, the resources they are composed of, and the capabilities they provide.
Therefore, choosing the right sourcing approach should be driven by understanding who the teams are and want to be (e.g. internal builder, an integrator, a plug-in player), what they can or want to do (e.g. custom-develop or implement), and what they can deliver or support (e.g. cloud or on-premises) must be established.
Well-integrated systems are the lifeblood of your organization. They provide the capabilities needed to deliver value to customers, employees, and stakeholders. However, underlying system components may not be sourced under a unified strategy, which can lead to duplicate vendor services and high operational costs.
The right sourcing approach ensures your partners address key capabilities in your system's delivery and support, and that they are positioned to maximize the value of critical and high-impact components.
Outsourcing and shifting to a buy-over-build applications strategy are common quick fixes to dealing with capacity and skills gaps. However, these quick fixes often become long-term implementations that are not accounted for in the sourcing selection process. Current application and resource sourcing strategies must be reviewed to ensure that vendor arrangements meet the current and upcoming demands and challenges of the business, customers, and enterprise technologies, such as:
![]() |
of respondents stated they outsourced software development fully or partly in the last 12 months (2021). Source: Coding Sans, 2021. |
![]() |
of respondents stated they were at least somewhat satisfied with the result of outsourcing software development. Source: Coding Sans, 2021. |
Employees are implementing and building applications without consulting, notifying, or heeding the advice of IT. IT is often ill-equipped and under-resourced to fight against shadow IT. Instead, organizations are shifting the mindset of "fight shadow IT" to "embrace business-managed applications," using good practices in managing multisource systems. A multisource approach strikes the right balance between user empowerment and centralized control with the solutions and architecture that can best enable it.
Point solutions offer features to address unique use cases in uncommon technology environments. However, point solutions are often deployed in siloes with limited integration or overlap with other solutions. The right sourcing strategy accommodates the fragmented nature of point solutions into a broader enterprise system strategy, whether that be:
Some vendor services in a multisource environment may be redundant, conflicting, or incompatible. Given that multisource systems are regularly changing, it is difficult to identify what services are affected, what would be needed to fill the gap of the removed solution, or which redundant services should be removed.
A multisource approach motivates the continuous rationalization of your vendor services and partners to determine the right mixture of in-house and outsourced resources, capabilities, and technologies.
Multisource systems can be designed to support an employee's ability to select the tools they want and need.
The environment is architected in a loosely coupled approach to allow applications to be easily added, removed, and modified with minimized impact to other integrated applications.
Rather than investing in large solutions upfront, applications are adopted when they are needed and are removed when little value is gained. Disciplined application portfolio management is necessary to see the full value of this benefit.
The increased number and diversity of applications in multisource system environments can overwhelm system managers who do not have an effective application portfolio management practice.
Fragmented application implementations risk inconsistent adherence to security and other quality policies, especially in situations where IT is not involved.
Application integration can quickly become tangled, untraceable, and unmanageable because of varying team and vendor preferences for specific integration technologies and techniques.
Success can be dependent on your ability to address your pressure points.
Attracting and Retaining Talent |
Enable business-managed applications.Create the integrations to enable the easy connection of desired tools to enterprise systems with the appropriate guardrails. |
---|---|
Maximizing the Return on Technology |
Enhance the functionality of existing applications.Complement current application capability gaps with data, features, and services from third-party applications. |
Confidently Shifting to Digital |
Use best-of-breed tools to meet specific digital needs.Select the best tools to meet the unique and special functional needs of the digital vision. |
Addressing Competing Priorities |
Agree on a common philosophy on system composition.Establish an owner of the multisource system to guide how the system should mature as the organization grows. |
Fostering a Collaborative Culture |
Discuss how applications can work together better in an ecosystem.Build committees to discuss how applications can better support each other and drive more value. |
Creating High-Throughput Teams |
Alleviate delivery bottlenecks and issues.Leverage third-party sources to fill skills and capacity gaps until a long-term solution can be implemented. |
Understanding the applications team's purpose and image is critical in determining how the system they are managing and the skills and capacities they need should be sourced.
Changing and conflicting definitions of value and goals make it challenging to convey an agreeable strategy of the multisource system. An achievable vision and practical tactics ensure all parties in the multisource system are moving in the same direction.
Related Research:
Almost half of all sourcing initiatives do not realize projected savings, and the biggest reason is the choice of partner (Zhang et al., 2018). Making the wrong choice means inferior products, higher costs and the loss of both clients and reputation.
Choosing the right sourcing partner involves understanding current skills and capacities, finding the right matching partner based on a desired profile, and managing a good working relationship that sees short-term gains and supports long-term goals.
Related Research:
Integration strategies that are focused solely on technology are likely to complicate rather than simplify because little consideration is given on how other systems and processes will be impacted. Enterprise integration needs to bring together business process, applications, and data – in that order.
Kick-start the process of identifying opportunities for improvement by mapping how applications and data are coordinated to support business activities.
Related Research:
Haphazardly implementing and integrating applications can generate significant security, performance, and data risks. A well-thought-through solution architecture is essential in laying the architecture quality principles and roadmap on how the multisource system can grow and evolve in a sustainable and maintainable way.
Good application portfolio management complements the solution architecture as it indicates when low-value and unused applications should be removed to reduce system complexity.
Related Research:
Multisource systems bring a unique opportunity to support the business and end users' desire to implement and develop their own applications. However, traditional models of managing applications may not accommodate the specific IT governance and management practices required to operate business-managed applications:
Related Research:
Source: interview with Jay MacIsaac, Cognizant.
A digital platform enables organizations to leverage a flexible, reliable, and scalable foundation to create a valuable DX, ease delivery and management efforts, maximize existing investments, and motivate the broader shift to digital. This approach provides a standard to architect, integrate, configure, and modernize the applications that compose the platform.
Digital organization as a platform (DOaaP) is a collection of integrated digital services, products, applications, and infrastructure that is used as a vehicle to meet and exceed an organization's digital strategies. It often serves as an accessible "place for exchanges of information, goods, or services to occur between producers and consumers as well as the community that interacts
with said platform" (Watts, 2020).
DOaaP involves a strategy that paves the way for organizations to be digital. It helps organizations use their assets (e.g. data, processes, products, services) in the most effective ways and become more open to cooperative delivery, usage, and management. This opens opportunities for innovation and cross-department collaborations.
Digital organizations are driven by customer focus, meeting and exceeding customer expectations. It must design its services with a "digital first" principle, providing access through every expected channel and including seamless integration and interoperability with various departments, partners, and third-party services. It also means creating trust in its ability to provide secure services and to keep privacy and ethics as core pillars.
Digital leadership brings customer focus to the enterprise and its structures and organizes efficient networks and ecosystems. Accomplishing this means getting rid of silos and a siloed mentality and aligning on a digital vision to design policies and services that are efficient, cost-effective, and provide maximum benefit to the user. Asset sharing, co-creation, and being open and transparent become cornerstones of a digital organization.
Providing digital services across demographics and geographies requires infrastructure, and that in turn requires long-term vision, smart investments, and partnerships with various source partners to create the necessary foundational infrastructure upon which to build digital services.
Automation and digitization of processes and services, as well as creating digital-first products, lead to increased efficiency and reach of the organization across demographics and geographies. Moreover, by taking a digital-first approach, digital organizations future-proof their services and demonstrate their commitment to stakeholders.
DOaaP embraces open standards, designing and developing organizational platforms and ecosystems with a cloud-first mindset and sound API strategies. Developer experience must also take center stage, providing the necessary tools and embracing Agile and DevOps practices and culture become prerequisites. Cybersecurity and privacy are central to the digital platform; hence they must be part of the design and development principles and practices.
Digital transformation continues to be a high-priority initiative for many organizations, and they see DOaaP as an effective way to enable and exploit digital capabilities. However, DOaaP unleashes new strategies, opportunities, and challenges that are elusive or unfamiliar to business leaders. Barriers in current business operating models may limit DOaaP success, such as:
DOaaP is not just about technology, and it is not the sole responsibility of either IT or business. It is the collective responsibility of the organization.
![]() |
of organizations plan to unlock new value through digital. 50% of organizations are planning major transformation over the next three years. Source: Nash Squared, 2022. |
![]() |
of organizations are undertaking digital expansion projects focused on scaling their business with technology. This result is up from 57% in 2021. Source: F5 Inc, 2022. |
Users should have the same experience and perception of a brand no matter what product or service they use. However, fragmented implementation of digital technologies and inconsistent application of design standards makes it difficult to meet this expectation. DOaaP embraces a single design and DX standard for all digital products and services, which creates a consistent perception of your organization's brand and reputation irrespective of what products and services are being used and how they are accessed.
Rapid advancement of end-user devices and changes to end-user behaviors and expectations often outpace an organization's ability to meet these requirements. This can make certain organization products and services difficult to find, access and leverage. DOaaP creates an intuitive and searchable interface to all products and services and enables the strategic combination of technologies to collectively deliver more value.
Many opportunities are left off the table when legacy systems are abstracted away rather than modernized. However, legacy systems may not justify the investment in modernization because their individual value is outweighed by the cost. A DOaaP initiative motivates decision makers to look at the entire system (i.e. modern and legacy) to determine which components need to be brought up to a minimum digital state. The conversation has now changed. Legacy systems should be modernized to increase the collective benefit of the entire DOaaP.
A single, modern, customizable interface enables a common look and feel no matter what and how the platform is being accessed.
Organizations can motivate and encourage the adoption and use of all products and services through the platform and increase the adoption of underused technologies.
DOaaP motivates and supports the modernization of data, processes, and systems to meet the goals and objectives outlined in the broader digital transformation strategy.
Each system may have a different definition of commonly used entities (e.g. customer), which can cause data quality issues when information is shared among these systems.
DOaaP can stress the performance of underlying systems due to the limitations of some systems to handle increased traffic.
Some systems cannot be modernized due to cost constraints, business continuity risks, vendor lock-in, legacy and lore, or other blocking factors.
Limited appetite to make the necessary changes to business operations in order to maximize the value of DOaaP technologies.
Attracting and Retaining Talent | Promote and showcase achievements and successes. Share the valuable and innovative work of your teams across the organization and with the public. |
---|---|
Maximizing the Return on Technology | Increase visibility of underused applications. Promote the adoption and use of all products and services through the platform and use the lessons learned to justify removal, updates or modernizations. |
Confidently Shifting to Digital | Bring all applications up to a common digital standard. Define the baseline digital state all applications, data, and processes must be in to maximize the value of the platform. |
Addressing Competing Priorities | Map to a holistic platform vision, goals and objectives. Work with relevant stakeholders, teams and end users to agree on a common directive considering all impacted perspectives. |
Fostering a Collaborative Culture | Ensure the platform is configured to meet the individual needs of the users. Tailor the interface and capabilities of the platform to address users' functional and personal concerns. |
Creating High-Throughput Teams | Abstract the enterprise system to expedite delivery. Use the platform to standardize application system access to simplify platform changes and quicken development and testing. |
Organizations realize that a digital model is the way to provide more effective services to their customers and end users in a cost-effective, innovative, and engaging fashion. DOaaP is a way to help support this transition.
However, various platform stakeholders will have different interpretations of and preferences for what this platform is intended to solve, what benefits it is supposed to deliver, and what capabilities it will deliver. A grounded vision is imperative to steer the roadmap and initiatives.
Related Research:
Certain applications may not sufficiently support the compatibility, flexibility, and efficiency requirements of DOaaP. While workaround technologies and tactics can be employed to overcome these application challenges, the full value of the DOaaP may not be realized.
Reviewing the current state of the application portfolio will indicate the functional and value limitations of what DOaaP can provide and an indication of the scope of investment needed to bring applications up to a minimum state.
Related Research:
Technology has reached a point where it's no longer difficult for teams to build functional and valuable digital platforms. Rather, the difficulty lies in creating an interface and platform that people want to use and use frequently.
While it is important to increase the access and promotion of all products and services, orchestrating and configuring them in a way to deliver a satisfying experience is even more important. Applications teams must first learn about and empathize with the needs of end users.
Related Research:
Formalizing and constructing DOaaP just for the sake of doing so often results in an initiative that is lengthy and costly and ends up being considered a failure.
The build and optimization of the platform must be predicated on a thorough understanding of the DOaaP's goals, objectives, and priorities and the business capabilities and process they are meant to support and enable. The appropriate architecture and delivery practices can then be defined and employed.
Related Research:
The digital strategy of Estonia resulted in e-Estonia, with the vision of "creating a society with more transparency, trust, and efficiency." Estonia has addressed the challenge by creating structures, organizations, and a culture of innovation, and then using the speed and efficiency of digital infrastructure, apps, and services. This strategy can reduce or eliminate bureaucracy through transparency and automation.
Estonia embarked on its journey to making digital a priority in 1994-1996, focusing on a committed investment in infrastructure and digital literacy. With that infrastructure in place, they started providing digital services like an e-banking service (1996), e-tax and mobile parking (2002), and then went full steam ahead with a digital information interoperability platform in 2001, digital identity in 2002, e-health in 2008, and e-prescription in 2010. The government is now strategizing for AI.
Source: e-Estonia
The e-Estonia digital government model serves as a reference for governments across the world; this is acknowledged by the various awards it has received, like #2 in "internet freedom," awarded by Freedom House in 2019; #1 on the "digital health index," awarded by the Bertelsmann Foundation in 2019; and #1 on "start-up friendliness," awarded by Index Venture in 2018.
"15th State of Agile Report." Digital.ai, 2021. Web.
"2022 HR Trends Report." McLean & Company, 2022.
"2022: State of Application Strategy Report." F5 Inc, 2022.
"Are Executives Wearing Rose-Colored Glasses Around Digital Transformation?" Cyara, 2021. Web.
"Cost of a Data Breach Report 2022." IBM, 2022. Web.
Dalal, Vishal, et al. "Tech Debt: Reclaiming Tech Equity." McKinsey Digital, Oct. 2020. Web.
"Differentiating Between Intelligent Automation and Hyperautomation." IBM, 15 October 2021. Web.
"Digital Leadership Report 2021." Harvey Nash Group, 2021.
"Digital Leadership Report 2022: The State of Digital." Nash Squared, 2022. Web.
Gupta, Sunil. "Driving Digital Strategy: A Guide to Reimagining Your Business." Harvard Business Review Press, 2018. Web.
Haff, Gordon. "State of Application Modernization Report 2022." Konveyor, 2022. Web.
"IEEE Standard for Software Maintenance: IEEE Std 1219-1998." IEEE Standard for Software Maintenance, 1998. Accessed Dec. 2015.
"Intelligent Automation." Cognizant, n.d. Web.
"Kofax 2022: Intelligent Automation Benchmark Study". Kofax, 2021. Web.
McCann, Leah. "Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?" rAVe, 2 July 2020, Web.
"Proactive Staffing and Patient Prioritization to Decompress ED and Reduce Length of Stay." University Hospitals, 2018. Web.
"Secrets of Successful Modernization." looksoftware, 2013. Web.
"State of Software Development." Coding Sans, 2021. Web.
"The State of Low-Code/No-Code." Creatio, 2021. Web.
"We Have Built a Digital Society and We Can Show You How." e-Estonia. n.d. Web.
Zanna. "The 5 Types of Experience Series (1): Brand Experience Is Your Compass." Accelerate in Experience, 9 February 2020. Web.
Zhang, Y. et al. "Effects of Risks on the Performance of Business Process Outsourcing Projects: The Moderating Roles of Knowledge Management Capabilities." International Journal of Project Management, 2018, vol. 36 no. 4, 627-639.
Chris Harrington
Chief Technology Officer
Carolinas Telco Federal Credit Union
Chris Harrington is Chief Technology Officer (CTO) of Carolinas Telco Federal Credit Union. Harrington is a proven leader with over 20 years of experience developing and leading information technology and cybersecurity strategies and teams in the financial industry space.
Benjamin Palacio
Senior Information Technology Analyst County of Placer
Benjamin Palacio has been working in the application development space since 2007 with a strong focus on system integrations. He has seamlessly integrated applications data across multiple states into a single reporting solution for management teams to evaluate, and he has codeveloped applications to manage billions in federal funding. He is also a CSAC-credentialed IT Executive (CA, USA).
Scott Rutherford
Executive Vice President, Technology
LGM Financial Services Inc.
Scott heads the Technology division of LGM Financial Services Inc., a leading provider of warranty and financing products to automotive OEMs and dealerships in Canada. His responsibilities include strategy and execution of data and analytics, applications, and technology operations.
Robert Willatts
IT Manager, Enterprise Business Solutions and Project Services
Town of Newmarket
Robert is passionate about technology, innovation, and Smart City Initiatives. He makes customer satisfaction as the top priority in every one of his responsibilities and accountabilities as an IT manager, such as developing business applications, implementing and maintaining enterprise applications, and implementing technical solutions. Robert encourages communication, collaboration, and engagement as he leads and guides IT in the Town of Newmarket.
Randeep Grewal
Vice President, Enterprise Applications
Red Hat
Randeep has over 25 years of experience in enterprise applications, advanced analytics, enterprise data management, and consulting services, having worked at numerous blue-chip companies. In his most recent role, he is the Vice President of Enterprise Applications at Red Hat. Reporting to the CIO, he is responsible for Red Hat's core business applications with a focus on enterprise transformation, application architecture, engineering, and operational excellence. He previously led the evolution of Red Hat into a data-led company by maturing the enterprise data and analytics function to include data lake, streaming data, data governance, and operationalization of analytics for decision support.
Prior to Red Hat, Randeep was the director of global services strategy at Lenovo, where he led the strategy using market data to grow Lenovo's services business by over $400 million in three years. Prior to Lenovo, Randeep was the director of advanced analytics at Alliance One and helped build an enterprise data and analytics function. His earlier work includes seven years at SAS, helping SAS become a leader in business analytics, and at KPMG consulting, where he managed services engagements at Fortune 100 companies.
You have a mandate to create an accurate and actionable database of the IT assets in your environment, but:
ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there’s no value in data for data’s sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service providers.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This two-phase, step-by-step methodology will guide you through the activities to build a business-aligned, coherent, and durable approach to ITAM. Review the executive brief at the start of the slide deck for an overview of the methodology and the value it can provide to your organization.
Use this template to document your IT asset management strategy and approach.
Use this tool to estimate key data points related to your IT asset estate, as well as your confidence in your estimates.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Align key stakeholders to the potential strategic value of the IT asset management practice.
Ensure the ITAM practice is focused on business-aligned goals.
Define a business-aligned direction and expected outcomes for your ITAM program.
1.1 Brainstorm ITAM opportunities and challenges.
1.2 Conduct an executive alignment working session.
1.3 Set ITAM priorities, goals and tactics.
1.4 Identify target and current state ITAM maturity.
ITAM opportunities and challenges
Align executive priorities with ITAM opportunities.
ITAM metrics and KPIs
ITAM maturity
Translate goals into specific and coherent actions to enable your ITAM practice to deliver business value.
A business-aligned approach to ITAM, encompassing scope, structure, tools, audits, budgets, documentation and more.
A high-level roadmap to achieve your vision for the ITAM practice.
2.1 Define ITAM scope.
2.2 Acquire ITAM services (outsourcing and contracting).
2.3 Centralize or decentralize ITAM capabilities.
2.4 Create a RACI for the ITAM practice.
2.5 Align ITAM with other service management practices.
2.6 Evaluate ITAM tools and integrations.
2.7 Create a plan for internal and external audits.
2.8 Improve your budget processes.
2.9 Establish a documentation framework.
2.10 Create a roadmap and communication plan.
Your ITAM approach
ITAM roadmap and communication plan
17 Phase 1: Establish Business-Aligned ITAM Goals and Priorities
59 Phase 2: Support ITAM Goals and Priorities
116 Bibliography
Track hardware and software. Seems easy, right?
It’s often taken for granted that IT can easily and accurately provide definitive answers to questions like “how many laptops do we have at Site 1?” or “do we have the right number of SQL licenses?” or “how much do we need to budget for device replacements next year?” After all, don’t we know what we have? IT can’t easily provide these answers because to do so you must track hardware and software throughout its lifecycle – which is not easy. And unfortunately, you often need to respond to these questions on very short notice because of an audit or to support a budgeting exercise. IT Asset Management (ITAM) is the solution. It’s not a new solution – the discipline has been around for decades. But the key to success is to deploy the practice in a way that is sustainable, right-sized, and maximizes value. Use our practical methodology to develop and document your approach to ITAM that is aligned with the goals of your organization.
|
Realize the value of asset management
Cost optimization, application rationalization and reduction of technical debt are all considered valuable to right-size spending and improve service outcomes. Without access to accurate data, these activities require significant investments of time and effort, starting with creation of point-in-time inventories, which lengthens the timeline to reaching project value and may still not be accurate. Cost optimization and reduction of technical debt should be part of your culture and technical roadmap rather than one-off projects. Why? Access to accurate information enables the organization to quickly make decisions and pivot plans as needed. Through asset management, ongoing harvest and redeployment of assets improves utilization-to-spend ratios. We would never see any organization saying, “We’ve closed our year end books, let’s fire the accountants,” but often see this valuable service relegated to the back burner. Similar to the philosophy that “the best time to plant a tree is 20 years ago and the next best time is now,” the sooner you can start to collect, validate, and analyze data, the sooner you will find value in it.
|
Your Challenge
You have a mandate to create an accurate and actionable database of the IT assets in your environment, but:
|
Common Obstacles
It is challenging to make needed changes because:
|
Info-Tech’s Approach
|
ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there’s no value in data for data’s sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service providers.
Unlock business value with IT asset management
This blueprint will help you develop your approach for the management of IT hardware and software, including cloud services. Leverage other Info-Tech methodologies to dive directly into developing hardware asset management procedures, software asset management procedures, or to implement configuration management best practices. |
Info-Tech Members report significant savings from implementing our hardware and software asset management frameworks. In order to maximize value from the process-focused methodologies below, develop your ITAM strategy first. Implement Hardware Asset Management (Based on Info-Tech Measured Value Surveys results from clients working through these blueprints, as of February 2022.)
|
ITAM provides both early and ongoing valueITAM isn’t one-and-done. Properly supported, your ITAM practice will deliver up-front value that will help demonstrate the value ongoing ITAM can offer through the maintenance of an accurate, accessible, and actionable ITAM database. |
Example: Software Savings from ITAM![]() This chart shows the money saved between the first quote and the final price for software and maintenance by a five-person ITAM team. Over a year and a half, they saved their organization a total of $7.5 million from a first quote total of $21 million over that period. This is a perfect example of the direct value that ITAM can provide on an ongoing basis to the organization, when properly supported and integrated with IT and the business. |
|
Examples of up-front value delivered in the first year of the ITAM practice:
|
Examples of long-term value from ongoing governance, management, and operational ITAM activities:
|
The rulebook is available, but hard to follow
|
ITAM is a mature discipline with well-established standards, certifications, and tools, but we still struggle with it.
|
Adopt, manage, and mature activities to enable business value thorugh actionable, accessible, and accurate ITAM data
![]() |
Enable Business Value | ![]() |
Business-Aligned Spend
|
Facilitate IT Services
|
Context-Aware Risk Management
|
Plan & GovernBusiness Goals, Risks, and Structure
Ongoing Management Commitment
Culture
|
![]() |
Build & ManageTools & Data
Process
People, Policies, and Providers
|
ITAM is a foundational IT service that provides actionable, accessible, and accurate data on IT assets. But there's no value in data for data's sake. Use this methodology to enable collaboration between ITAM, the business, and IT to develop an approach to ITAM that maximizes the value the ITAM team can deliver as service providers.
IT asset management requires ongoing practice – you can’t just implement it and walk away.
Our methodology will help you build a business-aligned strategy and approach for your ITAM practice with the following outputs:
|
Each step of this blueprint is designed to help you create your IT asset management strategy:
![]() |
1. Establish business-aligned ITAM goals and priorities | 2. Identify your approach to support ITAM priorities and goals | |
Phase Steps |
|
|
Phase Outcomes | Defined, business-aligned goals and priorities for ITAM. | Establish an approach to achieving ITAM goals and priorities including scope, structure, tools, service management integrations, documentation, and more. |
Project Outcomes | Develop an approach and strategy for ITAM that is sustainable and aligned with your business priorities. |
ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an approach to ITAM that maximizes the value they can deliver as service providers.
ITAM is often viewed (when it’s viewed at all) as a low-value administrative task that doesn’t directly drive business value. This can make it challenging to build a case for funding and resources.
Your ITAM strategy is a critical component to help you define how ITAM can best deliver value to your organization, and to stop creating data for the sake of data or just to fight the next fire.
To align ITAM practices to deliver organizational value, you need a very clear understanding of the organization’s goals – both in the moment and as they change over time.
Ensure your ITAM team has clear line of sight to business strategy, objectives, and decision-makers, so you can continue to deliver value as priorities change
ITAM teams rely heavily on staff, systems, and data beyond their direct area of control. Identify how you will influence key stakeholders, including technicians, administrators, and business partners.
Help them understand how ITAM success relies on their support, and highlight how their contributions have created organizational value to encourage ongoing support.
Benefits for IT
|
![]() |
Benefits for the business
|
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks used throughout all four options |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI around 12 calls over the course of 6 months.
What does a typical GI on this topic look like?
Call #1: Scope requirements, objectives, and your specific challenges.
Call #2: Review business priorities. Call #3: Identify ITAM goals & target maturity. |
Call #4: Identify metrics and KPIs. | Call #5: Define ITAM scope.
Call #6: Acquire ITAM services. |
Call #7: ITAM structure and RACI.
Call #8: ITAM and service management. Tools and integrations. |
Call #10: Internal and external audits.
Call #11: Budgets & documentation Call #12: Roadmap, comms plan. Wrap-up. |
Phase 1 | Phase 2 |
Workshop Overview |
Contact your account representative for more information.
|
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
Identify ITAM priorities & goals, maturity, metrics and KPIs |
Identify your approach to support ITAM priorities and goals |
Next Steps and wrap-Up (offsite) |
|||
Activities |
1.1 Define ITAM. 1.2 Brainstorm ITAM opportunities and challenges. Conduct an executive alignment working session: 1.3 Review organizational priorities, strategy, and key initiatives. 1.4 Align executive priorities with ITAM opportunities. 1.5 Set ITAM priorities. |
2.1 Translate opportunities into ITAM goals and tactics. 2.2 Identify target and current state ITAM maturity. 2.3 Create mission and vision statements. 2.4 Identify key ITAM metrics and KPIs. |
3.1 Define ITAM scope. 3.2 Acquire ITAM services (outsourcing and contracting) 3.3 Centralize or decentralize ITAM capabilities. 3.4 Create a RACI for the ITAM practice. 3.5 Align ITAM with other service management practices. 3.6 Evaluate ITAM tools and integrations. |
4.1 Create a plan for internal and external audits. 4.2 Improve your budget processes. 4.3 Establish a documentation framework and identify documentation gaps. 4.4 Create a roadmap and communication plan. |
5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
Deliverables |
|
|
|
|
Phase 1:Establish business-aligned ITAM goals and priorities |
Phase 11.1 Define ITAM and brainstorm opportunities and challenges. Executive Alignment Working Session: 1.2 Review organizational priorities, strategy, and key initiatives. 1.3 Align executive priorities with ITAM opportunities & priorities. 1.4 Identify business-aligned ITAM goals and target maturity. 1.5 Write mission and vision statements. 1.6 Define ITAM metrics and KPIs. |
Phase 22.1 Define ITAM scope. 2.2 Acquire ITAM services (outsourcing and contracting). 2.3 Centralize or decentralize ITAM capabilities. 2.4 Create a RACI for the ITAM practice. 2.5 Align ITAM with other service management practices. 2.6 Evaluate ITAM tools and integrations. 2.7 Create a plan for internal and external audits. 2.8 Improve your budget processes. 2.9 Establish a documentation framework. 2.10 Create a roadmap and communication plan. |
Defined, business-aligned goals, priorities, and KPIs for ITAM. A concise vision and mission statement. The direction you need to establish a practical, right-sized, effective approach to ITAM for your organization.
Set yourself up for success with these three steps:
|
1. Identify participantsReview recommended roles and identify who should participate in the development of your ITAM strategy. |
2. Estimate assets managed todayWork through an initial assessment to establish ease of access to ITAM data and your level of trust in the data available to you. |
3. Create a working folderCreate a repository to house your notes and any work in progress, including your copy of the ITAM Strategy Template. |
Output: List of key roles for the strategy exercises outlined in this methodology
Participants: Project sponsor, Lead facilitator, ITAM manager and SMEs
This methodology relies on having the right stakeholders in the room to identify ITAM goals, challenges, roles, structure, and more. On each activity slide in this deck, you’ll see an outline of the recommended participants. Use the table below to translate the recommended roles into specific people in your organization. Note that some people may fill multiple roles.
Role | Expectations | People |
Project Sponsor | Accountable for the overall success of the methodology. Ideally, participates in all exercises in this methodology. May be the asset manager or whoever they report to. | Jake Long |
Lead Facilitator | Leads, schedules, and manages all working sessions. Guides discussions and ensures activity outputs are completed. Owns and understands the methodology. Has a working knowledge of ITAM. | Robert Loblaw |
Asset Manager(s) | SME for the ITAM practice. Provides strategic direction to mature ITAM practices in line with organizational goals. Supports the facilitator. | Eve Maldonado |
ITAM Team | Hands-on ITAM professionals and SMEs. Includes the asset manager. Provide input on tactical ITAM opportunities and challenges. | Bruce Wayne, Clark Kent |
IT Leaders & Managers | Leaders of key stakeholder groups from across the IT department – the CIO and direct reports. Provide input on what IT needs from ITAM, and the role their teams should play in ITAM activities. May include delegates, particularly those familiar with day-to-day processes relevant to a particular discussion or exercise. | Marcelina Hardy, Edmund Broughton |
ITAM Business Partners | Non-IT business stakeholders for ITAM. This could include procurement, vendor management, accounting, and others. | Zhang Jin, Effie Lamont |
Business Executives | Organizational leaders and executives (CFO, COO, CEO, and others) or their delegates. Will participate in a mini-workshop to identify organizational goals and initiatives that can present opportunities for the ITAM practice. | Jermaine Mandar, Miranda Kosuth |
Output: Estimates of quantity and spend related to IT assets, Confidence/margin of error on estimates
Participants: IT asset manager, ITAM team
This exercise will help you evaluate the size of the challenge ahead in terms of the raw number of assets in your environment, the spend on those assets, and the level of trust your organization has in the ITAM data.
It is also a baseline snapshot your ability to relay key ITAM metrics quickly and confidently, so you can measure progress (in terms of greater confidence) over time.
Download the IT Asset Estimation Tracker |
“Any time there is doubt about the data and it doesn’t get explained or fixed, then a new spreadsheet is born. Data validation and maintenance is critical to avoid the hidden costs of having bad data” Allison Kinnaird,
|
Output: A repository for templates and work in progress
Participants: Lead facilitator
Create a central repository for collaboration – it seems like an obvious step, but it’s one that gets forgotten about
|
![]() |
Don’t wait until the end to write down your good ideas.
|
![]() |
“ITAM is a cultural shift more than a technology shift.” (Rory Canavan, SAM Charter)
Any piece of technology can be considered an asset, but it doesn’t mean you need to track everything. | ![]() |
|
![]() |
According to the ISO 19770 standard on ITAM, an IT Asset is “[an] item, thing, or entity that can be used to acquire, process, store and distribute digital information and has potential or actual value to an organization.”
|
|
![]() |
IT assets are distinct from capital assets. Some IT assets will also be capital assets, but not all will be. And not all capital assets are IT assets, either. |
|
![]() |
IT assets are typically tracked by IT, not by finance or accounting.
|
|
![]() |
It’s important to track IT assets in a way that enables IT to deliver value to the business – and an important part of this is understanding what not to track. This list should be aligned to the needs of your organization. |
What is IT asset management?
What IT Asset Management is NOT:Configuration Management: Configuration management databases (CMDBs) often draw from the same data pool as ITAM (many configuration items are assets, and vice versa), but they focus on the interaction, interconnection, and interoperation of configuration items within the IT estate. In practice, many configuration items will be IT assets (or parts of assets) and vice versa. Configuration and asset teams should work closely together as they develop different but complementary views of the IT environment. Use Info-Tech’s methodology to harness configuration management superpowers. Organizational Data Management: Leverage a different Info-Tech methodology to develop a digital and data asset management program within Info-Tech’s DAM framework. |
“Asset management’s job is not to save the organization money, it’s not to push back on software audits. It’s to keep the asset database as up-to-date and as trustworthy as possible. That’s it.” (Jeremy Boerger, Consultant & Author) “You can’t make any real decisions on CMDB data that’s only 60% accurate. You start extrapolating that out, you’re going to get into big problems.” (Mike Austin, Founder & CEO, MetrixData 360) |
What is an ITAM strategy?Our strategy document will outline a coherent, sustainable, business-aligned approach to ITAM.No single approach to ITAM fits all organizations. Nor will the same approach fit the same organization at different times. A world-leading research university, a state government, and a global manufacturer all have very different goals and priorities that will be best supported by different approaches to ITAM. This methodology will walk you through these critical decisions that will define your approach to ITAM:
|
“A good strategy has coherence, coordinating actions, policies, and resources so as to accomplish an important end. Most organizations, most of the time, don’t have this. Instead, they have multiple goals and initiatives that symbolize progress, but no coherent approach to accomplish that progress other than ‘spend more and try harder.’” (Good Strategy, Bad Strategy, Richard Rumelt) |
If you’ve never experienced a mature ITAM program before, it is almost certainly more rewarding than you’d expect once it’s functioning as intended.
Each of the below activities can benefit from accessible, actionable, and accurate ITAM data.
Manage Risk: Effective ITAM practices provide data and processes that help mitigate the likelihood and impact of potentially damaging IT risks.
ITAM supports the following practices that help manage organizational risk:
|
Optimize Spend: Asset data is essential to maintaining oversight of IT spend, ensuring that scarce resources are allocated where they can have the most impact.
ITAM supports these activities that help optimize spend:
|
Improve IT Services: Asset data can help inform solutions development and can be used by service teams to enhance and improve IT service practices.
Use ITAM to facilitate these IT services and initiatives:
|
Input: Stakeholders with a vision of what ITAM could provide, if resourced and funded adequately
Output: A collection of ideas that, when taken together, create a vision for the future ITAM practice
Materials: ITAM strategy template, Whiteboard or virtual whiteboard
Participants: ITAM team, IT leaders and managers, ITAM business partners
It can be easy to lose sight of long-term goals when you’re stuck in firefighting mode. Let’s get the working group into a forward-looking mindset with this exercise.
Think about what ITAM could deliver with unlimited time, money, and technology.
As you hear your peers describe what they hope and expect to achieve with ITAM, a shared vision of what ITAM could be will start to emerge.
30 minutes
Input: The list of common challenges on the next slide, Your estimated visibility into IT assets from the previous exercise, The experience and knowledge of your participants
Output: Identify current ITAM challenges
Materials: Your working copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, ITAM business partners
What’s standing in the way today of delivering the ITAM practices you want to achieve?
Review the list of common challenges on the next slide as a group.
Add your results to your copy of the ITAM Strategy Template |
“The problem – the reason why asset management initiatives keep falling on their face – is that people attack asset management as a problem to solve, instead of a practice and epistemological construct.” (Jeremy Boerger, Consultant & Author) |
|
|
What Else? |
Copy results to your copy of the ITAM Strategy Template
Enter the executivesDeliver on leadership priorities
|
“What outcomes does the organization want from IT asset management? Often, senior managers have a clear vision for the organization and where IT needs to go, and the struggle is to communicate that down.” (Kylie Fowler, ITAM Intelligence) ![]() |
A note to the lead facilitator and project sponsor:
Consider working through these exercises by yourself ahead of time. As you do so, you’ll develop your own ideas about where these discussions may go, which will help you guide the discussion and provide examples to participants.
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template
Participants: Asset manager, IT leadership, Business executives or delegates
Welcome your group to the working session and outline the next few exercises using the previous slide.
Ask the most senior leader present to provide a summary of the following:
The facilitator or a dedicated note-taker should record key points on a whiteboard or flipchart paper.
30 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template
Participants: Asset manager, IT leadership, Business executives or delegates
Ask the most senior leader present to provide a summary of the following: What transformative business and IT initiatives are planned? When will they begin and end?
Using one box per initiative, draw the initiatives in a timeline like the one below.
Add your results to your copy of the ITAM Strategy Template
45 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template
Participants: Asset manager, IT leaders and managers, Business executives or delegates
In this exercise, we’ll use the table on the next slide to identify the top priorities of key business and IT stakeholders and connect them to opportunities for the ITAM practice.
Add your results to your copy of the ITAM Strategy Template
ITAM is for the… | Who wants to… | Which presents these ITAM opportunities |
CEO | Deliver transformative business initiatives | Acquire the right tech at the right time to support transformational initiatives. |
Establish a data-driven culture of stewardship | Improve data to increase IT spend transparency. | |
COO | Improve organizational efficiency | Increase asset use.
Consolidate major software contracts to drive discounts. |
CFO | Accurately forecast spending | Track and anticipate IT asset spending. |
Control spending | Improve data to increase IT spend transparency.
Consolidate major software contracts to drive discounts. |
|
CIO | Demonstrate IT value | Use data to tell a story about value delivered by IT assets. |
Govern IT use | Improve data to increase IT spend transparency. | |
CISO | Manage IT security and compliance risks | Identify abandoned or out-of-spec IT assets.
Provide IT asset data to support controls development. |
Respond to security incidents | Support security incident teams with IT asset data. | |
Apps Leader | Build, integrate, and support applications | Identify opportunities to retire applications with redundant functionality.
Connect applications to relevant licensing and support agreements. |
IT Infra Leader | Build and support IT infrastructure. | Provide input on opportunities to standardize hardware and software.
Provide IT asset data to technicians supporting end users. |
10-15 minutes
Input: The outputs from the previous exercise
Output: Executive priorities, sorted into the three categories at the right
Materials: The table in this slide, The outputs from the previous exercise
Participants: Lead facilitator
Give your participants a quick break. Quickly sort the identified ITAM opportunities into the three main categories below as best you can.
We’ll use this table as context for the next exercise.
Example: | Optimize Spend | Enhance IT Services | Manage Risk |
ITAM Opportunities |
|
|
|
Add your results to your copy of the ITAM Strategy Template
30 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: Whiteboard, The template on the next slide, Your copy of the ITAM Strategy Template
Participants: Asset manager, IT leaders and managers, Business executives or delegates
The objective of this exercise is to prioritize the outcomes your organization wants to achieve from its ITAM practice, given the context from the previous exercises.
Review the image below. The three points of the triangle are the three core goals of ITAM: Enhance IT Service, Manage Risk, and Optimize Spend. This exercise was first developed by Kylie Fowler of ITAM Intelligence. It is an essential exercise to understand ITAM priorities and the tradeoffs associated with those priorities. These priorities aren’t set in stone and should be revisited periodically as technology and business priorities change.
Draw the diagram on the next slide on a whiteboard. Have the most senior leader in the room place the dot on the triangle – the closer it is to any one of the goals, the more important that goal is to the organization. Note: The center of the triangle is off limits! It’s very rarely possible to deliver on all three at once.
Track notes on what’s being prioritized – and why – in the template on the next slide. |
![]() |
Add your results to your copy of the ITAM Strategy Template
The priorities of the ITAM practice are to:
|
![]() |
“ITAM is really no different from the other ITIL practices: to succeed, you’ll need some ratio of time, treasure, and talent… and you can make up for less of one with more of the other two.” (Jeremy Boerger, Consultant and Author)
15-30 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
Narrow down the list of opportunities to identify specific goals for the ITAM practice.
The highlighted opportunities are your near- and medium-term objectives.
Optimize Spend | Enhance IT Services | Manage Risk | |
Priority | Critical | Normal | High |
ITAM Opportunities |
|
|
|
30 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
Let’s dig down a little deeper. Connect the list of opportunities from earlier to specific ITAM tactics that allow the team to seize those opportunities.
Add another row to the earlier table for ITAM tactics. Brainstorm tactics with your participants (e.g. sticky notes on a whiteboard) and align them with the priorities they’ll support.
Optimize Spend | Enhance IT Services | Manage Risk | |
Priority | Critical | Normal | High |
ITAM Opportunities |
|
|
|
ITAM Tactics to Seize Opportunities |
|
|
|
Add your results to your copy of the ITAM Strategy Template
20 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
We’ll use this exercise to identify the current and one-year target state of ITAM using Info-Tech’s ITAM maturity framework.
Add your results to your copy of the ITAM Strategy Template
![]() |
Innovator – Optimized Asset Management
|
|
![]() |
Innovator – Optimized Asset Management Business & Technology Partner – Proactive Asset Management Trusted Operator – Controls Assets Firefighter – Reactive Asset Tracking Unreliable - Struggles to Support |
Create two short, compelling statements that encapsulate:
Why bother creating mission and vision statements? After all, isn’t it just rehashing or re-writing all the work we’ve just done? Isn’t that (at best) a waste of time? There are a few very important reasons to create mission and vision statements:
|
“Brevity is the soul of wit.” (Hamlet, Act 2, Scene 2) “Writing is easy. All you have to do is cross out the wrong words.” (Mark Twain) |
30 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: A whiteboard, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT Leaders and managers
Your vision statement describes the ITAM practice as it will be in the far future. It is a target to aspire to, beyond your ability to achieve in the near or medium term.
Examples of ITAM vision statements:
Develop the single accurate view of IT assets, available to anyone who needs it.
Indispensable data brokers that support strategic decisions on the IT environment.
Provide sticky notes to participants. Write out the three questions below on a whiteboard side by side. Have participants write their answers to the questions and post them below the appropriate question. Give everyone 10 minutes to write and post their ideas.
Review the answers and combine them into one focused vision statement. Use the 20x20 rule: take no more than 20 minutes and use no more than 20 words. If you’re not finished after 20 minutes, the ITAM manager should make any final edits offline.
Document your vision statement in your ITAM Strategy Template.
Add your results to your copy of the ITAM Strategy Template
30 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
Your ITAM mission statement is an expression of what your IT asset management function brings to your organization today. It should be presented in straightforward language that is compelling, easy to understand, and sharply focused.
Examples of ITAM mission statements:
Maintain accurate, actionable, accessible on data on all IT assets.
Support IT and the business with centralized and integrated asset data.
Provide sticky notes to participants. Write out the questions below on a whiteboard side by side. Have participants write their answers to the questions and post them below the appropriate question. Give everyone 10 minutes to write and post their ideas.
Review the answers and combine them into one focused vision statement. Use the 20x20 rule: take no more than 20 minutes and use no more than 20 words. If you’re not finished after 20 minutes, the ITAM manager should make any final edits offline.
Document your vision statement in your ITAM Strategy Template.
Add your results to your copy of the ITAM Strategy Template
Navigate a universe of ITAM metricsWhen you have the data, how will you use it?
|
ITAM Metrics
|
Drill down by:
|
60 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
Use this exercise to identify as many potentially useful ITAM metrics and reports as possible, and narrow them down to a few high-priority metrics. Leverage the list of example metrics on the next slide for your own exercise. If you have more than six participants, consider splitting into two or more groups, and divide the table between groups to minimize overlap.
Role | Compliance | Quality | Quantity | Cost | Time | Progress |
IT Asset Manager | Owned devices not discovered in last 60 days | Discrepancies between discovery data and ITAM DB records | # of corporate-owned devices | Spend on hardware (recent and future/ planned) | Average time, maximum time to deploy end-user devices | Number of ITAM roadmap items in progress |
Service Desk | … |
Add your results to your copy of the ITAM Strategy Template
Compliance | Quality | Quantity | Cost | Time/Duration/Age | Progress |
Owned devices not discovered in last 60 days | Discrepancies between discovery data and ITAM DB records | # of corporate-owned devices | Spend on hardware (recent and future/planned) | Average time, maximum time to deploy end-user devices | Number of ITAM roadmap items in progress or completed |
Disposed devices without certificate of destruction | Breakage rates (in and out of warranty) by vendor | # of devices running software title X, # of licenses for software title X | Spend on software (recent and future/planned) | Average time, maximum time to deploy end user software | Number of integrations between ITAM DB and other sources |
Discrepancies between licenses and install count, by software title | RMAs by vendor, model, equipment type | Number of requests by equipment model or software title | Spend on cloud (recent and future/planned) | Average & total time spent on software audit responses | Number of records in ITAM database |
Compliance reports (e.g. tied to regulatory compliance or grant funding) | Tickets by equipment type or software title | Licenses issued from license pool in the last 30 days | Value of licenses issued from license pool in the last 30 days (cost avoidance) | Devices by age | Software titles with an up-to-date ELP report |
Reports on lost and stolen devices, including last assigned, date reported stolen, actions taken | User device satisfaction scores, CSAT scores | Number of devices retired or donated in last year | Number of IT-managed capital assets | Number of hardware/software request tickets beyond time-to-fulfil targets | Number of devices audited (by ITAM team via self-audit) |
Number of OS versions, unpatched systems | Number of devices due for refresh in the next year | Spend saved by harvesting unused software | Number of software titles, software vendors managed by ITAM team | ||
Audit accuracy rate | Equipment in stock | Cost savings from negotiations | |||
# of users assigned more than one device | Number of non-standard devices or requests | Dollars charged during audit or true-up |
Key performance indicators (KPIs) are metrics with targets aligned to goals.
Targets could include one or more of:
You may track many metrics, but you should have only a few KPIs (typically 2-3 per objective). A breached KPI should be a trigger to investigate and remediate the root cause of the problem, to ensure progress towards goals and priorities can continue. Which KPIs you track will change over the life of the practice, as ITAM goals and priorities shift. For example, KPIs may initially track progress towards maturing ITAM practices. Once you’ve reached target maturity, KPIs may shift to track whether the key service targets are being met. |
![]() |
20 minutes
Input: Organizational strategy documents
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
Good KPIs are a more objective measure of whether you’re succeeding in meeting the identified priorities for the ITAM practice.
Identify metrics that can measure progress or success against the priorities and goals set earlier. Aim for around three metrics per goal. Identify targets for the metric you think are SMART (specific, measurable, achievable, relevant, and timebound). Track your work using the example table below.
Goal | Metric | Target |
Consolidate major software contracts to drive discounts | Amount spent on top 10 software contracts | Decrease by 10% by next year |
Customer satisfaction scores with enterprise software | Satisfaction is equal to or better than last year | |
Value of licenses issued from license pool | 30% greater than last year | |
Identify abandoned or out-of-spec IT assets | # of security incidents involving undiscovered assets | Zero |
% devices with “Deployed” status in ITAM DB but not discovered for 30+ days | ‹1% of all records in ITAM DB | |
Provide IT asset data to technicians for service calls | Customer satisfaction scores | Satisfaction is equal to or better than last year |
% of end-user devices meeting minimum standards | 97% |
Add your results to your copy of the ITAM Strategy Template
Develop an IT Asset Management Strategy
Phase 2:Identify your approach to support ITAM priorities and goals | Phase 11.1 Define ITAM and brainstorm opportunities and challenges. Executive Alignment Working Session: 1.2 Review organizational priorities, strategy, and key initiatives. 1.3 Align executive priorities with ITAM opportunities & priorities. 1.4 Identify business-aligned ITAM goals and target maturity. 1.5 Write mission and vision statements. 1.6 Define ITAM metrics and KPIs. | Phase 22.1 Define ITAM scope. 2.2 Acquire ITAM services (outsourcing and contracting). 2.3 Centralize or decentralize ITAM capabilities. 2.4 Create a RACI for the ITAM practice. 2.5 Align ITAM with other service management practices. 2.6 Evaluate ITAM tools and integrations. 2.7 Create a plan for internal and external audits. 2.8 Improve your budget processes. 2.9 Establish a documentation framework. 2.10 Create a roadmap and communication plan. |
Establish an approach to achieving ITAM goals and priorities, including scope, structure, tools, service management integrations, documentation, and more.
Create a roadmap that enables you to realize your approach.
Not all categories of assets require the same level of tracking, and some equipment and software should be excluded from the ITAM practice entirely.
In some organizations, portions of the environment won’t be tracked by the asset management team at all. For example, some organizations will choose to delegate tracking multi-function printers (MFPs) or proprietary IoT devices to the department or vendor that manages them. Due to resourcing or technical limitations, you may decide that certain equipment or software is out of scope for the moment. |
What do other organizations typically track in detail?
|
45 minutes
Input: Organizational strategy documents
Output: ITAM scope, in terms of types of assets tracked and not tracked
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, ITAM business partners
Establish the hardware and software that are within the scope of the ITAM program by updating the tables below to reflect your own environment. The “out of scope” category will include asset types that may be of value to track in the future but for which the capability or need don’t exist today.
Hardware | Software | Out of Scope |
|
|
|
The following locations will be included in the ITAM program: All North and South America offices and retail locations.
Add your results to your copy of the ITAM Strategy Template
“We would like our clients to come to us with an idea of where they want to get to. Why are you doing this? Is it for savings? Because you want to manage your security attack surface? Are there digital initiatives you want to move forward? What is the end goal?” (Mike Austin, MetrixData 360)
Allow your team to focus on strategic, value-add activities by acquiring services that free them from commodity tasks.
|
Business Enablement
|
![]() Vendor’s Performance Advantage
|
Ask yourself:
You may ultimately choose to engage a single vendor or a combination of multiple vendors who can best meet your ITAM needs. Establishing effective vendor management processes, where you can maximize the amount of service you receive while relying on the vendor’s expertise and ability to scale, can help you make your asset management practice a net cost-saver. |
ITAM activities and capabilities
|
ITAM-adjacent activities and capabilities
|
1-2 hours
Input: Understanding of current ITAM processes and challenges
Output: Understanding of potential outsourcing opportunities
Materials: The table in this slide, and insight in previous slides, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, ITAM business partners
At a high level, discuss which functions of ITAM are good candidates for outsourcing.
Start with the previous slide for examples of outsourcing activities or capabilities directly related to or adjacent to the ITAM practice. Categorize these activities as follows:
Outsource | Potentially Outsource | Insource |
|
|
|
Go through the list of activities to potentially or definitely outsource and confirm:
Answering “no” to more than one of these questions suggests a need to further review options to ensure the goals are aligned with the potential value of the service offerings available.
Add your results to your copy of the ITAM Strategy Template
ITAM’s structure will typically align with the larger business and IT structure. The wrong structure will undermine your ability to meet ITAM goals and lead to frustration, missed work, inefficiency, and loss of value.
Which of the four archetypes below reflects the structure you need?
|
Example: Centralized
![]()
|
| Example: Decentralized
|
| Example: Federation
|
| Example: Shared Services
|
Why centralize?
|
Why decentralize?
|
Requirements for success:
|
Requirements for success:
|
Why centralize?
|
Why decentralize?
|
Requirements for success:
|
Requirements for success:
|
Why centralize?
|
Why decentralize?
|
Requirements for success:
|
Requirements for success:
|
1-2 hours
Input: Understanding of current organizational structure, Understanding of challenges and opportunities related to the current structure
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, ITAM business partners
Outline the current model for your organization and identify opportunities to centralize or decentralize ITAM-related activities.
Centralize | Decentralize | |
Data collection & analysis |
|
|
Budget and contract management |
|
|
Technology management |
|
|
Add your results to your copy of the ITAM Strategy Template
There’s too much change in the technology and business environment to expect ITAM to be “a problem to solve.” It is a practice that requires care and feeding through regular iteration to achieve success. At the helm of this practice is your asset manager, whose approach and past experience will have a significant impact on how you approach ITAM.
The asset manager role requires a variety of skills, knowledge, and abilities including:
|
“Where your asset manager sits, and what past experience they have, is going to influence how they do asset management.” (Jeremy Boerger, Consultant & Author) “It can be annoying at times, but a good IT asset manager will poke their nose into activities that do not obviously concern them, such as programme and project approval boards and technical design committees. Their aim is to identify and mitigate ITAM risks BEFORE the technology is deployed as well as to ensure that projects and solutions ‘bake in’ the necessary processes and tools that ensure IT assets can be managed effectively throughout their lifecycle.” (Kylie Fowler, ITAM by Design, 2017) |
|
![]() |
|
Align authority and accountability.
|
|
1-2 hours
Input: An understanding of key roles and activities in ITAM practices, An understanding of your organization, High-level structure of your ITAM program
Output: A RACI diagram for IT asset management
Materials: The table in the next slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, ITAM business partners
Let’s face it – RACI exercises can be dry. We’ve found that the approach below is more collaborative, engaging, and effective compared to filling out the table as a large group.
Add your results to your copy of the ITAM Strategy Template
Configuration Management Database (CMDB)A database of uniquely identified configuration items (CIs). Each CI record may include information on:Service AttributesSupported Service(s)
CI RelationshipsPhysical Connections
|
![]() |
Hardware InformationSerial, Model and Specs
Software InstallationsHypervisor & OS
|
![]() |
Asset Management Database (AMDB)A database of uniquely identified IT assets. Each asset record may include information on:Procurement/PurchasingPurchase Request/Purchase Order
Asset AttributesModel, Title, Product Info, License Key
|
||||
![]() |
||||||||
IT Security SystemsVulnerability Management
|
IT Service Management (ITSM) SystemChange Tickets
|
Financial System/ERPGeneral Ledger
|
45 minutes
Input: Knowledge of the organization’s configuration management processes
Output: Define how ITAM and configuration management will support one another
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, Configuration manager
Work through the table below to identify how you will collaborate and synchronize data across ITAM and configuration management practices and tools.
What are the goals (if any currently exist) for the configuration management practice? | Connect configuration items to services to support service management. |
How will configuration and asset management teams collaborate? | Weekly status updates. As-needed working sessions.
Shared visibility on each others’ Kanban tracker. Create tickets to raise and track issues that require collaboration or attention from the other team. |
How can config leverage ITAM? | Connect CIs to financial, contractual, and ownership data. |
How can ITAM leverage config? | Connect assets to services, changes, incidents. |
What key fields will be primarily tracked/managed by ITAM? | Serial number, unique ID, user, location, PO number, … |
What key fields will be primarily tracked/managed by configuration management? | Supported service(s), dependencies, service description, service criticality, network address… |
Add your results to your copy of the ITAM Strategy Template
Decoupling asset management from other service management practices can result in lost value. Establish how asset management can support other service management practices – and how those practices can support ITAM.
Incident Management
What broke?
|
ITAM
|
Request Management
What can this user request or purchase?
|
What IT assets are related to the known issue?
|
What assets are related to the change?
|
45 minutes
Input: Knowledge of existing organizational IT service management processes
Output: Define how ITAM will help other service management processes, and how other service management processes will help ITAM
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, Service leads
Complete the table below to establish what ITAM can provide to other service management practices, and what other practices can provide to ITAM.
Practice | ITAM will help | Will help ITAM |
Incident Management | Provide context on assets involved in an incident (e.g. ownership, service contracts). | Track when assets are involved in incidents (via incident tickets). |
Request Management | Oversee request & procurement processes. Help develop asset standards. | Enter new assets in ITAM database. |
Problem Management | Collect information on assets related to known issues. | Report back on models/titles that are generating known issues. |
Change Enablement | Provide context on assets for change review. | Ensure EOL assets are retired and licenses are returned during changes. |
Capacity Management | Identify ownership, location for assets at capacity. | Identify upcoming refreshes or purchases. |
Availability Management | Connect uptime and reliability to assets. | Identify assets that are causing availability issues. |
Monitoring and Event Management | Provide context to events with asset data. | Notify asset of unrecognized software and hardware. |
Financial Management | Establish current and predict future spending. | Identify upcoming purchases, renewals. |
Add your results to your copy of the ITAM Strategy Template
“Everything is connected. Nothing is also connected.” (Dirk Gently’s Holistic Detective Agency)
ITAM data quality relies on tools and integrations that are managed by individuals or teams who don’t report directly to the ITAM function.
Without direct line of sight into tools management, the ITAM team must influence rather than direct improvement initiatives that are in some cases critical to the performance of the ITAM function. To more effectively influence improvement efforts, you must explicitly identify what you need, why you need it, from which tools, and from which stakeholders.
|
“Active Directory plays a huge role in audit defense and self-assessment, but no-one really goes out there and looks at Active Directory.
I was talking to one organization that has 1,600,000 AD records for 100,000 employees.” (Mike Austin, Founder, MetrixData 360) |
30 minutes
Input: Knowledge of existing ITAM tools
Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
Identify the use, limitations, and next steps for existing ITAM tools, including those not directly managed by the ITAM team.
Existing Tool | Use | Constraints | Owner | Proposed Action? |
ITAM Module |
|
|
ITAM Team/Service Management |
|
Active Directory |
|
Major data quality issues | IT Operations |
|
Add your results to your copy of the ITAM Strategy Template
30 minutes
Input: Knowledge of tooling gaps, An understanding of available tools that could remediate gaps
Output: New tools that can improve ITAM capabilities, including expected value and proposed next steps
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers
Identify tools that are required to support the identified goals of the ITAM practice.
New Tool | Expected Value | Proposed Next Steps |
SAM tool |
|
|
Add your results to your copy of the ITAM Strategy Template
Compare Tool Records
Audit your data by comparing records in the ITAM system to other discovery sources.
|
IT-led Audit
Conduct a hands-on investigation led by ITAM staff and IT technicians.
|
User-led audit
Have users validate the IT assets assigned to them.
|
30 minutes
Input: An understanding of current data audit capabilities and needs
Output: An outline of how you’ll approach data audits, including frequency, scope, required resources
Materials: Your copy of the ITAM Strategy Template
Participants: ITAM team
Review the three internal data audit approaches outlined on the previous slide, and identify which of the three approaches you’ll use. For each approach, complete the fields in the table below.
Audit Approach | How often? | What scope? | Who’s involved? | Comments |
Compare tool records | Monthly | Compare ITAM DB, Intune/ConfigMgr, and Vulnerability Scanner Data; focus on end-user devices to start | Asset manager will lead at first.
Work with tool admins to pull data and generate reports. |
|
IT-led audit | Annual | End-user devices at a subset of locations | Asset manager will work with ITSM admins to generate reports. In-person audit to be conducted by local techs. | |
User-led audit | Annual | Assigned personal devices (start with a pilot group) | Asset coordinator to develop procedure with ITSM admin. Run pilot with power users first. |
Add your results to your copy of the ITAM Strategy Template
Are you ready when software vendors come knocking?
| “If software audits are a big part of your asset operations, you have problems. You can reduce the time spent on audits and eliminate some audits by having a proactive ITAM practice.” (Sandi Conrad, Principal Research Director)Info-Tech InsightAudit defense starts long before you get audited. For an in-depth review of your audit approach, see Info-Tech’s Prepare and Defend Against a Software Audit. |
|
“The reality is, software vendors prey on confusion and complication. Where there’s confusion, there’s opportunity.” (Mike Austin, Founder, MetrixData 360) |
|
|
1 hour
Input: Organizational knowledge on your current audit response procedures
Output: Audit response team membership, High-level audit checklist, A list of things to start, stop, and continue doing as part of the audit response
Materials: Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, ITAM business partners
Example Audit Checklist
Add your results to your copy of the ITAM Strategy Template
Some examples of what ITAM can bring to the budgeting table:
Being part of the budgeting process positions ITAM for success in other ways:
|
“Knowing what you have [IT assets] is foundational to budgeting, managing, and optimizing IT spend.” (Dave Kish, Info-Tech, Practice Lead, IT Financial Management) ![]() |
20 minutes
Input: Context on IT budgeting processes
Output: A list of things to start, stop, and continue doing as part of budgeting exercises
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, ITAM business partners
What should we start, stop, and continue doing to support organizational budgeting exercises?
Start | Stop | Continue |
|
|
|
Add your results to your copy of the ITAM Strategy Template
Long-term planning and governance
Operational documentation
|
|
|
15-30 minutes
Input: An understanding of existing documentation gaps and risks
Output: Documentation gaps, Identified owners, repositories, access rights, and review/update protocols
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, Optional: IT managers, ITAM business partners
Discuss and record the following:
Need to Create | Owner | Stored in | Accessible by | Trigger for review |
Hardware asset management SOP | ITAM manager | ITAM SharePoint site › Operating procedures folder |
|
|
Add your results to your copy of the ITAM Strategy Template
“Understand that this is a journey. This is not a 90-day project. And in some organizations, these journeys could be three or five years long.” (Mike Austin, MetrixData 360)
30-45 minutes
Input: Organizational strategy documents
Output: A roadmap that outlines next steps
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, Project sponsor
Add your results to your copy of the ITAM Strategy Template
45 minutes
Input: Key initiatives, Ideas for ITAM improvement collected over the course of previous exercises
Output: Concrete action items to support each initiative
Materials: The table in the next slide, Your copy of the ITAM Strategy Template
Participants: ITAM team, IT leaders and managers, Project sponsor
As you’ve been working through the previous exercises, you have been tracking ideas for improvement – now we’ll align them to your roadmap.
Add your results to your copy of the ITAM Strategy Template
Initiative 1: Develop hardware/software standards | ||
Task | Target Completion | Owner |
Laptop standards | Q1-2023 | ITAM manager |
Identify/eliminate contracts for unused software using scan tool | Q2-2023 | ITAM manager |
Review O365 license levels and standard service | Q3-2023 | ITAM manager |
Initiative 2: Improve ITAM data quality | ||
Task | Target Completion | Owner |
Implement scan agent on all field laptops | Q3-2023 | Desktop engineer |
Conduct in person audit on identified data discrepancies | Q1-2024 | ITAM team |
Develop and run user-led audit | Q1-2024 | Asset manager |
Initiative 3: Acquire & implement a new ITAM tool | ||
Task | Target Completion | Owner |
Select an ITAM tool | Q3-2023 | ITAM manager |
Implement ITAM tool, incl. existing data migration | Q1-2024 | ITAM manager |
Training on new tool | Q1-2024 | ITAM manager |
Build KPIs, executive dashboards in new tool | Q2-2024 | Data analyst |
Develop user-led audit functionality in new tool | Q3-2024 | ITAM coordinator |
45 minutes
Input: Proposed ITAM initiatives, Stakeholder priorities and goals, and an understanding of how ITAM can help them meet those goals
Output: A high-level communication plan to communicate the benefits and impact of proposed changes to the ITAM program
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: IT asset manager, Project sponsor
Develop clear, consistent, and targeted messages to key ITAM stakeholders.
Group | ITAM Benefits | Impact | Channel(s) | Timing |
CFO |
|
|
Face-to-face – based on their availability | Within the next month |
CIO |
|
|
Standing bi-monthly 1:1 meetings | Review strategy at next meeting |
IT Managers | ||||
Field Techs |
Add your results to your copy of the ITAM Strategy Template
30 minutes
Input: Proposed ITAM initiatives, Stakeholder priorities and goals, and an understanding of how ITAM can help them meet those goals
Output: A high-level communication plan to communicate the benefits and impact of proposed changes to the ITAM program
Materials: The table in this slide, Your copy of the ITAM Strategy Template
Participants: IT asset manager, Project sponsor
You’re almost done! Do a final check of your work before you send a copy to your participants.
Add your results to your copy of the ITAM Strategy Template
Kylie Fowler
Principal Consultant ITAM Intelligence Kylie is an experienced ITAM/FinOps consultant with a track record of creating superior IT asset management frameworks that enable large companies to optimize IT costs while maintaining governance and control. She has operated as an independent consultant since 2009, enabling organizations including Sainsbury's and DirectLine Insurance to leverage the benefits of IT asset management and FinOps to achieve critical business objectives. Recent key projects include defining an end-to-end SAM strategy, target operating model, policies and processes which when implemented provided a 300% ROI. She is passionate about supporting businesses of all sizes to drive continuous improvement, reduce risk, and achieve return on investment through the development of creative asset management and FinOps solutions. |
Rory Canavan
Owner and Principal Consultant SAM Charter Rory is the founder, owner, and principal consultant of SAM Charter, an internationally recognized consultancy in enterprise-wide Software & IT Asset Management. As an industry leader, SAM Charter is uniquely poised to ensure your IT & SAM systems are aligned to your business requirements. With a technical background in business and systems analysis, Rory has a wide range of first-hand experience advising numerous companies and organizations on the best practices and principles pertaining to software asset management. This experience has been gained in both military and civil organizations, including the Royal Navy, Compaq, HP, the Federation Against Software Theft (FAST), and several software vendors. |
Jeremy Boerger
Founder, Boerger Consulting Author of Rethinking IT Asset Management Jeremy started his career in ITAM fighting the Y2K bug at the turn of the 21st century. Since then, he has helped companies in manufacturing, healthcare, banking, and service industries build and rehabilitate hardware and software asset management practices. These experiences prompted him to create the Pragmatic ITAM method, which directly addresses and permanently resolves the fundamental flaws in current ITAM and SAM implementations. In 2016, he founded Boerger Consulting, LLC to help business leaders and decision makers fully realize the promises a properly functioning ITAM can deliver. In his off time, you will find him in Cincinnati, Ohio, with his wife and family. |
Mike Austin
Founder and CEO MetrixData 360 Mike Austin leads the delivery team at MetrixData 360. Mike brings more than 15 years of Microsoft licensing experience to his clients’ projects. He assists companies, from Fortune 500 to organizations with as few as 500 employees, with negotiations of Microsoft Enterprise Agreements (EA), Premier Support Contracts, and Select Agreements. In addition to helping negotiate contracts, he helps clients build and implement software asset management processes. Previously, Mike was employed by Microsoft for more than 8 years as a member of the global sales team. With Microsoft, Mike successfully negotiated more than a billion dollars in new and renewal EAs. Mike has also negotiated legal terms and conditions for all software agreements, developed Microsoft’s best practices for global account management, and was awarded Microsoft’s Gold Star Award in 2003 and Circle of Excellence in 2008 for his contributions. |
“Asset Management.” SFIA v8. Accessed 17 March 2022.
Boerger, Jeremy. Rethinking IT Asset Management. Business Expert Press, 2021.
Canavan, Rory. “C-Suite Cheat Sheet.” SAM Charter, 2021. Accessed 17 March 2022.
Fisher, Matt. “Metrics to Measure SAM Success.” Snow Software, 26 May 2015. Accessed 17 March 2022.
Flexera (2021). “State of ITAM Report.” Flexera, 2021. Accessed 17 March 2022.
Fowler, Kylie. “ITAM by design.” BCS, The Chartered Institute for IT, 2017. Accessed 17 March 2022.
Fowler, Kylie. “Ch-ch-ch-changes… Is It Time for an ITAM Transformation?” ITAM Intelligence, 2021. Web. Accessed 17 March 2022.
Fowler, Kylie. “Do you really need an ITAM policy?” ITAM Accelerate, 15 Oct. 2021. Accessed 17 March 2022.
Hayes, Chris. “How to establish a successful, long-term ITAM program.” Anglepoint, Sept. 2021. Accessed 17 March 2022.
ISO/IEC 19770-1-2017. IT Asset Management Systems – Requirements. Third edition. ISO, Dec 2017.
Joret, Stephane. “IT Asset Management: ITIL® 4 Practice Guide”. Axelos, 2020.
Jouravlev, Roman. “IT Service Financial Management: ITIL® 4 Practice Guide”. Axelos, 2020.
Pagnozzi, Maurice, Edwin Davis, Sam Raco. “ITAM Vs. ITSM: Why They Should Be Separate.” KPMG, 2020. Accessed 17 March 2022.
Rumelt, Richard. Good Strategy, Bad Strategy. Profile Books, 2013.
Stone, Michael et al. “NIST SP 1800-5 IT Asset Management.” Sept, 2018. Accessed 17 March 2022.
There are three critical components to the grant application process:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify grant funding opportunities that align with your organization's priorities. Ensure the programs, services, projects, and initiatives that align with these priorities can be financially supported by grant funding.
Prioritize applying for the grant opportunities that your organization identified. Be sure to consider the feasibility of implementing the project or initiative if your organization is awarded the grant.
Write a competitive grant application that has been strategically developed and actively critiqued by various internal and external reviewers.
Submit an exemplary grant application that meets the guidelines and expectations of the granting agency prior to the due date.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the key priorities of your organization and identify grant funding opportunities that align with those priorities.
Prevents duplicate grant applications from being submitted
Ensures the grant and the organization's priorities are aligned
Increases the success rate of grant applications
1.1 Discuss grant funding opportunities and their importance to the organization.
1.2 Identify organizational priorities.
An understanding of why grants are important to your organization
A list of priorities being pursued by your organization
Identify potential grant funding opportunities that align with the projects/initiatives the organization would like to pursue. Prioritize these funding opportunities and identify which should take precedent based on resourcing, importance, likelihood of success, and feasibility.
Generate a list of potential funding opportunities that can be revisited when resources allow
Obtain consensus from your working group on which grants should be pursued based on how they have been prioritized
2.1 Develop a list of potential grant funding opportunities.
2.2 Define the resource capacity your organization has to support the granting writing process.
2.3 Discuss and prioritize grant opportunities
A list of potential grant funding opportunities
Realistic expectations of your organization's capacity to undertake the grant writing lifecycle
Notes and priorities from your discussion on grant opportunities
Take the grant that was given top priority in the last section and sketch out a draft of what that application will look like. Think critically about the sketch and determine if there are opportunities to further clarify and demonstrate the goals of the grant application.
A sketch ready to be developed into a grant application
A critique of the sketch to ensure that the application will be well understood by the reviewers of your submission
3.1 Sketch the grant application.
3.2 Perform a SWOT analysis of the grant sketch.
A sketched version of the grant application ready to be drafted
A SWOT analysis that critically examines the sketch and offers opportunities to enhance the application
Have the grant application actively critiqued by various internal and external individuals. This will increase the grant application's quality and generate understanding of the application submission and post-submission process.
A list of individuals (internal and external) that can potentially review the application prior to submission
Preparation for the submission process
An understanding of why the opportunity to learn how to improve future grant applications is so important
4.1 Identify potential individuals who will review the draft of your grant application.
4.2 Discuss next steps around the grant submission.
4.3 Review grant writing best practices.
A list of potential individuals who can be asked to review and critique the grant application
An understanding of what the next steps in the process will be
Knowledge of grant writing best practices
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the business drivers that necessitate data architecture improvements, then create a tactical plan for optimization.
Analyze how you stack up to Info-Tech’s data architecture capability model to uncover your tactical plan, and discover groundbreaking data architecture trends and how you can fit them into your action plan.
Optimize your data architecture by following tactical initiatives and managing the resulting change brought on by those optimization activities.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Explain approach and value proposition.
Review the common business drivers and how the organization is driving a need to optimize data architecture.
Understand Info-Tech’s five-tier data architecture model.
Determine the pattern of tactics that apply to the organization for optimization.
Understanding of the current data architecture landscape.
Priorities for tactical initiatives in the data architecture practice are identified.
Target state for the data quality practice is defined.
1.1 Explain approach and value proposition.
1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.
1.3 Understand Info-Tech’s five-tier data architecture model.
1.4 Determine the pattern of tactics that apply to the organization for optimization.
Five-tier logical data architecture model
Data architecture tactic plan
Define improvement initiatives.
Define a data architecture improvement strategy and roadmap.
Gaps, inefficiencies, and opportunities in the data architecture practice are identified.
2.1 Create business unit prioritization roadmap.
2.2 Develop subject area project scope.
2.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis
Business unit prioritization roadmap
Subject area scope
Data lineage diagram
Define improvement initiatives.
Define a data quality improvement strategy and roadmap.
Improvement initiatives are defined.
Improvement initiatives are evaluated and prioritized to develop an improvement strategy.
A roadmap is defined to depict when and how to tackle the improvement initiatives.
3.1 Create business unit prioritization roadmap.
3.2 Develop subject area project scope.
3.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis.
Business unit prioritization roadmap
Subject area scope
Data lineage diagram
“As business and data landscapes change, an organization’s data architecture needs to be able to keep pace with these changes. It needs to be responsive so as to not only ensure the organization continues to operate efficiently but that it supports the overall strategic direction of the organization.
In the dynamic marketplace of today, organizations are constantly juggling disruptive forces and are finding the need to be more proactive rather than reactive. As such, organizations are finding their data to be a source of competitive advantage where the data architecture has to be able to not only support the increasing amount, sources, and rate at which organizations are capturing and collecting data but also be able to meet and deliver on changing business needs.
Data architecture optimization should, therefore, aid in breaking down data silos and creating a more shared and all-encompassing data environment for better empowering the business.” (Crystal Singh, Director, Research, Data and Information Practice, Info-Tech Research Group)
This Research Is Designed For:
|
This Research Will Help You:
|
This Research Will Also Assist:
|
This Research Will Help Them:
|
The transformational insights that executives are constantly seeking to leverage can be uncovered with a data practice that makes high quality, trustworthy information readily available to the business users who need it.
50% Organizations that embrace data are 50% more likely to launch products and services ahead of their competitors. (Nesta, 2016)
Whether hoping to gain a better understanding of your business or trying to become an innovator in your industry, any organization can get value from its data regardless of where you are in your journey to becoming a data-driven enterprise:
Business Monitoring
|
Business Insights
|
Business Optimization
|
Business Transformation
|
A zettabyte is a billion terabytes. Organizations today need to measure their data size in zettabytes, a challenge that is only compounded by the speed at which the data is expected to move.
Arriving at the understanding that data can be the driving force of your organization is just the first step. The reality is that the true hurdles to overcome are in facing the challenges of today’s data landscape.
Challenges of The Modern Data Landscape | ||||
Data at rest | Data movement | |||
Greater amounts | Different types | Uncertain quality | Faster rates | Higher complexity |
“The data environment is very chaotic nowadays. Legacy applications, data sprawl – organizations are grappling with what their data landscape looks like. Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)
Well-defined and structured data management practices are the best way to mitigate the limitations that derive from these challenges and leverage the most possible value from your data.
Refer to Info-Tech’s capstone Create a Plan For Establishing a Business-Aligned Data Management Practice blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.
Data ArchitectureThe set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems. In general, the primary objective of data architecture is the standardization of data for the benefit of the organization. 54% of leading “analytics-driven” enterprises site data architecture as a required skill for data analytics initiatives. (Maynard 2015) |
MYTHData architecture is purely a model of the technical requirements of your data systems. REALITYData architecture is largely dependent on a human element. It can be viewed as “the bridge between defining strategy and its implementation”. (Erwin 2016) |
FunctionsA strong data architecture should:
|
Business valueA strong data architecture will help you:
|
The data architect:
|
Data architects bridge the gap between strategic and technical requirements: ![]() “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant) |
Outdated and archaic systems and processes limit the ability to access data in a timely and efficient manner, ultimately diminishing the value your data should bring.
59% |
of firms believe their legacy storage systems require too much processing to meet today’s business needs. (Attivio, Survey Big Data decision Makers, 2016) | 48% |
of companies experience pains from being reliant on “manual methods and trial and error when preparing data.” (Attivio, Survey Big Data decision Makers, 2016) | 44% |
44% of firms said preparing data was their top hurdle for analytics, with 22% citing problems in accessing data. (Data Virtualization blog, Data Movement Killed the BI Star, 2016) |
Intuitive organizations who have recognized these shortcomings have already begun the transition to modernized and optimized systems and processes.
28% |
of survey respondents say they plan to replace “data management and architecture because it cannot handle the requirements of big data.” (Informatica, Digital Transformation: Is Your Data Management Ready, 2016) | 50% |
Of enterprises plan to replace their data warehouse systems and analytical tools in the next few years. (TDWI, End of the Data Warehouse as we know it, 2017) |
Leading organizations are attacking data architecture problems … you will be left behind if you do not start now!
Focusing on only data models without the required data architecture guidance can cause harmful symptoms in your IT department, which will lead to organization-wide problems.
IT Symptoms Due to Ineffective Data Architecture | ||
Poor Data Quality
|
Poor Accessibility
|
Strategic Disconnect
|
Leads to Poor Organizational Conditions | ||
Inaccurate Insights
|
Ineffective Decision Making
|
Inefficient Operations
|
You need a solution that will prevent the pains. |
1 |
|
![]() |
2 |
|
|
3 |
|
![]() |
Info-Tech has identified these four common drivers that lead to the need to optimize your data architecture.
These different core objectives underline the motivation to optimize data architecture, and will determine your overall approach.
Every organization’s data system requires a unique design and an assortment of applications and storage units to fit their business needs. Therefore, it is difficult to paint a picture of an ideal model that has universal applications. However, when data architecture is broken down in terms of layers or tiers, there exists a general structure that is seen in all data systems.
Thinking of your data systems and processes in this framework will allow you to see how different elements of the architecture relate to specific business operations.
|
|
Info-Tech’s Data Architecture Capability Model
![]() |
|
|
Info-Tech Insight
Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers. |
Data Architecture in Alignment
Data architecture can not be designed to simply address the focus of data specialists or even the IT department. It must act as a key component in the all encompassing enterprise architecture and reflect the strategy and design of the entire business. Data architecture collaborates with application architecture in the delivery of effective information systems, and informs technology architecture on data related infrastructure requirements/considerations Please refer to the following blueprints to see the full picture of enterprise architecture: |
![]() Adapted from TOGAF Refer to Phase C of TOGAF and Bizbok for references to the components of business architecture that are used in data architecture. |
CASE STUDY |
Industry: Financial
|
![]() |
Look for this symbol as you walk through the blueprint for details on how Info-Tech Consulting assisted this monetary authority. |
The monetary authority is responsible for oversight of the financial situation of a country that takes in revenue from foreign incorporation. Due to increased pressure from international regulatory bodies, the monetary authority became responsible for generating multiple different types of beneficial ownership reports based on corporation ownership data within 24 hours of a request.
Normally, the process to generate and provide beneficial ownership reports took a week or more. This was due to multiple points of stale data architecture, including a dependence on outdated legacy systems and a broken process for gathering the required data from a mix of paper and electronic sources.
Info-Tech helped the monetary authority identify the business need that resulted from regulatory pressures, the challenges that needed to be overcome, and actionable tactics for addressing the needs.
Info-Tech’s methodology was followed to optimize the areas of data architecture that address the business driver.
As you walk through this blueprint, watch for additional case studies that walk through the details of how Info-Tech helped this monetary authority.
Phase 1
Prioritize Your Data Architecture With Business-Driven Tactics |
Phase 2
Personalize Your Tactics to Optimize Your Data Architecture |
Phase 3
Create Your Tactical Data Architecture Roadmap |
Step 1: Identify Your Business Driver for Optimizing Data Architecture
Data Architecture Driver Pattern Identification Tool
Data Architecture Optimization Template |
Step 1: Measure Your Data Architecture Capabilities
Data Architecture Tactical Roadmap Tool
Data Architecture Tactical Roadmap Tool
Data Architecture Trends Presentation |
Step 1: Personalize Your Data Architecture Roadmap
Data Architecture Tactical Roadmap Tool
Data Architecture Decision Template |
Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
PHASE 1 Prioritize Your Data Architecture With Business-Driven Tactics |
PHASE 2 Personalize Your Tactics to Optimize Your Data Architecture |
PHASE 3 Create Your Tactical Data Architecture Roadmap |
|
![]() Best-Practice Toolkit |
1.1 Identify Your Business Driver for Optimizing Data Architecture 1.2 Determine Actionable Tactics to Optimize Data Architecture |
2.1 Measure Your Data Architecture Capabilities 2.2 Set a Target for Data Architecture Capabilities 2.3 Identify the Tactics that Apply to Your Organization |
3.1 Personalize Your Data Architecture Roadmap 3.2 Manage Your Data Architecture Decisions and the Resulting Changes |
Guided Implementations |
|
|
|
![]() Onsite Workshop |
Module 1:
Identify the Drivers of the Business for Optimizing Data Architecture |
Module 2:
Create a Tactical Plan for Optimizing Data Architecture |
Module 3:
Create a Personalized Roadmap for Data Architecture Activities |
Preparation |
Workshop Day 1 |
Workshop Day 2 |
Workshop Day 3 |
Workshop Day 4 |
Workshop Day 5 |
|
Organize and Plan Workshop | Identify the Drivers of the Business for Optimizing Data Architecture | Determine the Tactics For Optimizing Data Architecture | Create Your Roadmap of Optimization Activities | Create Your Personalized Roadmap | Create a Plan for Change Management | |
Morning Activities |
|
|
|
|
|
|
Afternoon Activities |
|
|
|
|
|
|
Deliverables |
|
|
|
|
|
|
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Step 1.1: Identify Your Business Driver for Optimizing Data Architecture | Step 1.2: Determine Actionable Tactics to Optimize Data Architecture |
Start with an analyst kick-off call:
|
Review findings with analyst:
|
Then complete these activities…
|
Then complete these activities…
|
With these tools & templates:
|
With these tools & templates:
|
Phase 1 Results & Insights
|
In this phase, you will determine your focus for optimizing your data architecture based on the business drivers that are commonly felt by most organizations.
“To stay competitive, we need to become more data-driven. Compliance pressures are becoming more demanding. We need to add a new functionality.”
Info-Tech’s Five-Tier Data Architecture:
Tactical plan for Data Architecture Optimization
PHASE 1 |
|
1.1 | 1.2 |
Identify Your Business Driver for Optimizing Data Architecture | Determine Actionable Tactics to Optimize Data Architecture |
A description of the structure and interaction of the enterprise’s major types and sources of data, logical data assets, physical data assets, and data management resources (TOGAF 9).
The subject area of data management that defines the data needs of the enterprise and designs the master blueprints to meet those needs (DAMA DMBOK, 2009).
IBM (2007) defines data architecture as the design of systems and applications that facilitate data availability and distribution across the enterprise.
Definitions vary slightly across major architecture and management frameworks.
However, there is a general consensus that data architecture provides organizations with:
Data architecture must be based on business goals and objectives; developed within the technical strategies, constraints, and opportunities of the organization in support of providing a foundation for data management.
Current Data Management |
|
Goal for Data Management |
Data Architecture is not just data models. Data architects must understand the needs of the business, as well as the existing people and processes that already exist in the organization to effectively perform their job.
![]() |
Each layer of architecture informs the next. In other words, each layer has components that execute processes and offer services to the next layer. For example, data architecture can be broken down into more granular activities and processes that inform how the organization’s technology architecture should be arranged. |
|
Data does not exist on its own. It is informed by business architecture and used by other architectural domains to deliver systems, IT services, and to support business processes. As you build your practice, you must consider how data fits within the broader architectural framework. |
The Zachman Framework is a widely used EA framework; within it, data is identified as the first domain. The framework aims to standardize artifacts (work-products) within each architectural domain, provides a cohesive view of the scope of EA and clearly delineates data components. Use the framework to ensure that your target DA practice is aligned to other domains within the EA framework. |
![]() (Source: Zachman International) |
Enterprise Architect
The enterprise architect provides thought leadership and direction to domain architects.
They also maintain architectural standards across all the architectural domains and serve as a lead project solution architect on the most critical assignments.
Data architects need to have a deep experience in data management, data warehousing, and analytics technologies. At a high level, the data architect plans and implements an organization’s data, reporting, and analytics roadmap. Some of the role’s primary duties and responsibilities include:
| Data architects bridge the gap between strategic and technical requirements: “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant) |
The data architect role is not always clear cut. Many organizations do not have a dedicated data architect resource, and may not need one. However, the duties and responsibilities of the data architect must be carried out to some degree by a combination of resources as appropriate to the organization’s size and environment.
Data Architect Role Description
Skills Necessary
|
Define Policies, Processes, and Priorities
|
See Info-Tech’s Data Architect job description for a comprehensive description of the data architect role.
The Open Group TOGAF enterprise architecture model is a detailed framework of models, methods, and supporting tools to create an enterprise-level architecture.
The wide adoption of TOGAF has resulted in the mapping of it to several other industry standards including CoBIT and ITIL.
MIKE2.0 (Method for an Integrated Knowledge Environment), is an open source method for enterprise information management providing a framework for information development.
If an enterprise-level IT architecture is your goal, TOGAF is likely a better model. However, if you are an information and knowledge-based business then MIKE2.0 may be more relevant to your business.
As the business landscape evolves, new needs arise. An organization may undergo new compliance requirements, or look to improve their customer intimacy, which could require a new functionality from an application and its associated database.
There are four common scenarios that lead to an organization’s need to optimize its data architecture and these scenarios all present unique challenges for a data architect:
These are not the only reasons why data architects need to optimize the organization’s data architecture. These are only four of the most common scenarios, however, other business needs can be addressed using the same concept as these four common scenarios.
Follow Info-Tech’s process of first analyzing the needs of the business, then determining how best to architect your data based on these drivers. Data architecture needs to be able to rapidly evolve to support the strategic goals of the business, and the Data Architecture Driver Pattern Identification Tool will help you to prioritize your efforts to best do this.
Tab 2. Driver Identification Objective: Objectively assess the most pressing business drivers. |
Tab 3. Tactic Pattern Plan, Section 1 Purpose: Review your business drivers that require architectural changes in your environment. |
Tab 3. Tactic Pattern Plan, Section 2 Purpose: Determine a list of tactics that will help you address the business drivers. |
Step
|
Step
|
Step
|
INPUT: Data Architecture Driver tool assessment prompts.
OUTPUT: Identified business driver that applies to your organization.
Materials: Data Architecture Driver Pattern Identification Tool
Participants: Data architect, Enterprise architect
InstructionsIn Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, assess the degree to which the organization is feeling the pains of the four most common business drivers:
|
Data architecture improvements need to be driven by business need.
“As a data architect, you have to understand the functional requirements, the non-functional requirements, then you need to make a solution for those requirements. There can be multiple solutions and multiple purposes.” (Andrew Johnston, Independent Consultant) |
1.1.2 1 hour per interview
INPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit
OUTPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit
Materials: Data Architecture Driver Pattern Identification Tool
Participants: Data architect, Business representatives, IT representatives
Identify 2-3 business units that demonstrate enthusiasm for or a positive outlook on improving how organizational data can help them in their role and as a unit.
Conducting a deep-dive interview process with these key stakeholders will help further identify high-level goals for the data architecture strategy within each business unit. This process will help to secure their support throughout the implementation process by giving them a sense of ownership.
Request background information and documentation from stakeholders regarding the following:
1.1.3 2 hours
INPUT: Data Architecture Driver tool assessment prompts.
OUTPUT: Identified business driver that applies to your organization.
Materials: Data Architecture Driver Pattern Identification Tool
Participants: Data architect, Enterprise architect
Instructions
As you work through Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, consult with the enterprise architect or equivalent to assist you in rating the importance of each of the symptoms of the business drivers. This will help you provide greater value to the business and more aligned objectives. |
![]() Tab 2. Driver Identification |
PHASE 1 | |
1.1 | 1.2 |
Identify Your Business Driver for Optimizing Data Architecture | Determine Actionable Tactics to Optimize Data Architecture |
Remember… Architecting an organization involves alignment, planning, road mapping, design, and change management functions.
Data architects must be heavily involved with:
To do this, you need a framework. A framework provides you with the holistic view of the organization’s data environment that you can use to design short- and long-term tactics for improving the use of data for the needs of the business.
Use Info-Tech’s five-tier data architecture to model your environment in a logical, consumable fashion.
The more complicated an environment is, the more need there is for a framework. Being able to pick a starting point and prioritize tasks is one of the most difficult, yet most essential, aspects of any architect’s role.
Info-Tech’s five-tier data architecture model summarizes an organization’s data environment at a logical level. Data flows from left to right, but can also flow from the presentation layer back to the warehousing layer for repatriation of data.
Download the Data Architecture Optimization Template.
Use this template to support your team in creating a tactical strategy for optimizing your data architecture across the five tiers of the organization’s architecture. This template can be used to document your organization’s most pressing business driver, the reasons for optimizing data architecture according to that driver, and the tactics that will be employed to address the shortcomings in the architecture.
![]() |
Info-Tech’s Data Architecture Optimization Template | Table of Contents | |
1. Build Your Current Data Architecture Logical Model | Use this section to document the current data architecture situation, which will provide context for your plan to optimize your data architecture. | ||
2. Optimization Plan | Use this section to document the tactics that will be employed to optimize the current data architecture according to the tactic pattern identified by the business driver. |
As you read about the details of the five-tier data architecture model in the following slides, start building your current logical data architecture model by filling out the sections that correspond to the various tiers. For example, if you identified that the most pressing business driver is becoming compliant with regulations, document the sources of data required for compliance, as well as the warehousing strategy currently being employed. This will help you to understand the organization’s data architecture at a logical level.
![]() –› Data to integration layer | Tier 1 is where the data enters the organization.All applications, data documents such as MS Excel spreadsheets, documents with table entries, manual extractions from other document types, user-level databases including MS Access and MySQL, other data sources, data feeds, big datasets, etc. reside here. This tier typically holds the siloed data that is so often not available across the enterprise because the data is held within department-level applications or systems. This is also the layer where transactions and operational activities occur and where data is first created or ingested. There are any number of business activities from transactions through business processes that require data to flow from one system to another, so it is often at this layer we see data created more than once, data corruption occurs, manual re-keying of data from system to system, and spaghetti-like point-to-point connections are built that are often fragile. This is usually the single most problematic area within an enterprise’s data environment. Application- or operational-level (siloed) reporting often occurs at this level. Info-Tech Best PracticeAn optimized Tier 1 has the following attributes:
|
![]() –› Data to Warehouse Environment Find out more For more information on data integration, see Info-Tech’s Optimize the Organization’s Data Integration Practices blueprint. | Tier 2 is where integration, transformation, and aggregation occur.Regardless of how you integrate your systems and data stores, whether via ETL, ESB, SOA, data hub, ODS, point-to-point, etc., the goal of this layer is to move data at differing speeds for one of two main purposes: 1) To move data from originating systems to downstream systems to support integrated business processes. This ensures the data is pristine through the process and improves trustworthiness of outcomes and speed to task and process completion. 2) To move data to Tier 3 - The Data Warehouse Architecture, where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store. Also, this is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data masking, scrambling, aggregation, cleansing and matching, and other data related blending tasks occur at this layer. Info-Tech Best PracticeAn optimized Tier 2 has the following attributes:
|
Tier 3 is where data rests in long-term storage.This is where data rests (long-term storage) and also where an enterprise’s information, documents, digital assets, and any other content types are stored. This is also where derived and contrived data creations are stored for re-use, and where formulas, thought models, heuristics, algorithms, report styles, templates, dashboard styles, and presentations-layer widgets are all stored in the enterprise information management system. At this layer there may be many technologies and many layers of security to reflect data domains, classifications, retention, compliance, and other data needs. This is also the layer where data lakes exist as well as traditional relational databases, enterprise database systems, enterprise content management systems, and simple user-level databases. Info-Tech Best PracticeAn optimized Tier 3 has the following attributes:
| Data from integration layer –›![]() –› Analytics Find out more For more information on Data Warehousing, see Info-Tech’s Build an Extensible Data Warehouse Foundation and Drive Business Innovation With a Modernized Data Warehouse Environment blueprints. |
Tier 4 represents data being used for a purpose.This is where you build fit-for-purpose data sets (marts, cubes, flat files) that may now draw from all enterprise data and information sources as held in Tier 3. This is the first place where enterprise views of all data may be effectively done and with trust that golden records from systems of record are being used properly. This is also the layer where BI tools get their greatest use for performing analysis. Unlike Tier 3 where data is at rest, this tier is where data moves back into action. Data is brought together in unique combinations to support reporting, and analytics. It is here that the following enterprise analytic views are crafted:
Info-Tech Best PracticeAn optimized Tier 4 has the following attributes:
| Warehouse Environment –›![]() –› Presentation Find out more For more information on BI tools and strategy, see Info-Tech’s Select and Implement a Business Intelligence and Analytics Solution and Build a Next Generation BI with a Game-Changing BI Strategy blueprints. |
Tier 5 represents data in knowledge form.This is where the data and information combine in information insight mapping methods (presentations, templates, etc.). We craft and create new ways to slice and dice data in Tier 4 to be shown and shared in Tier 5. Templates for presenting insights are extremely valuable to an enterprise, both for their initial use, and for the ability to build deeper, more insightful analytics. Re-use of these also enables maximum speed for sharing, consuming the outputs, and collective understanding of these deeper meanings that is a critical asset to any enterprise. These derived datasets and the thought models, presentation styles, templates, and other derived and contrived assets should be repatriated into the derived data repositories and the enterprise information management systems respectively as shown in Tier 3. Find out more For more information on enterprise content management and metadata, see Info-Tech’s Develop an ECM Strategy and Break Open Your DAM With Intuitive Metadata blueprints. | ![]() | |
Info-Tech Best PracticeAn optimized Tier 5 has the following attributes:
| Info-Tech InsightRepatriation of data and information is an essential activity for all organizations to manage organizational knowledge. This is the activity where information, knowledge, and insights that are stored in content form are moved back to the warehousing layer for long-term storage. Because of this, it is crucial to have an effective ECM strategy as well as the means to find information quickly and efficiently. This is where metadata and taxonomy come in. |
Now that you have an understanding of the drivers requiring data architecture optimization, as well as the current data architecture situation at your organization, it is time to determine the actions that will be taken to address the driver.
1. Business driver |
![]() Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan |
![]() 3. Documented tactic planData Architecture Optimization Template |
2. Tactics across the five tiers |
![]() |
Whether the business wants to gain better customer intimacy, achieve operational excellence, or needs to change its compliance and reporting strategy, the need for collecting new data through a new application or a new functionality within an existing application can arise. This business driver has the following attributes:
|
![]() |
||
![]() |
When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality. | Tactics for this business driver should address the following pattern:![]() |
An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.
“Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” (Carl Anderson, Creating a Data-Driven Organization)
Tactics for this business driver should address the following pattern:![]() |
![]() |
When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality. | |
![]() |
|
An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.
There are different types of requirements:
|
![]() |
||
![]() |
When this business driver arises, data architects should focus on optimizing architecture where data is stored: at the sources, the warehouse environment, and analytics layer. | Tactics for this business driver should address the following pattern:![]() |
Is the organization looking to acquire or merge with another organization or line of business?There are three scenarios that encompass the mergers and acquisitions business driver for data architecture:
|
Regardless of what scenario your organization falls into, you must go through the same process of identifying the requirements for the new data:
|
|
“As a data architect, you must do due diligence of the acquired firm. What are the workflows, what are the data sources, what data is useful, what is useless, what is the value of the data, and what are the risks of embedding the data?” (Anonymous Mergers and Acquisitions Consultant) | ||
![]() |
When this business driver arises, data architects should focus on optimizing architecture at the source tier, the warehousing layer, and analytics. |
![]() |
1.2.1 30 minutes
INPUT: Business driver assessment
OUTPUT: Tactic pattern and tactic plan
Materials: Data Architecture Driver Pattern Identification Tool, Data Architecture Optimization Template
Participants: Data architect, Enterprise architect
Instructions
|
||
![]() Data Architecture Driver Tool |
![]() |
![]() Data Architecture Optimization Template |
Our approach will help you to get to the solution of the organization’s data architecture problems as quickly as possible. However, keep in mind that you should still address the other tiers of your data architecture even if they are not part of the pattern we identified. For example, if you need to become more data driven, don’t completely ignore the sources and the integration of data. However, to deliver the most and quickest value, focus on tiers 3, 4, and 5.
Data architects and those responsible for updating an organization’s data architecture have a wide-open playing field with which to take their efforts. Being able to narrow down your focus and generate an actionable plan will help you provide more value to the organization quickly and get the most out of your data.
Now that you have your prioritized tactical plan, move to Phase 2. This phase will help you map these priorities to the essential capabilities and measure where you stack up in these capabilities. This is an essential step in creating your data architecture roadmap and plan for coming years to modernize the organization’s data architecture.
CASE STUDY | Industry: Financial
| ![]() | Part 1 |
Prior to receiving new external requirements, the monetary Authority body had been operating with an inefficient system. Outdated legacy systems, reports in paper form, incomplete reports, and stale data from other agencies resulted in slow data access. The new requirements demanded speeding up this process.
Although the organization understood it needed changes, it first needed to establish what were the business objectives, and which areas of their architecture they would need to focus on. The business driver in this case was compliance requirements, which directed attention to the sources, aggregation, and insights tiers. |
![]() Looking at the how the different tiers relate to certain business operations, the organization uncovered the best practise tactics to achieving an optimized data architecture.
Once the business driver had been established, the organization was able to identify the specific areas it would eventually need to evaluate and remedy as needed. |
![]() |
|
1.1.1 |
![]() |
Identify the business driver that will set the direction of your data architecture optimization plan.
In this activity, the facilitator will guide the team in identifying the business driver that is creating the need to improve the organization’s data architecture. Data architecture needs to adapt to the changing needs of the business, so this is the most important step of any data architecture improvements. |
1.2.1 |
![]() |
Determine the tactics that you will use to optimize data architecture.
In this activity, the facilitator will help the team create a tactical plan for optimizing the organization’s data architecture across the five tiers of the logical model. This plan can then be followed when addressing the business needs. |
Business Drivers |
|
|||||||||||||||
Tiers | 1. Data Sources | 2. Integration | 3. Warehousing | 4. Insights | 5. Presentation | |||||||||||
Capabilities | Current Capabilities | |||||||||||||||
Target Capabilities | ||||||||||||||||
Example Tactics | Leverage indexes, partitions, views, and clusters to optimize performance.
Cleanse data source. |
Leverage integration technology.
Identify matching approach priorities. |
Establish governing principles.
Install performance enhancing technologies. |
Establish star schema and snowflake principles.
Share data via data mart. |
Build metadata architecture:
|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Step 2.1: Measure Your Data Architecture Capabilities | Step 2.2: Set a Target for Data Architecture Capabilities | Step 2.3: Identify the Tactics That Apply to Your Organization |
Start with an analyst kick-off call:
|
Review findings with analyst:
|
Finalize phase deliverable:
|
Then complete these activities…
|
Then complete these activities…
|
Then complete these activities…
|
With these tools & templates:
|
With these tools & templates:
|
With these tools & templates:
|
Phase 2 Results & Insights
|
PHASE 2 |
||
2.1 | 2.2 | 2.3 |
Measure Your Data Architecture Capabilities | Set a Target for Data Architecture Capabilities | Identify the Tactics That Apply to Your Organization |
Capabilities represent a mixture of people, technology, and processes. The focus of capability design is on the outcome and the effective use of resources to produce a differentiating capability or an essential supporting capability.
To personalize your tactics, you have to understand what the essential capabilities are across the five tiers of an organization’s data architecture. Then, assess where you currently stand in these capabilities and where you need to go in order to build your optimization plan.
Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.
Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.
2.1.1 Data Architecture Tactical Roadmap Tool
InstructionsUse the Data Architecture Tactical Roadmap Tool as your central tool to develop a tactical plan of action to optimize the organization’s data architecture. This tool contains the following sections:
| INFO-TECH DELIVERABLE |
The organization likely has some of the capabilities that are needed to solve the problem, but also a need to improve other capabilities. To narrow down the capabilities that you should focus on, first select the business driver that was identified in Phase 1 in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. This will customize the roadmap tool to deselect the capabilities that are likely to be less relevant to your organization.
For Example: If you identified your business driver as “becoming more data-driven”, you will want to focus on measuring and building out the capabilities within Tiers 3, 4, and 5 of the capability model.
Data Architecture Capability Model![]() |
NoteIf you want to assess your organization for all of the capabilities across the data architecture capability model, select “Comprehensive Data Architecture Assessment” in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. |
2.1.2 1 hour
INPUT: Current data architecture capabilities.
OUTPUT: An idea of where you currently stand in the capabilities.
Materials: Data Architecture Tactical Roadmap Tool
Participants: Data architect, Enterprise architect, Business representatives
Use the Data Architecture Tactical Roadmap Tool to evaluate the baseline and target capabilities of your practice in terms of how data architecture is approached and executed.
Instructions
These results will set the baseline against which you will monitor performance progress and keep track of improvements over time. |
To assess data architecture maturity, Info-Tech uses the Capability Maturity Model Integration (CMMI) program for rating capabilities on a scale of 1 to 5:
1 = Initial/Ad hoc 2 = Developing 3 = Defined 4 = Managed and Measurable 5 = Optimized |
Focus on Early Alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Objectively facilitate any debate and only finalize capability assessments when there is full alignment. Remind everyone that data architecture should ultimately serve business needs wherever possible.
PHASE 2 | ||
2.1 | 2.2 | 2.3 |
Measure Your Data Architecture Capabilities | Set a Target for Data Architecture Capabilities | Identify the Tactics That Apply to Your Organization |
Keep the goal in mind by documenting target state objectives. This will help to measure the highest priority gaps in the organization’s data architecture capabilities.
Example driver = Becoming more data driven | ![]() |
![]() |
![]() |
Current Capabilities | ![]() |
Target Capabilities |
Gaps and Priorities | ||||||
![]() |
INPUT: Current state of data architecture capabilities.
OUTPUT: Target state of data architecture capabilities.
Materials: Data Architecture Tactical Roadmap Tool
Participants: Data architect
Determine the state of data architecture capabilities that the organization needs to reach to address the drivers of the business.
For example: If you identified your business driver as “becoming more data driven”, you will want to focus on the capabilities within Tiers 3, 4, and 5 of the capability model.
Driver = Becoming more data driven | ![]() |
![]() |
![]() |
Target Capabilities |
2.2.2 1 hour
INPUT: Current and target states of data architecture capabilities.
OUTPUT: Holistic understanding of where you need to improve data architecture capabilities.
Materials: Data Architecture Tactical Roadmap Tool
Participants: Data architect
To enable deeper analysis on the results of your capability assessment, Tab 4. Capability Gap Analysis in the Data Architecture Tactical Roadmap Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.
PHASE 2 | ||
2.1 | 2.2 | 2.3 |
Measure Your Data Architecture Capabilities | Set a Target for Data Architecture Capabilities | Identify the Tactics That Apply to Your Organization |
Stop here. Before you begin to plan for optimization of the organization’s data environment, get a sense of the sustainability and scalability of the direction of the organization’s data architecture evolution.
Practically any trend in data architecture is driven by an attempt to solve one or more the common challenges of today’s tumultuous data landscape, otherwise known as “big data.” Data is being produced in outrageous amounts, at very high speeds, and in a growing number of types and structures.
To meet these demands, which are not slowing down, you must keep ahead of the curve. Consider the internal and external catalysts that might fuel your organization’s need to modernize its data architecture:
Big Data |
Data Storage |
Advanced analytics |
Unstructured data |
Integration |
Hadoop ecosystem
The discussion about big data is no longer about what it is, but how do businesses of all types operationalize it. Is your organization currently capturing and leveraging big data? Are they looking to do so in the near future? |
The cloud
The cloud offers economical solutions to many aspects of data architecture. Have you dealt with issues of lack of storage space or difficulties with scalability? Do you need remote access to data and tools? |
Real-time architecture
Advanced analytics (machine learning, natural language processing) often require data in real-time. Consider Lambda and Kappa architectures. Has your data flow prevented you from automation, advanced analytics, or embracing the world of IoT? |
Graph databases
Self-service data access allows more than just technical users to participate in analytics. NoSQL can uncover buried relationships in your data. Has your organization struggled to make sense of different types of unstructured data? |
Is ETL enough?
What SQL is to NoSQL, ETL is to NoETL. Integration techniques are being created to address the high variety and high velocity of data. Have your data scientists wasted too much time and resources in the ETL stage? |
The Info-Tech Data Architecture Trends Presentation provides a glance at some of the more significant innovations in technology that are driving today’s advanced data architectures. This presentation also explains how these trends relate to either the data challenges you may be facing, or the specific business drivers you are hoping to bring to your organization. |
![]() Data Architecture Trends Presentation |
Now that you know where the organization currently stands, follow these steps to begin prioritizing the initiatives:
Current State | Gap Closure Strategies | Target State | Data Architecture Tactical Roadmap |
|
Initiatives involving:
|
|
(Source: “How to Build a Roadmap”) |
Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.
Before diving headfirst into creating your tactical data architecture plan, documenting the challenges associated with each aspect of the organization’s data architecture can help to identify where you need to focus your energy in optimizing each tier. The following table presents the common challenges across the five tiers:
Source Tier |
Integration Tier |
Warehousing Tier |
Analytics Tier |
Presentation Tier |
Inconsistent data models | Performance issues | Scalability of the data warehouse | Data currency, flexibility | Model interoperability |
Data quality measures: data accuracy, timeliness, accessibility, relevance | Duplicated data | Infrastructure needed to support volume of data | No business context for using the data in the correct manner | No business context for using the data in the correct manner |
Free-form field and data values beyond data domain | Tokenization and other required data transformations | Performance
Volume Greedy consumers can cripple performance Insufficient infrastructure |
Inefficiencies in building the data mart | Report proliferation/chaos (“kitchen sink dashboards”) |
Reporting out of source systems | DB model inefficiencies | |||
Manual errors;
Application usability |
Elasticity |
2.2.3 1 hour
INPUT: Tactics that will be used to optimize data architecture.
OUTPUT: Metrics that can be used to measure optimization success.
Materials: Data Architecture Tactical Roadmap Tool
Participants: Data architect
There are two types of metrics that are useful for data architects to track and measure: program metrics and project metrics. Program metrics represent the activities that the data architecture program, which is the sum of multiple projects, should help to improve. Project metrics are the more granular metrics that track each project.
Program Metrics
|
Project Metrics
|
Use Tab 6. Metrics of the Data Architecture Tactical Roadmap Tool to document and track metrics associated with your optimization tactics.
Data Governance
Data architecture depends on effective data governance. Use our blueprint, Enable Shared Insights With an Effective Data Governance Engine to get more out of your architecture. |
Data Quality
The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach. |
Master Data Management
When you start your data governance program, you will quickly realize that you need an effective MDM strategy for managing your critical data assets. Use our blueprint, Develop a Master Data Management Strategy and Roadmap to Better Monetize Data to get started with MDM. |
Data Warehouse
The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Drive Business Innovation With a Modernized Data Warehouse Environment. |
CASE STUDY | Industry: Financial
| ![]() | Part 2 |
After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.
Best Practice Tactic | Current State | Solution | |
Tier 1 - Data Sources | Identify data sources | Data coming from a number of locations. | Create data model for old and new systems. |
Ensure data quality | Internal data scanned from paper and incomplete. | Data cleansing and update governance and business rules for migration to new system. | |
External sources providing conflicting data. | |||
Tier 3 - Data Warehousing | Data catalogue | Data aggregated incompletely. | Built proper business data glossary for searchability. |
Indexing | Data warehouse performance sub-optimal. | Architected data warehouse for appropriate use (star schema). | |
Tier 4 - Data Analytics | Data accessibility | Relevant data buried in warehouse. | Build data marts for access. |
Data reduction | Accurate report building could not be performed in current storage. | Built interim solution sandbox, spin up SQL database. |
Establishing these solutions provided the organization with necessary information to build their roadmap and move towards implementing an optimized data architecture.
![]() |
|
2.1.1 – 2.2.2 |
![]() |
Evaluate your current capabilities and design your target data quality practice from two angles
In this assessment and planning activity, the team will evaluate the current and target capabilities for your data architecture’s ability to meet business needs based on the essential capabilities across the five tiers of an organization’s architectural environment. |
2.2.3 |
![]() |
Create metrics to track the success of your optimization plan.
The Info-Tech facilitator will guide you through the process of creating program and project metrics to track as you optimize your data architecture. This will help to ensure that the tactics are helping to improve crucial business attributes. |
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Step 3.1: Personalize Your Data Architecture Roadmap | Step 3.2: Manage Your Data Architecture Decisions and the Resulting Changes |
Start with an analyst kick-off call:
| Review findings with analyst:
|
Then complete these activities…
| Then complete these activities…
|
With these tools & templates:
| With these tools & templates:
|
Phase 3 Results & Insights
|
PHASE 3 |
||
3.1 | 3.2 | |
Personalize Your Data Architecture Roadmap | Manage Your Data Architecture Decisions and the Resulting Changes |
Phase 1 and 2 helped you to identify tactics that address some of the most common business drivers. Phase 3 will bring you through the process of practically planning what those tactics look like in your organization’s environment and create a roadmap to plan how you will generate business value through optimization of your data architecture environment.
Generating Your Roadmap
|
![]() Tab 5. Tactic and Initiative Planning
|
3.1.2 1 hour
INPUT: Timing of initiatives for optimizing data architecture.
OUTPUT: Optimization roadmap
Materials: Data Architecture Tactic Roadmap Tool
Participants: Data architect, Enterprise Architect
![]() |
Tab 5. Tactic and Initiative Planning | ![]() |
Tab 7. Initiative Roadmap |
The activities that populate the roadmap can be taken as best practice activities. If you want an actionable, comprehensive, and prescriptive plan for optimizing your data architecture, fill in the timing of the activities and print the roadmap. This can serve as a rapid communication tool for your data architecture plan to the business and other architects.
Remember: Data architects bridge the gap between strategic and technical requirements of data.
|
Also remember: In Phase 1, you built your tactical data architecture optimization plan.
|
INPUT: Data Architecture Tactical Roadmap
OUTPUT: Communication plan
Materials: Data Architecture Optimization Template
Participants: Data Architect, Business representatives, IT representatives
Instructions
Begin by presenting your plan and roadmap to the business units who participated in business interviews in activity 1.1.3 of Phase 1. If you receive feedback that suggests that you should make revisions to the plan, consult Info-Tech Research Group for suggestions on how to improve the plan. If you gain approval for the plan, communicate it to DBAs and other data workers. |
Iterative optimization and communication plan:
![]() |
CASE STUDY | Industry: Financial
| ![]() | Part 3 |
After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.
ChallengeA monetary authority was placed under new requirements where it would need to produce 6 different report types on its clients to a regulatory body within a window potentially as short as 1 hour. With its current capabilities, it could complete such a task in roughly 7 days. The organization’s data architecture was comprised of legacy systems that had poor searchability. Moreover, the data it worked with was scanned from paper, regularly incomplete and often inconsistent. |
SolutionThe solution first required the organization to establish the business driver behind the need to optimize its architecture. In this case, it would be compliance requirements. With Info-Tech’s methodology, the organization focused on three tiers: data sources, warehousing, and analytics. Several solutions were developed to address the appropriate lacking capabilities. Firstly, the creation of a data model for old and new systems. The implementation of governance principles and business rules for migration of any data. Additionally, proper indexing techniques and business data glossary were established. Lastly, data marts and sandboxes were designed for data accessibility and to enable a space for proper report building. |
ResultsWith the solutions established, the monetary authority was given information it needed to build a comprehensive roadmap, and is currently undergoing the implementation of the plan to ensure it will experience its desired outcome – an optimized data architecture built with the capacity to handle external compliance requirements. |
PHASE 3 | ||
3.1 | 3.2 | |
Personalize Your Data Architecture Roadmap | Manage Your Data Architecture Decisions and the Resulting Changes |
Once you have a plan in place, one the most challenging aspects of improving an organization is yet to come…overcoming change!
“When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.
You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)
![]() |
Create roadmap Communicate roadmap Implement roadmap Change management |
Document the architectural decisions made to provide context around changes made to the organization’s data environment.
The goal of this Data Architecture Decision Template is to provide data architects with a template for managing the changes that accompany major architectural decisions. As you work through the Build a Business-Aligned Data Architecture Optimization Strategy blueprint, you will create a plan for tactical initiatives that address the drivers of the business to optimize your data architecture. This plan will bring about changes to the organization’s data architecture that need change management considerations. Document any major changes to the organization’s data architecture that are required to evolve with the organization’s drivers. This will ensure that major architectural changes are documented, tracked, and that the context around the decision is maintained. “Environment is very chaotic nowadays – legacy apps, sprawl, ERPs, a huge mix and orgs are grappling with what our data landscape look like? Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant) |
![]() Use Info-Tech’s Data Architecture Decision Template to document any major changes in the organization’s data architecture. |
As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the change management considerations that come with major architectural decisions.
“When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.
You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)
See Info-Tech’s resources on change management to smooth changes:![]() |
|
![]() |
![]() |
As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the release management considerations around new hardware and software releases or updates.
Release management is a process that encompasses the planning, design, build, configuration, and testing of hardware and software releases to create a defined set of release components (ITIL). Release activities can include the distribution of the release and supporting documentation directly to end users. See Info-Tech’s resources on Release Management to smooth changes:
![]() |
|
![]() |
![]() |
![]() |
|
3.1.1 |
![]() |
Create your personalized roadmap of activities.
In this activity, the facilitator will guide the team in evaluating practice gaps highlighted by the assessment, and compare these gaps at face value so general priorities can be documented. The same categories as in 3.1.1 are considered. |
3.1.3 |
![]() |
Communicate your data architecture optimization plan.
The facilitator will help you to identify the optimal medium and timing for communicating your plan for optimizing your data architecture. |
![]() |
Ron Huizenga, Senior Product Manager
Embarcadero Technologies, Inc. Ron Huizenga has over 30 years of experience as an IT executive and consultant in enterprise data architecture, governance, business process reengineering and improvement, program/project management, software development, and business management. His experience spans multiple industries including manufacturing, supply chain, pipelines, natural resources, retail, healthcare, insurance, and transportation. |
![]() |
Andrew Johnston, Architect
Independent Consultant
An independent consultant with a unique combination of managerial, commercial, and technical skills, Andrew specializes in the development of strategies and technical architectures that allow businesses to get the maximum benefit from their IT resources. He has been described by clients as a "broad spectrum" architect, summarizing his ability to engage in many problems at many levels. |
Internal Contributors | |
![]() |
|
External Contributors | |
![]() ![]() ![]() |
|
Allen, Mark. “Get the ETL Out of Here.” MarkLogic. Sep, 2016. Web. 25 Apr 2017.[http://www.marklogic.com/blog/get-the-etl-out-of-here/]
Anadiotis, George. “Streaming hot: Real-time big data architecture matters.” ZDNet. Jan, 2017. Web. 25 Apr 2017. [http://www.zdnet.com/article/streaming-hot-real-time-big-data-architecture-matters/]
Aston, Dan. “The Economic value of Enterprise Architecture and How to Show It.” Erwin. Aug, 2016. Web. 20 Apr 2017. [http://erwin.com/blog/economic-value-enterprise-architecture-show/]
Baer, Tony. “2017 Trends to Watch: Big Data.” Ovum. Nov, 2016. Web. 25 Apr 2017.
Bmc. “Benefits & Advantages of Hadoop.” Bmc. Web. 25 Apr 2017. [http://www.bmcsoftware.ca/guides/hadoop-benefits-business-case.html]
Boyd, Ryan, et al. “Relational vs. Graph Data Modeling” DZone. Mar 2016. Web. 25 Apr 2017. [https://dzone.com/articles/relational-vs-graph-data-modeling]
Brahmachar, Satya. “Theme To Digital Transformation - Journey to Data Driven Enterprise” Feb, 2015. Web. 20 Apr 2017. [http://satyabrahmachari-thought-leader.blogspot.ca/2015/02/i-smac-theme-to-digital-transformation.html]
Capsenta. “NoETL.” Capsenta. Web. 25 Apr 2017. [https://capsenta.com/wp-content/uploads/2015/03/Capsenta-Booklet.pdf]
Connolly, Shaun. “Implementing the Blueprint for Enterprise Hadoop” Hortonworks. Apr, 2014. Web. 25 Apr 2017. https://hortonworks.com/blog/implementing-the-blue...
Forbes. “Cloud 2.0: Companies Move From Cloud-First To Cloud-Only.” Forbes. Apr, 2017. Web. 25 Apr 2017. [https://www.forbes.com/sites/vmware/2017/04/07/cloud-2-0-companies-move-from-cloud-first-to-cloud-only/#5cd9d94a4d5e]
Forgeat, Julien. “Lambda and Kappa.” Ericsson. Nov 2015. Web 25 Apr 2017. [https://www.ericsson.com/research-blog/data-knowledge/data-processing-architectures-lambda-and-kappa/]
Grimes, Seth. “Is It Time For NoETL?” InformationWeek. Mar, 2010. Web. 25 Apr 2017. [http://www.informationweek.com/software/information-management/is-it-time-for-noetl/d/d-id/1087813]
Gupta, Manav. et al. “How IB‹ leads in building big data analytics solutions in the cloud.” IBM. Feb, 2016. Web. 25 Apr 2017. [https://www.ibm.com/developerworks/cloud/library/cl-ibm-leads-building-big-data-analytics-solutions-cloud-trs/index.html#N102DE]
“How To Build A Roadmap.” Hub Designs Magazine. Web 25 Apr 2017. [https://hubdesignsmagazine.com/2011/03/05/how-to-build-a-roadmap/]
IBM. “Top industry use cases for stream computing.” IBM. Oct, 2015. Web. 25 Apr 2017. [https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=IMW14704USEN]
Mateos-Garcia, Juan, et al. “Skills Of The Datavores.” Nesta. July. 2015. Web. 8 Aug 2016. [https://www.nesta.org.uk/sites/default/files/skills_of_the_datavores.pdf].
Maynard, Steven. “Analytics: Don’t Forget The Human Element” Forbes. 2015. Web. 20 Apr. 2017. [http://www.ey.com/Publication/vwLUAssets/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015/$FILE/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015.pdf]
Neo4j. “From Relational to Neo4j.” Neo4j. Web. 25 Apr 2017. [https://neo4j.com/developer/graph-db-vs-rdbms/#_from_relational_to_graph_databases]
NoETL “NoETL.” NoETL. Web. 25 Apr 2017. [http://noetl.org/]
Nolan, Roger. “Digital Transformation: Is Your Data Management Ready?” Informatica. Jun, 2016. Web. 20 Apr 2017. [https://blogs.informatica.com/2016/06/10/digital-transformation-data-management-ready/#fbid=hmBYQgS6hnm]
OpsClarity. “2016 State of Fast Data & Streaming Applications.” OpsClarity. Web. 25 Apr 2017. [https://www.opsclarity.com/wp-content/uploads/2016/07/2016FastDataSurvey.pdf]
Oracle. “A Relational Database Overview.” Oracle. Web. 25 Apr 2017. [https://docs.oracle.com/javase/tutorial/jdbc/overview/database.html]
Ponemon Institute LLC. “Big Data Cybersecurity Analytics Research Repor.t” Cloudera. Aug, 2016. Web. 25 Apr 2017. [https://www.cloudera.com/content/dam/www/static/documents/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf]
Sanchez, Jose Juan. “Data Movement Killed the BI Star.” DV Blog. May, 2016. Web. 20 Apr. 2017. [http://www.datavirtualizationblog.com/data-movement-killed-the-bi-star/]
SAS. “Hadoop; What it is and why does it matter?” SAS. Web. 25 Apr 2017. [https://www.sas.com/en_ca/insights/big-data/hadoop.html#hadoopusers]
Schumacher, Robin. “A Quick Primer on graph Databases for RDBMS Professionals.” Datastax. Jul, 2016. Web. 25 Apr 2017. [http://www.datastax.com/2016/07/quick-primer-on-graph-databases-for-rdbms-professionals]
Swoyer, Steve. “It’s the End of the Data Warehouse as We Know It.” TDWI. Jan, 2017. Web. 20 Apr. 2017. [https://upside.tdwi.org/articles/2017/01/11/end-of-the-data-warehouse-as-we-know-it.aspx]
Webber, Jim, and Ian Robinson. “The Top 5 Use Cases of Graph Databases.” Neo4j. 2015. Web. 25 Apr 2017. [http://info.neo4j.com/rs/773-GON-065/images/Neo4j_Top5_UseCases_Graph%20Databases.pdf]
Zachman Framework. [https://www.zachman.com/]
Zupan, Jane. “Survey of Big Data Decision Makers.” Attiv/o. May, 2016. Web. 20 Apr 2017. [https://www.attivio.com/blog/post/survey-big-data-decision-makers]
88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of much deeper problems.
Globally, B2B SaaS marketers without a well-running lead gen engine will experience:
If treated without a root cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.
The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.
With a targeted set of diagnostic tools and an optimization strategy, you will:
Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.
The diagnostic tool allows digital marketers to quickly and easily diagnose weakness within your lead gen engine.
Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
Senior digital marketing leaders are accountable for building relationships, creating awareness, and developing trust and loyalty with website visitors, thereby delivering high-quality, high-value leads that Sales can easily convert to wins. Unfortunately, many marketing leaders report that their website visitors are low-quality and either disengage quickly or, when they engage further with lead gen engine components, they just don’t convert. These marketing leaders urgently need to diagnose what’s not working in three key areas in their lead gen engine to quickly remedy the issue and get back on track, building new customer relationships and driving loyalty. This blueprint will provide you with a tool to quickly and easily diagnose weakness within your lead gen engine. You can use the results to create a strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
Terra Higginson
Marketing Research Director
SoftwareReviews
Globally, business-to-business (B2B) software-as-a-service (SaaS) marketers without a well-running lead gen engine will experience:
88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of a much larger problem with the lead gen engine. Without an accurate lead gen engine diagnostic tool and a strategy to fix the leaks, marketers will continue to waste valuable time and resources.
Even though lead generation is a critical element of marketing success, marketers struggle to fix the problems with their lead gen engine due to:
Most marketers spend too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them (Econsultancy, cited in Outgrow). Marketers are increasingly under pressure to deliver high-quality leads to sales but work under tight budgets with inadequate or inexperienced staff who don’t understand the importance of optimizing the lead generation process.
With a targeted set of diagnostic tools and an optimization strategy, you will:
Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.
The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.
Globally, B2B SaaS marketers without a well-running lead gen engine will experience:
If treated without a root-cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.
88% of marketers are unsatisfied with lead conversion (Convince & Convert).
For every 10,000 people that visit your website, 210 will become leads. |
For every 210 leads, 101 will become marketing qualified leads (MQLs). |
For every 101 MQLs, 47 will become sales qualified leads (SQLs). |
For every 47 SQLs, 23 will become opportunities. |
For every 23 opportunities, nine will become customers. |
.9% to 2.1% |
36% to 48% |
28% to 46% |
39% to 48% |
32% to 40% |
Leads Benchmark |
MQL Benchmark |
SQL Benchmark |
Opportunity Benchmark |
Closing Benchmark |
The percentage of website visitors that convert to leads. |
The percentage of leads that convert to marketing qualified leads. |
The percentage of MQLs that convert to sales qualified leads. |
The percentage of SQLs that convert to opportunities. |
The percentage of opportunities that are closed. |
Midmarket B2B SaaS Industry
Lack of Clear Starting Point
The lead gen engine is complex, with many moving parts, and marketers and marketing ops are often overwhelmed about where to begin diagnosis.
Lack of Benchmarks
Marketers often call out metrics such as increasing website visitors, contact-to-lead conversions, numbers of qualified leads delivered to Sales, etc., without a proven benchmark to compare their results against.
Lack of Alignment Between Marketing and Sales
Definitions of a contact, a marketing qualified lead, a sales qualified lead, and a marketing influenced win often vary.
Lack of Measurement Tools
Integration gaps between the website, marketing automation, sales enablement, and analytics exist within some 70% of enterprises. The elements of the marketing (and sales) tech stack change constantly. It’s hard to keep up.
Lack of Understanding of Marketing ROI
This drives many marketers to push the “more” button – more assets, more emails, more ad spend – without first focusing on optimization and effectiveness.
Lack of Resources
Marketers have an endless list of to-dos that drive them to produce daily results. Especially among software startups and mid-sized companies, there are just not enough staff with the right skills to diagnose and fix today’s sophisticated lead gen engines.
Most marketers are spending too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them.
Lead gen engine optimization increases the efficiency of your marketing efforts and has a 223% ROI.
“It’s much easier to double your business by doubling your conversion rate than by doubling your traffic. Correct targeting and testing methods can increase conversion rates up to 300 percent.” – Jeff Eisenberg, IterateStudio
175%
Buyer Personas Increase Revenue
Source: Illumin8
202%
Personalized CTAs Increase Conversions
Source: HubSpot
50%
Lead Magnets Increase Conversions
Source: ClickyDrip
79%
Lead Scoring Increases Conversions
Source: Bloominari
50%
Lead Nurturing Increases Conversions
Source: KevinTPayne.com
80%
Personalized Landing Pages Increase Conversions
Source: HubSpot
Identifying any areas of weakness within your lead gen engine is a fundamental first step in improving conversions, ROI, and lead quality.
Optimize your lead gen strategy with an easily customizable template that will provide your roadmap for future growth.
1. Lead Gen Engine Diagnostic |
2. Lead Gen Engine Optimization Strategy |
|
Phase Steps |
|
|
Phase Outcomes |
|
|
The lead gen engine is the foundation of marketing
The lead gen engine is critical to building relationships. It is the foundation upon which marketers build awareness, trust, and loyalty.
Misalignment between Sales and Marketing is costly
Digital marketing leaders need to ensure agreement with Sales on the definition of a marketing qualified lead (MQL), as it is the most essential element of stakeholder alignment.
Prioritization is necessary for today’s marketer
By prioritizing the fixes within the lead gen engine that have the highest impact, a marketing leader will be able to focus their optimization efforts in the right place.
Stop, your engine is broken
Any advertising or effort expended while running marketing on a broken lead gen engine is time and money wasted. It is only once the lead gen engine is fixed that marketers will see the true results of their efforts.
Tactical insight
Without a well-functioning lead gen engine, marketers risk wasting valuable time and money because they aren’t creating relationships with prospects that will increase the quality of leads, conversion rate, and lifetime value.
Tactical insight
The foundational lead relationship must be built at the marketing level, or else Sales will be entirely responsible for creating these relationships with low-quality leads, risking product failure.
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Lead Gen Engine Diagnostic
An efficient and easy-to-use diagnostic tool that uncovers weakness in your lead gen engine.
Lead Gen Engine Optimization Strategy Template
A comprehensive strategy for optimizing conversions and increasing the quality of leads.
Included within Advisory Membership:
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
Optional add-ons:
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Diagnose Your Lead Gen Engine
Call #1: Scope requirements, objectives, and specific challenges with your lead gen engine.
Call #2: Gather baseline metrics and discuss the steering committee and working team.
Call #3: Review results from baseline metrics and answer questions.
Call #4: Discuss the lead gen engine diagnostic tool and your steering committee.
Call #5: Review results from the diagnostic tool and answer questions.
Develop Your Lead Gen Engine Optimization Strategy
Call #6: Identify components to include in the lead gen engine optimization strategy.
Call #7: Discuss the roadmap for continued optimization.
Call #8: Review final lead gen engine optimization strategy.
Call #9: (optional) Follow-up quarterly to check in on progress and answer questions.
A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.
Day 1 |
Day 2 |
|
---|---|---|
Activities |
Complete Lead Gen Engine Diagnostic 1.1 Identify the previously selected lead gen engine steering committee and working team. 1.2 Share the baseline metrics that were gathered in preparation for the workshop. 1.3 Run the lead gen engine diagnostic. 1.4 Identify low-scoring areas and prioritize lead gen engine fixes. |
Create Lead Gen Engine Optimization Strategy 2.1 Define the roadmap. 2.2 Create a lead gen engine optimization strategy. 2.3 Present the strategy to the steering committee. |
Deliverables |
1. Lead gen engine diagnostic scorecard |
1. Lead gen engine optimization strategy |
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Phase 1 |
Phase 2 |
1.1 Select lead gen engine steering committee & working team 1.2 Gather baseline metrics 1.3 Run the lead gen engine diagnostic 1.4 Identify & prioritize low-scoring areas |
2.1 Define the roadmap 2.2 Create lead gen engine optimization strategy 2.3 Present strategy to steering committee |
The diagnostic tool will allow you to quickly and easily identify the areas of weakness in the lead gen engine by answering some simple questions. The steps include:
Activities
1.1.1 Identify the lead gen engine optimization steering committee and document in the Lead Gen Engine Optimization Strategy Template
1.1.2 Identify the lead gen engine optimization working team document in the Lead Gen Engine Optimization Strategy Template
This step will walk you through the following activities:
Identify the lead gen engine optimization steering committee.
This step involves the following participants:
Outcomes of this step
An understanding of who will be responsible and who will be accountable for accomplishing the lead gen engine diagnostic and optimization strategy.
1-2 hours
Input |
Output |
|
|
Materials |
Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Consider the skills and knowledge required for the diagnostic and the implementation of the strategy. Constructing a cross-functional steering committee will be essential for the optimization of the lead gen engine. At least one stakeholder from each relevant department should be included in the steering committee.
Required Skills/Knowledge |
Suggested Functions |
|
|
For small and mid-sized businesses (SMB), because employees wear many different hats, assign people that have the requisite skills and knowledge, not the role title.
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Consider the working skills required for the diagnostic and implementation of the strategy and assign the working team.
Required Skills/Knowledge |
Suggested Titles |
---|---|
|
|
Activities
1.2.1 Gather baseline metrics and document in the Lead Gen Engine Optimization Strategy Template
Gather baseline metrics.
Understand and document baseline marketing metrics.
Recording the baseline data allows you to measure the impact your lead gen engine optimization strategy has over the baseline.
Input | Output |
|
|
Materials | Participants |
|
|
Unique Monthly Visitors
Industry standard is 5% to 10% growth month over month.
Visitor to Lead Conversion
Industry standard is between 0.9% to 2.1%.
Lead to MQL Conversion
Industry standard is between 36% to 48%.
CAC
Industry standard is a cost of $400 to $850 per customer acquired.
LTV to CAC Ratio
Industry standard is an LTV:CAC ratio between 3 to 6.
Campaign ROI
Email: 201%
Pay-Per-Click (PPC): 36%
LinkedIn Ads: 94%
Update the Lead Gen Optimization Strategy Template with your company’s baseline metrics.
Download the Lead Gen Engine Optimization Strategy Template
Activities
1.3.1 Gather steering committee and working team to complete the Lead Gen Engine Diagnostic Tool
Gather the steering committee and answer the questions within the Lead Gen Engine Diagnostic Tool.
Lead gen engine diagnostic and scorecard
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Diagnostic Tool
Activities
1.4.1 Identify and prioritize low-scoring areas from the diagnostic scorecard
Identify and prioritize the low-scoring areas from the diagnostic scorecard.
A prioritized list of the lead gen engine problems to include in the Lead Gen Engine Optimization Strategy Template
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Diagnostic Tool
Phase 1 | Phase 2 |
1.1 Select lead gen engine steering committee & working team 1.2 Gather baseline metrics 1.3 Run the lead gen engine diagnostic 1.4 Identify & prioritize low-scoring areas | 2.1 Define the roadmap 2.2 Create lead gen engine optimization strategy 2.3 Present strategy to steering committee |
Create a best-in-class lead gen optimization strategy and roadmap based on the weaknesses found in the diagnostic tool. The steps include:
Activities
2.1.1 Create the roadmap for the lead gen optimization strategy
Create the optimization roadmap for your lead gen engine strategy.
Strategy roadmap
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Activities
2.2.1 Customize your lead gen engine optimization strategy using the template
Create a lead gen engine optimization strategy based on the results of your diagnostic scorecard.
Marketing director
A leadership-facing lead gen optimization strategy
Review the strategy template:
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Activities
2.3.1 Present the findings of the diagnostic and the lead gen optimization strategy to the steering committee.
Get executive buy-in on the lead gen engine optimization strategy.
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.
In today’s competitive environment, optimizing Sales’ resources by giving them qualified leads is key to B2B marketing success.
Creating a compelling go-to-market strategy and keeping it current is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.
“11 Lead Magnet Statistics That Might Surprise You.” ClickyDrip, 28 Dec. 2020. Accessed April 2022.
“45 Conversion Rate Optimization Statistics Every Marketer Should Know.” Outgrow, n.d. Accessed April 2022.
Bailyn, Evan. “B2B SaaS Funnel Conversion Benchmarks.” First Page Sage, 24 Feb. 2021. Accessed April 2022.
Bailyn, Evan. “B2B SaaS Marketing KPIs: Behind the Numbers.” First Page Sage, 1 Sept. 2021. Accessed April 2022.
Conversion Optimization.” Lift Division, n.d. Accessed April 2022.
Corson, Sean. “LTV:CAC Ratio [2022 Guide] | Benchmarks, Formula, Tactics.” Daasity, 3 Nov. 2021. Accessed April 2022.
Dudley, Carrie. “What are personas?” Illumin8, 26 Jan. 2018. Accessed April 2022.
Godin, Seth. “Permission Marketing.” Accenture, Oct. 2009. Accessed April 2022.
Lebo, T. “Lead Conversion Statistics All B2B Marketers Need to Know.” Convince & Convert, n.d. Accessed April 2022.
Lister, Mary. “33 CRO & Landing Page Optimization Stats to Fuel Your Strategy.” WordStream, 24 Nov. 2021. [Accessed April 2022].
Nacach, Jamie. “How to Determine How Much Money to Spend on Lead Generation Software Per Month.” Bloominari, 18 Sept. 2018. Accessed April 2022.
Needle, Flori. “11 Stats That Make a Case for Landing Pages.” HubSpot, 10 June 2021. Accessed April 2022.
Payne, Kevin. “10 Effective Lead Nurturing Tactics to Boost Your Sales.” Kevintpayne.com, n.d. Accessed April 2022.
Tam, Edwin. “ROI in Marketing: Lifetime Value (LTV) & Customer Acquisition Cost (CAC).” Construct Digital, 19 Jan. 2016. Accessed April 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine the current security landscape of mobile application development.
Incorporate the various secure development techniques into current development practices.
Create a roadmap for mobile optimization initiatives.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identification of the triggers of your secure mobile development initiatives.
Assessment of the security vulnerabilities in your mobile applications from an end-user perspective.
Identification of the execution of your mobile environment.
Assessment of the mobile threats and vulnerabilities to your systems architecture.
Prioritization of your mobile threats.
Creation of your risk register.
Key opportunity areas where a secure development optimization initiative can provide tangible benefits.
Identification of security requirements.
Prioritized list of security threats.
Initial mobile security risk register created.
1.1 Establish the triggers of your secure mobile development initiatives.
1.2 Assess the security vulnerabilities in your mobile applications from an end-user perspective.
1.3 Understand the execution of your mobile environment with a systems architecture.
1.4 Assess the mobile threats and vulnerabilities to your systems architecture.
1.5 Prioritize your mobile threats.
1.6 Begin building your risk register.
Mobile Application High-Level Design Requirements Document
Systems Architecture Diagram
Discovery of secure development techniques to apply to current development practices.
Discovery of new user stories from applying secure development techniques.
Discovery of new test cases from applying secure development techniques.
Areas within your code that can be optimized for improving mobile application security.
New user stories created in relation to mitigation steps.
New test cases created in relation to mitigation steps.
2.1 Gauge the state of your secure mobile development practices.
2.2 Identify the appropriate techniques to fill gaps.
2.3 Develop user stories from security development gaps identified.
2.4 Develop test cases from user story gaps identified.
Mobile Application High-Level Design Requirements Document
Identification of key metrics used to measure mobile application security issues.
Identification of secure mobile application and development process optimization initiatives.
Identification of enablers and blockers of your mobile security optimization.
Metrics for measuring application security.
Modified triaging process for addressing security issues.
Initiatives for development optimization.
Enablers and blockers identified for mobile security optimization initiatives.
Process for developing your mobile optimization roadmap.
3.1 List the metrics that would be gathered to assess the success of your mobile security optimization.
3.2 Adjust and modify your triaging process to enhance handling of security issues.
3.3 Brainstorm secure mobile application and development process optimization initiatives.
3.4 Identify the enablers and blockers of your mobile security optimization.
3.5 Define your mobile security optimization roadmap.
Mobile Optimization Roadmap
There are many challenges for I&O when it comes to digital transformation, including:
These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.
By using the framework of culture, competencies, collaboration and capabilities, organizations can create dimensions in their I&O structure in order to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence though the effective integration of people, process, and technology.
By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers to success.
Many businesses fail in their endeavors to complete a digital transformation, but the reasons are complex, and there are many ways to fail, whether it is people, process, or technology. In fact, according to many surveys, 70% of digital transformations fail, and it’s mainly down to strategy – or the lack thereof.
A lot of organizations think of digital transformation as just an investment in technology, with no vision of what they are trying to achieve or transform. So, out of the gate, many organizations fail to undergo a meaningful transformation, change their business model, or bring about a culture of digital transformation needed to be seriously competitive in their given market.
When it comes to I&O leaders who have been given a mandate to drive digital transformation projects, they still must align to the vision and mission of the organization; they must still train and hire staff that will be experts in their field; they must still drive process improvements and align the right technology to meet the needs of a digital transformation.
Principal Research Director, I&O
Info-Tech Research Group
Digital transformation requires I&O teams to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence through effective integration of people, process, and technology.
Collaboration is a key component of I&O – Promote strong collaboration between I&O and other business functions. When doing a digital transformation, it is clear that this is a cross-functional effort. Business leaders and IT teams need to align their objectives, prioritize initiatives, and ensure that you are seamlessly integrating technologies with the new business functions.
Embrace agility and adaptability as core principles – As the digital landscape continues to evolve, it is paramount that I&O leaders are agile and adaptable to changing business needs, adopting new technology and implementing new innovative solutions. The culture of continuous improvement and openness to experimentation and learning will assist the I&O leaders in their journey.
Future-proof your infrastructure and operations – By anticipating emerging technologies and trends, you can proactively plan and organize your team for future needs. By investing in scalable, flexible infrastructure such as cloud services, automation, AI technologies, and continuously upskilling the IT staff, you can stay relevant and forward-looking in the digital space.
An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployment of services.
Having a clear strategy, with leadership commitment along with hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.
Your ChallengeThere are a lot of challenges for I&O when it comes to digital transformation, including:
These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation. |
Common ObstaclesMany obstacles to digital transformation begin with non-I&O activities, including:
By addressing these obstacles, I&O will have a better chance of a successful transformation and delivering the full potential of digital technologies. |
Info-Tech's ApproachBuilding a culture of innovation by developing clear goals and creating a vision will be key.
By completing the Info-Tech digital readiness questionnaire, you will see where you are in terms of maturity and areas you need to concentrate on. |
By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.
The challenges that stand in the way of your success, and what is needed to reverse the risk
26% of those CIOs surveyed cite resistance to change, with entrenched viewpoints demonstrating a real need for a cultural shift to enhance the digital transformation journey.
Source: Prophet, 2019.
70% of digital transformation projects fall short of their objectives – even when their leadership is aligned, often with serious consequences.
Source: BCG, 2020.
Having a clear strategy and commitment from leadership, hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.
Info-Tech InsightCultural change, business alignment, skills training, and setting a clear strategy with KPIs to demonstrate success are all key to being successful in your digital journey.
57% of small business owners feel they must improve their IT infrastructure to optimize their operations.
Source: SMB Story, 2023.
64% of CEOs believe driving digital transformation at a rapid pace is critical to attracting and retaining talent and customers.
Source: KPMG, 2022.
An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployments.
Begin by establishing a few foundational practices that will work to drive project throughput.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Estimate project capacity, determine what needs to be tracked on an ongoing basis, and determine what criteria is necessary for prioritizing projects.
Develop a process to inform the portfolio of the project status, create a plan that can be maintained throughout the project lifecycle, and manage the scope through a change request process.
Perform a change impact assessment and identify the obvious and non-obvious stakeholders to develop a message canvas accordingly.
Develop a roadmap for how to move from the current state to the target state.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Establish the current state of the portfolio.
Organize the portfolio requirements.
Determine how projects are prioritized.
Understand project capacity supply-demand.
Build a portfolio book of record.
Create a project value scorecard.
1.1 Conduct capacity supply-demand estimation.
1.2 Determine requirements for portfolio book of record.
1.3 Develop project value criteria.
Clear project capacity
Draft portfolio book of record
Project value scorecard
Feed the portfolio with the project status.
Plan the project work with a sustainable level of granularity.
Manage the project as conditions change.
Develop a process to inform the portfolio of the project status.
Create a plan that can be maintained throughout the project lifecycle and manage the scope through a change request process.
2.1 Determine necessary reporting metrics.
2.2 Create a work structure breakdown.
2.3 Document your project change request process.
Feed the portfolio with the project status
Plan the project work with a sustainable level of granularity
Manage the project as conditions change
Discuss change accountability.
Complete a change impact assessment.
Create a communication plan for stakeholders.
Complete a change impact assessment.
Identify the obvious and non-obvious stakeholders and develop a message canvas accordingly.
3.1 Discuss change accountability.
3.2 Complete a change impact assessment.
3.3 Create a communication plan for stakeholders.
Assign accountability for the change
Assess the change impact
Communicate the change
Summarize current state.
Determine target state.
Create a roadmap.
Develop a roadmap for how to move from the current state to the target state.
4.1 Summarize current state and target state.
4.2 Create a roadmap.
Stakeholder Communication Deck
MS Project Wireframe
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Review and assess your IT contracts for vendor-biased terms and conditions, and gain tips for getting vendors to take on their fair share of risk and become more accountable.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand IT contract clauses, improve risk identification, and be more effective at negotiating contract terms.
Increased awareness of how contract provisions relate to each other.
Demystification of legalese and legal concepts.
Increased ability to seek assistance from internal parties (e.g. Legal, Risk, and Procurement).
1.1 Review the Contract Review Tool.
1.2 Review the Contract Playbook template.
1.3 Review 35 contract provisions and reinforce key learnings with exercises (spread across three days)
Partial completion of the template
Exercise results and debrief
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build a best-fit program that creates a learning culture.
Align mentoring practices with culture to improve the appropriateness and effectiveness of the program.
Track project progress and have all program details defined in a central location.
Evaluate the success of the program.
Improve your mentoring capabilities.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build a strong foundation for the project to increase the chances of success.
Identify which technologies are specific to certain services.
Determine which technologies underpin the existence of user-facing services.
Document the roles and responsibilities required to deliver each user-facing service.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Build a foundation to kick off the project.
A carefully selected team of project participants.
Identified stakeholders and metrics.
1.1 Create a communication plan
1.2 Complete the training deck
Project charter
Understanding of the process used to complete the definitions
Determine the technologies that support the user-facing services.
Understanding of what is required to run a service.
2.1 Determine service-specific technology categories
2.2 Identify service-specific technologies
2.3 Determine underpinning technologies
Logical buckets of service-specific technologies makes it easier to identify them
Identified technologies
Identified underpinning services and technologies
Discover the roles and responsibilities required to deliver each user-facing service.
Understanding of what is required to deliver each user-facing service.
3.1 Determine roles required to deliver services based on organizational structure
3.2 Document the services
Mapped responsibilities to each user-facing service
Completed service definition visuals
Create a central hub (database) of all the technical components required to deliver a service.
Single source of information where IT can see what is required to deliver each service.
Ability to leverage the extended catalog to benefit the organization.
4.1 Document all the previous steps in the service definition chart and visual diagrams
4.2 Review service definition with team and subject matter experts
Completed service definition visual diagrams and completed catalog
TY services, advice, materials, products, websites, and networks (collectively the "Services") are to be used for the User (meaning a named individual user that uses the publicly available Services or is authorized by TY in a service agreement to use the Services that require paid access) use and benefit only pursuant to the terms and limitations of the paid subscription and may not be disclosed, disseminated or distributed to any other party, except as TY otherwise agrees in writing. The User will not circumvent any encryption or otherwise gain access to Services for which the User has not been expressly granted the appropriate rights of access.
The User will not use the Services for or knowingly transmit to TY or upload to any TY site or network any illegal, improper, or unacceptable material or use them for illegal, improper, or unacceptable practices, including without limitation the dissemination of any defamatory, fraudulent, infringing, abusive, lewd, obscene or pornographic material, viruses, trojan horses, time bombs, worms, or other harmful code designed to interrupt, destroy, or limit the functionality of any software, hardware or communications equipment, unsolicited mass email or other internet-based advertising campaigns, privacy breaches, denial of use attacks, spoofing, or impersonation.
The Services are © Tymans Group BV. All rights reserved.
The Services are owned by and copyrighted by TY and other parties and may contain trademarks of TY or others. They are protected by Canadian, US, and international copyright and trademark laws and conventions.
User may use the Services solely for his or their own information purposes pursuant to the terms and limitations of the paid subscription. The User may download any of the Service's tools or templates for his or her individual use but may not distribute any articles, tools, templates, or blueprints internally, subject to the exceptions below. The User may create derivative works from the Service's tools or templates and distribute these for internal use but may not distribute these derivative works externally for any commercial or resale purposes.
Any other reproduction or dissemination of the Services in any form or by any means is forbidden without TY's written permission, and without limiting the generality of the foregoing, the User will not:
Users must be authorized to use the Services by TY. Users must maintain and protect the confidentiality of any password(s) and are responsible for ensuring that the passwords are effective. Users shall advise TY immediately if they discover that their password has been compromised at the following number: 1-888-670-8889. If you are an organization that is party to a service agreement with TY, references in these Terms of Use to "User(s)" include you, and you are responsible for compliance by named individual Users within your organization with these Terms of Use.
For the benefit of all Users, TY's research services include the ability for Users to (i) participate in the creation of research by contributing User perspectives for publication on TY's websites and (ii) participate in industry-specific community groups and other forums by contributing discussion posts. All such contributions are voluntary with the full consent of the User. If your account is used to contribute content to TY's websites (collectively, "User Contributions"), you agree to accept sole responsibility for those User Contributions, including the information, statements, facts, and material contained in any form or medium (e.g., text, audio, video, and photographic) therein. To the extent Users contribute any feedback to TY (as User Contributions or otherwise), TY may use that feedback to assess, improve, and market its products. To the extent Users contribute to research, TY may incorporate those contributions within the research Services without the necessity of attribution. You grant us and our affiliates a worldwide, irrevocable, royalty-free, nonexclusive license to use, reproduce, create derivative works of, distribute publicly display, and publish User Contributions. You agree you will not attempt to enforce any so-called "moral rights" in User Contributions against us or our affiliates.
By using TY's research services, you agree that none of your User Contributions will:
BecauseTY's Web sites are available to the public, User Contributions on TY's Web sites are not Confidential Information.
Although you are solely responsible for the content you provide, and we do not have a policy of reviewing or monitoring all User Contributions, we reserve the right to pre-screen and/or monitor User Contributions. If we become aware of User Contributions that violate these Terms of Service or that we believe to be otherwise objectionable, we may reject or delete them or take other action without notice to you and at our sole discretion.
If you believe that any User Contributions appear to violate these Terms of Service, or if you believe any other user is engaged in illegal, harassing, or objectionable behavior, please contact us.
In these Terms of Use, "Confidential Information" means information of a commercially sensitive or proprietary character that is marked as confidential or that a reasonable person would understand to be confidential. The "Disclosing Party" is the party disclosing Confidential Information, and the "Receiving Party" is the party receiving Confidential Information. However, Confidential Information does not include information that:
The Receiving Party shall not disclose, publish or communicate the Confidential Information to any third party without the prior written consent of the Disclosing Party. However, the Receiving Party may disclose the Confidential Information to a third party who has a need to know the Confidential Information and (i) is an accountant, attorney, underwriter, or advisor under a duty of confidentiality; or (ii) is under a written obligation of confidentiality at least as restrictive as this Agreement and to the extent required by law.
TY may create or use anonymized data for purposes such as benchmarking, analytics, and other good-faith business purposes. Anonymized data is not the Confidential Information of Users.
Many of the Services are "subscription" services that have a fixed Term and must be renewed in writing at the end of the term for services to continue. The contractual term of membership is generally one (1) to three (3) years in length and is agreed to by the parties in writing. Workshops purchased as part of membership expire without refund or credit at the end of the membership period covered by the purchase. Workshops purchased outside membership expire without refund or credit one (1) year after purchase. TY may terminate a User's access at any time if the User or the entity paying for the User's access violates the terms of use or subscription or any other agreement with TY.
As the Services are paid in advance for a committed membership term, a service agreement or membership cannot be terminated by a User for convenience during a contractual term.
TY strives to innovate. TY may update, upgrade or otherwise change or discontinue content, features, or other aspects of its Services. TY will not make changes that cumulatively degrade the quality of a paid subscription to the Services. TY also reserves the right to change the terms and conditions applicable to your use of the Services unless TY has otherwise agreed in a service agreement. Use of the Services after such changes shall be deemed to be acceptance by the User of such changes. These terms were last revised on June 8, 2022.
The information contained in the Services has been obtained from sources believed to be reliable, but TY does not warrant the completeness, timeliness, or accuracy of any information contained in the Services. The Services are intended to: help identify business risks; provide insights based on industry research; and help you focus on certain matters which may be affecting your business. TY does not provide legal, accounting, or other professional advice, nor should any advice from TY be construed as such. We encourage you to seek professional advice whenever necessary.
TY expressly excludes and disclaims all express or implied conditions, representations, and warranties, including, without limitation, any implied warranties or conditions of merchantability or fitness for a particular purpose, to the extent allowable by law.
Although TY takes reasonable steps to screen Services for infection by viruses, worms, Trojan horses, or other code manifesting contaminating or destructive properties before making the Services available, TY cannot guarantee that any Service will be free of infection.
User assumes sole responsibility for the selection of the Services to achieve its intended results. The opinions expressed in the Services are subject to change without notice.
TY does not endorse third-party products or services. TY assesses and analyzes the effectiveness and appropriateness of information technology in the context of a general business environment only unless specifically hired by a User to assess in the context of their own environment.
In no event is TY liable for any special, indirect, consequential, incidental, punitive, or other damages however caused, whether in contract, tort, negligence, strict liability, operation of law, or otherwise (including without limitation damages for lost profits, business interruption or loss arising out of the use of or inability to use the Services, or any information provided in the Services, or claims attributable to errors, omissions or other inaccuracies in the Service or interpretations thereof), even if TY has been advised of the possibility of such damages. TY's total liability shall in no event exceed the amount paid by the User for the Service in question.
The User acknowledges that TY has set its prices and sold the Services to it in reliance on the limitations of liability and disclaimers of warranties and damages set forth herein and that the same form a fundamental and essential basis of the bargain between the parties. They shall apply even if the contract between the User and TY is found to have failed in its fundamental or essential purpose or has been fundamentally breached.
Any third-party sites that are linked to the Services are not under TY's control. TY is not responsible for anything on the linked sites, including without limitation any content, links to other sites, any changes to those sites, or any policies those sites may have. TY provides links as a convenience only, and such links do not imply any endorsement by TY of those sites.
The Services are not intended to be used for the purpose of, or as a basis for, making investment decisions or recommendations with respect to securities of any company or industry, and TY assumes no liability for decisions made, in whole or in part, on the basis of any information contained in the Services.
This site and any service agreement are governed by the laws of the Province of Ontario, Canada, excluding any conflicts of law provisions and excluding the United Nations Convention on Contracts for the International Sale of Goods. Any legal action against TY shall take place in the courts of the province of Antwerp, Belgium. The parties attorn to the non-exclusive jurisdiction of the courts of Ontario.
These standard terms of use, together with any service agreements and statements of work signed by the parties, contains the complete and exclusive statement of Agreement between the parties and supersedes all purchase order terms and conditions, understandings, proposals, negotiations, representations, or warranties of any kind whether written or oral.
A User's right to privacy is of paramount importance to TY. See our Privacy Policy for more detail. The identity of our research clients is not considered personal or confidential information, and we may disclose that information for promotion and marketing purposes.
Attn: General Counsel
(US): 1-917-473-8669
(BE): 32-468-142-754
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine your business requirements and build your process to meet them.
Develop the specific procedures and tools required to assess vendor risk.
Implement the process and develop metrics to measure effectiveness.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand business and compliance requirements.
Identify roles and responsibilities.
Define the process.
Understanding of key goals for process outcomes.
Documented service that leverages existing processes.
1.1 Review current processes and pain points.
1.2 Identify key stakeholders.
1.3 Define policy.
1.4 Develop process.
RACI Matrix
Vendor Security Policy
Defined process
Determine methodology for assessing procurement risk.
Develop procedures for performing vendor security assessments.
Standardized, repeatable methodologies for supply chain security risk assessment.
2.1 Identify organizational security risk tolerance.
2.2 Develop risk treatment action plans.
2.3 Define schedule for re-assessments.
2.4 Develop methodology for assessing service risk.
Security risk tolerance statement
Risk treatment matrix
Service Risk Questionnaire
Develop procedures for performing vendor security assessments.
Establish vendor inventory.
Standardized, repeatable methodologies for supply chain security risk assessment.
3.1 Develop vendor security questionnaire.
3.2 Define procedures for vendor security assessments.
3.3 Customize the vendor security inventory.
Vendor security questionnaire
Vendor security inventory
Define risk treatment actions.
Deploy the process.
Monitor the process.
Understanding of how to treat different risks according to the risk tolerance.
Defined implementation strategy.
4.1 Define risk treatment action plans.
4.2 Develop implementation strategy.
4.3 Identify process metrics.
Vendor security requirements
Understanding of required implementation plans
Metrics inventory
Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.
Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Explore options, guidance and some best practices related to the management of Chromebooks and MacBooks in the enterprise environment and educational institutions. Our guidance will help you understand features and options available in a variety of solutions. We also provide guidance on selecting the best endpoint management solution for your own environment.
This tool will help you determine the features and options you want or need in an endpoint management solution.
Until recently, Windows devices dominated the workplace globally. Computing devices were also rare in many industries such as education. Administrators and administrative staff may have used Windows-based devices, but Chromebooks were not yet in use. Most universities and colleges were Windows-based in offices with some flavor of Unix in other areas, and Apple devices were gaining some popularity in certain circles.
That is a stark contrast compared to today, where Chromebooks dominate the classrooms and MacBooks and Chromebooks are making significant inroads into the enterprise environment. MacBooks are also a common sight on many university campuses. There is no doubt that while Windows may still be the dominant player, it is far from the only one in town.
Now that Chromebooks and MacBooks are a notable, if not significant, part of the education and enterprise environments, they must be afforded the same considerations as Windows devices in those environments when it comes to management. The good news is that there is no lack of available solutions for managing these devices, and the endpoint management landscape is continually evolving and improving.
P.J. Ryan
Research Director, Infrastructure & Operations
Info-Tech Research Group
Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.
Google Admin Console is necessary to manage Chromebooks, but it can be paired with other tools. Implementation partnerships provide solutions to track the device lifecycle, track the repair lifecycle, sync with Google Admin Console as well as PowerSchool to provide a more complete picture of the user and device, and facilitate reminders to return the device, pay fees if necessary, pick up a device when a repair is complete, and more.
The Google Admin Console allows admins to follow an organizational unit (OU) structure very similar to what they may have used in Microsoft's Active Directory environment. This familiarity makes the task of administering Chromebooks easier for admins.
Chromebook management goes beyond securing and manipulating the device. Controls to protect the students while online, such as Safe Search and Safe Browsing, should also be implemented.
Most companies choose to use a dedicated MacBook management tool. Many unified endpoint management (UEM) tools can manage MacBooks to some extent, but admins tend to agree that a MacBook-focused endpoint management tool is best for MacBooks while a Windows-based endpoint management tool is best for Windows devices.
Some MacBook management solutions advocate integration with Windows UEM solutions to take advantage of Microsoft features such as conditional access, security functionality, and data governance. This approach can also be applied to Chromebooks.
"In 2018, Chromebooks represented an incredible 60 percent of all laptop or tablet devices in K-12 -- up from zero percent when the first Chromebook launched during the summer break in 2011."
– "Will Chromebooks Rule the Enterprise?" Computerworld
"Chromebooks were the best performing PC products in Q3 2020, with shipment volume increasing to a record-high 9.4 million units, up a whopping 122% year-on-year."
– Android Police
"Until the pandemic, Chrome OS' success was largely limited to U.S. schools. Demand in 2020 appears to have expanded beyond that small but critical part of the U.S. PC market."
– Geekwire
"In addition to running a huge number of Chrome Extensions and Apps at once, Chromebooks also run Android, Linux and Windows apps."
– "Will Chromebooks Rule the Enterprise?" Computerworld
GAC gives you a centralized console that will allow you to:
GAC can facilitate device management with features such as:
Device and user addition, group and organizational unit creation and administration, applying policies to devices and users – does all this remind you of your Active Directory environment?
GAC lets you administer users and devices with a similar approach.
Source: Google
You must be running the Chrome Enterprise Upgrade and have any licenses required by the approved partner to take advantage of this management option. The partner admin policies supersede GAC.
If you stop using the approved partner admin console to manage your devices, the polices and settings in GAC will immediately take over the devices.
Chromebook deployment becomes a challenge when device quantities grow. The enrollment process can be time consuming, and every device must be enrolled before it can be used by an employee or a student. Many admins enlist their full IT teams to assist in the short term. Some vendor partners may assist with distribution options if staffing levels permit. Recent developments from Google have opened additional options for device enrollment beyond the manual enrollment approach.
Most of the settings and features previously mentioned are also available for Education-licensed devices and users. Enterprise-specific features will not be available to Education licenses. (Active Directory integration with Education licenses, for example, is accomplished using a different approach)
An online search for Chromebook management solutions will reveal several software solutions that augment the capabilities of the Google Admin Console. Many of these solutions are focused on the education sector and classroom and student options, although the features would be beneficial to enterprises and educational organizations alike.
"There are many components to managing Chromebooks. Schools need to know which student has which device, which school has which device, and costs relating to repairs. Chromebook Management Software … facilitates these processes."
– VIZOR
"Macs now make up 23% of endpoints in enterprises."
– ComputerWeekly.com
"When given the choice, no less than 72% of employees choose Macs over PCs."
– "5 Reasons Mac is a must," Jamf
"IBM says it is 3X more expensive to manage PCs than Macs."
– Computerworld
"74% of those who previously used a PC for work experienced fewer issues now that they use a Mac"
– "Global Survey: Mac in the Enterprise," Jamf
"When enterprise moves to Mac, staff retention rates improve by 20%. That's quite a boost! "
– "5 Reasons Mac is a must," Jamf
Most Windows UEM tools are constantly improving, and it is only a matter of time before they rival many of the dedicated MacBook management tools out there.
Dedicated solutions advocate integration with UEM solutions to take advantage of conditional access, security functionality, and data governance features.
Jamf and Microsoft entered into a collaboration several years ago with the intention of making the MacBook management process easier and more secure.
Microsoft Intune and Jamf Pro: Better together to manage and secure Macs
Microsoft Conditional Access with Jamf Pro ensures that company data is only accessed by trusted users, on trusted devices, using trusted apps. Jamf extends this Enterprise Mobile + Security (EMS) functionality to Mac, iPhone and iPad.
– "Microsoft Intune and Jamf Pro," Jamf
There are many solutions available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don't purchase capabilities that you may never use.
Use the Endpoint Management Selection Tool to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.
Endpoint Management Selection Tool |
|||
---|---|---|---|
In the first column, list out the desired features you want in an endpoint solution for your devices. Use the features provided if desired, or add your own and edit or delete the existing ones if necessary. As you look into various endpoint management solution vendors, list them in the columns in place of "Vendor 1," "Vendor 2," etc. Use the "Desired Feature" list as a checklist and change the values to "yes" or "no" in the corresponding box under the vendors' names. When complete, you will be able to look at all the features and compare vendors in a single table. |
|||
Desired Feature | Vendor 1 | Vendor 2 | Vendor 3 |
Organizational unit creation | Yes | No | Yes |
Group creation | Yes | Yes | Yes |
Ability to assign users to devices | No | Yes | Yes |
Control of administrative permissions | Yes | Yes | Yes |
Conditional access | No | Yes | Yes |
Security policies enforced | Yes | No | Yes |
Asset management | No | Yes | No |
Single sign-on | Yes | Yes | Yes |
Auto-deployment | No | Yes | No |
Repair lifecycle tracking | No | Yes | No |
Application deployment | Yes | Yes | No |
Device tracking | Yes | Yes | Yes |
Ability to enable encryption | Yes | No | Yes |
Device wipe | Yes | No | Yes |
Ability to enable/disable device tracking | No | No | Yes |
User activity audit | No | No | No |
Modernize and Transform Your End-User Computing Strategy
This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?
Best Unified Endpoint Management (UEM) Software 2022 | SoftwareReviews
Compare and evaluate unified endpoint management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best unified endpoint management software for your organization.
Best Enterprise Mobile Management (EMM) Software 2022 | (softwarereviews.com)
Compare and evaluate enterprise mobile management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best enterprise mobile management software for your organization.
Bridge, Tom. "Macs in the enterprise – what you need to know". Computerweekly.com, TechTarget. 27 May 2022. Accessed 12 Aug. 2022.
Copley-Woods, Haddayr. "5 reasons Mac is a must in the enterprise". Jamf.com, Jamf. 28 June 2022. Accessed 16 Aug. 2022.
Duke, Kent. "Chromebook sales skyrocketed in Q3 2020 with online education fueling demand." androidpolice.com, Android Police. 16 Nov 2020. Accessed 10 Aug. 2022.
Elgin, Mike. "Will Chromebooks Rule the Enterprise? (5 Reasons They May)". Computerworld.com, Computerworld. 30 Aug 2019. Accessed 10 Aug. 2022.
Evans, Jonny. "IBM says it is 3X more expensive to manage PCs than Macs". Computerworld.com, Computerworld. 19 Oct 2016. Accessed 23 Aug. 2022.
"Global Survey: Mac in the Enterprise". Jamf.com, Jamf. Accessed 16 Aug. 2022.
"How to Manage Chromebooks Like a Pro." Vizor.cloud, VIZOR. Accessed 10 Aug. 2022.
"Manage Chrome OS Devices with EMM Console". support.google.com, Google. Accessed 16 Aug. 2022.
Protalinski, Emil. "Chromebooks outsold Macs worldwide in 2020, cutting into Windows market share". Geekwire.com, Geekwire. 16 Feb 2021. Accessed 22 Aug. 2022.
Smith, Sean. "Microsoft Intune and Jamf Pro: Better together to manage and secure Macs". Jamf.com, Jamf. 20 April 2022. Accessed 16 Aug. 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify what skills are needed based on where the organization is going.
Ground skills acquisition decisions in the characteristics of need.
Get stakeholder buy-in; leverage the skills map in other processes.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify process and skills changes required by the future state of your environment.
Set foundation for alignment between strategy-defined technology initiatives and needed skills.
1.1 Review the list of initiatives and projects with the group.
1.2 Identify how key support, operational, and deployment processes will change through planned initiatives.
1.3 Identify skills-related risks and pain points.
Future State Playbook
Identify process and skills changes required by the future state of your environment.
Set foundation for alignment between strategy-defined technology initiatives and needed skills.
2.1 Identify skills required to support the new environment.
2.2 Map required skills to roles.
IT/Cloud Architect Role Description
IT/Cloud Engineer Role Description
IT/Cloud Administrator Role Description
Create a skills acquisition strategy based on the characteristics of need.
Optimal skills acquisition strategy defined.
3.1 Modify impact scoring scale for key skills decision factors.
3.2 Apply impact scoring scales to needed skills
3.3 Decide whether to train, hire, contract, or outsource to acquire needed skills.
Technical Skills Map
Create an effective communication plan for different stakeholders across the organization.
Identify opportunities to leverage the skills map elsewhere.
Create a concise, clear, consistent, and relevant change message for stakeholders across the organization.
4.1 Review skills decisions and decide how you will acquire skills in each role.
4.2 Update roles descriptions.
4.3 Create a change message.
4.4 Identify opportunities to leverage the skills map in other processes.
Technical Skills Map Communication Deck
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess the maturity of your existing change management practice and define the scope of change management for your organization.
Build your change management team and standardized process workflows for each change type.
Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.
Form an implementation plan for the project, including a metrics evaluation, change calendar inputs, communications plan, and roadmap.
[infographic]
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss the existing challenges and maturity of your change management practice.
Build definitions of change categories and the scope of change management.
Understand the starting point and scope of change management.
Understand the context of change request versus other requests such as service requests, projects, and operational tasks.
1.1 Outline strengths and challenges
1.2 Conduct a maturity assessment
1.3 Build a categorization scheme
1.4 Build a risk assessment matrix
Change Management Maturity Assessment Tool
Change Management Risk Assessment Tool
Define roles and responsibilities for the change management team.
Develop a standardized change management practice for approved changes, including process workflows.
Built the team to support your new change management practice.
Develop a formalized and right-sized change management practice for each change category. This will ensure all changes follow the correct process and core activities to confirm changes are completed successfully.
2.1 Define the change manager role
2.2 Outline the membership and protocol for the Change Advisory Board (CAB)
2.3 Build workflows for normal, emergency, and pre-approved changes
Change Manager Job Description
Change Management Standard Operating Procedure (SOP)
Change Management Process Library
Create a new change intake process, including a new request for change (RFC) form.
Develop post-implementation review activities to be completed for every IT change.
Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.
3.1 Define the RFC template
3.2 Determine post-implementation activities
3.3 Build your change calendar protocol
Request for Change Form Template
Change Management Post-Implementation Checklist
Project Summary Template
Develop a plan and project roadmap for reaching your target for your change management program maturity.
Develop a communications plan to ensure the successful adoption of the new program.
A plan and project roadmap for reaching target change management program maturity.
A communications plan ready for implementation.
4.1 Identify metrics and reports
4.2 Build a communications plan
4.3 Build your implementation roadmap
Change Management Metrics Tool
Change Management Communications Plan
Change Management Roadmap Tool
Right-size IT change management practice to protect the live environment.
Change management (change enablement, change control) is a balance of efficiency and risk. That is, pushing changes out in a timely manner while minimizing the risk of deployment. On the one hand, organizations can attempt to avoid all risk and drown the process in rubber stamps, red tape, and bureaucracy. On the other hand, organizations can ignore process and push out changes as quickly as possible, which will likely lead to change related incidents and debilitating outages.
Right-sizing the process does not mean adopting every recommendation from best-practice frameworks. It means balancing the efficiency of change request fulfillment with minimizing risk to your organization. Furthermore, creating a process that encourages adherence is key to avoid change implementers from skirting your process altogether.
Benedict Chang, Research Analyst, Infrastructure and Operations, Info-Tech Research Group
Infrastructure and application change occurs constantly and is driven by changing business needs, requests for new functionality, operational releases and patches, and resolution of incidents or problems detected by the service desk.
IT managers need to follow a standard change management process to ensure that rogue changes are never deployed while the organization remains responsive to demand.
IT system owners often resist change management because they see it as slow and bureaucratic.
At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up-to-date and do not catch the potential linkages.
Infrastructure changes are often seen as “different” from application changes and two (or more) processes may exist.
Info-Tech’s approach will help you:
Two goals of change management are to protect the live environment and deploying changes in a timely manner. These two may seem to sometimes be at odds against each other, but assessing risk at multiple points of a change’s lifecycle can help you achieve both.
Having a right-sized process is not enough. You need to build and communicate the process to gather adherence. The process is useless if stakeholders are not aware of it or do not follow it.
Of the eight infrastructure & operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management has the second largest gap between importance and effectiveness of these processes.
Source: Info-Tech 2020; n=5,108 IT professionals from 620 organizations
“Why should I fill out an RFC when it only takes five minutes to push through my change?”
“We’ve been doing this for years. Why do we need more bureaucracy?”
“We don’t need change management if we’re Agile.”
“We don’t have the right tools to even start change management.”
“Why do I have to attend a CAB meeting when I don’t care what other departments are doing?”
“The scope of change management is defined by each organization…the purpose of change management is to maximize the number of successful service and product changes by ensuring that the risk have been properly assessed, authorizing changes to process, and managing the change schedule.” – ALEXOS Limited, ITIL 4
Building a unified process that oversees all changes to the technical environment doesn’t have to be burdensome to be effective. However, the process is a necessary starting point to identifying cross dependencies and avoiding change collisions and change-related incidents.
Simply asking, “What is the risk?” will result in subjective responses that will likely minimize the perceived risk. The level of due diligence should align to the criticality of the systems or departments potentially impacted by the proposed changes.
Change management in isolation will provide some stability, but maturing the process through service integrations will enable data-driven decisions, decrease bureaucracy, and enable faster and more stable throughput.
Change and DevOps tend to be at odds, but the framework does not have to change. Lower risk changes in DevOps are prime candidates for the pre-approved category. Much of the responsibility traditionally assigned to the CAB can be diffused throughout the software development lifecycle.
Look for these DevOps callouts throughout this storyboard to guide you along the implementation.
Business Benefits
IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.
Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.
Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.
Request for change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.
Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.
Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations
Of the eight infrastructure and operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management consistently has the second largest gap between importance and effectiveness of these processes.
Info-Tech’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified change management as an area for immediate improvement.
Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations
No importance: 1.0-6.9
Limited importance: 7.0-7.9
Significant importance: 8.0-8.9
Critical importance: 9.0-10.0
Not in place: n/a
Not effective: 0.0-4.9
Somewhat Ineffective: 5.0-5.9
Somewhat effective: 6.0-6.9
Very effective: 7.0-10.0
Which of these have you heard in your organization?
Reality | |
---|---|
“It’s just a small change; this will only take five minutes to do.” | Even a small change can cause a business outage. That small fix could impact a large system connected to the one being fixed. |
“Ad hoc is faster; too many processes slow things down.” | Ad hoc might be faster in some cases, but it carries far greater risk. Following defined processes keeps systems stable and risk-averse. |
“Change management is all about speed.” | Change management is about managing risk. It gives the illusion of speed by reducing downtime and unplanned work. |
“Change management will limit our capacity to change.” | Change management allows for a better alignment of process (release management) with governance (change management). |
Change Prioritization
Change Deployment
1. Define Change Management | 2. Establish Roles and Workflows | 3. Define the RFC and Post-Implementation Activities | 4. Measure, Manage, and Maintain | |
---|---|---|---|---|
Phase Steps |
1.1 Assess Maturity 1.2 Categorize Changes and Build Your Risk Assessment |
2.1 Determine Roles and Responsibilities 2.2 Build Core Workflows |
3.1 Design the RFC 3.2 Establish Post-Implementation Activities |
4.1 Identify Metrics and Build the Change Calendar 4.2 Implement the Project |
Change Management Standard Operating Procedure (SOP) Change Management Project Summary Template | ||||
Phase Deliverables |
|
|
|
|
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Document your normal, pre-approved, and emergency change lifecycles with the core process workflows .
Test Drive your impact and likelihood assessment questionnaires with the Change Management Risk Assessment Tool.
Summarize your efforts in the Optimize IT Change Management Improvement Initiative: Project Summary Template.
Record your action items and roadmap your steps to a mature change management process.
Document and formalize your process starting with the change management standard operating procedure (SOP).
Define Change Management
Establish Roles and Workflows
Define RFC and Post-Implementation Activities
Measure, Manage, and Maintain
A major technology company implemented change management to improve productivity by 40%. This case study illustrates the full scope of the project.
A large technology firm experienced a critical outage due to poor change management practices. This case study illustrates the scope of change management definition and strategy.
Ignorance of change management process led to a technology giant experiencing a critical cloud outage. This case study illustrates the scope of the process phase.
A manufacturing company created a makeshift CMDB in the absence of a CMDB to implement change management. This case study illustrates the scope of change intake.
A financial institution tracked and recorded metrics to aid in the success of their change management program. This case study illustrates the scope of the implementation phase.
Guided Implementation | Measured Vale |
---|---|
Phase 1: Define Change Management |
|
Phase 2: Establish Roles and Workflows |
|
Phase 3: Define the RFC and Post-Implementation Activities |
|
Phase 4: Measure, Manage, and Maintain |
|
Total Savings | $10,800 |
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
With close to 4,000 changes occurring each week, managing Intel’s environment is a formidable task. Before implementing change management within the organization, over 35% of all unscheduled downtime was due to errors resulting from change and release management. Processes were ad hoc or scattered across the organization and no standards were in place.
After a robust implementation of change management, Intel experienced a number of improvements including automated approvals, the implementation of a formal change calendar, and an automated RFC form. As a result, Intel improved change productivity by 40% within the first year of the program’s implementation.
Define Change Management
↓
Establish Roles and Workflows
↓
Define RFC and Post-Implementation Activities
↓
Measure, Manage, and Maintain
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Diagnostics and consistent frameworks are used throughout all four options.
A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 4 to 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Activities |
Define Change Management 1.1 Outline Strengths and Challenges 1.2 Conduct a Maturity Assessment 1.3 Build a Change Categorization Scheme 1.4 Build Your Risk Assessment |
Establish Roles and Workflows 2.1 Define the Change Manager Role 2.2 Outline CAB Protocol and membership 2.3 Build Normal Change Process 2.4 Build Emergency Change Process 2.5 Build Pre-Approved Change Process |
Define the RFC and Post-Implementation Activities 3.1 Create an RFC Template 3.2 Determine Post-Implementation Activities 3.3 Build a Change Calendar Protocol |
Measure, Manage, and Maintain 4.1 Identify Metrics and Reports 4.2 Create Communications Plan 4.3 Build an Implementation Roadmap |
Next Steps and Wrap-Up (offsite) 5.1 Complete in-progress deliverables from previous four days 5.2 Set up review time for workshop deliverables and to discuss next steps |
Deliverables |
|
|
|
|
|
1.1 Assess Maturity
1.2 Categorize Changes and Build Your Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define the RFC and Post-Implementation Activities
3.1 Design the RFC
3.2 Establish Post-Implementation Activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following steps:
This phase involves the following participants:
1.1.1 Outline the Organization’s Strengths and Challenges
1.1.2 Complete a Maturity Assessment
Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment
Ensure the Release Manager is present as part of your CAB. They can explain any change content or dependencies, communicate business approval, and advise the service desk of any defects.
As seen in the context diagram, change management interacts closely with many other IT processes including release management and configuration management (seen below). Ensure you delineate when these interactions occur (e.g. RFC updates and CMDB queries) and which process owns each task.
“With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” – Anonymous, VP IT of a federal credit union
Download the Optimize IT Change Management Improvement Initiative: Project Summary Template
Chaos | Reactive | Controlled |
Proactive | Optimized | |
---|---|---|---|---|---|
Change Requests | No defined processes for submitting changes | Low process adherence and no RFC form | RFC form is centralized and a point of contact for changes exists | RFCs are reviewed for scope and completion | RFCs trend analysis and proactive change exists |
Change Review | Little to no change risk assessment | Risk assessment exists for each RFC | RFC form is centralized and a point of contact for changes exists | Change calendar exists and is maintained | System and component dependencies exist (CMDB) |
Change Approval | No formal approval process exists | Approval process exists but is not widely followed | Unauthorized changes are minimal or nonexistent | Change advisory board (CAB) is established and formalized | Trend analysis exists increasing pre-approved changes |
Post-Deployment | No post-deployment change review exists | Process exists but is not widely followed | Reduction of change-related incidents | Stakeholder satisfaction is gathered and reviewed | Lessons learned are propagated and actioned |
Process Governance | Roles & responsibilities are ad hoc | Roles, policies & procedures are defined & documented | Roles, policies & procedures are defined & documented | KPIs are tracked, reported on, and reviewed | KPIs are proactively managed for improvement |
Reaching an optimized level is not feasible for every organization. You may be able to run a very good change management process at the Proactive or even Controlled stage. Pay special attention to keeping your goals attainable.
Download the Change Management Maturity Assessment Tool
Even Google isn’t immune to change-related outages. Plan ahead and communicate to help avoid change-related incidents
Industry: Technology
Source: The Register
As part of a routine maintenance procedure, Google engineers moved App Engine applications between data centers in the Central US to balance out traffic.
Unfortunately, at the same time that applications were being rerouted, a software update was in progress on the traffic routers, which triggered a restart. This temporarily diminished router capacity, knocking out a sizeable portion of Google Cloud.
The server drain resulted in a huge spike in startup requests, and the routers simply couldn’t handle the traffic.
As a result, 21% of Google App Engine applications hosted in the Central US experienced error rates in excess of 10%, while an additional 16% of applications experienced latency, albeit at a lower rate.
Thankfully, engineers were actively monitoring the implementation of the change and were able to spring into action to halt the problem.
The change was rolled back after 11 minutes, but the configuration error still needed to be fixed. After about two hours, the change failure was resolved and the Google Cloud was fully functional.
One takeaway for the engineering team was to closely monitor how changes are scheduled. Ultimately, this was the result of miscommunication and a lack of transparency between change teams.
1.2.1 Define What Constitutes a Change
1.2.2 Build a Change Categorization Scheme
1.2.3 Build a Classification Scheme to Assess Impact
1.2.4 Build a Classification Scheme to Define Likelihood
1.2.5 Evaluate and Adjust Your Risk Assessment Scheme
Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment
Successfully managed changes will optimize risk exposure, severity of impact, and disruption. This will result in the bottom-line business benefits of removal of risk, early realization of benefits, and savings of money and time.
80%
In organizations without formal change management processes, about 80% (The Visible Ops Handbook) of IT service outage problems are caused by updates and changes to systems, applications, and infrastructure. It’s crucial to track and systematically manage change to fully understand and predict the risks and potential impact of the change.
The core business of the enterprise or supporting functions may be affected.
If it’s for a local application, it’s a service request
It should usually impact more than a single user (in most cases).
Any impact on a business process is a change; adding a user or a recipient to a report or mailing list is not a change.
If it’s a new service, then it’s better described as a project.
It needs to be within the scope of IT for the change management process to apply.
As a general rule, if it takes longer than 40 hours of work to complete, it’s likely a project.
Change | Service Request (User) | Operational Task (Backend) |
---|---|---|
|
|
|
Change | Project | Service Request (User) | Operational Task (Backend) | Release |
---|---|---|---|---|
Changing Configuration | ERP upgrade | Add new user | Delete temp files | Software release |
Download the Change Management Standard Operating Procedure (SOP).
In addition to assigning a category to each RFC based on risk assessment, each RFC should also be assigned a priority based on the impact of the change on the IT organization, in terms of the resources needed to effect the change.
Normal
Emergency
Pre-Approved
The majority of changes will be pre-approved or normal changes. Definitions of each category are provided on the next slide.
Info-Tech uses the term pre-approved rather than the ITIL terminology of standard to more accurately define the type of change represented by this category.
A potential fourth change category of expedited may be employed if you are having issues with process adherence or if you experience changes driven from outside change management’s control (e.g. from the CIO, director, judiciary, etc.) See Appendix I for more details.
Do not rush to designate changes as pre-approved. You may have a good idea of which changes may be considered pre-approved, but make sure they are in fact low-risk and well-documented before moving them over from the normal category.
Pre-Approved | Normal | Emergency | |
---|---|---|---|
Definition |
|
|
|
Trigger |
|
|
|
Workflow |
|
|
|
Approval |
|
|
|
Pay close attention to defining your pre-approved changes. They are going to be critical for running a smooth change management practice in a DevOps Environment
Pre-Approved (AKA Standard) | Normal | Emergency |
---|---|---|
|
Major
Medium
Minor
|
|
The following slides guide you through the steps of formalizing a risk assessment according to impact and likelihood:
Info-Tech Insight
All changes entail an additional level of risk. Risk is a function of impact and likelihood. Risk may be reduced, accepted, or neutralized through following best practices around training, testing, backout planning, redundancy, timing and sequencing of changes, etc.
How is risk rating determined?
Who determines priority?
How is risk rating used?
RFCs need to clearly identify the risk level of the proposed change. This can be done through statement of impact and likelihood (low/medium/high) or through pertinent questions linked with business rules to assess the risk.
Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.
Impact | ||||
---|---|---|---|---|
Weight | Question | High | Medium | Low |
15% | # of people affected | 36+ | 11-35 | <10 |
20% | # of sites affected | 4+ | 2-3 | 1 |
15% | Duration of recovery (minutes of business time) | 180+ | 30-18 | <3 |
20% | Systems affected | Mission critical | Important | Informational |
30% | External customer impact | Loss of customer | Service interruption | None |
LIKELIHOOD | ||||
---|---|---|---|---|
Weight | Question | High | Medium | Low |
25% | Has this change been tested? | No | Yes | |
10% | Have all the relevant groups (companies, departments, executives) vetted the change? | No | Partial | Yes |
5% | Has this change been documented? | No | Yes | |
15% | How long is the change window? When can we implement? | Specified day/time | Partial | Per IT choice |
20% | Do we have trained and experienced staff available to implement this change? If only external consultants are available, the rating will be “medium” at best. | No | Yes | |
25% | Has an implementation plan been developed? | No | Yes |
Download the Change Management Rick Assessment Tool.
# |
Change Example |
Impact |
Likelihood |
Risk |
1 |
ERP change |
High |
Medium |
Major |
2 |
Ticket system go-live |
Medium |
Low |
Minor |
3 |
UPS replacement |
Medium |
Low |
Minor |
4 |
Network upgrade |
Medium |
Medium |
Medium |
5 |
AD upgrade |
Medium |
Low |
Minor |
6 |
High availability implementation |
Low |
Medium |
Minor |
7 |
Key-card implementation |
Low |
High |
Medium |
8 |
Anti-virus update |
Low |
Low |
Minor |
9 |
Website |
Low |
Medium |
Minor |
The company was planning to implement a CMDB; however, full implementation was still one year away and subject to budget constraints.
Without a CMDB, it would be difficult to understand the interdependencies between systems and therefore be able to provide notifications to potentially affected user groups prior to implementing technical changes.
This could have derailed the change management project.
An Excel template was set up as a stopgap measure until the full implementation of the CMDB. The template included all identified dependencies between systems, along with a “dependency tier” for each IT service.
Tier 1: The dependent system would not operate if the upstream system change resulted in an outage.
Tier 2: The dependent system would suffer severe degradation of performance and/or features.
Tier 3: The dependent system would see minor performance degradation or minor feature unavailability.
As a stopgap measure, the solution worked well. When changes ran the risk of degrading downstream dependent systems, the impacted business system owner’s authorization was sought and end users were informed in advance.
The primary takeaway was that a system to manage configuration linkages and system dependencies was key.
While a CMDB is ideal for this use case, IT organizations shouldn’t let the lack of such a system stop progress on change management.
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
Due to the sheer volume of change management activities present at Intel, over 35% of unscheduled outages were the result of changes.
Ineffective change management was identified as the top contributor of incidents with unscheduled downtime.
One of the major issues highlighted was a lack of process ownership. The change management process at Intel was very fragmented, and that needed to change.
Daniel Grove, Senior Release & Change Manager at Intel, identified that clarifying tasks for the Change Manager and the CAB would improve process efficiency by reducing decision lag time. Roles and responsibilities were reworked and clarified.
Intel conducted a maturity assessment of the overall change management process to identify key areas for improvement.
For running change management in DevOps environment, see Appendix II.
Define Change Management
1.1 Assess Maturity
1.2 Categorize Changes and Build Your Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define RFC and Post-Implementation Activities
3.1 Design the RFC
3.2 Establish Post-Implementation Activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following steps:
This phase involves the following participants:
2.1.1 Capture Roles and Responsibilities Using a RACI Chart
2.1.2 Determine Your Change Manager’s Responsibilities
2.1.3 Define the Authority and Responsibilities of Your CAB
2.1.4 Determine an E-CAB Protocol for Your Organization
Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows
This step involves the following participants:
Change Management Tasks | Originator | System Owner | Change Manager | CAB Member | Technical SME | Service Desk | CIO/ VP IT | E-CAB Member |
---|---|---|---|---|---|---|---|---|
Review the RFC | C | C | A | C | R | C | R | |
Validate changes | C | C | A | C | R | C | R | |
Assess test plan | A | C | R | R | C | I | ||
Approve the RFC | I | C | A | R | C | I | ||
Create communications plan | R | I | A | I | I | |||
Deploy communications plan | I | I | A | I | R | |||
Review metrics | C | A | R | C | I | |||
Perform a post implementation review | C | R | A | I | ||||
Review lessons learned from PIR activities | R | A | C |
Info-Tech Best Practice
Some organizations will not be able to assign a dedicated Change Manager, but they must still task an individual with change review authority and with ownership of the risk assessment and other key parts of the process.
1.Using the previous slide, Info-Tech’s Change Manager Job Description, and the examples below, brainstorm responsibilities for the Change Manager.
2.Record the responsibilities in Section 3.2 of your Change Management SOP.
Change Manager: James Corey
Responsibilities
Download the Change Manager Job Description
See what responsibilities in the CAB’s process are already performed by the DevOps lifecycle (e.g. authorization, deconfliction etc.). Do not duplicate efforts.
Based on the core responsibilities you have defined, the CAB needs to be composed of a diverse set of individuals who provide quality:
CAB Representation | Value Added | |
---|---|---|
Business Members |
|
|
IT Operations Members |
|
|
CAB Attendees |
|
|
Info-Tech Best Practice
Form a core CAB (members attend every week) and an optional CAB (members who attend only when a change impacts them or when they can provide value in discussions about a change). This way, members can have their voice heard without spending every week in a meeting where they do not contribute.
1.Using the previous slide and the examples below, list the authorities and responsibilities of your CAB.
2.Record the responsibilities in section 3.3.2 of your Change Management SOP and the Project Summary Template.
CAP Authority | CAP Responsibilities |
---|---|
|
|
Change owner conferences with E-CAB (best efforts to reach them) through email or messaging.
E-CAB members and business system owners are provided with change details. No decision is made without feedback from at least one E-CAB member.
If business continuity is being affected, the Change Manager has authority to approve change.
Full documentation of the change (a retroactive RFC) is done after the change and is then reviewed by the CAB.
Info-Tech Best Practice
Members of the E-CAB should be a subset of the CAB who are typically quick to respond to their messages, even at odd hours of the night.
Assemble E-CAB
Assess Change
Test (if Applicable)
Deploy Change
Create Retroactive RFC
Review With CAB
2.2.1 Build a CMDB-lite as a Reference for Requested Changes
2.2.2 Create a Normal Change Process
2.2.3 Create a Pre-Approved Change Process
2.2.4 Create an Emergency Change Process
Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows
This step involves the following participants:
Supplier
Input
Process
Output
Customer
Metrics
Controls
Dependencies
RACI
Identify all components of the change.
Ask how changes will affect:
Frame the change from a business point of view to identify potential disruptions to business activities.
Your assessment should cover:
Each new change can impact the level of service available.
Examine the impact on:
Once risk has been assessed, resources need to be identified to ensure the change can be executed.
These include:
System | Primary Users | SME | Backup SME(s) | Business System Owner | Tier 1 Dependency (system functionality is down) | Tier 2 (impaired functionality/ workaround available) | Tier 3 Dependency (nice to have) |
---|---|---|---|---|---|---|---|
Enterprise | Naomi | Amos | James |
|
|
||
Conferencing Tool | Enterprise | Alex | Shed | James |
|
|
|
ITSM (Service Now) | Enterprise (Intl.) | Anderson | TBD | Mike |
|
|
|
ITSM (Manage Engine) | North America | Bobbie | Joseph | Mike |
|
|
Info-Tech Best Practice
Define a list pre-approved changes and automate them (if possible) using your ITSM solution. This will save valuable time for more important changes in the queue.
Example:
Change Category | Change Authority |
---|---|
Pre-approved change | Department head/manager |
Emergency change | E-CAB |
Normal change – low and medium risk | CAB |
Normal change – high risk | CAB and CIO (for visibility) |
Change initiation allows for assurance that the request is in scope for change management and acts as a filter for out-of-scope changes to be redirected to the proper workflow. Initiation also assesses who may be assigned to the change and the proper category of the change, and results in an RFC to be populated before the change reaches the build and test phase.
The change trigger assessment is critical in the DevOps lifecycle. This can take a more formal role of a technical review board (TRB) or, with enough maturity, may be automated. Responsibilities such as deconfliction, dependency identification, calendar query, and authorization identification can be done early in the lifecycle to decrease or eliminate the burden on CAB.
For the full process, refer to the Change Management Process Library.
For the full process, refer to the Change Management Process Library.
For the full process, refer to the Change Management Process Library.
For the full process, refer to the Change Management Process Library.
Download the Change Management Process Library.
Info-Tech Best Practice
At the beginning of a change management process, there should be few active pre-approved changes. However, prior to launch, you may have IT flag changes for conversion.
For the full process, refer to the Change Management Process Library.
Info-Tech Best Practice
Other reasons for moving a pre-approved change back to the normal category is if the change led to an incident during implementation or if there was an issue during implementation.
Seek new pre-approved change submissions. → Re-evaluate the pre-approved change list every 4-6 months.
For the full process, refer to the Change Management Process Library.
Sample Change | Quick Check | Emergency? |
---|---|---|
Install the latest critical patches from the vendor. | Are the patches required to resolve or prevent an imminent critical incident? | No |
A virus or worm invades the network and a patch is needed to eliminate the threat. | Is the patch required to resolve or prevent an imminent critical incident? | Yes |
Info-Tech Best Practice
Change requesters should be made aware that senior management will be informed if an emergency RFC is submitted inappropriately. Emergency requests trigger urgent CAB meetings, are riskier to deploy, and delay other changes waiting in the queue.
When building your emergency change process, have your E-CAB protocol from activity 2.1.4 handy.
For the full process, refer to the Change Management Process Library.
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
Intel identified 37 different change processes and 25 change management systems of record with little integration.
Software and infrastructure groups were also very siloed, and this no doubt contributed to the high number of changes that caused outages.
The task was simple: standards needed to be put in place and communication had to improve.
Once process ownership was assigned and the role of the Change Manager and CAB clarified, it was a simple task to streamline and simplify processes among groups.
Intel designed a new, unified change management workflow that all groups would adopt.
Automation was also brought into play to improve how RFCs were generated and submitted.
Define Change Management
1.1 Assess Maturity
1.2 Categorize Changes and Build Your Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define the RFC and Post-Implementation Activities
3.1 Design the RFC
3.2 Establish Post-Implementation Activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following activities:
This phase involves the following participants:
3.1.1 Evaluate Your Existing RFC Process
3.1.2 Build the RFC Form
Step 3.1: Design the RFC
Step 3.2: Establish Post-Implementation Activities
This step involves the following participants:
Info-Tech Insight
Keep the RFC form simple, especially when first implementing change management, to encourage the adoption of and compliance with the process.
Download the Request for Change Form Template.
Draft:
Technical Build:
CAB:
Complete:
Use the RFC to point to documentation already gathered in the DevOps lifecycle to cut down on unnecessary manual work while maintaining compliance.
Info-Tech Best Practice
Technical and SME contacts should be noted in each RFC so they can be easily consulted during the RFC review.
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
One of the crucial factors that was impacting Intel’s change management efficiency was a cumbersome RFC process.
A lack of RFC usage was contributing to increased ad hoc changes being put through the CAB, and rescheduled changes were quite high.
Additionally, ad hoc changes were also contributing heavily to unscheduled downtime within the organization.
Intel designed and implemented an automated RFC form generator to encourage end users to increase RFC usage.
As we’ve seen with RFC form design, the UX/UI of the form needs to be top notch, otherwise end users will simply circumvent the process. This will contribute to the problems you are seeking to correct.
Thanks to increased RFC usage, Intel decreased emergency changes by 50% and reduced change-caused unscheduled downtime by 82%.
3.2.1 Determine When the CAB Would Reject Tested Changes
3.2.2 Create a Post-Implementation Activity Checklist
Step 3.1: Design RFC
Step 3.2: Establish Post-Implementation Activities
This step involves the following participants:
Possible reasons the CAB would reject a change include:
Info-Tech Best Practice
Many reasons for rejection (listed above) can be caught early on in the process during the technical review or change build portion of the change. The earlier you catch these reasons for rejection, the less wasted effort there will be per change.
Sample RFC | Reason for CAP Rejection |
---|---|
There was a request for an update to a system that a legacy application depends on and only a specific area of the business was aware of the dependency. | The CAB rejects it due to the downstream impact. |
There was a request for an update to a non-supported application, and the vendor was asking for a premium support contract that is very costly. | It’s too expensive to implement, despite the need for it. The CAB will wait for an upgrade to a new application. |
There was a request to update application functionality to a beta release. | The risk outweighs the business benefits. |
The implementation phase is the final checkpoint before releasing the new change into your live environment. Once the final checks have been made to the change, it’s paramount that teams work together to transition the change effectively rather than doing an abrupt hand-off. This could cause a potential outage.
1.
Implement change →
2.
A backout plan needs to contain a record of the steps that need to be taken to restore the live environment back to its previous state and maintain business continuity. A good backout plan asks the following questions:
Notify the Service Desk
Disable Access
Conduct Checks
Enable User Access
Notify the Service Desk
Info-Tech Best Practice
As part of the backout plan, consider the turnback point in the change window. That is, the point within the change window where you still have time to fully back out of the change.
Update the service catalog with new information as a result of the implemented change.
Update new dependencies present as a result of the new change.
Add notes about any assets newly affected by changes.
Update your map based on the new change.
Update your technical documentation to reflect the changes present because of the new change.
Update your training documentation to reflect any information about how users interact with the change.
Info-Tech Best Practice
Review PIR reports at CAB meetings to highlight the root causes of issues, action items to close identified gaps, and back-up documentation required. Attach the PIR report to the relevant RFC to prevent similar changes from facing the same issues in the future.
Frequency | Part of weekly review (IT team meeting) |
Participants |
|
Categories under review |
Current deviations and action items from previous PIR:
|
Output |
|
Controls |
|
Download the Change Management Post-Implementation Checklist
Industry: Technology
Source: Jason Zander, Microsoft
In November 2014, Microsoft deployed a change intended to improve Azure storage performance by reducing CPU footprint of the Azure Table Front-Ends.
The deployment method was an incremental approach called “flighting,” where software and configuration deployments are deployed incrementally to Azure infrastructure in small batches.
Unfortunately, this software deployment caused a service interruption in multiple regions.
Before the software was deployed, Microsoft engineers followed proper protocol by testing the proposed update. All test results pointed to a successful implementation.
Unfortunately, engineers pushed the change out to the entire infrastructure instead of adhering to the traditional flighting protocol.
Additionally, the configuration switch was incorrectly enabled for the Azure Blob storage Front-Ends.
A combination of the two mistakes exposed a bug that caused the outage.
Thankfully, Microsoft had a backout plan. Within 30 minutes, the change was rolled back on a global scale.
It was determined that policy enforcement was not integrated across the deployment system. An update to the system shifted the process of policy enforcement from human-based decisions and protocol to automation via the deployment platform.
Defined PIR activities enabled Microsoft to take swift action against the outage and mitigate the risk of a serious outage.
Define Change Management
1.1 Assess Maturity
1.2 Categorize Changes and Build Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define RFC and Post-Implementation Activities
3.1 Design RFC
3.2 Establish post-implementation activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following activities:
This phase involves the following participants:
4.1.1 Create an Outline for Your Change Calendar
4.1.2 Determine Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)
4.1.3 Track and Record Metrics Using the Change Management Metrics Tool
Step 4.1: Identify Metrics and Build the Change Calendar
Step 4.2: Implement the Project
This step involves the following participants:
“The one who has more clout or authority is usually the one who gets changes scheduled in the time frame they desire, but you should really be evaluating the impact to the organization. We looked at the risk to the business of not doing the change, and that’s a good way of determining the criticality and urgency of that change.” – Joseph Sgandurra, Director, Service Delivery, Navantis
Info-Tech Insight
Avoid a culture where powerful stakeholders are able to push change deployment on an ad hoc basis. Give the CAB the full authority to make approval decisions based on urgency, impact, cost, and availability of resources.
“Our mantra is to put it on the calendar. Even if it’s a preapproved change and doesn’t need a vote, having it on the calendar helps with visibility. The calendar is the one-stop shop for scheduling and identifying change dependencies.“ – Wil Clark, Director of Service and Performance Management, University of North Texas Systems
The change calendar is a critical pre-requisite to change management in DevOps. Use the calendar to be proactive with proposed implementation dates and deconfliction before the change is finished.
Info-Tech Insight
Start simple. Metrics can be difficult to tackle if you’re starting from scratch. While implementing your change management practice, use these three metrics as a starting point, since they correlate well with the success of change management overall. The following few slides provide more insight into creating metrics for your change process.
Purposely use SDLC and change lifecycle metrics to find bottlenecks and automation candidates.
Metrics are easily measured datapoints that can be pulled from your change management tool. Examples: Number of changes implemented, number of changes without incident.
Key Performance Indicators are metrics presented in a way that is easily digestible by stakeholders in IT. Examples: Change efficiency, quality of changes.
Critical Success Factors are measures of the business success of change management taken by correlating the CSF with multiple KPIs. Examples: consistent and efficient change management process, a change process mapped to business needs
Metric/Report (by team) | Benefit |
---|---|
Total number of RFCs and percentages by category (pre-approved, normal, emergency, escalated support, expedited) |
|
Pre-approved change list (and additions/removals from the list) | Workload and process streamlining (i.e. reduce “red tape” wherever possible) |
Average time between RFC lifecycle stages (by service/application) | Advance planning for proposed changes |
Number of changes by service/application/hardware class |
|
Change triggers | Business- vs. IT-initiated change |
Number of RFCs by lifecycle stage | Workload planning |
List of incidents related to changes | Visible failures of the CM process |
Percentage of RFCs with a tested backout/validation plan | Completeness of change planning |
List of expedited changes | Spotlighting poor planning and reducing the need for this category going forward (“The Hall of Shame”) |
CAB approval rate | Change coordinator alignment with CAB priorities – low approval rate indicates need to tighten gatekeeping by the change coordinator |
Calendar of changes | Planning |
Ref # | Metric |
---|---|
M1 |
Number of changes implemented for a time period |
M2 | Number of changes successfully implemented for a time period |
M3 | Number of changes implemented causing incidents |
M4 | Number of accepted known errors when change is implemented |
M5 | Total days for a change build (specific to each change) |
M6 | Number of changes rescheduled |
M7 | Number of training questions received following a change |
Ref# | KPI | Product |
---|---|---|
K1 | Successful changes for a period of time (approach 100%) | M2 / M1 x 100% |
K2 | Changes causing incidents (approach 0%) | M3 / M1 x 100% |
K3 | Average days to implement a change | ΣM5 / M1 |
K4 | Change efficiency (approach 100%) | [1 - (M6 / M1)] x 100% |
K5 | Quality of changes being implemented (approach 100%) | [1 - (M4 / M1)] x 100% |
K6 | Change training efficiency (approach 100%) | [1 - (M7 / M1)] x 100% |
Ref# | CSF | Indicator |
---|---|---|
C1 | Successful change management process producing quality changes | K1, K5 |
C2 | Consistent efficient change process | K4, K6 |
C3 | Change process maps to business needs | K5, K6 |
Info-Tech Best Practice
Make sure you’re measuring the right things and considering all sources of information. It’s very easy to put yourself in a position where you’re congratulating yourselves for improving on a specific metric such as number of releases per month, but satisfaction remains low.
Tracking the progress of metrics is paramount to the success of any change management process. Use Info-Tech’s Change Management Metrics Tool to record metrics and track your progress. This tool is intended to be a substitute for organizations who do not have the capability to track change-related metrics in their ITSM tool.
Download the Change Management Metrics Tool
Industry: Federal Credit Union (anonymous)
Source: Info-Tech Workshop
At this federal credit union, the VP of IT wanted a tight set of metrics to engage with the business, communicate within IT, enable performance management of staff, and provide visibility into workload demands, among other requirements.
The organization was suffering from “metrics fatigue,” with multiple reports being generated from all groups within IT, to the point that weekly/monthly reports were being seen as spam.
Stakeholders were provided with an overview of change management benefits and were asked to identify one key attribute that would be useful to their specific needs.
Metrics were designed around the stakeholder needs, piloted with each stakeholder group, fine-tuned, and rolled out.
Some metrics could not be automated off-the-shelf and were rolled out in a manual fashion. These metrics were subsequently automated and finally made available through a dashboard.
The business received clear guidance regarding estimated times to implement changes across different elements of the environment.
The IT managers were able to plan team workloads with visibility into upstream change activity.
Architects were able to identify vendors and systems that were the leading source of instability.
The VP of IT was able to track the maturity growth of the change management process and proactively engage with the business on identified hot spots.
4.2.1 Use a Communications Plan to Gain End User Buy-In
4.2.2 Create a Project Roadmap to Track Your Implementation Progress
Step 4.1: Identify Metrics and Build the Change Calendar
Step 3.2: Implement the Project
This step involves the following participants:
Change management provides value by promptly evaluating and delivering changes required by the business and by minimizing disruption and rework caused by failed changes. Communication of your new change management process is key. If people do not understand the what and why, it will fail to provide the desired value.
Info-Tech Best Practice
Gather feedback from end users about the new process: if the process is too bureaucratic, end users are more likely to circumvent it.
Info-Tech Insight
The success of change communication can be measured by monitoring the number of service desk tickets related to a change that was not communicated to users.
Why? What problems are you trying to solve?
What? What processes will it affect (that will affect me)?
Who? Who will be affected? Who do I go to if I have issues with the new process?
When? When will this be happening? When will it affect me?
How? How will these changes manifest themselves?
Goal? What is the final goal? How will it benefit me?
Info-Tech Insight
Pay close attention to the medium of communication. For example, stakeholders on their feet all day would not be as receptive to an email communication compared to those who primarily work in front of a computer. Put yourself into various stakeholders’ shoes to craft a tailored communication of change management.
Group | Benefits | Impact | Method | Timeline |
---|---|---|---|---|
IT | Standardized change process | All changes must be reviewed and approved | Poster campaign | 6 months |
End Users | Decreased wait time for changes | Formal process for RFCs | Lunch-and-learn sessions | 3 months |
Business | Reduced outages | Increased involvement in planning and approvals | Monthly reports | 1 year |
Download the Change Management Communications Plan
Know your audience:
Info-Tech Insight
The support of senior executive stakeholders is critical to the success of your SOP rollout. Try to wow them with project benefits and make sure they know about the risks/pain points.
Download the Change Management Project Summary Template
Download the Change Management Roadmap Tool
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
Intel had its new change management program in place and the early milestones planned, but one key challenge with any new project is communication.
The company also needed to navigate the simplification of a previously complex process; end users could be familiar with any of the 37 different change processes or 25 different change management systems of record.
Top-level buy-in was another concern.
Intel first communicated the process changes by publishing the vision and strategy for the project with top management sponsorship.
The CIO published all of the new change policies, which were supported by the Change Governance Council.
Intel cited the reason for success as the designation of a Policy and Guidance Council – a group designed to own communication and enforcement of the new policies and processes put in place.
You now have an outline of your new change management process. The hard work starts now for an effective implementation. Make use of the communications plan to socialize the new process with stakeholders and the roadmap to stay on track.
Remember as you are starting your implementation to keep your documents flexible and treat them as “living documents.” You will likely need to tweak and refine the processware and templates several times to continually improve the process. Furthermore, don’t shy away from seeking feedback from your stakeholders to gain buy-in.
Lastly, keep an eye on your progress with objective, data-driven metrics. Leverage the trends in your data to drive your decisions. Be sure to revisit the maturity assessment not only to measure and visualize your progress, but to gain insight into your next steps.
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic office in Toronto, Ontario, Canada to participate in an innovative onsite workshop.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Run through the change management maturity assessment with tailored commentary for each action item outlining context and best practices.
Build a normal change process using Info-Tech’s Change Management Process Library template with an analyst helping you to right size the process for your organization.
Improve customer service by driving consistency in your support approach and meeting SLAs.
Maintain both speed and control while improving the quality of deployments and releases within the infrastructure team.
Don’t let persistent problems govern your department.
AXELOS Limited. ITIL Foundation: ITIL 4th edition. TSO, 2019, pp. 118–120.
Behr, Kevin and George Spafford. The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps. IT Revolution Press. 2013.
BMC. “ITIL Change Management.” BMC Software Canada, 22 December 2016.
Brown, Vance. “Change Management: The Greatest ROI of ITIL.” Cherwell Service Management.
Cisco. “Change Management: Best Practices.” Cisco, 10 March 2008.
Grove, Daniel. “Case Study ITIL Change Management Intel Corporation.” PowerShow, 2005.
ISACA. “COBIT 5: Enabling Processes.” ISACA, 2012.
Jantti, M. and M. Kainulainen. “Exploring an IT Service Change Management Process: A Case Study.” ICDS 2011: The Fifth International Conference on Digital Society, 23 Feb. 2011.
Murphy, Vawns. “How to Assess Changes.” The ITSM Review, 29 Jan. 2016.
Nyo, Isabel. “Best Practices for Change Management in the Age of DevOps.” Atlassian Engineering, 12 May 2021.
Phillips, Katherine W., Katie A. Liljenquist, and Margaret A. Neale. “Better Decisions Through Diversity.” Kellogg Insight, 1 Oct. 2010.
Pink Elephant. “Best Practices for Change Management.” Pink Elephant, 2005.
Sharwood, Simon. “Google broke its own cloud by doing two updates at once.” The Register, 24 Aug. 2016.
SolarWinds. “How to Eliminate the No: 1 Cause of Network Downtime.” SolarWinds Tech Tips, 25 Apr. 2014.
The Stationery Office. “ITIL Service Transition: 2011.” The Stationary Office, 29 July 2011.
UCISA. “ITIL – A Guide to Change Management.” UCISA.
Zander, Jason. “Final Root Cause Analysis and Improvement Areas: Nov 18 Azure Storage Service Interruption.” Microsoft Azure: Blog and Updates, 17 Dec. 2014.
In many organizations, there are changes which may not fit into the three prescribed categories. The reason behind why the expedited category may be needed generally falls between two possibilities:
For the full process, refer to the Change Management Process Library.
The core tenets of change management still apply no matter the type of development environment an organization has. Changes in any environment carry risk of degrading functionality, and must therefore be vetted. However, the amount of work and rigor put into different stages of the change life cycle can be altered depending on the maturity of the development workflows. The following are several stage gates for change management that MUST be considered if you are a DevOps or Agile shop:
"Understand that process is hard and finding a solution that fits every need can be tricky. With this change management process we do not try to solve every corner case so much as create a framework by which best judgement can be used to ensure maximum availability of our platforms and services while still complying with our regulatory requirements and making positive changes that will delight our customers.“ -IT Director, Information Cybersecurity Organization
The core differences between an Agile or DevOps transition and a traditional approach are the restructuring and the team behind it. As a result, the stakeholders of change management must be onboard for the process to work. This is the most difficult problem to solve if it’s an issue, but open avenues of feedback for a process build is a start.
Automation comes in many forms and is well documented in many development workflows. Having automated signoffs for QA/security checks and stakeholders/cross dependency owner sign offs may not fully replace the CAB but can ease the burden on discussions before implementation.
Canary releases, phased releases, dark releases, and toggles are all options you can employ to reduce risk during a release. Furthermore, building in contingencies to the test/rollback plan decreases the risk of the change by decreasing the factor of likelihood.
Building change from the ground up doesn’t meant the process has to be fully fledged before launch. Iterative improvements are possible before achieving an optimal state. Having the proper metrics on the pain points and bottlenecks in the process can identify areas for automation and improvement.
Using the MITRE ATT&CK® framework, Info-Tech’s approach helps you understand your preparedness and effective detection and mitigation actions.
This blueprint and associated tool are scalable for all types of organizations within various industry sectors, allowing them to know what types of risk they are facing and what security services are recommended to mitigate those risks.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Review a breakdown of each of the various attack vectors and their techniques for additional context and insight into the most prevalent attack tactics.
Map your current security protocols against the impacts of various techniques on your network to determine your risk preparedness.
Use your prioritized attack vectors to plan your next threat modeling session with confidence that the most pressing security concerns are being addressed with substantive remediation actions.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s MSA Contract Review Tool to locate and track improvement areas in your MSAs.
In early April, I already wrote about exit plans and how they are the latest burning platform.
As of the end of May 2025, we have both Microsoft and Google reassuring European clients about their sovereign cloud solutions. There are even air-gapped options for military applications. These messages come as a result of the trade war between the US and the rest of the world.
There is also the other, more mundane example of over-reliance on a single vendor: the Bloomberg-terminal outage of May 21st, 2025. That global outage severely disrupted financial markets. It caused traders to lose access to real-time data, analytics, and pricing information for approximately 90 minutes. This widespread system failure delayed critical government bond auctions in the UK, Portugal, Sweden, and the EU.
It serves as a reminder of the heavy reliance on the Bloomberg Terminal, which is considered an industry standard despite its high annual cost. While some Bloomberg services like instant messaging remained functional, allowing limited communication among traders, the core disruption led to significant frustration and slowed down trading activities.
You want to think about this for a moment. Bloomberg is, just like Google and Microsoft are, cornerstones in their respective industries. MS, Google, and Amazon even in many more industries.
So the issue goes beyond the “panic of the day.” Every day, there will be some announcement that sends markets reeling and companies fearing. Granted, the period we go through today can have grave consequences, but at the same time, it may be over in the coming months or years.
Let's take a step back and see if we can locate the larger issue at stake. I dare to say that the underlying issue is trust. We are losing trust in one another at a fast pace. Not between business partners, meaning companies who are, in a transaction or relationship, are more or less equal. Regardless of their geolocation, people are keen to do business together in a predictable, mutually beneficial way. And as long as that situation is stable, there is little need, beyond compliance and normal sound practices, to start to distrust each other.
Trouble brews when other factors come into play. I want to focus on two of them in this article.
The past few years have seen a large increase in power of the cloud computing platforms. The pandemic of 2019 through to 2023 changed our way of working and gave a big boost to these platforms. Of course, they were already establishing their dominance in the early 2010s.
Amazon launched SQS in 2004 with S3 (storage) and EC2 (compute) in 2006. Azure launched in 2008 as a PaaS platform for .NET developers, and became really available in 2010. Since then, it grew into the IaaS (infrastructure as a service) platform we know today. Google's Cloud Platform (GCP) launched in 2008 and added components such as BigQuery, Compute Engine and Storage in the 2010s.
Since the pandemic, we've seen another boost to their popularity. These platforms solidified their lead through several vectors:
Companies made decisions on these premises. A prime example is the use of native cloud functions. These make life easier for developers. Native functions allow for serverless functionality to be made available to clients, and to do so in a non-infra-based way. It gives the impression of less complexity to the management. They are also easily scalable.
This comes at a cost, however. The cost is vendor lock-in. And with vendor lock-in, comes increased pricing power for the vendor.
For a long time, it seems EU companies' attitude was: “It won't be such an issue, after all, there are multiple cloud vendors and if all else fails, we just go back.” The reality is much starker, I suspect that cloud providers with this level of market power will increase their pricing significantly.
in come two elements:
The latest push to their market power came as an unintended consequence of EU Law: DORA. That EU law requires companies to have testable exit plans in place. But it goes well beyond this. The EU has increased the regulatory burden on companies significantly. BusinessEurope, a supranational organization, estimates that in the past five years, the Eu managed to release over 13,000 legislative acts. This is compared to 3,500 in the US.
Coming back to DORA, this law requires EU companies to actually test their exit plans and show proof of it to the EU ESAs (European Supervisory Agency). The reaction I have seen in industry representative organizations is complacency.
The cost of compliance is significant; hence, companies try to limit their exposure to the law as much as possible. They typically do this by limiting the applicability scope of the law to their business, based on the wording of the law. And herein lies the trap. This is not lost on the IT providers. They see that companies do the heavy lifting for them. What do I mean by that? Several large providers are looked at by the EU as systemic providers. They fall under direct supervision by the ESAs.
For local EU providers, it is what it is, but for non-EU providers, they get to show their goodwill, using sovereign IT services. I will come back to this in the next point, US unpredictability and laws. But the main point is: we are giving them more market power, and we have less contractual power. Why? Because we are showing them that we will go to great lengths to keep using their services.
US companies must comply with US law. So far, so good. Current US legislation also already requires US companies to share data on non-US citizens.
This last one is of particular concern. Not so much because of its contents, but because it is an Executive Order.
We know that the current (May 2025) US government mostly works through executive orders. Let's not forget that executive orders are a legitimate way to implement policy, This means that the US government could use access to cloud services as a lever to obtain more favorable trade rules.
The EU responds to this (the laws and executive order) by implementing several sovereignty countermeasures like GDPR, DORA, Digital markets Act (DMA), Data Governance Act (DGA), Cybersecurity Act and the upcoming European Health Data Act (EHDS). This is called the “Brussels Effect.”
Europe is also investing in several strategic initiatives such as
This points to a new dynamic between the EU and the US, EU-based companies simply cannot trust their US counterparts anymore to the degree they could before. The sad thing is, that there is no difference on the interpersonal level. It is just that companies must comply with their respective laws.
Hence, Microsoft, Google, and AWS and any other US provider cannot legally provide sovereign cloud services. In a strict legal sense, Microsoft and Google cannot absolutely guarantee that they can completely insulate EU companies and citizens from all US law enforcement requests for data, despite their robust efforts and sovereign cloud offerings. This is because they are US companies, subject to US law and US jurisdiction. The CLOUD act and FISA section 702 compel US companies to comply.
Moreover, there is the nature of sovereign cloud offerings:
And lastly, there are the legal challenges to the EU data privacy Framework (DPF)
This all means that while the cloud providers are doing everything they can, and I'm assuming they are acting in good faith. The fact that they are US entities means however that they are subject to all US legislation and executive orders. And we cannot trust this last part. Again, this is why the EU is pursuing its digital sovereignty initiatives and why some highly sensitive EU public sector entities are gravitating towards truly EU-owned and operated cloud solutions.
If your provider goes bankrupt, you do not have a leg to stand on. Most jurisdictions, including the EU and US, have the following elements regarding bankruptcy:
Automatic Stay: Upon a bankruptcy filing (in most jurisdictions, including the US and EU), an “automatic stay” is immediately imposed. This is a court order that stops most collection activities against the debtor. For you as a customer, this can mean you might be prevented from:
Debtor's Estate and Creditor Priority
So, while I understand the wait and see stance in regard to exit plans, given where we are, it is in my opinion the wrong thing to do. Companies must make actionable exit plans and prepare beforehand for the exit. That means that you have to:
If you want more detailed steps on how to get there, feel free to contact me.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify project stakeholders, define roles, and create the project charter.
Identify and model the future state of key business processes.
Model the current state of key business processes and assess gaps.
Review the outputs of the current state architecture health assessment and adopt a preliminary posture on architecture.
Evaluate the marketplace applications to understand the “art of the possible.”
Compile and score a list of initiatives to bridge the gaps, and plot the initiatives on a strategic roadmap.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss Customer Service-related organizational goals and align goals with potential strategies for implementation.
Score level 5 Customer Service business processes against organizational goals to come up with a shortlist for modeling.
Create a future state model for one of the shortlisted business processes.
Draft the requirements as they relate to the business process.
Preliminary list of Customer Service-related business goals
List of Customer Service business processes (Task Level 5)
Pre-selected Customer Service business process for modeling
1.1 Outline and prioritize your customer goals and link their relevance and value to your Customer Service processes with the Customer Service Business Process Shortlisting Tool.
1.2 Score customer service business processes against organizational goals with the Customer Service Systems Strategy Tool.
Initial position on viable Customer Service strategies
Shortlist of key business processes
Documented future state business process model
Business/functional/non-functional requirements
Create a current state model for the shortlisted business processes.
Score the functionality and integration of current supporting applications.
Revise future state model and business requirements.
Inventory of Customer Service supporting applications
Inventory of related system interfaces
2.1 Holistically assess multiple aspects of Customer Service-related IT assets with the Customer Service Systems Strategy Tool.
Documented current state business process model
Customer Service systems health assessment
Review the Customer Service systems health assessment results.
Discuss options.
Completed Customer Service systems health assessment
Application options
3.1 Analyze CS Systems Strategy and review results with the Customer Service Systems Strategy Tool
Posture on system architecture
Draft a list of initiatives based on requirements.
Score and prioritize the initiatives.
Plot the initiatives on a roadmap.
Business/functional/non-functional requirements
4.1 Help project and management stakeholders visualize the implementation of Customer Service IT initiatives with the Customer Service Initiative Scoring and Roadmap Tool.
Scored and prioritized list of initiatives
Customer Service implementation roadmap
As the pandemic closed brick-and-mortar stores, the acceleration of ecommerce has cemented Customer Service’s digital future. However, the pandemic also revealed severe cracks in the IT strategy of organizations’ Customer Service – no matter the industry. These cracks may include low resolution and high wait times through the contact center, or a lack of analytics that fuel a reactive environment. Unfortunately, organizations have no time to waste in resolving these issues. Customer patience for poor digital service has only decreased since March 2020, leaving organizations with little to no runway for ramping up their IT strategy.
Organizations that quickly mature their digital Customer Service will come out the other side of COVID-19 more competitive and with a stronger reputation. This move necessitates a concrete IT strategy for coordinating what the organization’s future state should look like and agreeing on the technologies and software required to meet this state across the entire organization.
Thomas E. Randall, Ph.D.
Senior Research Analyst, Info-Tech Research Group
Your Challenge | Common Obstacles | Info-Tech’s Solution |
---|---|---|
|
|
|
IT must proactively engage with the organization to define what good customer service should look like. This ensures IT has a fair say in what kinds of architectural solutions are feasible for any projected future state. In this proactive scenario, IT can help build the roadmap for implementing and maintaining customer service infrastructure and operations, reducing the time and resources spent on putting out preventable fires or trying to achieve an unworkable goal set by the organization.
Ecommerce growth has increased customer expectations | Despite the huge obstacles that organizations are having to overcome to meet accelerating ecommerce from the pandemic, customers have not increased their tolerance for organizations with poor service. Indeed, customer expectations for excellent digital service have only increased since March 2020. If organizations cannot meet these demands, they will become uncompetitive. |
---|---|
The future of customer service is tied up in analytics | Without a coordinated IT strategy for leveraging technology and data to improve Customer Service, the organization will quickly be left behind. Analytics and reporting are crucial for proactively engaging with customers, planning marketing campaigns, and building customer profiles. Failing to do so leaves the organization blind to customer needs and will constantly be in firefighting mode. |
Meet the customer wherever they are – no matter the channel | Providing an omnichannel experience is fast becoming a table stakes offering for customers. To maximize customer engagement and service, the organization must connect with the customer on whatever channel the customer prefers – be it social media, SMS, or by phone. While voice will continue to dominate how Customer Service connects with customers, demographics are shifting toward a digital-first generation. Organizations must be ready to capture this rapidly expanding audience. |
Increased customer satisfaction |
|
---|---|
Time saved |
|
Increased ROI |
|
59% Of customers agree that the pandemic has raised their standards for service (Salesforce, 2020).
The pandemic did not improve customer tolerance for bad service – instead, the demand for good service increased dramatically. Organizations need an IT strategy to meet customer support demands wherever the customer is located.
78% | Of decision makers say they’ve invested in new technology as a result of the pandemic (Salesforce, 2020). | OMNICHANNEL SUPPORT | Rapidly changing demographics and modes of communications require an evolution toward omnichannel engagement. Agents need customer information synced across each channel they use, meeting the customer’s needs where they are. |
---|---|---|---|
78% | Of customers have increased their use of self-service during the pandemic (Salesforce, 2020). | INTELLIGENT SELF-SERVICE PORTALS | Customers want their issues resolved as quickly as possible. Machine-learning self-service options deliver personalized customer experiences, which also reduce both agent call volume and support costs for the organization. |
90% | Of global executives who use data analytics report that they improved their ability to deliver a great customer experience (Gottlieb, 2019). | LEVERAGING ANALYTICS | The future of customer service is tied up with analytics: from AI-driven capabilities that include agent assist and using biometric data (e.g., speech) for security, to feeding real insights about how customers and agents are doing and performing. |
INDUSTRY: Financial Services
SOURCE: TSB
Situation | Solution | Results |
---|---|---|
|
|
|
IT benefits | Customer Service benefits |
---|---|
|
|
Change to how Customer Service will operate is inevitable. This is an opportunity for IT to establish their value to the business and improve their autonomy in how new technologies should be onboarded and utilized.
IT pain points | Customer Service pain points |
---|---|
|
|
IT often cannot spark a debate with Customer Service on whether a decision made without IT is misaligned with corporate direction. It’s almost always an uphill battle for IT.
DON’T FALL BEHIND | 70% of companies either have a digital transformation strategy in place or are working on one (Tech Pro Research, 2018). Unless IT can enable technology that meets the customer where they are, the organization will quickly fall behind in an age of accelerating ecommerce. |
---|---|
DEVELOP FUTURE STATES | Many customer journeys are now exclusively digital – 63% of customers expect to receive service over social media (Ringshall, 2020). Organization’s need an IT strategy to develop the future of their customer service – from leveraging analytics to self-service AI portals. |
BUILD GAP ANALYSIS | 73% of customers prefer to shop across multiple channels (Sopadjieva et al., 2017). Assess your current state’s application integrations and functionality to ensure your future state can accurately sync customer information across each channel. |
SHORTLIST SOLUTIONS | Customer relationship management software is one of the world's fastest growing industries (Kuligowski, 2022). Choosing a best-fit solution requires an intricate analysis of the market, future trends, and your organization’s requirements. |
ADVANCE CHANGE | 95% of customers cite service as key to their brand loyalty (Microsoft, 2019). Build out your roadmap for the future state to retain and build your customer base moving forward. |
PHASE 1: Define Project and Future State Output: Project Charter and Future State Business Processes 1.1 Structure the Project 1.2 Define a Vision for Future State 1.3 Document Preliminary Requirements | KEY DELIVERABLE: Strategic Roadmap |
PHASE 2: Evaluate Current State Output: Requirements Identified to Bridge Current to Future State 2.1 Document Current State Business Processes 2.2 Assess Current State Architecture 2.3 Review and Finalize Requirements for Future State | |
PHASE 3: Build a Roadmap to Future State Output: Initiatives and Strategic Roadmap 3.1 Evaluate Architectural and Application Options 3.2 Understand the Marketplace 3.3 Score and Plot Initiatives Along Your Strategic Roadmap |
Project RACI Chart Activity 1.1a Organize roles and responsibilities for carrying out project steps. | Key Deliverable: Strategic Roadmap Develop, prioritize, and implement key initiatives for your customer service IT strategy, plotting and tracking them on an easy-to-read timeline. | Business Process Shortlisting Tool Activities 1.2a, 1.2b, and 2.1aOutline and prioritize customer service goals. |
Project Charter Template Activity 1.1b Define the project, its key deliverables, and metrics for success. | Systems Strategy Tool Activities 1.3a, Phase 2, 3.1a Prioritize requirements, assess current state customer service functions, and decide what to do with your current systems going forward. . |
For example, the metrics below show the potential business benefits for several stakeholders through building an IT strategy for Customer Service. These stakeholders include agents, customers, senior leadership, and IT. The benefits of this project are listed to the right.
Metric Description | Current Metric | Future Goal |
---|---|---|
Number of channels for customer contact | 1 | 6 |
Customer self-service resolution | 0% | 50% |
% ROI | - 4% | 11% |
Agent satisfaction | 42% | 75% |
As this project nears completion:
DIY Toolkit | Guided Implementation | Workshop | Consulting |
---|---|---|---|
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” | “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” | “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” | “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” |
Diagnostics and consistent frameworks used throughout all four options
Define Project and Future State | Document and Assess Current State | Evaluate Architectural and Application Options | Build Roadmap to Future State |
---|---|---|---|
Call #1: Introduce project, defining its vision and metrics of success. Call #2: Review environmental scan to define future state vision. Call #3: Examine future state business processes to compile initial requirements. | Call #4: Document current state business processes. Call #5: Assess current customer service IT architecture. Call #6: Refine and prioritize list of requirements for future state. | Call #7: Evaluate architectural options. Call #8: Evaluate application options. | Call #9:Develop and score initiatives to future state. Call #10: Develop timeline and roadmap. Call #11: Review progress and wrap-up project. |
A Guided Implementation is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical Guided Implementation is two to 12 calls over the course of four to six months.
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Define Your Vision for Future State | Document Current State and Assess Gaps | Adopt an Architectural Posture | Frame Desired State and Develop Roadmap | Communicate and Implement | |
Activities | 1.1 Outline and prioritize your customer goals. 1.2 Link customer service goals’ relevance and value to your Customer Service processes. 1.3 Score Customer Service business processes against organizational goals. | 2.1 Holistically assess multiple aspects of Customer Service-related IT assets with Customer Service Systems Strategy Tool. | 3.1 Analyze Customer Service Systems Strategy and review results with the Customer Service Systems Strategy Tool. | 4.1 Help project management stakeholders visualize implementation of Customer Service IT initiatives. 4.2 Build strategic roadmap and plot initiatives. | 5.1 Finalize deliverables. 5.2 Support communication efforts. 5.3 Identify resources in support of priority initiatives. |
Deliverables |
|
|
|
|
|
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
1.1 Structure the Project 1.2 Define Vision for Future State 1.3 Document Preliminary Requirements | 2.1 Document Current State Business Processes 2.2 Assess Current State Architecture 2.3 Review and Finalize Requirements for Future State | 3.1 Evaluate Architectural and Application Options 3.2 Understand the Marketplace 3.3 Score and Plot Initiatives Along Strategic Roadmap |
This phase will guide you through the following activities:
1.1a Create your project’s RACI chart to establish key roles throughout the timeline of the project.
1.1b Finalize your project charter that captures the key goals of the project, ready to communicate to stakeholders for approval.
1.2a Begin documenting business processes to establish potential future states.
1.2b Model future state business processes for looking beyond current constraints and building the ideal scenario.
1.3a Document your preliminary requirements for concretizing a future state and performing a gap analysis.
Participants required for Phase 1:
Customer Service Perspective | IT Perspective |
---|---|
|
|
While involving management is important for high-level strategic decisions, input from those who interact day-to-day with the systems is a crucial component to a well-planned strategy.
R – Responsibility
A – Accountability
C – Consulted
I – Informed
Customer Service Head | Customer Service Director | CIO | Applications Director* | CEO/COO | Marketing Head | Sales Head | |
---|---|---|---|---|---|---|---|
Determine Project Suitability | A | R | C | C | C | I | I |
Phase 1.1 | C | C | A | R | I | I | I |
Phases 1.2 – 1.3 | A | R | C | C | I | C | C |
Phase 2 | A | R | I | C | I | I | I |
Phase 3.1 (Architectural options) | C | C | A | R | I | I | I |
Phase 3.1 (Application options) | A | C | I | R | I | C | C |
Phases 3.2 – 3.3 | C | C | A | R | C | I | I |
* The Applications Director is to compile a list of Customer Service systems; the Customer Service Director is responsible for vetting a list and mapping it to Customer Service functions.
** The Applications Director is responsible for technology-related decisions (e.g. SaaS or on-premise, integration issues); the Customer Service Director is responsible for functionality-related decisions.
1 hour
Input | Output |
|
|
Materials | Participants |
|
|
Download the Project RACI Chart
A project charter should address the following:
|
Why create a project charter?
Stakeholders must:
1-2 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Project Charter Template
IT | ⇒ | Customer Service | ⇒ | Customer |
Customer Service-Facing Application | Customer-Facing Application |
---|---|
|
|
Retention | Efficiency | Cross-Sell/Up-Sell |
---|---|---|
Ensuring customers remain customers by providing proactive customer service and a seamless omnichannel strategy. | Reducing costs by diverting customers to lower cost channels and empowering agents to solve problems quickly. | Maximizing the value of existing customers by capitalizing on cross-sell and up-sell opportunities. |
Purely driving efficiency is not the goal. Create a balance that does not compromise customer satisfaction.
Efficiency |
| MISS DIG 811 – a utility notification system – sought to make their customer service more efficient by moving to softphones. Using the Cisco Customer Journey Platform, Miss Dig saw a 9% YoY increase in agent productivity and 83% reduction in phone equipment costs. Source: (Cisco, 2018). |
---|---|---|
Retention |
| VoiceSage worked with Home Retail Group – a general merchandise retailer – to proactively increase customer outreach, reducing the number of routine customer order and delivery queries received. In four weeks, Home Retail Group increased their 30-40% answer rate from customers to 100%, with 90% of incoming calls answered and 60% of contacts made via SMS. Source: (VoiceSage, 2018) |
Cross-Sell/ Up-Sell |
| A global brand selling language-learning software utilized Callzilla to help improve their call conversion rate of 2%. After six months of agent and supervisor training, this company increased their call conversion rate to 16% and their upsell rate to 40%. Their average order value increased from < $300 to $465. Source: (Callzilla, n.d.) |
An environmental scan seeks to understand your organization’s customers from multiple directions. It considers:
Business processes must directly relate to customer service. Failing to correlate customer experience with business performance outcomes overlooks the enormous cost of negative sentiment.
Why IT should care: | Implications: |
---|---|
Each customer experience, from product/service selection to post-transaction support, can have a significant impact on business performance. | It is not just IT or Customer Service that should care; rather, it should be an organizational responsibility to care about what customers say. |
Customers have little tolerance for mediocrity or poor service and simply switch their allegiances to those that can satisfy their expectations. | Do not ignore your competitors; they may be doing something well in Customer Service technology which may serve as your organization’s benchmark. |
With maturing mobile and social technologies, customers want to be treated as individuals rather than as a series of disconnected accounts | Do not ignore your customers’ plea for individuality through mobile and social. Assess your customers’ technology channel preferences. |
Customer service’s perception of service quality may be drastically different than what is expected by the customers. | Prevent your organization from investing in technology that will have no positive impact on your customer experience. |
Some customers may not provide your organization the business value that surpasses your cost to serve them. | Focus on enhancing the technology and customer service experience for your high-value customers. |
Insights and Implications for Customer Service | Limitations of conventional listening:
|
---|---|
How IT Can Help | IT can help facilitate the customer feedback process by:
|
Insights and implications from Customer Service | How IT can help |
---|---|
Competitor actions are crucial. Watch your competitors to learn how they use Customer Service as a competitive differentiator and a customer acquisition tool. Do not learn about a competitor’s actions because your customers are already switching to them. Track your competitors before getting a harsh surprise from your customers. View the customer service experience from the outside in. Assessing from the inside out gives an internal perspective on how good the service is, rather than what customers are experiencing. | Take a data and analytics-driven approach to mine insights on what customers are saying about your competitors. Negative sentiment and specific complaints can be used as reference for IT and Customer Service to:
|
Look to your competitors for comparative models but do not pursue to solely replicate what they currently have. Aim higher and attempt to surpass their capabilities and brand value.
Insights and implications from customer service
How IT can help
“If you're developing a Customer Service strategy, it has to start with who your clients are, what [they are] trying to do, and through what channels […] and then your decision around processes have to fall out of that. If IT is trying to lead the conversation, or bring people together to lead the conversation, then marketing and whoever does segmentation has to be at the table as a huge component of this.”
OMNICHANNEL SUPPORT | Rapidly changing demographics and modes of communication requires an evolution toward omnichannel engagement. 63% of customers now expect to communicate with contact centers over their social media (Ringshall 2020). Agents need customer information synced across each channel they use, meeting the customer’s needs where they are. |
---|---|
INTELLIGENT SELF-SERVICE PORTALS | Customers want their issues resolved as quickly as possible. Machine learning self-service options deliver personalized customer experiences, which also reduce both agent call volume and support costs for the organization. 60% of contact centers are using or plan to use AI in the next 12 months to improve their customer (Canam Research 2020). |
LEVERAGING ANALYTICS | The future of customer service is tied up with analytics. This not only entails AI-driven capabilities that fetch the agent relevant information, but it finds skills-based routing and uses biometric data (e.g., speech) for security. It also feeds operations leaders’ need for easy access to real insights about how their customers and agents are doing. |
INDUSTRY: Financial Services
SOURCE: Mattsen Kumar
Situation | Solution | Results |
---|---|---|
|
|
|
A process-oriented approach helps organizations see the complete view of the system by linking strategic requirements to business requirements, and business requirements to system requirements.
The APQC framework does not list all processes within a specific organization, nor are the processes which are listed in the framework present in every organization. It is designed as a framework and global standard to be customized for use in any organization.
The PCF provides L1 through 4 for the Customer Service Framework.
L5 processes are task- and industry-specific and need to be defined by the organization.
4 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Business Process Shortlisting Tool
Future-State Analysis | Start by designing your future state business processes (based on the key processes shortlisting exercise). Design these processes as they would exist as your “ideal scenario.” Next, analyze your current state to help better your understanding of:
|
Though it’s a commonly used approach, documenting your current-state business processes first can have several drawbacks:
| Current-State Analysis |
“If you're fairly immature and looking for a paradigm shift or different approach [because] you recognize you're totally doing it wrong today, then starting with documenting current state doesn't do a lot except make you sad. You don't want to get stuck in [the mindset of] ‘Here's the current state, and here’s the art of the possible.’”
Getting consensus on the process definition (who does what, when, where, why, and how) is one of the hardest parts of BPM.
Gathering process owners for a process-defining workshop isn’t easy. Getting them to cooperate can be even harder. To help manage these difficulties during the workshop, make sure to:
Keep meetings short and on task as tangents are inevitable. Set ground rules at the beginning of any brainstorming or whiteboarding session to ensure that all participants are aligned.
Owner | Who | What | When | Where | Why | How | |
---|---|---|---|---|---|---|---|
Record Claim | Customer Service | Customer Service Rep. | Claim | Accident | Claims system | Customer notification | Agent enters claim into the system and notifies claims department |
Manage Claim | Claims Department | Claims Clerk | Claim | Agent submitted the claim | Claims system | Agent notification | Clerk enters claim into the claims system |
Investigate Claim | Claims Investigation | Adjuster | Claim | Claim notification | Property where claim is being made | Assess damage | Evaluation and expert input |
Settle Claim | Claims Department | Claim Approver | Claim and Adjuster’s evaluation | Receipt of Adjuster’s report | Claims system | Evaluation | Approval or denial |
Administer Claim | Finance Department | Finance Clerk | Claim amount | Claim approval notification | Finance system | Payment required | Create payment voucher and cut check |
Close Claim | Claims Department | Claims Clerk | Claim and all supporting documentation | Payment issued | Claims system | Claim processed | Close the claim in the system |
It’s not just about your internal processes. To achieve higher customer retention and satisfaction, it’s also useful to map the customer service process from the customer perspective to identify customer pain points and disconnects.
Diagramming tools can force the process designer into a specific layout: linear or cross-functional/swim lane.
Explore SoftwareReviews’ Business Process Management market analysis by clicking here.
4 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Business Process Shortlisting Tool
For each task or event in the process, ask the following questions:
Incorporate future considerations into the requirements. How will the system need to adapt over time to accommodate additional processes, process variations, introduction of additional channels and capabilities, etc. Do not overreach by identifying system capabilities that cannot possibly be met.
Business requirements
High-level requirements that management would typically understand.
User requirements
High-level requirements on how the tool should empower users’ lives.
Non-functional requirements
Criteria that can be used to judge the operation of a contact center. It defines how the system should perform for the organization.
Functional requirements
Outline the technical requirements for the desired contact center.
4 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Systems Strategy Tool
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
1.1 Structure the Project 1.2 Define Vision for Future State 1.3 Document Preliminary Requirements | 2.1 Document Current State Business Processes 2.2 Assess Current State Architecture 2.3 Review and Finalize Requirements for Future State | 3.1 Evaluate Architectural and Application Options 3.2 Understand the Marketplace 3.3 Score and Plot Initiatives Along Strategic Roadmap |
This phase will guide you through the following activities:
2.1a Model current-state business processes for an inventory to compare against future-state models.
2.1b Compare future and current business states for a preliminary gap analysis.
2.1c Begin compiling an inventory of CS Systems by function for an overview of your current state map.
2.2a Rate your functional and integration quality to assess the performance of your application portfolio.
2.3a Compare states and propose action to bridge current business processes with viable future alternatives.
2.3b Document finalized requirements, ready to enact change.
Participants required for Phase 2:
Future State | Current Situation | Next Actions/ Proposals |
---|---|---|
Incorporate social channels for responding to customer inquiries. | No social media monitoring or channels for interaction exist at present. |
|
It is important to allot time for the current-state analysis, confine it to the minimum effort required to understand the gaps, and identify any missing pieces from your future-state vision. Make sure the work expended is proportional to the benefit derived from this exercise.
2 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Business Process Shortlisting Tool
2 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Systems Strategy Tool
Consider the following metrics when tracking your CS systems:
Time needed to perform core tasks (i.e., resolving a customer complaint)
Accuracy of basic information (customer history, customer product portfolio)
CSR time spent on manual process/workarounds
There is a two-step process to document the current state of your Customer Service systems:
2 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Systems Strategy Tool
A current-state map of CS systems can offer insight on:
Represent each of your systems as a labelled shape with a unique number (this number can be referenced in other artifacts that can provide more detail).
Color coding can also be applied to differentiate these objects, e.g., to indicate an internal system (where development is owned by your organization) vs. an external system (where development is outside of your organization’s control).
If an application is well-received by the organization and is an overall good platform, consider acquiring more modules from the same vendor application. | If you have more than one application for a function, consider why that is and how you might consolidate into a single application. | |
Measure the effectiveness of applications under consideration. For example, consider the number of failures when an application attempts a function (by ticket numbers), and overall satisfaction/ease of use. | The above steps will reveal capability overlaps and application pain points and show how the overall portfolio could be made more efficient. |
The needed level of integration will depend on three major factors: | Integration between systems helps facilitate reporting. The required reports will vary from organization to organization: |
---|---|
How many other systems benefit from the data of the application? | Large workforces will benefit from more detailed WFM reports for optimizing workforce planning and talent acquisition. |
Will automating the integration between systems alleviate a significant amount of manual effort? | Organizations with competitive sales and incentives will want to strategize around talent management and compensation. |
What kind of reports will your organization require in order to perform core and business-enabling functions? | Aging workforces or organizations with highly specialized skills can benefit from detailed analysis around succession planning. |
INDUSTRY: Retail and Wholesale
SOURCE: inContact
Situation | Solution | Results |
---|---|---|
|
|
|
2 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Systems Strategy Tool
3 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Systems Strategy Tool
Requirements are to be prioritized based on relative important and the timing of the respective initiatives. | Prioritize the full set of requirements by assigning a priority to each: |
---|---|
Requirements prioritization must be completed in collaboration with all key stakeholders (business and IT). | Consider the following criteria when assigning the priority:
|
Stakeholders must ask themselves:
4 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Systems Strategy Tool
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
1.1 Structure the Project 1.2 Define Vision for Future State 1.3 Document Preliminary Requirements | 2.1 Document Current State Business Processes 2.2 Assess Current State Architecture 2.3 Review and Finalize Requirements for Future State | 3.1 Evaluate Architectural and Application Options 3.2 Understand the Marketplace 3.3 Score and Plot Initiatives Along Strategic Roadmap |
This phase will guide you through the following activities:
3.1a Analyze future architectural posture to understand how applications within the organization ought to be arranged.
3.3a Develop a Customer Service IT Systems initiative roadmap to reach your future state.
Participants required for Phase 3:
1 hour
Review Tab 8 of the Customer Service Systems Strategy Tool.
This tab plots each system that supports Customer Service on a 2x2 framework based on its functionality and integration scores. Where these systems plot on each 2x2 provides clues as to whether they should be considered for retention, functional enhancement (upgrade), increased system integration, or replacement.
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Systems Strategy Tool
If the majority of applications are plotted in the “Integrate” quadrant: | The applications are performing well in terms of functionality but have poor integration. Determine what improvements can be made to enhance integration between the systems where required (e.g. re-working existing interfaces to accommodate additional data elements, automating interfaces, or creating brand new custom interfaces where warranted). |
---|---|
If the applications are spread across “Integrate,” “Retain,” and “Replace/Enhance”: | There is no clear recommended direction in this case. Weigh the effort required to replace/enhance/integrate specific applications critical for supporting processes. If resource usage for piecemeal solutions is too high, consider replacement with suite. |
If the majority of applications are plotted in the “Retain” quadrant: | All applications satisfy both functionality and integration requirements. There is no evidence that significant action is required. |
If the application placements are split between the “Retain” and “Replace/Enhance” quadrants: | Consider whether or not IT has the capabilities to execute application replacement procedures. If considering replacement, consider the downstream impact on applications that the system in question is currently integrated with. Enhancing an application usually implies upgrading or adding a module to an existing application. Consider the current satisfaction with the application vendor and whether the upgrade or additional module will satisfy your customer service needs. |
Best-of-breeds vs. suite | Integration and consolidation | Deployment |
Does the organization only need a point solution or an entire platform of solutions? | Does the current state enable interoperability between software? Is there room for rationalization? | Should any new software be SaaS-based, on-premises, or a hybrid? |
Decommissioning and replacing entire applications can put well-functioning modules at risk. Make sure to drill down into the granular features to assess if the feature level performance prompts change. The goal is to make the architecture more efficient for Customer Service and easier to manage for IT. If integration has been chosen as a course of action, make sure that the spend on resources and effort is less than that on system replacement. Also make sure that the intended architecture streamlines usability for agents.
Best-of-breed | Suite |
---|---|
Benefits
| Benefits
|
Challenges
| Challenges
|
IT benefits
Customer Service benefits
![]() | Problem:
Recommendation:
|
![]() | Problem:
Recommendation:
|
On-premises deployment | Hybrid deployment | Public cloud deployment |
---|---|---|
Benefits
Challenges
| Benefits
Challenges
| Benefits
Challenges
|
Security/Privacy Concerns: | Whether the data is stored on premise or in the cloud, it is never 100% safe. The risk increases with a multi-tenant cloud solution where a single vendor manages the data of multiple clients. If your data is particularly sensitive, heavily scrutinize the security infrastructure of potential vendors or store the data internally if internal security is deemed stronger than that of a vendor. |
---|---|
Location: | If there are individuals that need to access the system database and work in different locations, centralizing the system and its database in the cloud may be an effective approach. |
Compatibility: | Assess the compatibility of the cloud solutions with your internal IT systems. Cloud solutions should be well-integrated with internal systems for data flow to ensure efficiency in service operations. |
Cost/Budget Constraints: | SaaS allows conversion of up-front CapEx to periodic OpEx. It assists in bolstering a business case as costs in the short-run are much more manageable. On-premise solutions have a much higher upfront TCO than cloud solutions. However, the TCO for the long-term usage of cloud solutions under the licensing model will exceed that of an on-premise solution, especially with a growing business and user base. |
Functionality/Customization: | Ensure that the function or feature that you need is available on the cloud solution market and that the feature is robust enough to meet service quality standards. If the available cloud solution does not support the processes that fit your future-state vision and gaps, it has little business value. If high levels of customization are required to meet functionality, the amount of effort and cost in dealing with the cloud vendor may outweigh the benefits. |
Maintenance/Downtime: | For most organizations, lapses in cloud-service availability can become disastrous for customer satisfaction and service quality. Organizations should be prepared for potential outages since customers require constant access to customer support. |
While Customer Relationships Management systems interlock several aspects of the customer journey, best-of-breed software for specific aspects of this journey could provide a better ROI if the organization’s coverage of these aspects are only “good enough” and need boosting.
Contact Center as a Service (CCaaS) Cloud-based customer experience solution that allows organizations to utilize a provider’s software to administer incoming support or inquiries from consumers in a hosted, subscription model. | Customer Service Management (CSM) Supports an organization's interaction with current and potential customers. It uses data-driven tools designed to help organizations drive sales and deliver exceptional customer experiences. |
Customer Intelligence Platform Gather and analyze data from both structured and unstructured sources regarding your customers, including their demographic/firmographic details and activities, to build deeper and more effective customer relationships and improve business outcomes. | Enterprise Social Media Management Software for monitoring social media activity with the goal of gaining insight into user opinion and optimizing social media campaigns. |
Customer Relationship Management (CRM) Consists of applications designed to automate and manage the customer life cycle. CRM software optimizes customer data management, lead tracking, communication logging, and marketing campaigns. | Virtual Assistants and Chatbots interactive applications that use Artificial Intelligence (AI) to engage in conversation via speech or text. These applications simulate human interaction by employing natural language input and feedback. |
With SoftwareReviews:
Fact-based reviews of business software from IT professionals.
Product and category reports with state-of-the-art data visualization.
Top-tier data quality backed by a rigorous quality assurance process.
User-experience insight that reveals the intangibles of working with a vendor.
CLICK HERE to access SoftwareReviews
Comprehensive software reviews to make better IT decisions.
We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.
SoftwareReviews is powered by Info-Tech.
Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. The insights of our expert analysts provide unparalleled support to our members at every step of their buying journey.
![]() | |||
A simple measurement of the number of days from intake to decision. | Use our Project Satisfaction Tool to measure stakeholder project satisfaction. | Use our Application Portfolio Assessment Tool annually to measure application satisfaction. | Use our Contract Review Service to benchmark and optimize your technology spending. |
Learn more about Info-Tech’s The Rapid Application Selection Framework
Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you’re looking to select. The RASF approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology described in Implement a Proactive and Consistent Vendor Selection Process.
RASF Methodology | Commodity & Personal Applications
|
Complex Mid-Tier Applications
| |
Consulting Engagement | Enterprise Applications Sophisticated, enterprise-wide applications (Salesforce vs. Dynamics) Total application spend of over $100,000; high risk and complexity Info-Tech can assist with tailored, custom engagements |
The Process
Consider this case:
Paul’s organization, a midsize consumer packaged goods retailer, needs to monitor social media for sentiment, use social analytics to gain intelligence, and receive and respond to inquiries made over Twitter.
The initiative:
Implement a social media management platform (SMMP): A SMMP is able to deliver on all of the above requirements. SMMPs are highly capable platforms that have social listening modules and allow costumer service representatives to post to and monitor social media.
Example scenario using Info-Tech’s Initiative Scoring and Roadmap Tool
An electronics distributor wants to implement social media monitoring and response. Its existing CRM does not have robust channel management functions. The organization plans to replace its CRM in the future, but because of project size and impact and budgetary constraints, the replacement project has been scheduled to occur two years from now.
1 hour
Input | Output |
|
|
Materials | Participants |
|
|
Download the Customer Service Initiative Scoring and Roadmap Tool
Document Section | Proposed Content | Leverage the Following Artifacts | |
---|---|---|---|
Executive Summary |
| Project Charter section:
Project RACI Chart Tool:
| ![]() |
Background |
| Blueprint slides:
| ![]() |
Future-State Vision |
| Customer Service Business Process Shortlisting Tool:
Future State Business Process Models | ![]() |
Current Situation |
| Customer Service Systems Strategy Tool:
| ![]() |
Summary of Recommendations |
| N/A | |
IT Strategy Implementation Plan |
| Customer Service Initiative Scoring and Roadmap Tool:
| ![]() |
With ecommerce accelerating and customer expectations rising with it, organizations must have an IT strategy to support Customer Service.
The deliverable you have produced from this blueprint provides a solution to this problem: a roadmap to a desired future state for how IT can ground an effective customer service engagement. From omnichannel to self-service, IT will be critical to enabling the tools required to digitally meet customer needs.
Begin implementing your roadmap!
Contact your account representative for more information.
1-888-670-8889
Deliver a Customer Service Training Program to Your IT Department
Build a Chatbot Proof of Concept
The Rapid Application Selection Framework
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Develop a better understanding of your external environment and build a database of signals.
Select and analyze trends to uncover drivers.
Use trends and drivers to build plausible scenarios and brainstorm strategic initiatives.
Apply the wind tunneling technique to assess strategic initiatives and determine which are most likely to succeed in the face of uncertainty.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Note: this is preparation for the workshop and is not offered onsite.
Gather relevant signals that will inform your organization about what is happening in the external competitive environment.
A better understanding of the competitive landscape.
1.1 Gather relevant signals.
1.2 Store signals in a repository for quick and easy recall during the workshop.
A set of signal items ready for analysis
Uncover trends in your environment and assess their potential impact.
Determine the causal forces behind relevant trends to inform strategic decisions.
An understanding of the underlying causal forces that are influencing a trend that is affecting your organization.
2.1 Cluster signals into trends.
2.2 Analyze trend impact and select a key trend.
2.3 Perform causal analysis.
2.4 Select drivers.
A collection of relevant trends with a key trend selected
A set of drivers influencing the key trend with primary drivers selected
Leverage your understanding of trends and drivers to build plausible scenarios and apply them as a canvas for ideation.
A set of potential responses or reactions to trends that are affecting your organization.
3.1 Build scenarios.
3.2 Brainstorm potential strategic initiatives (ideation).
Four plausible scenarios for ideation purposes
A potential strategic initiative that addresses each scenario
Assess the various ideas based on which are most likely to succeed in the face of uncertainty.
An idea that you have tested in terms of risk and uncertainty.
An idea that can be developed and pitched to the business or stored for later use.
4.1 Assign probabilities to scenarios.
4.2 Apply wind tunneling.
4.3 Select ideas.
4.4 Discuss next steps and prototyping.
A strategic initiative (idea) that is ready to move into prototyping
The project isn’t over if the new product or system isn’t being used. How do you ensure that what you’ve put in place isn’t going to be ignored or only partially adopted? People are more complicated than any new system and managing them through the change needs careful planning.
Cultivating a herd mentality, where people adopt new technology merely because everyone else is, is an important goal in getting the bulk of users using the new product or system. The herd needs to gather momentum though and this can be done by using the more tech-able and enthused to lead the rest on the journey. Identifying and engaging these key resources early in the process will greatly assist in starting the flow.
While communication is key throughout, involving staff in proof-of-concept activities and contests and using the train-the-trainer techniques and technology champions will all start the momentum toward technology adoption. Group activities will address the bulk of users, but laggards may need special attention.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This document will help you to ensure that newly implemented systems and technologies are correctly adopted by the intended recipients.
The project is over. The new technology is implemented. Now how do we make sure it's used?
Technology endlessly changes and evolves. Similarly, business directions and requirements change, and these changes need to be supported by technology. Improved functionality and evolvement of systems, along with systems becoming redundant or unsupported, means that maintaining a static environment is virtually impossible.
Enormous amounts of IT budget are allocated to these changes each year. But once the project is over, how do you manage that change and ensure the systems are being used? Planning your technology adoption is vital.
The obstacles to technology adoption can be many and various, covering a broad spectrum of areas including:
Start by identifying, understanding, categorizing, and defining barriers and put in place a system to:
For every IT initiative that will be directly used by users, consider the question, “Will the final product be readily accepted by those who are going to use it?” There is no point in implementing a product that no one is prepared to use. Gaining user acceptance is much more than just ticking a box in a project plan once UAT is complete.
Prosci specializes in change. Its ADKAR model outlines what’s required to bring individuals along on the change journey.
The project is seen as complete. Significant investments have been made, but the technology either isn’t being used or is only partially in use.
Even worse. The failure to adopt the new technology by some means that the older systems are still being used. There are now two systems that fail to interact; business processes are being affected and there is widespread confusion.
Benefits promised to the business are not being realized. Projected revenue increases, savings, or efficiencies that were forecast are now starting to be seen as under threat.
The project should be over, but the fact that the technology is not being used has created a perception that the implementation is not complete and the project needs to continue.
People are far more complicated than any technology being implemented.
Consider carefully your approach.
There isn’t always adequate communications about what’s changing in the workplace.
Fear of change is natural and often not rational. Whether the fear is about job loss or not being able to adapt to change; it needs to be managed.
Training can be insufficient or ineffective and when this happens people are left feeling like they don’t have the skills to make the change.
A lack of executive support for change means the change is seen as less important.
The excitement the project team and business feels about the change is not necessarily shared throughout the business. Some may just see the change as more work, changing something that already works, or a reason to reduce staff levels.
Whether it’s a lack of confidence generally with technology or concern about a new or changing tool, a lack of confidence is a huge barrier.
There is a cost with managing people during a change, and budget must be allocated to allow for it.
Since Sigmund Freud there has been endless work to understand people’s minds.
Don’t underestimate the effect that people’s reactions to change can have on your project.
Communication plans are designed to properly manage change. Managing change can be easier when we have the right tools and information to adapt to new circumstances. The Kubler-Ross change curve illustrates the expected steps on the path to acceptance of change. With the proper communications strategy, each can be managed appropriately
The rapidly changing technology landscape in our world has always meant that an enthusiasm or willingness to embrace change has been advantageous. Many of us have seen how the older generation has struggled with that change and been left behind.
In the work environment, the events of the past two years have increased pressure on those slow to adopt as in many cases they couldn't perform their tasks without new tools. Previously, for example, those who may have been reluctant to use digital tools and would instead opt for face-to-face meetings, suddenly found themselves without an option as physical meetings were no longer possible. Similarly, digital collaboration tools that had been present in the market for some time were suddenly more heavily used so everyone could continue to work together in the “online world.”
At this stage no one is sure what the "new normal" will be in the post-pandemic world, but what has been clearly revealed is that people are prepared to change given the right motivation.
“Technology adoption is about the psychology of change.”
Bryan Tutor – Executive Counsellor, Info-Tech
Consider your staff and industry when looking at the Everett Rogers curve. A technology organization may have less laggards than a traditional manufacturing one.
In Everett Rogers’ book Diffusion of Innovations 5th Edition (Free Press, 2005), Rogers places adopters of innovations into five different categories.
Innovators are technology enthusiasts. Technology is a central interest of theirs, either at work, at home, or both. They tend to aggressively pursue new products and technologies and are likely to want to be involved in any new technology being implemented as soon as possible, even before the product is ready to be released.
For people like this the completeness of the new technology or the performance can often be secondary because of their drive to get new technology as soon as possible. They are trailblazers and are not only happy to step out of their comfort zone but also actively seek to do so.
Although they only make up about 2.5% of the total, their enthusiasm, and hopefully endorsement of new technology, offers reassurance to others.
Innovators can be very useful for testing before implementation but are generally more interested in the technology itself rather than the value the technology will add to the business.
Whereas Innovators tend to be technologists, Early Adopters are visionaries that like to be on board with new technologies very early in the lifecycle. Because they are visionaries, they tend to be looking for more than just improvement – a revolutionary breakthrough. They are prepared to take high risks to try something new and although they are very demanding as far as product features and performance are concerned, they are less price-sensitive than other groups.
Early Adopters are often motivated by personal success. They are willing to serve as references to other adopter groups. They are influential, seen as trendsetters, and are of utmost importance to win over.
Early adopters are key. Their enthusiasm for technology, personal drive, and influence make them a powerful tool in driving adoption.
This group is comprised of pragmatists. The first two adopter groups belong to early adoption, but for a product to be fully adopted the mainstream needs to be won over, starting with the Early Majority.
The Early Majority share some of the Early Adopters’ ability to relate to technology. However, they are driven by a strong sense of practicality. They know that new products aren’t always successful. Consequently, they are content to wait and see how others fare with the technology before investing in it themselves. They want to see well-established references before adopting the technology and to be shown there is no risk.
Because there are so many people in this segment (roughly 34%), winning these people over is essential for the technology to be adopted.
The Late Majority are the conservatives. This group is generally about the same size as the Early Majority. They share all the concerns of the Early Majority; however, they are more resistant to change and are more content with the status quo than eager to progress to new technology. People in the Early Majority group are comfortable with their ability to handle new technology. People in the Late Majority are not.
As a result, these conservatives prefer to wait until something has become an established standard and take part only at the end of the adoption period. Even then, they want to see lots of support and ensure that there is proof there is no risk in them adopting it.
This group is made up of the skeptics and constitutes 16% of the total. These people want nothing to do with new technology and are generally only content with technological change when it is invisible to them. These skeptics have a strong belief that disruptive new technologies rarely deliver the value promised and are almost always worried about unintended consequences.
Laggards need to be dealt with carefully as their criticism can be damaging and without them it is difficult for a product to become fully adopted. Unfortunately, the effort required for this to happen is often disproportional to the size of the group.
People aren’t born laggards. Technology projects that have failed in the past can alter people’s attitudes, especially if there was a negative impact on their working lives. Use empathy when dealing with people and respect their hesitancy.
Technology adoption is all about people; and therefore, the techniques required to drive that adoption need to be people oriented.
The following techniques are carefully selected with the intention of being impactful on all the different categories described previously.
There are multitudes of different methods to get people to adopt new technology, but which is the most appropriate for your situation? Generally, it’s a combination.
Use your staff to get your message across.
This technique involves training key members of staff so they can train others. It is important that those selected are strong communicators, are well respected by others, and have some expertise in technology.
Marketing should be continuous throughout the change to encourage familiarity.
Communication is key as people are comfortable with what is familiar to them. Marketing is an important tool for convincing adopters that the new product is mainstream, widely adopted and successful.
Tailored for individuals.
One-on-one training sometimes is the only way to train if you have staff with special needs or who are performing unique tasks.
It is generally highly effective but inefficient as it only addresses individuals.
Similar roles, attitudes, and abilities.
Group training is one of the most common methods to start people on their journey toward new technology. Its effectiveness with the two largest groups, Early Majority and Late Majority, make it a primary tool in technology adoption.
The last resort.
The transition can’t go on forever.
At some point the new technology needs to be fully adopted and if necessary, force may have to be used.
Contests can generate excitement and create an explorative approach to new technology. People should not feel pressured. It should be enjoyable and not compulsory.
Incentives don’t have to be large.
For some staff, merely taking management’s lead is not enough. Using “Nudge” techniques to give that extra incentive is quite effective. Incentivizing staff either financially or through rewards, recognition, or promotion is a successful adoption technique for some.
Encouragement to adopt from receiving tangible benefit
Draws more attention to the new technology
Additional expense to business or project
Possible poor precedent for subsequent changes
Early Adopter: Desire for personal success makes incentives enticing.
Early Majority: Prepared to change, but extra incentive will assist.
Late Majority: Conservative attitude means incentive may need to be larger.
Innovator: Enthusiasm for new technology means incentive not necessary.
Laggard: Sceptical about change. Only a large incentive likely to make a difference.
Strong internal advocates for your new technology are very powerful.
Champions take on new technology and then use their influence to promote it in the organization. Using managers as champions to actively and vigorously promote the change is particularly effective.
Follow the crowd.
Herd behavior is when people discount their own information and follow others. Ideally all adopters would understand the reason and advantages in adopting new technology, but practically, the result is most important.
Gain early input and encourage buy-in.
Proof of concept projects give early indications of the viability of a new initiative. Involving the end users in these projects can be beneficial in gaining their support
Involve adopters early on
Valuable feedback and indications of future issues
If POC isn’t fully successful, it may leave lingering negativity
Usually, involvement from small selection of staff
What works for who?
Engage your technology enthusiasts early to help refine your product, train other staff, and act as champions. A combination of marketing and group training will develop a herd mentality. Finally, don’t neglect the laggards as they can prevent project completion.
Although there are different size categories, none can be ignored. Consider your budget when dealing with smaller groups, but also consider their impact.
We don’t want people to revert.
Don’t assume that because your staff have been trained and have access to the new technology that they will keep using it in the way they were trained. Or that they won’t revert back to their old methods or system.
Put in place methods to remove completely or remove access to old systems. Schedule refresh training or skill enhancement sessions and stay vigilant.
Principal Research Advisor, Info-Tech Research Group
With over 30 years in the IT industry, Paul brings to his work his experience as a Strategic Planner, Consultant, Enterprise Architect, IT Business Owner, Technologist, and Manager. Paul has worked with both small and large companies, local and international, and has had senior roles in government and the finance industry.
Principal Research Advisor, Info-Tech Research Group
Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.
Use Info-Tech’s workbook to gather information about user groups, business processes, and day-to-day tasks to gain familiarity with your adopters.
Governance and Management of Enterprise Software Implementation
Use our research to engage users and receive timely feedback through demonstrations. Our iterative methodology with a task list focused on the business’ must-have functionality allows staff to return to their daily work sooner.
Quality Management User Satisfaction Survey
This IT satisfaction survey will assist you with early information to use for categorizing your users.
Master Organizational Change Management Practices
Using a soft, empathetic approach to change management is something that all PMOs should understand. Use our research to ensure you have an effective OCM plan that will ensure project success.
Beylis, Guillermo. “COVID-19 accelerates technology adoption and deepens inequality among workers in Latin America and the Caribbean.” World Bank Blogs, 4 March 2021. Web.
Cleland, Kelley. “Successful User Adoption Strategies.” Insight Voices, 25 Apr. 2017. Web.
Hiatt, Jeff. “The Prosci ADKAR ® Model.” PROSCI, 1994. Web.
Malik, Priyanka. “The Kübler Ross Change Curve in the Workplace.” whatfix, 24 Feb. 2022. Web.
Medhaugir, Tore. “6 Ways to Encourage Software Adoption.” XAIT, 9 March 2021. Web.
Narayanan, Vishy. “What PwC Australia learned about fast tracking tech adoption during COVID-19” PWC, 13 Oct. 2020. Web.
Sridharan, Mithun. “Crossing the Chasm: Technology Adoption Lifecycle.” Think Insights, 28 Jun 2022. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Diverse teams are necessary to foster creativity and guide business strategies. Overcome limitations by recruiting people of color and creating a diverse workforce.
Underrepresented employees benefit from an expansive culture. Create an inclusive environment and retain people of color and promote value within your organization.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Introduce challenges and concerns around recruiting and retaining people of color.
Gain a sense of direction.
1.1 Introduction to diversity conversations.
1.2 Assess areas to focus on and determine what is right, wrong, missing, and confusing.
1.3 Obtain feedback from your team about the benefits of working at your organization.
1.4 Establish your employee value proposition (EVP).
1.5 Discuss and establish your recruitment goals.
Current State Analysis
Right, Wrong, Missing, Confusing Quadrant
Draft EVP
Recruitment Goals
Identify areas in your current recruitment process that are preventing you from hiring people of color.
Establish a plan to make improvements.
Optimized recruitment process
2.1 Brainstorm and research community partners.
2.2 Review current job descriptions and equity statement.
2.3 Update job description template and equity statement.
2.4 Set team structure for interview and assessment.
2.5 Identify decision-making structure.
List of community partners
Updated job description template
Updated equity statement
Interview and assessment structure
Behavioral Question Library
Create a plan for an inclusive culture where your managers are supported.
Awareness of how to better support employees of color.
3.1 Discuss engagement and belonging.
3.2 Augment your onboarding materials.
3.3 Create an inclusive culture plan.
3.4 Determine how to support your management team.
List of onboarding content
Inclusive culture plan
Management support plan
Establish mechanisms to gain feedback from your employees and act on them.
Finalize the plan to create your diverse and inclusive workforce.
4.1 Ask and listen: determine what to ask your employees.
4.2 Create your roadmap.
4.3 Wrap-up and next steps.
List of survey questions
Roadmap
Completed support plan
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the concepts of ESM, determine the scope of the ESM program, and get buy-in.
Determine the current state for ESM and identify the gaps.
Create customer journey maps, identify an ESM pilot, and finalize the action plan for the pilot.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand what ESM is and how it can improve customer service.
Determine the scope of your ESM initiative and identify who the stakeholders are for this program.
Understanding of ESM concepts.
Understanding of the scope and stakeholders for your ESM initiative.
Plan for getting buy-in for the ESM program.
1.1 Understand the concepts and benefits of ESM.
1.2 Determine the scope of your ESM program.
1.3 Identify your stakeholders.
1.4 Develop an executive buy-in presentation.
1.5 Develop a general communications presentation.
Executive buy-in presentation
General communications presentation
Assess your current state with respect to culture, governance, skills, and tools.
Identify your strengths and weaknesses from the ESM assessment scores.
Understanding of your organization’s current enablers and constraints for ESM.
Determination and analysis of data needed to identify strengths or weaknesses in culture, governance, skills, and tools.
2.1 Understand your organization’s mission and vision.
2.2 Assess your organization’s culture, governance, skills, and tools.
2.3 Identify the gaps and determine the necessary foundational action items.
ESM assessment score
Foundational action items
Define and choose the top services at the organization.
Create customer journey maps for the chosen services.
List of prioritized services.
Customer journey maps for the prioritized services.
3.1 Make a list of your services.
3.2 Prioritize your services.
3.3 Build customer journey maps.
List of services
Customer journey maps
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify different responsibilities/functions in your organization and determine which ones can be outsourced. Complete a cost analysis.
Identify a list of features for your third-party provider and analyze.
Understand how to align third-party providers to your organization.
Engage Tymans Group, expert risk management and consultancy company, to advise you on mitigating, preventing, and monitoring IT and information security risks within your business. We offer our extensive experience as a risk consulting company to provide your business with a custom roadmap and practical solutions to any risk management problems you may encounter.
Embed security thinking through aligning your security strategy to business goals and values
Risk is unavoidable when doing business, but that does not mean you should just accept it and move on. Every company should try to manage and mitigate risk as much as possible, be it risks regarding data security or general corporate security. As such, it would be wise to engage an expert risk management and consultancy company, like Tymans Group. Our risk management consulting firm offers business practical solutions for setting up risk management programs and IT risk monitoring protocols as well as solutions for handling IT incidents. Thanks to our experience as a risk management consulting firm, you enjoy practical and proven solutions based on a people-oriented approach.
If you engage our risk management consultancy company you get access to various guides and documents to help you set up risk management protocols within you company. Additionally, you can book a one-hour online talk with our risk management consulting firm’s CEO Gert Taeymans to discuss any problems you may be facing or request an on-site appointment in which our experts analyze your problems. The talk can discuss any topic, from IT risk control to external audits and even corporate security consultancy. If you have any questions about our risk management and consulting services for your company, we are happy to answer them. Just contact our risk management consulting firm through the online form and we will get in touch with as soon as possible.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Decide which functional areas in the organization will benefit the most from using social data, and create use cases accordingly.
Identify and evaluate key social analytics metrics and understand the importance of combining multiple metrics to get the most out of the analytics program.
Leverage a cross-departmental Social Media Steering Committee and evaluate SMMPs and other social analytics tools.
Identify specific uses of internal social analytics: crowd-sourcing ideation, harvesting employee feedback, and rewarding internal brand advocates.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess the opportunities of web APIs.
Design and develop web APIs that support business processes and enable reusability.
Accommodate web API testing best practices in application test plans.
Monitor the usage and value of web APIs and plan for future optimizations and maintenance.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Gauge the importance of web APIs for achieving your organizational needs.
Understand how web APIs can be used to achieve below-the-line and above-the-line benefits.
Be aware of web API development pitfalls.
Understanding the revenue generation and process optimization opportunities web APIs can bring to your organization.
Knowledge of the current web API landscape.
1.1 Examine the opportunities web APIs can enable.
Establish a web API design and development process.
Design scalable web APIs around defined business process flows and rules.
Define the web service objects that the web APIs will expose.
Reusable web API designs.
Identification of data sets that will be available through web services.
Implement web API development best practices.
2.1 Define high-level design details based on web API requirements.
2.2 Define your process workflows and business rules.
2.3 Map the relationships among data tables through ERDs.
2.4 Define your data model by mapping the relationships among data tables through data flow diagrams.
2.5 Define your web service objects by effectively referencing your data model.
High-level web API design.
Business process flow.
Entity relationship diagrams.
Data flow diagrams.
Identification of web service objects.
Incorporate APIs into your existing testing practices.
Emphasize security testing with web APIs.
Learn of the web API testing and monitoring tool landscape.
Creation of a web API test plan.
3.1 Create a test plan for your web API.
Web API Test Plan.
Plan for iterative development and maintenance of web APIs.
Manage web APIs for versioning and reuse.
Establish a governance structure to manage changes to web APIs.
Implement web API monitoring and maintenance best practices.
Establishment of a process to manage future development and maintenance of web APIs.
4.1 Identify roles for your API development projects.
4.2 Develop governance for web API development.
RACI table that accommodates API development.
Web API operations governance structure.
Access to information about companies is more available to consumers than ever. Organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.
A negative event could impact your organization's reputation at any given time. Make sure you understand where such events may come from and have a plan to manage the inevitable consequences.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this research to identify and quantify the potential reputational impacts caused by vendors. Use Info-Tech's approach to look at the reputational impact from various perspectives to better prepare for issues that may arise.
By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Social media, unprecedented access to good and bad information, and consumer reliance on others’ online opinions force organizations to dedicate more resources to protecting their brand reputation than ever before. Perceptions matter, and you should monitor and protect the perception of your organization with as much rigor as possible to ensure your brand remains recognizable and trusted.
![]() |
Frank Sewell
|
Your Challenge
Access to information about companies is more available to consumers than ever. A negative event could impact your organizational reputation at any time. As a result, organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation. Make sure you understand where negative events may come from and have a plan to manage the inevitable consequences. |
Common Obstacles
Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand. Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals. |
Info-Tech’s Approach
Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them. Prioritize and classify your vendors with quantifiable, standardized rankings. Prioritize focus on your high-risk vendors. Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool. |
Organizations must evolve their risk assessments to be more adaptive to respond to rapid changes in online media. Ongoing monitoring of social media and the vendors tied to their company is imperative to achieving success and avoiding reputational disasters.
This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.
Out of scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.
In this blueprint, we’ll explore reputational risks (risks to the brand reputation of the organization) and their impacts.
Identify potentially negative events to assess the overall impact on your organization and implement adaptive measures to respond and correct.
25%of a company’s market value is due to reputation (Transmission Private, 2021) |
94%of consumers say that a bad review has convinced them to avoid a business (ReviewTrackers, 2022) |
14 hoursis the average time it takes for a false claim to be corrected on social media (Risk Analysis, 2018) |
![]() |
And the cost of rebranding
“Brand recognition is the ability of consumers to recognize an identifying characteristic of one company versus a competitor.” (Investopedia) “Most trademark valuation is based directly on its projected future earning power, based on income history. For a new brand with no history, evaluators must apply experience and common sense to predict the brand's earning potential. They can also use feedback from industry experts, market surveys, and other studies.” (UpCounsel) The cost of rebranding for small to medium businesses is about 10 to 20% of the recommended overall marketing budget and can take six to eight months (Ignyte). |
![]() "All we are at our core is our reputation and our brand, and they are intertwined." (Phil Bode, Principal Research Director, Info-Tech Research Group) |
![]() |
Bad Customer Reviews Breach of Data Poor Security Posture Negative News Articles Public Lawsuits Poor Performance |
An ideal state
|
Brand Protection
|
Never underestimate the power of local media on your profitsInfo-Tech InsightKeep in mind that too much exposure to media can be a negative in that it heightens the awareness of your organization to outside actors. If you do go through a period of increased exposure, make sure to advance your monitoring practices and vigilance. | Story: Restaurant data breachLosing customer faithA popular local restaurant’s point of service (POS) machines were breached and the credit card data of their customers over a two-week period was stolen. The restaurant did the right thing: they privately notified the affected people, helped them set up credit monitoring services, and replaced their compromised POS system. Unfortunately, the local newspaper got wind of the breach. It published the story, leaving out that the restaurant had already notified affected customers and had replaced their POS machines. In response, the restaurant launched a campaign in the local paper and on social media to repair their reputation in the community and reassure people that they could safely transact at their business. For at least a month, the restaurant experienced a drastic decrease in revenue as customers either refused to come in to eat or paid only in cash. During this same period the restaurant was spending outside their budget on the advertising.
|
Trust but verify
A successful general contractor with a reputation for fairness in their dealings needed a specialist to perform some expert carpentry work for a few of their clients. The contractor gave the specialist the clients’ contact information and trusted them to arrange the work. Weeks later, the contractor checked in with the clients and received a ton of negative feedback:
As a result, the contractor took extreme measures to regain the clients’ confidence and trust and lost other opportunities in the process. |
![]() You work hard for your reputation. Don’t let others ruin it. |
Don’t forget to look within as well as without |
Story: Internal reputation is vitalTrust works both waysAn organization’s relatively new IT and InfoSec department leadership have been upgrading the organization's systems and policies as fast as resources allow when the organization encounters a major breach of security. Trust in the developing IT and InfoSec departments' leadership wanes throughout the organization as people search for the root cause and blame the systems. This degradation of trust limits the effectiveness of the newly implemented process, procedures, and tools of the departments. The new leaders' abilities are called into question, and they must now rigorously defend and justify their decisions and positions to the executives and board. It will be some time before the two departments gain their prior trust and respect, and the new leaders face some tough times ahead regaining the organization's confidence. How could the new leaders approach the situation to mend their reputations in the wake of this (perhaps unfair) reputational hit? |
It is not enough to identify the potential risks; there must also be adequate controls in place to monitor and manage them |
Identify, manage, and monitor reputational risksGlobal markets
Social media
Global shortages
|
Identifying and understanding potential risks is essential to adapting to the ever-changing online landscapeInfo-Tech InsightFew organizations are good at identifying risks. As a result, almost none realistically plan to monitor, manage, and adapt their plans to mitigate those risks. | Reputational risksNot protecting your brand can have disastrous consequences to your organization
|
Identify potential reputational risk impacts
|
![]() |
![]() |
Review Organizational Strategy
Understand the organizational strategy to prepare for the “what if” game exercise. |
|
Identify & Understand Potential Risks
Play the “what if” game with the right people at the table. |
||
Create a Risk Profile Packet for Leadership
Pull all the information together in a presentation document. |
||
Validate the Risks
Work with leadership to ensure that the proposed risks are in line with their thoughts. |
||
Plan to Manage the Risks
Lower the overall risk potential by putting mitigations in place. |
||
Communicate the Plan
It is important not only to have a plan but also to socialize it in the organization for awareness. |
||
Enact the Plan
Once the plan is finalized and socialized put it in place with continued monitoring for success. |
||
(Adapted from Harvard Law School Forum on Corporate Governance) |
Insight SummaryReputational risk impacts are often unanticipated, causing catastrophic downstream effects. Continuously monitoring your vendors’ actions in the market can help organizations head off brand disasters before they occur. |
Insight 1Understanding how to monitor social media activity and online content will give you an edge in the current environment. Do you have dedicated individuals or teams to monitor your organization's online presence? Most organizations review and approve the online content, but many forget the need to have analysts reviewing what others are saying about them. Insight 2Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand. For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events? Insight 3Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation. Do you include a social media and brand protection policy in your annual education? |
Who should be included in the discussion?
|
Keep in mind: (R=L*I) Risk = Likelihood x Impact Impact tends to remain the same, while likelihood is a very flexible variable. |
What can we realistically do about the risks?
|
Social media is driving the need for perpetual diligence. Organizations need to monitor their brand reputation considering the pace of incidents in the modern age. |
Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk
Output: Comprehensive reputational risk profile on the specific vendor solution
Materials: Whiteboard/flip charts, Reputational Risk Impact Tool to help drive discussion
Participants: Vendor Management Coordinator, Organizational Leadership, Operations Experts (SMEs), Legal/Compliance/Risk Manager, Marketing
Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Download the Reputational Risk Impact Tool
Example: Low reputational riskWe can see clearly in this example that the contractor suffered minimal impact from the specialist's behavior. Though they did take a hit to their overall reputation with a few customers, they should be able to course-correct with a minimal outlay of effort and almost no loss of revenue. |
![]() |
Example: High reputational riskNote in the example how the tool can represent different weights for each of the criteria depending on your needs. |
![]() |
Be vigilant and adaptable to change
|
![]() Organizations must evolve their risk assessments to be more adaptive to respond to global factors in the market. Ongoing monitoring of online media and the vendors tied to company visibility is imperative to avoiding disaster. |
"The CEO Reputation Premium: Gaining Advantage in the Engagement Era." Weber Shandwick, March 2015. Accessed June 2022.
Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses." Info-Tech Research Group, June 2022.
Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide." Transmission Private, July 2020. Accessed June 2022.
Jagiello, Robert D., and Thomas T. Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication.” Risk Analysis, vol. 38, no. 10, 2018, pp. 2193-2207.
Kenton, Will. "Brand Recognition.” Investopedia, Aug. 2021. Accessed June 2022.
Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?" Ignyte, October 2017. Accessed June 2022.
"Powerful Examples of How to Respond to Negative Reviews." ReviewTrackers, 16 Feb. 2022. Accessed June 2022.
Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012. Web.
"Valuation of Trademarks: Everything You Need to Know." UpCounsel, 2022. Accessed June 2022.
![]() |
Identify and Manage Financial Risk Impacts on Your Organization
|
![]() |
Identify and Manage Strategic Risk Impacts on Your Organization
|
![]() |
Jump Start Your Vendor Management Initiative
|
Frank Sewell
Research Director
|
Donna Glidden
Research Director
|
|
Steven Jeffery
Principal Research Director
|
Mark Roman
Managing Partner
|
|
Phil Bode
Principal Research Director
|
Sarah Pletcher
Executive Advisor
|
|
Scott Bickley
Practice Lead
|
M365 projects are fraught with obstacles. Common mistakes organizations make include:
There are three primary areas where organizations fail in a successful implementation of M365: training, adoption, and information governance. While it is not up to IT to ensure every user is well trained, it is their initial responsibility to find champions, SMEs, and business-based trainers and manage information governance from the backup, retention, and security aspects of data management.
Migrating to M365 is a disruptive move for most organizations. It poses risk to untrained IT staff, including admins, help desk, and security teams. The aim for organizations, especially in this new hybrid workspace, is to maintain efficiencies through collaboration, share information in a secure environment, and work from anywhere, any time.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
There are three primary goals when deploying Microsoft 365: productivity, security and compliance, and collaborative functionality. On top of these you need to meet the business KPIs and IT’s drive for adoption and usage. This research will guide you through the important considerations that are often overlooked as this powerful suite of tools is rolled out to the organization.
![]() |
There are three primary objectives when deploying Microsoft 365: from a business perspective, the expectations are based on productivity; from an IT perspective, the expectations are based on IT efficiencies, security, and compliance; and from an organizational perspective, they are based on a digital employee experience and collaborative functionality. Of course, all these expectations are based on one primary objective, and that is user adoption of Teams, OneDrive, and SharePoint Online. A mass adoption, along with a high usage rate and a change in the way users work, is required for your investment in M365 to be considered successful. So, adoption is your first step, and that can be tracked and analyzed through analytics in M365 or other tools. But what else needs to be considered once you have released M365 on your organization? What about backup? What about security? What about sharing data outside your business? What about self-service? What about ongoing training? M365 is a powerful suite of tools, and taking advantage of all that it entails should be IT’s primary goal. How to accomplish that, efficiently and securely, is up to you! |
John Donovan |
Collaboration, efficiencies, and cost savings need to be earned |
Migrating to M365 is a disruptive move for most organizations. Additionally, it poses risk to untrained IT staff, including admins, help desk, and security teams. The aim for organizations, especially in this new hybrid workspace, is to maintain efficiencies through collaboration, share information in a secure environment, and work from anywhere, any time. However, organizations need to manage their licensing and storage costs and build this new way of working through post-deployment planning. By reducing their hardware and software footprint they can ensure they have earned these savings and efficiencies. |
Understand any shortcomings in M365 or pay the price |
Failing to understand any shortcomings M365 poses for your organization can ruin your chances at a successful implementation. Commonly overlooked expenses include backup and archiving, especially for regulated organizations; spending on risk mitigation through third-party tools for security; and paying a premium to Microsoft to use its Azure offerings with Microsoft Sentinel, Microsoft Defender, or any security add-on that comes at a price above your E5 license, which is expensive in itself. |
Spend time with users to understand how they will use M365 |
Understanding business processes is key to anticipating how your end users will adopt M365. By spending time with the staff and understanding their day-to-day activities and interactions, you can build better training scenarios to suit their needs and help them understand how the apps in M365 can help them do their job. On top of this you need to meet the business KPIs and IT’s drive for adoption and usage. Encourage early adopters to become trainers and champions. Success will soon follow. |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
M365 is a full suite of tools for collaboration, communication, and productivity, but organizations find the platform is not used to its full advantage and fail to get full value from their license subscription. Many users are unsure which tool to use when: Do you use Teams or Viva Engage, MS Project or Planner? When do you use SharePoint versus OneDrive? From an IT perspective, finding time to help users at the outset is difficult – it’s quite the task to set up governance, security, and backup. Yet training staff must be a priority if the implementation is to succeed. |
M365 projects are fraught with obstacles. Common mistakes organizations make include:
|
To define your post-migration tasks and projects:
Failure to take meaningful action will not bode well for your M365 journey. |
There are three primary areas where organizations fail in a successful implementation of M365: training, adoption, and information governance. While it is not up to IT to ensure every user is well trained, it is their initial responsibility to find champions, SMEs, and business-based trainers and to manage information governance from backup, retention, and security aspects of data management.
What IT teams are saying
Top IT reasons for adopting M365
61% More collaborative working style
54% Cost savings
51% Improved cybersecurity
49% Greater mobility
Define Vision |
Build Team |
Plan Projects |
Execute |
---|---|---|---|
Define your vision and what your priorities are for M365. Understand how to reach your vision. |
Ensure you have an executive sponsor, develop champions, and build a team of SMEs. |
List all projects in a to-be scenario. Rank and prioritize projects to understand impact and difficulty. |
Build your roadmap, create timelines, and ensure you have enough resources and time to execute and deliver to the business. |
A clear understanding of the business purpose and processes, along with insight into the organizational culture, will help you align the right apps with the right tasks. This approach will bring about better adoption and collaboration and cancel out the shadow IT products we see in every business silo.
To give organizations insight into the adoption of services in M365, Microsoft provides built-in usage analytics in Power BI, with templates for visualization and custom reports. There are third-party tools out there, but why pay more? However, the template app is not free; you do need a Power BI Pro license.
Usage Analytics pulls data from ActiveDirectory, including location, department, and organization, giving you deeper insight into how users are behaving. It can collect up to 12 months of data to analyze.
Reports that can be created include Adoption, Usage, Communication, Collaboration (how OneDrive and SharePoint are being used), Storage (cloud storage for mailboxes, OneDrive, and SharePoint), and Mobility (which clients and devices are used to connect to Teams, email, Yammer, etc.).
Admin Roles |
Best Practices |
---|---|
|
Only assign two to four global admins, depending on the size of the organization. Too many admins increases security risk. In larger organizations, segment admin roles using role-based access control. Because admins have access to sensitive data, you’ll want to assign the least permissive role so they can access only the tools and data they need to do their job. Enable MFA for all admins except one break-glass account that is stored in the cloud and not synced. Ensure a complex password, stored securely, and use only in the event of an MFA outage. Due to the large number of admin roles available and the challenges that brings with it, Microsoft has a built-in tool to compare roles in the admin portal. This can help you determine which role should be used for specific tasks. |
Identity Checklist
Determine your training needs and align with your business processes. Choose training modalities that will give users the best chance of success. Consider one or many training methods, such as:
Why is M365 backup so important?
Accidental Data Deletion.
If a user is deleted, that deletion gets replicated across the network. Backup can save you here by restoring that user.
Internal and External Security Threats.
Malicious internal deletion of data and external threats including viruses, ransomware, and malware can severely damage a business and its reputation. A clean backup can easily restore the business’ uninfected data.
Legal and Compliance Requirements.
While e-discovery and legal hold are available to retain sensitive data, a third-party backup solution can easily search and restore all data to meet regulatory requirements – without depending on someone to ensure a policy was set.
Retention Policy Gaps.
Retention policies are not a substitute for backup. While they can be used to retain or delete content, they are difficult to keep track of and manage. Backups offer greater latitude in retention and better security for that data.
Legacy |
Microsoft 365 |
---|---|
SharePoint 2016/19 |
SharePoint Online |
Microsoft Exchange Server |
Microsoft Exchange in Azure |
Skype for Business Server |
Teams |
Trello |
Planner 2022 |
System Center Configuration Manager (SCCM) |
Endpoint Manager, Intune, Autopilot |
File servers |
OneDrive |
Access |
Power Apps |
To meet the objectives of cost reduction and rationalization, look at synergies that M365 brings to the table. Determine what you are currently using to meet collaboration, storage, and security needs and plan to use the equivalent in your Microsoft entitlement.
There are plenty of preconfigured security features contained in M365, but what’s available to you depends on your license. For example, Microsoft Defender, which has many preset policies, is built-in for E5 licenses, but if you have E3 licenses Defender is an add-on.
Three elements in security policies are profiles, policies, and policy settings.
Check your license entitlement before you start purchasing add-ons or third-party solutions. Security and compliance are not optional in today’s cybersecurity risk world. With many organizations offering hybrid and remote work arrangements and bring-your-own-device (BYOD) policies, it is necessary to protect your data at the tenant level. Defender for Microsoft 365 is a tool that can protect both your exchange and collaboration environments.
More information: Microsoft 365 Defender
NOTE: You must have Azure AD Premium and Windows 10 V1703 or later as well as Intune or other MDM service to use Autopilot. There is a monthly usage fee based on volume of data transmitted. These fees can add up over time.
For more details visit the following Microsoft Learn pages:
Info-Tech’s research on zero-touch provisioning goes into more detail on Intune and Autopilot:
Simplify Remote Deployment With Zero-Touch Provisioning
Drive Ongoing Adoption With an M365 Center of Excellence
Simplify Remote Deployment With Zero-Touch Provisioning
“5 Reasons Why Microsoft Office 365 Backup Is Important.” Apps 4Rent, Dec 2021, Accessed Oct 2022 .
Chandrasekhar, Aishwarya. “Office 365 Migration Best Practices & Challenges 2022.” Saketa, 31 Mar 2022. Accessed Oct. 2022.
Chronlund, Daniel. “The Fundamental Checklist – Secure your Microsoft 365 Tenant”. Daniel Chronlund Cloud Tech Blog,1 Feb 2019. Accessed 1 Oct 2022.
Davies, Joe. “The Microsoft 365 Enterprise Deployment Guide.” Tech Community, Microsoft, 19 Sept 2018. Accessed 2 Oct 2022.
Dillaway, Kevin. “I Upgraded to Microsoft 365 E5, Now What?!.” SpyGlassMTG, 10 Jan 2022. Accessed 4 Oct. 2022.
Hartsel, Joe. “How to Make Your Office 365 Implementation Project a Success.” Centric, 20 Dec 2021. Accessed 2 Oct. 2022.
Jha, Mohit. “The Ultimate Microsoft Office 365 Migration Checklist for Pre & Post Migration.” Office365 Tips.Org, 24 June 2022. Accessed Sept. 2022.
Lang, John. “Why organizations don't realize the full value of Microsoft 365.“Business IT, 29 Nov 202I. Accessed 10 Oct 2022.
Mason, Quinn. “How to increase Office 365 / Microsoft 365 user adoption.” Sharegate, 19 Sept 2019. Accessed 3 Oct 2022.
McDermott, Matt. “6-Point Office 365 Post-Migration Checklist.” Spanning , 12 July 2019 . Accessed 4 Oct 2022.
“Microsoft 365 usage analytics.” Microsoft 365, Microsoft, 25 Oct 2022. Web.
Sharma, Megha. “Office 365 Pre & Post Migration Checklist.’” Kernel Data Recovery, 26 July 2022. Accessed 30 Sept. 2022.
Sivertsen, Per. “How to avoid a failed M365 implementation? Infotechtion, 19 Dec 2021. Accessed 2 Oct. 2022.
St. Hilaire, Dan. “Most Common Mistakes with Office 365 Deployment (and How to Avoid Them).“ KnowledgeWave, 4Mar 2019. Accessed Oct. 2022.
“Under the Hood of Microsoft 365 and Office 365 Adoption.” SoftwareONE, 2019. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the foundational components and drivers of the broader concept of sustainability: environmental, social, and governance (ESG) and IT’s roles within an organization’s ESG program. Learn about the functional business areas involved, the roles they play and how they interact with each other to drive program success.
Environmental, social, and governance (ESG) is a corporate imperative that is tied to long-term value creation. An organization's social license to operate and future corporate performance depends on managing ESG factors well.
Central to an ESG program is having a good understanding of the ESG factors that may have a material impact on enterprise value and key internal and external stakeholders. A comprehensive ESG strategy supported by strong governance and risk management is also essential to success.
Capturing relevant data and applying it within risk models, metrics, and internal and external reports is necessary for sharing your ESG story and measuring your progress toward meeting ESG commitments. Consequently, the data challenges have received a lot of attention, and IT leaders have a role to play as strategic partner and enabler to help address these challenges. However, ESG is more than a data challenge, and IT leaders need to consider the wider implications in managing third parties, selecting tools, developing supporting IT architecture, and ensuring ethical design.
For many organizations, the ESG program journey has just begun, and collaboration between IT and risk, procurement, and compliance will be critical in shaping program success.
Donna Bales
Principal Research Director
Info-Tech Research Group
An organization's approach to ESG cannot be static or tactical. ESG is a moving landscape that requires a flexible, holistic approach across the organization. It must become part of the way you work and enable an active response to changing conditions.
The ability of a corporation and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.
Source: United Nations
Survey key stakeholders to obtain a more holistic viewpoint of expectations and the industry landscape and gain credibility through the process.
Example: Beverage Company
"If ESG is the framework of non-financial risks that may have a material impact on the company's stakeholders, corporate governance is the process by which the company's directors and officers manage those risks."
– Zurich Insurance
47% of companies reported that the full board most commonly oversees climate related risks and opportunities while 20% delegate to an existing board governance committee (EY Research, 2021).
Governance Layer | Responsibilities |
---|---|
Board |
|
Oversight | |
Executive leadership |
|
Oversight and strategic direction | |
Management |
|
Execution |
– "Aligning nonfinancial reporting..." EY, 2020
Organizational Goals
NET NEW | ENHANCEMENT |
---|---|
Climate disclosure | Data quality management |
Assurance specific to ESG reporting | Risk sensing and assessment |
Supply chain transparency tied back to ESG | Managing interconnections |
Scenario analysis | |
Third-party ratings and monitoring |
Integrate ESG risks early, embrace uncertainty by staying flexible, and strive for continual improvement.
"The typical consumer company's supply chain ... [accounts] for more than 80% of greenhouse-gas emissions and more than 90% of the impact on air, land, water, biodiversity, and geological resources."
– McKinsey & Company, 2016
"Forty-five percent of survey respondents say that they either have no visibility into their upstream supply chain or that they can see only as far as their first-tier suppliers."
– "Taking the pulse of shifting supply chains," McKinsey & Company, 2022
Example metrics for ESG factors
IT leaders need to work collaboratively with risk management to optimize decision making and continually improve ESG performance and disclosure.
"A great strategy meeting is a meeting of the minds."
– Max McKeown
Keep your data model flexible and digital where possible to enable data interoperability.
"You can have data without information, but you cannot have information without data."
– Daniel Keys Moran
Organizations will rely on IT for execution, and IT leaders will need to be ready
TERM | DEFINITON |
---|---|
Corporate Social Responsibility | Management concept whereby organizations integrate social and environmental concerns in their operations and interactions with their stakeholders. |
Chief Sustainability Officer | Steers sustainability commitments, helps with compliance, and helps ensure internal commitments are met. Responsibilities may extend to acting as a liaison with government and public affairs, fostering an internal culture, acting as a change agent, and leading delivery. |
ESG | An acronym that stands for environment, social, and governance. These are the three components of a sustainability program. |
ESG Standard | Contains detailed disclosure criteria including performance measures or metrics. Standards provide clear, consistent criteria and specifications for reporting. Typically created through consultation process. |
ESG Framework | A broad contextual model for information that provides guidance and shapes the understanding of a certain topic. It sets direction but does not typically delve into the methodology. Frameworks are often used in conjunction with standards. |
ESG Factors | The factors or issues that fall under the three ESG components. Measures the sustainability performance of an organization. |
ESG Rating | An aggregated score based on the magnitude of an organization's unmanaged ESG risk. Ratings are provided by third-party rating agencies and are increasingly being used for financing, transparency to investors, etc. |
ESG Questionnaire | ESG surveys or questionnaires are administered by third parties and used to assess an organization's sustainability performance. Participation is voluntary. |
Key Risk Indicator (KRI) | A measure to indicate the potential presence, level, or trend of a risk. |
Key Performance Indicator (KPI) | A measure of deviation from expected outcomes to help a firm see how it is performing. |
Materiality | Material topics are topics that have a direct or indirect impact on an organization's ability to create, preserve, or erode economic, environment and social impact for itself and its stakeholder and society as a whole |
Materiality Assessment | A materiality assessment is a tool to identify and prioritize the ESG issues most critical to the organization. |
Risk Sensing | The range of activities carried out to identify and understand evolving sources of risk that could have a significant impact on the organization (e.g. social listening). |
Sustainability | The ability of an organization and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities. |
Sustainalytics | Now part of Morningstar. Sustainalytics provides ESG research, ratings, and data to institutional investors and companies. |
UN Guiding Principles on Business and Human Rights (UNGPs) | UN Guiding Principles on Business and Human Rights (UNGPs) provide an essential methodological foundation for how impacts across all dimensions should be assessed. |
STANDARD | DEFINITION AND FOCUS |
---|---|
CDP | CDP has created standards and metrics for comparing sustainability impact. Focuses on environmental data (e.g. carbon, water, and forests) and on data disclosure and benchmarking. |
(Formally Carbon Disclosure Project) | Audience: All stakeholders |
Dow Jones Sustainability Indices (DJSI) | Heavy on corporate governance and company performance. Equal balance of economic, environmental, and social. |
Audience: All stakeholders | |
Global Reporting Initiative (GRI) | International standards organization that has a set of standards to help organizations understand and communicate their impacts on climate change and social responsibility. The standard has a strong emphasis on transparency and materiality, especially on social issues. |
Audience: All stakeholders | |
International Sustainability Standards Board (ISSB) | Standard-setting board that sits within the International Financial Reporting Standards (IFRS) Foundation. The IFRS Foundation is a not-for-profit, public-interest organization established to develop high-quality, understandable, enforceable, and globally accepted accounting and sustainability disclosure standards. |
Audience: Investor-focused | |
United Nations Sustainable Development Goals (UNSDG) | Global partnership across sectors and industries to achieve sustainable development for all (17 Global Goals) |
Audience: All stakeholders | |
Sustainability Accounting Standards Board (SASB) | Industry-specific standards to help corporations select topics that may impact their financial performance. Focus on material impacts on financial condition or operating performance. |
Audience: Investor-focused | |
Task Force Of Climate-related Disclosures (TCFD; created by the Financial Stability Board) | Standards framework focused on the impact of climate risk on financial and operating performance. More broadly the disclosures inform investors of positive and negative measures taken to build climate resilience and make transparent the exposure to climate-related risk. |
Audience: Investors, financial stakeholders |
Anne-Titia Bove and Steven Swartz, McKinsey, "Starting at the source: Sustainability in supply chains", 11 November 2016
Accenture, "The Greater Wealth Transfer – Capitalizing on the intergenerational shift in wealth", 2012
Beth Kaplan, Deloitte, "Preparing for the ESG Landscape, Readiness and reporting ESG strategies through controllership playbook", 15 February 2022
Bjorn Nilsson et al, McKinsey & Company, "Financial institutions and nonfinancial risk: How corporates build resilience," 28 February 2022
Bolden, Kyle, Ernst and Young, "Aligning nonfinancial reporting with your ESG strategy to communicate long-term value", 18 Dec. 2020
Canadian Securities Administrators, "Canadian securities regulators seek comment on climate-related disclosure requirements", 18 October 2021
Carol A. Adams et al., Global Risk Institute, "The double-materiality concept, Application and issues", May 2021
Dunstan Allison-Hope et al, BSR, "Impact-Based Materiality, Why Companies Should-Focus Their Assessments on Impacts Rather than Perception", 3 February 2022
EcoVadis, "The World's Most Trusted Business Sustainability Ratings",
Ernst and Young, "Four opportunities for enhancing ESG oversight", 29 June 2021
Federal Ministry of Labour and Social Affairs, The Act on Corporate Due Diligence Obligations in Supply Chains (Gesetz über die unternehmerischen Sorgfaltspflichten in Lieferketten)", Published into Federal Law Gazette, 22, July 2021
"What Every Company Needs to Know", Sustainalytics
Global Risk Institute, The GRI Perspective, "The materiality madness: why definitions matter", 22 February 2022
John P Angkaw "Applying ERM to ESG Risk Management", 1 August 2022
Hillary Flynn et al., Wellington Management, "A guide to ESG materiality assessments", June 2022
Katie Kummer and Kyle Lawless, Ernst and Young, "Five priorities to build trust in ESG", 14 July 2022
Knut Alicke et al., McKinsey & Company, "Taking the pulse of shifting supply chains", 26 August 2022
Kosmas Papadopoulos and Rodolfo Arauj. The Harvard School Forum on Corporate Governance, "The Seven Sins of ESG Management", 23 September 2020
KPMG, Sustainable Insight, "The essentials of materiality assessment", 2014
Lorraine Waters, The Stack, "ESG is not an environmental issue, it's a data one", 20 May 2021
Marcel Meyer, Deloitte, "What is TCFD and why does it matter? Understanding the various layers and implications of the recommendations",
Michael W Peregnne et al., "The Harvard Law School Forum on Corporate Governance, The Important Legacy of the Sarbanes Oxley Act," 30 August 2022
Michael Posner, Forbes, "Business and Human Rights: Looking Ahead To The Challenges Of 2022", 15 December 2021
Myles Corson and Tony Kilmas, Ernst and Young, "How the CFO can balance competing demands and drive future growth", 3 November 2020
Novisto, "Navigating Climate Data Disclosure", 2022
Novisto, "XBRL is coming to corporate sustainability reporting", 17 April 2022
"Official Journal of the European Union, Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector", 9 December 2019
Osler, "ESG and the future of sustainability", Podcast, 01 June 2022
Osler, "The Rapidly Evolving World of ESG Disclosure: ISSB draft standards for sustainability and climate related disclosures", 19 May 2022
Sarwar Choudhury and Zach Johnston, Ernst and Young "Preparing for Sox-Like ESG Regulation", 7 June 2022
Securities and Exchange Commission, "The Enhancement and Standardization of Climate-related Disclosures for Investors", 12 May 2022
"Securities and Exchange Commission, SEC Proposes Rules on Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, 9 May 2022
Sean Brown and Robin Nuttall, McKinsey & Company, "The role of ESG and purpose", 4 January 2022
Statement by Chair Gary Gensler, "Statement on ESG Disclosure Proposal", 25 May 2022
Svetlana Zenkin and Peter Hennig, Forbes, "Managing Supply Chain Risk, Reap ESG Rewards", 22 June 2022
Task Force on Climate Related Financial Disclosures, "Final Report, Recommendations of the Task Force on Climate-related Financial Disclosures", June 2017
World Economic Forum, "Why sustainable governance and corporate integrity are crucial for ESG", 29 July 2022
World Economic Forum (in collaboration with PwC) "How to Set Up Effective Climate Governance on Corporate Boards, Guiding Principles and questions", January 2019
World Economic Forum, "Defining the "G" in ESG Governance Factors at the Heart of Sustainable Business", June 2022
World Economic Forum, "The Risk and Role of the Chief Integrity Officer: Leadership Imperatives in and ESG-Driven World", December 2021
World Economic Forum, "How to Set Up Effective Climate Governance on Corporate Boards Guiding principles and questions", January 2019
Zurich Insurance, "ESG and the new mandate for corporate governance", 2022
Exploring the enterprise collaboration marketspace is difficult. The difficulty in finding a suitable collaboration tool is that there are many ways to collaborate, with just as many tools to match.
Map your organizational goals to the administration features available in the Office 365 console. Your governance should reflect your requirements.
The result is a defined plan for controlling Office 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Office 365 on the end-user population.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Develop a list of organizational goals that will enable you to leverage the Office 365 toolset to its fullest extent while also implementing sensible governance.
Use Info-Tech's toolset to build out controls for OneDrive, SharePoint, and Teams that align with your organizational goals as they relate to governance.
Communicate the results of your Office 365 governance program using Info-Tech's toolset.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Develop a plan to assess the capabilities of the Office 365 solution and select licensing for the product.
Office 365 capability assessment (right-size licensing)
Acceptable Use Policies
Mapped Office 365 controls
1.1 Review organizational goals.
1.2 Evaluate Office 365 capabilities.
1.3 Conduct the Office 365 capability assessment.
1.4 Define user groups.
1.5 Finalize licensing.
List of organizational goals
Targeted licensing decision
Leverage the Office 365 governance framework to develop and refined governance priorities.
Build a SharePoint acceptable use policy and define SharePoint controls.
Refined governance priorities
List of SharePoint controls
SharePoint acceptable use policy
2.1 Explore the Office 365 Framework.
2.2 Conduct governance priorities refinement exercise.
2.3 Populate the Office 365 control map (SharePoint).
2.4 Build acceptable use policy (SharePoint).
Refined governance priorities
SharePoint control map
Sharepoint acceptable use policy
Implement governance priorities for OneDrive and Teams.
Clearly defined acceptable use policies for OneDrive and Teams
List of OneDrive and Teams controls
3.1 Populate the Office 365 Control Map (OneDrive).
3.2 Build acceptable use policy (OneDrive).
3.3 Populate the Office 365 Control Map (Teams).
3.4 Build acceptable use policy (Teams).
OneDrive controls
OneDrive acceptable use policy
Teams controls
Teams acceptable use policy
Build a plan to communicate coming changes to the productivity environment.
Communication plan covering SharePoint, Teams, and OneDrive
4.1 Build SharePoint one pager.
4.2 Build OneDrive one pager.
4.3 Build Teams one pager.
4.4 Finalize communication plan.
SharePoint one pager
OneDrive one pager
Teams one pager
Overall finalized communication plan
Finalize deliverables and plan post-workshop communications.
Completed Office 365 governance plan
Finalized deliverables
5.1 Completed in-progress deliverables from previous four days.
5.2 Set up review time for workshop deliverables and to discuss next steps.
5.3 Validate governance with stakeholders.
Completed acceptable use policies
Completed control map
Completed communication plan
Completed licensing decision
The TY advisory service is tailored to your needs. It combines the best of traditional IT consulting expertise with the analysis and remedial solutions of an expert bureau.
When you observe specific symptoms, TY analyses the exact areas that contribute to these symptoms.
TY specializes in IT Operations and goes really deep in that area. We define IT Operations as the core service you deliver to your clients:
When you see your operation running smoothly, it looks obvious and simple, but it is not. IT Operations is a concerto, under the leadership of a competent IT Ops Conductor-Manager. IT Ops keeps the lights on and ensures your reputation with your clients and the market as a whole as a predictable and dependable business partner. And we help you achieve this, based on more than 30 years of IT Ops experience.
As most companies' business services are linked at the hip with IT, your IT Operations, in other words, are your key to a successful business.
That is why we work via a simple value-based proposition. We discuss your wants and together discover your needs. Once we all agree, only then do we make our proposal. Anything you learned on the way, is yours to keep and use.
Gert has advised clients on what to do before issues happen. We have also worked to bring companies back from the brink after serious events. TY has brought services back after big incidents.
You need to get it done, not in theory, but via actionable advice and if required, via our actions and implementation prowess. It's really elementary. Anyone can create a spreadsheet with to-do lists and talk about how resilience laws like DORA and NIS2 need to be implemented.
It's not the talk that counts, it's the walk. Service delivery is in our DNA. Resilience is our life.
Good governance directly ensures happy clients because staff knows what to do when and allows them leeway in improving the service. And this governance will satisfy auditors.
Incidents erode client confidence in your service and company. You must get them fixed in accordance with their importance,
You don't want repeat incidents! Tackle the root causes and fix issues permanently. Save money by doing this right.
You must update your services to stay the best in your field. Do it in a controlled yet efficient way. Lose overhead where you can, add the right controls where you must.
The base for most of your processes. You gotta know what you have and how it works together to provide the services to your clients.
IT monitoring delivers business value by catching issues before they become problems. With real-time insights into system performance and security, you can minimize downtime, improve efficiency, and make better decisions that keep your operations strong and your customers happy.
Bring all the IT Operations services together and measure how they perform versus set business relevant KPI's
Disaster recovery is your company's safety net for getting critical systems and data back up and running after a major disruption, focusing on fast IT recovery and minimizing financial and operational losses, whereas business continuity ensures the entire business keeps functioning during and after the crisis.
Business continuity is keeping your company running smoothly during disruptions by having the right plans, processes, and backups in place to minimize downtime and protect your operations, customers, and reputation. We go beyond disaster recovery and make sure your critical processes can continue to function.
Hope for the best, but plan for the worst. When you embark on a new venture, know how to get out of it. Planning to exit is best done in the very beginning, but better late than when it is too late.
We base our analysis on over 30 years experience in corporate and large volume dynamic services. Unique to our service is that we take your company culture into account, while we adjust the mindset of the experts working in these areas.
Your people are what will make these processes work efficiently. We take their ideas, hard capabilities and leadership capabilities into account and improve upon where needed. That helps your company and the people themselves.
We look at the existing governance and analyse where they are best in class or how we can make them more efficient. We identify the gaps and propose remedial updates. Our updates are verified through earlier work, vetted by first and second line and sometimes even regulators
Next we decide with you on how to implement the updates to the areas that need them.
Fill out the small intake below and get started towards your solution.
There is no financial commitment required from you. During this meeting we discus further in detail the issue at hand and the direction of the ideal solution and the way of working.
We take in the information of our talks and prepare the the roadmap to the individualized solution for you.
By now, TY has a good idea of how we can help you, and we have prepared a roadmap to solving the issue. In this meeting we present the way forward our way of working and what it will require from you.
If you decide this is not what you expected, you are free to take the information provided so far and work with it yourself.
After the previous meeting and agreement in principle, you will have by now received our offer.
When you decide to work together, we start our partnership and solve the issue. We work to ensure you are fully satisfied with the result.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Learn about RPA, including how it compares to IT-led automation rooted in business process management practices and the role of AI.
Identify and prioritize candidate processes for RPA.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
From choosing the right data for the right problem to evaluating your progress toward data-driven people decisions, follow these steps to build your foundation to people analytics.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard offers insight into impactful strategies and beneficial enabling technologies to implement in your IVR approach to improve your customers’ experience and to reduce the load on your support staff. This deck outlines IT’s role in the IVR development process, offering insight into how to develop an effective IVR call flow and providing details on relevant enabling technologies to consider implementing to further improve your offering.
This template demonstrates an ideal IVR approach, outlining a sample call flow for a telecommunications company designed to meet the needs of a curated customer persona. Use this template to gain a better understanding of your own key customers and to construct your own call flow tree.
Tailor your IVR system specifically for your customers. There is no one-size-fits-all approach. Understand your key customers and support their experience by implementing the most effective strategies for them.
Despite the contrary beliefs that the preference for phone support and IVR systems is declining, studies have consistently shown that consumers still prefer receiving customer service over the phone.
76% |
of customers prefer the "traditional" medium of phone calls to reach customer support agents. |
---|---|
50% |
of customers across all age groups generally use the phone to contact customer support, making it the most-used customer service channel. |
Effective IVR systems provide customers with positive experiences, keeping them happy and satisfied. Poorly executed IVR systems leave customers feeling frustrated and contribute to an overall negative experience. Negative experiences with your IVR system could lead to your customers taking their business elsewhere.
In fact, research by Haptik shows that an average of $262 per customer is lost each year due to poor IVR experiences ("7 Conversational IVR Trends for 2021 and Beyond," Haptik, 2021).
50% | of customers have abandoned their business transactions while dealing with an IVR system. Source: Vonage, 2020 |
---|---|
45% | of customers will abandon a business altogether due to a poor IVR experience. Source: "7 Remarkable IVR Trends For the Year 2022 And Beyond," Haptik, 2021 |
Call flow trees don't grow overnight; they require commitment, nurturing, and care
While IT may not be involved in organizing the call flow tree itself, their impact on an organization's IVR approach is undeniable. Not only will IT assist with the implementation and integration of your IVR system, they will also be responsible for maintaining the technology on an ongoing basis. As such, IT should be a part of your organization's software selection team, following Info-Tech's methodology for optimizing your software selection process.
Focus on the Roots of Your Call Flow Tree |
Allow Customers the Opportunity to Branch Out | Let Your IVR Call Flow Tree Flourish | Keep Watering Your Call Flow Tree |
---|---|---|---|
Call #1: Introduce the project, scoping customer call drivers and defining metrics of success. |
Call #3: Discuss the importance of promoting self-service and how to improve call routing processes, assessing the final tiers of the IVR. |
Call #4: Discuss the benefits of integrating your IVR within your existing business architecture and using relevant enabling technologies. |
Call #5: Discuss how to elicit feedback from relevant stakeholders and develop an iterative IVR review cycle, wrapping up the project. |
Call #2: Begin assessing initial IVR structure. |
A Guided Implementation (GI) is a series
of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 5 to 7 calls over the course of 4 to 6 months.
Phase 1 |
Phase 2 |
Phase 3 |
Phase 4 |
---|---|---|---|
1.1 Understand your customers 1.2 Develop goals for your IVR 1.3 Align goals with KPIs 1.4 Build your initial IVR menu |
2.1 Build the second tier of your IVR menu 2.2 Build the third tier of your IVR menu |
3.1 Learn the benefits of a personalized IVR 3.2 Review new technology to apply to your IVR |
4.1 Gather insights on your IVR's performance 4.2 Create an agile review method |
Implement a Transformative IVR Approach That Empowers Your Customers
1.1.1 Build a database of the reasons why your customers call your contact center
"Call flows are the structure of a call center's interactive voice response (IVR). They define the path a caller takes to reach a resolution. The more efficient the flow, the quicker a resolution can be – thereby delivering a better caller experience."
Thomas Randall, Ph.D.
Senior Research Analyst
Info-Tech Research Group
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
To understand why your customers are calling, first you need to know who your customers are. Improve your caller understanding by creating customer personas.
Customer Call Drivers |
---|
Need to pay a bill |
Complaints about an outage to their service |
Inquiry about new plans |
Need to update account information |
Complaints about their last bill |
1.2.1 Outline IVR-related goals relevant to your organization.
Based on your customer experience strategy and what industry you're in, the goals that you aim to accomplish will look different. A doctor's office will be more concerned with an accurate diagnosis and high first call resolution rate than low average talk time!
Setting business goals relevant to your organization is only half of the battle; it's just as important to hold your organization accountable to those goals and measure your continued progress toward meeting them.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Goal | Designation |
---|---|
Lower the average queue time | Quick win |
Lower call abandonment rate | Quick win |
Lower customer attrition | Long-term |
Lower employee attrition | Long-term |
Increase average speed of answer | Quick win |
1.3.1 Review your organizational IVR goals and connect them with your key performance indicators (KPIs)
Metric Description | Current Score | Target Score [Date/Year] |
---|---|---|
First call resolution | ||
Average abandonment rate | ||
Customer attrition | ||
Employee attrition | ||
Average queue time | ||
Service level | ||
Average speed of answer | ||
Average handle time | ||
Average call transfer rate | ||
Average talk time | ||
Customer self-service resolution | ||
Agent satisfaction | ||
Customer satisfaction |
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
1.4.1 Develop the first tier of your IVR menu, determining the initial selections that customers will have to choose from
You don't want to overload your customers with information. Providing your callers with overly detailed prompts and too many menu options will only lead to frustration, ultimately diminishing both the efficiency and the effectiveness of your IVR. Limiting the length of your voice prompts and the depth of your menus will lay out a clear path for your callers, increasing the likelihood that they are able to navigate your IVR accurately.
Each of your IVR menus should provide your customers with no more than five selections.
Your IVR should offer a maximum of three menu tiers.
Each of your selection "descriptions" or voice prompts should be no longer than four seconds in length.
According to a study by Telzio (2020), introductory IVR messages that greet your customers and identify your company should be under 7.9 seconds in length. Longer introductions will only bore, frustrate, and overload the customer before the call really even begins.
Securing voice talent and be expensive and cumbersome. Consider using an automated voice through a text-to-speech solution for your prompts. This will ensure that all your prompts are consistent throughout your menus, and it also makes it significantly easier to provide crucial updates within your IVR system.
Source: Ansafone Contact Centers, 2019
Remember: You don't need five selections! That is the maximum recommended number of prompts to use and will most likely be reserved for more complex call flows. More isn't always better. If you can limit your initial menu to fewer selections, then do so.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
IVR Initial Greeting |
||
---|---|---|
1. For Billing and Payments |
2. To Report an Outage |
3. To Make Changes to Your Plan or Account |
Allow Customers the Opportunity to Branch Out
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Understand your customers 1.2 Develop goals for your IVR 1.3 Align goals with KPIs 1.4 Build your initial IVR menu | 2.1 Build the second tier of your IVR menu 2.2 Build the third tier of your IVR menu | 3.1 Learn the benefits of a personalized IVR 3.2 Review new technology to apply to your IVR | 4.1 Gather insights on your IVR's performance 4.2 Create an agile review method |
73% |
of customers want to be provided with the ability to solve issues on their own. |
---|---|
67% |
of customers prefer to use self-service options over speaking with a customer service representative. |
Source: Raffle, 2020
Always provide your callers with the option to go back to a previous menu or to have menu options repeated.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Example
2.2.1 Complete your call flow tree by branching out your third and final tier of menu options.
While promoting self-service and automating certain processes will improve the functionality of your IVR, it is also important to realize that some issues will ultimately require human intervention. An effective IVR system harmonizes these concepts by making human contact an option, but not too early in the process. You need to find the right balance!
When organizing your IVR call flow tree, you need to be conscious of sending clients in an endless "IVR loop." You should never have your IVR continually repeat its menu options. Customers will abandon an IVR if they are stuck in an IVR loop, being forced to listen to the same information repeatedly without having a way to reach an agent.
If a problem cannot be solved within three steps or by the third tier of your IVR menus, callers should be provided with the option to speak to a live agent, if not automatically routed to one. By providing your callers with the option to speak to a live agent on the third tier of your IVR, you are still offering ample time for customers to discover an avenue to solve their issue on their own through self-service, without frustrating them by losing them in an endless loop of IVR options.
30% |
of customers say that not being able to reach a human agent is the most frustrating aspect of a poor customer service experience. |
---|
Source: ProProfs Chat, 2022
Consider routing callers to a live agent not only on the third tier of your IVR menus but also after three input errors. Multiple input errors can show an eagerness to speak to a representative or a strong misunderstanding of the IVR offering.
Don't think that just offering your customers the option to speak to a live agent is enough. When aiming to significantly improve your customers' experience, how you direct calls to your live agents plays a major role. When a call is being directed to a live agent, be sure to:
72% |
of customers view having to talk to multiple agents as poor customer service. Source: ProProfs Chat, 2022 |
---|---|
33% |
of customers highlight waiting on hold as being their biggest frustration. Source: EmailAnalytics, 2022 |
Remember: Your IVR system doesn't live in isolation. The information offered by your IVR, particularly from automated messages, should be consistent with information found within other resources (e.g. online knowledge bases).
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Let Your IVR Call Flow Tree Flourish
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Understand your customers 1.2 Develop goals for your IVR 1.3 Align goals with KPIs 1.4 Build your initial IVR menu | 2.1 Build the second tier of your IVR menu 2.2 Build the third tier of your IVR menu | 3.1 Learn the benefits of a personalized IVR 3.2 Review new technology to apply to your IVR | 4.1 Gather insights on your IVR's performance 4.2 Create an agile review method |
3.1.1 Review the benefits of offering personalized service, namely by connecting your IVR system with your customer knowledge base
The integration of your IVR system with your CRM or other applicable knowledge base allows for customer data (e.g. customer history and previous interactions) to be accessible to your staff during calls. Access to this data allows for a deeper understanding of your customers and for personalization of service. This provides immediate benefits to your contact center that will improve your customer experience.
When you inevitably do need to transfer a customer to another agent, they won't have to repeat their issue to a new representative, as all their information will now be easily accessible. Being forced to repeat themselves to multiple agents is a major cause of frustration for customers. This integration would also allow you to route callers to the previous agent that they dealt with whenever possible for the purpose of continuity, and it would enable you to implement other beneficial technologies as well.
One such example is "agent assist." Agent assist is an AI bot that listens in on calls, learning customer context and automatically searching knowledge bases to help resolve queries without the agent having to put the caller on hold to manually perform that work themselves. Not only does agent assist improve customer resolution times, but it also ramps up onboarding time, allowing for new agents to enter the workforce and perform with confidence earlier.
76% | of consumers expect personalized experiences. |
---|---|
71% | of customers expect internal collaboration so that they don't have to repeat themselves. Source: Zendesk, 2019 |
Personalizing your IVR does much more than just provide your customer service representatives with conversational context. Personalization enables your IVR to recognize callers by their phone number, or even by voice via biometric authentication technologies.
This advanced level of recognition allows your IVR to greet your callers by name, speak to them in their preferred language, send follow-up correspondence to their preferred method of communication (i.e. email or SMS), and even provide them with contact numbers and addresses for your organization's physical locations that are closest to them.
An example of a more advanced functionality is having your IVR call flow personalized for each customer based on their call history. As customers call in, their data is collected, ultimately improving your IVR's ability to predict and understand caller intent. This makes personalized call flows possible. If customers typically call in to make payments, your IVR can logically deduce that their next call will be for the same reason, and it will alter the call menu to direct them to that functionality more efficiently.
3.2.1 Review new technologies offered in the IVR space and understand their impact
Instead of making your customers work their way through your call flow tree to find out what they need, why not just ask them? Conversational IVR, also known as an "intuitive IVR system," makes this possible.
Think Google Assistant, Siri, and Alexa. Your customers can simply tell you what they need and your conversational IVR, using the advancements in natural language processing and conversational AI, will take it from there, directing callers to the resources needed to resolve their issues.
Powerful enough to understand full sentences and not just select words or phrases, the increased intelligence of a conversational IVR system allows it to handle complex customer inquiries. Leveraging machine learning capabilities, the system will only continue to improve its ability to understand caller intent, ultimately leading to increased call routing accuracy as it fields more and more calls.
Remember: Your customers want fast and easy, not overwhelming and confusing. Some customers who are greeted with an open-ended question from a conversational IVR may not be sure how to respond.
Understand your key customer demographics and act accordingly. It may be beneficial to provide your callers with guidelines of what to say. Outlining appropriate responses that will guide your customers to their desired department quicker will boost their experience with your conversational IVR.
60% |
of callers will bypass the pre-recorded messages in a standard IVR to reach a human voice. Source: Cognigy, 2020 |
---|---|
66% |
of requests can be resolved faster by a conversational IVR than by a live agent. Source: Cognigy, 2020 |
Despite this, only... |
|
28% |
of IVR systems contacted use voice response as their primary input method. Source: Telzio, 2020 |
Instead of updating the entire IVR system and implementing a conversational IVR, smaller and mid-level organizations should consider attaching a natural language processing front-end to their existing IVR. Through this, you will be able to reap a lot of the same benefits you would if you were to upgrade to a conversational IVR.
You can attach a natural language processing front-end to your existing IVR in two ways.
Keep Watering Your IVR Call Flow Tree
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Understand your customers 1.2 Develop goals for your IVR 1.3 Align goals with KPIs 1.4 Build your initial IVR menu | 2.1 Build the second tier of your IVR menu 2.2 Build the third tier of your IVR menu | 3.1 Learn the benefits of a personalized IVR 3.2 Review new technology to apply to your IVR | 4.1 Gather insights on your IVR's performance 4.2 Create an agile review method |
4.1.1 Understand the importance of receiving feedback and review the best methods for obtaining it from your clients.
Your live agents are on the proverbial front lines, fielding calls from customers daily. As such, they are the prime stakeholders for knowing what kinds of calls the organization receives and how often. Their input on the most frequent reasons that customers call, whether it be to address common pain points or to have FAQs answered, is invaluable. Ask them regularly for their feedback on how the IVR system is performing and which updates should be implemented.
While improving the agent experience is a driver behind adopting an IVR system, the focus should always be improving your customer experience. So why wouldn't you ask your customers for their feedback on your IVR offering? Most customers don't only want to be asked to provide feedback, they expect to be asked. Have your agents ask your customers directly about their experience with your IVR or use the functions of your IVR to offer automated end-of-call surveys.
Many IVR systems are capable of recording calls. Listening back on previous calls is another great way to further understand how your IVR is performing, and it also can provide a glimpse into your customers' experience.
Customer satisfaction score (CSAT) is a great way to determine how happy callers are with their experiences with your organization. CSAT surveys ask your clients outright how satisfied they are with their recent interaction and have them rate your service on a scale. While straightforward, the feedback received from CSAT surveys is more general and can lack depth.
For more detailed responses, consider asking your clients an open-ended question as opposed to using a rating scale. This will provide you with a more specific understanding of your customers' experience. For this, an IVR system that supports voice transcription is best. Automated speech-to-text functionality will ensure rapid results.
Another option is to offer a survey that includes skip logic. These multi-tiered surveys, much like an IVR call flow tree, direct your callers to different follow-up questions based on their previous answers. While capable of providing more insight into the customer experience, these surveys are only recommended for more complex service offerings.
Asking for feedback makes your callers feel valued, and it also provides your organization with extremely useful information – including an understanding of what you may need to change within your IVR
90% |
of consumers believe that organizations should provide them with the opportunity to give customer feedback. Source: SmallBizGenius, 2022 |
---|---|
41% |
of customer support professionals say that CSAT is their team's most important KPI. Source: Hiver, 2022 |
4.2.1 Understand the best practices for developing an ongoing review cycle for your IVR approach
![]() |
|
|
![]() |
Build a Strong Technology Foundation for Customer Experience Management |
|
![]() |
|
|
![]() |
|
"7 Conversational IVR Trends for 2021 and Beyond." Haptik, 25 March 2021. Accessed 16 June 2022.
"7 Remarkable IVR Trends For the Year 2022 And Beyond." Haptik, 30 Dec. 2021. Accessed 27 April 2022.
"8 IVR Strategies that Keep Customers Happy." Ansafone Contact Centers, 31 May 2019. Accessed 25 April 2022.
"Agent Assist." Speakeasy AI, 19 April 2022. Accessed 27 April 2022.
"AI chatbot that's easy to use." IBM, n.d. Accessed 21 June 2022.
"IVR Trends to Watch in 2020 and Beyond: Inside CX." Intrado, 1 May 2020. Accessed 27 April 2022.
"RIP IVR: 1980-2020." Vonage, 2 June 2020. Accessed 16 June 2022.
Andrea. "What do Customers Want? – 37 Customer Service Statistics." SmallBizGenius, 17 March 2022. Accessed 24 May 2022.
Anthony, James. "106 Customer Service Statistics You Must See: 2021/2022 Data & Analysis." FinancesOnline, 14 Jan. 2022. Accessed 27 April 2022.
Brown, James. "14 stats that prove the importance of self-service in customer service." raffle, 13 Oct. 2020. Accessed 17 June 2022.
Buesing, Eric, et al. "Getting the best customer service from your IVR: Fresh eyes on an old problem." McKinsey & Company, 1 Feb. 2019. Accessed 25 April 2022.
Callari, Ron. "IVR Menus and Best Practices." Telzio, 4 Sep. 2020. Accessed 27 April 2022.
Cornell, Jared. "104 Customer Service Statistics & Facts of 2022." ProProfs Chat, 6 April 2022. Accessed 16 June 2022.
DeCarlo, Matthew. "18 Common IVR Mistakes & How To Configure Effective IVR." GetVoIP, 13 June 2019. Accessed 27 April 2022.
DeMers, Jayson. "77 Customer Service Statistics to Know." EmailAnalytics, 23 March 2022. Accessed 27 April 2022.
Frants, Valeriy. Interview. Conducted by Austin Wagar, 22 June 2022.
Grieve, Patrick. "Personalized customer service: what it is and how to provide it." Zendesk, 28 June 2019. Accessed 27 April 2022.
"How Natural Language Processing Can Help Your Interactive Voice Response System Meet Best Practice." Hostcomm, 15 July 2019. Accessed 25 April 2022.
"IVR and customer experience: get the best UX for your clients." Kaleyra, 14 Dec. 2020. Accessed 25 April 2022.
Irvine, Bill. "Selecting an IVR System for Customer Satisfaction Surveys." IVR Technology Group, 14 April 2020. Accessed 22 June 2022.
Kulbyte, Toma. "Key Customer Experience Statistics to Know." SuperOffice, 24 June 2021. Accessed 24 May 2022.
Leite, Thiago. "What's the Difference Between Standard & Conversational IVR?" Cognigy, 27 Oct. 2020. Accessed 24 May 2022.
Maza, Cristina. "What is IVR? The ultimate guide." Zendesk, 30 Sep. 2020. Accessed 25 April 2022.
McCraw, Corey. "What is IVR Call Flow? Benefits, Features, Metrics & More." GetVoIP, 30 April 2020. Accessed 25 April 2022.
Mircevski, Bruno. "Smart IVR Introduction – What Is It and Why You Should Use It." Ideta, 7 March 2022. Accessed 28 April 2022.
Oriel, Astha. "Artificial Intelligence in IVR: A Step Towards Faster Customer Services." Analytics Insight, 19 Aug. 2020. Accessed 24 May 2022.
Perzynska, Kasia. "What is CSAT & How to Measure Customer Satisfaction?" Survicate, 9 March 2022. Accessed 22 June 2022.
Pratt, Mary K. "How to set business goals, step by step." TechTarget, 27 April 2022. Accessed 21 June 2022.
Robinson, Kerry. "Insight of the Week: Make Your IVR More Like Alexa." Waterfield Tech, 20 April 2022. Accessed 25 April 2022.
Sehgal, Karishma. "Exclusive Research – 76% of customer service teams offer support outside of business hours." Hiver, 4 May 2022. Accessed 22 June 2022.
Smith, Mercer. "111 Customer Service Statistics and Facts You Shouldn't Ignore." Help Scout, 23 May 2022. Accessed 24 June 2022.
Thompson, Adrian. "A Guide to Conversational IVR." The Bot Forge, 27 Jan. 2021. Accessed 21 June 2022.
Tolksdorf, Juergen. " 5 Ways to Leverage AI and Agent-Assist to Improve Customer Experience." Genesys, 19 May 2020. Accessed 27 April 2022.
Vaish, Aakrit. "5 ways conversational IVR is helping businesses revolutionize customer service." ETCIO.com, 20 March 2020. Web.
Westfall, Leah. "Improving customer experience with the right IVR strategy." RingCentral, 23 July 2021. Accessed 25 April 2022.
If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.
For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.
The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.
Use this tool to input the outcomes of your various application assessments.
“HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
– Nigel Cheshire in Team Studio
You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.
For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.
The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.
Is “Lotus” Domino still alive?
The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.
Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:
With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.
“There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”
– Rob Salerno, Founder & CTO, Rivet Technology Partners
by Darin Stahl
Key/Value | Column | ||
---|---|---|---|
Use case: Heavily accessed, rarely updated, large amounts of data |
Use case: High availability, multiple data centers |
||
Document | Graph | ||
Use case: Rapid development, Web and programmer friendly |
Use case: Best at dealing with complexity and relationships/networks |
Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.
Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.
Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.
Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.
Retire the application, storing the application data in a long-term repository.
The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.
Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.
Be aware of the costs associated with archiving. The more you archive, the more it will cost you.
Migrate to a new version of the application
An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.
This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.
Transition an existing Domino application to a new modern platform
This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.
Two challenges are particularly significant when migrating or replatforming Domino applications:
There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.
Stay with HCL, understanding its future commitment to the platform.
Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:
That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.
“SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*
Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino
Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.
Croatia
“Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*
Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.
Rivive Me: Migrate Notes Domino applications to an enterprise web application
Canada
* rivit.ca
“More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*
SkyBow Studio: The low-code platform fully integrated into Microsoft 365
Switzerland
“CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*
CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.
United Kingdom
“4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*
4WS.Platform is available in two editions: Community and Enterprise.
The Platform Enterprise Edition, allows access with an optional support pack.
4WS.Platform’s technical support provides support services to the users through support contracts and agreements.
The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.
Italy
Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.
Use this Application Rationalization Tool to input the outcomes of your various application assessments
Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.
Watch out for misleading scores that result from poorly designed criteria weightings.
Manage your application portfolio to minimize risk and maximize value.
Empower the business to implement their own applications with a trusted business-IT relationship.
Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.
Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.
Leverage your vendor sourcing process to get better results.
Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).
Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.
Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.
Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.
“Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.
McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.
Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.
Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Ensure the purchase is the lowest cost with fewest future headaches.
Select the most appropriate offering for business needs at a competitive price point.
Get the lowest priced feature set for the selected product.
Successful execution of business strategy requires planning that:
To accomplish this, the business architect must engage stakeholders, model the business, and drive planning with business architecture.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build a structured, repeatable framework for both IT and business stakeholders to appraise the activities that deliver value to consumers; and assess the readiness of their capabilities to enable them.
This template helps you ensure that your business architecture practice receives the resources, visibility, and support it needs to be successful, by helping you develop a strategy to engage the key stakeholders involved.
Record the complete value stream and decompose it into stages. Add a description of the expected outcome of the value stream and metrics for each stage.
Build a business capability model for the organization and map capabilities to the selected value stream.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify and consult stakeholders to discover the business goals and value proposition for the customer.
Engage stakeholders and SMEs in describing the business and its priorities and culture.
Identify focus for the areas we will analyze and work on.
1.1 Select key stakeholders
1.2 Plan for engaging stakeholders
1.3 Gather business goals and priorities
Stakeholder roles
Engagement plan
Business strategy, value proposition
Describe the main value-adding activities of the business from the consumer’s point of view, e.g. provide product or service.
Shared understanding of why we build resources and do what we do.
Starting point for analyzing resources and investing in innovation.
2.1 Define or update value streams
2.2 Decompose selected value stream(s) into value stages and identify problematic areas and opportunities
Value streams for the enterprise
Value stages breakdown for selected value stream(s)
Describe all the capabilities that make up an organization and enable the important customer-facing activities in the value streams.
Basis for understanding what resources the organization has and their ability to support its growth and success.
3.1 Define and describe all business capabilities (Level 1)
3.2 Decompose and analyze capabilities for a selected priority value stream.
Business Capability Map (Level 1)
Business Capabilities Level 2 for selected value stream
Use the Business Capability Map to identify key capabilities (e.g. cost advantage creator), and look more closely at what applications or information or business processes are doing to support or hinder that critical capability.
Basis for developing a roadmap of IT initiatives, focused on key business capabilities and business priorities.
4.1 Identify key capabilities (cost advantage creators, competitive advantage creators)
4.2 Assess capabilities with the perspective of how well applications, business processes, or information support the capability and identify gaps
4.3 Apply analysis tool to rank initiatives
Business Capability Map with key capabilities: cost advantage creators and competitive advantage creators
Assessment of applications or business processes or information for key capabilities
Roadmap of IT initiatives
Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
35,000 members sharing best practices you can leverage | Millions spent developing tools and templates annually | Leverage direct access to over 100 analysts as an extension of your team | Use our massive database of benchmarks and vendor assessments | Get up to speed in a fraction of the time |
Business architecture provides a holistic and unified view of:
Without a business architecture it is difficult to see the connections between the business’s activities for the customer and the IT resources supporting them – to demonstrate that what we do in IT is customer-driven.
As a map of your business, the business architecture is an essential input to the digital strategy:
Crystal Singh
Research Director, Data and Analytics
Info-Tech Research Group
Andrea Malick
Research Director, Data and Analytics
Info-Tech Research Group
Your Challenge | Common Obstacles | Info-Tech’s Approach |
Organizations need to innovate rapidly to respond to ever-changing forces and demands in their industry. But they often fail to deliver meaningful outcomes from their IT initiatives within a reasonable time. Successful companies are transforming, i.e. adopting fluid strategies that direct their resources to customer-driven initiatives and execute more quickly on those initiatives. In a responsive and digital organization, strategies, capabilities, information, people, and technology are all aligned, so work and investment are consistently allocated to deliver maximum value. |
You don’t have a complete reference map of your organization’s capabilities on which to base strategic decisions. You don’t know how to prioritize and identify the capabilities that are essential for achieving the organization’s customer-driven objectives. You don’t have a shared enterprise vision, where everyone understands how the organization delivers value and to whom. |
Begin important business decisions with a map of your organization – a business reference architecture. Model the business in the form of architectural blueprints. Engage your stakeholders. Recognize the opportunity for mapping work, and identify and engage the right stakeholders. Drive business architecture forward to promote real value to the organization. Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and prioritize projects. |
Info-Tech Insight
Business architecture is the set of strategic planning techniques that connects organization strategy to execution in a manner that is accurate and traceable and promotes the efficient use of organizational resources.
Phase | Purpose | Activity | Outcome |
1. | Business context: Identify organization goals, industry drivers, and regulatory requirements in consultation with business stakeholders. |
Identify forces within and outside the organization to consider when planning the focus and timing of digital growth, through conducting interviews and surveys and reviewing existing strategies. | Business value canvas, business strategy on a page, customer journey |
2. | Customer activities (value stream): What is the customer doing? What is our reason for being as a company? What products and services are we trying to deliver? |
Define or update value streams, e.g. purchase product from supplier, customer order, and deliver product to customer. | Value streams enterprise-wide (there may be more than one set of value streams, e.g. a medical school and community clinic) |
Prioritize value streams: Select key value streams for deeper analysis and focus. |
Assess value streams. | Priority value streams | |
Value stages: Break down the selected value stream into its stages. |
Define stages for selected value streams. | Selected value stream stages | |
3. | Business capability map, level 1 enterprise: What resources and capabilities at a high level do we have to support the value streams? |
Define or update the business capabilities that align with and support the value streams. | Business capability map, enterprise-wide capabilities level 1 |
Business capability map, level 2 for selected area: List resources and capabilities that we have at a more detailed level. |
Define or update business capabilities for selected value stream to level 2. | Business capability map, selected value stream, capability level 2 | |
Heatmap Business Capability Map: Flag focus areas in supporting technology, applications, data and information. |
Day 1: Discover Business Context | Day 2: Define Value Streams | Day 3: Build Business Capability Map | Day 4: Roadmap Business Architecture | ||
---|---|---|---|---|---|
Phase Steps |
1.1 Collect corporate goals and strategies 1.2 Identify stakeholders |
2.1 Build or update value streams 2.2 Decompose selected value stream into value stages and analyze for opportunities |
3.1 Update business capabilities to level 1 for enterprise 3.2 For selected value streams, break down level 1 to level 2 |
3.3 Use business architecture to heatmap focus areas: technology, information, and processes 3.4 Build roadmap of future business architecture initiatives |
|
Phase Outcomes |
|
|
|
|
INDUSTRY VALUE CHAIN | DIGITAL TRANSFORMATION | BUSINESS ARCHITECTURE |
A high-level analysis of how the industry creates value for the consumer as an overall end-to-end process. | The adoption of digital technologies to innovate and re-invent existing business, talent ,and operating models to drive growth, business value, and improved customer experience. | A holistic, multidimensional business view of capabilities, end-to-end value, and operating model in relation to the business strategy. |
INDUSTRY VALUE STREAM | STRATEGIC OBJECTIVES | CAPABILITY ASSESSMENTS |
A set of activities, tasks, and processes undertaken by a business or a business unit across the entire end-to-end business function to realize value. | A set of standard objectives that most industry players will feature in their corporate plans. | A heat-mapping effort to analyze the maturity and priority of each capability relative to the strategic priorities that they serve. |
1 | Understand the business context and drivers Deepen your understanding of the organization’s priorities by gathering business strategies and goals. Talking to key stakeholders will allow you to get a holistic view of the business strategy and forces shaping the strategy, e.g. economy, workforce, and compliance. |
2 | Define value streams; understand the value you provide Work with senior leadership to understand your customers’ experience with you and the ways your industry provides value to them. Assess the value streams for areas to explore and focus on. |
3 | Customize the industry business architecture;
develop business capability map
Work with business architects and enterprise architects to customize Info-Tech’s business architecture for your industry as an enterprise-wide map of the organization and its capabilities. Extend the business capability map to more detail (Level 2) for the value stream stages you select to focus on. |
Business architecture provides a framework that connects business strategy and IT strategy to project execution through a set of models that provide clarity and actionable insights. How well do you know your business?
Business architecture is:
Business architecture must be branded as a front-end planning function to be appropriately embedded in the organization’s planning process.
Brand business architecture as an early planning pre-requisite on the basis of maintaining clarity of communication and spreading an accurate awareness of how strategic decisions are being made.
As an organization moves from strategy toward execution, it is often unclear as to exactly how decisions pertaining to execution are being made, why priority is given to certain areas, and how the planning function operates.
The business architect’s primary role is to model this process and document it.
In doing so, the business architect creates a unified view as to how strategy connects to execution so it is clearly understood by all levels of the organization.
Business Architecture | ||
---|---|---|
Business strategy map | Business model canvas | Value streams |
Business capability map | Business process flows | Service portfolio |
Data Architecture | Application Architecture | Infrastructure Architecture |
Conceptual data model | Application portfolio catalog | Technology standards catalog |
Logical data model | Application capability map | Technology landscape |
Physical data model | Application communication model | Environments location model |
Data flow diagram | Interface catalog | Platform decomposition diagram |
Data lifecycle diagram | Application use-case diagram | Network computing / hardware diagram |
Security Architecture | ||
Enterprise security model | Data security model | Application security model |
The key characteristic of the business architecture is that it represents real-world aspects of a business, along with how they interact.
Many different views of an organization are typically developed. Each view is a diagram that illustrates a way of understanding the enterprise by highlighting specific information about it:
The business owns the strategy and operating model; the business architect connects all the pieces together.
R | Business Architect (Responsible) |
A | Business Unit Leads (Accountable) |
C | Subject Matter Experts (Consulted) – Business Lines, Operations, Data, Technology Systems & Infrastructure Leads |
I | Business Operators (Informed) – Process, Data, Technology Systems & Infrastructure |
Picking the right project is critical to setting the tone for business architecture work in the organization.
Consider these best practices to maintain a high level of engagement from key stakeholders throughout the process of establishing or applying business architecture.
Balance short-term cost savings with long-term benefits
Participate in project governance to facilitate compliance
Create a center of excellence to foster dialogue
It is important to understand the different value-generating activities that deliver an outcome for and from your customers.
We do this by looking at value streams, which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).
Our approach helps you to strengthen and transform those value streams that generate the most value for your organization.
An organization can have more than one set of streams.
For example, an enterprise can provide both retail shopping and financial services, such as credit cards.
Value Streams | Create or Purchase the Product | Manage Inventory | Distribute Product | Sell Product, Make Product Available to Customers |
---|---|---|---|---|
|
|
|
|
Value streams – the activities we do to provide value to customers – require business capabilities.
Value streams are broken down further into value stages, for example, the Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.
Think of value streams as the core operations: the reason for your organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services; a business capability that supports it is legal counsel.
The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.
Each value stream should have a trigger or starting point and an end result for a client or receiver.
There should be measurable value or benefits at each stage. These are key performance indicators (KPIs). Spot problem areas in the stream.
Value streams usually fall into one of these categories:
Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the value-add activities in the value stream. Business capabilities lie at the top layer of the business architecture:
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Example business capability map for: Higher Education
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Example business capability map for: Local Government
Value streams – the activities we do to provide value to customers – require business capabilities. Value streams are broken down further into value stages.
Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the activities in the value stage to spot opportunities and problems in delivering services and value.
Business processes fulfill capabilities. They are a step-by-step description of who is performing what to achieve a goal. Capabilities consist of networks of processes and the resources – people, technology, materials – to execute them.
Capability = Processes + Software, Infrastructure + People
Align the business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).
Prioritize a value stream to transform based on the number of priorities aligned to a value stream, and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).
Decompose the selected value stream into value stages.
Align capabilities level 1 and 2 to value stages. One capability may support several value stages in the stream.
Build a business architecture for the prioritized value stream with a map of business capabilities up to level 2.
NOTE: We can’t map all capabilities all at once: business architecture is an ongoing practice; select key mapping initiatives each year based on business goals.
Business value defines the success criteria of an organization as manifested through organizational goals and outcomes, and it is interpreted from four perspectives:
It’s never a good idea to start with a blank page.
The business capability map available from Info-Tech and with industry standard models can be used as an accelerator. Assemble the relevant stakeholders – business unit leads and product/service owners – and modify the business capability map to suit your organization’s context.
Acceleration path: Customize generic capability maps with the assistance of our industry analysts.
Business context | Define value streams | Build business capability map |
---|---|---|
1.1 Select key stakeholders 1.2 Collect and understand corporate goals |
2.1 Update or define value streams 2.2 Decompose and analyze selected value stream |
3.1 Build level 1 capability map 3.2 Build level 2 capability map 3.3 Heatmap capability map 3.4 Roadmap |
Use inputs from business goals and strategies to understand priorities.
It is not necessary to have a comprehensive business strategy document to start – with key stakeholders, the business architect should be able to gather a one-page business value canvas or customer journey.
What is business context?
“The business context encompasses an understanding of the factors impacting the business from various perspectives, including how decisions are made and what the business is ultimately trying to achieve. The business context is used by IT to identify key implications for the execution of its strategic initiatives.”
Source: Businesswire, 2018
First, as the CIO, you must engage executive stakeholders and secure their support.
Focus on key players who have high power and high interest in business architecture.
Engage the stakeholders who are impacted the most and have the power to impede the success of business architecture.
For example, if the CFO – who has the power to block funding – is disengaged, business architecture will be put at risk.
Use Info-Tech’s Stakeholder Power Map Template to help prioritize time spent with stakeholders.
A business architecture project may involve the following stakeholders:
You must identify who the stakeholders are for your business architecture work.
Think about:
Avoid these common mistakes:
1-3 hours
Build an accurate depiction of the business.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
A business strategy must articulate the long-term destination the business is moving into. This illustration shapes all the strategies and activities in every other part of the business, including what IT capabilities and resources are required to support business goals. Ultimately, the benefits of a well-defined business strategy increase as the organization scales and as business units or functions are better equipped to align the strategic planning process in a manner that reflects the complexity of the organization.
Using the Business Strategy on a Page canvas, consider the questions in each bucket to elicit the overall strategic context of the organization and uncover the right information to build your digital strategy. Interview key executives including your CEO, CIO, CMO, COO, CFO, and CRO, and review documents from your board or overall organizational strategy to uncover insights.
Info-Tech Insight
A well-articulated and clear business strategy helps different functional and business units work together and ensures that individual decisions support the overall direction of the business.
Examples business objectives:
Info-Tech Insight
CIOs are ideally positioned to be the sponsors of business architecture given that their current top priorities are digital transformation, innovation catalyzation, and business alignment.
1-3 hours
Having a clear understanding of the business is crucial to executing on the strategic IT initiatives.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Vision Where do you want to go? Mission/Mandate What do you do? |
Value Streams Why are you in business? What do you do? |
Key Products & Services What are your top three to five products and services? |
Key Customer Segments Who are you trying to serve or target? |
Value Proposition What is the value you deliver to your customers? Future Value Proposition What is your value proposition in three to five years’ time? |
Digital Experience Aspirations How can you create a more effective value stream? |
Business Resilience Aspirations How can you reduce business risks? |
Sustainability (or ESG) Aspirations How can you deliver ESG and sustainability goals? |
CEO |
Core Business Goals What are the core business goals to meet business objectives? |
Top Priorities & Initiatives What are the top initiatives and priorities over the planning horizon? |
Performance Insights/Metrics What do we need to achieve? |
CMO |
Shared Business Goals What are the shared (operational) business goals to meet business objectives? |
Top Priorities & Initiatives What are the top initiatives and priorities over the planning horizon? |
Performance Insights/Metrics What do we need to achieve? |
CFO |
Enabling Business Goals What are the enabling (supporting/enterprise) business goals to meet business objectives? |
Top Priorities & Initiatives What are the top initiatives and priorities over the planning horizon? |
Performance Insights/Metrics What do we need to achieve? |
The BA practice’s supporters are potential champions who will help you market the value of BA; engage with them first to create positive momentum. Map out the concerns of each group of stakeholders so you can develop marketing tactics and communications vehicles to address them.
Example Communication Strategy
Stakeholder Concerns | Tactics to Address Concerns | Communication Vehicles | Frequency | |
---|---|---|---|---|
Supporters (High Priority) |
|
|
|
Bi-Monthly |
Indifferent (Medium Priority) |
|
|
|
Quarterly |
Resistors (Medium Priority) |
|
|
|
Tailored to individual groups |
1-2 hours
Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.
Think about the following:
Avoid these common mistakes:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the Stakeholder Engagement Strategy Template for this project.
CASE STUDY
IndustrySource
Anonymous
Situation | Complication | Result |
---|---|---|
To achieve success with the business architecture initiative, the bank’s CIO needed to put together a plan to engage the right stakeholders in the process. Without the right stakeholders, the initiative would suffer from inadequate information and thus would run the risk of delivering an ineffective solution. |
The bank’s culture was resistant to change and each business unit had its own understanding of the business strategy. This was a big part of the problem that led to decreasing customer satisfaction. The CIO needed a unified vision for the business architecture practice involving people, process, and technology that all stakeholders could support. |
Starting with enlisting executive support in the form of a business sponsor, the CIO identified the rest of the key stakeholders, in this case, the business unit heads, who were necessary to engage for the initiative. Once identified, the CIO promoted the benefits of business architecture to each of the business unit heads while taking stock of their individual needs. |
1 hour
Using your stakeholder power map as a starting point, focus on the three most important quadrants: those that contain stakeholders you must keep informed, those to keep satisfied, and the key players.
Plot the stakeholders from those quadrants on a stakeholder engagement map.
Think about the following:
Avoid these common mistakes:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the Stakeholder Engagement Strategy Template for this project.
1-2 hours
Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.
Think about the following:
Avoid these common mistakes:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the Stakeholder Engagement Strategy Template for this project.
Business context | Define value streams | Build business capability map |
---|---|---|
1.1 Select key stakeholders |
2.1 Update or define value streams |
3.1 Build Level 1 capability map |
This phase will walk you through the following activities:
This phase involves the following participants:
Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities.
There are several key questions to ask when endeavoring to identify value streams.
Key Questions |
---|
|
Value Streams | Create or Purchase Product | Manage Inventory | Distribute Product | Sell Product |
|
|
|
|
Value streams – the activities we do to provide value to customers – require business capabilities.
Value streams are broken down further into value stages, for example, Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.
Think of value streams as the core operations, the reason for our organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services – a business capability that supports it is legal counsel.
1-3 hours
Unify the organization’s perspective on how it creates value.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
See your Info-Tech Account Representative for access to the Reference Architecture Template
The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.
Each value stream should have a trigger or starting point and an end result for a client or receiver.
There should be measurable value or benefits at each stage.
These are key performance indicators (KPIs).
Spot problem areas in the stream.
Value streams usually fall into one of these categories:
Customer Acquisitions
Identify Prospects > Contact Prospects > Verify Interests
Sell Product
Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment
Product Delivery
Confirm Order > Plan Load > Receive Warehouse > Fill Order > Ship Order > Deliver Order > Invoice Customer
Product Financing
Initiate Loan Application > Decide on Application > Submit Documents > Review & Satisfy T&C > Finalize Documents > Conduct Funding > Conduct Funding Audits
Product Release
Ideate > Design > Build > Release
Sell Product is a value stream, made up of value stages Identify options, Evaluate options, and so on.
1-3 hours
Once we have a good understanding of our value streams, we need to decide which ones to focus on for deeper analysis and modeling, e.g. extend the business architecture to more detailed level 2 capabilities.
Organization has goals and delivers products or services.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
The first step of creating a value stream is defining it.
The second step is the value stream mapping.
Title
Scope
Objectives
Example Value Streams List
Title | Scope | Objectives |
Sell Product | From option identification to payment | Revenue Growth |
… | … | … |
… | … | … |
A Decompose the Value Stream Into Stages | B Add the Customer Perspective |
|
|
C Add the Expected Outcome | D Define the Entry and Exit Criteria |
|
|
E Outline the Metrics | F Assess the Stages |
|
|
The first step in creating a value stream map is breaking it up into its component stages.
The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream.
The Benefit
Segmenting your value stream into individual stages will give you a better understanding of the steps involved in creating value.
The Benefit
Adding the customer’s perspective will inform you of their priorities at each stage of the value stream.
The Benefit
Understanding the organization’s desired outcome at each stage of the value stream will help set objectives and establish metrics.
The Benefit
Establishing the entry and exit criteria for each stage will help you understand how the customer experience flows from one end of the stream to the other.
The Benefit
Setting metrics for each stage will facilitate the tracking of success and inform the business architecture practitioner of where investments should be made.
To determine which specific business capabilities you should seek to assess and potentially refine, you must review performance toward target metrics at each stage of the value stream.
Stages that are not performing to their targets should be examined further by assessing the capabilities that enable them.
Value Stage | Metric Description | Metric Target | Current Measure | Meets Objective? |
Evaluate Options | Number of Product Demonstrations | 12,000/month | 9,000/month | No |
Identify Options | Google Searches | 100K/month | 100K/month | Yes |
Identify Options | Product Mentions | 1M/month | 1M/month | Yes |
… | Website Traffic (Hits) | … | … | … |
Average Deal Size | ||||
Number of Deals | ||||
Time to Complete an Order | ||||
Percentage of Invoices Without Error | ||||
Average Time to Acquire Payment in Full |
Sell Product
Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment
The value stage(s) that doesn’t meet its objective metrics should be examined further.
Info-Tech Insight
In the absence of tangible metrics, you will have to make a qualitative judgement about which stage(s) of the value stream warrant further examination for problems and opportunities.
Business context | Define value streams | Build business capability map |
---|---|---|
1.1 Select key stakeholders 1.2 Collect and understand corporate goals |
2.1 Update or define value streams 2.2 Decompose and analyze selected value stream |
3.1 Build Level 1 capability map 3.2 Build Level 2 capability map 3.3 Heatmap capability map 3.4 Roadmap |
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
The Business Capability Map is the primary visual representation of the organization’s key abilities or services that are delivered to stakeholders. This model forms the basis of strategic planning discussions.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Example business capability map for: Higher Education
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Example business capability map for: Local Government
Source: Lambert, “Practical Guide to Agile Strategy Execution”
1-3 hours
Ensure you engage with the right stakeholders:
Don’t waste your efforts building an inaccurate depiction of the business: The exercise of identifying capabilities for an organization is very introspective and requires deep analysis.
It is challenging to develop a common language that everyone will understand and be able to apply. Invest in the time to ensure the right stakeholders are brought into the fold and bring their business area expertise and understanding to the table.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Align the innovation goals and business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).
Prioritize a value stream to transform based on the number of priorities aligned to a value stream and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).
Working alongside a business or enterprise architect, build a reference architecture for the prioritized value stream up to level 2.
Info-Tech Insight
To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value (EBITDA earnings).
1-3 hours
It is only at level 2 and further that we can pinpoint the business capabilities – the exact resources, whether applications or data or processes – that we need to focus on to realize improvements in the organization’s performance and customer experience.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template
1-3 hours
Determine the organization’s key capabilities.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template
Note: Illustrative Example
Note: Illustrative Example
Note: Illustrative Example
Note: Illustrative Example
Note: Illustrative Example
MoSCoW Rank | IT Implication | Value Stream Impacted | Comments/Actions |
---|---|---|---|
M | [Implication] | [Value Stream] | |
M | [Implication] | [Value Stream] | |
M | [Implication] | [Value Stream] | |
S | [Implication] | [Value Stream] | |
S | [Implication] | [Value Stream] | |
S | [Implication] | [Value Stream] | |
C | [Implication] | [Value Stream] | |
C | [Implication] | [Value Stream] | |
C | [Implication] | [Value Stream] | |
W | [Implication] | [Value Stream] | |
W | [Implication] | [Value Stream] | |
W | [Implication] | [Value Stream] |
1-3 hours
Unify the organization’s perspective on how it creates value.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template
Enterprise Architecture Domain | Architectural View | Selection |
---|---|---|
Business Architecture | Business strategy map | Required |
Business Architecture | Business model canvas | Optional |
Business Architecture | Value streams | Required |
Business Architecture | Business capability map | Not Used |
Business Architecture | Business process flows | |
Business Architecture | Service portfolio | |
Data Architecture | Conceptual data model | |
Data Architecture | Logical data model | |
Data Architecture | Physical data model | |
Data Architecture | Data flow diagram | |
Data Architecture | Data lineage diagram |
The Industry Business Reference Architecture Template for your industry is a place for you to collect all of the activity outputs and outcomes you’ve completed for use in next-steps.
Download the Industry Business Reference Architecture Template for your industry
DIY Toolkit | Guided Implementation | Workshop | Consulting |
---|---|---|---|
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks are used throughout all four options
Name | Role | Organization |
Ibrahim Abdel-Kader | Research Analyst, Data & Analytics | Info-Tech Research Group |
Ben Abrishami-Shirazi | Technical Counselor, Enterprise Architecture | Info-Tech Research Group |
Andrew Bailey | Consulting, Manager | Info-Tech Research Group |
Dana Dahar | Research & Advisory Director, CIO / Digital Business Strategy | Info-Tech Research Group |
Larry Fretz | VP | Info-Tech Research Group |
Shibly Hamidur | Enterprise Architect | Toronto Transit Commission (TTC) |
Rahul Jaiswal | Principal Research Director, Industry | Info-Tech Research Group |
John Kemp | Executive Counselor, Executive Services | Info-Tech Research Group |
Gerald Khoury | Senior Executive Advisor | Info-Tech Research Group |
Igor Ikonnikov | Principal Advisory Director, Data & Analytics | Info-Tech Research Group |
Daniel Lambert | VP | Benchmark Consulting |
Milena Litoiu | Principal Research Director, Enterprise Architecture | Info-Tech Research Group |
Andy Neill | AVP Data & Analytics, Chief Enterprise Architect | Info-Tech Research Group |
Rajesh Parab | Research Director, Data & Analytics | Info-Tech Research Group |
Rick Pittman | VP, Research | Info-Tech Research Group |
Irina Sedenko | Research Director, Data & Analytics | Info-Tech Research Group |
Andriole, Steve. “Why No One Understands Enterprise Architecture & Why Technology Abstractions Always Fail.” Forbes, 18 September 2020. Web.
“APQC Process Classification Framework (PCF) – Retail.” American Productivity & Quality Center, 9 January 2019. Web.
Brose, Cari. “Who’s on First? Architecture Roles and Responsibilities in SAFe.” Business Architecture Guild, 9 March 2017. Web.
Burlton, Roger, Jim Ryne, and Daniel St. George. “Value Streams and Business Processes: The Business Architecture Perspective.” Business Architecture Guild, December 2019. Web.
“Business Architecture: An overview of the business architecture professional.” Capstera, 5 January 2022. Web.
Business Architecture Guild. “What is Business Architecture?” Business Analyst Mentor, 18 November 2022. Web.
“Business Architecture Overview.” The Business Architecture Working Group of the Object Management Group (OMG), n.d. Web.
“Delivering on your strategic vision.” The Business Architecture Guild, n.d. Web.
Ecker, Grant. “Deploying business architecture.” LinkedIn, 11 November 2021. (Presentation)
IRIS. “Retail Business Architecture Framework and Examples.” IRIS Business Architect, n.d. Web.
IRIS. “What Is Business Architecture?” IRIS Business Architect, 8 May 2014. Web.
IRIS. “Your Enterprise Architecture Practice Maturity 2021 Assessment.” IRIS Business Architect, 17 May 2021. Web.
Khuen, Whynde. “How Business Architecture Breaks Down and Bridges Silos.” Biz Arch Mastery, January 2020. Web.
Lambert, Daniel. “Practical Guide to Agile Strategy Execution.” 18 February 2020.
Lankhorst, Marc, and Bernd Ihnen. “Mapping the BIZBOK Metamodel to the ArchiMate Language.” Bizzdesign, 2 September 2021. Web.
Ramias, Alan, and Andrew Spanyi, “Demystifying the Relationship Between Processes and Capabilities: A Modest Proposal.” BPTrends, 2 February 2015. Web.
Newman, Daniel. “NRF 2022: 4 Key Trends From This Year’s Big Show.” Forbes, 20 January 2022. Web.
Research and Markets. “Define the Business Context Needed to Complete Strategic IT Initiatives: 2018 Blueprint.” Business Wire, 1 February 2018. Web.
Sabanoglu, Tugba. “Retail market worldwide - Statistics & Facts.” Statista, 21 April 2022. Web.
Spacey, John. “Capability vs Process.” Simplicable, 18 November 2016. Web.
“The Definitive Guide to Business Capabilities.” LeanIX, n.d. Web.
TOGAF 9. Version 9.1. The Open Group, 2011. Web.
“What is Business Architecture?” STA Group, 2017. PDF.
Whittie, Ralph. “The Business Architecture, Value Streams and Value Chains.” BA Institute, n.d. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define and align your team on target persona, outline steps to capture and document a robust buyer persona and journey, and capture current team buyer knowledge.
Hold initial buyer interviews, test initial results, and continue with interviews.
Consolidate interview findings, present to product, marketing, and sales teams. Work with them to apply to product design, marketing launch/campaigning, and sales and customer success enablement.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Organize, drive alignment on target persona, and capture initial views.
Steering committee and project team roles and responsibilities clarified.
Product, marketing, and sales aligned on target persona.
Build initial team understanding of persona.
1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.
1.2 Identify buyer persona choices and settle on an initial target.
1.3 Document team knowledge about buyer persona (and journey where possible).
Documented steering committee and working team
Executive Brief on personas and journey
Personas and initial targets
Documented team knowledge
Build list of buyer interviewees, finalize interview guide, and validate current findings with analyst input.
Interview efficiently using 75-question interview guide.
Gain analyst help in persona validation, reducing workload.
2.1 Share initial insights with covering industry analyst.
2.2 Hear from industry analyst their perspectives on the buyer persona attributes.
2.3 Reconcile differences; update “current understanding.”
2.4 Identify interviewee types by segment, region, etc.
Analyst-validated initial findings
Target interviewee types
Validate current persona hypothesis and flush out those attributes only derived from interviews.
Get to a critical mass of persona and journey understanding quickly.
3.1 Identify actual list of 15-20 interviewees.
3.2 Hold interviews and use interview guides over the course of weeks.
3.3 Hold review session after initial 3-4 interviews to make adjustments.
3.4 Complete interviews.
List of interviewees; calls scheduled
Initial review – “are you going in the right direction?”
Completed interviews
Summarize persona and journey attributes and provide activation guidance to team.
Understanding of product market fit requirements, messaging, and marketing, and sales asset content.
4.1 Summarize findings.
4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.
4.3 Convene steering committee/executives and working team for final review.
4.4 Schedule meetings with colleagues to action results.
Complete findings
Action items for team members
Plan for activation
Measure results, adjust, and improve.
Activation of outcomes; measured results.
5.1 Review final copy, assets, launch/campaign plans, etc.
5.2 Develop/review implementation plan.
5.3 Reconvene team to review results.
Activation review
List of suggested next steps
B2B marketers without documented personas and journeys often experience the following:
Without a deeper understanding of buyer needs and how they buy, B2B marketers will waste time and precious resources targeting the incorrect personas.
Despite being critical elements, organizations struggle to build personas due to:
In today’s Agile development environment, combined with the pressure to generate revenues quickly, high tech marketers often skip the steps necessary to go deeper to build buyer understanding.
With a common framework and target output, clients will:
Clients who activate findings from buyer personas and journeys will see a 50% results improvement.
SoftwareReviews Insight:
Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.
Jeff Golterman, Managing Director, SoftwareReviews Advisory
“44% of B2B marketers have already discovered the power of Personas.”
– Hasse Jansen, Boardview.io!, 2016
“It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way, by knowing what your customer wants and needs, you can present them with content targeted specifically to their wants and needs.”
– Emma Bilardi, Product Marketing Alliance, 2020
“Marketing eutopia is striking the all-critical sweet spot that adds real value and makes customers feel recognized and appreciated, while not going so far as to appear ‘big brother’. To do this, you need a deep understanding of your audience coming from a range of different data sets and the capability to extract meaning.”
– Plexure, 2020
SoftwareReviews Advisory Insight:
Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.
1. Document Team Knowledge of Buyer Persona and Drive Alignment | 2. Interview Target Buyer Prospects and Customers | 3. Create Outputs and Apply to Marketing, Sales, and Product | |
---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes |
|
|
|
Our methodology will enable you to align your team on why it’s important to capture the most important attributes of buyer persona including:
Functional – “to find them” | ||||||
Job Role | Title | Org. Chart Dynamics | Buying Center | Firmographics | ||
Emotive – “what they do and jobs to be done” | ||||||
Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? | Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? | Buyer Need: They may have multiple needs; which need is most likely met with the offering? | Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue? | |||
Decision Criteria – “how they decide” | ||||||
Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). | Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through? | |||||
Solution Attributes – “what does the ideal solution look like” | ||||||
Steps in “Jobs to Be Done” | Elements of the “Ideal Solution” | Business outcomes from ideal solution | Opportunity scope; other potential users | Acceptable price for value delivered | Alternatives that see consideration | Solution sourcing: channel, where to buy |
Behavioral Attributes – “how to approach them successfully” | ||||||
Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). | Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? | Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)? |
“~2/3 of [B2B] buyers prefer remote human interactions or digital self-service.” And during Aug. ‘20 to Feb. ‘21, use of digital self-service to interact with sales reps leapt by more than 10% for both researching and evaluating new suppliers.”
– Liz Harrison, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai McKinsey & Company, 2021
SoftwareReviews Advisory Insight:
Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is affected due to events such as COVID-19 and as emerging media such as AR shifts asset-type usage and engagement options.
Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.
Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.
Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.
Marketing leaders leverage the buyer persona knowledge not only from in-house experts in areas such as sales and executives but from analysts that speak with their buyers each and every day.
While leaders will get a fast start by interviewing sellers, executives, and analysts, you will fail to craft the right messages, build the right marketing assets, and design the best buyer journey if you skip buyer interviews.
Leaders will update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID-19 and as emerging media such as AR and VR shifts the way buyers engage.
Digital marketers that ramp up lead gen engine capabilities to capture “wins” and measure engagement back through the lead gen and nurturing engines will build a more data-driven view of the buyer journey. Target to build this advanced capability in your initial design.
This blueprint is accompanied by supporting deliverables to help you gather team insights, interview customers and prospects, and summarize results for ease in communications.
To support your buyer persona and journey creation, we’ve created the enclosed tools
A PowerPoint template to aid the capture and summarizing of your team’s insights on the buyer persona.
For interviewing customers and prospects, this tool is designed to help you interview personas and summarize results for up to 15 interviewees.
A PowerPoint template into which you can drop your buyer persona and journey interviewees list and summary findings.
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
The "do-it-yourself" step-by-step instructions begin with Phase 1.
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
A Guided Implementation is a series of analysts inquiries with you and your team.
Diagnostics and consistent frameworks are used throughout each option.
A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.
For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.
Your engagement managers will work with you to schedule analyst calls.
Drive an Aligned Initial Draft of Buyer Persona
Interview Buyers and Validate Persona and Journey
Prepare Communications and Educate Stakeholders
Contact your account representative for more information. workshops@infotech.com 1-888-670-8889
Day1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Align Team, Identify Persona, and Document Current Knowledge | Validate Initial Work and Identify Buyer Interviewees | Schedule and Hold Buyer interviews | Summarize Findings and Provide Actionable Guidance to Colleagues | Measure Impact and Results | |
Activities |
1.1 Outline a vision for buyer persona and journey creation and identify stakeholders. 1.2 Identify buyer persona choices and settle on an initial target. 1.3 Document team knowledge about buyer persona (and journey where possible). |
2.1 Share initial insights with covering industry analyst. 2.2 Hear from industry analyst their perspectives on the buyer persona attributes. 2.3 Reconcile differences; update “current understanding.” 2.4 Identify interviewee types by segment, region, etc. |
3.1 Identify actual list of 15-20 interviewees. A gap of up to a week for scheduling of interviews. 3.2 Hold interviews and use interview guides (over the course of weeks). 3.3 Hold review session after initial 3-4 interviews to make adjustments. 3.4 Complete interviews. |
4.1 Summarize findings. 4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets. 4.3 Convene steering committee/exec. and working team for final review. 4.4 Schedule meetings with colleagues to action results. |
5.1 Review final copy, assets, launch/campaign plans, etc. 5.2 Develop/review implementation plan. A period of weeks will likely intervene to execute and gather results. 5.3 Reconvene team to review results. |
Deliverables |
|
|
|
|
|
This Phase walks you through the following activities:
This Phase involves the following stakeholders:
Review the Create a Buyer Persona Executive Brief (Slides 3-14)
Download the Buyer Persona Creation Template
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
This Phase walks you through the following activities:
This Phase involves the following stakeholders:
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
Test that you are on the right track:
Functional – “to find them” | ||||||
Job Role | Title | Org. Chart Dynamics | Buying Center | Firmographics | ||
Emotive – “what they do and jobs to be done” | ||||||
Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? | Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? | Buyer Need: They may have multiple needs; which need is most likely met with the offering? | Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue? | |||
Decision Criteria – “how they decide” | ||||||
Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). | Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through? | |||||
Solution Attributes – “what does the ideal solution look like” | ||||||
Steps in “Jobs to Be Done” | Elements of the “Ideal Solution” | Business outcomes from ideal solution | Opportunity scope; other potential users | Acceptable price for value delivered | Alternatives that see consideration | Solution sourcing: channel, where to buy |
Behavioral Attributes – “how to approach them successfully” | ||||||
Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). | Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? | Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)? |
Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
This Phase walks you through the following activities:
This Phase involves the following stakeholders:
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
Download the Buyer Persona and Journey Summary Template
Download the Buyer Persona and Journey Summary Template
Activation of key learnings to drive:
Present final persona and journey results to each stakeholder team. Key presentations include:
Download the Buyer Persona and Journey Summary Template
With the help of this blueprint, you have deepened your and your colleagues’ buyer understanding at both the persona “who they are” level and the buyer journey “how do they buy” level. You are among the minority of marketing leaders that have fully documented a buyer persona and journey – congratulations!
The benefits of having led your team through the process are significant and include the following:
And by capturing and documenting your buyer persona and journey even for a single buyer type, you have started to build the “institutional strength” to apply the process to other roles in the decision-making process or for when you go after new and different buyer types for new products. And finally, by bringing your team along with you in this process, you have also led your team in becoming a more customer-focused organization – a strategic shift that all organizations should pursue.
Contact your account representative for more information.
info@softwarereviews.com
1-888-670-8889
Optimize Lead Generation With Lead Scoring
Bilardi, Emma. “How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.
Harrison, Liz, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March 2021. Accessed Dec. 2021.
Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview.io!, 19 Feb. 2016. Accessed Jan. 2022.
Raynor, Lilah. “Understanding The Changing B2B Buyer Journey.” Forbes Agency Council, 18 July 2021. Accessed Dec. 2021.
Simpson, Jon. “Finding Your Audience: The Importance of Developing a Buyer Persona.” Forbes Agency Council, 16 May 2017. Accessed Dec. 2021.
“Successfully Executing Personalized Marketing Campaigns at Scale.” Plexure, 6 Jan. 2020. Accessed Dec 2020.
Ulwick, Anthony W. JOBS TO BE DONE: Theory to Practice. E-book, Strategyn, 1 Jan. 2017. Accessed Jan. 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess the current state and define the drivers behind your release management optimizations.
Design your release processes, program framework, and release change management standards, and define your release management team.
Create an optimization roadmap that fits your context.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Reveal the motivators behind the optimization of release management.
Identify the root causes of current release issues and challenges.
Ensure business alignment of optimization efforts.
Firm grasp of why teams are facing release issues and the impacts they have on the organization.
1.1 Identify the objectives for application release.
1.2 Conduct a current state assessment of release practices.
Release management business objectives and technical drivers
Current state assessment of release processes, communication flows, and tools and technologies
Alleviate current release issues and challenges with best practices.
Standardize a core set of processes, tools, and roles & responsibilities to achieve consistency, cadence, and transparency.
Repeatable execution of the same set of processes to increase the predictability of release delivery.
Defined ownership of release management.
Adaptable and flexible release management practices to changing business and technical environments.
2.1 Strengthen your release process.
2.2 Coordinate releases with a program framework.
2.3 Manage release issues with change management practices.
2.4 Define your release management team.
Processes accommodating each release type and approach the team is required to complete
Release calendars and program framework
Release change management process
Defined responsibilities and accountabilities of release manager and release management team
Define metrics to validate release management improvements.
Identify the degree of oversight and involvement of the release management team.
Prioritize optimization roadmap against business needs and effort.
Easy-to-gather metrics to measure success that can be communicated to stakeholders.
Understanding of how involved release management teams are in enforcing release management standards.
Practical and achievable optimization roadmap.
3.1 Define your release management metrics.
3.2 Ensure adherence to standards.
3.3 Create your optimization roadmap.
List of metrics to gauge success
Oversight and reporting structure of release management team
Release management optimization roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand basic machine learning concepts used in endpoint security.
Determine feature requirements to evaluate vendors.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Confirm the “why” of the IT update presentation by determining its scope and goals.
Confirm the “what” of the presentation by focusing on business requirements, metrics, presentation creation, and stakeholder validation.
Confirm the “how” of the presentation by focusing on engaging your audience, getting what you need, and creating a feedback cycle.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the IT update’s scope and goals and identify stakeholder requirements
IT update scope and goals
Business stakeholder goals and requirements
1.1 Determine/validate the IT update scope
1.2 Determine/validate the IT update goals
1.3 Business context analysis
1.4 Determine stakeholder needs and expectations
1.5 Confirm business goals and requirements
Documented IT update scope
Documented IT update goals
Validated business context
Stakeholder requirements analysis
Confirmed business goals and requirements
Analyze metrics and content and validate against business needs
Selection of key metrics
Metrics and content validated to business needs
2.1 Analyze current IT metrics
2.2 Review industry best-practice metrics
2.3 Align metrics and content to business stakeholder needs
Identification of key metrics
Finalization of key metrics
Metrics and content validated to business stakeholder needs
Create an IT update presentation that is optimized to business needs
Optimized IT update presentation
3.1 Understand the audience and how to best engage them
3.2 Determine how to present the pertinent data
3.3 IT update review with key business stakeholders
3.4 Final edits and review of IT update presentation
3.5 Pre-presentation checklist
Clarity on update audience
Draft IT update presentation
Business stakeholder feedback
Finalized IT update presentation
Confirmation on IT update presentation readiness
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you understand the spectrum of different Agile xOps working modes and how best to leverage them and build an architecture and toolset that support rapid continuous IT operations
IT Operations continue to be challenged by increasing needs for scale and speed, often in the face of constrained resources and time. For most, Agile methodologies have become a foundational part of tackling this problem. Since then, we've seen Agile evolve into DevOps, which started a trend into different categories of "xOps" that are too many to count. How does one make sense of the xOps spectrum? What is InfraOps and where does it fit in?
Ultimately, all these methodologies and approaches are there to serve the same purpose: increase effectiveness through automation and improve governance through visibility. The key is to understand what tools and methodologies will deliver actual benefits to your IT operation and to the organization as a whole.
By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.
InfraOps, when applied well, should be the embodiment of the governance policies as expressed by standards in architecture and automation.
Understand the xOps spectrum |
There are as many different types of "xOps" as there are business models and IT teams. To pick the approaches that deliver the best value to your organization and that align to your way of operating, it's important to understand the different major categories in the spectrum and how they do or don't apply to your IT approach. |
---|---|
How to optimize the Ops in DevOps |
InfraOps is one of the major methodologies to address a key problem in IT at cloud scale: eliminating friction and error from your deliveries and outputs. The good news is there are architectures, tools, and frameworks you can easily leverage to make adopting this approach easier. |
Evolve to integration and build a virtuous cycle |
Ultimately your DevOps and InfraOps approaches should embody your governance needs via architecture and process. As time goes on, however, both your IT footprint and your business environment will shift. Build your tools, telemetry, and governance to anticipate and adapt to change and build a virtuous cycle between development needs and IT Operations tools and governance. |
There is no definitive list of x's in the xOps spectrum. Different organizations and teams will divide and define these in different ways. In many cases, the definitions and domains of various xOps will overlap.
Some of the commonly adopted and defined xOps models are listed here.
Shifting left or right isn't an either/or choice. They're more like opposite sides of the same coin. Like the different xOps approaches, usually more than one shift approach will apply to your IT Operations.
With the shift from execution to governing and validating, the role of deployment falls downstream of IT Operations.
IT Operations needs to move to a mindset that focuses on creating the guardrails, enforced standards, and compliance rules that need to be used downstream, then apply those standards using automation and tooling to remove friction and error from the interstitia (the white spaces between chevrons) of the various phases.
Your tools can be broken into two categories:
Keep in mind that while your infrastructure architecture is usually an either/or choice, your automation approach should use any and all tooling that helps.
Hyperconvergence is the next phase of convergence, virtualizing servers, networks, and storage on a single server/storage appliance. Capacity scales as more appliances are added to a cluster or stack.
The disruptive departure:
HCI follows convergence trends of the past ten years but is also a departure from how IT infrastructure has traditionally been provisioned and managed.
HCI is at the same time a logical progression of infrastructure convergence and a disruptive departure.
HCI can be the foundation block for a fully software defined data center, a prerequisite for private cloud.
Key attributes of a cloud are automation, resource elasticity, and self-service. This kind of agility is impossible if physical infrastructure needs intervention.
Virtualization alone does not a private cloud make, but complete stack virtualization (software defined) running on a hands-off preconfigured HCI appliance (or group of appliances) provides a solid foundation for building cloud services.
Silo-busting and private cloud sound great, but are your people and processes able to manage the change?
In traditional infrastructure, performance and capacity are managed as distinct though complementary jobs. An all-in-one approach may not work.
Use Case Example: Composable AI flow
Data Ingestion > Data Cleaning/Tagging > Training > Conclusion
Where it's useful
Considerations
Many organizations using a traditional approach report resource stranding as having an impact of 20% or more on efficiency. When focusing specifically on the stranding of memory in workloads, the number can often approach 40%.
Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.
Before IaC, IT personnel would have to manually change configurations to manage their infrastructure. Maybe they would use throwaway scripts to automate some tasks, but that was the extent of it.
With IaC, your infrastructure's configuration takes the form of a code file, making it easy to edit, copy, and distribute.
Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services.
This usage of orchestration is often discussed in the context of service-oriented architecture, virtualization, provisioning, converged infrastructure, and dynamic data center topics. Orchestration in this sense is about aligning the business request with the applications, data, and infrastructure.
It defines the policies and service levels through automated workflows,
provisioning, and change management. This creates an application-aligned infrastructure that can be scaled up or down based on the needs of each application.
As the requirement for more resources or a new application is triggered, automated tools now can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.
Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration reduces the time and effort for deploying multiple instances of a single application.
Automation and orchestration tools can be key components of an effective governance toolkit too! Remember to understand what data can be pulled from your various tools and leveraged for other purposes such as cost management and portfolio roadmapping.
Configuration Management
Configuration Management |
![]() |
---|---|
CI/CD |
|
Container |
|
Cloud-Specific |
|
PaaS |
Automation and orchestration tools and software offerings are plentiful, and many of them have a different focus on where in the application delivery ecosystem they provide automation functionality.
Often there are different tools for different deployment and service models as well as for different functional phases for each service model.
Let the large ecosystem of tools be your ally. Leverage the right tools where needed and then address the complexity of tools using a master orchestration scheme.
Additionally, most tools do not cover all aspects required for most automation implementations, especially in hybrid cloud scenarios.
As such, often multiple tools must be deployed, which can lead to fragmentation and loss of unified controls.
Many enterprises address this fragmentation using a cloud management platform approach.
One method of achieving this is to establish a higher layer of orchestration – an "orchestrator of orchestrators," or metaorchestration.
In complex scenarios, this can be a challenge that requires customization and development.
Toolkit | Pros | Cons | Tips |
---|---|---|---|
HCI | Easy scale out | Shift in skills required | Good for enabling automation and hybridization with current-gen public cloud services |
CI | Maximal workload resource efficiency | Investment in new fabrics and technologies | Useful for very dynamic or highly scalable workloads like AI |
IaC | Error reduction and standardization | Managing drift in standards and requirements | Leverage a standards and exception process to keep track of drift |
A&O | Key enabler of DevOps automation within phases | Usually requires multiple toolsets/frameworks | Use the right tools and stitch together at the metaorchestration layer |
Metaorchestration | Reduces the complexity of a diverse A&O and IaC toolkit | Requires understanding of the entire ecosystems of tools used | Key layer of visibility and control for governance |
Remember, the goal is to increase speed AND reliability. That's why we focus on removing friction from our delivery pipelines.
Remember that, especially in modern and rapid methodologies, your IT footprint can drift unexpectedly. This means you need a real feedback mechanism on where the friction moves to next.
This is particularly important in more Agile methodologies.
Plan | Code | Test | Deploy | Monitor | |
---|---|---|---|---|---|
Incoming Friction | |||||
In-Cycle Friction | |||||
Outgoing Friction |
Map your ops groups to the delivery cycles in your pipeline. How many delivery cycles do you have or need?
Good InfraOps is a reflection of governance policies, expressed by standards in architecture and automation.
Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap
Banks, Ethan, host. "Choosing Your Next Infrastructure." Datanauts, episode 094, Packet Pushers, 26 July 2017. Podcast.
"Composable Infrastructure Solutions." Hewlett Packard Canada, n.d. Web.
"Composable Infrastructure Technology." Liqid Inc., n.d. Web.
"DataOps architecture design." Azure Architecture Center, Microsoft Learn, n.d. Web.
Tan, Pei Send. "Differences: DevOps, ITOps, MLOps, DataOps, ModelOps, AIOps, SecOps, DevSecOps." Medium, 5 July 2021. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Create your minimum viable business architecture.
If there are a handful of capabilities that your business needs to focus on right now, what are they?
Identify business opportunities.
Enrich your capability model.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you build a strategy for your Microsoft licensing renewal from conducting a thorough needs assessment to examining your licensing position, evaluating Microsoft's licensing options, and negotiations.
The Microsoft Cloud Products Cost Modeler will provide a rough estimate of what you can expect to pay for Office 365 or Dynamics CRM licensing, before you enter into negotiations. This is not your final cost, but it will give you an idea.
The Microsoft Licensing Purchase Reference Guide can be used throughout the process of licensing review: from initial meetings to discuss compliance state and planned purchases, to negotiation meetings with resellers. Use it in conjunction with Info-Tech's Microsoft Licensing Effective License Position Template.
This tool will help you plot out your negotiation timeline, depending on where you are in your contract negotiation process.
This template helps organizations to determine the difference between the number of software licenses they own and the number of software copies deployed. This is known as the organization’s effective license position (ELP).
Corporate security management is a vital aspect in every modern business, regardless of business area or size. At Tymans Group we offer expert security management consulting to help your business set up proper protocols and security programs. More elaborate information about our security management consulting services and solutions can be found below.
You may be experiencing one or more of the following:
Insight
To have a successful information security strategy, take these three factors into account:
Impact and results of our corporate security management approach
Besides the small introduction, subscribers and consulting clients within the corporate security management domain have access to:
Get up to speed
Read up on why you should build your customized corporate information security governance and management system. Review our methodology and understand the four ways we can support you.
Align your security objectives with your business goals
Determine the company's risk tolerance.
Build a practical governance framework for your company
Our best-of-breed security framework makes you perform a gap analysis between where you are and where you want to be (your target state). Once you know that, you can define your goals and duties.
Now that you have built it, manage your governance framework.
There are several essential management activities that we as a security management consulting company suggest you employ.
We are happy to tell you more about our corporate security management solutions and help you set up fitting security objectives. As a security management consulting firm we offer solutions and advice, based on our own extensive experience, which are practical and people-orientated. Discover our services, which include data security management and incident management and book an online appointment with CEO Gert Taeymans to discuss any issues you may be facing regarding risk management or IT governance.
Do you experience any of the following challenges:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Ask the right questions and pressure test the workflow so the documentation is as helpful as possible to all who consult it.
Use this workflow as an example of the output of an onboarding workflow-improvement activity.
![]() Emily Sugerman Info-Tech Research Group |
You can’t mature processes without also documenting them. Process documentation is most effective when workflows are both written out and also visualized in the form of flow charts. Your workflows may appear in standard operating procedures, in business continuity and disaster recovery plans, or anywhere else a process’ steps need to be made explicit. Often, just getting something down on paper is a win. However, the best workflows usually do not emerge fully-formed out of a first draft. Your workflow documentation must achieve two things:
This research will use the example of improving an onboarding workflow. Ask the right questions and pressure test the workflow so the documentation is as helpful as possible to all who consult it. |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
|
|
Use this material to help
|
Info-Tech Insight
Don’t just document – target your future state as you document your workflows. Find opportunities for automation, pinpoint key handoff points, and turn cold handoffs into warm handoffs.
Keep future state in mind.
Don’t just document – target your future state as you document your workflows. Find opportunities for automation, pinpoint key handoff points, and turn cold handoffs into warm handoffs.
Promote the benefits of documenting workflows as flowcharts.
Foreground to the IT team how this will improve customer experience. End-users will benefit from more efficient workflows.
Remember the principle of constructive criticism.
Don’t be afraid to critique the workflow but remember this can be a team-building experience. Focus on how these changes will be mutually beneficial, not assigning blame for workflow friction.
Don’t waste time building shelfware.
Establish a review cadence to ensure the flowchart is a living document that people actually use.
Risks of inadequate workflows |
Benefits of documented workflows |
---|---|
|
|
Use these talking points to build commitment toward documenting/updating processes.
Risk reduction
“Our outdated documentation is a risk, as people will assume the documented process is accurate.”
Transparency
“The activity of mapping our processes will bring transparency to everyone involved.”
Accountability
“Flow charts will help us clarify task ownership at a glance.”
Accessibility
“Some team members prefer diagrams over written steps, so we should provide both.”
Knowledge centralization
“Our flow charts will include links to other supporting documentation (checklists, vendor documentation, other flowcharts).”
Role clarification
“Separating steps into swim lanes can clarify different tiers, process stages, and ownership, while breaking down silos.”
Communication
To leadership/upper management: “This process flow chart quickly depicts the big picture.”
Knowledge transfer
“Flow charts will help bring new staff up to speed more quickly.”
Consistency
“Documenting a process standardizes it and enables everyone to do it in the same way.”
A pictorial representation of a process that is used to achieve transparency.
This research will use one specific example of an onboarding process workflow. Before drilling down into onboarding workflows specifically, review Info-Tech’s Process Mapping Guide for general guidance on what to do before you begin:
Download the Process Mapping Guide
Good candidates include:
Application Development Process
Application Maintenance Process
Business Continuity Plan Business Process
Business Continuity Plan Recovery Process
Commitment Purchasing Workflow
Coordinated Vulnerability Disclosure Process
Data Protection Recovery Workflow
Disaster Recovery Plan/Business Continuity Plan Review Workflow
End-User Device Management Workflow Library
Incident Management and Service Desk Workflows
Security Policy Exception Process
Self-Service Resolution Process
Service Desk Ticket Intake by Channel
Onboarding is a perennial challenge due to the large number of separate teams and departments who are implicated in the process.
There can be resistance to alignment. As a result, everyone needs to be pulled in to see the big picture and the impact of an overly manual and disconnected process.
Additionally, the quality of the overall onboarding process (of which IT is but one part) has a significant impact on the employee experience of new hires, and the long-term experience of those employees. This workflow is therefore often a good one to target for improvement.
“Organizations with a standardized onboarding process experience 62% greater new hire productivity, along with 50% greater new hire retention.”1
“Companies that focus on onboarding retain 50% more new employees than companies that don’t.”2
In the tabletop exercise, your team will walk through your onboarding process step by step and document what happens at each stage. Prep for this meeting with the following steps:
Facilitator
Tasks:
Notetaker
Tasks:
Lack of communication/expectation setting with users: |
Messy process, poor coordination among task owners: |
User experience affected: |
---|---|---|
|
|
|
![]() |
Start, End, and Connector. Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified modeling language (UML) also uses the circle for start and end points. Start, End. Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes. Process Step. Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the sub-process symbol and flowchart the sub-process separately. Sub-Process. A series of steps. For example, a critical incident standard operating procedure (SOP) might reference a recovery process as one of the possible actions. Marking it as a sub-process, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process). Decision. Represents decision points, typically with yes/no branches, but you could have other branches depending on the question (e.g. a “Priority” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues). Document/Report Output. For example, the output from a backup process might include an error log. |
Time to review and revise the workflow. What gaps exist? How can you improve the process? What documentation gaps have been overlooked?
Consider the following refinements for the onboarding workflow:
Facilitator
Tasks:
Notetaker
Tasks:
Solicit feedback from the group.
"
Be complete.
The workflow should surface tacit knowledge, so make it explicit (Haddadpoor et al.):
Identify task ownership.
The flow chart will be more useful if it clearly identifies who does what in the process.
“Each task has an owner, and the task list is visible to the employee and other stakeholders, so there's visibility about whether each person has done their actions.”
For onboarding, this means setting SLOs/SLAs and internal timepoints.
Add internal timepoints for the major steps/tasks in the workflow. Begin to track these service level objectives and adjust as necessary.
When you have validated the service level objectives are accurate and you can meet them an acceptable amount of time, communicate the overall SLA to your users. This will ensure they submit future onboarding requests to your team with enough lead time to fulfill the request. Try to place the SLA directly in the service catalog.
“Tracking the time within the workflow can be a powerful way to show the working group why there is user dissatisfaction.”
Sandi Conrad, Principal Advisory Director, Info-Tech Research Group
For onboarding, this means implementing a transactional survey.
The onboarding workflow will be subject to periodic reviews and continual improvement. Suggestions for improvement should come not only from the internal IT team, but also the users themselves.
Use Info-Tech’s Take Action on Service Desk Customer Feedback for more guidance on creating these surveys.
For onboarding, approvals can be the main roadblock to fulfilling requests
A positive onboarding experience is an important part of a new employee’s success.
Though IT is only one part of an employee’s onboarding experience, it’s an important part. Delays for hardware procurement and a lack of communication can lead to employee disengagement. Ask the team:
Place communication bullet points in the flow chart to indicate where the team will reach out to users to update or notify them of delays.
Where can we automate for onboarding?
Identify when the process is dragged out due to waiting times (e.g. times when the technician can’t address the ticket right away).
Avoid reinforcing manual processes, which make it even harder for departmental silos to work together.
Create role-based templates.
Does HR know which applications our users need? Are they deferring to the manager, who then asks IT to simply duplicate an existing user?
Personas are asset profiles that apply to multiple users (e.g. in a department) and that can be easily duplicated for new hires. You might create three persona groups in a department, with variations within each subgroup or title. To do this, you need accurate information upfront.
Then, if you’re doing zero touch deployment, you can automate software to automatically load.
Many HRIS systems have the ability to create a persona, and also to add users to the AD, email, and distribution groups without IT getting involved. This can alleviate work from the sysadmin. Does our HRIS do this?
How does the group feel about the revised workflow?
Download the Workflow Activity: Onboarding Example
Remember the principle of constructive criticism.
Don’t be afraid to critique the workflow but remember this can also be a team-building experience. Focus on how these changes will be mutually beneficial, not assigning blame for workflow friction.
Decide how often this workflow will be revised.
Share the flowchart and set up a review meeting.
Don’t waste time building shelfware.
Establish a review cadence to ensure the flowchart is a living document that people actually use.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Bushkill, Claire. “The top 5 ways to automate your onboarding checklist.” Rippling Blog. 18 Mar 2022. Accessed 29 Nov 2022. Ha https://www.rippling.com/blog/the-top-5-ways-to-automate-your-onboarding-checklist
Carucci, Ron. “To Retain New Hires, Spend More Time Onboarding Them.” Harvard Business Review, 3 Dec 2018
Haddadpoor, Asefeh, et al. “Process Documentation: A Model for Knowledge Management in Organizations.” Materia Socio-Medica, vol. 27, no. 5, Oct. 2015, pp. 347–50. PubMed Central, https://doi.org/10.5455/msm.2015.27.347-350.
King, Melissa. “New hire checklist: An employee onboarding checklist template for 2022.” Zapier. 14 Jul 2022. Accessed 29 Nov 2022. https://zapier.com/blog/onboarding-checklist/
Uzialko, Adam. “What Does Poor Onboarding Really Do to Your Team?” Business News Daily. 23 Jan 2023.
https://www.manageengine.com/products/service-desk...
Sandi Conrad, Principal Advisory Director, Infrastructure and Operations, Info-Tech Research Group
Christine Coz, Executive Counselor, Info-Tech Research Group
Allison Kinnaird, Practice Lead, Infrastructure and Operations, Info-Tech Research Group
Natalie Sansone, Research Director, Infrastructure and Operations, Info-Tech Research Group
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define, identify, and organize your technical debt in preparation for the technical debt impact analysis.
Conduct a technical debt business impact analysis.
Identify options to resolve technical debt and summarize the challenge and potential solutions for business decision makers.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a working definition of technical debt and identify the technical debt in your environment.
List your technical debt.
1.1 Develop a working definition for technical debt.
1.2 Discuss your organization’s technical debt risk.
1.3 Identify 5-10 high-impact technical debts to structure the impact analysis.
Goals, opportunities, and constraints related to tech debt management
A list of technical debt
Conduct a more-objective assessment of the business impact of technical debt.
Identify the most-critical technical debt in your environment, in terms of business risk.
2.1 Review and modify business impact scoring scales.
2.2 Identify reasonable scenarios to structure the impact analysis.
2.3 Apply the scoring scale to identify the business impact of each technical debt.
Business impact scoring scales
Scenarios to support the impact analysis
Technical debt impact analysis
Leverage the technical debt impact analysis to identify, compare, and quantify projects that fix technical debt and projects that prevent it.
Create your plan to manage technical debt.
3.1 Brainstorm projects and action items to manage and pay back critical technical debt. Prioritize projects and action items to build a roadmap.
3.2 Identify three possible courses of action to pay back each critical technical debt.
3.3 Identify immediate next steps to manage remaining tech debt and limit the introduction of new tech debt.
Technical debt management roadmap
Technical debt executive summary
Immediate next steps to manage technical debt
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Analyze strategic CIO competencies and assess business stakeholder satisfaction with IT using Info-Tech's CIO Business Vision Diagnostic and CXO-CIO Alignment Program.
Evaluate strategic CIO competencies and business stakeholder relationships.
Create a personal development plan and stakeholder management strategy.
Develop a scorecard to track personal development initiatives.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Gather and review information from business stakeholders.
Assess strategic CIO competencies and business stakeholder relationships.
Gathered information to create a personal development plan and stakeholder management strategy.
Analyzed the information from diagnostics and determined the appropriate next steps.
Identified and prioritized strategic CIO competency gaps.
Evaluated the power, impact, and support of key business stakeholders.
1.1 Conduct CIO Business Vision diagnostic
1.2 Conduct CXO-CIO Alignment program
1.3 Assess CIO competencies
1.4 Assess business stakeholder relationships
CIO Business Vision results
CXO-CIO Alignment Program results
CIO competency gaps
Executive Stakeholder Power Map
Create a personal development plan and stakeholder management strategy.
Track your personal development and establish checkpoints to revise initiatives.
Identified personal development and stakeholder engagement initiatives to bridge high priority competency gaps.
Identified key performance indicators and benchmarks/targets to track competency development.
2.1 Create a personal development plan
2.2 Create a stakeholder management strategy
2.3 Establish key performance indicators and benchmarks/targets
Personal Development Plan
Stakeholder Management Strategy
Strategic CIO Competency Scorecard
Every organization needs a data management (DM) platform that enables the DM capabilities required. This could be a daunting task because:
Understand your current environment and use proven reference architecture patterns to expedite building the data management platform that matches your needs.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess your current environment, find the right reference architecture pattern, and match identified capabilities with software features.
Aligning your business with applications through your strategy will not only increase business satisfaction but also help to ensure you’re delivering applications that enable the organization’s goals.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This review guide provides organizations with a detailed assessment of their application strategy, ensuring that the applications enable the business strategy so that the organization can be more effective.The assessment provides criteria and exercises to provide actionable outcomes.
This research is designed to help organizations who are facing these challenges:
AI requires a high level of maturity in all data management capabilities, and the greatest challenge the CIO or CDO faces is to mature these capabilities sufficiently to ensure AI success.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define business use cases where AI may bring value. Evaluate each use case to determine the company’s AI maturity in people, tools, and operations for delivering the correct data, model development, model deployment, and the management of models in the operational areas.
Develop a target state architecture to allow the organization to effectively deliver in the promise of AI using architecture building blocks.
Compare current state with the target state to define architecture plateaus and build a delivery roadmap.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define business use cases where AI may add value and assess use case readiness.
Know upfront if all required data resources are available in the required velocity, veracity, and variety to service the use case.
1.1 Review the business vision.
1.2 Identify and classify business use cases.
1.3 Assess company readiness for each use case.
1.4 Review architectural principles and download and install Archi.
List of identified AI use cases
Assessment of each use case
Data sources needed for each use case
Archi installed
Define architecture building blocks that can be used across use cases and data pipeline.
The architectural building blocks ensure reuse of resources and form the foundation of a stepwise rollout.
2.1 ArchiMate modelling language overview.
2.2 Architecture building block overview
2.3 Identify architecture building blocks by use case.
2.4 Define the target state architecture.
A set of building blocks created in Archi
Defined target state architecture using architecture building blocks
Assess your current state architecture in the areas identified by the target state.
Only evaluating the current state architecture that will influence your AI implementation.
3.1 Identify the current state capabilities as required by the target state.
3.2 Assess your current state architecture.
3.3 Define a roadmap and design implementation plateaus.
Current state architecture documented in Archi
Assessed current state using assessment tool
A roadmap defined using plateaus as milestones
Assess your current state against the target state and create a plan to bridge the gaps.
Develop a roadmap that will deliver immediate results and ensure long-term durability.
4.1 Assess the gaps between current- and target-state capabilities.
4.2 Brainstorm initiatives to address the gaps in capabilities
4.3 Define architecture delivery plateaus.
4.4 Define a roadmap with milestones.
4.5 Sponsor check-in.
Current to target state gap assessment
Architecture roadmap divided into plateaus
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this blueprint to create a configuration management program that provides immediate value.
Use this template to create a project charter to launch the configuration management project.
Use this template to create your board charter for your configuration control board (CCB). Define roles and responsibilities and mandates for the CCB.
Use this template to create and communicate your SOP to ensure ongoing maintenance of the CMDB under the configuration management program.
Use this template to assess capability to pass audits, adding to the template as needed to meet internal auditors’ requirements.
Use this template to build a policy for your configuration management program.
Use this template to determine data requirements to meet use cases.
Use this library to view sample workflows and a data model for the configuration management program.
Use this template as a starting point to create a job posting, identifying daily activities, responsibilities, and required skills as you create or expand your configuration management program.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define the scope of your service configuration management project.
Design the program to meet specific stakeholders needs
Identify project and operational roles and responsibilities.
Designed a sustainable approach to building a CMDB.
1.1 Introduction
1.2 Define challenges and goals.
1.3 Define and prioritize use cases.
1.4 Identify data needs to meet these goals.
1.5 Define roles and responsibilities.
Data and reporting use cases based on stakeholder requirements
Roles and responsibility matrix
Build a data model around the desired use cases.
Identify the data sources for populating the CMDB.
Identified which CIs and relationships will be captured in the CMDB.
2.1 Define and prioritize your services.
2.2 Evaluate CMDB default classifications.
2.3 Test configuration items against existing categories.
2.4 Build a data model diagram.
List of CI types and relationships to be added to default settings
CMDB data model diagram
Built a right-sized approach to configuration record updates and data validation.
3.1 Define processes for onboarding, offboarding, and maintaining data in the CMDB.
3.2 Define practices for configuration baselines.
3.3 Build a data validation and auditing plan.
Documented processes and workflows
Data validation and auditing plan
Metrics program defined
Communications designed
4.1 Define key metrics for configuration management.
4.2 Define metrics for supporting services.
4.3 Build configuration management policies.
4.4 Create a communications plan.
4.5 Build a roadmap
Policy for configuration management
Communications documents
Roadmap for next steps
IT environments are becoming more and more complex, and balancing demands for stability and demands for faster change requires visibility to make the right decisions. IT needs to know their environment intimately. They need to understand dependencies and integrations and feel confident they are making decisions with the most current and accurate view.
Solutions for managing operations rely on the CMDB to bring visibility to issues, calculate impact, and use predictive analytics to fix performance issues before they become major incidents. AIOps solutions need accurate data, but they can also help identify configuration drift and flag changes or anomalies that need investigation.
The days of relying entirely on manual entry and updates are all but gone, as the functionality of a robust configuration management system requires daily updates to provide value. We used to rely on that one hero to make sure information was up to date, but with the volume of changes we see in most environments today, it's time to improve the process and provide superpowers to the entire IT department.
Sandi Conrad, ITIL Managing Professional
Principal Research Director, IT Infrastructure & Operations, Info-Tech Research Group
Scope creep is a serial killer of configuration management databases and service configuration management practices.
The right mindset is just as important as the right tools. By involving everyone early, you can ensure the right data is captured and validated and you can make maintenance part of the culture. This is critical to reaching early and continual value with a CMDB.
The initial use case will be the driving force behind the first assessment of return on investment (ROI). If ROI can be realized early, momentum will increase, and the team can build on the initial successes.
If you don't see value in the first year, momentum diminishes and it's possible the project will never see value.
Discovery can collect a lot of data quickly, and it's possible to be completely overwhelmed early in the process.
Build expertise and troubleshoot issues with a smaller scope, then build out the process.
Most CMDBs have classes and attributes defined as defaults. Use of the defaults will enable easier implementation and faster time to value, especially where automations and integrations depend on standard terms for field mapping.
In large, complex environments, the data can quickly become unmanageable. Use automation as much as possible for discovery, dependency mapping, validation, and alerts. Minimize the amount of manual work but ensure everyone is aware of where and how these manual updates need to happen to see continual value.
When an IT department reports they are highly effective at configuration management, they are much more likely to report they are highly effective at these management and governance processes:
Service configuration management is about more than just doing change management more effectively.
Source: Info-Tech Research Group, IT Management and Governance Diagnostic; N=684 organizations, 2019 to July 2022.
75% of Uptime's 2021 survey respondents who had an outage in the past three years said the outage would have been prevented if they'd had better management or processes.(1)
75% |
75% of Uptime's 2021 survey respondents who had an outage in the past three years said the outage would have been prevented if they'd had better management or processes.(1) |
---|---|
42% |
of publicly reported outages were due to software or configuration issues. (1) |
58% |
of networking-related IT outages were due to configuration and change management failure.(1) |
Enterprise-grade IT service management (ITSM) tools require a CMDB for the different modules to work together and to enable IT operations management (ITOM), providing greater visibility.
Decisions about changes can be made with accurate data, not guesses.
The CMDB can give the service desk fast access to helpful information about the impacted components, including a history of similar incidents and resolutions and the relationship between the impacted components and other systems and components.
Turn your team into IT superheroes.
Workshop feedback | |
---|---|
8.1/10 |
$174,000 savings 30 average days saved |
Guided Implementation feedback |
|
8.7/10 |
$31,496 average savings 41 average days saved |
"The workshop was well run, with good facilitation, and gained participation from even the most difficult parts of the audience. The best part of the experience was that if I were to find myself in the same position in the future, I would repeat the workshop."
– University of Exeter
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
Call #1: Scope requirements, objectives, and your specific challenges. Call #2: Prioritize services and use cases. Call #3: Identify data needed to meet goals. Call #4: Define roles and responsibilities. |
Call #5: Define and prioritize your services. Call #6: Evaluate and test CMDB default classifications. Call #7: Build a data model diagram. |
Call #8: Define processes for onboarding, offboarding, and maintaining data. Call #9: Discuss configuration baselines. Call #10: Build a data validation and audit plan. |
Call #11: Define key metrics. Call #12: Build a configuration management policy and communications plan. Call #13: Build a roadmap. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 4 to 9 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | |
---|---|---|---|---|
Configuration Management Strategy |
CMDB Data Structure |
Process Design |
Communications & Roadmap |
|
Activities |
|
|
|
|
Deliverables |
|
|
|
|
Configuration Management Project Charter
Detail your approach to building an SCM practice and a CMDB.
Capture the action items related to your SCM implementation project.
Configuration Manager Job Description
Use our template for a job posting or internal job description.
Configuration Management Diagram Template Library
Use these diagrams to simplify building your SOP.
Configuration Management Policy
Set expectations for configuration control.
Configuration Management Audit and Validation Checklist
Use this framework to validate controls.
Configuration Control Board Charter
Define the board's responsibilities and meeting protocols.
Configuration Management Standard Operating Procedures Template
Outlines SCM roles and responsibilities, the CMDB data model, when records are expected to change, and configuration baselines.
Strategy | Data Structure | Processes | Roadmap |
---|---|---|---|
|
|
|
|
Term | Definition |
---|---|
Configuration Management |
The purpose of configuration management is to:
|
Configuration Management System (CMS) | A set of tools and databases used to manage, update, and present data about all configuration items and their relationships. A CMS may maintain multiple federated CMDBs and can include one or many discovery and dependency mapping tools. |
Configuration Management Database (CMDB) | A repository of configuration records. It can be as simple as a spreadsheet or as complex as an integrated database populated through multiple autodiscovery tools. |
Configuration Record | Detailed information about a configuration item. |
Configuration Item (CI) |
"Any component that needs to be managed in order to deliver an IT service" (AXELOS). These components can include everything from IT services and software to user devices, IT infrastructure components, and documents (e.g. maintenance agreements). |
Attributes | Characteristics of a CI included in the configuration record. Common attributes include name, version, license expiry date, location, supplier, SLA, and owner. |
Relationships | Information about the way CIs are linked. A CI can be part of another CI, connect to another CI, or use another CI. A CMDB is significantly more valuable when relationships are recorded. This information allows CMDB users to identify dependencies between components when investigating incidents, performing root-cause analysis, assessing the impact of changes before deployment, and much more. |
*Discovery, dependency mapping, and data normalization are often features or modules of configuration management, asset management, or IT service management tools.
Focus on where CMDB data will provide value and ensure the cost of bringing that data in will be reasonable for its purpose. Your end goal should be not just to build a CMDB but to use a CMDB to manage workload and workflows and manage services appropriately.
Focus on value |
Include only the relevant information required by stakeholders. |
---|---|
Start where you are |
Use available sources of information. Avoid adding new sources and tools unless they are justified. |
Progress iteratively with feedback |
Regularly review information use and confirm its relevance, adjusting the CMDB scope if needed. |
Collaborate and promote visibility |
Explain and promote available sources of configuration information and the best ways to use them, then provide hints and tips for more efficient use. |
Think and work holistically |
Consider other sources of data for decision making. Do not try to put everything in the CMDB. |
Keep it simple and practical |
Provide relevant information in the most convenient way; avoid complex interfaces and reports. |
Optimize and automate |
Continually optimize resource-consuming practice activities. Automate CDMB verification, data collection, relationship discovery, and other activities. |
ITIL 4 guiding principles as described by AXELOS
1.1.1 Brainstorm data collection challenges
1.1.2 Define goals and how you plan to meet them
1.1.3 Brainstorm and prioritize use cases
1.1.4 Identify the data needed to reach your goals
1.1.5 Record required data sources
Understanding the challenges to accessing and maintaining quality data will help define the risks created through lack of quality data.
This knowledge can drive buy-in to create a configuration management practice that benefits the organization.
Download the Configuration Management Project Charter
Input |
Output |
---|---|
|
|
Materials | Participants |
|
|
Data collection and validation is fully automated
Integrated with several IT processes
Meets the needs of IT and business use cases
INNOVATOR
BUSINESS PARTNER
TRUSTED OPERATOR
FIREFIGHTER
UNSTABLE
|
![]() |
"[T]he CMDB System should be viewed as a 'system of relevance,' rather than a 'single source of truth.' The burdens of relevance are at once less onerous and far more meaningful in terms of action, analysis, and automation. While 'truth' implies something everlasting or at least stable, relevance suggests a far more dynamic universe."
– CMDB Systems, Making Change Work in the Age of Cloud and Agile, Drogseth et al
Define your audience to determine who the CMDB will serve and invite them to these conversations. The CMDB can aid the business and IT and can be structured to provide dashboards and reports for both.
Nondiscoverable configuration items will need to be created for both audiences to organize CIs in a way that makes sense for all uses.
Integrations with other systems may be required to meet the needs of your audience. Note integrations for future planning.
Business Services |
Within the data sets, service configuration models can be used for:
|
Technical Services |
---|---|---|
Connect to IT Finance for:
|
Intersect with IT Processes to:
|
Allot 45 minutes for this discussion.
As a group, identify current goals for building and using a CMDB.
Why are we doing this?
How will we improve the process?
Record these goals in the Configuration Management Project Charter, section 1.3: Project Objectives.
Input |
Output |
---|---|
|
|
Materials | Participants |
|
|
Set expectations for your organization that defined and fulfilled use cases will factor into prioritization exercises, functional plans, and project milestones to achieve ROI for your efforts.
In the book CMDB Systems, Making Change Work in the Age of Cloud and Agile, authors Drogseth, Sturm, and Twing describe the secrets of success:
A documented evaluation of CMDB System vendors showed that while most "best case" ROI fell between 6 and 9 months for CMDB deployments, one instance delivered ROI for a significant CMDB investment in as little as 2 weeks!
If there's a simple formula for quick time to value for a CMDB System, it's the following:
Mature levels of process awareness
+ Strong executive level support
+ A ready and willing team with strongly supportive stakeholders
+ Clearly defined and ready phase one use case
+ Carefully selected, appropriate technologies
All this = Powerful early-phase CMDB System results
The CMDB can support several use cases and may require integration with various modules within the ITSM solution and integration with other systems.
Document the use cases that will drive your CMDB to relevance, including the expected benefits for each use case.
Identify the dependencies that will need to be implemented to be successful.
Define "done" so that once data is entered, verified, and mapped, these use cases can be realized.
"Our consulting experience suggests that more than 75% of all strategic initiatives (CMDB or not) fail to meet at least initial expectations across IT organizations. This is often due more to inflated expectations than categorical failure."
– CMDB Systems, Making Change Work in the Age of Cloud and Agile, Drogseth et al.
On-premises software and equipment will be critical to many use cases as the IT team and partners work on network and data-center equipment, enterprise software, and integrations through various means, including APIs and middleware. Real-time and near real-time data collection and validation will ensure IT can act with confidence.
Cloud use can include software as a service (SaaS) solutions as well as infrastructure and platform as a service (IaaS and PaaS), and this may be more challenging for data collection. Tools must be capable of connecting to cloud environments and feeding the information back into the CMDB. Where on-premises and cloud applications show dependencies, you might need to validate data if multiple discovery and dependency mapping solutions are used to get a complete picture. Tagging will be crucial to making sense of the data as it comes into the CMDB.
In-house developed software would be beneficial to have in the CMDB but may require more manual work to identify and classify once discovered. A combination of discovery and tagging may be beneficial to input and classification.
Highly dynamic environments may require data collection through integration with a variety of solutions to manage and record continuous deployment models and verifications, or they may rely on tags and activity logs to record historical activity. Work with a partner who specializes in CI/CD to help architect this use case.
Containers will require an assessment of the level of detail required. Determine if the container is a CI and if the content will be described as attributes. If there is value to your use case to map the contents of each container as separate CIs within the container CI, then you can map to that level of detail, but don't map to that depth unless the use case calls for it.
Internet of Things (IoT) devices and applications will need to match a use case as well. IoT device asset data will be useful to track within an asset database but may have limited value to add to a CMDB. If there are connections between IoT applications and data warehouses, the dependencies should likely be mapped to ensure continued dataflow.
A single source of data is highly beneficial, but don't make it a catchall for items that are not easily stored in a CMDB.
Source code should be stored in a definitive media library (DML). Code can be linked to the CMDB but is generally too big to store in a CMDB and will reduce performance for data retrieval.
Knowledge articles and maintenance checklists are better suited to a knowledge base. They can also be linked to the CDMB if needed but this can get messy where many-to-many relationships between articles and CIs exist.
Fleet (transportation) assets and fixed assets should be in fleet management systems and accounting systems, respectively. Storing these types of data in the CMDB doesn't provide value to the support process.
Focus on improving both operations and strategy.
Audience | Use Case | Goal/Purpose | Project/Solution Dependencies | Proposed Timeline | Priority |
---|---|---|---|---|---|
|
|
Stabilize the process by seeing: Change conflict reporting Reports of CI changes without change records System availability |
RFC mapping requires discovered CIs RFC review requires criticality, technical and business owners Conflict reporting requires dependency mapping |
|
High |
Regardless of which use cases you are planning to fulfill with the CMDB, it is critical to not add data and complexity with the plan of resolving every possible inquiry. Ensure the cost and effort of bringing in the data and maintaining it is justified. The complexity of the environment will impact the complexity of data sources and integrations for discovery and dependency mapping.
Before bringing in new data, consider:
If data will be used only occasionally upon request, determine if it will be more efficient to maintain it or to retrieve it from the CMDB or another data source as needed.
Remember, within the data sets, service configuration models can be used for:
Involve stakeholders.
Allot 60 minutes for this discussion.
Review use cases and their goals.
Identify what data will be required to meet those goals and determine whether it will be mandatory or optional/nice-to-have information.
Identify sources of data for each type of data. Color code or sort.
Italicize data points that can be automatically discovered.
Gain consensus on what information will be manually entered.
Record the data in the Use Cases and Data Worksheet.
Download the Use Cases and Data Worksheet
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Avoid manual data entry whenever possible.
Consider these features when looking at tools:
Real-Time Data | AIOps continual scans | Used for event and incident management |
---|---|---|
Near Real-Time Data | Discovery and dependency mapping run on a regular cycle | Used for change and asset management |
Historical Data | Activity log imports, manual data entry | Used for IT finance, audit trail |
Foundational data, such as technicians, end users and approvers, roles, location, company, agency, department, building, or cost center, may be added to tables that are within or accessed by the CMDB. Work with your vendor to understand structure and where this information resides.
Allot 15 minutes for this discussion.
Improve the trustworthiness of your CMDB as a system of record by relying on data that is already trusted.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Define roles and responsibilities
1.2.1 Record the project team and stakeholders
1.2.2 Complete a RACI chart to define who will be accountable and responsible for configuration tasks
Determine which roles will need to be involved in the initial project and how to source these roles.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Create a team to manage the process and data updates and to ensure data is always usable.
"We found that everyone wanted information from the CMDB, but no one wanted to pay to maintain it. People pointed to the configuration management team and said, 'It's their responsibility.'
Configuration managers, however, cannot own the data because they have no way of knowing if the data is accurate. They can own the processes related to checking accuracy, but not the data itself."
– Tim Mason, founding director at TRM Associates
(Excerpt from Viewpoint: Focus on CMDB Leadership)
These roles can make up the configuration control board (CCB) to make decisions on major changes to services, data models, processes, or policies. A CCB will be necessary in complex environments.
This role is focused on ensuring everyone works together to build the CMDB and keep it up to date. The configuration manager is responsible to:
This role is most important where manual data entry is prevalent and where many nonstandard configurations are in place. The librarian role is often held by the tool administrator. The librarian focuses specifically on data within the CMDB, including:
The product or technical owner will validate information is correctly updating and reflects the existing data requirements as new systems are provisioned or as existing systems change.
All practice owners, such as change manager, incident manager, or problem manager, must work with the configuration team to ensure data is usable for each of the use cases they are responsible for.
Download the Configuration Manager job description
Responsible: The person who actually gets the job done.
Different roles may be responsible for different aspects of the activity relevant to their role.
Accountable: The one role accountable for the activity (in terms of completion, quality, cost, etc.)
Must have sufficient authority to be held accountable; responsible roles are often accountable to this role.
Consulted: Those who need the opportunity to provide meaningful input at certain points in the activity; typically, subject matter experts or stakeholders. The more people you must consult, the more overhead and time you'll add to a process.
Informed: Those who receive information regarding the task but do not need to provide feedback.
Information might relate to process execution, changes, or quality.
R = responsible, A = accountable, C = consulted, I = informed | CCB | Configuration Manager | Configuration Librarian | Technical Owner(s) | Interfacing Practice Owners | Tool Administrator |
---|---|---|---|---|---|---|
Plan and manage the standards, processes, and procedures and communicate all updates to appropriate staff. Focused on continual improvement. | A | R | ||||
Plan and manage population of the CMDB and ensure data included meets criteria for cost effectiveness and reasonable effort for the value it brings. | A | R | ||||
Validate scope of services and CIs to be included and controlled within the CMDB and manage exceptions. | A | R | ||||
Audit data quality to ensure it is valid, is current, and meets defined standards. | A,R | |||||
Evaluate and recommend tools to support processes, data collection, and integrations. | A,R | |||||
Ensure configuration management processes interface with all other service and business management functions to meet use cases. | A | |||||
Report on configuration management performance and take appropriate action on process adherence and quality issues. | A | |||||
Make manual updates to configuration data. | A | |||||
Conduct CMDB data verification on a regular schedule. | A | |||||
Process ad hoc requests for data. | A | |||||
Enter new systems into the CMDB. | A | R | ||||
Update CMDB as systems change. | A | R | ||||
Identify new use cases for CMDB data. | R | A | ||||
Validate data meets the needs for use cases and quality. | R | A | ||||
Design reports to meet use cases. | R | |||||
Ensure integrations are configured as designed and are functional. | R |
Notes:
Refer back to the RACI chart when building out the communications plan to ensure accountable and responsible team members are on board and consulted and informed people are aware of all changes.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Strategy | Data Structure | Processes | Roadmap |
---|---|---|---|
|
|
|
|
Build a framework for CIs and relationships
Activities
Document services:
2.1.1 Define and prioritize your services
2.1.2 Test configuration items against existing categories
2.1.3 Create a configuration control board charter to define the board's responsibilities and protocols
As CIs are discovered and mapped, they will automatically map to each other based on integrations, APIs, queries, and transactions. However, CIs also need to be mapped to a conceptional model or service to present the service and its many layers in an easily consumable way.
These services will need to be manually created or imported into the CMDB and manually connected to the application services. Services can be mapped to technical or business services or both.
If business services reporting has been requested, talk to the business to develop a list of services that will be required. Use terms the business will be expecting and identify which applications and instances will be mapped to those services.
If IT is using the CMDB to support service usage and reporting, develop the list of IT services and identify which applications and instances will be mapped to those services.
There isn't a definitive right or wrong way to define catalog items. For example, the business and IT could both reference application servers, but only IT may need to see technical services broken down by specific locations or device types.
Refer back to your goals and use cases to think through how best to meet those objectives and determine how to categorize your services.
Define the services that will be the top-level, nondiscoverable services, which will group together the CIs that make up the complete service. Identify which application(s) will connect into the technical service.
When you are ready to start discovery, this list of services will be connected to the discovered data to organize it in a way that makes sense for how your stakeholders need to see the data.
While working toward meeting the goals of the first few use cases, you will want to keep the structure simple. Once processes are in place and data is regularly validated, complexities of different service types and names can be integrated into the data.
Determine which method of service groupings will best serve your audience for your prioritized use cases. This will help to name your service categories. Service types can be added as the CMDB evolves and as the audience changes.
Application Service |
Technical Service |
IT Shared Services |
Billable Services |
Service Portfolio |
---|---|---|---|---|
A set of interconnected applications and hosts configured to offer a service to the organization. Example: Financial application service, which may include email, web server, application server, databases, and middleware. |
A logical grouping of CIs based on common criteria. Example: Toronto web services, which may include several servers, web applications, and databases. |
A logical grouping of IT and business services shared and used across the organization. Example: VoIP/phone services or networking or security services. |
A group of services that will be billed out to departments or customers and would require logical groupings to enable invoicing. |
A group of business and technical service offerings with specific performance reporting levels. This may include multiple service levels for different customer audiences for the same service. |
Service Record Example
Service: Email
Supporting Services: M365, Authentication Services
Availability: 24/7 (99.999%)
Priority: Critical
Users: All
Used for: Collaboration
Billable: Departmental
Support: Unified Support Model, Account # 123456789
To extract maximum service management benefit from a CMDB, the highest level of CI type should be a service, as demonstrated below. While it is easier to start at the system or single-asset level, taking the service mapping approach will provide you with a useful and dynamic view of your IT environment as it relates to the services you offer, instead of a static inventory of components.
Standard categorization schemes will allow for easier integration with multiple tools and reporting and improve results if using machine learning to automate categorization. If the CMDB chosen includes structured categories, use that as your starting point and focus only on gaps that are not addressed for CIs unique to your environment.
There is an important distinction between a class and a type. This concept is foundational for your configuration data model, so it is important that you understand it.
Use inheritance structures to simplify your configuration data model.
Types are general groupings, and the things within a type will have similarities. Each type will have its own table within the CMDB. Classes within a type are a more specific grouping of configuration items and may include subclasses.
Review your vendor's CMDB documentation. Find the list of CI types or classes. Most CMDBs will have a default set of classes, like this standard list. If you need to build your own, use the table below as a starting point. Define anything required for unique classes. Create a list and consult with your installation partner.
Sample list of classes organized by type
Types | Services | Network | Hardware | Storage | Compute | App | Environment | Documents |
---|---|---|---|---|---|---|---|---|
Classes |
|
|
|
|
|
|
|
|
Manually mapping CMDB relationships may be time consuming and prone to error, but where manual mapping needs to take place, ensure the team has a common view of the dependency types available and what is important to map.
Use automated mapping whenever possible to improve accuracy, provide functional visualizations, and enable dynamic updates as the environment changes.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Minimize the number of customizations that will make it difficult to update the platform.
State | Status | Description |
---|---|---|
Preparation | Ordered | Waiting delivery from the vendor |
In Planning | Being created | |
Received | Vendor has delivered the item, but it is not ready for deployment | |
Production | In Stock | Available to be deployed |
In Use | Deployed | |
On Loan | Deployed to a user on a temporary basis | |
For Removal | Planning to be phased out but still deployed to an end user | |
Offline | In Transit | Moving to a new location |
Under Maintenance | Temporarily offline while a patch or change is applied | |
Removed | Decommissioned | Item has been retired and is no longer in production |
Disposed | Item has been destroyed and we are no longer in possession of it | |
Lost | Item has been lost | |
Stolen | Item has been stolen |
Document statuses, attributes, and data sources
2.2.1 Follow the packet and map out the in-scope services and data centers
2.2.2 Build data model diagrams
2.2.3 Determine access rights for your data
As you start thinking about dependency mapping, it's important to understand the different methods and how they work, as well as your CMDB's capabilities. These approaches may be all in the same tool, or the tool may only have the top-down options.
Top down, most common |
Pattern-based |
Most common option, which includes indicators of connections such as code, access rights, scripting, host discovery, and APIs. |
Start with pattern-based, then turn on traffic-based for more detail. This combination will provide the most accuracy. |
---|---|---|---|
Traffic-based |
Map against traffic patterns involving connection rules to get more granular than pattern-based. |
Traffic-based can add a lot of overhead with extraneous data, so you may not want to run it continuously. |
|
Tag-based |
Primarily used for cloud, containers, and virtual machines and will attach the cloud licenses to their dependent services and any related CIs. |
Tags work well with cloud but will not have the same hierarchical view as on-premises dependency mapping. |
|
Machine learning |
Machine learning will look for patterns in the traffic-based connections, match CIs to categories and help organize the data. |
Machine learning (ML) may not be in every solution, but if you have it, use it. ML will provide many suggestions to make the life of the data manager easier. |
Automated data mapping will be helpful, but it won't be foolproof. It's critical to understand the data model to validate and map nondiscoverable CIs correctly.
The framework consists of the business, enterprise, application, and implementation layers.
The business layer encodes real-world business concepts via the conceptual model.
The enterprise layer defines all enterprise data assets' details and their relationships.
The application layer defines the data structures as used by a specific application.
The implementation layer defines the data models and artifacts for use by software tools.
Learn how to create data models with Info-Tech's blueprint Create and Manage Enterprise Data Models
Reference your network topology and architecture diagrams.
Allot 1 hour for this activity.
This information will be used for CM project planning and validating the contents of the CMDB.
Download the Configuration Management Diagram Template Library to see an example.
Once this is built out in the system, you can let the automated dependency mapping take over, but you will still need to validate the accuracy of the automated mapping and investigate anything that is incorrect.
Every box represents a CI, and every line represents a relationship
Visualize the expected CI classes and relationships.
Review samples in Configuration Management Diagram Template Library.
Record these diagrams in the Configuration Management Standard Operating Procedures, Appendix 1: Configuration Data Model Structure.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the Configuration Management Diagram Template Library to see examples.
Data User Type | Access | Role |
---|---|---|
Data consumers |
|
|
CMDB owner |
|
|
Domain owner |
|
|
Data provider |
|
|
CMDB administrator |
|
|
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Strategy | Data Structure | Processes | Roadmap |
---|---|---|---|
|
|
|
|
This phase will walk you through the following aspects of a configuration management system:
This phase involves the following participants:
Harness Service Configuration Management Superpowers
3.1.1 Define processes to bring new services into the CMDB
3.1.2 Determine when each type of CI will be created in the CMDB
3.1.3 Identify when each type of CI will be retired in the CMDB
3.1.4 Record when and how attributes will change
3.1.5 Institute configuration control and configuration baselines
This step will walk you through the following aspects of a configuration management system:
This phase involves the following participants:
Determine which processes will prompt changes to the CMDB data
![]() |
Change enablement |
Identify which process are involved in each stage of data input, maintenance, and removal to build out a process for each scenario. |
|
Project management |
|||
Change enablement |
Asset management |
Security controls |
|
Project management |
Incident management |
Deployment management |
|
Change enablement |
Asset management |
Security controls |
|
Project management |
Incident management |
Service management |
As new services and products are introduced into the environment, you can improve your ability to correctly cost the service, design integrations, and ensure all operational capabilities are in place, such as data backup and business continuity plans.
In addition, attributes such as service-level agreements (SLAs), availability requirements, and product, technical, and business owners should be documented as soon as those new systems are made live.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
New CIs may be introduced with new services or may be introduced and removed as part of asset refreshes or through service restoration in incident management. Updates may be done by your own services team or a managed services provider.
Determine the various ways the CIs may be changed and test with various CI types.
Review attributes such as SLAs, availability requirements, and product, technical, and business owners to determine if changes are required.
Data deemed no longer current may be archived or deleted. Retained data may be used for tracing lifecycle changes when troubleshooting or meeting audit obligations. Determine what types of CIs and use cases require archived data to meet data retention policies. If none do, deletion of old data may be appropriate.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
As new CIs are detected, identify the process by which they should have been introduced into configuration management and compare against those records. If your CMDB can automatically check for documentation, this may be easier. Weekly reporting will allow you to catch changes quickly, and alerts on critical CIs could enable faster remediation, if the tool allows for alerting. AIOps could identify, notify of, and process many changes in a highly dynamic environment.
Type of Change | Impacted Process | Validation | Findings | Actions |
---|---|---|---|---|
Configuration change to networking equipment or software | Change management | Check for request for change | No RFC | Add to CAB agenda, notify technical owner |
Configuration change to end-user device or software | Asset management | Check for service ticket | No ticket | Escalate to asset agenda, notify service manager |
New assets coming into service | Security incident and event management | Check for SIEM integration | No SIEM integration | Notify security operations team to investigate |
The configuration manager may not have authority to act but can inform the process owners of unauthorized changes for further action. Once the notifications are forwarded to the appropriate process owner, the configuration manager will note the escalation and follow up on data corrections as deemed appropriate by the associated process owner.
Document these tables in Configuration Management Standard Operation Procedures, Section 8.7: Practices That Modify CIs.
Network Equipment Attributes |
Practices That Modify This Attribute |
---|---|
Status |
|
Assigned User |
|
Version |
|
End-User Computers Attributes |
Practices That Modify This Attribute |
---|---|
Status |
|
Assigned User |
|
Version |
|
Baselines may be used by enterprise architects and system engineers for planning purposes, by developers to test their solution against production copies, by technicians to assess configuration drift that may be causing performance issues, and by change managers to assess and verify the configuration meets the target design.
Configuration baselines are a snapshot of configuration records, displaying attributes and first-level relationships of the CIs. Standard configurations may be integral to the success of automated workflows, deployments, upgrades, and integrations, as well as prevention of security events. Comparing current CIs against their baselines will identify configuration drift, which could cause a variety of incidents. Configuration baselines are updated through change management processes.
Configuration baselines can be used for a variety of use cases:
Determine the appropriate method for evaluating and approving changes to baselines. Delegating this to the CCB every time may reduce agility, depending on volume. Discuss in CCB meetings.
Process | Criteria | Systems |
---|---|---|
Change Enablement & Deployment | All high-risk changes must have the baseline captured with version number to revert to stable version in the event of an unsuccessful change |
|
Security | Identify when configuration drift may impact risk mitigation strategies |
|
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
3.2.1 Build an audit plan and checklist
Review the performance of the supporting technologies and processes to validate the accuracy of the CMDB.
"If the data in your CMDB isn't accurate, then it's worthless. If it's wrong or inaccurate, it's going to drive the wrong decisions. It's going to make IT worse, not better."
– Valence Howden, Research Director, Info-Tech Research Group
Perform functional tests during audits and as part of release management practices.
Audit results need to have a clear status of "compliant," "noncompliant," or "compliant with conditions," and conditions need to be noted. The conditions will generally offer a quick win to improve a process, but don't use these audit results to quickly check off something as "done." Ensure the fix is useful and meaningful to the process.
The audit should cover three areas:
When technicians and analysts are working on a system, they should check to make sure the data about that system is correct. When they're working in the CMDB, they should check that the data they're working with is correct.
More frequent audits, especially in the early days, may help move toward process adoption and resolving data quality issues. If audits are happening more frequently, the audits can include a smaller scope, though it's important to vary each one to ensure many different areas have been audited through the year.
Perform functional tests during audits and as part of release management practices.
Audit results need to have a clear status of "compliant," "noncompliant," or "compliant with conditions," and conditions need to be noted. The conditions will generally offer a quick win to improve a process, but don't use these audit results to quickly check off something as "done." Ensure the fix is useful and meaningful to the process.
The audit should cover three areas:
More frequent audits, especially in the early days, may help move toward process adoption and resolving data quality issues. If audits are happening more frequently, the audits can include a smaller scope, though it's important to vary each one to ensure many different areas have been audited through the year.
Audits present you with the ability to address these pain points before they have greater negative impact.
Download the Configuration Management Audit and Validation Checklist
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Strategy | Data Structure | Processes | Roadmap |
---|---|---|---|
|
|
|
|
This phase will walk you through the following aspect of a configuration management system:
Roadmap
This phase involves the following participants:
Harness Service Configuration Management Superpowers
4.1.1 Identify key metrics to define configuration management success
4.1.2 Brainstorm and record desired reports, dashboards, and analytics
4.1.3 Build a configuration management policy
This phase will walk you through the following aspects of a configuration management system:
This phase involves the following participants:
Success factors |
Key metrics |
Source |
---|---|---|
Product and service configuration data is relevant |
|
Stakeholder discussions |
|
Process owner discussions |
|
|
CMDB |
|
Cost and effort are continually optimized |
|
Resource management or scheduling ERP |
Progress reporting |
|
Communications team and stakeholder discussions |
Data – How many products are in the CMDB and are fully and accurately discovered and mapped? |
CMDB |
|
Ability to meet milestones on time and with appropriate quality |
Project team |
Document metrics in the Configuration Management Standard Operating Procedures, section 7: Success Metrics
Using a service framework such as ITIL, COBIT, or ISO 20000 may make this job easier, and subscribing to benchmarking partners will provide some of the external data needed for comparison.
Allot 45 minutes for this discussion.
Stakeholder Groups | Reports | Dashboards |
---|---|---|
Change Management |
|
|
Security |
|
|
Finance |
|
|
Download the blueprint Take Control of Infrastructure and Operations Metrics to create a complete metrics program.
The approvals process is about appropriate oversight of the drafted policies. For example:
Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.
Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.
Employees must be informed on where to get help or ask questions and who to request policy exceptions from.
Use this template as a starting point.
The Configuration Management Policy provides the foundation for a configuration control board and the use of configuration baselines.
Instructions:
Download the Configuration Management Policy template
Build communications and a roadmap
Activities
4.2.1 Build a communications plan
4.2.2 Identify milestones
30% |
When people are truly invested in change, it is 30% more likely to stick. |
---|---|
82% |
of CEOs identify organizational change management as a priority. |
6X |
Initiatives with excellent change management are six times more likely to meet objectives than those with poor change management. |
For a more detailed program, see Drive Technology Adoption
Distinct information that needs to be sent at various times. Think about:
Any person or group who will be the target of the communication. This may include:
Document messaging, medium, and responsibility, working with the communications team to refine messages before executing.
Successful communications plans consider timing of various messages:
Work with your communications team, if you have one, to determine the best medium, such as:
Allot 45 minutes for this discussion.
Identify stakeholders.
Craft key messages tailored to each stakeholder group.
Finalize the communication plan.
Audience | Message | Medium | Timing | Feedback Mechanism |
---|---|---|---|---|
Configuration Management Team | Communicate all key processes, procedures, policies, roles, and responsibilities | In-person meetings and email communications | Weekly meetings | Informal feedback during weekly meetings |
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Document this table in the Configuration Management Project Charter, section 3.0: Milestones
Timeline/Owner | Milestone/Deliverable | Details |
---|---|---|
First four weeks | Milestone: Plan defined and validated with ITSM installation vendor | Define processes for intake, maintenance, and retirement. |
Rebecca Roberts | Process documentation written, approved, and ready to communicate | Review CI categories |
Open the Configuration Management Project Charter, section 3: Milestones.
Instructions:
Download the Configuration Management Project Charter
R = Recommended
O = Optional
Participants | Day 1 | Day 2 | Day 3 | Day 4 | ||||
---|---|---|---|---|---|---|---|---|
Configuration Management Strategy | CMDB Data Structure | Processes | Communications & Roadmap | |||||
Morning | Afternoon | Morning | Afternoon | Morning | Afternoon | Morning | Afternoon | |
Head of IT | R | O | ||||||
Project Sponsor | R | R | O | O | O | O | O | O |
Infrastructure, Enterprise Apps Leaders | R | R | O | O | O | O | O | O |
Service Manager | R | R | O | O | O | O | O | O |
Configuration Manager | R | R | R | R | R | R | R | R |
Project Manager | R | R | R | R | R | R | R | R |
Representatives From Network, Compute, Storage, Desktop | R | R | R | R | R | R | R | R |
Enterprise Architecture | R | R | R | R | O | O | O | O |
Owner of Change Management/Change Control/Change Enablement | R | R | R | R | R | R | R | R |
Owner of In-Scope Apps, Use Cases | R | R | R | R | R | R | R | R |
Asset Manager | R | R | R | R | R | R | R | R |
Thank you to everyone who contributed to this publication
Brett Johnson, Senior Consultant, VMware
Yev Khovrenkov, Senior Consultant, Solvera Solutions
Larry Marks, Reviewer, ISACA New Jersey
Darin Ohde, Director of Service Delivery, GreatAmerica Financial Services
Jim Slick, President/CEO, Slick Cyber Systems
Emily Walker, Sr. Digital Solution Consultant, ServiceNow
Valence Howden, Principal Research Director, Info-Tech Research Group
Allison Kinnaird, Practice Lead, IT Operations, Info-Tech Research Group
Robert Dang, Principal Research Advisor, Security, Info-Tech Research Group
Monica Braun, Research Director, IT Finance, Info-Tech Research Group
Jennifer Perrier, Principal Research Director, IT Finance, Info-Tech Research Group
Plus 13 anonymous contributors
An Introduction to Change Management, Prosci, Nov. 2019.
BAI10 Manage Configuration Audit Program. ISACA, 2014.
Bizo, Daniel, et al, "Uptime Institute Global Data Center Survey 2021." Uptime Institute, 1 Sept. 2021.
Brown, Deborah. "Change Management: Some Statistics." D&B Consulting Inc. May 15, 2014. Accessed June 14, 2016.
Cabinet Office. ITIL Service Transition. The Stationery Office, 2011.
"COBIT 2019: Management and Governance Objectives. ISACA, 2018.
"Configuration Management Assessment." CMStat, n.d. Accessed 5 Oct. 2022.
"Configuration Management Database Foundation." DMTF, 2018. Accessed 1 Feb. 2021.
Configuration Management Using COBIT 5. ISACA, 2013.
"Configuring Service Manager." Product Documentation, Ivanti, 2021. Accessed 9 Feb. 2021.
"Challenges of Implementing configuration management." CMStat, n.d. Accessed 5 Oct. 2022.
"Determining if configuration management and change control are under management control, part 1." CMStat, n.d. Accessed 5 Oct. 2022.
"Determining if configuration management and change control are under management control, part 2." CMStat, n.d. Accessed 5 Oct. 2022.
"Determining if configuration management and change control are under management control, part 3." CMStat, n.d. Accessed 5 Oct. 2022.
"CSDM: The Recipe for Success." Data Content Manager, Qualdatrix Ltd. 2022. Web.
Drogseth, Dennis, et al., 2015, CMDB Systems: Making Change Work in the Age of Cloud and Agile. Morgan Kaufman.
Ewenstein, B, et al. "Changing Change Management." McKinsey & Company, 1 July 2015. Web.
Farrell, Karen. "VIEWPOINT: Focus on CMDB Leadership." BMC Software, 1 May 2006. Web.
"How to Eliminate the No. 1 Cause of Network Downtime." SolarWinds, 4 April 2014. Accessed 9 Feb. 2021.
"ISO 10007:2017: Quality Management -- Guidelines for Configuration Management." International Organization for Standardization, 2019.
"IT Operations Management." Product Documentation, ServiceNow, version Quebec, 2021. Accessed 9 Feb. 2021.
Johnson, Elsbeth. "How to Communicate Clearly During Organizational Change." Harvard Business Review, 13 June 2017. Web.
Kloeckner, K. et al. Transforming the IT Services Lifecycle with AI Technologies. Springer, 2018.
Klosterboer, L. Implementing ITIL Configuration Management. IBM Press, 2008.
Norfolk, D., and S. Lacy. Configuration Management: Expert Guidance for IT Service Managers and Practitioners. BCS Learning & Development Limited, revised ed., Jan. 2014.
Painarkar, Mandaar. "Overview of the Common Data Model." BMC Documentation, 2015. Accessed 1 Feb. 2021.
Powers, Larry, and Ketil Been. "The Value of Organizational Change Management." Boxley Group, 2014. Accessed June 14, 2016.
"Pulse of the Profession: Enabling Organizational Change Throughout Strategic Initiatives." PMI, March 2014. Accessed June 14, 2016.
"Service Configuration Management, ITIL 4 Practice Guide." AXELOS Global Best Practice, 2020
"The Guide to Managing Configuration Drift." UpGuard, 2017.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Explore how the cloud changes and whether your enterprise is ready for the shift to the cloud.
Analyze the workloads that will migrated to the cloud. Consider the various domains of security in the cloud, considering the cloud’s unique risks and challenges as they pertain to your workloads.
Map your risks to services in a reference model from which to build a robust launch point for your architecture.
Map your risks to services in a reference architecture to build a robust roadmap from.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand your suitability and associated risks with your workloads as they are deployed into the cloud.
An understanding of the organization’s readiness and optimal service level for cloud security.
1.1 Workload Deployment Plan
1.2 Cloud Suitability Questionnaire
1.3 Cloud Risk Assessment
1.4 Cloud Suitability Analysis
Workload deployment plan
Determined the suitability of the cloud for your workloads
Risk assessment of the associated workloads
Overview of cloud suitability
Explore your business-critical workloads and the associated controls and mitigating services to secure them.
Address NIST 800-53 security controls and the appropriate security services that can mitigate the risks appropriately.
2.1 “A” Environment Analysis
2.2 “B” Environment Analysis
2.3 “C” Environment Analysis
2.4 Prioritized Security Controls
2.5 Effort and Risk Dashboard Overview
NIST 800-53 control mappings and relevancy
NIST 800-53 control mappings and relevancy
NIST 800-53 control mappings and relevancy
Prioritized security controls based on risk and environmental makeup
Mitigating security services for controls
Effort and Risk Dashboard
Identify security services to mitigate challenges posed by the cloud in various areas of security.
Comprehensive list of security services, and their applicability to your network environment. Documentation of your “current” state of cloud security.
3.1 Cloud Security Control Mapping
3.2 Cloud Security Architecture Reference Model Mapping
1. Cloud Security Architecture Archive Document to codify and document each of the associated controls and their risk levels to security services
2. Mapping of the codified controls onto Info-Tech’s Cloud Security Architecture Reference Model for clear security prioritization
Prepare a communication deck for executive stakeholders to socialize them to the state of your cloud security initiatives and where you still have to go.
A roadmap for improving security in the cloud.
4.1 Cloud Security Strategy Considerations
4.2 Cloud Security Architecture Communication Deck
Consider the additional security considerations of the cloud for preparation in the communication deck.
Codify all your results into an easily communicable communication deck with a clear pathway for progression and implementation of security services to mitigate cloud risks.
Establish an enterprise architecture practice that:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
You need to define a sound set of design principles before commencing with the design of your EA organization.
The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.
A phased approach and a good communications strategy are key to the success of the new EA organization.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.
EA is designed to be the most appropriately placed and structured for the organization.
1.1 Place the EA department.
1.2 Define roles for each team member.
1.3 Find internal and external talent.
1.4 Create job descriptions with required proficiencies.
EA organization design
Role-based skills and competencies
Talent acquisition strategy
Job descriptions
Create a thorough engagement model to interact with stakeholders.
An understanding of each process within the engagement model.
Create stakeholder interaction cards to plan your conversations.
2.1 Define each engagement process for your organization.
2.2 Document stakeholder interactions.
EA Operating Model Template
EA Stakeholder Engagement Model Template
Develop EA boards, alongside a charter and policies to effectively govern the function.
Governance that aids the EA function instead of being a bureaucratic obstacle.
Adherence to governace.
3.1 Outline the architecture review process.
3.2 Position the architecture review board.
3.3 Create a committee charter.
3.4 Make effective governance policy.
Architecture Board Charter Template
EA Policy Template
Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.
A thoroughly articulated development framework.
Understanding of the views that influence each domain.
4.1 Tailor an architecture development framework to your organizational context.
EA Operating Model Template
Enterprise Architecture Views Taxonomy
Create a change management and communication plan or roadmap to execute the operating model.
Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.
Effectively execute the roadmap.
5.1 Create a sponsorship action plan.
5.2 Outline a communication plan.
5.3 Execute a communication roadmap.
Sponsorship Action Plan
EA Communication Plan Template
EA Roadmap
Reduced infection rates in compromised areas are providing hope that these difficult times will pass. However, organizations are facing harsh realities in real time. With significant reductions in revenue, employers are facing pressure to quickly implement cost-cutting strategies, resulting in mass layoffs of valuable employees.
Employees are an organization’s greatest asset. When faced with cost-cutting pressures, look for redeployment opportunities that use talent as a resource to get through hard times before resorting to difficult layoff decisions.
Make the most of your workforce in this unprecedented situation by following McLean & Company’s process to initiate redeployment efforts and reduce costs. If all else fails, follow our guidance on planning for layoffs and considerations when doing so.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Set a strategy with senior leadership, brainstorm underused and understaffed employee segments and departments, then determine an approach to redeployments and layoffs.
Collect key information, prepare and redeploy, and roll up information across the organization.
Plan for layoffs, execute on the layoff plan, and communicate to employees.
Monitor departmental performance, review organizational performance, and determine next steps.
Organizations need to understand their value-added reseller (VAR) portfolio and the greater VAR landscape to better:
VARs typically charge more for products because they are in some way adding value. If you’re not leveraging any of the provided value, you’re likely wasting money and should use a basic commodity-type reseller for procurement.
This project will provide several benefits to Vendor Management and Procurement:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Organize all your VARs and create a manageable portfolio detailing their value, specific, product, services, and certifications.
Create an in-depth evaluation of the VARs’ capabilities.
Assess each VAR for low performance and opportunity to increase value or consolidate to another VAR and reduce redundancy.
Micro-manage your primary VARs to ensure performance to commitments and maximize their value.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint will help you build a business case for selecting the right MMS platform, define key requirements, and conduct a thorough analysis and scan of the current state of the ever-evolving MMS market space.
Modern marketing management suites (MMS) are imperative given today's complex, multitiered, and often non-standardized marketing processes. Relying on isolated methods such as lead generation or email marketing techniques for executing key cross-channel and multichannel marketing initiatives is not enough to handle the complexity of contemporary marketing management activities.
Organizations need to invest in highly customizable and functionally extensive MMS platforms to provide value alongside the marketing value chain and a 360-degree view of the consumer's marketing journey. IT needs to be rigorously involved with the sourcing and implementation of the new MMS tool, and the necessary business units also need to own the requirements and be involved from the initial stages of software selection.
To succeed with MMS implementation, consider drafting a detailed roadmap that outlines milestone activities for configuration, security, points of integration, and data migration capabilities and provides for ongoing application maintenance and support.
Yaz Palanichamy
Senior Research Analyst, Customer Experience Strategy
Info-Tech Research Group
IT must collaborate with marketing professionals and other key stakeholder groups to define a unified vision and holistic outlook for a right-sized MMS platform.
1. Understand Core MMS Features |
2. Build the Business Case & Streamline Requirements |
3. Discover the MMS Market Space & Prepare for Implementation |
|
---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes |
|
|
|
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
Call #1: Understand what a marketing management suite is. Discuss core capabilities and key trends. |
Call #2: Build the business case Call #3: Define your core Call #4: Build and sustain procurement vehicle best practices. |
Call #5: Evaluate the MMS vendor landscape and short-list viable options.
|
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
The MMS procurement process should be broken into segments:
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Our Definition: Marketing management suite (MMS) platforms are core enterprise applications that provide a unified set of marketing processes for a given organization and, typically, the capability to coordinate key cross-channel marketing initiatives.
Key product capabilities for sophisticated MMS platforms include but are not limited to:
Using a robust and comprehensive MMS platform equips marketers with the appropriate tools needed to make more informed decisions around campaign execution, resulting in better targeting, acquisition, and customer retention initiatives. Moreover, such tools can help bolster effective revenue generation and ensure more viable growth initiatives for future marketing growth enablement strategies.
Feature sets are rapidly evolving over time as MMS offerings continue to proliferate in this market space. Ensure that you focus on core components such as customer conversion rates and new lead captures through maintaining well- integrated multichannel campaigns.
A right-sized MMS software selection and procurement decision should involve comprehensive requirements and needs analysis by not just Marketing but also other organizational units such as IT, in conjunction with input suppled from the internal vendor procurement team.
Phase 1 |
Phase 2 |
Phase 3 |
---|---|---|
1.1 Define MMS Platforms 1.2 Classify Table Stakes & Differentiating Capabilities 1.3 Explore Trends |
2.1 Build the Business Case 2.2 Streamline Requirements Elicitation 2.3 Develop an Inclusive RFP Approach |
3.1 Discover Key Players in the Vendor Landscape 3.2 Engage the Shortlist & Select Finalist 3.3 Prepare for Implementation |
This phase will walk you through the following activities:
This phase involves the following participants:
Our Definition: Marketing management suite (MMS) platforms are core enterprise applications that provide a unified set of marketing processes for a given organization and, typically, the capability to coordinate key cross-channel marketing initiatives.
Key product capabilities for sophisticated MMS platforms include but are not limited to:
Using a robust and comprehensive MMS platform equips marketers with the appropriate tools needed to make more informed decisions around campaign execution, resulting in better targeting, acquisition, and customer retention initiatives. Moreover, such tools can help bolster effective revenue generation and ensure more viable growth initiatives for future marketing growth enablement strategies.
Feature sets are rapidly evolving over time as MMS offerings continue to proliferate in this market space. Ensure that you focus on core components such as customer conversion rates and new lead captures through maintaining well- integrated multichannel campaigns.
Initial traction for marketing management strategies began with the need to holistically understand the effects of advertising efforts and how the media mix could be best optimized.
1902 |
1920s-1930s |
1942 |
1952-1964 |
1970s-1990s |
---|---|---|---|---|
Recognizing the increasing need for focused and professional marketing efforts, the University of Pennsylvania offers the first marketing course, dubbed "The Marketing of Products." |
As broadcast media began to peak, marketers needed to manage a greater number of complex and interspersed marketing channels. |
The introduction of television ads in 1942 offered new opportunities for brands to reach consumers across a growing media landscape. To generate the highest ROI, marketers sought to understand the consumer and focus on more tailored messaging and product personalization. Thus, modern marketing practices were born. |
Following the introduction of broadcast media, marketers had to develop strategies beyond traditional spray-and-pray methods. The first modern marketing measurement concept, "marketing mix," was conceptualized in 1952 and popularized in 1964 by Neil Borden. |
This period marked the digital revolution and the new era of marketing. With the advent of new communications technology and the modern internet, marketing management strategies reached new heights of sophistication. During the early 1990s, search engines emerged to help users navigate the web, leading to early forms of search engine optimization and advertising. |
6% |
As a continuously growing discipline, marketing management roles are predicted to grow faster than average, at a rate of 6% over the next decade. Source: U.S. Bureau of Labor Statistics, 2021 |
---|---|
17% |
While many marketing management vendors offer A/B testing, only 17% of marketers are actively using A/B testing on landing pages to increase conversion rates. Source: Oracle, 2022 |
70% |
It is imperative that technology and SaaS companies begin to use marketing automation as a core component of their martech strategy to remain competitive. About 70% of technology and SaaS companies are employing integrated martech tools. Source: American Marketing Association, 2021 |
Email Marketing |
Lead Nurturing |
Reporting, Analytics, and Marketing KPIs |
Marketing Campaign Management |
Integrational Catalog |
---|---|---|---|---|
The use of email alongside marketing efforts to promote a business' products and services. Email marketing can be a powerful tool to maintain connections with your audience and ensure sustained brand promotion. |
The process of developing and nurturing relationships with key customer contacts at every major touchpoint in their customer journey. MMS platforms can use automated lead-nurturing functions that are triggered by customer behavior. |
The use of well-defined metrics to help curate, gather, and analyze marketing data to help track performance and improve the marketing department's future marketing decisions and strategies. |
Tools needed for the planning, execution, tracking, and analysis of direct marketing campaigns. Such tools are needed to help gauge your buyers' sentiments toward your company's product offerings and services. |
MMS platforms should generally have a comprehensive open API/integration catalog. Most MMS platforms should have dedicated integration points to interface with various tools across the marketing landscape (e.g. social media, email, SEO, CRM, CMS tools, etc.). |
Digital Asset Management (DAM) |
A DAM can help manage digital media asset files (e.g. photos, audio files, video). |
---|---|
Customer Data Management |
Customer data management modules help your organization track essential customer information to maximize your marketing results. |
Text-Based Marketing |
Text-based marketing strategy is ideal for any organization primarily focused on coordinating structured and efficient marketing campaigns. |
Customer |
Customer journey orchestration enables users to orchestrate customer conversations and journeys across the entire marketing value chain. |
AI-Driven Workflows |
AI-powered workflows can help eliminate complexities and allow marketers to automate and optimize tasks across the marketing spectrum. |
Dynamic Segmentation |
Dynamic segmentation to target audience cohorts based on recent actions and stated preferences. |
Advanced Email Marketing |
These include capabilities such as A/B testing, spam filter testing, and detailed performance reporting. |
Data-Driven |
Adapt innovative techniques such as conversational marketing to help collect, analyze, and synthesize crucial audience information to improve the customer marketing experience and pre-screen prospects in a more conscientious manner. |
---|---|
Next Best Action Marketing |
Next best action marketing (NBAM) is a customer-centric paradigm/marketing technique designed to capture specific information about customers and their individual preferences. Predicting customers' future actions by understanding their intent during their purchasing decisions stage will help improve conversion rates. |
AI-Driven Customer |
The use of inclusive and innovative AI-based forecast modeling techniques can help more accurately analyze customer data to create more targeted segments. As such, marketing messages will be more accurately tailored to the customer that is reading them. |
Are you curious about the measures needed to boost engagement among your client base and other primary target audience groups? Conversational marketing intelligence metrics can help collect and disseminate key descriptive data points across a broader range of audience information.
Certain social media channels (e.g. LinkedIn and Facebook) like to take advantage of click-to-Messenger-style applications to help drive meaningful conversations with customers and learn more about their buying preferences. In addition, AI-driven chatbot applications can help the organization glean important information about the customer's persona by asking probing questions about their marketing purchase behaviors and preferences.
One of the newest phenomena in data-driven marketing technology and digital advertising techniques is the metaverse, where users can represent themselves and their brand via virtual avatars to further gamify their marketing strategies. Moreover, brands can create immersive experiences and engage with influencers and established communities and collect a wealth of information about their audience that can help drive customer retention and loyalty.
Metaverse marketing extends the potential for commercial brand development and representation: a deep dive into Gucci's metaverse practice
INDUSTRY: Luxury Goods Apparel
SOURCE: Vogue Business
Beginning with a small, family-owned leather shop known as House of Gucci in Florence, Italy, businessman and fashion designer Guccio Gucci sold saddles, leather bags, and other accessories to horsemen during the 1920s. Over the years, Gucci's offerings have grown to include various other personal luxury goods.
As consumer preferences have evolved over time, particularly with the younger generation, Gucci's professional marketing teams looked to invest in virtual technology environments to help build and sustain better brand awareness among younger consumer audiences.
In response to the increasing presence of metaverse-savvy gamers on the internet, Gucci began investing in developing its online metaverse presence to bolster its commercial marketing brand there.
A recent collaboration with Roblox, an online gaming platform that offers virtual experiences, provided Gucci the means to showcase its fashion items using the Gucci Garden – a virtual art installation project for Generation Z consumers, powered by Roblox's VR technology. The Gucci Garden virtual system featured a French-styled garden environment where players could try on and buy Gucci virtual fashion items to dress up their blank avatars.
Gucci's disruptive, innovative metaverse marketing campaign project with Roblox is proof of its commitment to tapping new marketing growth channels to showcase the brand to engage new and prospective consumers (e.g. Roblox's player base) across more unique sandboxed/simulation environments.
The freedom and flexibility in the metaverse environments allows brands such as Gucci to execute a more flexible digital marketing approach and enables them to take advantage of innovative metaverse-driven technologies in the market to further drive their data-driven digital marketing campaigns.
To improve conversion propensity, next best action techniques can use predictive modeling methods to help build a dynamic overview of the customer journey. With information sourced from actionable marketing intelligence data, MMS platforms can use NBAM techniques to identify customer needs based on their buying behavior, social media interactions, and other insights to determine what unique set of actions should be taken for each customer.
Rules-based recommender systems can help assign probabilities of purchasing behaviors based on the patterns in touchpoints of a customer's journey and interaction with your brand. For instance, a large grocery chain company such as Walmart or Whole Foods will use ML-based recommender systems to decide what coupons they should offer to their customers based on their purchasing history.
The inclusion of AI in data analytics helps make customer targeting more accurate
and meaningful. Organizations can analyze customer data more thoroughly and generate in-depth contextual and descriptive information about the targeted segments. In addition, they can use this information to automate the personalization of marketing campaigns for a specific target audience group.
To greatly benefit from AI-powered customer segmentation, organizations must deploy specialized custom AI solutions to help organize qualitative comments into quantitative data. This approach requires companies to use custom AI models and tools that will analyze customer sentiments and experiences based on data extracted from various touchpoints (e.g. CRM systems, emails, chatbot logs).
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
1.1 Define MMS Platforms 1.2 Classify Table Stakes & Differentiating Capabilities 1.3 Explore Trends | 2.1 Build the Business Case 2.2 Streamline Requirements Elicitation 2.3 Develop an Inclusive RFP Approach | 3.1 Discover Key Players in the Vendor Landscape 3.2 Engage the Shortlist & Select Finalist 3.3 Prepare for Implementation |
This phase will walk you through the following activities:
This phase involves the following participants:
Expert analyst guidance over 5 weeks on average to select software and negotiate with the vendor.
Save money, align stakeholders, speed up the process and make better decisions.
Use a repeatable, formal methodology to improve your application selection process.
Better, faster results, guaranteed, included in your membership.
CLICK HERE to book your Selection Engagement
Understanding business needs through requirements gathering is the key to defining everything you need from your software. However, it is an area where people often make critical mistakes.
Poorly scoped requirements |
Best practices |
---|---|
|
|
Info-Tech Insight
Poor requirements are the number one reason projects fail. Review Info-Tech's Improve Requirements Gathering blueprint to learn how to improve your requirements analysis and get results that truly satisfy stakeholder needs.
Develop an inclusive and thorough approach to the RFP process
Review Info-Tech's process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP.
You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.
Use Info-Tech's Contract Review Service to gain insights on your agreements:
Validate that a contract meets IT's and the business' needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.
CLICK to BOOK The Contract Review Service
CLICK to DOWNLOAD Master Contract Review and Negotiation for Software Agreements
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
1.1 Define MMS Platforms 1.2 Classify Table Stakes & Differentiating Capabilities 1.3 Explore Trends | 2.1 Build the Business Case 2.2 Streamline Requirements Elicitation 2.3 Develop an Inclusive RFP Approach | 3.1 Discover Key Players in the Vendor Landscape 3.2 Engage the Shortlist & Select Finalist 3.3 Prepare for Implementation |
This phase will walk you through the following activities:
This phase involves the following participants:
The following slides provide a top-level overview of the popular players you will encounter in your MMS shortlisting process.
![]() |
The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions. Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform. |
![]() |
The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions. Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution. |
CLICK HERE to ACCESS |
---|
Comprehensive software reviews
|
We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy. |
Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today's technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.
"Adobe Experience Cloud (AEC), formerly Adobe Marketing Cloud (AMC), provides a host of innovative multichannel analytics, social, advertising, media optimization, and content management products (just to name a few). The Adobe Marketing Cloud package allows users with valid subscriptions to download the entire collection and use it directly on their computer with open access to online updates. Organizations that have a deeply ingrained Adobe footprint and have already reaped the benefits of Adobe's existing portfolio of cloud services products (e.g. Adobe Creative Cloud) will find the AEC suite a functionally robust and scalable fit for their marketing management and marketing automation needs.
However, it is important to note that AEC's pricing model is expensive when compared to other competitors in the space (e.g. Sugar Market) and, therefore, is not as affordable for smaller or mid-sized organizations. Moreover, there is the expectation of a learning curve with the AEC platform. Newly onboarded users will need to spend some time learning how to navigate and work comfortably with AEC's marketing automaton modules. "
-
Yaz Palanichamy
Senior Research Analyst, Info-Tech Research Group
Adobe Experience Cloud Platform pricing is opaque.
Request a demo.*
*Info-Tech recommends reaching out to the vendor's internal sales management team for explicit details on individual pricing plans for the Adobe Marketing Cloud suite.
2021 |
Adobe Experience Platform Launch is integrated into the Adobe Experience Platform as a suite of data collection technologies (Experience League, Adobe). |
---|---|
November 2020 |
Adobe announces that it will spend $1.5 billion to acquire Workfront, a provider of marketing collaboration software (TechTarget, 2020). |
September 2018 |
Adobe acquires marketing automation software company Marketo (CNBC, 2018). |
June 2018 |
Adobe buys e-commerce services provider Magento Commerce from private equity firm Permira for $1.68 billion (TechCrunch, 2018). |
2011 |
Adobe acquires DemDex, Inc. with the intention of adding DemDex's audience-optimization software to the Adobe Online Marketing Suite (Adobe News, 2011). |
2009 |
Adobe acquires online marketing and web analytics company Omniture for $1.8 billion and integrates its products into the Adobe Marketing Cloud (Zippia, 2022). |
Adobe platform launches in December 1982. |
Strengths:
Areas to Improve:
2021 |
Microsoft Dynamics 365 suite adds customer journey orchestration as a viable key feature (Tech Target, 2021) |
---|---|
2019 |
Microsoft begins adding to its Dynamics 365 suite in April 2019 with new functionalities such as virtual agents, fraud detection, new mixed reality (Microsoft Dynamics 365 Blog, 2019). |
2017 |
Adobe and Microsoft expand key partnership between Adobe Experience Manager and Dynamics 365 integration (TechCrunch, 2017). |
2016 |
Microsoft Dynamics CRM paid seats begin growing steadily at more than 2.5x year-over-year (TechCrunch, 2016). |
2016 |
On-premises application, called Dynamics 365 Customer Engagement, contains the Dynamics 365 Marketing Management platform (Learn Microsoft, 2023). |
Microsoft Dynamics 365 product suite is released on November 1, 2016. |
"Microsoft Dynamics 365 for Marketing remains a viable option for organizations that require a range of innovative MMS tools that can provide a wealth of functional capabilities (e.g. AI-powered analytics to create targeted segments, A/B testing, personalizing engagement for each customer). Moreover, Microsoft Dynamics 365 for Marketing offers trial options to sandbox their platform for free for 30 days to help users familiarize themselves with the software before buying into the product suite.
However, ensure that you have the time to effectively train users on implementing the MS Dynamics 365 platform. The platform does not score high on customizability in SoftwareReviews reports. Developers have only a limited ability to modify the core UI, so organizations need to be fully equipped with the knowledge needed to successfully navigate MS-based applications to take full advantage of the platform. For organizations deep in the Microsoft stack, D365 Marketing is a compelling option."
Yaz Palanichamy
Senior Research Analyst, Info-Tech Research Group
Dynamics 365 |
Dynamics 365 |
---|---|
|
|
* Pricing correct as of October 2022. Listed in USD and absent discounts. See pricing on vendor's website for latest information.
Strengths:
Areas to Improve:
2022 |
HubSpot Marketing Hub releases Campaigns 2.0 module for its Marketing Hub platform (HubSpot, 2022). |
---|---|
2018 |
|
2014 |
HubSpot celebrates its first initial public offering on the NYSE market (HubSpot Company News, 2014). |
2013 |
HubSpot opens its first international office location in Dublin, Ireland |
2010 |
Brian Halligan and Dharmesh Shah write "Inbound Marketing," a seminal book that focuses on inbound marketing principles (HubSpot, n.d.). |
HubSpot opens for business in Cambridge, MA, USA, in 2005. |
"HubSpot's Marketing Hub software ranks consistently high in scores across SoftwareReviews reports and remains a strong choice for organizations that want to run successful inbound marketing campaigns that make customers interested and engaged with their business. HubSpot Marketing Hub employs comprehensive feature sets, including the option to streamline ad tracking and management, perform various audience segmentation techniques, and build personalized and automated marketing campaigns.
However, SoftwareReviews reports indicate end users are concerned that HubSpot Marketing Hub's platform may be slightly overpriced in recent years and not cost effective for smaller and mid-sized companies that are working with a limited budget. Moreover, when it comes to mobile user accessibility reports, HubSpot's Marketing Hub does not directly offer data usage reports in relation to how mobile users navigate various web pages on the customer's website."
Yaz Palanichamy
Senior Research Analyst, Info-Tech Research Group
HubSpot Marketing Hub (Starter Package) |
HubSpot Marketing Hub (Professional Package) |
HubSpot Marketing Hub (Enterprise Package) |
---|---|---|
|
|
|
*Pricing correct as of October 2022. Listed in USD and absent discounts.
See pricing on vendor's website for latest information.
Strengths:
Areas to Improve:
2022 | Maropost acquires Retail Express, leading retail POS software in Australia for $55M (PRWire, 2022). |
2018 |
|
2015 | US-based communications organization Success selects Maropost Marketing Cloud for marketing automation use cases (Apps Run The World, 2015). |
2017 | Maropost is on track to become one of Toronto's fastest-growing companies, generating $30M in annual revenue (MarTech Series, 2017). |
2015 | Maropost is ranked as a "High Performer" in the Email Marketing category in a G2 Crowd Grid Report (VentureBeat, 2015). |
Maropost is founded in 2011 as a customer-centric ESP platform. |
Maropost Marketing Cloud – Essential |
Maropost |
Maropost |
---|---|---|
|
|
|
*Pricing correct as of October 2022. Listed in USD and absent discounts.
See pricing on vendor's website for latest information.
Strengths:
Areas to Improve:
2021 | New advanced intelligence capabilities within Oracle Eloqua Marketing Automation help deliver more targeted and personalized messages (Oracle, Marketing Automation documentation). |
2015 |
|
2014 | Oracle announces the launch of the Oracle Marketing Cloud (TechCrunch, 2014). |
2005 | Oracle acquires PeopleSoft, a company that produces human resource management systems, in 2005 for $10.3B (The Economic Times, 2016). |
1982 | Oracle becomes the first company to sell relational database management software (RDBMS). In 1982 it has revenue of $2.5M (Encyclopedia.com). |
Relational Software, Inc (RSI) – later renamed Oracle Corporation – is founded in 1977. |
"Oracle Marketing Cloud offers a comprehensive interwoven and integrated marketing management solution that can help end users launch cross-channel marketing programs and unify all prospect and customer marketing signals within one singular view. Oracle Marketing Cloud ranks consistently high across our SoftwareReviews reports and sustains top scores in overall customer experience rankings at a factor of 9.0. The emotional sentiment of users interacting with Oracle Marketing Cloud is also highly favorable, with Oracle's Emotional Footprint score at +93.
Users should be aware that some of the reporting mechanisms and report-generation capabilities may not be as mature as those of some of its competitors in the MMS space (e.g. Salesforce, Adobe). Data exportability also presents a challenge in Oracle Marketing Cloud and requires a lot of internal tweaking between end users of the system to function properly. Finally, pricing sensitivity may be a concern for small and mid-sized organizations who may find Oracle's higher-tiered pricing plans to be out of reach. "
Yaz Palanichamy
Senior Research Analyst, Info-Tech Research Group
Oracle Marketing Cloud pricing is opaque. Request a demo.* |
*Info-Tech recommends reaching out to the vendor's internal sales management team for explicit details on individual pricing plans for the Adobe Marketing Cloud suite.
Strengths:
Areas to Improve:
2022 | Salesforce announces sustainability as a core company value (Forbes, 2022). |
2012 |
|
2009 | Salesforce launches Service Cloud, bringing customer service and support automation features to the market (TechCrunch, 2009). |
2003 |
|
2001 |
|
Salesforce is founded in 1999. |
"Salesforce Marketing Cloud is a long-term juggernaut of the marketing management software space and is the subject of many Info-Tech member inquiries. It retains strong composite and customer experience (CX) scores in our SoftwareReviews reports. Some standout features of the platform include marketing analytics, advanced campaign management functionalities, email marketing automation, and customer journey management capabilities. In recent years Salesforce has made great strides in improving the overall user experience by investing in new product functionalities such as the Einstein What-If Analyzer, which helps test how your next email campaign will impact overall customer engagement, triggers personalized campaign messages based on an individual user's behavior, and uses powerful real-time segmentation and sophisticated AI to deliver contextually relevant experiences that inspire customers to act.
On the downside, we commonly see Salesforce's solutions as costlier than competitors' offerings, and its commercial/sales teams tend to be overly aggressive in marketing its solutions without a distinct link to overarching business requirements. "
Yaz Palanichamy
Senior Research Analyst, Info-Tech Research Group
Marketing Cloud Basics |
Marketing Cloud Pro |
Marketing Cloud Corporate |
Marketing Cloud Enterprise |
---|---|---|---|
|
|
|
"Request a Quote" |
*Pricing correct as of October 2022. Listed in USD and absent discounts. See pricing on vendor's website for latest information.
Strengths:
Areas to Improve:
2022 | SAP announces the second cycle of the 2022 SAP Customer Engagement Initiative. (SAP Community Blog, 2022). |
2020 | SAP acquires Austrian cloud marketing company Emarsys (TechCrunch, 2020). |
2015 | SAP Digital for Customer Engagement launches in May 2015 (SAP News, 2015). |
2009 | SAP begins branching out into three markets of the future (mobile technology, database technology, and cloud). SAP acquires some of its competitors (e.g. Ariba, SuccessFactors, Business Objects) to quickly establish itself as a key player in those areas (SAP, n.d.). |
1999 | SAP responds to the internet and new economy by launching its mysap.com strategy (SAP, n.d.). |
SAP is founded In 1972. |
"Over the years, SAP has positioned itself as one of the usual suspects across the enterprise applications market. While SAP has a broad range of capabilities within the CRM and customer experience space, it consistently underperforms in many of our user-driven SoftwareReviews reports for MMS and adjacent areas, ranking lower in MMS product feature capabilities such as email marketing automation and advanced campaign management than other mainstream MMS vendors, including Salesforce Marketing Cloud and Adobe Experience Cloud. The SAP Customer Engagement Marketing platform seems decidedly a secondary focus for SAP, behind its more compelling presence across the enterprise resource planning space.
If you are approaching an MMS selection from a greenfield lens and with no legacy vendor baggage for SAP elsewhere, experience suggests that your needs will be better served by a vendor that places greater primacy on the MMS aspect of their portfolio."
Yaz Palanichamy
Senior Research Analyst, Info-Tech Research Group
SAP Customer Engagement Marketing pricing is opaque: |
---|
*Info-Tech recommends reaching out to the vendor's internal sales management team for explicit details on individual pricing plans for the Adobe Marketing Cloud suite.
Strengths:
Areas to Improve:
Strengths:
Areas to Improve:
2021 |
Zoho announces CRM-Campaigns sync (Zoho Campaigns Community Learning, 2021). |
2020 |
Zoho reaches more than 50M customers in January ( Zippia, n.d.). |
2017 |
Zoho launches Zoho One, a comprehensive suite of 40+ applications (Zoho Blog, 2017). |
2012 |
Zoho releases Zoho Campaigns (Business Wire, 2012). |
2007 |
Zoho expands into the collaboration space with the release of Zoho Docs and Zoho Meetings (Zoho, n.d.). |
2005 |
Zoho CRM is released (Zoho, n.d.). |
Zoho platform is founded in 1996. |
"Zoho maintains a long-running repertoire of end-to-end software solutions for business development purposes. In addition to its flagship CRM product, the company also offers Zoho Campaigns, which is an email marketing software platform that enables contextually driven marketing techniques via dynamic personalization, email interactivity, A/B testing, etc. For organizations that already maintain a deep imprint of Zoho solutions, Zoho Campaigns will be a natural extension to their immediate software environment.
Zoho Campaigns is a great ecosystem play in environments that have a material Zoho footprint. In the absence of an existing Zoho environment, it's prudent to consider other affordable products as well."
Yaz Palanichamy
Senior Research Analyst, Info-Tech Research Group
Free Version |
Standard |
Professional |
---|---|---|
|
|
|
*Pricing correct as of October 2022. Listed in USD and absent discounts.
See pricing on vendor's website for latest information.
1. Assess |
---|
2. Prepare |
3. Govern & Course Correct |
Download Info-Tech's Governance and Management of Enterprise Software Implementation
Establish and execute an end-to-end, agile framework to succeed with the implementation of a major enterprise application.
Teams must have some type of communication strategy. This can be broken into:
Distributed teams create complexity as communication can break down. This can be mitigated by:
Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:
This selection guide allows organizations to execute a structured methodology for picking an MMS platform that aligns with their needs. This includes:
This formal MMS selection initiative will drive business-IT alignment, identify pivotal sales and marketing automation priorities, and thereby allow for the rollout of a streamlined MMS platform that is highly likely to satisfy all stakeholder needs.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
contact your account representative for more information
workshops@infotech.com
1-888-670-8889
Knowledge Gained
Processes Optimized
Marketing Management
Vendors Analyzed
Select a Marketing Management Suite
Many organizations struggle with taking a systematic approach to selection that pairs functional requirements with specific marketing workflows, and as a result they choose a marketing management suite (MMS) that is not well aligned to their needs, wasting resources and causing end-user frustration.
Customer relationship management (CRM) application portfolios are often messy,
with multiple integration points, distributed data, and limited ongoing end-user training. A properly optimized CRM ecosystem will reduce costs and increase productivity.
Customer Relationship Management Platform Selection Guide
Speed up the process to build your business case and select your CRM solution. Despite the importance of CRM selection and implementation, many organizations struggle to define an approach to picking the right vendor and rolling out the solution in an effective and cost-efficient manner.
"16 Biggest Tech Acquisitions in History." The Economic Times, 28 July 2016. Web.
"Adobe Acquires Demdex – Brings Audience Optimization to $109 Billion Global Online Ad Market." Adobe News, 18 Jan 2011. Accessed Nov 2022.
"Adobe Company History Timeline." Zippia, 9 Sept 2022. Accessed Nov 2022.
"Adobe to acquire Magento for $1.68B." TechCrunch, 21 May 2018. Accessed Dec 2022.
Anderson, Meghan Keaney. "HubSpot Launches European Headquarters." HubSpot Company News, 3 Mar 2013.
Arenas-Gaitán, Jorge, et al. "Complexity of Understanding Consumer Behavior from the Marketing Perspective." Journal of Complexity, vol. 2019, 8 Jan 2019. Accessed Sept 2022.
Bureau of Labor Statistics. "Advertising, Promotions, and Marketing Managers." Occupational Outlook Handbook. U.S. Department of Labor, 8 Sept 2022. Accessed 1 Nov 2022.
"Campaigns." Marketing Hub, HubSpot, n.d. Web.
Conklin, Bob. "Adobe report reveals best marketing practices for B2B growth in 2023 and beyond." Adobe Experience Cloud Blog, 23 Sept 2022. Web.
"Consumer Behavior Stats 2021: The Post-Pandemic Shift in Online Shopping Habit" Nosto.com, 7 April 2022. Accessed Oct 2022.
"Data Collection Overview." Experience League, Adobe.com, n.d. Accessed Dec 2022.
Duduskar, Avinash. "Interview with Tony Chen, CEO at Channel Factory." MarTech Series, 16 June 2017. Accessed Nov 2022.
"Enhanced Release of SAP Digital for Customer Engagement Helps Anyone Go Beyond CRM." SAP News, 8 Dec. 2015. Press release.
Fang, Mingyu. "A Deep Dive into Gucci's Metaverse Practice." Medium.com, 27 Feb 2022. Accessed Oct 2022.
Flanagan, Ellie. "HubSpot Launches Marketing Hub Starter to Give Growing Businesses the Tools They Need to Start Marketing Right." HubSpot Company News, 17 July 2018. Web.
Fleishman, Hannah. "HubStop Announces Pricing of Initial Public Offering." HubSpot Company News, 8 Oct. 204. Web.
Fluckinger, Don. "Adobe to acquire Workfront for $1.5 billion." TechTarget, 10 Nov 2020. Accessed Nov 2022.
Fluckinger, Don. "Microsoft Dynamics 365 adds customer journey orchestration." TechTarget, 2 March 2021. Accessed Nov 2022.
Green Marketing: Explore the Strategy of Green Marketing." Marketing Schools, 19 Nov 2020. Accessed Oct 2022.
Ha, Anthony. "Oracle Announces Its Cross-Platform Marketing Cloud." TechCrunch, 30 April 2014. Web.
Heyd, Kathrin. "Partners Welcome – SAP Customer Engagement Initiative 2022-2 is open for your registration(s)!" SAP Community Blog, 21 June 2022. Accessed Nov 2022.
HubSpot. "Our Story." HubSpot, n.d. Web.
Jackson, Felicia. "Salesforce Tackles Net Zero Credibility As It Adds Sustainability As A Fifth Core Value." Forbes, 16 Feb. 2022. Web.
Kolakowski, Nick. "Salesforce CEO Marc Benioff Talks Social Future." Dice, 19 Sept. 2012. Web.
Lardinois, Frederic. "Microsoft's Q4 earnings beat Street with $22.6B in revenue, $0.69 EPS." TechCrunch, 19 July 2016. Web.
Levine, Barry. "G2 Crowd report finds the two email marketing tools with the highest user satisfaction." Venture Beat, 30 July 2015. Accessed Nov 2022.
Looking Back, Moving Forward: The Evolution of Maropost for Marketing." Maropost Blog, 21 May 2019. Accessed Oct 2022.
Maher, Sarah. "What's new with HubSpot? Inbound 2022 Feature Releases." Six & Flow, 9 July 2022. Accessed Oct 2022.
Marketing Automation Provider, Salesfusion, Continues to Help Marketers Achieve Their Goals With Enhanced User Interface and Powerful Email Designer Updates." Yahoo Finance, 10 Dec 2013. Accessed Oct 2022.
"Maropost Acquires Retail Express for $55 Million+ as it Continues to Dominate the Global Commerce Space." Marapost Newsroom, PRWire.com, 19 Jan 2022. Accessed Nov 2022.
McDowell, Maghan. "Inside Gucci and Roblox's new virtual world." Vogue Business, 17 May 2021. Web.
Miller, Ron. "Adobe and Microsoft expand partnership with Adobe Experience Manager and Dynamics 265 Integration." TechCrunch, 3 Nov 2017. Accessed Nov 2022.
Miller, Ron. "Adobe to acquire Magento for $1.68B" TechCrunch, 21 May 2018. Accessed Nov 2022.
Miller, Ron. "SAP continues to build out customer experience business with Emarys acquisition." TechCrunch, 1 Oct. 2020. Web.
Miller, Ron. "SugarCRM moves into marketing automation with Salesfusion acquisition." TechCrunch, 16 May 2019.
Novet, Jordan. "Adobe confirms it's buying Marketo for $4.75 billion." CNBC, 20 Sept 2018. Accessed Dec 2022.
"Oracle Corp." Encyclopedia.com, n.d. Web.
Phillips, James. "April 2019 Release launches with new AI, mixed reality, and 350+ feature updates." Microsoft Dynamics 365 Blog. Microsoft, 2 April 2019. Web.
S., Aravindhan. "Announcing an important update to Zoho CRM-Zoho Campaigns integration." Zoho Campaigns Community Learning, Zoho, 1 Dec. 2021. Web.
Salesforce. "The History of Salesforce." Salesforce, 19 March 2020. Web.
"Salesfusion Integrates With NetSuite CRM to Simplify Sales and Marketing Alignment" GlobeNewswire, 6 May 2016. Accessed Oct 2022. Press release.
"Salesfusion Integrates With NetSuite CRM to Simplify Sales and Marketing Alignment." Marketwired, 6 May 2016. Web.
"Salesfusion is Now Sugar Market: The Customer FAQ." SugarCRM Blog, 31 July 2019. Web.
"Salesfusion's Marketing Automation Platform Drives Awareness and ROI for Education Technology Provider" GlobeNewswire, 25 June 2015. Accessed Nov 2022. Press release.
SAP. "SAP History." SAP, n.d. Web.
"State of Marketing." 5th Edition, Salesforce, 15 Jan 2019. Accessed Oct 2022.
"Success selects Maropost Marketing Cloud for Marketing Automation." Apps Run The World, 10 Jan 2015. Accessed Nov 2022.
"SugarCRM Acquires SaaS Marketing Automation Innovator Salesfusion." SugarCRM, 16 May 2019. Press release.
Sundaram, Vijay. "Introducing Zoho One." Zoho Blog, 25 July 2017. Web.
"The State of MarTech: Is you MarTech stack working for you?" American Marketing Association, 29 Nov 2021. Accessed Oct 2022.
"Top Marketing Automation Statistics for 2022." Oracle, 15 Jan 2022. Accessed Oct 2022.
Trefis Team. "Oracle Energizes Its Marketing Cloud With New Features." Forbes, 7 April 2015. Accessed Oct 2022.
Vivek, Kumar, et al. "Microsoft Dynamics 365 Customer Engagement (on-premises) Help, version 9.x." Learn Dynamics 365, Microsoft, 9 Jan 2023. Web.
"What's new with HubSpot? Inbound 2022 feature releases" Six and Flow, 9 July 2022. Accessed Nov 2022.
Widman, Jeff. "Salesforce.com Launches The Service Cloud,, A Customer Service SaaS Application." TechCrunch, 15 Jan. 2009. Web.
"Zoho History." Zippia, n.d. Web.
"Zoho Launches Zoho Campaigns." Business Wire, 14 Aug. 2012. Press release.
Zoho. "About Us." Zoho, n.d. Web.
40 Hours of Advisory Assistance Delivered On-Line or In-Person
Select Better Software, Faster.
40 Hours of Expert Analyst Guidance
Project & Stakeholder Management Assistance
Save money, align stakeholders, Speed up the process & make better decisions.
Better, faster results, guaranteed, $25K standard engagement fee
CLICK HERE to book your Workshop Engagement
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Develop goals and KPIs to measure your progress.
Learn how to present different types of metrics.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a prioritized list of goals to improve the security program’s current state.
Insight into the current program and the direct it needs to head in.
1.1 Discuss current state and existing approach to metrics.
1.2 Review contract metrics already in place (or available).
1.3 Determine security areas that should be measured.
1.4 Determine what stakeholders are involved.
1.5 Review current initiatives to address those risks (security strategy, if in place).
1.6 Begin developing SMART goals for your initiative roadmap.
Gap analysis results
SMART goals
Develop unique KPIs to measure progress against your security goals.
Learn how to develop KPIs
Prioritized list of security goals
2.1 Continue SMART goal development.
2.2 Sort goals into types.
2.3 Rephrase goals as KPIs and list associated metric(s).
2.4 Continue KPI development.
KPI Evolution Worksheet
Determine which metrics will be included in the initial program launch.
A set of realistic and manageable goals-based metrics.
3.1 Lay out prioritization criteria.
3.2 Determine priority metrics (implementation).
3.3 Determine priority metrics (improvement & organizational trend).
Prioritized metrics
Tool for tracking and presentation
Strategize presentation based around metric type to indicate organization’s risk posture.
Develop versatile reporting techniques
4.1 Review metric types and discuss reporting strategies for each.
4.2 Develop a story about risk.
4.3 Discuss the use of KPXs and how to scale for less mature programs.
Key Performance Index Tool and presentation materials
"Metrics programs tend to fall into two groups: non-existent and unhelpful.
The reason so many security professionals struggle to develop a meaningful metrics program is because they are unsure of what to measure or why.
The truth is, for metrics to be useful, they need to be tied to something you care about – a state you are trying to achieve. In other words, some kind of goal. Used this way, metrics act as the scoreboard, letting you know if you’re making progress towards your goals, and thus, boosting your overall maturity."
– Logan Rohde, Research Analyst, Security Practice Info-Tech Research Group
Info-Tech Insight
Governance
Management
While business leaders are now taking a greater interest in cybersecurity, alignment between the two groups still has room for improvement.
5% of public companies feel very confident that they are properly secured against a cyberattack.
41% of boards take on cybersecurity directly rather than allocating it to another body (e.g. audit committee).
19% of private companies do not discuss cybersecurity with the board.
(ISACA, 2018)
Info-Tech Insight
Metrics help to level the playing field
Poor alignment between security and the business often stems from difficulties with explaining how security objectives support business goals, which is ultimately a communication problem.
However, metrics help to facilitate these conversations, as long as the metrics are expressed in practical, relatable terms.
Security professionals have the perception that metrics programs are difficult to create. However, this attitude usually stems from one of the following myths. In reality, security metrics are much simpler than they seem at first, and they usually help resolve existing challenges rather than create new ones.
Myth | Truth | |
---|---|---|
1 | There are certain metrics that are important to all organizations, based on maturity, industry, etc. | Metrics are indications of change; for a metric to be useful it needs to be tied to a goal, which helps you understand the change you're seeing as either a positive or a negative. Industry and maturity have little bearing here. |
2 | Metrics are only worthwhile once a certain maturity level is reached | Metrics are a tool to help an organization along the maturity scale. Metrics help organizations measure progress of their goals by helping them see which tactics are and are not working. |
3 | Security metrics should focus on specific, technical details (e.g. of systems) | Metrics are usually a means of demonstrating, objectively, the state of a security program. That is, they are a means of communicating something. For this reason, it is better that metrics be phrased in easily digestible, non-technical terms (even if they are informed by technical security statistics). |
Specific
Measurable
Achievable
Realistic
Timebound
Achievable: What is an achievable metric?
When we say that a metric is “achievable,” we imply that it is tied to a goal of some kind – the thing we want to achieve.
How do we set a goal?
Start:
Review current state and decide on priorities.
Set a SMART goal for improvement.
Develop an appropriate KPI.
Use KPI to monitor program improvement.
Present metrics to the board.
Revise metrics if necessary.
A security strategy is ultimately a large goal-setting exercise. You begin by determining your current maturity and how mature you need to be across all areas of information security, i.e. completing a gap analysis.
As such, linking your metrics program to your security strategy is a great way to get your metrics program up and running – but it’s not the only way.
Short term: Streamline your program. Based on your organization’s specific requirements and risk profile, figure out which metrics are best for now while also planning for future metrics as your organization matures.
Long term: Once the program is in place, improvements will come with increased visibility into operations. Investments in security will be encouraged when more evidence is available to executives, contributing to overall improved security posture. Potential opportunities for eventual cost savings also exist as there is more informed security spending and fewer incidents.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked-off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
1. Link Security Metrics to Goals to Boost Maturity | 2. Adapt Your Reporting Strategy for Various Metric Types | |
---|---|---|
Best-Practice Toolkit |
1.1 Review current state and set your goals 1.2 Develop KPIs and prioritize your goals 1.3 Implement and monitor the KPI to track goal progress |
2.1 Review best practices for presenting metrics 2.2 Strategize your presentation based on metric type 2.3 Tailor presentation to your audience 2.4 Use your metrics to create a story about risk 2.5 Revise your metrics |
Guided Implementations |
|
|
Onsite Workshop | Module 1: Current State, Initiatives, Goals, and KPIs | Module 2: Metrics Reporting |
Phase 1 Outcome:
|
Phase 2 Outcome:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
---|---|---|---|---|---|
Activities |
Current State, Initiatives, and Goals
|
KPI Development
|
Metrics Prioritization
|
Metrics Reporting
|
Offsite Finalization
|
Deliverables |
|
|
|
|
|
1.1 Review current state and set your goals
1.2 Develop KPIs and prioritize your goals
1.3 Implement and monitor KPIs
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2-4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
120 minutes
Before program improvement can take place, it is necessary to look at where things are at presently (in terms of maturity) and where we need to get them to.
In other words, we need to perform a security program gap analysis.
Info-Tech Best Practice
The most thorough way of performing this gap analysis is by completing Info-Tech’s Build an Information Security Strategy blueprint, as it will provide you with a prioritized list of initiatives to boost your security program maturity.
Use the Capability Maturity Model Integration (CMMI) scale below to help you understand your current level of maturity across the various areas of your security program.
(Adapted from the “CMMI Institute Maturity Model”)
The most effective metrics programs are personalized to reflect the goals of the security team and the business they work for. Using goals-based metrics allows you to make incremental improvements that can be measured and reported on, which makes program maturation a natural process.
Info-Tech Best Practice
Before setting a SMART goal, take a moment to consider your maturity for each security area, and which metric type you need to collect first, before moving to more ambitious goals.
Security Areas
Metric Type | Description |
---|---|
Initial Probe | Determines what can be known (i.e. what sources for metrics exist?). |
Baseline Testing | Establishes organization’s normal state based on current metrics. |
Implementation | Focuses on setting up a series of related processes to increase organizational security (i.e. roll out MFA). |
Improvement | Sets a target to be met and then maintained based on organizational risk tolerance. |
Organizational Trends | Culls together several metrics to track (sometimes predict) how various trends affect the organization’s overall security. Usually focuses on large-scale issues (e.g. likelihood of a data breach). |
Specific
Measurable
Achievable
Realistic
Timebound
Examples of possible goals for various maturity levels:
1.1 Security Metrics Determination and Tracking Tool
To increase visibility into the cost, effort, and value of any given goal, assess them using the following criteria:
Use the calculated Cost/Effort Rating, Benefit Rating, and Difference Score later in this project to help with goal prioritization.
Info-Tech Best Practice
If you have already completed a security strategy with Info-Tech resources, this work may likely have already been done. Consult your Information Security Program Gap Analysis Tool from the Build an Information Security Strategy research.
At this time, it is necessary to evaluate the priorities of your security program.
Option 1: Progress to KPI Development
Option 2: Progress to Prioritization of Goals
Terms like “key performance indicator” may make this development practice seem more complicated than it really is. A KPI is just a single metric used to measure success towards a goal. In relational terms (i.e. as a percentage, ratio, etc.) to give it context (e.g. % of improvement over last quarter).
KPI development is about answering the question: what would indicate that I have achieved my goal?
KPIs differ from goal to goal, but their forms follow certain trends
Metric Type | KPI Form |
---|---|
Initial Probe | Progress of probe (e.g. % of systems checked to see if they can supply metrics). |
Baseline Testing | What current data shows (e.g. % of systems needing attention). |
Implementation | Progress of the implementation (e.g. % of complete vulnerability management program implementation). |
Improvement | The threshold or target to be achieved and maintained (e.g. % of incidents responded to within target window). |
Organizational Trends | The interplay of several KPIs and how they affect the organization’s risk posture (e.g. assessing the likelihood for a data breach). |
1. Initial Probe
Focused on determining how many sources for metrics exist.
2. Baseline Testing
Focused on gaining initial insights about the state of your security program (what are the measurements?).
Info-Tech Insight
Don't lose hope if you lack resources to move beyond these initial steps. Even if you are struggling to pull data, you can still draw meaningful metrics. The percent or ratio of processes or systems you lack insight into can be very valuable, as it provides a basis to initiate a risk-based discussion with management about the organization's security blind spots.
3. Program Implementation
Focused on developing a basic program to establish basic maturity (e.g. implement an awareness and training program).
4. Improvement
Focused on attaining operational targets to lower organizational risk.
Info-Tech Insight
Don't overthink your KPI. In many cases it will simply be your goal rephrased to express a percentage or ratio. In others, like the example above, it makes sense for them to be identical.
5. Organizational Impact
Focused on studying several related KPIs (Key Performance Index, or KPX) in an attempt to predict risks.
Let’s take a look at KPI development in action.
Meet Maria, the new CISO at a large hospital that desperately needs security program improvements. Maria’s first move was to learn the true state of the organization’s security. She quickly learned that there was no metrics program in place and that her staff were unaware what, if any, sources were available to pull security metrics from.
After completing her initial probe into available metrics and then investigating the baseline readings, she determined that her areas of greatest concern were around vulnerability and access management. But she also decided it was time to get a security training and awareness program up and running to help mitigate risks in other areas she can’t deal with right away.
See examples of Maria’s KPI development on the next four slides...
Info-Tech Insight
There is very little variation in the kinds of goals people have around initial probes and baseline testing. Metrics in these areas are virtually always about determining what data sources are available to you and what that data actually shows. The real decisions start in determining what you want to do based on the measures you’re seeing.
Metric development example: Vulnerability Management
See examples of Maria’s KPI development on the next four slides...
Goal: Implement vulnerability management program
KPI: % increase of insight into existing vulnerabilities
Associated Metric: # of vulnerability detection methods
Goal: Improve deployment time for patches
KPI: % of critical patches fully deployed within target window
Goal: Implement MFA for privileged accounts
KPI: % of privileged accounts with MFA applied
Associated Metric: # of privileged accounts
Goal: Remove all unnecessary privileged accounts
KPI: % of accounts with unnecessary privileges
Goal: Implement training and awareness program
KPI: % of organization trained
Associated Metric: # of departments trained
Goal: Improve time to report phishing
KPI: % of phishing cases reported within target window
Goal: Predict Data Breach Likelihood
1.2 120 minutes
Follow the example of the CISO in the previous slides and try developing KPIs for the SMART goals set in step 1.1.
1.2 Security Metrics Determination and Tracking Tool
Tab “3. Identify Goal KPIs” allows you to record each KPI and its accompanying metadata:
Optionally, each KPI can be mapped to goals defined on tab “2. Identify Security Goals.”
Info-Tech Best Practice
Ensure your metadata is comprehensive, complete, and realistic. A different employee should be able to use only the information outlined in the metadata to continue collecting measurements for the program.
1.2 KPI Development Worksheet
Follow the examples contained in this slide deck and practice creating KPIs for:
As well as drafting associated metrics to inform the KPIs you create.
Info-Tech Best Practice
Keep your metrics program manageable. This exercise may produce more goals, metrics, and KPIs than you deal with all at once. But that doesn’t mean you can’t save some for future use.
1.2 120 minutes
An effort map visualizes a cost and benefit analysis. It is a quadrant output that visually shows how your SMART goals were assessed. Use the calculated Cost/Effort Rating and Benefit Rating values from tab “2. Identify Security Goals” of the Security Metrics Determination and Tracking Tool to aid this exercise.
Now that you’ve developed KPIs to monitor progress on your goals, it’s time to use them to drive security program maturation by following these steps:
The term key risk indicator (KRI) gets used in a few different ways. However, in most cases, KRIs are closely associated with KPIs.
1.3 Security Metrics Determination and Tracking Tool
Tracking metric data in Info-Tech's tool provides the following data visualizations:
Info-Tech Best Practice
Be diligent about measuring and tracking your metrics. Record any potential measurement biases or comments on measurement values to ensure you have a comprehensive record for future use. In the tool, this can be done by adding a comment to a cell with a metric measurement.
Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.
Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.
In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.
Logan Rohde
Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Ian Mulholland
Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Call 1-888-670-8889 for more information.
2.1 Review best practices for presenting metrics
2.2 Strategize your presentation based on metric type
2.3 Tailor your presentation to your audience
2.4 Use your metrics to create a story about risk
2.5 Revise Metrics
This phase will walk you through the following activities:
This phase involves the following participants:
Outcomes of this phase
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2-4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 2 Results & Insights:
Avoid technical details (i.e. raw data) by focusing on the KPI.
Put things in terms of risk; it's the language you both understand.
Explain why you’re monitoring metrics in terms of the goals you’re hoping to achieve.
Choose between KPI or KRI as the presentation format.
Match presentation with the audience.
Read between the lines.
Read the news if you’re stuck for content.
Present your metrics as a story.
Metric Type: Initial Probe
Scenario: Implementing your first metrics program.
Decisions: Do you have sufficient insight into the program? (i.e. do you need to acquire additional tools to collect metrics?)
Strategy: If there are no barriers to this (e.g. budget), then focus your presentation on the fact that you are addressing the risk of not knowing what your organization's baseline state is and what potential issues exist but are unknown. This is likely the first phase of an improvement plan, so sketching the overall plan is a good idea too.
Possible KPIs:
Metric Type: Baseline Testing
Scenario: You've taken the metrics to determine what your organization’s normal state is and you're now looking towards addressing your gaps or problem areas.
Decisions: What needs to be prioritized first and why? Are additional resources required to make this happen?
Strategy: Explain your impression of the organization's normal state and what you plan to do about it. In other words, what goals are you prioritizing and why? Be sure to note any challenges that may occur along the way (e.g. staffing).
Possible KPIs:
Metric Type: Implementation
Scenario: You are now implementing solutions to address your security priorities.
Decisions: What, to you, would establish the basis of a program?
Strategy: Focus on what you're doing to implement a certain security need, why, and what still needs to be done when you’re finished.
Possible KPIs:
Metric Type: Improvement
Scenario: Now that a basic program has been established, you are looking to develop its maturity to boost overall performance (i.e. setting a new development goal).
Decisions: What is a reasonable target, given the organization's risk tolerance and current state?
Strategy: Explain that you're now working to tighten up the security program. Note that although things are improving, risk will always remain, so we need to keep it within a threshold that’s proportionate with our risk tolerance.
Possible KPIs:
Metric Type: Organizational Trends
Scenario: You've reached a mature state and now how several KPIs being tracked. You begin to look at several KPIs together (i.e. a KPX) to assess the organization's exposure for certain broad risk trends.
Decisions: Which KPIs can be used together to look at broader risks?
Strategy: Focus on the overall likelihood of a certain risk and why you've chosen to assess it with your chosen KPIs. Spend some time discussing what factors affect the movement of these KPIs, demonstrating how smaller behaviors create a ripple effect that affects the organization’s exposure to large-scale risks.
Possible KPX: Insider Threat Risk
Even challenges can elicit useful metrics.
Not every security program is capable of progressing smoothly through the various metric types. In some cases, it is impossible to move towards goals and metrics for implementation, improvement, or organizational trends because the security program lacks resources.
Info-Tech Insight
When your business is suffering from a lack of resources, acquiring these resources automatically becomes the goal that your metrics should be addressing. To do this, focus on what risks are being created because something is missing.
When your security program is lacking a critical resource, such as staff or technology, your metrics should focus on what security processes are suffering due to this lack. In other words, what critical activities are not getting done?
KPI Examples:
1. Raw Data
2. Management-Level
3. Board-Level
As a general rule, security metrics should become decreasingly technical and increasingly behavior-based as they are presented up the organizational hierarchy.
"The higher you travel up the corporate chain, the more challenging it becomes to create meaningful security metrics. Security metrics are intimately tied to their underlying technologies, but the last thing the CEO cares about is technical details." – Ben Rothke, Senior Information Security Specialist, Tapad.
Reporting metrics is not just another presentation. Rather, it is an opportunity to demonstrate and explain the value of security.
It is also a chance to correct any misconceptions about what security does or how it works.
Use the tips on the right to help make your presentation as relatable as possible.
Info-Tech Insight
There is a difference between data manipulation and strategic presentation: the goal is not to bend the truth, but to present it in a way that allows you to show the board what they need to see and to explain it in terms familiar to them.
Avoid jargon; speak in practical terms
Address compliance
Have solid answers
Security is about managing risk. This is also its primary value to the organization. As such, risk should be the theme of the story you tell.
"Build a cohesive story that people can understand . . . Raw metrics are valuable from an operations standpoint, but at the executive level, it's about a cohesive story that helps executives understand the value of the security program and keeps the company moving forward. "– Adam Ely, CSO and Co-Founder, Bluebox Security, qtd. by Tenable, 2016
The following model encapsulates the basic trajectory of all story development.
Use this model to help you put together your story about risk.
Introduction: Overall assessment of security program.
Initial Incident: Determination of the problems and associated risks.
Rising Action: Creation of goals and metrics to measure progress.
Climax: Major development indicated by metrics.
Falling Action: New insights gained about organization’s risks.
Resolution: Recommendations based on observations.
Info-Tech Best Practice
Follow this model to ensure that your metrics presentation follows a coherent storyline that explains how you assessed the problem, why you chose to address it the way you did, what you learned in doing so, and finally what should be done next to boost the security program’s maturity.
Board-Level KPI
Mgmt.-Level KPI
Raw Data
Think of your lower-level metrics as evidence to back up the story you are telling.
When you’re asked how you arrived at a given conclusion, you know it’s time to go down a level and to explain those results.
Think of this like showing your work.
Info-Tech Insight
This approach is built into the KPX reporting format, but can be used for all metric types by drawing from your associated metrics and goals already achieved.
2.4 Security Metrics Determination and Tracking Tool
Info-Tech provides two options for metric dashboards to meet the varying needs of our members.
If you’re just starting out, you’ll likely be inclined towards the dashboard within the Security Metrics Determination and Tracking Tool (seen here).
But if you’ve already got several KPIs to report on, you may prefer the Security Metrics KPX Dashboard Tool, featured on the following slides.
Info-Tech Best Practice
Not all graphs will be needed in all cases. When presenting, consider taking screenshots of the most relevant data and displaying them in Info-Tech’s Board-Level Security Metrics Presentation Template.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
"An important key to remember is to be consistent and stick to one framework once you've chosen it. As you meet with the same audiences repeatedly, having the same framework for reference will ensure that your communications become smoother over time." – Caroline Wong, Chief Strategy Officer, Cobalt.io
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
This tool helps you convert your KPIs into the language of risk by assessing frequency and severity, which helps to make the risk relatable for senior leadership. However, it is still useful to track fluctuations in terms of percentage. To do this, track changes in the frequency, severity, and trend scores from quarter to quarter.
2.4 Board-Level Security Metrics Presentation Template
Use the Board-Level Security Metrics Presentation Template deck to help structure and deliver your metrics presentation to the board.
To make the dashboard slide, simply copy and paste the charts from the dashboard tool and arrange the images as needed.
Adapt the status report and business alignment slides to reflect the story about risk that you are telling.
Now that you’ve made it through your metrics presentation, it’s important to reassess your goals with feedback from your audience in mind. Use the following workflow.
Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.
Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.
In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.
Logan Rohde
Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Ian Mulholland
Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Call 1-888-670-8889 for more information.
Mike Creaney, Senior Security Engineer at Federal Home Loan Bank of Chicago
Peter Chestna, Director, Enterprise Head of Application Security at BMO Financial Group
Zane Lackey, Co-Founder / Chief Security Officer at Signal Sciences
Ben Rothke, Senior Information Security Specialist at Tapad
Caroline Wong, Chief Strategy Officer at Cobalt.io
2 anonymous contributors
Build an Information Security Strategy
Tailor best practices to effectively manage information security.
Implement a Security Governance and Management Program
Align security and business objectives to get the greatest benefit from both.
Capability Maturity Model Integration (CMMI). ISACA. Carnegie Mellon University.
Ely, Adam. “Choose Security Metrics That Tell a Story.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.
https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf
ISACA. “Board Director Concerns about Cyber and Technology Risk.” CSX. 11 Sep. 2018. Web.
Rothke, Ben. “CEOs Require Security Metrics with a High-Level Focus.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.
https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf
Wong, Caroline. Security Metrics: A Beginner’s Guide. McGraw Hill: New York, 2012.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Lay down the foundations for security risk management, including roles and responsibilities and a defined risk tolerance level.
Define frequency and impact rankings then assess the risk of your project.
Catalog an inventory of individual risks to create an overall risk profile.
Communicate the risk-based conclusions and leverage these in security decision making.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Build the foundation needed for a security risk management program.
Define roles and responsibilities of the risk executive.
Define an information security risk tolerance level.
Clearly defined roles and responsibilities.
Defined risk tolerance level.
1.1 Define the security executive function RACI chart.
1.2 Assess business context for security risk management.
1.3 Standardize risk terminology assumptions.
1.4 Conduct preliminary evaluation of risk scenarios to determine your risk tolerance level.
1.5 Decide on a custom risk factor weighting.
1.6 Finalize the risk tolerance level.
1.7 Begin threat and risk assessment.
Defined risk executive functions
Risk governance RACI chart
Defined quantified risk tolerance and risk factor weightings
Determine when and how to conduct threat and risk assessments (TRAs).
Complete one or two TRAs, as time permits during the workshop.
Developed process for how to conduct threat and risk assessments.
Deep risk analysis for one or two IT projects/initiatives.
2.1 Determine when to initiate a risk assessment.
2.2 Review appropriate data classification scheme.
2.3 Identify system elements and perform data discovery.
2.4 Map data types to the elements.
2.5 Identify STRIDE threats and assess risk factors.
2.6 Determine risk actions taking place and assign countermeasures.
2.7 Calculate mitigated risk severity based on actions.
2.8 If necessary, revisit risk tolerance.
2.9 Document threat and risk assessment methodology.
Define scope of system elements and data within assessment
Mapping of data to different system elements
Threat identification and associated risk severity
Defined risk actions to take place in threat and risk assessment process
Complete one or two TRAs, as time permits during the workshop.
Deep risk analysis for one or two IT projects/initiatives, as time permits.
3.1 Continue threat and risk assessment activities.
3.2 As time permits, one to two threat and risk assessment activities will be performed as part of the workshop.
3.3 Review risk assessment results and compare to risk tolerance level.
One to two threat and risk assessment activities performed
Validation of the risk tolerance level
Collect, analyze, and aggregate all individual risks into the security risk register.
Plan for the future of risk management.
Established risk register to provide overview of the organizational aggregate risk profile.
Ability to communicate risk to other stakeholders as needed.
4.1 Begin building a risk register.
4.2 Identify individual risks and threats that exist in the organization.
4.3 Decide risk responses, depending on the risk level as it relates to the risk tolerance.
4.4 If necessary, revisit risk tolerance.
4.5 Identify which stakeholders sign off on each risk.
4.6 Plan for the future of risk management.
4.7 Determine how to present risk to senior management.
Risk register, with an inventory of risks and a macro view of the organization’s risk
Defined risk-based initiatives to complete
Plan for securing and managing the risk register
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Ensure a formal selection process is in place and make a concerted effort to align stakeholder calendars.
Reduce time spent watching vendor dog and pony shows, while reducing the size of your RFPs or skipping them entirely.
Narrow the field to four contenders prior to in-depth comparison and engage in accelerated enterprise architecture oversight.
Focus on key use cases rather than lists of features.
Save more by bringing two vendors to the final stage of the project and surfacing a consolidated list of demands prior to entering negotiation.
This report is based on data gathered from a survey of 43,000 real-world IT practitioners.
The data is compiled from SoftwareReviews (a sister company of Info-Tech Research Group), which collects and aggregates feedback on a wide variety of enterprise technologies.
The insights, charts, and graphs in this presentation are all derived from data submitted by real end users.
Limit the risk of ineffective “decision making by committee”
Expedite resolution of key issues and accelerate crucial decisions
Achieve alignment on critical requirements
Streamline calendar management
Too many cooks spoil the broth: create a highly focused selection team that can devote the majority of its time to the project while it’s in flight to demonstrate faster time to value.
Organizations keep too many players on the field, leading to scheduling slowdowns and scope creep. |
Keeping the size of the core selection team down, while liaising with more stakeholders and subject matter experts (SMEs), leads to improved results. |
Maximize project effectiveness with a five-person team. Project satisfaction and effectiveness are stagnant or decrease once the team grows beyond five people.
Cumbersome or ad hoc selection processes lead to business-driven software selection. |
Increase stakeholder satisfaction by using a consistent selection framework that captures their needs while not being a burden. |
Empower both IT and end users with a standardized selection process to consistently achieve high satisfaction coming out of software selection projects.
Info-Tech Insight
It sounds natural to include as many players as possible in the core selection group; however, expanding the group beyond five people does not lead to an increase in satisfaction. Consider including a general stakeholder feedback working session instead.
Exclusion is not the name of the game.
Small organizations
Teams smaller than five people are common due to limited resources.
Medium organizations
Selection project satisfaction peaks with teams of fewer than two people. Consider growing the team to about five people to make stakeholders feel more included with minimal drops in satisfaction.
Large organizations
Satisfaction peaks when teams are kept to three to five people. With many SMEs available, it is critical to choose the right players for your team.
Info-Tech Insight
Core team size remains the same regardless of the application being selected. However, team composition will vary depending on the end users being targeted.
Think beyond application complexity
Achieve peak satisfaction by allotting 30 days for an application selection project.
Awareness |
Education & Discovery |
Evaluation |
---|---|---|
Reduce Time |
Reduce Time |
Reduce Time |
↓ | ↓ | ↓ |
Save time duplicating existing market research. Save time and maintain alignment with focus groups. |
Save time across tedious demos and understanding the marketplace. |
Save time gathering detailed historical requirements. Instead, focus on key issues. |
Info-Tech Insight – Awareness
Timebox the process of impact analysis. More time should be spent performing the action than building a business case.
Info-Tech Insight – Education
Save time duplicating existing market research. Save time and maintain alignment with focus groups.
Info-Tech Insight – Evaluation
Decision committee time is valuable. Get up to speed using third-party data and written collateral. Use committee time to conduct investigative interviews instead. Salesperson charisma and marketing collateral quality should not be primary selection criteria. Sadly, this is the case far too often.
Info-Tech Insight
Office collaboration tools are a great case study for increasing satisfaction with decreased time to selection. Given the sharp impetus of COVID-19, many organizations quickly selected tools like Zoom and Teams, enabling remote work with very high end-user satisfaction.
There are alternative approaches for enterprise-sized applications:
1. ALIGN & ELIMINATE ELAPSED TIME |
|
---|---|
2. REDUCE TIME SPENT ON LOW-IMPACT ACTIVITIES |
|
3. FOCUS ON HIGH- IMPACT ACTIVITIES |
|
4. USE RAPID & ESSENTIAL ASSESSMENT TOOLS |
|
5. ENGAGE TWO VIABLE VENDORS IN NEGOTIATION |
|
✓ Ensure a formal selection process is in place.
✓ Reduce time by timeboxing the project to 30 days.
✓ Align the calendars of the five-person core selection team.
It is critical to improve the selection process before formalizing
Leverage Info-Tech’s Rapid Application Selection Framework to gain insights on how you can fine-tune and accelerate existing codified approaches to application selection.
Vendor selection is politically charged, requiring Procurement to navigate around stakeholder biases and existing relationships. |
Stakeholders |
The process is time consuming and often started too late. In the absence of clarity around requirements, it is easy to default to looking at price instead of best functional and architectural fit. |
Timing |
Formal selection methodologies are repeatable processes that anybody can consistently follow to quickly select new technology. |
Repeatable |
The goal of formalizing the approach is to enable IT to deliver business value consistently while also empowering stakeholders to find tools that meet their needs. Remember! A formal selection process is synonymous with a bureaucratic, overblown approach. |
Driving Value |
Investing time improving your software selection methodology has big returns.
Not all software selection projects are created equal – some are very small; some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you’re looking to select. The Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology described in Implement a Proactive and Consistent Vendor Selection Process.
Don’t get bogged down “waiting for the stars to align” in terms of people’s availability: if you wait for the perfect alignment, the project may never get done.
If a key stakeholder is unavailable for weeks or months due to PTO or other commitments, don’t jeopardize project timelines to wait for them to be free. Find a relevant designate that can act in their stead!
You don’t need the entire team on the field at once. Keep certain stakeholders on the bench to swap in and out as needed.
Assemble the key stakeholders for project kick-off to synchronize the application selection process and limit elapsed time. Getting all parties on the same page increases output satisfaction and eliminates rework. Save time and get input from key stakeholders at the project kick-off.
How to manage the cross-functional selection team:
IT Leader |
Technical IT |
Business Analyst/ Project Manager |
Business Lead |
Process Expert |
---|---|---|---|---|
This team member is an IT director or CIO who will provide sponsorship and oversight from the IT perspective. |
This team member will focus on application security, integration, and enterprise architecture. |
This team member elicits business needs and translates them into technology requirements. |
This team member will provide sponsorship from the business needs perspective. |
This team member will contribute their domain-specific knowledge around the processes that the new application supports. |
Info-Tech Insight
It is critical for the selection team to determine who has decision rights. Organizational culture will play the largest role in dictating which team member holds the final say for selection decisions.
Who is involved in selecting the new application?
When to adjust the selection team’s business to IT ratio:
When to adjust the selection team’s business to IT ratio:
Find the right balance!
Info-Tech Insight
When selecting their software, organizations have an average of two to four business and IT decision makers/influencers on the core selection team.
Project Cadence:
Info-Tech Insight
Use weekly touchpoints with the core selection team to eliminate broken telephone. Hold focus groups and workshops to take a more collaborative, timely, and consensus-driven approach to zero in on critical requirements.
✓ Reduce time spent on internet research. Leverage hard data and experts.
✓ Reduce RFP size or skip RFPs entirely.
✓ Reduce time spent watching vendor dog and pony shows.
REDUCE BIAS
Taking a data-driven approach to vendor selection ensures that decisions are made in a manner that reduces human bias and exposure to misaligned incentives.
SCORING MODELS
Create a vendor scoring model that uses several different scored criteria (alignment to needs, alignment to architecture, cost, relationship, etc.) and weight them.
AGGREGATE EXPERIENCES
When you leverage services such as SoftwareReviews, you’re relying on amalgamated data from hundreds of others that have already been down this path: benefit from their experience!
PEER-DRIVEN INSIGHTS
Formally incorporate a review of Category Reports from SoftwareReviews into your vendor selection process to take advantage of peer-driven expert insights.
Contact Us
Info-Tech is just a phone call away. Our expert analysts can guide you to successful project completion at no additional cost to you.
You may miss out on the right vendor if:
How to write a successful RFI/MV-RFP:
Use the appropriate Info-Tech template for your needs (RFI, RFQ, or RFP). The Request for Information Template is best suited to the RASF approach.
Info-Tech Insight
Prescriptive yet flexible: Avoid RFP overload when selecting customer experience–centric applications, but a formal approach to selection is still beneficial.
When will an RFP increase satisfaction?
Use data to take control back from the vendor
Kill the “golf course effect” and eliminate stakeholder bias
Make sure the solution will work for your business Give each vendor 60 to 90 minutes to give a rapid-fire presentation. We suggest the following structure:
To ensure a consistent evaluation, vendors should be asked analogous questions, and a tabulation of answers should be conducted. |
How to challenge the vendors in the investigative interview
|
Rapid-Fire Vendor Investigative Interview
Invite vendors to come onsite (or join you via videoconference) to demonstrate the product and to answer questions. Use a highly targeted demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.
Awareness | Education & Discovery | Evaluation | Selection | Negotiation & Configuration |
Reduce Time | Reduce Time | Reduce Time | Reduce Time | Reduce Time |
↓ | ↓ | ↓ | ↑ | ↑ |
Save time | Save time across tedious demos and understanding the marketplace. | Save time gathering detailed historical requirements. Instead, focus on key issues. | Use your time to validate how the solution will handle mission-critical requirements. | Spend time negotiating with two viable alternatives to reduce price by up to 50%. |
Use a tier-based model to accelerate commodity and complex selection projects.
Eliminate elapsed process time with focus groups and workshops.
✓ Narrow the field to four contenders prior to in-depth comparison.
✓ Identify portfolio overlap with accelerated enterprise architecture oversight.
✓ Focus on investigative interviews and proof of concept projects.
1. ACCELERATE SELECTION
Save time by exclusively engaging vendors that support the organization’s differentiating requirements.
2. DECISION CLARITY
Prevent stakeholders from getting lost in the weeds with endless lists of vendors.
3.CONDENSED DEMOS
Limiting the project to four contenders allows you to stack demos/investigative interviews into the same day.
4. LICENSING LEVERAGE
Keep track of key differences between vendor offerings with a tight shortlist.
Info-Tech Insight
Targeting an enterprise architecture evaluation as part of your software selection process that does not delay the selection while also providing sufficient insight into platform fit is critical.
Key activities for rapid enterprise architecture evaluation include:
The data confirms that it is worthwhile to spend time on enterprise architecture
Keep the scope manageable!
Conversations With the Vendor
Pilot Projects and Trial Environments
✓ Focus on key use cases, not lists of features.
✓ You only need three essential tools:
Failure to differentiate must-have and nice-to-have use cases leads to applications full of non-critical features.
Accelerate the process by skipping common requirements that we know that every vendor will support.
Working with a tighter list of core use cases increases time spent evaluating the most impactful functionality.
Eliminating dubious “sacred cow” requirements reduces costly and painful platform customization.
The Software Selection Workbook
Work through the straightforward templates that tie to each phase of the Rapid Application Selection Framework, from assessing the business impact to requirements gathering.
The Vendor Evaluation Workbook
Consolidate the vendor evaluation process into a single document. Easily compare vendors as you narrow the field to finalists.
The Guide to Software Selection: A Business Stakeholder Manual
Quickly explain the Rapid Application Selection Framework to your team while also highlighting its benefits to stakeholders.
✓ Save more during negotiation by selecting two viable alternatives.
✓ Surface a consolidated list of demands prior to entering negotiation.
✓ Communicate your success with the organization.
VENDOR 1
Build in a realistic plan B that allows you to apply leverage to the incumbent or primary vendor of choice.
VENDOR 2
If the top contender is aware that they do not have competition, they will be less inclined to make concessions.
Maintain momentum with two options
Secure best pricing by playing vendors off each other
Truly commit to a thorough analysis of alternatives
ANALYZE |
DOCUMENT |
CONSOLIDATE |
PRESENT |
---|---|---|---|
|
|
|
|
Hard cost savings speak louder than words. Executive leadership will see IT as the go-to team for driving business value quickly, yet responsibly.
Generate enthusiasm by highlighting the improved user experience provided by the new software that was has just been selected.
Position the cost savings as an opportunity to invest in onboarding. An application is only as valuable as your employees’ ability to effectively use it.
Use the momentum from the project and its successful negotiation to roll out the accelerated selection approach to more departments across the organization.
Organizations keep too many players on the field, leading to scheduling slowdowns and scope creep. |
Keeping the size of the core selection team down, while liaising with more stakeholders and subject matter experts (SMEs), leads to improved results. |
Maximize project effectiveness with a five-person team. Project satisfaction and effectiveness are stagnant or decrease once the team grows beyond five people.
Cumbersome or ad hoc selection processes lead to business-driven software selection. |
Increase stakeholder satisfaction by using a consistent selection framework that captures their needs while not being a burden. |
Empower both IT and end users with a standardized selection process to consistently achieve high satisfaction coming out of software selection projects.
1. ALIGN & ELIMINATE ELAPSED TIME |
|
---|---|
2. REDUCE TIME SPENT ON LOW-IMPACT ACTIVITIES |
|
3. FOCUS ON HIGH- IMPACT ACTIVITIES |
|
4. USE RAPID & ESSENTIAL ASSESSMENT TOOLS |
|
5. ENGAGE TWO VIABLE VENDORS IN NEGOTIATION |
|
Qualitative & Secondary |
Using comprehensive statistical techniques, we surveyed what our members identified as key drivers of success in selecting enterprise software. Our goal was to determine how organizations can accelerate selection processes and improve outcomes by identifying where people should spend their time for the best results. |
---|---|
Large-n Survey |
To determine the “Magic Numbers,” we used a large-n survey: 40,000 respondents answered questions about their applications, selection processes, organizational firmographics, and personal characteristics. We used this data to determine what drives satisfaction not only with the application but with the selection process itself. |
Quantitative Drill-Down |
We used the survey to narrow the list of game-changing practices. We then conducted additional quantitative research to understand why our respondents may have selected the responses they did. |
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Review IT vendor risk fundamentals and establish a risk governance framework.
Categorize, prioritize, and assess your vendor risks. Follow up with creating effective response strategies.
Assign accountability and responsibilities to formalize ongoing risk monitoring. Communicate your findings to management and share the plan moving forward.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
To prepare the team for the workshop.
Avoids delays and interruptions once the workshop is in progress.
1.1 Send workshop agenda to all participants.
1.2 Prepare list of vendors and review any contracts provided by them.
1.3 Review current risk management process.
All necessary participants assembled
List of vendors and vendor contracts
Understanding of current risk management process
Review IT vendor risk fundamentals.
Assess current maturity and set risk management program goals.
Engage stakeholders and establish a risk governance framework.
Understanding of organizational risk culture and the corresponding risk threshold.
Obstacles to effective IT risk management identified.
Attainable goals to increase maturity established.
Understanding of the gap to achieve vendor risk readiness.
2.1 Brainstorm vendor-related risks.
2.2 Assess current program maturity.
2.3 Identify obstacles and pain points.
2.4 Develop risk management goals.
2.5 Develop key risk indicators (KRIs) and escalation protocols.
2.6 Gain stakeholders’ perspective.
Vendor risk management maturity assessment
Goals for vendor risk management
Stakeholders’ opinions
Categorize vendors.
Prioritize assessed risks.
Risk events prioritized according to risk severity – as defined by the business.
3.1 Categorize vendors.
3.2 Map vendor infrastructure.
3.3 Prioritize vendors.
3.4 Identify risk contributing factors.
3.5 Assess risk exposure.
3.6 Calculate expected cost.
3.7 Identify risk events.
3.8 Input risks into the Risk Register Tool.
Vendors classified and prioritized
Vendor risk exposure
Expected cost calculation
Determine risk threshold and contract clause relating to risk prevention.
Identify and assess risk response actions.
Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.
Risk response strategies have been identified for all key risks.
Authoritative risk response recommendations can be made to senior leadership.
4.1 Determine the threshold for (un)acceptable risk.
4.2 Match elements of the contract to related vendor risks.
4.3 Identify and assess risk responses.
Thresholds for (un)acceptable risk
Risk responses
Communicate top risks to management.
Assign accountabilities and responsibilities for risk management process.
Establish monitoring schedule.
Risk monitoring responsibilities are established.
Transparent accountabilities and established ongoing improvement of the vendor risk management program.
5.1 Create a stakeholder map.
5.2 Complete RACI chart.
5.3 Establish the reporting schedule.
5.4 Finalize the vendor risk management program.
Stakeholder map
Assigned accountability for risk management
Established monitoring schedule
Risk report
Vendor Risk Management Program Manual
IT communications are often considered ineffective. This is demonstrated by:
Communications is a responsibility of all members of IT. This is demonstrated through:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This capstone blueprint highlights the components, best practices, and importance of good communication for all IT employees.
IT town halls must deliver value to employees, or they will withdraw and miss key messages. To engage employees, use well-crafted communications in an event that includes crowd-sourced contents, peer involvement, recognition, significant Q&A time allotment, organizational discussions, and goal alignment.
This template provides a framework to build your own IT Year In Review presentation. An IT Year In Review presentation typically covers the major accomplishments, challenges, and initiatives of an organization's information technology (IT) department over the past year.
Brittany Lutes
Research Director
Info-Tech Research Group
Diana MacPherson
Senior Research Analyst
Info-Tech Research Group
IT rarely engages in proper communications. We speak at, inform, or tell our audience what we believe to be important. But true communications seldom take place.
Communications only occur when channels are created to ensure the continuous opportunity to obtain two-way feedback. It is a skill that is developed over time, with no individual having an innate ability to be better at communications. Each person in IT needs to work toward developing their personal communications style. The problem is we rarely invest in development or training related to communications. Information and technology fields spend time and money developing hard skills within IT, not soft ones.
The benefits associated with communications are immense: higher business satisfaction, funding for IT initiatives, increased employee engagement, better IT to business alignment, and the general ability to form ongoing partnerships with stakeholders. So, for IT departments looking to obtain these benefits through true communications, develop the necessary skills.
Your Challenge | Common Obstacles | Info-Tech’s Approach |
IT communications are often considered ineffective. This is demonstrated by:
|
Frequently, these barriers have prevented IT communications from being effective:
|
Communications is a responsibility of all members of IT. This is demonstrated through:
|
Info-Tech Insight
No one is born a good communicator. Every IT employee needs to spend the time and effort to grow their communication skills as constant change and worsening IT crises mean that IT cannot afford to communicate poorly anymore.
The bottom line? For every 10% increase in communications there 8.6% increase in overall IT satisfaction. Therefore, when IT communicates with the organization, stakeholders are more likely to be satisfied with IT overall.
Info-Tech Diagnostic Programs, N=330 organizations
IT struggles to communicate effectively with the organization:
Effective IT communications are rare:
53% of CXOs believe poor communication between business and IT is a barrier to innovation.
Source: Info-Tech CEO-CIO Alignment Survey, 2022
“69% of those in management positions don’t feel comfortable even communicating with their staff.”
Source: TeamStage, 2022
The Info-Tech difference:
Communicating Up to Board or Executives
Communicating Across the Organization
Communicating Within IT
Overarching insight
IT cannot afford to communicate poorly given the overwhelming impact and frequency of change related to technology. Learn to communicate well or get out of the way of someone who can.
Insight 1: The skills needed to communicate effectively as a frontline employee or a CIO are the same. It’s important to begin the development of these skills from the beginning of one’s career. |
Insight 2: Time is a non-renewable resource. Any communication needs to be considered valuable and engaging by the audience or they will be unforgiving. |
Insight 3: Don’t make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue the story you share. |
Insight 4: Measure if the communication is being received and resulting in the desired outcome. If not, modify what and how the message is being expressed. |
Insight 5: Messages are also non-verbal. Practice using your voice and body to set the right tone and impact your audience. |
Two-Way
Incorporate feedback loops into your communication efforts. Providing stakeholders with the opportunity to voice their opinions and ideas will help gain their commitment and buy-in.
Timely
Frequent communications mitigate rumors and the spread of misinformation. Provide warning before the implementation of any changes whenever possible. Communicate as soon as possible after decisions have been made.
Consistent
Make sure the messaging is consistent across departments, mediums, and presenters. Provide managers with key phrases to support the consistency of messages.
Open & Honest
Transparency is a critical component of communication. Always tell employees that you will share information as soon as you can. This may not be as soon as you receive the information but as soon as sharing it is acceptable.
Authentic
Write messages in a way that embodies the personality of the organization. Don’t spin information; position it within the wider organizational context.
Targeted
Use your target audience profiles to determine which audiences need to consume which messages and what mediums should be employed.
IT needs to communicate well because:
“Poor communication results in employee misunderstanding and errors that cost approximately $37 billion.”
– Intranet Connections, 2019
What makes internal communications effective?
To be effective, internal communications must be strategic. They should directly support organizational objectives, reinforce key messages to make sure they drive action, and facilitate two-way dialogue, not just one-way messaging.
Methods to determine effectiveness:
“‘Effectiveness’ can mean different things, and effectiveness for your project is going to look different than it would for any other project.”
– Gale McCreary in WikiHow, 2022
Keep in mind:
1 | 2 | 3 |
---|---|---|
Priorities Differ | Words Matter | The Power of Three |
What’s important to you as CIO is very different from what is important to a board or executive leadership team or even the individual members of these groups. Share only what is important or relevant to the stakeholder(s). | Simplify the message into common language whenever possible. A good test is to ensure that someone without any technical background could understand the message. | Keep every slide to three points with no more than three words. You are the one to translate this information into a worth-while story to share. |
“Today’s CIOs have a story to tell. They must change the old narrative and describe the art of the (newly) possible. A great leader rises to the occasion and shares a vision that inspires the entire organization.”
– Dan Roberts, CIO, 2019
DEFINING INSIGHT
Stop presenting what is important to you as the CIO and present to the board what is important to them.
Why does IT need to communicate with the board?
FRAMEWORK
CHECKLIST
Do’s & Don’ts of Communicating Board Presentations:
Do: Ensure you know all the members of the board and their strengths/areas of focus.
Do: Ensure the IT objectives and initiatives align to the business objectives.
Do: Avoid using any technical jargon.
Do: Limit the amount of data you are using to present information. If it can’t stand alone, it isn’t a strong enough data point.
Do: Avoid providing IT service metrics or other operational statistics.
Do: Demonstrate how the organization’s revenue is impacted by IT activities.
Do: Tell a story that is compelling and excited.
OUTCOME
Organization Alignment
Stakeholder Buy-In
Awareness on Technology Trends
Risks
DEFINING INSIGHT
Business leaders care about themselves and their goals – present ideas and initiatives that lean into this self-interest.
Why does IT need to communicate business updates?
FRAMEWORK
CHECKLIST
Do’s & Don’ts of Communicating Business Updates:
Do: Ensure IT is given sufficient time to present with the rest of the business leaders.
Do: Ensure the goals of IT are clear and can be depicted visually.
Do: Tie every IT goal to the objectives of different business leaders.
Do: Avoid using any technical jargon.
Do: Reinforce the positive benefits business leaders can expect.
Do: Avoid providing IT service metrics or other operational statistics.
Do: Demonstrate how IT is driving the digital transformation of the organization.
OUTCOME
Better Reputation
Executive Buy-In
Digital Transformation
Relationship Building
1 | 2 | 3 |
---|---|---|
Competing to Be Heard | Measure Impact | Enhance the IT Brand |
IT messages are often competing with a variety of other communications simultaneously taking place in the organization. Avoid the information-overload paradox by communicating necessary, timely, and relevant information. | Don’t underestimate the benefit of qualitative feedback that comes from talking to people within the organization. Ensure they read/heard and absorbed the communication. | IT might be a business enabler, but if it is never communicated as such to the organization, it will only be seen as a support function. Use purposeful communications to change the IT narrative. |
Less than 50% of internal communications lean on a proper framework to support their communication activities.
– Philip Nunn, iabc, 2020
DEFINING INSIGHT
IT leaders struggle to communicate how the IT strategy is aligned to the overall business objectives using a common language understood by all.
Why does IT need to communicate its strategic objectives?
FRAMEWORK
CHECKLIST
Do’s & Don’ts of Communicating IT Strategic Objectives:
Do: Ensure all IT leaders are aware of and understand the objectives in the IT strategy.
Do: Ensure there is a visual representation of IT’s goals.
Do: Ensure the IT objectives and initiatives align to the business objectives.
Do: Avoid using any technical jargon.
Do: Provide metrics if they are relevant, timely, and immediately understandable.
Do: Avoid providing IT service metrics or other operational statistics.
Do: Demonstrate how the future of the organization will benefit from IT initiatives.
OUTCOME
Organization Alignment
Stakeholder Buy-In
Role Clarity
Demonstrate Growth
DEFINING INSIGHT
A crisis communication should fit onto a sticky note. If it’s not clear, concise, and reassuring, it won’t be effectively understood by the audience.
Why does IT need to communicate when a crisis occurs?
FRAMEWORK
CHECKLIST
Do’s & Don’ts of Communicating During a Crisis:
Do: Provide timely and regular updates about the crisis to all stakeholders.
Do: Involve the Board or ELT immediately for transparency.
Do: Avoid providing too much information in a crisis communication.
Do: Have crisis communication statements ready to be shared at any time for possible or common IT crises.
Do: Highlight that employee safety and wellbeing is top priority.
Do: Work with members of the public relations team to prepare any external communications that might be required.
OUTCOME
Ready to Act
Reduce Fears
Maintain Trust
Eliminate Negative Reactions
Keep in mind:
1 | 2 | 3 |
---|---|---|
Training for All | Listening Is Critical | Reinforce Collaboration |
From the service desk technician to CIO, every person within IT needs to have a basic ability to communicate. Invest in the training necessary to develop this skill set. | It seems simple, but as humans we do an innately poor job at listening to others. It’s important you hear employee concerns, feedback, and recommendations, enabling the two-way aspect of communication. | IT employees will reflect the types of communications they see. If IT leaders and managers cannot collaborate together, then teams will also struggle, leading to productivity and quality losses. |
“IT professionals who […] enroll in communications training have a chance to both upgrade their professional capabilities and set themselves apart in a crowded field of technology specialists.”
– Mark Schlesinger, Forbes, 2021
DEFINING INSIGHT
Depending on IT goals, the structure might need to change to support better communication among IT employees.
Why does IT need to communicate IT activities?
FRAMEWORK
CHECKLIST
Do’s & Don’ts of Communicating IT Activities:
Do: Provide metrics that define how success of the project will be measured.
Do: Demonstrate how each project aligns to the overarching objectives of the organization.
Do: Avoid having large meetings that include stakeholders from two or more projects.
Do: Consistently create a safe space for employees to communicate risks related to the project(s).
Do: Ensure the right tools are being leveraged for in-office, hybrid, and virtual environments to support project collaboration.
Do: Leverage a project management software to reduce unnecessary communications.
OUTCOME
Stakeholder Adoption
Resource Allocation
Meet Responsibly
Encourage Engagement
DEFINING INSIGHT
Employees are looking for empathy to be demonstrated by those they are interacting with, from their peers to managers. Yet, we rarely provide it.
Why does IT need to communicate on regularly with itself?
FRAMEWORK
CHECKLIST
Do’s & Don’ts of Communicating within IT:
Do: Have responses for likely questions prepared and ready to go.
Do: Ensure that all leaders are sharing the same messages with their teams.
Do: Avoid providing irrelevant or confusing information.
Do: Speak with your team on a regular basis.
Do: Reinforce the messages of the organization every chance possible.
Do: Ensure employees feel empowered to do their jobs effectively.
Do: Engage employees in dialogue. The worst employee experience is when they are only spoken at, not engaged with.
OUTCOME
Increased Collaboration
Role Clarity
Prevent Rumors
Organizational Insight
Amazon
INDUSTRY
E-Commerce
SOURCE
Harvard Business Review
Jeff Bezos has definitely taken on unorthodox approaches to business and leadership, but one that many might not know about is his approach to communication. Some of the key elements that he focused on in the early 2000s when Amazon was becoming a multi-billion-dollar empire included:
Results
While he was creating the Amazon empire, 85% of Jeff Bezos’ communication was written in a way that an eighth grader could read. Communicating in a way that was easy to understand and encouraging his leadership team to do so as well is one of the many reasons this business has grown to an estimated value of over $800B.
“If you cannot simplify a message and communicate it compellingly, believe me, you cannot get the masses to follow you.”
– Indra Nooyi, in Harvard Business Review, 2022
Demonstrated Communication Behavior | |
Level 1: Follow | Has sufficient communication skills for effective dialogue with others. |
Level 2: Assist | Has sufficient communication skills for effective dialogue with customers, suppliers, and partners. |
Level 3: Apply | Demonstrates effective communication skills. |
Level 4: Enable | Communicates fluently, orally, and in writing and can present complex information to both technical and non-technical audiences. |
Level 5: Ensure, Advise | Communicates effectively both formally and informally. |
Level 6: Initiate, Influence | Communicates effectively at all levels to both technical and non-technical audiences. |
Level 7: Set Strategy, Inspire, Mobilize | Understands, explains, and presents complex ideas to audiences at all levels in a persuasive and convincing manner. |
Source: Skills Framework for the Information Age, 2021
Goal | Key Performance Indicator (KPI) | Related Resource |
Obtain board buy-in for IT strategic initiatives | X% of IT initiatives that were approved to be funded. Number of times technical initiatives were asked to be explained further. | Using our Board Presentation Review service |
Establish stronger relationships with executive leaders | X% of business leadership satisfied with the statement “IT communicates with your group effectively.” | Using the CIO Business Vision Diagnostic |
Organizationally, people know what products and services IT provides | X% of end users who are satisfied with communications around changing services or applications. | Using the End-User Satisfaction Survey |
Organizational reach and understanding of the crisis. | Number of follow-up tickets or requests related to the crisis after the initial crisis communication was sent. | Using templates and tools for crisis communications |
Project stakeholders receive sufficient communication throughout the initiative. | X% overall satisfaction with the quality of the project communications. | Using the PPM Customer Satisfaction Diagnostic |
Employee feedback is provided, heard, and acted on | X% of satisfaction employees have with managers or IT leadership to act on employee feedback. | Using the Employee Engagement Diagnostic Program |
Introduction
Communications overview.
Plan
Plan your communications using a strategic tool.
Compose
Create your own message.
Deliver
Practice delivering your own message.
Contact your account representative for more information. workshops@infotech.com 1-888-670-8889
Anuja Agrawal
National Communications Director
PwC
Anuja is an accomplished global communications professional, with extensive experience in the insurance, banking, financial, and professional services industries in Asia, the US, and Canada. She is currently the National Communications Director at PwC Canada. Her prior work experience includes communication leadership roles at Deutsche Bank, GE, Aviva, and Veritas. Anuja works closely with senior business leaders and key stakeholders to deliver measurable results and effective change and culture building programs. Anuja has experience in both internal and external communications, including strategic leadership communication, employee engagement, PR and media management, digital and social media, and M&A/change and crisis management. Anuja believes in leveraging digital tools and technology-enabled solutions, combined with in-person engagement, to help improve the quality of dialogue and increase interactive communication within the organization to help build an inclusive culture of belonging.
Nastaran Bisheban
Chief Technology Officer
KFC Canada
A passionate technologist, and seasoned transformational leader. A software engineer and computer scientist by education, a certified Project Manager that holds an MBA in Leadership with Honors and Distinction from University of Liverpool. A public speaker on various disciplines of technology and data strategy with a Harvard Business School executive leadership program training to round it all. Challenges status quo and conventional practices; is an advocate for taking calculated risk and following the principle of continuous improvement. With multiple computer software and project management publications she is a strategic mentor and board member on various non-profit organizations. Nastaran sees the world as a better place only when everyone has a seat at the table and is an active advocate for diversity and inclusion.
Heidi Davidson
Co-Founder & CEO
Galvanize Worldwide and Galvanize On Demand
Dr. Heidi Davidson is the co-founder and CEO of Galvanize Worldwide, the largest distributed network of marketing and communications experts in the world. She also is the co-founder and CEO of Galvanize On Demand, a tech platform that matches marketing and communications freelancers with client projects. Now with 167 active experts, the Galvanize team delivers startup advisory work, outsourced marketing, training, and crisis communications to organizations of all sizes. Before Galvanize, Heidi spent four years as part of the turnaround team at BlackBerry as the Chief Communications Officer and SVP of Corporate Marketing, where she helped the company move from a device manufacturer to a security software provider.
Eli Gladstone
Co-Founder
Speaker Labs
Eli is a co-founder of Speaker Labs. He has spent over six years helping countless individuals overcome their public speaking fears and communicate with clarity and confidence. When he’s not coaching others on how to build and deliver the perfect presentation, you’ll probably find him reading some weird books, teaching his kids how to ski or play tennis, or trying to develop a good-enough jumpshot to avoid being a liability on the basketball court.
Francisco Mahfuz
Keynote Speaker & Storytelling Coach
Francisco Mahfuz has been telling stories in front of audiences for a decade and even became a National Champion of public speaking. Today, Francisco is a keynote speaker and storytelling coach and offers communication training to individuals and international organizations and has worked with organizations like Pepsi, HP, the United Nations, Santander, and Cornell University. He’s the author of Bare: A Guide to Brutally Honest Public Speaking and the host of The Storypowers Podcast, and he’s been part of the IESE MBA communications course since 2020. He’s received a BA in English Literature from Birkbeck University in London.
Sarah Shortreed
EVP & CTO
ATCO Ltd.
Sarah Shortreed is ATCO’s Executive Vice President and Chief Technology Officer. Her responsibilities include leading ATCO’s Information Technology (IT) function as it continues to drive agility and collaboration throughout ATCO’s global businesses and expanding and enhancing its enterprise IT strategy, including establishing ATCO’s technology roadmap for the future. Ms. Shortreed’s skill and expertise are drawn from her more than 30-year career that spans many industries and includes executive roles in business consulting, complex multi-stakeholder programs, operations, sales, customer relationship management, and product management. She was recently the Chief Information Officer at Bruce Power and has previously worked at BlackBerry, IBM, and Union Gas. She sits on the Board of Governors for the University of Western Ontario and is the current Chair of the Chief Information Officer (CIO) Committee at the Conference Board of Canada.
Eric Silverberg
Co-Founder
Speaker Labs
Eric is a co-founder of Speaker Labs and has helped thousands of people build their public speaking confidence and become more dynamic and engaging communicators. When he’s not running workshops to help people grow in their careers, there’s a good chance you’ll find him with his wife and dog, drinking Diet Coke, and rewatching iconic episodes of the reality TV show Survivor! He’s such a die-hard fan, that you’ll probably see him playing the game one day.
Stephanie Stewart
Communications Officer & DR Coordinator
Info Security Services Simon Fraser University
Steve Strout
President
Miovision Technologies
Mr. Strout is a recognized and experienced technology leader with extensive experience in delivering value. He has successfully led business and technology transformations by leveraging many dozens of complex global SFDC, Oracle, and SAP projects. He is especially adept at leading what some call “Project Rescues” – saving people’s careers where projects have gone awry; always driving “on-time and on-budget.” Mr. Strout is the current President of Miovision Technologies and the former CEO and board member of the Americas’ SAP Users” Group (ASUG). His wealth of practical knowledge comes from 30 years of extensive experience in many CxO and executive roles at some prestigious organizations such as Vonage, Sabre, BlackBerry, Shred-it, The Thomson Corporation (now Thomson Reuters), and Morris Communications. He has served on boards including Customer Advisory Boards of Apple, AgriSource Data, Dell, Edgewise, EMC, LogiSense, Socrates.ai, Spiro Carbon Group, and Unifi.
Plus an additional two contributors who wish to remain anonymous.
During a crisis it is important to communicate to employees through messages that convey calm and are transparent and tailored to your audience. Use the Crisis Communication Guides to:
“Communication in the Workplace Statistics: Importance and Effectiveness in 2022.” TeamStage, 2022.
Gallo, Carmine. “How Great Leaders Communicate.” Harvard Business Review, 23 November 2022
Guthrie, Georgina. “Why Good Internal Communications Matter Now More than Ever.” Nulab, 15 December 2021.
Lambden, Duncan. “The Importance of Effective Workplace Communication – Statistics for 2022.” Expert Market, 13 June 2022.
“Mapping SFIA Levels of Responsibilities to Behavioural Factors.” Skills Framework for the Information Age, 2021.
McCreary, Gale. “How to Measure the Effectiveness of Communication: 14 Steps.” WikiHow, 31 March 2023.
Nowak, Marcin. “Top 7 Communication Problems in the Workplace.” MIT Enterprise Forum CEE, 2021.
Nunn, Philip. “Messaging That Works: A Unique Framework to Maximize Communication Success.” iabc, 26 October 2020.
Picincu, Andra. “How to Measure Effective Communications.” Small Business Chron. 12 January 2021.
Price. David A. “Pixar Story Rules.” Stories From the Frontiers of Knowledge, 2011.
Roberts, Dan. “How CIOs Become Visionary Communicators.” CIO, 2019.
Schlesinger, Mark. “Why building effective communication skill in IT is incredibly important.” Forbes, 2021.
Stanten, Andrew. “Planning for the Worst: Crisis Communications 101.” CIO, 25 May 2017.
State of the American Workplace Report. Gallup, 6 February 2020.
“The CIO Revolution.” IBM, 2021.
“The State of High Performing Teams in Tech 2022.” Hypercontex, 2022.
Walters, Katlin. “Top 5 Ways to Measure Internal Communication.” Intranet Connections, 30 May 2019.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Scope an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.
Learn how to use Info-Tech's Portfolio Manager 2017 workbook and create powerful reports.
Plan and implement an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.
Develop an exit strategy from your home-grown solution to a commercial PPM toolset. In this video, we show a rapid transition from the Excel dataset shown on this page to a commercial solution from Meisterplan. Christoph Hirnle of Meisterplan is interviewed starting at 9 minutes.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess the current state of project portfolio management capability at your organization. The activities in this module will inform the next modules by exploring your organization’s current strengths and weaknesses and identifying areas that require improvement.
Set up the workbook to generate a fully functional project portfolio workbook that will give you a high-level view into your portfolio.
A high-level review of your current project portfolio capability is used to decide whether a homegrown PPM solution is an appropriate choice
Cost-benefit analysis is done to build a business case for supporting this choice
1.1 Review existing PPM strategy and processes.
1.2 Perform a cost-benefit analysis.
Confirmation of homegrown PPM solution as the right choice
Expected benefits for the PPM solution
Define a list of requirements for your PPM solution that meets the needs of all stakeholders.
A fully customized PPM solution in your chosen platform
2.1 Introduction to Info-Tech's Portfolio Manager 2017: inputs, outputs, and the data model.
2.2 Gather requirements for enhancements and customizations.
Trained project/resource managers on the homegrown solution
A wish list of enhancements and customizations
Determine an action plan regarding next steps for implementation.
Implement your homegrown PPM solution. The activities outlined in this step will help to promote adoption of the tool throughout your organization.
A set of processes to integrate the new homegrown PPM solution into existing PPM activities
Plans for piloting the new processes, process improvement, and stakeholder communication
3.1 Plan to integrate your new solution into your PPM processes.
3.2 Plan to pilot the new processes.
3.3 Manage stakeholder communications.
Portfolio Manager 2017 operating manual, which documents how Portfolio Manager 2017 is used to augment the PPM processes
Plan for a pilot run and post-pilot evaluation for a wider rollout
Communication plan for impacted PPM stakeholders
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Capture a clear understanding of the target needs for the requirements process.
Develop best practices for conducting and structuring elicitation of business requirements.
Standardize frameworks for analysis and validation of business requirements.
Formalize change control and governance processes for requirements gathering.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a clear understanding of the target needs for the requirements gathering process.
A comprehensive review of the current state for requirements gathering across people, processes, and technology.
Identification of major challenges (and opportunity areas) that should be improved via the requirements gathering optimization project.
1.1 Understand current state and document existing requirement process steps.
1.2 Identify stakeholder, process, outcome, and training challenges.
1.3 Conduct target state analysis.
1.4 Establish requirements gathering metrics.
1.5 Identify project levels 1/2/3/4.
1.6 Match control points to project levels 1/2/3/4.
1.7 Conduct project scoping and identify stakeholders.
Requirements Gathering Maturity Assessment
Project Level Selection Tool
Requirements Gathering Documentation Tool
Create best practices for conducting and structuring elicitation of business requirements.
A repeatable framework for initial elicitation of requirements.
Prescribed, project-specific elicitation techniques.
2.1 Understand elicitation techniques and which ones to use.
2.2 Document and confirm elicitation techniques.
2.3 Create a requirements gathering elicitation plan for your project.
2.4 Build the operating model for your project.
2.5 Define SIPOC-MC for your selected project.
2.6 Practice using interviews with business stakeholders to build use case models.
2.7 Practice using table-top testing with business stakeholders to build use case models.
Project Elicitation Schedule
Project Operating Model
Project SIPOC-MC Sub-Processes
Project Use Cases
Build a standardized framework for analysis and validation of business requirements.
Policies for requirements categorization, prioritization, and validation.
Improved project value as a result of better prioritization using the MOSCOW model.
3.1 Categorize gathered requirements for use.
3.2 Consolidate similar requirements and eliminate redundancies.
3.3 Practice prioritizing requirements.
3.4 Build the business process model for the project.
3.5 Rightsize the requirements documentation template.
3.6 Present the business requirements document to business stakeholders.
3.7 Identify testing opportunities.
Requirements Gathering Documentation Tool
Requirements Gathering Testing Checklist
Create formalized change control processes for requirements gathering.
Reduced interjections and rework – strengthened formal evaluation and control of change requests to project requirements.
4.1 Review existing CR process.
4.2 Review change control process best practices and optimization opportunities.
4.3 Build guidelines for escalating changes.
4.4 Confirm your requirements gathering process for project levels 1/2/3/4.
Requirements Traceability Matrix
Requirements Gathering Communication Tracking Template
Establish governance structures and ongoing oversight for business requirements gathering.
Consistent governance and oversight of the requirements gathering process, resulting in fewer “wild west” scenarios.
Better repeatability for the new requirements gathering process, resulting in less wasted time and effort at the outset of projects.
5.1 Define RACI for the requirements gathering process.
5.2 Define the requirements gathering steering committee purpose.
5.3 Define RACI for requirements gathering steering committee.
5.4 Define the agenda and cadence for the requirements gathering steering committee.
5.5 Identify and analyze stakeholders for communication plan.
5.6 Create communication management plan.
5.7 Build the action plan.
Requirements Gathering Action Plan
Back to basics: great products are built on great requirements.
A strong process for business requirements gathering is essential for application project success. However, most organizations do not take a strategic approach to optimizing how they conduct business analysis and requirements definition.
"Robust business requirements are the basis of a successful project. Without requirements that correctly articulate the underlying needs of your business stakeholders, projects will fail to deliver value and involve significant rework. In fact, an Info-Tech study found that of projects that fail over two-thirds fail due to poorly defined business requirements.
Despite the importance of good business requirements to project success, many organizations struggle to define a consistent and repeatable process for requirements gathering. This results in wasted time and effort from both IT and the business, and generates requirements that are incomplete and of dubious value. Additionally, many business analysts lack the competencies and analytical techniques needed to properly execute the requirements gathering process.
This research will help you get requirements gathering right by developing a set of standard operating procedures across requirements elicitation, analysis, and validation. It will also help you identify and fine-tune the business analyst competencies necessary to make requirements gathering a success."
– Ben Dickie, Director, Enterprise Applications, Info-Tech Research Group
A business requirement is a statement that clearly outlines the functional capability that the business needs from a system or application. There are several attributes to look at in requirements:
Verifiable
Stated in a way that can be easily tested
Unambiguous
Free of subjective terms and can only be interpreted in one way
Complete
Contains all relevant information
Consistent
Does not conflict with other requirements
Achievable
Possible to accomplish with budgetary and technological constraints
Traceable
Trackable from inception through to testing
Unitary
Addresses only one thing and cannot be decomposed into multiple requirements
Agnostic
Doesn’t pre-suppose a specific vendor or product
In some situations, an insight will reveal new requirements. This requirement will not follow all of the attributes listed above and that’s okay. If a new insight changes the direction of the project, re-evaluate the scope of the project.
Depending on the scope of the project, certain attributes will carry more weight than others. Weigh the value of each attribute before elicitation and adjust as required. For example, verifiable will be a less-valued attribute when developing a client-facing website with no established measuring method/software.
Proper requirements gathering is critical for delivering business value from IT projects, but it remains an elusive and perplexing task for most organizations. You need to have a strategy for end-to-end requirements gathering, or your projects will consistently fail to meet business expectations.
50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)
45% of delivered features are utilized by end users. (The Standish Group)
78% of IT professionals believe the business is “usually” or “always” out of sync with project requirements. (Blueprint Software Systems)
45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems)
Requirements gathering is truly an organization-spanning issue, and it falls directly on the IT directors who oversee projects to put prudent SOPs in place for managing the requirements gathering process. Despite its importance, the majority of organizations have challenges with requirements gathering.
What happens when requirements are no longer effective?
PMBOK’s Five Phase Project Lifecycle
Initiate – Plan: Requirements Gathering Lives Here – Execute – Control – Close
Inaccurate requirements is the 2nd most common cause of project failure (Project Management Institute ‒ Smartsheet).
Requirements gathering is a critical stage of project planning.
Depending on whether you take an Agile or Waterfall project management approach, it can be extended into the initiate and execute phases of the project lifecycle.
Organizations that had high satisfaction with requirements gathering were more likely to be highly satisfied with the other areas of IT. In fact, 72% of organizations that had high satisfaction with requirements gathering were also highly satisfied with the availability of IT capacity to complete projects.
Note: High satisfaction was classified as organizations with a score greater or equal to 8. Not high satisfaction was every other organization that scored below 8 on the area questions.
N=395 organizations from Info-Tech’s CIO Business Vision diagnostic
The challenges that afflict requirements gathering are multifaceted and often systemic in nature. There isn’t a single cure that will fix all of your requirements gathering problems, but an awareness of frequently encountered challenges will give you a basis for where to consider establishing better SOPs. Commonly encountered challenges include:
70% of projects fail due to poor requirements. (Info-Tech Research Group)
Root Causes of Poor Requirements Gathering:
Outcomes of Poor Requirements Gathering:
Info-Tech Insight
Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been and continues to be the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle when it is time to optimize the requirements gathering process.
You can reduce the amount of wasted work by making sure you have clear business goals. In fact, you could see an improvement of as much as 50% by going from a low level of satisfaction with clarity of business goals (<2) to a high level of satisfaction (≥5).
Likewise, you could see an improvement of as much as 43% by going from a low level of satisfaction with analysis of requirements (less than 2) to a high level of satisfaction (greater than or equal to 5).
Note: Waste is measured by the amount of cancelled projects; suboptimal assignment of resources; analyzing, fixing, and re-deploying; inefficiency, and unassigned resources.
N=200 teams from the Project Portfolio Management diagnostic
Good intentions and hard work aren’t enough to make a project successful. As you proceed with a project, step back and assess the critical success factors. Make sure that the important inputs and critical activities of requirements gathering are supporting, not inhibiting, project success.
Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.
Info-Tech Insight
Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.
Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers the foundational issues (elicitation, analysis, and validation) and prescribes techniques for planning, monitoring, communicating, and managing the requirements gathering process.
When creating the process for requirements gathering, think about how it will be executed by your BAs, and what the composition of your BA team should look like. A strong BA needs to serve as an effective translator, being able to speak the language of both the business and IT.
What are some core competencies of a good BA?
Throughout this blueprint, look for the “BA Insight” box to learn how steps in the requirements gathering process relate to the skills needed by BAs to facilitate the process effectively.
Government
Info-Tech Research Group Workshop
The Client
The organization was a local government responsible for providing services to approximately 600,000 citizens in the southern US. Its IT department is tasked with deploying applications and systems (such as HRIS) that support the various initiatives and mandate of the local government.
The Requirements Gathering Challenge
The IT department recognized that a strong requirements gathering process was essential to delivering value to its stakeholders. However, there was no codified process in place – each BA unilaterally decided how they would conduct requirements gathering at the start of each project. IT recognized that to enhance both the effectiveness and efficiency of requirements gathering, it needed to put in place a strong, prescriptive set of SOPs.
The Improvement
Working with a team from Info-Tech, the IT leadership and BA team conducted a workshop to develop a new set of SOPs that provided clear guidance for each stage of the requirements process: elicitation, analysis, and validation. As a result, business satisfaction and value alignment increased.
The Requirements Gathering SOP and BA Playbook offers a codified set of SOPs for requirements gathering gave BAs a clear playbook.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Diagnostics and consistent frameworks used throughout all four options
1. Build the Target State for Requirements Gathering | 2. Define the Elicitation Process | 3. Analyze and Validate Requirements | 4. Create a Requirements Governance Action Plan | |
---|---|---|---|---|
Best-Practice Toolkit |
1.1 Understand the Benefits of Requirements Optimization 1.2 Determine Your Target State for Requirements Gathering |
2.1 Determine Elicitation Techniques 2.2 Structure Elicitation Output |
3.1 Create Analysis Framework 3.2 Validate Business Requirements |
4.1 Create Control Processes for Requirements Changes 4.2 Build Requirements Governance and Communication Plan |
Guided Implementations |
|
|
|
|
Onsite Workshop | Module 1: Define the Current and Target State | Module 2: Define the Elicitation Process | Module 3: Analyze and Validate Requirements | Module 4: Governance and Continuous Improvement Process |
Phase 1 Results: Clear understanding of target needs for the requirements process. | Phase 2 Results: Best practices for conducting and structuring elicitation. | Phase 3 Results: Standardized frameworks for analysis and validation of business requirements. | Phase 4 Results: Formalized change control and governance processes for requirements. |
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
---|---|---|---|---|---|
Activities |
Define Current State and Target State for Requirements Gathering
|
Define the Elicitation Process
|
Analyze and Validate Requirements
|
Establish Change Control Processes
|
Establish Ongoing Governance for Requirements Gathering
|
Deliverables |
|
|
|
|
|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Start with an analyst kick off call:
Then complete these activities…
With these tools & templates:
Requirements Gathering SOP and BA Playbook
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 1 Results & Insights:
Clear understanding of target needs for the requirements process.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Optimizing requirements management is not something that can be done in isolation, and it’s not necessarily going to be easy. Improving your requirements will translate into better value delivery, but it takes real commitment from IT and its business partners.
There are four “pillars of commitment” that will be necessary to succeed with requirements optimization:
When gathering business requirements, it’s critical not to assume that layering on technology to a process will automatically solve your problems.
Proper requirements gathering views projects holistically (i.e. not just as an attempt to deploy an application or technology, but as an endeavor to enable new or re-engineered business processes). Neglecting to see requirements gathering in the context of business process enablement leads to failure.
Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers both the foundational issues (elicitation, analysis, and validation) as well as prescribing techniques for planning, monitoring, communicating, and managing the requirements gathering process.
Identify the challenges you’re experiencing with requirements gathering, and identify objectives.
Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.
Info-Tech Insight
Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.
Info-Tech’s Requirements Gathering SOP and BA Playbook template forms the basis of this blueprint. It’s a structured document that you can fill out with defined procedures for how requirements should be gathered at your organization.
Info-Tech’s Requirements Gathering SOP and BA Playbook template provides a number of sections that you can populate to provide direction for requirements gathering practitioners. Sections provided include: Organizational Context Governance Procedures Resourcing Model Technology Strategy Knowledge Management Elicitation SOPs Analysis SOPs Validation SOPs.
The template has been pre-populated with an example of requirements management procedures. Feel free to customize it to fit your specific needs.
Download the Requirements Gathering SOP and BA Playbook template.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Establishing an overarching plan for requirements governance is the first step in building an SOP. You must also decide who will actually execute the requirements gathering processes, and what technology they will use to accomplish this. Planning for governance, resourcing, and technology is something that should be done repeatedly and at a higher strategic level than the more sequential steps of elicitation, analysis, and validation.
Visualize how you want requirements to be gathered in your organization. Do not let elements of the current process restrict your thinking.
For example:
Refrain from only making small changes to improve the existing process. Think about the optimal way to structure the requirements gathering process.
Verifiable – It is stated in a way that can be tested.
Unambiguous – It is free of subjective terms and can only be interpreted in one way.
Complete – It contains all relevant information.
Consistent – It does not conflict with other requirements.
Achievable – It is possible to accomplish given the budgetary and technological constraints.
Traceable – It can tracked from inception to testing.
Unitary – It addresses only one thing and cannot be decomposed into multiple requirements.
Accurate – It is based on proven facts and correct information.
Other Considerations:
Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).
Info-Tech Insight
Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need as it can be really easy to fall into the technology solution trap.
Use the Requirements Gathering Maturity Assessment tool to help assess the maturity of your requirements gathering function in your organization, and identify the gaps between the current state and the target state. This will help focus your organization's efforts in closing the gaps that represent high-value opportunities.
Complete the Requirements Gathering Maturity Assessment tool to define your target state, and identify the gaps in your current state.
You need to ensure your requirements gathering procedures are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.
Document the output from this exercise in section 2.2 of the Requirements Gathering SOP and BA Playbook.
A business process model (BPM) is a simplified depiction of a complex process. These visual representations allow all types of stakeholders to quickly understand a process, how it affects them, and enables more effective decision making. Consider these areas for your model:
Stakeholder Analysis
Elicitation Techniques
Documentation
Validation & Traceability
Managing Requirements
Supporting Tools
It’s important to determine the project levels up front, as each project level will have a specific degree of elicitation, analysis, and validation that will need to be completed. That being said, not all organizations will have four levels.
The Project Level Selection Tool will classify your projects into four levels, enabling you to evaluate the risk and complexity of a particular project and match it with an appropriate requirements gathering process.
Project Level Input
Project Level Selection
Define the project levels to determine the appropriate requirements gathering process for each.
Document the output from this exercise in section 2.3 of the Requirements Gathering SOP and BA Playbook.
Category | Level 4 | Level 3 | Level 2 | Level 1 |
---|---|---|---|---|
Scope of Change | Full system update | Full system update | Multiple modules | Minor change |
Expected Duration | 12 months + | 6 months + | 3-6 months | 0-3 months |
Impact | Enterprise-wide, globally dispersed | Enterprise-wide | Department-wide | Low users/single division |
Budget | $1,000,000+ | $500,000-1,000,000 | $100,000-500,000 | $0-100,000 |
Services Affected | Mission critical, revenue impacting | Mission critical, revenue impacting | Pervasive but not mission critical | Isolated, non-essential |
Confidentiality | Yes | Yes | No | No |
The tool is comprised of six questions, each of which is linked to at least one type of project risk.
Using the answers provided, the tool will calculate a level for each risk category. Overall project level is a weighted average of the individual risk levels, based on the importance weighting of each type of risk set by the project manager.
This tool is an excerpt from Info-Tech’s exhaustive Project Level Assessment Tool.
Brainstorm the ideal target business process flows for your requirements gathering process (by project level).
Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.
Having an SOP is important, but it should be the basis for training the people who will actually execute the requirements gathering process. Your BA team is critical for requirements gathering – they need to know the SOPs in detail, and you need to have a plan for recruiting those with an excellent skill set.
The ideal candidates for requirements gathering are technically savvy analysts (but not necessarily computer science majors) from the business who are already fluent with the business’ language and cognizant of the day-to-day challenges that take place. Organizationally, these BAs should be in a group that bridges IT and the business (such as an RGCOE or PMO) and be specialists rather than generalists in the requirements management space.
A BA resourcing strategy is included in the SOP. Customize it to suit your needs.
"Make sure your people understand the business they are trying to provide the solution for as well if not better than the business folks themselves." – Ken Piddington, CIO, MRE Consulting
If you don’t have a trained group of in-house BAs who can execute your requirements gathering process, consider sourcing the talent from internal candidates or calling for qualified applicants. Our Business Requirements Analyst job description template can help you quickly get the word out.
Info-Tech Deliverable
Download the Business Requirements Analyst job description template.
Industry Government
Source Info-Tech Workshop
A mid-sized US municipality was challenged with managing stakeholder expectations for projects, including the collection and analysis of business requirements.
The lack of a consistent approach to requirements gathering was causing the IT department to lose credibility with department level executives, impacting the ability of the team to engage project stakeholders in defining project needs.
The City contracted Info-Tech to help build an SOP to govern and train all BAs on a consistent requirements gathering process.
The teams first set about establishing a consistent approach to defining project levels, defining six questions to be asked for each project. This framework would be used to assess the complexity, risk, and scope of each project, thereby defining the appropriate level of rigor and documentation required for each initiative.
Once the project levels were defined, the team established a formalized set of steps, tools, and artifacts to be created for each phase of the project. These tools helped the team present a consistent approach to each project to the stakeholders, helping improve credibility and engagement for eliciting requirements.
Choose a level of control that facilitates success without slowing progress.
No control | Right-sized control | Over-engineered control |
---|---|---|
Final deliverable may not satisfy business or user requirements. | Control points and communication are set at appropriate stage-gates to allow for deliverables to be evaluated and assessed before proceeding to the next phase. | Excessive controls can result in too much time spent on stage-gates and approvals, which creates delays in the schedule and causes milestones to be missed. |
Info-Tech Insight
Throughout the requirements gathering process, you need checks and balances to ensure that the projects are going according to plan. Now that we know our stakeholder, elicitation, and prioritization processes, we will set up the control points for each project level.
Determine how you want to receive and distribute messages to stakeholders.
Communication Milestones | Audience | Artifact | Final Goal |
---|---|---|---|
Project Initiation | Project Sponsor | Project Charter | Communicate Goals and Scope of Project |
Elicitation Scheduling | Selected Stakeholders (SMEs, Power Users) | Proposed Solution | Schedule Elicitation Sessions |
Elicitation Follow-Up | Selected Stakeholders | Elicitation Notes | Confirm Accuracy of Notes |
First Pass Validation | Selected Stakeholders | Consolidated Requirements | Validate Aggregated Requirements |
Second Pass Validation | Selected Stakeholders | Prioritized Requirements | Validate Requirements Priority |
Eliminated Requirements | Affected Stakeholders | Out of Scope Requirements | Affected Stakeholders Understand Impact of Eliminated Requirements |
Solution Selection | High Authority/Expertise Stakeholders | Modeled Solutions | Select Solution |
Selected Solution | High Authority/Expertise Stakeholders and Project Sponsor | Requirements Package | Communicate Solution |
Requirements Sign-Off | Project Sponsor | Requirements Package | Obtain Sign-Off |
# – Control Point: A decision requiring specific approval or sign-off from defined stakeholders involved with the project. Control points result in accepted or rejected deliverables/documents.
A – Plan Approval: This control point requires a review of the requirements gathering plan, stakeholders, and elicitation techniques.
B – Requirements Validation: This control point requires a review of the requirements documentation that indicates project and product requirements.
C – Prioritization Sign-Off: This requires sign-off from the business and/or user groups. This might be sign-off to approve a document, prioritization, or confirm that testing is complete.
D – IT or Peer Sign-Off: This requires sign-off from IT to approve technical requirements or confirm that IT is ready to accept a change.
Define all of the key control points, required documentation, and involved stakeholders.
Document the output from this exercise in section 6.1 of the Requirements Gathering SOP and BA Playbook.
Before commencing requirements gathering, it’s critical that your practitioners have a clear understanding of the initial business case and rationale for the project that they’re supporting. This is vital for providing the business context that elicitation activities must be geared towards.
During requirements gathering, BAs should steer clear of solutions and focus on capturing requirements. Focus on traceable, hierarchical, and testable requirements. Focusing on solution design means you are out of requirements mode.
Constraints come in many forms (i.e. financial, regulatory, and technological). Identifying these constraints prior to entering requirements gathering enables you to remain alert; you can separate what is possible from what is impossible, and set stakeholder expectations accordingly.
Stakeholder management is a critical aspect of the BA’s role. Part of the BA’s responsibility is prioritizing solutions and demonstrating to stakeholders the level of effort required and the value attained.
Begin the requirements gathering process by conducting some initial scoping on why we are doing the project, the goals, and the constraints.
Before you can dive into most elicitation techniques, you need to know who you’re going to speak with – not all stakeholders hold the same value.
There are two broad categories of stakeholders:
Customers: Those who ask for a system/project/change but do not necessarily use it. These are typically executive sponsors, project managers, or interested stakeholders. They are customers in the sense that they may provide the funding or budget for a project, and may have requests for features and functionality, but they won’t have to use it in their own workflows.
Users: Those who may not ask for a system but must use it in their routine workflows. These are your end users, those who will actually interact with the system. Users don’t necessarily have to be people – they can also be other systems that will require inputs or outputs from the proposed solution. Understand their needs to best drive more granular functional requirements.
"The people you need to make happy at the end of the day are the people who are going to help you identify and prioritize requirements." – Director of IT, Municipal Utilities Provider
Need a hand with stakeholder identification? Leverage Info-Tech’s Stakeholder Planning Tool to catalog and prioritize the stakeholders your BAs will need to contact during the elicitation phase.
Practice the process for identifying and analyzing key stakeholders for requirements gathering.
Use the Requirements Gathering Communication Tracking Template for structuring and managing ongoing communications among key requirements gathering implementation stakeholders.
Use the Stakeholder Power Map tab to:
Use the Communication Management Plan tab to:
Recording and analyzing requirements needs some kind of tool, but don’t overinvest in a dedicated suite if you can manage with a more inexpensive solution (such as Word, Excel, and/or Visio). Top-tier solutions may be necessary for an enterprise ERP deployment, but you can use a low-cost solution for low-level productivity application.
Your SOP guide should specify the technology platform that your analysts are expected to use for initial elicitation as well as analysis and validation. You don’t want them to use Word if you’ve invested in a full-out IBM RM solution.
Dedicated requirements management suites are a great (although pricey) way to have full control over recording, analysis, and hierarchical categorization of requirements. Consider some of the major vendors in the space if Word, Excel, and Visio aren’t suitable for you.
Industry Consulting
Source Jama Software
ArcherPoint is a leading Microsoft Partner responsible for providing business solutions to its clients. Its varied customer base now requires a more sophisticated requirements gathering software.
Its process was centered around emailing Word documents, creating versions, and merging issues. ArcherPoint recognized the need to enhance effectiveness, efficiency, and accuracy of requirements gathering through a prescriptive set of elicitation procedures.
The IT department at ArcherPoint recognized that a strong requirements gathering process was essential to delivering value to stakeholders. It needed more scalable and flexible requirements gathering software to enhance requirements traceability. The company implemented SaaS solutions that included traceability and seamless integration features.
These features reduced the incidences of repetition, allowed for tracing of requirements relationships, and ultimately led to an exhaustive understanding of stakeholders’ needs.
Projects are now vetted upon an understanding of the business client’s needs with a thorough requirements gathering collection and analysis.
A deeper understanding of the business needs also allows ArcherPoint to better understand the roles and responsibilities of stakeholders. This allows for the implementation of structures and policies which makes the requirements gathering process rigorous.
Solution options or preferences are not requirements. Be sure to identify these quickly to avoid being forced into untimely discussions and sub-optimal solution decisions.
Solution Requirements: Describe the characteristics of a solution that meet business requirements and stakeholder requirements. They are frequently divided into sub-categories, particularly when the requirements describe a software solution:
Functional Requirements
Non-Functional Requirements
Remember that solution requirements are distinct from solution specifications; in time, specifications will be developed from the requirements. Don’t get ahead of the process.
An analyst will facilitate a discussion to assess the maturity of your requirements gathering process and identify any gaps in the current state.
Speak to an analyst to discuss and determine key metrics for measuring the effectiveness of your requirements gathering processes.
An analyst will facilitate a discussion to determine the ideal target business process flow for your requirements gathering.
An analyst will assist you with determining the appropriate requirements gathering approach for different project levels. The discussion will highlight key control points and define stakeholders who will be involved in each one.
An analyst will facilitate a discussion to highlight the scope of the requirements gathering optimization project as well as identify and analyze key stakeholders in the process.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Start with an analyst kick off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
The elicitation phase is where the BAs actually meet with project stakeholders and uncover the requirements for the application. Major tasks within this phase include stakeholder identification, selecting elicitation techniques, and conducting the elicitation sessions. This phase involves the most information gathering and therefore requires a significant amount of time to be done properly.
A mediocre requirements practitioner takes an order taker approach to elicitation: they elicit requirements by showing up to a meeting with the stakeholder and asking, “What do you want?” This approach frequently results in gaps in requirements, as most stakeholders cannot free-form spit out an accurate inventory of their needs.
A strong requirements practitioner first decides on an elicitation framework – a mechanism to anchor the discussion about the business requirements. Info-Tech recommends using business process modelling (BPM) as the most effective framework. The BA can now work through several key questions:
The second key element to elicitation is using the right blend of elicitation techniques: the tactical approach used to actually collect the requirements. Interviews are the most popular means, but focus groups, JAD sessions, and observational techniques can often yield better results – faster. This section will touch on BPM/BPI as an elicitation framework, then do deep dive on different elicitation techniques.
Stakeholders must be identified, and elicitation frameworks and techniques selected. Each technique requires different preparation. For example, brainstorming requires ground rules; focus groups require invitations, specific focus areas, and meeting rooms (perhaps even cameras). Look at each of these techniques and discuss how you would prepare.
A good elicitor has the following underlying competencies: analytical thinking, problem solving, behavioral characteristics, business knowledge, communication skills, interaction skills, and proficiency in BA tools. In both group and individual elicitation techniques, interpersonal proficiency and strong facilitation is a must. A good BA has an intuitive sense of how to manage the flow of conversations, keep them results-oriented, and prevent stakeholder tangents or gripe sessions.
How you document will depend on the technique you use. For example, recording and transcribing a focus group is probably a good idea, but you still need to analyze the results and determine the actual requirements. Use cases demand a software tool – without one, they become cumbersome and unwieldy. Consider how you would document the results before you choose the technique. Some analysts prefer to use solutions like OneNote or Evernote for capturing the raw initial notes, others prefer pen and paper: it’s what works best for the BA at hand.
Review the documentation with your stakeholder and confirm the understanding of each requirement via active listening skills. Revise requirements as necessary. Circulating the initial notes of a requirements interview or focus group is a great practice to get into – it ensures jargon and acronyms are correctly captured, and that nothing has been lost in the initial translation.
BPMs can take multiple forms, but they are created as visual process flows that depict a series of events. They can be customized at the discretion of the requirements gathering team (swim lanes, legends, etc.) based on the level of detail needed from the input.
BPMs can be used as the basis for further process improvement or re-engineering efforts for IT and applications projects. When the requirements gathering process owner needs to validate whether or not a specific step involved in the process is necessary, BPM provides the necessary breakdown.
Different individuals absorb information in a variety of ways. Visual representations of a process or set of steps tend to be well received by a large sub-set of individuals, making BPMs an effective analysis technique.
This related Info-Tech blueprint provides an extremely thorough overview of how to leverage BPM and process improvement approaches.
Build a Sales Report | |
---|---|
|
|
|
|
|
|
|
|
Source: iSixSigma
Look at an example for a claims process, and focus on the Record Claim task (event).
Task | Input | Output | Risks | Opportunities | Condition | Sample Requirements |
---|---|---|---|---|---|---|
Record Claim | Customer Email | Case Record |
|
|
|
Business:
Non-Functional:
Functional:
|
Conducting elicitation typically takes the greatest part of the requirements management process. During elicitation, the designated BA(s) should be reviewing documentation, and conducting individual and group sessions with key stakeholders.
Elicitation is an iterative process – requirements should be refined in successive steps. If you need more information in the analysis phases, don’t be afraid to go back and conduct more elicitation.
Document any changes to the elicitation techniques in section 4.0 of the Requirements Gathering SOP and BA Playbook.
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Structured One-on-One Interview | In a structured one-on-one interview, the BA has a fixed list of questions to ask the stakeholder and follows up where necessary. | Structured interviews provide the opportunity to quickly home in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose, i.e. to receive specific stakeholder feedback on proposed requirements or to help identify systemic constraints. Generally speaking, they should be 30 minutes or less. | Low | Medium |
Unstructured One-on-One Interview | In an unstructured one-on-one interview, the BA allows the conversation to flow free form. The BA may have broad themes to touch on but does not run down a specific question list. | Unstructured interviews are most useful for initial elicitation, when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialogue and allow the participants to speak openly. They should be 60 minutes or less. | Medium | Low |
Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements, as well as allow effective communication around requirements at a later point (i.e. during the analysis and validation phases).
Use a clear interview approach to guide the preparation, facilitation styles, participants, and interview schedules you manage for a specific project.
Depending on your stakeholder audience and interview objectives, apply one or more of the following approaches to interviews.
Fosters direct engagement
IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.
Offers greater detail
With interviews, a greater degree of insight can be gained by leveraging information that wouldn’t be collected through traditional surveys. Face-to-face interactions provide thorough answers and context that helps inform requirements.
Removes ambiguity
Face-to-face interactions allow opportunities for follow-up around ambiguous answers. Clarify what stakeholders are looking for and expect in a project.
Enables stakeholder management
Interviews are a direct line of communication with a project stakeholder. They provide input and insight, and help to maintain alignment, plan next steps, and increase awareness within the IT organization.
Consider stakeholder types and characteristics, in conjunction with the best way to maximize time, when selecting which of the three interview structures to leverage during the elicitation phase of requirements gathering.
Review the following questions to determine what interview structure you should utilize. If you answer the question with “Yes,” then follow the corresponding recommendations for the interview elements.
Question | Structure Type | Facilitation Technique | # of Participants |
---|---|---|---|
Do you have to interview multiple participants at once because of time constraints? | Semi-structured | Discussion | 1+ |
Does the business or stakeholders want you to ask specific questions? | Structured | Q&A | 1 |
Have you already tried an unsuccessful survey to gather information? | Semi-structured | Discussion | 1+ |
Are you utilizing interviews to understand the area? | Unstructured | Discussion | 1+ |
Do you need to gather requirements for an immediate project? | Structured | Q&A | 1+ |
Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements during the analysis and validation stages.
Interviews generally follow the same workflow regardless of which structure you select. You must manage the process to ensure that the interview runs smoothly and results in an effective gathering requirements process.
The interview process may grind to a halt due to challenging situations. Below are common scenarios and corresponding troubleshooting techniques to get your interview back on track.
Scenario | Technique |
---|---|
Quiet interviewee | Begin all interviews by asking courteous and welcoming questions. This technique will warm the interviewee up and make them feel more comfortable. Ask prompting questions during periods of silence in the interview. Take note of the answers provided by the interviewee in your interview guide, along with observations and impact statements that occur throughout the duration of the interview process. |
Disgruntled interviewee | Avoid creating a hostile environment by eliminating the interviewee’s perception that you are choosing to focus on issues that the interviewee feels will not be resolved. Ask questions to contextualize the issue. For example, ask why they feel a particular way about the issue, and determine whether they have valid concerns that you can resolve. |
Interviewee has issues articulating their answer | Encourage the interviewee to use a whiteboard or pen and paper to kick start their thought process. Make sure you book a room with these resources readily available. |
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Casual Observation | The process of observing stakeholders performing tasks where the stakeholders are unaware they are being observed. | Capture true behavior through observation of stakeholders performing tasks without informing them they are being observed. This information can be valuable for mapping business process; however, it is difficult to isolate the core business activities from unnecessary actions. | Low | Medium |
Formal Observation | The process of observing stakeholders performing tasks where the stakeholders are aware they are being observed. | Formal observation allows BAs to isolate and study the core activities in a business process because the stakeholder is aware they are being observed. Stakeholders may become distrusting of the BA and modify their behavior if they feel their job responsibilities or job security are at risk | Low | Medium |
Info-Tech Insight
Observing stakeholders does not uncover any information about the target state. Be sure to use contextual observation in conjunction with other techniques to discover the target state.
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Closed-Response Survey | A survey that has fixed responses for each answer. A Likert-scale (or similar measures) can be used to have respondents evaluate and prioritize possible requirements. | Closed response surveys can be sent to large groups and used to quickly gauge user interest in different functional areas. They are easy for users to fill out and don’t require a high investment of time. However, their main deficit is that they are likely to miss novel requirements not listed. As such, closed response surveys are best used after initial elicitation or brainstorming to validate feature groups. | Low | Medium |
Open-Response Survey | A survey that has open-ended response fields. Questions are fixed, but respondents are free to populate the field in their own words. Open-response surveys take longer to fill out than closed, but can garner deeper insights. | Open-response surveys are a useful supplement (and occasionally replacement) for group elicitation techniques, like focus groups, when you need to receive an initial list of requirements from a broad cross-section of stakeholders. Their primary shortcoming is the analyst can’t immediately follow up on interesting points. However, they are particularly useful for reaching stakeholders who are unavailable for individual one-on-ones or group meetings. | Low | Medium |
Info-Tech Insight
Surveys can be useful mechanisms for initial drafting of raw requirements (open-response) and gauging user interest in proposed requirements or feature sets (closed-response). However, they should not be the sole focus of your elicitation program due to lack of interactivity and two-way dialogue with the BA.
What are surveys?
Surveys take a sample population’s written responses for data collection. Survey respondents can identify themselves or choose to remain anonymous. Anonymity removes the fear of repercussions for giving critical responses to sensitive topics.
Who needs to be involved?
Participants of a survey include the survey writer, respondent(s), and results compiler. There is a moderate amount of work that comes from both the writer and compiler, with little work involved on the end of the respondent.
What are the benefits?
The main benefit of surveys is their ability to reach large population groups and segments without requiring personal interaction, thus saving money. Surveys are also very responsive and can be created and modified rapidly to address needs as they arise on an on-going basis.
Surveys are most valuable when completed early in the requirements gathering stage.
Intake and Scoping → Requirements Gathering → Solution Design → Development/ Procurement → Implementation/ Deployment
When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.
Use surveys to profile the demand for specific requirements.
It is often difficult to determine if requirements are must haves or should haves. Surveys are a strong method to assist in narrowing down a wide range of requirements.
Are surveys worth the time and effort? Most of the time.
Surveys can generate insights. However, there are potential barriers:
Surveys should only be done if the above barriers can easily be overcome.
Scenario
There is an unclear picture of the business needs and functional requirements for a solution.
Survey Approach
Use open-ended questions to allow respondents to propose requirements they see as necessary.
Sample questions
What to do with your results
Take a step back
If you are using surveys to elicit a large number of requirements, there is probably a lack of clear scope and vision. Focus on scope clarification. Joint development sessions are a great technique for defining your scope with SMEs.
Moving ahead
Proper survey design determines how valuable the responses will be. Review survey principles released by the University of Wisconsin-Madison.
Provide context
Include enough detail to contextualize questions to the employee’s job duties.
Where necessary:
Give clear instructions
When introducing a question identify if it should be answered by giving one answer, multiple answers, or a ranking of answers.
Avoid IT jargon
Ensure the survey’s language is easily understood.
When surveying colleagues from the business use their own terms, not IT’s.
E.g. laptops vs. hardware
Saying “laptops” is more detailed and is a universal term.
Use ranges
Recommended:
In a month your Outlook fails:
Not Recommended:
Your Outlook fails:
Keep surveys short
Improve responses and maintain stakeholder interest by only including relevant questions that have corresponding actions.
Recommended: Keep surveys to ten or less prompts.
Scenario
There is a large list of requirements and the business is unsure of which ones to further pursue.
Survey Approach
Use closed-ended questions to give degrees of importance and rank requirements.
Sample questions
What to do with your results
Determine which requirements to further explore
Avoid simply aggregating average importance and using the highest average as the number-one priority. Group the highest average importance requirements to be further explored with other elicitation techniques.
Moving ahead
The group of highly important requirements needs to be further explored during interviews, joint development sessions, and rapid development sessions.
Scenario
The business wanted a closer look into a specific process to determine if the project could be improved to better address process issues.
Survey Approach
Use open-ended questions to allow employees to articulate very specific details of a process.
Sample questions
What to do with your results
Set up prototyping
Prototype a portion with the new requirement to see if it meets the user’s needs. Joint application development and rapid development sessions pair developers and users together to collaboratively build a solution.
Next steps
Free online surveys offer quick survey templates but may lack customization. Paid options include customizable features. Studies show that most participants find web-based surveys more appealing, as web surveys tend to have a higher rate of completion.
Potential Services (Not a comprehensive list)
SurveyMonkey – free and paid options
Good Forms – free options
Ideal for:
Paper surveys offer complete customizability. However, paper surveys take longer to distribute and record, and are also more expensive to administer.
Ideal for:
Internally-developed surveys can be distributed via the intranet or email. Internal surveys offer the most customization. Cost is the creator’s time, but cost can be saved on distribution versus paper and paid online surveys.
Ideal for:
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Focus Group | Focus groups are sessions held between a small group (typically ten individuals or less) and an experienced facilitator who leads the conversation in a productive direction. | Focus groups are highly effective for initial requirements brainstorming. The best practice is to structure them in a cross-functional manner to ensure multiple viewpoints are represented, and the conversation doesn’t become dominated by one particular individual. Facilitators must be wary of groupthink in these meetings (i.e. the tendency to converge on a single POV). | Medium | Medium |
Workshop | Workshops are larger sessions (typically ten people or more) that are led by a facilitator, and are dependent on targeted exercises. Workshops may be occasionally decomposed into smaller group sessions. | Workshops are highly versatile: they can be used for initial brainstorming, requirement prioritization, constraint identification, and business process mapping. Typically, the facilitator will use exercises or activities (such as whiteboarding, sticky note prioritization, role-playing, etc.) to get participants to share and evaluate sets of requirements. The main downside to workshops is a high time commitment from both stakeholders and the BA. | Medium | High |
Info-Tech Insight
Group elicitation techniques are most useful for gathering a wide spectrum of requirements from a broad group of stakeholders. Individual or observational techniques are typically needed for further follow-up and in-depth analysis with critical power users or sponsors.
There are two specific types of group interviews that can be utilized to elicit requirements: focus groups and workshops. Understand each type’s strengths and weaknesses to determine which is better to use in certain situations.
Focus Groups | Workshops | |
---|---|---|
Description |
|
|
Strengths |
|
|
Weaknesses |
|
|
Facilitation Guidance |
|
|
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Solution Mapping Session | A one-on-one session to outline business processes. BPM methods are used to write possible target states for the solution on a whiteboard and to engineer requirements based on steps in the model. | Solution mapping should be done with technically savvy stakeholders with a firm understanding of BPM methodologies and nomenclature. Generally, this type of elicitation method should be done with stakeholders who participated in tier one elicitation techniques who can assist with reverse-engineering business models into requirement lists. | Medium | Medium |
Joint Requirements Review Session | This elicitation method is sometimes used as a last step prior to moving to formal requirements analysis. During the review session, the rough list of requirements is vetted and confirmed with stakeholders. | A one-on-one (or small group) requirements review session gives your BAs the opportunity to ensure that what was recorded/transcribed during previous one-on-ones (or group elicitation sessions) is materially accurate and representative of the intent of the stakeholder. This elicitation step allows you to do a preliminary clean up of the requirements list before entering the formal analysis phase. | Low | Low |
Info-Tech Insight
Solution mapping and joint requirements review sessions are more advanced elicitation techniques that should be employed after preliminary techniques have been utilized. They should be reserved for technically sophisticated, high-value stakeholders.
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Interactive White- boarding | A group session where either a) requirements are converted to BPM diagrams and process flows, or b) these flows are reverse engineered to distil requirement sets. | While the focus of workshops and focus groups is more on direct requirements elicitation, interactive whiteboarding sessions are used to assist with creating initial solution maps (or reverse engineering proposed solutions into requirements). By bringing stakeholders into the process, the BA benefits from a greater depth of experience and access to SMEs. | Medium | Medium |
Joint Application Development (JAD) | JAD sessions pair end-user teams together with developers (and BA facilitators) to collect requirements and begin mapping and developing prototypes directly on the spot. | JAD sessions fit well with organizations that use Agile processes. They are particularly useful when the overall project scope is ambiguous; they can be used for project scoping, requirements definition, and initial prototyping. JAD techniques are heavily dependent on having SMEs in the room – they should preference knowledge power users over the “rank and file.” | High | High |
Info-Tech Insight
Interactive whiteboarding should be heavily BPM-centric, creating models that link requirements to specific workflow activities. Joint development sessions are time-consuming but create greater cohesion and understanding between BAs, developers, and SMEs.
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Rapid Application Development | A form of prototyping, RAD sessions are akin to joint development sessions but with greater emphasis on back-and-forth mock-ups of the proposed solution. | RAD sessions are highly iterative – requirements are gathered in sessions, developers create prototypes offline, and the results are validated by stakeholders in the next meeting. This approach should only be employed in highly Agile-centric environments. | High | High |
For more information specific to using the Agile development methodology, refer to the project blueprint Implement Agile Practices That Work.
The role of the BA differs with an Agile approach to requirements gathering. A traditional BA is a subset of the Agile BA, who typically serves as product owner. Agile BAs have elevated responsibilities that include bridging communication between stakeholders and developers, prioritizing and detailing the requirements, and testing solutions.
Use the following slides to gain a thorough understanding of both JAD and rapid development sessions (RDS) to decide which fits your project best.
Joint Application Development | Rapid Development Sessions | |
---|---|---|
Description | JAD pairs end users and developers with a facilitator to collect requirements and begin solution mapping to create an initial prototype. | RDS is an advanced approach to JAD. After an initial meeting, prototypes are developed and validated by stakeholders. Improvements are suggested by stakeholders and another prototype is created. This process is iterated until a complete solution is created. |
Who is involved? | End users, SMEs, developers, and a facilitator (you). | |
Who should use this technique? | JAD is best employed in an Agile organization. Agile organizations can take advantage of the high amount of collaboration involved. RDS requires a more Agile organization that can effectively and efficiently handle impromptu meetings to improve iterations. | |
Time/effort versus value | JAD is a time/effort-intensive activity, requiring different parties at the same time. However, the value is well worth it. JAD provides clarity for the project’s scope, justifies the requirements gathered, and could result in an initial prototype. | RDS is even more time/effort intensive than JAD. While it is more resource intensive, the reward is a more quickly developed full solution that is more customized with fewer bugs. |
Projects that use JAD should not expect dramatically quicker solution development. JAD is a thorough look at the elicitation process to make sure that the right requirements are found for the final solution’s needs. If done well, JAD eliminates rework.
Employees vary in their project engagement. Certain employees leverage JAD because they care about the solution. Others are asked for their expertise (SMEs) or because they perform the process often and understand it well.
JAD’s thorough process guarantees that requirements gathering is done well.
Projects that use RDS can either expect quicker or slower requirements gathering depending on the quality of iteration. If each iteration solves a requirement issue, then one can expect that the solution will be developed fairly rapidly. If the iterations fail to meet requirements the process will be quite lengthy.
Employees doing RDS are typically very engaged in the project and play a large role in helping to create the solution.
RDS success is tied to the organization’s ability to collaborate. Strong collaboration will lead to:
Poor collaboration will lead to RDS losing its full value.
JAD is best employed in an Agile organization for application development and selection. This technique best serves relatively complicated, large-scale projects that require rapid or sequential iterations on a prototype or solution as a part of requirements gathering elicitation. JAD effectuates each step in the elicitation process well, from initial elicitation to narrowing down requirements.
Most requirement gathering professionals will use their experience with project type standards to establish key requirements. Avoid only relying on standards when tackling a new project type. Apply JAD’s structured approach to a new project type to be thorough during the elicitation phase.
While JAD is an overarching requirements elicitation technique, it should not be the only one used. Combine the strengths of other elicitation techniques for the best results.
RDS is best utilized when one, but preferably both, of the below criteria is met.
RDS’ strengths lie in being able to tailor-make certain aspects of the solution. If the solution is too large, tailor-made sections are impossible as multiple user groups have different needs or there is insufficient resources. When a project is small to medium sized, developers can take the time to custom make sections for a specific user group.
RDS requires developers spending a large amount of time with users, leaving less time for development. Having developers at the ready to take on users’ improvement maintains the effectiveness of RDS. If the same developer who speaks to users develops the entire iteration, the process would be slowed down dramatically, losing effectiveness.
JAD relies on unstructured conversations to clarify scope, gain insights, and discuss prototyping. However, a structure must exist to guarantee that all topics are discussed and meetings are not wasted.
JAD often involves visually illustrating how high-level concepts connect as well as prototypes. Use solution mapping and interactive whiteboarding to help users and participants better understand the solution.
Having a group development session provides all the benefits of focus groups while reducing time spent in the typically time-intensive JAD process.
1. Prepare for the meeting
Email all parties a meeting overview of topics that will be discussed.
2. Discussion
3. Wrap-up
4. Follow-up
JAD provides a detail-oriented view into the elicitation process. As a facilitator, take detailed notes to maximize the outputs of JAD.
1. Prepare for the meeting
2. Hold the discussion
3. Wrap-up
4. Follow-up
RDS is best done in quick succession. Keep in constant contact with both employees and developers to maintain positive momentum from a successful iteration improvement.
JAD/RDS are both collaborative activities, and as with all group activities, issues are bound to arise. Be proactive and resolve issues using the following guidelines.
Scenario | Technique |
---|---|
Employee and developer visions for the solution don’t match up | Focus on what both solutions have in common first to dissolve any tension. Next, understand the reason why both parties have differences. Was it a difference in assumptions? Difference in what is a requirement? Once the answer has been determined, work on bridging the gaps. If there is no resolution, appoint a credible authority (or yourself) to become the final decision maker. |
Employee has difficulty understanding the technical aspect of the developer’s solution | Translate the developer’s technical terms into a language that the employee understands. Encourage the employee to ask questions to further their understanding. |
Employee was told that their requirement or proposed solution is not feasible | Have a high-level member of the development team explain how the requirement/solution is not feasible. If it’s possible, tell the employee that the requirement can be done in a future release and keep them updated. |
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Legacy System Manuals | The process of reviewing documentation and manuals associated with legacy systems to identify constraints and exact requirements for reuse. | Reviewing legacy systems and accompanying documentation is an excellent way to gain a preliminary understanding of the requirements for the upcoming application. Be careful not to overly rely on requirements from legacy systems; if legacy systems have a feature set up one way, this does not mean it should be set up the same way on the upcoming application. If an upcoming application must interact with other systems, it is ideal to understand the integration points early. | None | High |
Historical Projects | The process of reviewing documentation from historical projects to extract reusable requirements. | Previous project documentation can be a great source of information and historical lessons learned. Unfortunately, historical projects may not be well documented. Historical mining can save a great deal of time; however, the fact that it was done historically does not mean that it was done properly. | None | High |
Info-Tech Insight
Document mining is a laborious process, and as the term “mining” suggests the yield will vary. Regardless of the outcome, document mining must be performed and should be viewed as an investment in the requirements gathering process.
Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
---|---|---|---|---|
Rules | The process of extracting business logic from pre-existing business rules (e.g. explicit or implied workflows). | Stakeholders may not be fully aware of all of the business rules or the underlying rationale for the rules. Unfortunately, business rule documents can be lengthy and the number of rules relevant to the project will vary. | None | High |
Glossary | The process of extracting terminology and definitions from glossaries. | Terminology and definitions do not directly lead to the generation of requirements. However, reviewing glossaries will allow BAs to better understand domain SMEs and interpret their requirements. | None | High |
Policy | The process of extracting business logic from business policy documents (e.g. security policy and acceptable use). | Stakeholders may not be fully aware of the different policies or the underlying rationale for why they were created. Going directly to the source is an excellent way to identify constraints and requirements. Unfortunately, policies can be lengthy and the number of items relevant to the project will vary. | None | High |
Info-Tech Insight
Document mining should be the first type of elicitation activity that is conducted because it allows the BA to become familiar with organizational terminology and processes. As a result, the stakeholder facing elicitation sessions will be more productive.
1. Glossary
Extract terminology and definitions from glossaries. A glossary is an excellent source to understand the terminology that SMEs will use.
2. Policy
Pull business logic from policy documents (e.g. security policy and acceptable use). Policies generally have mandatory requirements for projects, such as standard compliance requirements.
3. Rules
Review and reuse business logic that comes from pre-existing rules (e.g. explicit or implied workflows). Like policies, rules often have mandatory requirements or at least will require significant change for something to no longer be a requirement.
4. Legacy System
Review documents and manuals of legacy systems, and identify reusable constraints and requirements. Benefits include:
Remember to not use all of the basic requirements of a legacy system. Always strive to find a better, more productive solution.
5. Historical Projects
Review documents from historical projects to extract reusable requirements. Lessons learned from the company’s previous projects are more applicable than case studies. While historical projects can be of great use, consider that previous projects may not be well documented.
Project managers frequently state that aligning projects to the business goals is a key objective of effective project management; however, it is rarely carried out throughout the project itself. This gap is often due to a lack of understanding around how to create true alignment between individual projects and the business needs.
Extract business wants and needs from official statements and reports (e.g. press releases, yearly reports). Statements and reports outline where the organization wants to go which helps to unearth relevant project requirements.
Documented requirements should always align with the scope of the project and the business objectives. Refer back frequently to your set of gathered requirements to check if they are properly aligned and ensure the project is not veering away from the original scope and business objectives.
The largest problem with documentation review is that requirements gathering professionals do it for the sake of saying they did it. As a result, projects often go off course due to not aligning to business objectives following the review sessions.
There is a time and place for each technique. Don’t become too reliant on the same ones. Diversify your approach based on the elicitation goal.
This table shows the relative strengths and weaknesses of each elicitation technique compared against the five basic elicitation scenarios.
A typical project will encounter most of the elicitation scenarios. Therefore, it is important to utilize a healthy mix of techniques to optimize effectiveness.
Very Strong = Very Effective
Strong = Effective
Medium = Somewhat Effective
Weak = Minimally Effective
Very Weak = Not Effective
Record the approved elicitation methods and best practices for each technique in the SOP.
Identify which techniques should be utilized with the different stakeholder classes.
Segment the different techniques based by project complexity level.
Use the following chart to record the approved techniques.
Stakeholder | L1 Projects | L2 Projects | L3 Projects | L4 Projects |
---|---|---|---|---|
Senior Management | Structured Interviews | |||
Project Sponsor | Unstructured Interviews | |||
SME (Business) | Focus Groups | Unstructured Interviews | ||
Functional Manager | Focus Groups | Structured Interviews | ||
End Users | Surveys; Focus Groups; Follow-Up Interviews; Observational Techniques |
Document the output from this exercise in section 4.0 of the Requirements Gathering SOP and BA Playbook.
Open lines of communication with stakeholders and keep them involved in the requirements gathering process; confirm the initial elicitation before proceeding.
Confirming the notes from the elicitation session with stakeholders will result in three benefits:
This is the Confirm stage of the Confirm, Verify, Approve process.
“Are these notes accurate and complete?”
An analyst will walk you through the different elicitation techniques including observations, document reviews, surveys, focus groups, and interviews, and highlight the level of effort required for each.
An analyst will facilitate the discussion to determine which techniques should be utilized with the different stakeholder classes.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Unstructured notes for each requirement are difficult to manage and create ambiguity. Using solution-oriented formats during elicitation sessions ensures that the content can be digested by IT and business users.
This table shows common solution-oriented formats for recording requirements. Determine which formats the development team and BAs are comfortable using and create a list of acceptable formats to use in projects.
Format | Description | Examples |
---|---|---|
Behavior Diagrams | These diagrams describe what must happen in the system. | Business Process Models, Swim Lane Diagram, Use Case Diagram |
Interaction Diagrams | These diagrams describe the flow and control of data within a system. | Sequence Diagrams, Entity Diagrams |
Stories | These text-based representations take the perspective of a user and describe the activities and benefits of a process. | Scenarios, User Stories |
Info-Tech Insight
Business process modeling is an excellent way to visually represent intricate processes for both IT and business users. For complex projects with high business significance, business process modeling is the best way to capture requirements and create transformational gains.
Define Use Cases for Each Stakeholder
Define Applications for Each Use Case
Consider the following guidelines:
Use cases can conflict with each other. In certain situations, specific requirements of these use cases may clash with one another even though they are functionally sound. Evaluate use-case requirements and determine how they satisfy the overall business need.
Use cases are not necessarily isolated; they can be nested. Certain functionalities are dependent on the results of another action, often in a hierarchical fashion. By mapping out the expected workflows, BAs can determine the most appropriate way to implement.
Use cases can be functionally implemented in many ways. There could be multiple ways to accomplish the same use case. Each of these needs to be documented so that functional testing and user documentation can be based on them.
Log Into Account | ← Depends on (Nested) | Ordering Products Online |
---|---|---|
Enter username and password | Complete order form | |
Verify user is a real person | Process order | |
Send user forgotten password message | Check user’s account | |
Send order confirmation to user |
Inspector: Log into system → Search for case → Identify recipient → Determine letter type → Print letter
Admin: Receive letter from inspector → Package and mail letter
Citizen: Receive letter from inspector
What are they?
User stories describe what requirement a user wants in the solution and why they want it. The end goal of a user story is to create a simple description of a requirement for developers.
When to use them
User stories should always be used in requirements gathering. User stories should be collected throughout the elicitation process. Try to recapture user stories as new project information is released to capture any changes in end-customer needs.
What’s the benefit?
User stories help capture target users, customers, and stakeholders. They also create a “face” for individual user requirements by providing user context. This detail enables IT leaders to associate goals and end objectives with each persona.
Takeaway
To better understand the characteristics driving user requirements, begin to map objectives to separate user personas that represent each of the project stakeholders.
Are user stories worth the time and effort?
Absolutely.
A user’s wants and needs serve as a constant reminder to developers. Developers can use this information to focus on how a solution needs to accomplish a goal instead of only focusing on what goals need to be completed.
Instructions
As a | I want to | So that | Size | Priority |
---|---|---|---|---|
Developer | Learn network and system constraints | The churn between Operations and I will be reduced. | 1 point | Low |
Team member |
Increase the number of demonstrations | I can achieve greater alignment with business stakeholders. | 3 points | High |
Product owner | Implement a user story prioritization technique | I can delegate stories in my product backlog to multiple Agile teams. | 3 points | Medium |
Keep your user stories short and impactful to ensure that they retain their impact.
As a [stakeholder title], I want to [one requirement] so that [reason for wanting that requirement].
Use this template for all user stories. Other formats will undermine the point of a user story. Multiple requirements from a single user must be made into multiple stories and given to the appropriate developer. User stories should fit onto a sticky note or small card.
As an: | I want to: | So that: | |
---|---|---|---|
✓ | Administrator | Integrate with Excel | File transfer won’t possibly lose information |
X | Administrator | Integrate with Excel and Word | File transfer won’t possibly lose information |
While the difference between the two may be small, it would still undermine the effectiveness of a user story. Different developers may work on the integration of Excel or Word and may not receive this user story.
Size is an estimate of how many resources must be dedicated to accomplish the want. Assign a size to each user story to help determine resource allocation.
Based on how important the requirement is to project success, assign each user story a rating of high, medium, or low. The priority given will dictate which requirements are completed first.
Example:
Scope: Design software to simplify financial reporting
User Story | Estimated Size | Priority |
---|---|---|
As an administrator, I want to integrate with Excel so that file transfer won’t possibly lose information. | Low | High |
As an administrator, I want to simplify graph construction so that I can more easily display information for stakeholders. | High | Medium |
Combine both size and priority to decide resource allocation. Low-size, high-priority tasks should always be done first.
When collecting user stories, many will be centered around the same requirement. Group similar user stories together to show the need for that requirement’s inclusion in the solution.
Even if it isn’t a must-have requirement, if the number of similar user stories is high enough, it would become the most important should-have requirement.
As an | I want | So that |
---|---|---|
Administrator | To be able to create bar graphs | Information can be more easily illustrated |
Accountant | To be able to make pie charts | Budget information can be visually represented |
Both user stories are about creating charts and would be developed similarly.
As an | I want | So that |
---|---|---|
Administrator | The program to auto-save | Information won’t be lost during power outages |
Accountant | To be able to save to SharePoint | My colleagues can easily view and edit my work |
While both stories are about saving documents, the development of each feature is vastly different.
User profiles are a way of grouping users based on a significant shared details (e.g. in the finance department, website user).
Go beyond the user profile
When creating the profile, consider more than the group’s name. Ask yourself the following questions:
For example, if a user profile has low expertise but interacts and depends heavily on the program, a more thorough tutorial of the FAQ section is needed.
Profiles put developers in user’s shoes
Grouping users together helps developers put a face to the name. Developers can then more easily empathize with users and develop an end solution that is directly catered to their needs.
Work in groups to run through the following story-sizing activities.
Planning Poker: This approach uses the Delphi method where members estimate the size of each user story by revealing numbered cards. These estimates are then discussed and agreed upon as a group.
Team Sort: This approach can assist in expediting estimation when you are handling numerous user stories.
Use the product backlog to capture expected work and create a roadmap for the project by showing what requirements need to be delivered.
How is the product owner involved?
How do I create a product backlog?
What are the approaches to generate my backlog?
Epics and Themes
As you begin to take on larger projects, it may be advantageous to organize and group your user stories to simplify your release plan:
To avoid confusion, the pilot product backlog will be solely composed of user stories.
Example:
Theme: Increase user exposure to corporate services through mobile devices | |
---|---|
Epic: Access corporate services through a mobile application | Epic: Access corporate services through mobile website |
User Story: As a user, I want to find the closest office so that I can minimize travel time As a user, I want to find the closest office so that I can minimize travel time | User Story: As a user, I want to submit a complaint so that I can improve company processes |
Overview
Leverage Info-Tech’s Scrum Documentation Template, using the Backlog and Planning tab, to help walk you through this activity.
Instructions
Examples:
As a citizen, I want to know about road construction so that I can save time when driving. Business Value: High
As a customer, I want to find the nearest government office so that I can register for benefits. Business Value: Medium
As a voter, I want to know what each candidate believes in so that I can make an informed decision. Business Value: High
2.2.1 Build use-case models
An analyst will assist in demonstrating how to use elicitation techniques to build use-case models. The analyst will walk you through the table testing to visually map out and design process flows for each use case.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Start with an analyst kick off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 3 Results & Insights:
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
The analysis phase is where requirements are compiled, categorized, and prioritized to make managing large volumes easier. Many organizations prematurely celebrate being finished the elicitation phase and do not perform adequate diligence in this phase; however, the analysis phase is crucial for a smooth transition into validation and application development or procurement.
Eliciting requirements is an important step in the process, but turning endless pages of notes into something meaningful to all stakeholders is the major challenge.
Begin the analysis phase by categorizing requirements to make locating, reconciling, and managing them much easier. There are often complex relationships and dependencies among requirements that do not get noted or emphasized to the development team and as a result get overlooked.
Typically, requirements are classified as functional and non-functional at the high level. Functional requirements specify WHAT the system or component needs to do and non-functional requirements explain HOW the system must behave.
Examples
Functional Requirement: The application must produce a sales report at the end of the month.
Non-Functional Requirement: The report must be available within one minute after midnight (EST) of the last day of the month. The report will be available for five years after the report is produced. All numbers in the report will be displayed to two decimal places.
Further sub-categorization of requirements is necessary to realize the full benefit of categorization. Proficient BAs will even work backwards from the categories to drive the elicitation sessions. The categories used will depend on the type of project, but for categorizing non-functional requirements, the Volere Requirements Resources has created an exhaustive list of sub-categories.
Requirements Category | Elements |
Example |
---|---|---|
Look & Feel | Appearance, Style |
User Experience |
Usability & Humanity | Ease of Use, Personalization, Internationalization, Learning, Understandability, Accessibility | Language Support |
Performance | Speed, Latency, Safety, Precision, Reliability, Availability, Robustness, Capacity, Scalability, Longevity | Bandwidth |
Operational & Environmental | Expected Physical Environment, Interfacing With Adjacent Systems, Productization, Release | Heating and Cooling |
Maintainability & Support | Maintenance, Supportability, Adaptability | Warranty SLAs |
Security |
Access, Integrity, Privacy, Audit, Immunity | Intrusion Prevention |
Cultural & Political | Global Differentiation | Different Statutory Holidays |
Legal | Compliance, Standards | Hosting Regulations |
Complete – Expressed a whole idea or statement.
Correct – Technically and legally possible.
Clear – Unambiguous and not confusing.
Verifiable – It can be determined that the system meets the requirement.
Necessary – Should support one of the project goals.
Feasible – Can be accomplished within cost and schedule.
Prioritized – Tracked according to business need levels.
Consistent – Not in conflict with other requirements.
Traceable – Uniquely identified and tracked.
Modular – Can be changed without excessive impact.
Design-independent – Does not pose specific solutions on design.
Document any changes to the requirements categories in section 5.1 of the Requirements Gathering SOP and BA Playbook.
After elicitation, it is very common for an organization to end up with redundant, complementary, and conflicting requirements. Consolidation will make managing a large volume of requirements much easier.
Redundant Requirements | Owner | Priority | |
---|---|---|---|
1. | The application shall feed employee information into the payroll system. | Payroll | High |
2. | The application shall feed employee information into the payroll system. | HR | Low |
Result | The application shall feed employee information into the payroll system. | Payroll & HR | High |
Complementary Requirements | Owner | Priority | |
---|---|---|---|
1. | The application shall export reports in XLS and PDF format. | Marketing | High |
2. | The application shall export reports in CSV and PDF format. | Finance | High |
Result | The application shall export reports in XLS, CSV, and PDF format. | Marketing & Finance | High |
Info-Tech Insight
When collapsing redundant or complementary requirements, it is imperative that the ownership and priority metadata be preserved for future reference. Avoid consolidating complementary requirements with drastically different priority levels.
Conflicting requirements are unavoidable; identify and resolve them as early as possible to minimize rework and grief.
Conflicting requirements occur when stakeholders have requirements that either partially or fully contradict one another, and as a result, it is not possible or practical to implement all of the requirements.
Steps to Resolving Conflict:
Info-Tech Insight
Resolve conflicts whenever possible during the elicitation phase by using cross-functional workshops to facilitate discussions that address and settle conflicts in the room.
Review the outputs from the last exercise and ensure that the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.
Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted towards the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.
The MoSCoW Model of Prioritization
The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994 (Source: ProductPlan).
Effective Prioritization Criteria
Criteria |
Description |
---|---|
Regulatory & Legal Compliance | These requirements will be considered mandatory. |
Policy Compliance | Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory. |
Business Value Significance | Give a higher priority to high-value requirements. |
Business Risk | Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early. |
Likelihood of Success | Especially in proof-of-concept projects, it is recommended that requirements have good odds. |
Implementation Complexity | Give a higher priority to low implementation difficulty requirements. |
Alignment With Strategy | Give a higher priority to requirements that enable the corporate strategy. |
Urgency | Prioritize requirements based on time sensitivity. |
Dependencies | A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it. |
Info-Tech Insight
It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.
Use the Requirements Gathering Documentation Tool to identify and track stakeholder involvement, elicitation techniques, and scheduling, as well as to track categorization and prioritization of requirements.
Using the output from the MoSCoW model, prioritize the requirements according to those you must have, should have, could have, and won’t have.
3.1.1 Create functional requirements categories
An analyst will facilitate the discussion to brainstorm and determine criteria for requirements categories.
3.1.2 Consolidate similar requirements and eliminate redundancies
An analyst will facilitate a session to review the requirements categories to ensure the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.
3.1.3 Prioritize requirements
An analyst will facilitate the discussion on how to prioritize requirements according to the MoSCoW prioritization framework. The analyst will also walk you through the exercise of determining dependencies for each requirement.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
This step involves the following participants:
Outcomes of this step
The validation phase involves translating the requirements, modeling the solutions, allocating features across the phased deployment plan, preparing the requirements package, and getting requirement sign-off. This is the last step in the Info-Tech Requirements Gathering Framework.
Before going for final sign-off, ensure that you have pulled together all of the relevant documentation.
The requirements package is a compilation of all of the business analysis and requirements gathering that occurred. The document will be distributed among major stakeholders for review and sign-off.
Some may argue that the biggest challenge in the validation phase is getting the stakeholders to sign off on the requirements package; however, the real challenge is getting them to actually read it. Often, stakeholders sign the requirements document without fully understanding the scope of the application, details of deployment, and how it affects them.
Remember, this document is not for the BAs; it’s for the stakeholders. Make the package with the stakeholders in mind. Create multiple versions of the requirements package where the length and level of technical details is tailored to the audience. Consider creating a supplementary PowerPoint version of the requirements package to present to senior management.
Contents of Requirements Package:
"Sit down with your stakeholders, read them the document line by line, and have them paraphrase it back to you so you’re on the same page." – Anonymous City Manager of IT Project Planning Info-Tech Interview
The BRD captures the original business objectives and high-level business requirements for the system/process. The system requirements document (SRD) captures the more detailed functional and technical requirements.
The Business Requirements Document Template can be used to record the functional, quality, and usability requirements into formats that are easily consumable for future analysis, architectural and design activities, and most importantly in a format that is understandable by all business partners.
The BRD is designed to take the reader from a high-level understanding of the business processes down to the detailed automation requirements. It should capture the following:
Build the required documentation for requirements gathering.
Document the output from this exercise in section 6 of the Requirements Gathering SOP and BA Playbook.
Practice presenting the requirements document to business stakeholders.
Example:
Typical Requirements Gathering Validation Meeting Agenda | |
---|---|
Project overview | 5 minutes |
Project operating model | 10 minutes |
Prioritized requirements list | 5 minutes |
Business process model | 30 minutes |
Implementation considerations | 5 minutes |
Practice translating business requirements into system requirements.
Download the Requirements Gathering Testing Checklist template.
Identify how to test the effectiveness of different requirements.
Keep the stakeholders involved in the process in between elicitation and sign-off to ensure that nothing gets lost in transition.
After an organization’s requirements have been aggregated, categorized, and consolidated, the business requirements package will begin to take shape. However, there is still a great deal of work to complete. Prior to proceeding with the process, requirements should be verified by domain SMEs to ensure that the analyzed requirements continue to meet their needs. This step is often overlooked because it is laborious and can create additional work; however, the workload associated with verification is much less than the eventual rework stemming from poor requirements.
All errors in the requirements gathering process eventually surface; it is only a matter of time. Control when these errors appear and minimize costs by soliciting feedback from stakeholders early and often.
This is the Verify stage of the Confirm, Verify, Approve process.
“Do these requirements still meet your needs?”
Use the sign-off process as one last opportunity to manage expectations, obtain commitment from the stakeholders, and minimize change requests.
Development or procurement of the application cannot begin until the requirements package has been approved by all of the key stakeholders. This will be the third time that the stakeholders are asked to review the requirements; however, this will be the first time that the stakeholders are asked to sign off on them.
It is important that the stakeholders understand the significance of their signatures. This is their last opportunity to see exactly what the solution will look like and to make change requests. Ensure that the stakeholders also recognize which requirements were omitted from the solution that may affect them.
The sign-off process needs to mean something to the stakeholders. Once a signature is given, that stakeholder must be accountable for it and should not be able to make change requests. Note that there are some requests from senior stakeholders that can’t be refused; use discretion when declining requests.
This is the Approve stage of the Confirm, Verify, Approve process.
"Once requirements are signed off, stay firm on them!" – Anonymous Hospital Business Systems Analyst Info-Tech Interview
3.2.1; 3.2.2 Rightsize the BRD and present it to business stakeholders
An analyst will facilitate the discussion to gather the required documentation for building the BRD. The analyst will also assist with practicing the presenting of each section of the document to business stakeholders.
3.2.3; 3.2.4 Translate business requirements into technical requirements and identify testing opportunities
An analyst will facilitate the session to practice translating business requirements into testing requirements and assist in determining how to test the effectiveness of different requirements.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 3 weeks
Start with an analyst kick off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Requirements Gathering Communication Tracking Template
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Although the manage, communicate, and test requirements section chronologically falls as the last section of this blueprint, that does not imply that this section is to be performed only at the end. These tasks are meant to be completed iteratively throughout the project to support the core requirements gathering tasks.
Once the stakeholders sign off on the requirements document, any changes need to be tracked and managed. To do that, you need a change control process.
Thoroughly validating requirements should reduce the amount of change requests you receive. However, eliminating all changes is unavoidable.
The BAs, sponsor, and stakeholders should have agreed upon a clearly defined scope for the project during the planning phase, but there will almost always be requests for change as the project progresses. Even a high number of small changes can negatively impact the project schedule and budget.
To avoid scope creep, route all changes, including small ones, through a formal change control process that will be adapted depending on the level of project and impact of the change.
Document any changes from this exercise in section 7.1 of the Requirements Gathering SOP and BA Playbook.
Determine how changes will be escalated for level 1/2/3/4 projects.
Document any changes from this exercise in section 7.2 of the Requirements Gathering SOP and BA Playbook.
Impact Category | Final Decision Rests With Project Manager If: | Escalate to Steering Committee If: | Escalate to Change Control Board If: | Escalate to Sponsor If: |
---|---|---|---|---|
Scope |
|
|
||
Budget |
|
|
|
|
Schedule |
|
|
|
|
Requirements |
|
|
Impact Category | Final Decision Rests With Project Manager If: | Escalate to Steering Committee If: | Escalate to Sponsor If: |
---|---|---|---|
Scope |
|
| |
Budget |
|
| |
Schedule |
|
| |
Requirements |
|
|
Info-Tech Deliverable
Take advantage of Info-Tech’s Requirements Traceability Matrix to track requirements from inception through to testing.
Review the requirements gathering process and control levels for project levels 1/2/3/4 and add as much detail as possible to each process.
Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.
Understand who is responsible, accountable, consulted, and informed for key elements of the requirements gathering process for project levels 1/2/3/4.
Project Requestor | Project Sponsor | Customers | Suppliers | Subject Matter Experts | Vendors | Executives | Project Management | IT Management | Developer/ Business Analyst | Network Services | Support | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Intake Form | A | C | C | I | R | |||||||
High-Level Business Case | R | A | C | C | C | C | I | I | C | |||
Project Classification | I | I | C | I | R | A | R | |||||
Project Approval | R | R | I | I | I | I | I | I | A | I | I | |
Project Charter | R | C | R | R | C | R | I | A | I | R | C | C |
Develop BRD | R | I | R | C | C | C | R | A | C | C | ||
Sign-Off on BRD/ Project Charter | R | A | R | R | R | R | ||||||
Develop System Requirements | C | C | C | R | I | C | A | R | R | |||
Sign-Off on SRD | R | R | R | I | A | R | R | |||||
Testing/Validation | A | I | R | C | R | C | R | I | R | R | ||
Change Requests | R | R | C | C | A | I | R | C | ||||
Sign-Off on Change Request | R | A | R | R | R | R | ||||||
Final Acceptance | R | A | R | I | I | I | I | R | R | R | I | I |
4.1.1; 4.1.2 Develop a change control process and guidelines for escalating changes
An analyst will facilitate the discussion on how to improve upon your organization’s change control processes and how changes will be escalated to ensure effective tracking and management of changes.
4.1.3 Confirm your requirements gathering process
With the group, an analyst will review the requirements gathering process and control levels for the different project levels.
4.1.4 Define the RACI for the requirements gathering process
An analyst will facilitate a whiteboard exercise to understand who is responsible, accountable, informed, and consulted for key elements of the requirements gathering process.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Requirements Governance Responsibilities
1. Provide oversight and review of SOPs pertaining to requirements elicitation, analysis, and validation.
2. Establish corporate policies with respect to requirements gathering SOP training and education of analysts.
3. Prioritize efforts for requirements optimization.
4. Determine and track metrics that will be used to gauge the success (or failure) of requirements optimization efforts and make process and policy changes as needed.
Use a power map to determine which governance model best fits your organization.
This exercise will help to define the purpose statement for the applicable requirements gathering governance team.
Example:
The requirements gathering governance team oversees the procedures that are employed by BAs and other requirements gathering practitioners for [insert company name]. Members of the team are appointed by [insert role] and are accountable to [typically the chair of the committee].
Day-to-day operations of the requirements gathering team are expected to be at the practitioner (i.e. BA) level. The team is not responsible for conducting elicitation on its own, although members of the team may be involved from a project perspective.
Document the output from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.
Industry Not-for-Profit
Source Info-Tech Workshop
This organization is a not-for-profit benefits provider that offers dental coverage to more than 1.5 million people across three states.
With a wide ranging application portfolio that includes in-house, custom developed applications as well as commercial off-the-shelf solutions, the company had no consistent method of gathering requirements.
The organization contracted Info-Tech to help build an SOP to put in place a rigorous and efficient methodology for requirements elicitation, analysis, and validation.
One of the key realizations in the workshop was the need for governance and oversight over the requirements gathering process. As a result, the organization developed a Requirements Management Steering Committee to provide strategic oversight and governance over requirements gathering processes.
The Requirements Management Steering Committee introduced accountability and oversight into the procedures that are employed by BAs. The Committee’s mandate included:
R – Responsible
The one responsible for getting the job done.
A – Accountable
Only one person can be accountable for each task.
C – Consulted
Involvement through input of knowledge and information.
I – Informed
Receiving information about process execution and quality.
Build the participation list and authority matrix for the requirements gathering governance team.
Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.
Define your governance team procedures, cadence, and agenda.
Meeting call to order | [Committee Chair] | [Time] |
---|---|---|
Roll call | [Committee Chair] | [Time] |
Review of SOPs | ||
A. Requirements gathering dashboard review | [Presenters, department] | [Time] |
B. Review targets | [Presenters, department] | [Time] |
C. Policy Review | [Presenters, department] | [Time] |
Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.
A successful communication plan involves making the initiative visible and creating staff awareness around it. Educate the organization on how the requirements gathering process will differ.
People can be adverse to change and may be unreceptive to being told they must “comply” to new policies and procedures. Demonstrate the value in requirements gathering and show how it will assist people in their day-to-day activities.
By demonstrating how an improved requirements gathering process will impact staff directly, you create a deeper level of understanding across lines-of-business, and ultimately a higher level of acceptance for new processes, rules, and guidelines.
Stakeholder:
Key Stakeholder:
User Group Representatives:
Unwilling – Individuals who are unwilling to change may need additional encouragement. For these individuals, you’ll need to reframe the situation and emphasize how the change will benefit them specifically.
Unable – All involved requirements gathering will need some form of training on the process, committee roles, and responsibilities. Be sure to have training and support available for employees who need it and communicate this to staff.
Unaware – Until people understand exactly what is going on, they will not be able to conform to the process. Communicate change regularly at the appropriate detail to encourage stakeholder support.
Info-Tech Insight
Resisters who have influence present a high risk to the implementation as they may encourage others to resist as well. Know where and why each stakeholder is likely to resist to mitigate risk. A detailed plan will ensure you have the needed documentation and communications to successfully manage stakeholder resistance.
Identify the impact and level of resistance of all stakeholders to come up with the right communication plan.
Use a power map to plot key stakeholders according to influence and involvement.
Use a power map to plot key stakeholders according to influence and involvement.
High Risk:
Stakeholders with high influence who are not as involved in the project or are heavily impacted by the project are less likely to give feedback throughout the project lifecycle and need to be engaged. They are not as involved but have the ability to impact project success, so stay one step ahead.
Do not limit your engagement to kick-off and close – you need to continue seeking input and support at all stages of the project.
Mid Risk:
Key players have high influence, but they are also more involved with the project or impacted by its outcomes and are thus easier to engage.
Stakeholders who are heavily impacted by project outcomes will be essential to your organizational change management strategy. Do not wait until implementation to engage them in preparing the organization to accept the project – make them change champions.
Low Risk:
Stakeholders with low influence who are not impacted by the project do not pose as great of a risk, but you need to keep them consistently informed of the project and involve them at the appropriate control points to collect feedback and approval.
Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.
The change message should:
The five elements of communicating the reason for the change:
COMMUNICATING THE CHANGE
What is the change?
Why are we doing it?
How are we going to go about it?
How long will it take us?
What will the role be for each department and individual?
Build the communications management plan around your stakeholders’ needs.
Sample communications plan: Status reports
Vehicle | Audience | Purpose | Frequency | Owner | Distribution | Level of Detail |
---|---|---|---|---|---|---|
Sample communications plan: Status reports
Vehicle | Audience | Purpose | Frequency | Owner | Distribution | Level of Detail |
---|---|---|---|---|---|---|
Status Report | Sponsor | Project progress and deliverable status | Weekly | Project Manager |
Details for
|
|
Status Report | Line of Business VP | Project progress | Monthly | Project Manager |
High Level for
|
Build a high-level timeline for the implementation.
Major KPIs typically used for benchmarking include:
Revisit the requirements gathering metrics selected in the planning phase and recalculate them after requirements gathering optimization has been attempted.
4.2.1; 4.2.2; 4.2.3 – Build a requirements gathering steering committee
The analyst will facilitate the discussion to define the purpose statement of the steering committee, build the participation list and authority matrix for its members, and define the procedures and agenda.
4.2.4 Identify and analyze stakeholders
An analyst will facilitate the discussion on how to identify the impact and level of resistance of all stakeholders to come up with the communication plan.
4.2.5 Create a communications management plan
An analyst will assist the team in building the communications management plan based on the stakeholders’ needs that were outlined in the stakeholder analysis exercise.
4.2.6 Build a requirements gathering implementation timeline
An analyst will facilitate a session to brainstorm and document any action items and build a high-level timeline for implementation.
Note: This research also incorporates extensive insights and feedback from our advisory service and related research projects.
“10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint Software Systems, 2012. Web.
“BPM Definition.” BPMInstitute.org, n.d. Web.
“Capturing the Value of Project Management.” PMI’s Pulse of the Profession, 2015. Web.
Eby, Kate. “Demystifying the 5 Phases of Project Management.” Smartsheet, 29 May 2019. Web.
“Product Management: MoSCoW Prioritization.” ProductPlan, n.d. Web.
“Projects Delivered on Time & on Budget Result in Larger Market Opportunities.” Jama Software, 2015. Web.
“SIPOC Table.” iSixSigma, n.d. Web.
“Survey Principles.” University of Wisconsin-Madison, n.d. Web.
“The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.
If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.
For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.
The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.
Use this tool to input the outcomes of your various application assessments.
“HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
– Nigel Cheshire in Team Studio
You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.
For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.
The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.
Is “Lotus” Domino still alive?
The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.
Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:
With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.
“There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”
– Rob Salerno, Founder & CTO, Rivet Technology Partners
by Darin Stahl
Key/Value | Column | ||
---|---|---|---|
Use case: Heavily accessed, rarely updated, large amounts of data |
Use case: High availability, multiple data centers |
||
Document | Graph | ||
Use case: Rapid development, Web and programmer friendly |
Use case: Best at dealing with complexity and relationships/networks |
Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.
Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.
Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.
Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.
Retire the application, storing the application data in a long-term repository.
The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.
Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.
Be aware of the costs associated with archiving. The more you archive, the more it will cost you.
Migrate to a new version of the application
An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.
This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.
Transition an existing Domino application to a new modern platform
This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.
Two challenges are particularly significant when migrating or replatforming Domino applications:
There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.
Stay with HCL, understanding its future commitment to the platform.
Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:
That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.
“SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*
Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino
Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.
Croatia
“Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*
Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.
Rivive Me: Migrate Notes Domino applications to an enterprise web application
Canada
* rivit.ca
“More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*
SkyBow Studio: The low-code platform fully integrated into Microsoft 365
Switzerland
“CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*
CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.
United Kingdom
“4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*
4WS.Platform is available in two editions: Community and Enterprise.
The Platform Enterprise Edition, allows access with an optional support pack.
4WS.Platform’s technical support provides support services to the users through support contracts and agreements.
The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.
Italy
Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.
Use this Application Rationalization Tool to input the outcomes of your various application assessments
Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.
Watch out for misleading scores that result from poorly designed criteria weightings.
Manage your application portfolio to minimize risk and maximize value.
Empower the business to implement their own applications with a trusted business-IT relationship.
Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.
Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.
Leverage your vendor sourcing process to get better results.
Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).
Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.
Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.
Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.
“Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.
McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.
Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.
Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint helps you develop an approach to understand the mobile experience your stakeholders want your users to have and select the appropriate platform and delivery tools to meet these expectations.
This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Choose the right mobile platform.
Shortlist your mobile delivery solution and desired features and services.
A chosen mobile platform that meets user and enterprise needs.
Candidate mobile delivery solutions that meet your delivery needs and capacity of your teams.
1.1 Select your platform approach.
1.2 Shortlist your mobile delivery solution.
1.3 Build your feature and service lists.
Desired mobile platform approach.
Shortlisted mobile delivery solutions.
Desired list of vendor features and services.
Design the mobile application minimal viable product (MVP).
Create your mobile roadmap.
An achievable and valuable mobile application that is scalable for future growth.
Clear intent of business outcome delivery and completing mobile delivery activities.
2.1 Define your MVP release.
2.2 Build your roadmap.
MVP design.
Mobile delivery roadmap.
Understand your user’s environment needs, behaviors, and challenges.
Define stakeholder expectations and ensure alignment with the holistic business strategy.
Identify your mobile application opportunities.
Thorough understanding of your mobile user and opportunities where mobile applications can help.
Level set stakeholder expectations and establish targeted objectives.
Prioritized list of mobile opportunities.
3.1 Generate user personas with empathy maps.
3.2 Build your mobile application canvas.
3.3 Build your mobile backlog.
User personas.
Mobile objectives and metrics.
Mobile opportunity backlog.
Define the mobile experience you want to deliver and the features to enable it.
Understand the state of your current system to support mobile.
Identify your definition of mobile application quality.
List the concerns with mobile delivery.
Clear understanding of the desired mobile experience.
Potential issues and risks with enabling mobile on top of existing systems.
Grounded understanding of mobile application quality.
Holistic readiness assessment to proceed with mobile delivery.
4.1 Discuss your mobile needs.
4.2 Conduct a technical assessment.
4.3 Define mobile application quality.
4.4 Verify your decision to deliver mobile applications.
List of mobile features to enable the desired mobile experience.
System current assessment.
Mobile application quality definition.
Verification to proceed with mobile delivery.
Workers require access to enterprise products, data, and services anywhere at anytime on any device. Give them the device-specific features, offline access, desktop-like interfaces, and automation capabilities they need to be productive.
To be successful, you need to instill a collaborative business-IT partnership. Only through this partnership will you be able to select the right mobile platform and tools to balance desired outcomes with enterprise security, performance, integration, quality, and other delivery capacity concerns.
Andrew Kum-Seun
Senior Research Analyst,
Application Delivery and Application Management
Info-Tech Research Group
Treat your mobile applications as digital products. Digital products are continuously modernized to ensure they are fit-for-purpose, secured, accessible, and immersive. A successful mobile experience involves more than just the software and supporting system. It involves good training and onboarding, efficient delivery turnaround, and a clear and rational vision and strategy.
Mobile Builds Interests
61%
Mobile devices drove 61% of visits to U.S. websites
Source: Perficient, 2021
Mobile Maintains Engagement
54%
Mobile devices generated 54.4% of global website traffic in Q4 2021.
Source: Statista, 2022
Mobile Drives Productivity
82%
According to 82% of IT executives, smartphones are highly important to employee productivity
Source: Samsung and Oxford Economics, 2022
Organizations know the criticality of mobile applications in meeting key business and digital transformation goals, and they are making significant investments. Over half (58%) of organizations say their main strategy for driving application adoption is enabling mobile access to critical enterprise systems (Enterprise CIO, 2016). The strategic positioning and planning of mobile applications are key for success.
Mobile Can Motivate, Support and Drive Progress in Key Activities Underpinning Digital Transformation Goals
Source: Broadridge, 2022
To learn more, visit Info-Tech's Define Your Digital Business Strategy blueprint.
Role |
Opportunities With Mobile Applications |
Expected Value |
|
---|---|---|---|
Stationary Worker |
Design flowcharts and diagrams, while abandoning paper and desktop applications in favor of easy-to-use, drawing tablet applications. |
Multitask by checking the application to verify information given by a vendor during their presentation or pitch. |
|
Roaming Worker |
Replace physical copies of service and repair manuals with digital copies, and access them with mobile applications. |
Scan or input product bar code to determine whether a replacement part is available or needs to be ordered. |
|
Roaming Worker |
Log patient information according to HIPAA standards and complete diagnostics live to propose medication for a patient. |
Receive messages from senior staff about patients and scheduling while on-call. |
|
If you build it, they may not come. Design and build the applications your user wants and needs, and ensure users are properly onboarded and trained. Learn how your applications are leveraged, capture feedback from the user and system dashboards, and plan for enhancements, fixes, and modernizations.
Workers want sophisticated mobile applications like what they see their peers and competitors use.
Value Quickly Wears Off
39.9% of users uninstall an application because it is not in use.
40%
Source: n=2,000, CleverTap, 2021
Low Tolerance to Waiting
Keeping a user waiting for 3 seconds is enough to dissatisfy 43% of users.
43%
Source: AppSamurai, 2018
Quick Fixes Are Paramount
44% of defects are found by users
44%
Source: Perfecto Mobile, 2014
What is the issue? Mobile priorities, concepts, and technologies do not remain static. For example, current Google's Pixels benefit from at least three versions of Android updates and at least three years of monthly security patches after their release (NextPit, 2022). Keeping up to date with anything mobile is difficult if you do not have the right delivery and product management practices in place.
What is the impact on IT? Those who fail to prepare for changing requirements and technologies will quickly run into maintainability, extensibility, and flexibility issues. Mobile applications will quickly become stale and misaligned with the maturity of other enterprise infrastructure and applications.
Continuously look at the trends, vendor roadmaps, and your user's feedback to envision where your mobile applications should be. Learning from your past attempts gives you insights on the opportunities and impacts changes will have on your people, process, and technology.
How do I address this issue? A well-defined mobile vision and roadmap ensures your initiatives are aligned with your holistic business and technology strategies, the right problem is being solved, and resources are available to deliver high priority changes.
To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.
Teams must be ready to alter their mobile approach when new insights and issues arise during and after the delivery of your mobile application and its updates.
Cybersecurity should be a top priority given the high security exposure of mobiles and the sensitive data mobile applications need to operate. Role-based access, back-up systems, advanced scanning, and protection software and encryption should all be implemented.
Your application will likely be integrated with other systems to expand service offerings and optimize performance and user experience. Your enterprise integration strategy ensures all systems connect against a common pattern with compatible technologies.
Enterprise mobile delivery requires a broad skillset to build valuable applications against extensive non-functional requirements in complex and integration environments. The right resources are even harder to find when native applications are preferred over web-based ones.
Source: Radoslaw Szeja, Netguru, 2022.
First, deliver the experience end users want and expect by designing the application against digital application principles.
Business Value |
|
---|---|
Continuous modernization |
|
|
|
|
|
|
|
|
|
To learn more, visit Info-Tech's Modernize Your Applications blueprint.
Then, deliver a long-lasting experience by supporting your applications with key governance and management capabilities.
To learn more, visit Info-Tech's Make the Case for Product Delivery blueprint.
WORKFLOW |
|
---|---|
1. Capture Your User Personas and Journey | ![]() |
2. Select Your Platform | ![]() |
3. Shortlist Your Solutions | ![]() |
Strategic Perspective
|
|||
---|---|---|---|
1. End-User Perspective |
End User Needs |
||
|
|
|
|
Native User Experience |
|||
|
|||
2. Platform Perspective |
Technical Requirements |
||
Security |
Performance |
Integration |
|
Mobile Platform |
|||
3. Solution Perspective |
Vendor Support |
||
Services |
Stack Mgmt. |
Quality & Risk |
|
Mobile Delivery Solutions |
For a mobile application to be meaningful, the functions, aesthetics and content must be:
Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.
To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.
Source: Marky Roden, Xomino, 2018
Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.
"A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely-coupled API architecture, whether the supporting system is managed and supported by your organization or by third-party providers.
Mobile web applications are deployed and executed within the mobile web browser. They are often developed with a combination of web and scripting languages, such as HTML, CSS, and JavaScript. Web often takes two forms on mobile:
Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container. It uses the device's browser runtime engine to support more sophisticated designs and features than to the web approach.
Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. The solution compiles the code into device-specific builds for native deployment.
Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.
Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first. Then consider a cross-platform application if you require device access or need to meet specific non-functional requirements.
Pros |
The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g. geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages. |
---|---|
Cons |
Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices. This requires resources with specific skillsets and different tools to support development and testing. |
Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).
When does a platform makes sense to use? | |
---|---|
Web |
|
Hybrid / Cross-Platform |
|
Native |
|
A mobile delivery solution provides the tools, resources, and support to enable or build your mobile application. It can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Solutions can be barebone software development kits (SDKs), or comprehensive suites offering features to support the entire software delivery lifecycle, such as:
Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need to acquire new tools.
Mobile brings new delivery and management challenges that are often difficult for organizations that are tied to legacy systems, hindered by rigid and slow delivery lifecycles, and are unable to adopt leading-edge technologies. Many of these challenges stem from the fact that mobile is a significant shift from desktop development:
To learn more, visit Info-Tech's Modernize Your SDLC blueprint.
An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:
The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.
Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.
To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.
Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end-user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.
You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.
New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.
Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.
Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.
Awareness | Education & Discovery | Evaluation | Selection |
Negotiation & Configuration |
---|---|---|---|---|
1.1 Proactively Lead Technology Optimization & Prioritization | 2.1 Understand Marketplace Capabilities & Trends | 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics | 4.1 Create a Weighted Selection Decision Model | 5.1 Initiate Price Negotiation with Top Two Venders |
1.2 Scope & Define the Selection Process for Each Selection Request Action | 2.2 Discover Alternate Solutions & Conduct Market Education | 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities | 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors | 5.2 Negotiate Contract Terms & Product Configuration |
1.3 Conduct an Accelerated Business Needs Assessment |
2.3 Evaluate Enterprise Architecture & Application Portfolio | Narrow the Field to Four Top Contenders | 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks | 5.3 Finalize Budget Approval & Project |
1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation | 2.4 Validate the Business Case | 5.4 Invest in Training & Onboarding Assistance |
Investing time improving your software selection methodology has big returns.
Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.
Communicate the justification of your approach to mobile applications with Info-Tech's Mobile Application Delivery Communication Template:
1. Set the Mobile Context |
2. Define Your Mobile Approach |
|
---|---|---|
Phase Steps |
Step 1.1 Build Your Mobile Backlog Step 1.2 Identify Your Technical Needs Step 1.3 Define Your Non-Functional Requirements |
Step 2.1 Choose Your Platform Approach Step 2.2 Shortlist Your Mobile Delivery Solution Step 2.3 Create a Roadmap for Mobile Delivery |
Phase Outcomes |
|
|
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Phase 1 | Phase 2 | ||
---|---|---|---|
Call #1: Understand the case and motivators for mobile applications. |
Call #2: Discuss the end user and desired mobile experience. |
Call #5: Discuss the desired mobile platform. |
Call #8: Discuss your mobile MVP. |
Call #3: Review technical complexities and non-functional requirements. |
Call #6: Shortlist mobile delivery solutions and desired features. |
Call #9: Review your mobile delivery roadmap. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 6 to 9 calls over the course of 2 to 3 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Module 1 | Module 2 | Module 3 | Module 4 | Post-Workshop | |
---|---|---|---|---|---|
Activities | Set the Mobile Context | Identify Your Technical Needs | Choose Your Platform & Delivery Solution | Create Your Roadmap | Next Steps andWrap-Up (offsite) |
1.1 Generate user personas with empathy maps 1.2 Build your mobile application canvas 1.3 Build your mobile backlog |
2.1 Discuss your mobile needs 2.2 Conduct a technical assessment 2.3 Define mobile application quality 2.4 Verify your decision to deliver mobile applications |
3.1 Select your platform approach 3.2 Shortlist your mobile delivery solution 3.3 Build your feature and service lists |
4.1 Define your MVP release 4.2 Build your roadmap |
5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
|
Deliverables |
|
|
|
|
|
Choose Your Mobile Platform and Tools
1.1.1 Generate user personas with empathy maps
1.1.2 Build your mobile application canvas
1.1.3 Build your mobile backlog
Today, users expect sophisticated and personalized features, immersive interactions, and cross-platform capabilities from their mobile applications and be able to access information and services anytime, anywhere and on any device. These demands are pushing organizations to become more user-driven, placing greater importance on user experience (UX) with enterprise-grade technologies.
For a mobile application to be a meaningful experience, the functions, aesthetics and content must be:
Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.
To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.
Source: Marky Roden, Xomino, 2018
Organizations often over-rotate on the UI. Receptive and satisfying applications require more than just pretty pictures, bold colors, and flashy animations. UX-driven mobile applications require the seamless merging of enticing design elements and valuable functions that are specifically tailored to the behaviors of the users. Take a deep look at how each design element and function is used and perceived by the user, and how your application can sufficiently support user needs.
An application's UI and function both contribute to UX, but they do so in different ways.
Finding the right balance of UI and function is dependent on the organization's understanding of user emotions, needs, and tendencies. However, these factors are often left out of an application's design. Having the right UX competencies is key in assuring user behaviors are appropriately accommodated early in the delivery process.
To learn more, visit Info-Tech's Modernize Your Corporate Website to Drive Business Value blueprint.
UX-driven mobile applications involve all interaction points and system components working together to create an immersive experience while being actively supported by delivery and operations teams. Many organizations commonly focus on visual and content design to improve the experience, but this is only a small fraction of the total UX design. Look beyond the surface to effectively enhance your application's overall UX.
Typical Focus of Mobile UX |
Aesthetics Relevance & Modern UI Design Content Layout |
---|---|
Critical Areas of Mobile UX That Are Often Ignored |
Web Infrastructure Human Behavior Coding Language Cross-Platform Compatibility Application Quality Adoption & Retention Application Support |
Personas are detailed descriptions of the targeted audience of your mobile application. It represents a type of user in a particular scenario. Effective personas:
They are important because they help:
Source: XPLANE, 2017
Empathy mapping focuses on identifying the problems, ambitions, and frustrations they are looking to resolve and describes their motivations for wanting to resolve them. This analysis helps your teams:
To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.
Input |
Output |
---|---|
|
|
Materials | Participants |
|
|
When refining your mobile problem statement, attempt to answer the following four questions:
There are many ways of writing problem statements, a clear approach follows the format:
Adapted from: "Design Problem Statements – What and How to Frame Them"
When thinking about a vision statement, think about:
There are different statement templates available to help form your vision statements. Some include:
(Numbers 2-4 from: How to define a product vision)
A vision shouldn't be so far out that it doesn't feel real and so short term that it gets bogged down in minutiae and implementation details. Finding that right balance will take some trial and error and will be different depending on your organization.
Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.
Business value defines the success criteria of an organization, and it is interpreted from four perspectives:
See our Build a Value Measurement Framework blueprint for more information about business value definition.
Mobile applications enables the exploration of new and different ways to improve worker productivity and deliver business value. However, the realities of mobile applications may limit your ability to meet some of your objectives:
These realities are not guaranteed to occur or impede your ability to deliver valuable mobile applications, but they can lead to unachievable expectations. Ensure your stakeholders are not oversold on advertised benefits and hold you accountable for unrealistic objectives. Recognize that the organization must also change how it works and operates to see the full benefit and adoption of mobile applications and overcome the known and unknown challenges and hurdles that often come with mobile delivery.
Benchmarks present enticing opportunities, but should be used to set reasonable expectations
66%
Improve Market Reach
66% of the global population uses a mobile device
Source: DataReportal, 2021
20%
Connected Workers are More Productive
Nearly 20 percent of mobile professionals estimate they miss more than three hours of working time a week not being able to get connected to the internet
Source: iPass, 2017
80%
Increase Brand Recognition
80% of smartphone users are more likely to purchase from companies whose mobile sites of apps help them easily find answers to their questions
Source: Google, 2018
Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.
To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.
Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.
USE THE PROGRAM DIAGNOSTIC TO:
INTEGRATE DIAGNOSTIC RESULTS TO:
Mobile Application Initiative Name |
Owner: |
NAME |
---|---|---|
Problem Statement |
Vision |
|
The problem or need mobile applications are addressing |
Vision, unique value proposition, elevator pitch, or positioning statement |
|
Business Goals & Metrics |
Capabilities, Processes & Application Systems |
|
List of business objectives or goals for the mobile application initiative. |
List of business capabilities, processes and application systems related to this initiative. |
|
Personas/Customers/Users |
Stakeholders |
|
List of groups who consume the mobile application |
List of key resources, stakeholders, and teams needed to support the process, systems and services |
To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.
Download the Mobile Application Delivery Communication Template
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Mobile Application Initiative Name | Owner: | NAME |
---|---|---|
Problem Statement | Vision | |
[Problem Statement] | [Vision] | |
Business Goals & Metrics | Capabilities, Processes & Application Systems | |
[Business Goal 1, Metric] | [Business Capability] | |
Personas/Customers/Users | Stakeholders | |
[User 1] | [Stakeholder 1] |
Your backlog gives you a holistic understanding of the demand for mobile applications across your organization.
Opportunities |
|
---|---|
External Sources |
Internal Sources |
|
|
A mobile application minimum viable product (MVP) focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to maximize learning, evaluate value and acceptance, and inform the development of a full-fledged mobile delivery practice. |
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Your backlog stores and organizes your mobile opportunities at various stages of readiness. It must be continuously refined to address new requests, maintenance and changing priorities.
3 – IDEAS
Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.
2 – QUALIFIED
Researched and qualified opportunities awaiting refinement.
1 READY
Discrete, refined opportunities that are ready to be placed in your team's delivery plans.
Adapted from Essential Scrum
(Source Perforce, 2018)
See our Deliver on Your Digital Product Vision for more information on backlog practices.
1.2.1 Discuss your mobile needs
1.2.2 Conduct a technical assessment
A journey map tells the story of the user's experience with an existing or prospective product or service, starting with a trigger, through the process of engagement, to create an outcome. Journey maps can focus on a particular part of the user's or the entire experience with your organization's products or services. All types of maps capture key interactions and motivations of the user in chronological order.
Everyone has their own preferred method for completing their tasks on mobile devices – often, what differentiates one persona from another has to do with how users privately behave. Understand that the activities performed outside of IT's purview develop context for your persona's pain points and position IT to meet their needs with the appropriate solution.
To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.
Consider these workflow scenarios that can influence your persona's desire for mobile:
Workflow Scenarios | Ask Yourself The Key Questions | Technology Constraints or Restrictions to Consider | Examples of Mobile Opportunities |
---|---|---|---|
Data View – Data is queried, prepared and presented to make informed decisions, but it cannot be edited. |
Where is the data located and can it be easily gathered and prepared? Is the data sensitive and can it be locally stored? What is the level of detail in my view? |
Multi-factor authentication required. Highly sensitive data requires encryption in transit and at rest. Minor calculations and preparation needed before data view. |
Generate a status report. View social media channels. View contact information. |
Data Collection – Data is inputted directly into the application and updates back-end system or integrated 3rd party services. |
Do I need special permission to add, delete and overwrite data? How much data can I edit? Is the data automatically gathered? |
Bandwidth restrictions. Multi-factor authentication required. Native device access required (e.g., camera). Multiple types and formats of gathered data. Manual and automatic data gathering |
Book appointments with clients. Update inventory. Tracking movement of company assets. |
Data Analysis & Modification – Data is evaluated, manipulated and transformed through the application, back-end system or 3rd party service. |
How complex are my calculations? Can computations be offloaded? What resources are needed to complete the analysis? |
Memory and processing limitations on device. Inability to configure device and enterprise hardware to support system resource demand. Scope and precision of analysis and modifications. |
Evaluate and propose trends. Gauge user sentiment. Propose next steps and directions. |
Anytime, Anywhere
The user can access, update and analyze data, and corporate products and services whenever they want, in all networks, and on any device.
Hands-Off & Automated
The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.
Personalized & Insightful
Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware or predicted actions.
Integrated Ecosystem
The application supports a seamless experience across various 3rd party and enterprise applications and services the user needs.
Visually Pleasing & Fulfilling
The UI is intuitive and aesthetically gratifying with little security and performance trade-offs to use the full breadth of its functions and services.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Workflow |
Trigger |
Conduct initial analysis |
Get planning help |
Complete and submit RFP |
Design and implement solution |
Implement changes |
---|---|---|---|---|---|---|
Activities, Channels, and Touchpoints |
Need is recognized in CIO council meeting |
See if we have a sufficient solution internally |
Seek planning help (various channels) |
*Meet with IT shared services business analyst |
Select the appropriate vendor |
Follow action plan |
Compliance rqmt triggered by new law |
See if we have a sufficient solution internally |
*Hold in-person initial meeting with IT shared services |
*Review and approve rqmts (email) |
Seek miscellaneous support |
Implement project and manage change |
|
Research potential solutions in the marketplace |
||||||
Excess budget identified for utilization |
Pick a "favorite" solution |
*Negotiate and sign statement of work (email) |
Prime organization for the change |
Create action plan |
If solution is unsatisfactory, plan remediation |
|
Current Technology |
|
|
|
|
|
|
Legend:
Bold – Touchpoint
* – Activities or Touchpoints That Can Benefit with Mobile
Download the Mobile Application Delivery Communication Template
Workflow | Trigger | Step 1 | Step 2 | Step 3 | Step 4 | Desired Outcome | |
---|---|---|---|---|---|---|---|
Journey Map | Activities & Touch-points | < | < | < | < | < | < |
Must-Haves | < | < | < | < | < | < | |
Nice-to-Haves | < | < | < | < | < | < | |
Hidden Needs | < | < | < | < | < | < | |
Emotional Journey | < | < | < | < | < | < |
If you need more than four steps in the workflow, duplicate this slide.
Evaluate the risks and impacts of your desired mobile features by looking at your enterprise system architecture from top to bottom. Is your mobile vision and needs compatible with your existing business capabilities and technologies?
An architecture is usually represented by one or more architecture views that together provide a coherent description of the application system, including demonstrating the full impact mobile will have. A single, comprehensive model is often too complex to be understood and communicated in its most detailed form, and a model too high level hides the underlying complexity of an application's structure and deployment (The Open Group, TOGAF 8.1.1 - Developing Architecture Views). Obtain a complete understanding of your architecture by assessing it through multiple levels of views to reveal different sets of concerns:
See our Enhance Your Solution Architecture for more information.
Download the Mobile Application Delivery Communication Template
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Factors | Definitions | Survey Responses |
---|---|---|
Fit-for-Purpose | System functionalities, services and integrations are designed and implemented for the purpose of satisfying the end users' needs and technology compatibilities. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Response Rate | The system completes computation and processing requests within acceptable timeframes. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Data Quality | The system delivers consumable, accurate, and trustworthy data. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Usability | The system provides functionalities, services and integrations that are rewarding, engaging, intuitive, and emotionally satisfying. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Reliability | The system is resilient or quickly recovers from issues and defects. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Accessible | The system is available on demand and on the end user's preferred interface and device. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Secured | End-user activity and data is protected from unauthorized access. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Adaptable | The system can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Current State System Management Assessment
Factors | Definitions | Survey Responses |
---|---|---|
Documentation | The system is documented, accurate, and shared in the organization. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Measurement | The system is continuously measured against clearly defined metrics tied to business value. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Compliance | The system is compliant with regulations and industry standards. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Continuous Improvement | The system is routinely rationalized and enhanced. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Architecture | There is a shared overview of how the process supports business value delivery and its dependencies with technologies and other processes. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Ownership & Accountability | The process has a clearly defined owner who is accountable for its risks and roadmap. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Support | Resources are available to address adoption and execution challenges. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
Organizational Change Management | Communication, onboarding, and other change management capabilities are available to facilitate technology and related role and process changes. | 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent) |
1.3.1 Define mobile application quality
1.3.2 Verify your decision to deliver mobile applications
Functionality and aesthetics often take front seats in mobile application delivery. Applications are then frequently modified and changed, not because they are functionally deficient or visually displeasing, but because they are difficult to maintain or scale, too slow, vulnerable or compromised. Implementing clear quality principles (i.e., non-functional requirements) and strong quality assurance practices throughout delivery are critical to minimize the potential work of future maintenance and to avoid, mitigate and manage IT risks.
See our Build a Software Quality Assurance Program for more information.
Today's mobile workforce is looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile device, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.
Mobile attacks can come from various vectors:
Attack Surface: Mobile Device |
Attack Surface: Network |
Attack Surface: Data Center |
---|---|---|
Browser: System: Phone: Apps: |
|
Web Server: Database: |
Underperforming mobile applications can cause your users to be unproductive. Your mobile applications should always aim to satisfy the productivity requirements of your end users.
Users quickly notice applications that are slow and difficult to use. Providing a seamless experience for the user is now heavily dependent on how well your application performs. Optimizing your mobile application's processing efficiency can help your users perform their jobs properly in various environment conditions.
Productive Users Need
Performant Mobile Applications
Persona |
Mobile Application Use Case |
Optimized Mobile Application |
|
---|---|---|---|
Stationary Worker |
|
|
|
Roaming Worker (Engineer) |
|
|
|
Fine tune your enterprise mobile applications using optimization techniques to improve performance across the full mobile stack.
Some user performance expectations can be managed with clever UI design (e.g., spinning pinwheels to indicate loading in progress and directing user focus to quick loading content) and operational choices (e.g. graceful degradation and progressive enhancements).
Mobile delivery teams are tasked to keep up with the changing needs of end users and accommodate the evolution of trending mobile features. Ensuring scalable APIs is critical in quickly releasing changes and ensuring availability of corporate services and resources.
As your portfolio of mobile applications grows, and device platforms and browsers diversify, it will become increasingly complex to provide all the data and service capabilities your mobile apps need to operate. It is important that your APIs are available, reliable, reusable, and secure for multiple uses and platforms.
APIs are the underlying layer of your mobile applications, enabling remote access of company data and services to end users. Focusing design and development efforts on the maintainability, reliability and scalability of your APIs enables your delivery teams to:
See our Build Effective Enterprise Integration on the Back of Business Process for more information.
Expose Enterprise Data And Functionality in API-Friendly Formats
Convert complex on-premises application services into developer-friendly RESTful APIs
Protect Information Assets Exposed Via APIs to Prevent Misuse
Ensure that enterprise systems are protected against message-level attack and hijack
Authorize Secure, Seamless Access for Valid Identities
Deploy strong access control, identity federation and social login functionality
Optimize System Performance and Manage the API Lifecycle
Maintain the availability of backend systems for APIs, applications and end users
Engage, Onboard, Educate and Manage Developers
Give developers the resources they need to create applications that deliver real value
Source: 5 Pillars of API Management, Broadcom, 2021
Do not expect a universal definition of mobile quality. Each department, person and industry standard will have a different interpretation of quality, and they will perform certain activities and enforce policies that meet those interpretations. Misunderstanding of what is defined as a high quality mobile application within business and IT teams can lead to further confusion behind governance, testing priorities and compliance.
Each interpretation of quality can lead to endless testing, guardrails and constraints, or lack thereof. Be clear on the priority of each interpretation and the degree of effort needed to ensure they are met.
Mobile Application Owner
What does an accessible mobile application mean?
Persona: Customer
I can access it on mobile phones, tablets and the web browser
Persona: Developer
I have access to each layer of the mobile stack including the code & data
Persona: Operations
The mobile application is accessible 24/7 with 95% uptime
Quality Attribute | Definitions |
---|---|
Usability | The product is an intuitive solution. Usability is the ease with which the user accomplishes a desired task in the application system and the degree of user support the system provides. Limited training and documentation are required. |
Performance | Usability and performance are closely related. A solution that is slow is not usable. The application system is able to meet timing requirements, which is dependent on stable infrastructure to support it regardless of where the application is hosted. Baseline performance metrics are defined and changes must result in improvements. Performance is validated against peak loads. |
Availability | The application system is present, accessible, and ready to carry out its tasks when needed. The application is accessible from multiple devices and platforms, is available 24x7x365, and teams communicate planned downtimes and unplanned outages. IT must serve teachers international student's parents, and other users who access the application outside normal business hours. The application should never be down when it should be up. Teams must not put undue burden on end users accessing the systems. Reasonable access requirements are published. |
Security | Applications handle both private and personal data, and must be able to segregate data based on permissions to protect privacy. The application system is able to protect data and information from unauthorized access. Users want it to be secure but seamless. Vendors need to understand and implement the District School Board's security requirements into their products. Teams ensure access is authorized, maintain data integrity, and enforce privacy. |
Reusability | Reusability is the capability for components and subsystems to be suitable for use in other applications and in other scenarios. This attribute minimizes the duplication of components and implementation time. Teams ensure a modular design that is flexible and usable in other applications. |
Interoperability | The degree to which two or more systems can usefully exchange meaningful information via interfaces in a particular context. |
Scalability |
There are two kinds of scalability:
Ease of maintenance and enhancements are critical. Additional care is given to custom code because of the inherent difficulty to make it scale and update. |
Modifiability | The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable. |
Testability | The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases. |
Supportability | The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system. |
Cost Efficiency | The application system is executed and maintained in such a way that each area of cost is reduced to what is critically needed. Cost efficiency is critical (e.g. printers cost per page, TCO, software what does downtime cost us), and everyone must understand the financial impact of their decisions. |
Self-Service | End users are empowered to make configurations, troubleshoot and make changes to their application without the involvement of IT. The appropriate controls are in place to manage the access to unauthorized access to corporate systems. |
Modifiability | The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable. |
Testability | The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases. |
Supportability | The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system. |
Download the Mobile Application Delivery Communication Template
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Quality Attribute | Developer | Operations & Support Team | End Users |
---|---|---|---|
Usability |
|
|
|
Security |
|
|
|
Availability |
|
|
|
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Skill Sets | |
---|---|
Software delivery teams have skills in creating mobile applications that stakeholders are expecting in value and quality. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Architects look for ways to reuse existing technical asset and design for future growth and maturity in mobile. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Resources can be committed to implement and manage a mobile platform. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Software delivery teams and resources are adaptable and flexible to requirements and system changes. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Delivery Process | |
My software delivery process can accommodate last minute and sudden changes in mobile delivery tasks. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Business and IT requirements for the mobile are clarified through collaboration between business and IT representatives. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Mobile will help us fill the gaps and standardize our software delivery process process. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
My testing practices can be adapted to verify and validate the mobile functional and non-functional requirements. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Technical Stack | |
My mid-tier and back-end support has the capacity to accommodate additional traffic from mobile. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
I have access to my web infrastructure and integration technologies, and I am capable of making configurations. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
My security approaches and capabilities can be enhanced address specific mobile application risks and vulnerabilities. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
I have a sound and robust integration strategy involving web APIs that gives me the flexibility to support mobile applications. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
2.1.1 Select your platform approach
"A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely coupled API architecture whether the supporting system is managed and supported by your organization or by 3rd party providers.
Web
The mobile web often takes on one of the following two approaches:
Mobile web applications are often developed with a combination of HTML, CSS, and JavaScript languages.
Hybrid
Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container, and it uses the device's browser runtime engine to support more sophisticated designs and features compared to the web approach. Hybrid mobile solutions allows teams to code once and deploy to multiple platforms.
Some notable examples:
Cross-Platform
Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. Then the solution will compile the code into device-specific builds for native deployment.
Some notable examples:
Native
Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.
With this platform, developers have direct access to local device features allowing customized operations. This enables the use of local resources, such as memory and runtime engines, which will achieve a higher performance than hybrid and cross-platform applications.
Web | Hybrid | Cross-Platform | Native | ||||
---|---|---|---|---|---|---|---|
Pros | Cons | Pros | Cons | Pros | Cons | Pros | Cons |
|
|
|
|
|
|
|
|
Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first and then consider a cross-platform application if you require device access or the need to meet specific non-functional requirements.
The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g., geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.
Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices requiring resources with specific skillsets and different tools to support development and testing.
The web platform does not give you direct access or sophisticated customizations to local device hardware and services, underlying code and integrations. You may run into the situation where you need some native experiences, but the value of these features may not offset the costs to undertake a native, hybrid or cross-platform application. When developing hybrid and cross-platform applications with a mobile delivery solution, only the APIs of the commonly used device features are available. Note that some vendors may not offer a particular native feature across all devices, inhibiting your ability to achieve feature parity or exploiting device features only available in certain devices. Workarounds are then needed.
Consider the following workarounds to address the required native experiences on the web platform:
Native Function | Description | Web Workaround | Impact |
---|---|---|---|
Camera | Takes pictures or records videos through the device's camera. | Create an upload form in the web with HTML5. | Break in workflow leading to poor user experience (UX). |
Geolocation | Detects the geographical location of the device. | Available through HTML5. | Not Applicable. |
Calendar | Stores the user's calendar in local memory. | Integrate with calendaring system or manually upload contacts. | Costly integration initiative. Poor user experience. |
Contacts | Stores contact information in local memory. | Integrate app with contact system or manually upload contacts. | Costly integration initiative. Poor user experience. |
Near Field Communication (NFC) | Communication between devices by touching them together or bringing them into proximity. | Manual transfer of data. | A lot of time is consumed transferring simple information. |
Native Computation | Computational power and resources needed to complete tasks on the device. | Resource-intensive requests are completed by back-end systems and results sent back to user. | Slower application performance given network constraints. |
In many cases, workarounds are available when evaluating the gaps between web and native applications. For example, not having application-level access to the camera does not negate the user option to upload a picture taken by the camera through a web form. Tradeoffs like this will come down to assessing the importance of each platform gap for your organization and whether a workaround is good enough as a native-like experience.
See our Enhance Your Solution Architecture for more information.
Security: New threats from mobile put organizations into a difficult situation beyond simply responding to them in a timely matter. Be careful not to take the benefits of security out of the mobile context. You need to make security a first-order citizen during the scoping, design, and optimization of your systems supporting mobile. It must also be balanced with other functional and non-functional requirements with the right roles taking accountability for these decisions.
See our Strengthen the SSDLC for Enterprise Mobile Applications for more information.
Performance: Within a distributed mobile environment, performance has a risk of diminishing due to limited device capacity, network hopping, lack of server scalability, API bottlenecks, and other device, network and infrastructure issues. Mobile web APIs suffer from the same pain points as traditional web browsing and unplanned API call management in an application will lead to slow performance.
See our Develop Enterprise Mobile Applications With Realistic and Relevant Performance for more information.
Organizations appealing to end users place emphasis on the user experience: the look and appeal of the user interface, and the satisfaction, ease of use, and value of its functionalities. In this approach, IT concerns and needs are not high priorities, but many functions are completed locally or isolated from mission critical corporate networks and sensitive data. Some needs include:
From the enterprise perspective, emphasis is on security, system performance, integration, reuse and other non-functional requirements as the primary motivations in the selection of a mobile platform. User experience is still a contributing factor because of the mobile application's need to drive value but its priority is not exclusive. Some drivers include:
Selecting a mobile platform should not solely be made on business requirements. Key technical stakeholders should be at the table in this discussion to provide insight on the implementation and ongoing costs and benefits of each platform. Both business and technical requirements should be considered when deciding on a final platform.
Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).
Web
Hybrid / Cross-Platform
Native
Download the Mobile Application Delivery Communication Template
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Factors | Definitions | Survey Responses |
---|---|---|
Device Hardware Access | The scope of access to native device hardware features. Basic features include those that are available through current web languages (e.g., geolocation) whereas comprehensive features are those that are device-specific. | 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive) |
Customized Execution of Device Hardware | The degree of changes to the execution of local device hardware to satisfy functional needs. | 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize) |
Device Software Access | The scope of access to software on the user's device, such as calendars and contact. | 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive) |
Customized Execution of Device Software | The degree of changes to the execution of local device software to satisfy functional needs. | 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize) |
Use Case Complexity | Workflow tasks and decisions are simple and straightforward. Complex computation is not needed to acquire the desired outcome. | 1 (Strongly Agree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Disagree) |
Computational Resources | The resources needed on the device to complete desired functional needs. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Use Case Ambiguity | The mobile use case and technical requirements are well understood and documented. Changes to the mobile application is likely. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Mobile Application Access | Enterprise systems and data are accessible to the broader organization through the mobile application. This factor does not necessarily mean that anyone can access it untracked. You may still need to identify yourself or log in, etc. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Scope of Adoption & Impact | The extent to which the mobile application is leveraged in the organization. | 1 (Enterprise) – 2 – 3 (Department) – 4 – 5 (Team) |
Installable | The need to locally install the mobile application. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Targeted Devices & Platforms | Mobile applications are developed for a defined set of mobile platform versions and types and device. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Output Audience | The mobile application transforms an input into a valuable output for high-priority internal or external stakeholders. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Factors | Definitions | Survey Responses |
---|---|---|
Immersive Experience | The need to bridge physical world with the virtual and digital environment, such as geofencing and NFC. | 1 (Internally Delivered) – 2 – 3 (3rd Party Supported) – 4 – 5 (Business Implemented) |
Timeliness of Content and Updates | The speed of which the mobile application (and supporting system) responds with requested information, data and updates from enterprise systems and 3rd party services. | 1 (Reasonable Delayed Response) – 2 – 3 (Partially Outsourced) – 4 – 5 (Fully Outsourced) |
Application Performance | The speed of which the mobile application completes tasks is critical to its success. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Network Accessibility | The needed ability to access and use the mobile application in various network conditions. | 1 (Only Available When Online) – 2 – 3 (Partially Available When Online) – 4 – 5 (Available Online) |
Integrated Ecosystem | The approach to integrate the mobile application with enterprise or 3rd party systems and services. | 1 (Out-of-the-Box Connectors) – 2 – 3 (Configurable Connectors) – 4 – 5 (Customized Connectors) |
Desire to Have a Native Look-and-Feel | The aesthetics and UI features (e.g., heavy animations) that are only available through native and cross-platform applications. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
User Tolerance to Change | The degree of willingness and ableness for a user to change their way of working to maximize the value of the mobile application. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Mission Criticality | The business could not execute its main strategy if the mobile application was removed. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Business Value | The mobile application directly adds business value to the organization. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Industry Differentiation | The mobile application provides a distinctive competitive advantage or is unique to your organization. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Factors | Definitions | Survey Responses |
---|---|---|
Legacy Compatibility | The need to integrate and operate with legacy systems. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Code Portability | The need to enable the "code once and deploy everywhere" approach. | 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low) |
Vendor & Technology Lock-In | The tolerance to lock into a vendor mobile delivery solution or technology framework. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Data Sensitivity | The data used by the mobile application does not fall into the category of sensitive data – meaning nothing financial, medical, or personal identity (GDPR and worldwide equivalents). The disclosure, modification, or destruction of this data would cause limited harm to the organization. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Data Policies | Policies of the mobile application's data are mandated by internal departmental standards (e.g. naming standards, backup standards, data type consistency). Policies only mandated in this way usually have limited use in a production capacity. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Security Risks | Mobile applications are connected to private data sources and its intended use will be significant if underlying data is breached. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
Business Continuity & System Integrity Risks | The mobile application in question does not have much significance relative to the running of mission critical processes in the organization. | 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree) |
System Openness | Openness of enterprise systems to enable mobile applications from the user interface to the business logic and backend integrations and database. | 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low) |
Mobile Device Management | The organization's policy for the use of mobile devices to access and leverage enterprise data and services. | 1 (Bring-Your-Own-Device) – 2 – 3 (Hybrid) – 4 – 5 (Corporate Devices) |
Factors | Definitions | Survey Responses |
---|---|---|
Ease of Mobile Delivery | The desire to have out-of-the-box and packaged tools to expedite mobile application delivery using web technologies. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Solution Competency | The capability for internal staff to and learn how to implement and administer mobile delivery tools and deliver valuable, high-quality applications. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Ease of Deployment | The desire to have the mobile applications delivered by the team or person without specialized resources from outside the team. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Delivery Approach | The capability to successfully deliver mobile applications given budgetary and costing, resourcing, and supporting services constraints. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Maintenance & Operational Support | The capability of the resources to responsibly maintain and operate mobile applications, including defect fixes and the addition and extension of modules to base implementations of the digital product. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Domain Knowledge Support | The availability and accessibility of subject and domain experts to guide facilitate mobile application implementation and adoption. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Delivery Urgency | The desire to have the mobile application delivered quickly. | 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low) |
Reusable Components | The desire to reuse UI elements and application components. | 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low) |
Score Factors (Average) | Mobile Opportunity 1: Inventory Management | Mobile Opportunity 2: Remote Support |
---|---|---|
User-Centric Needs | 4.25 | 3 |
Functional Requirements | 4.5 | 2.25 |
Native User Experience Factors | 4 | 1.75 |
Enterprise-Centric Needs | 4 | 2 |
Non-Functional Requirements | 3.75 | 3.25 |
Delivery Capacity | 4.25 | 2.75 |
Possible Mobile Platform | Cross-Platform Native | PWA Hybrid |
2.2.1 Shortlist your mobile delivery solution
2.2.2 Build your feature and service lists
Build | Buy | ||
---|---|---|---|
Multi-Source Best-of-Breed |
Vendor Add-Ons & Integrations |
||
Integrate various technologies that provide subset(s) of the features needed for supporting the business functions. |
Enhance an existing vendor's offerings by using their system add-ons either as upgrades, new add-ons or integrations. |
||
Pros
|
Cons
|
Pros
|
Cons
|
Multi-Source Custom |
Single Source |
||
Integrate systems built in-house with technologies developed by external organizations. |
Buy an application/system from one vendor only. |
||
Pros
|
Cons
|
Pros
|
Cons
|
Mobile Enablement |
Mobile Development |
|
---|---|---|
Description | Mobile interfaces that heavily rely on enterprise or 3rd party systems to operate. Mobile does not expand the functionality of the system but complements it with enhanced access, input and consumption capabilities. | Mobile applications that are custom built or configured in a way that can operate as a standalone entity, whether they are locally deployed to a user's device or virtually hosted. |
Mobile Platform | Mobile web, locally installed mobile application provided by vendor | Mobile web, hybrid, cross-platform, native |
Typical Audience | Internal staff, trusted users | Internal and external users, general public |
Examples of Tooling Flavors | Enterprise applications, point solutions, robotic & process automation | Mobile enterprise application platform, web development, low and no code development, software development kits (SDKs) |
Technical Skills Required | Little to no mobile delivery experience and skillsets are needed, but teams must be familiar with the supporting system to understand how a mobile interface can improve the value of the system. | Have good UX-driven and quality-first practices in the mobile context. In-depth coding, networking, system and UX design, data management and security skills are needed for complex designs, functions, and architectures. |
Architecture & Integration | Architecture is standardized by the vendor or enterprise with UI elements that are often minimally configurable. Extensions and integrations must be done through the system rather than the mobile interface. | Much of application stack and integration approach can be customized to meet the specific functional and non-functional needs. It should still leverage web and design standards and investments currently used. |
Functional Scope | Functionality is limited to the what the underlying system allows the interface to do. This often is constrained to commodity web application features (e.g., reporting) or tied to minor configurations to the vendor-provided point solution | Functionality is only constrained by the platform and the targeted mobile devices whether it is performance, integration, access or security related. Teams should consider feature and content parity across all products within the organization portfolio. |
Delivery Pipeline | End-to-end delivery and automated pipeline is provided by the vendor to ensure parity across all interfaces. Many vendors provide cloud-based services for hosting. Otherwise, it is directly tied to the SDLC of the supporting system. | End-to-end delivery and automated pipeline is directly tied to enterprise SDLC practices or through the vendor. Some vendors provide cloud-based services for hosting. Updates are manually or automatically (through a vendor) published to app stores and can be automatically pushed to corporate users through mobile application management capabilities. |
Standards & Guardrails | Quality standards and technology governance are managed by the vendor or IT with limited capabilities to tailor them to be mobile specific. | Quality standards and technology governance are managed by the mobile delivery teams. The degree of customizations to these standards and guardrails is dependent on the chosen platform and delivery team competencies. |
A mobile delivery solution gives you the tools, resources and support to enable or build your mobile application. They can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Some solutions can be barebone software development kits (SDKs) or comprehensive suites offering features to support the entire software delivery lifecycle, such as:
Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need of acquiring new tools.
React Native, NativeScript, Xamarin Forms, .NET MAUI, Flutter, Kotlin Multiplatform Mobile, jQuery Mobile, Telerik, Temenos Quantum
Cordova Project, Sencha Touch, Electron, Ionic, Capacitor, Monaca, Voltbuilder
Web Development Frameworks (React, Angular, Vue, Express, Django, Rails, Spring, Ember, Backbone, Bulma, Bootstrap, Tailwind CSS, Blade)
While most of the heavy lifting is handled by the vendor or framework, understanding how the mobile application is built and operates can identify where further fine-tuning is needed to increase its value and quality.
Automatic provisioning, configurations, and tuning of organizational and 3rd party infrastructure for high availability, performance, security and stability. This can include cloud management and non-production environments.
The various services needed to support mobile delivery and enable continuous delivery, such as:
Fundamentally, mobile application architecture is no different than any other application architecture so much of your design standards still applies. The trick is tuning it to best meet your mobile functional and non-functional needs.
Source: "HCL Volt MX", HCL.
Download the Mobile Application Delivery Communication Template
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Factors | Definitions | Survey Responses |
---|---|---|
Cost of Delayed Delivery | The expected cost if a vendor solution or update is delayed. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Vendor Negotiation | Organization's ability to negotiate favorable terms from vendors. | 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low) |
Controllable Delivery Timeline | Organization's desire to control when solutions and updates are delivered. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Solution Hosting | The desired approach to host the mobile application. | 1 (Fully Outsourced) – 2 – 3 (Partially Outsourced) – 4 – 5 (Internally Hosted) |
Vendor Lock-In | The tolerance to be locked into a specific technology stack or vendor ecosystem. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Operational Cost Target | The primary target of the mobile application's operational budget. | 1 (External Resources) – 2 – 3 (Hybrid) – 4 – 5 (Internal Resources) |
Platform Management | The desired approach to manage the mobile delivery solution, platform or underlying technology. | 1 (Decentralized) – 2 – 3 (Federated) – 4 – 5 (Centralized) |
Skill & Competency of Mobile Delivery Team | The ability of the team to create and manage valuable and high-quality mobile applications. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Current Investment in Enterprise Technologies | The need to maximize the ROI of current enterprise technologies or integrate with legacy technologies. | 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low) |
Ease of Extensibility | Need to have out-of-the-box connectors and plug-ins to extend the mobile delivery solution beyond its base implementation. | 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low) |
Holistic Application Strategy | Organizational priorities on the types of applications the portfolio should be comprised. | 1 (Buy) – 2 – 3 (Hybrid) – 4 – 5 (Build) |
Control of Delivery Pipeline | The desire to control the software delivery pipeline from design to development, testing, publishing and support. | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Specific Quality Requirements | Software and mobile delivery is constrained to your unique quality standards (e.g., security, performance, availability) | 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High) |
Score Factors (Average) | Mobile Opportunity 1: Inventory Management | Mobile Opportunity 2: Remote Support |
---|---|---|
User-Centric & Enterprise Centric Needs (From Step 2.1) | 4.125 | 2.5 |
Stack Management | 2 | 2.5 |
Desired Mobile Delivery Solution | Vendor-Hosted Mobile Platform |
Commercial-Off-the-Shelf Solution Hybrid Development Solution |
The software development lifecycle (SDLC) is a process that ensures valuable software products are efficiently delivered to customers. It contains a repeatable set of activities needed to intake and analyze requirements to design, build, test, deploy, and maintain software products.
To learn more, visit Info-Tech's Modernize Your SDLC blueprint.
Low Code |
Data Modeling & Configuration |
No Code |
---|---|---|
Visual Interface with Complex Data Models |
Data Modeling & Configuration |
Visual Interfaces with Simple Data Models |
GUI Designer with Customizable Components & Entities |
UI Definition & Design |
GUI Designer with Canned Templates |
Visual Workflow and Custom Scripting |
Business Logic Rules and Workflow Specification |
Visual Workflow and Natural Language Scripting |
Out-of-the-Box Plugins & Custom Integrations |
Integration of External Services (via 3rd Party APIs) |
Out-of-the-Box Plugins |
Automated and Manual Build & Packaging |
Build & Package |
Automated Build & Packaging |
Automated & Manual Testing |
Test |
Automated Testing |
One-Click Push or IT Push to App Store |
Publish to App Store |
One-Click Push to App Store |
Overcome the Common Challenges Faced with Building Mobile Applications
Common Challenges with Digital Applications |
Suggested Solutions |
---|---|
|
|
Source: DronaHQ, 2021
Considerations in Mobile Delivery Vendor Selection | |
---|---|
Platform Features & Capabilities | Price to Implement & Operate Platform |
Types of Mobile Applications That Can Be Developed | Ease of IT Administration & Management |
User Community & Marketplace Size | Security, Privacy & Access Control Capabilities |
SME in Industry Verticals & Business Functions | Vendor Product Roadmap & Corporate Strategy |
Pre-Built Designs, Templates & Application Shells | Scope of Device- and OS-Specific Compatibilities |
Regulatory & Industry Compliance | Integration & Technology Partners |
Importing Artifacts From and Exporting to Other Solutions | Platform Architecture & Underlying Technology |
End-to-End Support for the Entire Mobile SDLC | Relevance to Current Mobile Trends & Practices |
Appendix B contains a list of features for low- and no-code solutions that can be used as a starting point.
Visit Info-Tech's Implement a Proactive and Consistent Vendor Selection Process blueprint.
Review the key outcomes in the previous exercises to help inform the features and vendor support you require to support your mobile delivery needs:
End user personas and desired mobile experience
Objectives and expectations
Desired mobile features and platform
Mobile delivery solutions
Brainstorm a list of features and functionalities you require from your ideal solution vendors. Prioritize these features and functionalities. See our Implement a Proactive and Consistent Vendor Selection Process blueprint for more information on vendor procurement.
Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.
Download the Mobile Application Delivery Communication Template
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Awareness | Education & Discovery | Evaluation | Selection | Negotiation & Configuration |
---|---|---|---|---|
1.1 Proactively Lead Technology Optimization & Prioritization | 2.1 Understand Marketplace Capabilities & Trends | 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics | 4.1 Create a Weighted Selection Decision Model | 5.1 Initiate Price Negotiation with Top Two Venders |
1.2 Scope & Define the Selection Process for Each Selection Request Action | 2.2 Discover Alternate Solutions & Conduct Market Education | 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities | 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors | 5.2 Negotiate Contract Terms & Product Configuration |
1.3 Conduct an Accelerated Business Needs Assessment | 2.3 Evaluate Enterprise Architecture & Application Portfolio | Narrow the Field to Four Top Contenders | 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks | 5.3 Finalize Budget Approval & Project |
1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation | 2.4 Validate the Business Case | 5.4 Invest in Training & Onboarding Assistance |
Investing time improving your software selection methodology has big returns.
Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.
2.3.1 Define your MVP release
2.3.2 Build your roadmap
The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
MVP Name | Owner: | NAME |
---|---|---|
MVP Theme/Goals | ||
[Theme / Goal] | ||
Use Cases | Value | Costs |
[Use Case 1] | [Business Value 1] | [Cost Item 1] |
Impacted Personas | Impacted Workflows | Stakeholders |
[Persona 1] | [Workflow 1] | [Stakeholder 1] |
To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.
Explains the overarching goal of work being done to a specific audience.
Categorizes the different groups delivering the work on the product.
Explains the artifacts, or items of work, that will be delivered.
Explains when the work will be delivered within your timeline.
To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.
Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.
Now
What are you going to do now?
Next
What are you going to do very soon?
Later
What are you going to do in the future?
Adapted From: "Tips for Agile product roadmaps & product roadmap examples," Scrum.org, 2017
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.
Audience |
Key Contents |
Outcome |
---|---|---|
Outcome |
|
Sign off on cost and benefit projections |
Executives and decision makers |
|
Revisions, edits, and approval |
IT teams |
|
Clarity of vision and direction and readiness for delivery |
Business workers |
|
Verification on proposed changes and feedback |
Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.
Business value defines the success criteria of an organization, and it is interpreted from four perspectives:
See our Build a Value Measurement Framework blueprint for more information about business value definition.
We are Here | ||
---|---|---|
Level 1: Mobile Delivery Foundations | Level 2: Scaled Mobile Delivery | Level 3: Leading-Edge Mobile Delivery |
You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process. |
New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience. Achieving this state requires three competencies: mobile security, performance optimization, and integration practices. |
Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them. |
Ask yourself the following questions: | ||
---|---|---|
Level 1: Mobile Delivery Foundations | Level 2: Scaled Mobile Delivery | Level 3: Leading-Edge Mobile Delivery |
Checkpoint questions shown at the end of step 1.2 of this blueprint You should be at this point upon the successful delivery of your first mobile application. |
Security
Performance Optimization
API Development
|
|
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
Chaim Yudkowsky
Chief Information Officer
The American Israel Public Affairs Committee
Chaim Yudkowsky is currently Chief information Officer for American Israel Public Affairs Committee (AIPAC), the DC headquartered not-for-profit focused on lobbying for a strong US-Israel relationship. In that role, Chaim is responsible for all traditional IT functions including oversight of IT strategy, vendor relationships, and cybersecurity program. In addition, Chaim also has primary responsibility for all physical security technology and strategy for US offices and event technology for the many AIPAC events.
"5 Pillars of API Management". Broadcom, 2021. Web.
Bourne, James. "Apperian research shows more firms pushing larger numbers of enterprise apps". Enterprise CIO, 17 Feb 2016. Web.
Ceci, L. "Mobile app user retention rate worldwide 2020, by vertical". Statista, 6 Apr 2022. Web.
Clement, J. "Share of global mobile website traffic 2015-2021". Statista, 18 Feb 2022. Web
DeVos, Jordan. "Design Problem Statements – What They Are and How to Frame Them." Toptal, n.d. Web.
Enge, Eric. "Mobile vs. Desktop Usage in 2020". Perficient, 23 March 2021. Web.
Engels, Antoine. "How many Android updates does Samsung, Xiaomi or OnePlus offer?" NextPit, Mar 2022. Web.
"Fast-tracking digital transformation through next-gen technologies". Broadridge, 2022. Web.
Gayatri. "The Pulse of Digital Transformation 2021 – Survey Results." DronaHQ, 2021. Web.
Gray, Dave. "Updated Empathy Map Canvas." The XPLANE Collection, 15 July 2017. Web.
"HCL Volt MX". HCL, n.d. Web.
"iPass Mobile Professional Report 2017". iPass, 2017. Web.
Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce, 2019. Web.
Karnes, KC. "Why Users Uninstall Apps: 28% of People Feel Spammed [Survey]". CleverTap, 27 July 2021. Web.
Kemp, Simon. "Digital 2021: Global Overview Report". DataReportal, 27 Jan 2021. Web.
Kleinberg, Sara. "Consumers are always shopping and eager for your help". Google, Aug 2018. Web.
MaLavolta, Ivano. "Anatomy of an HTML 5 mobile web app". University of L'Aquila, 16 Apr 2012. Web.
"Maximizing Mobile Value: To BYOD or not to BYOD?" Samsung and Oxford Economics, 2022. Web.
"Mobile App Performance Metrics For Crash-Free Apps." AppSamurai, 27 June 2018. Web.
"Mobile Application Development Statistics: 5 Facts". Intersog, 23 Nov 2021. Web.
Moore, Geoffrey A. "Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers." Harper Business, 3rd edition, 2014. Book.
"OWASP Top Ten". OWASP, 2021. Web.
"Personas". Usability.gov, n.d. Web.
Roden, Marky. "PSC Tech Talk: UX Design – Not just making things pretty". Xomino, 18 Mar 2018. Web.
Royce, Dr. Winston W. "Managing the Development of Large Software Systems." USC Student Computing Facility, 1970. Web.
Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012. Book.
Sahay, Apurvanand et al. "Supporting the understanding and comparison of low-code development platforms." Universit`a degli Studi dell'Aquila, 2020. Web.
Schuurman, Robbin. "Tips for Agile product roadmaps & product roadmap examples." Scrum.org, 2017. Web.
Strunk, Christian. "How to define a product vision (with examples)." Christian Strunk. n.d. Web.
Szeja, Radoslaw. "14 Biggest Challenges in Mobile App Development in 2022". Netguru, 4 Jan 2022. Web.
"Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic". Synopsys, 25 Mar 2021. Web.
"TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views." The Open Group, n.d. Web.
Wangen, Emilie Nøss. "What Is a Software Platform & How Is It Different From a Product?" HubSpot, 2021. Web.
"Mobile App Retention Rate: What's a Good Retention Rate?" Localytics, July 2021. Web.
"Why Mobile Apps Fail: Failure to Launch". Perfecto Mobile, 26 Jan 2014. Web.
Source: MaLavolta, Ivono, 2012.
Source: Sahay, Apurvanand et al., 2020
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify your big data use case and your current data-related capabilities.
Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.
Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.
There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:
Consider the ideal scenario for your IT organization.
Divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:
Prepare for a sale/divestiture transaction by:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.
Create a standardized approach for how your IT organization should address divestitures or sales.
Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.
Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Establish the transaction foundation.
Discover the motivation for divesting or selling.
Formalize the program plan.
Create the valuation framework.
Strategize the transaction and finalize the M&A strategy and approach.
All major stakeholders are on the same page.
Set up crucial elements to facilitate the success of the transaction.
Have a repeatable transaction strategy that can be reused for multiple organizations.
1.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics.
1.2 Identify key stakeholders and outline their relationship to the M&A process.
1.3 Understand the rationale for the company's decision to pursue a divestiture or sale.
1.4 Assess the IT/digital strategy.
1.5 Identify pain points and opportunities tied to the divestiture/sale.
1.6 Create the IT vision statement and mission statement and identify IT guiding principles and the transition team.
1.7 Document the M&A governance.
1.8 Establish program metrics.
1.9 Create the valuation framework.
1.10 Establish the separation strategy.
1.11 Conduct a RACI.
1.12 Create the communication plan.
1.13 Prepare to assess target organizations.
Business perspectives of IT
Stakeholder network map for M&A transactions
Business context implications for IT
IT’s divestiture/sale strategic direction
Governance structure
M&A program metrics
IT valuation framework
Separation strategy
RACI
Communication plan
Prepared to assess target organization(s)
Establish the foundation.
Discover the motivation for separation.
Identify expectations and create the carve-out roadmap.
Prepare and manage employees.
Plan the separation roadmap.
All major stakeholders are on the same page.
Methodology identified to enable compliance during due diligence.
Employees are set up for a smooth and successful transition.
Separation activities are planned and assigned.
2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.
2.2 Review the business rationale for the divestiture/sale.
2.3 Establish the separation strategy.
2.4 Create the due diligence charter.
2.5 Create a list of IT artifacts to be reviewed in the data room.
2.6 Create a carve-out roadmap.
2.7 Create a service/technical transaction agreement.
2.8 Measure staff engagement.
2.9 Assess the current culture and identify the goal culture.
2.10 Create employee transition and functional workplans.
2.11 Establish the separation roadmap.
2.12 Establish and align project metrics with identified tasks.
2.13 Estimate integration costs.
Stakeholder map
IT strategy assessed
IT operating model and IT governance structure defined
Business context implications for IT
Separation strategy
Due diligence charter
Data room artifacts
Carve-out roadmap
Service/technical transaction agreement
Engagement assessment
Culture assessment
Employee transition and functional workplans
Integration roadmap and associated resourcing
Establish the transaction foundation.
Discover the motivation for separation.
Plan the separation roadmap.
Prepare employees for the transition.
Engage in separation.
Assess the transaction outcomes.
All major stakeholders are on the same page.
Separation activities are planned and assigned.
Employees are set up for a smooth and successful transition.
Separation strategy and roadmap are executed to benefit the organization.
Review what went well and identify improvements to be made in future transactions.
3.1 Identify key stakeholders and outline their relationship to the M&A process.
3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.
3.3 Review the business rationale for the divestiture/sale.
3.4 Establish the separation strategy.
3.5 Prioritize separation tasks.
3.6 Establish the separation roadmap.
3.7 Establish and align project metrics with identified tasks.
3.8 Estimate separation costs.
3.9 Measure staff engagement.
3.10 Assess the current culture and identify the goal culture.
3.11 Create employee transition and functional workplans.
3.12 Complete the separation by regularly updating the project plan.
3.13 Assess the service/technical transaction agreement.
3.14 Confirm separation costs.
3.15 Review IT’s transaction value.
3.16 Conduct a transaction and separation SWOT.
3.17 Review the playbook and prepare for future transactions.
M&A transaction team
Stakeholder map
IT strategy assessed
IT operating model and IT governance structure defined
Business context implications for IT
Separation strategy
Separation roadmap and associated resourcing
Engagement assessment
Culture assessment
Employee transition and functional workplans
Updated separation project plan
Evaluated service/technical transaction agreement
SWOT of transaction
M&A Sell Playbook refined for future transactions
IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.
To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.
IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.
There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:
Consider the ideal scenario for your IT organization.
Some of the obstacles IT faces include:
These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.
Prepare for a sale/divestiture transaction by:
As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.
The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)
71% of technology companies anticipate that divestitures will take place as a result of the COVID-19 pandemic. (EY, 2020)
Only half of M&A deals involve IT (Source: IMAA Institute, 2017)
In hindsight, it’s clear to see: Involving IT is just good business.
47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)
“Solutions exist that can save well above 50 percent on divestiture costs, while ensuring on-time delivery.” (Source: SNP)
Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:
A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.
The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.
An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.
A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.
This blueprint is only focused on the sell side:
The buy side is focused on:
For more information on acquisitions or purchases, check out Info-Tech’s Mergers & Acquisitions: The Buy Blueprint.
1. Proactive |
2. Discovery & Strategy |
3. Due Diligence & Preparation |
4. Execution & Value Realization |
|
Phase Steps |
|
|
|
|
Phase Outcomes |
Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture. |
Create a standardized approach for how your IT organization should address divestitures or sales. |
Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan. |
Deliver on the separation project plan successfully and communicate IT’s transaction value to the business. |
1. Proactive | 2. Discovery & Strategy | 3. Valuation & Due Diligence | 4. Execution & Value Realization |
|
|
|
|
IT controls if and when it gets invited to support the business through a purchasing growth transaction. Take control of the process, demonstrate the value of IT, and ensure that separation of IT environments does not lead to unnecessary and costly decisions.
CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.
IT organizations that have an effective M&A program plan are more prepared for the transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.
IT often faces unnecessary separation challenges because of a lack of preparation. Secure the IT environment and establish how IT will retain employees early in the transaction process.
IT needs to demonstrate value and cost savings within 100 days of the transaction. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.
The M&A Sell Playbook should be a reusable document that enables your IT organization to successfully deliver on any divestiture transaction.
See a one-page overview of each phase of the transaction.
Read a one-page case study for each phase of the transaction.
Manage the separation process of the divestiture/sale using this SharePoint template.
Manage the separation process of the divestiture/sale using this Excel tool if you can’t or don’t want to use SharePoint.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 6 to 10 calls over the course of 2 to 4 months.
Phase 1 |
Phase 2 | Phase 3 | Phase 4 |
|
|
|
|
As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.
In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.
Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.
In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.
Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.
Before coming into the Proactive phase, you should have addressed the following:
Review the Executive Brief for more information on mergers, acquisitions, and divestitures for selling organizations.
Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.
Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.
The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.
Input: IT organization expertise and the CEO-CIO Alignment diagnostic
Output: An understanding of an executive business stakeholder’s perception of IT
Materials: M&A Sell Playbook, CEO-CIO Alignment diagnostic
Participants: IT executive/CIO, Business executive/CEO
Download the sample report.
Record the results in the M&A Sell Playbook.
2 weeks
Input: IT organization expertise, CIO BV diagnostic
Output: An understanding of business stakeholder perception of certain IT capabilities and services
Materials: M&A Buy Playbook, CIO Business Vision diagnostic
Participants: IT executive/CIO, Senior business leaders
Download the sample report.
Record the results in the M&A Sell Playbook.
Example:
Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.
Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.
1-3 hours
Input: List of M&A stakeholders
Output: Relationships among M&A stakeholders and influencers
Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook
Participants: IT executive leadership
Record the results in the M&A Sell Playbook.
There are four areas in the map, and the stakeholders within each area should be treated differently.
Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.
Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.
30 minutes
Input: Stakeholder map, Stakeholder list
Output: Categorization of stakeholders and influencers
Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook
Participants: IT executive leadership, Stakeholders
How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?
Record the results in the M&A Sell Playbook.
Level of Support | |||||
Supporter |
Evangelist |
Neutral |
Blocker |
||
Stakeholder Category | Player | Critical | High | High | Critical |
Mediator | Medium | Low | Low | Medium | |
Noisemaker | High | Medium | Medium | High | |
Spectator | Low | Irrelevant | Irrelevant | Low |
Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?
These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.
30 minutes
Input: Stakeholder matrix
Output: Stakeholder and influencer prioritization
Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook
Participants: IT executive leadership, M&A/divestiture stakeholders
Stakeholder |
Category |
Level of Support |
Prioritization |
CMO | Spectator | Neutral | Irrelevant |
CIO | Player | Supporter | Critical |
Record the results in the M&A Sell Playbook.
Type |
Quadrant |
Actions |
Players | High influence, high interest – actively engage | Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success. |
Mediators | High influence, low interest – keep satisfied | They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders. |
Noisemakers | Low influence, high interest – keep informed | Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them. |
Spectators | Low influence, low interest – monitor | They are followers. Keep them in the loop by providing clarity on objectives and status updates. |
Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.
30 minutes
Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence
Output: Stakeholder communication plan
Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook
Participants: IT executive leadership, M&A/divestiture stakeholders
The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.
Record the results in the M&A Sell Playbook.
Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.
Four ways to create value through digital
1 day
Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk
Output: Valuation of IT
Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership
The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.
Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.
Record the results in the M&A Sell Playbook.
Data valuation identifies how you monetize the information that your organization owns.
When valuating the information and data that exists in an organization, there are many things to consider.
Info-Tech has two tools that can support this process:
Data Collection |
Insight Creation |
Value Creation |
Data Valuation |
01 Data Source
02 Data Collection Method 03 Data |
04 Data Analysis
05 Insight 06 Insight Delivery |
07 Consumer
08 Value in Data |
09 Value Dimension
10 Value Metrics Group 11 Value Metrics |
When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:
User Costs |
Total User Costs |
Derived Productivity Ratio (DPR) |
Total DPR |
Application Value |
|||
# of users | % time spent using IT | Fully burdened salary | Multiply values from the 3 user costs columns | Revenue per employee | Average cost per employee | (Revenue P.E) ÷ (Average cost P.E) | (User costs) X (DPR) |
IT and Business Costs |
Total IT and Business Costs |
Net Value of Applications |
|||
Application maintenance | Downtime costs (include disaster exposure) | Common costs allocated to applications | Fully loaded costs of active (FTE) users | Sum of values from the four IT and business costs columns | (Application value) – (IT and business costs) |
(Source: CSO)
The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.
Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.
Item |
Costs/Value |
Hardware Assets Total Value | +$3.2 million |
Hardware Leased/Service Agreement | -$ |
Software Purchased | +$ |
Software Leased/Service Agreement | -$ |
Operational Tools | |
Network | |
Disaster Recovery | |
Antivirus | |
Data Centers | |
Service Desk | |
Other Licenses | |
Total: |
For additional support, download the M&A Runbook for Infrastructure and Operations.
The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:
Probability of Risk Occurrence |
Occurrence Criteria
|
Negligible | Very Unlikely; ‹20% |
Very Low | Unlikely; 20 to 40% |
Low | Possible; 40 to 60% |
Moderately Low | Likely; 60 to 80% |
Moderate | Almost Certain; ›80% |
Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.
Financial & Reputational Impact |
Budgetary and Reputational Implications
|
Negligible | (‹$10,000; Internal IT stakeholders aware of risk event occurrence) |
Very Low | ($10,000 to $25,000; Business customers aware of risk event occurrence) |
Low | ($25,000 to $50,000; Board of directors aware of risk event occurrence) |
Moderately Low | ($50,000 to $100,000; External customers aware of risk event occurrence) |
Moderate | (›$100,000; Media coverage or regulatory body aware of risk event occurrence) |
Risk Category Details |
Probability of Occurrence |
Estimated Financial Impact |
Estimated Severity (Probability X Impact) |
Capacity Planning | |||
Enterprise Architecture | |||
Externally Originated Attack | |||
Hardware Configuration Errors | |||
Hardware Performance | |||
Internally Originated Attack | |||
IT Staffing | |||
Project Scoping | |||
Software Implementation Errors | |||
Technology Evaluation and Selection | |||
Physical Threats | |||
Resource Threats | |||
Personnel Threats | |||
Technical Threats | |||
Total: |
4 hours
Input: IT strategy, Digital strategy, Business strategy
Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy
Materials: Computer, Whiteboard and markers, M&A Sell Playbook
Participants: IT executive/CIO, Business executive/CEO
The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.
Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.
For additional support, see Build a Business-Aligned IT Strategy.
Record the results in the M&A Sell Playbook.
Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest reduction opportunities.
1-2 hours
Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade
Output: List of pain points or opportunities that IT can address
Materials: Computer, Whiteboard and markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Business stakeholders
The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.
Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.
Record the results in the M&A Sell Playbook.
1-2 hours
Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities
Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for reduction strategy
Materials: Computer, Whiteboard and markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Business stakeholders
The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.
Record the results in the M&A Sell Playbook.
1-2 hours
Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion
Output: M&A transaction opportunities suggested
Materials: M&A Sell Playbook
Participants: IT executive/CIO, Business executive/CEO
The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.
With technology and digital driving many transactions, leverage your organizations’ IT environment as an asset and reason why the divestiture or sale should happen, suggesting the opportunity yourself.
Record the results in the M&A Sell Playbook.
Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through sale or divestiture strategies.
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|
|
|
|
Pre-Work | Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
Establish the Transaction Foundation | Discover the Motivation for Divesting or Selling | Formalize the Program Plan | Create the Valuation Framework | Strategize the Transaction | Next Steps and Wrap-Up (offsite) | |
Activities |
|
|
|
|
|
|
Deliverables |
|
|
|
|
|
|
The Discovery & Strategy phase during a sale or divestiture is a unique opportunity for many IT organizations. IT organizations that can participate in the transaction at this stage are likely considered a strategic partner of the business.
For one-off sales/divestitures, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many divestitures over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.
During this phase of the pre-transaction state, IT may be asked to participate in ensuring that the IT environment is able to quickly and easily carve out components/business lines and deliver on service-level agreements (SLAs).
Goal: To identify a repeatable program plan that IT can leverage when selling or divesting all or parts of the current IT environment, ensuring customer satisfaction and business continuity
Before coming into the Discovery & Strategy phase, you should have addressed the following:
Establish an M&A program plan that can be repeated across sales/divestitures.
Vision Statements |
Mission Statements |
|
Characteristics |
|
|
Samples |
To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) | IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013) |
2 hours
Input: Business objectives, IT capabilities, Rationale for the transaction
Output: IT’s mission and vision statements for reduction strategies tied to mergers, acquisitions, and divestitures
Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a reduction strategy.
Record the results in the M&A Sell Playbook.
IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.
Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.
Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.
Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.
Long lasting. Build IT principles that will withstand the test of time.
Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.
Verifiable. If compliance can’t be verified, people are less likely to follow the principle.
Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.
Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.
In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.
IT Principle Name |
IT Principle Statement |
1. Risk Management | We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified. |
2. Transparent Communication | We will ensure employees are spoken to with respect and transparency throughout the transaction process. |
3. Separation for Success | We will create a carve-out strategy that enables the organization and clearly communicates the resources required to succeed. |
4. Managed Data | We will handle data creation, modification, separation, and use across the enterprise in compliance with our data governance policy. |
5.Deliver Better Customer Service | We will reduce the number of products offered by IT, enabling a stronger focus on specific products or elements to increase customer service delivery. |
6. Compliance With Laws and Regulations | We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchasing organization. |
7. Defined Value | We will create a plan of action that aligns with the organization’s defined value expectations. |
8. Network Readiness | We will ensure that employees and customers have immediate access to the network with minimal or no outages. |
9. Value Generator | We will leverage the current IT people, processes, and technology to turn the IT organization into a value generator by developing and selling our services to purchasing organizations. |
2 hours
Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements
Output: IT’s guiding principles for reduction strategies tied to mergers, acquisitions, and divestitures
Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the reduction strategy process.
Record the results in the M&A Sell Playbook.
Consider the following capabilities when looking at who should be a part of the IT Transaction Team.
Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.
An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.
It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.
The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.
As you assess the current operating model, consider the following:
Info-Tech Insight
Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.
4 hours
Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements
Output: Future-state operating model for divesting organizations
Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a divestiture transaction. If your organization plans to sell in its entirety, you may choose to skip this activity.
An example operating model is included in the M&A Sell Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.
Record the results in the M&A Sell Playbook.
Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements
Output: Transition team
Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.
For more information, see Redesign Your Organizational Structure
1-2 hours
Input: List of governing bodies, Governing body committee profiles, Governance structure
Output: Documented method on how decisions are made as it relates to the M&A transaction
Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.
Record the results in the M&A Sell Playbook.
Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.
Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.
Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.
Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.
Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.
S pecific | Make sure the objective is clear and detailed. |
M easurable | Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective. |
A ctionable | Objectives become actionable when specific initiatives designed to achieve the objective are identified. |
R ealistic | Objectives must be achievable given your current resources or known available resources. |
T ime-Bound | An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline. |
1. Proactive | 2. Discovery & Strategy | 3. Valuation & Due Diligence | 4. Execution & Value Realization |
|
|
|
|
1-2 hours
Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition
Output: Program metrics to support IT throughout the M&A process
Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.
Record the results in the M&A Sell Playbook.
Identify IT’s plan of action when it comes to the separation/sale and align IT’s separation/sale strategy with the business’ M&A strategy.
The approach IT takes will depend on the business objectives for the M&A.
Key considerations when choosing an IT separation strategy include:
1-2 hours
Input: Business separation strategy, Guiding principles, M&A governance
Output: IT’s separation strategy
Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to determine IT’s approach to separating or selling. This approach might differ slightly from transaction to transaction. However, the businesses approach to transactions should give insight into the general separation strategy IT should adopt.
Record the results in the M&A Sell Playbook.
Business M&A Strategy |
Resultant Technology Strategy |
M&A Magnitude (% of Seller Assets, Income, or Market Value) |
IT Separation Posture |
A. Horizontal | Adopt One Model | ‹100% | Divest |
›99% | Sell | ||
B. Vertical | Create Links Between Critical Systems | Any | Divest |
C. Conglomerate | Independent Model | Any | Joint Venture Divest |
D. Hybrid: Horizontal & Conglomerate | Create Links Between Critical Systems | Any | Divest Joint Venture |
Business M&A Strategy | Resultant Technology Strategy | M&A Magnitude (% of Seller Assets, Income, or Market Value) | IT Separation Posture |
M&A objectives may not affect all IT domains and business functions in the same way. Therefore, the separation requirements for each business function may differ. Organizations will often choose to select and implement a hybrid separation posture to realize the technology end state.
Each business division may have specific IT domain and capability needs that require an alternative separation strategy.
1-2 hours
Input: IT capabilities, Transition team, Separation strategy
Output: Completed RACI for Transition team
Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.
Record the results in the M&A Sell Playbook.
Three key dimensions determine the appetite for cultural change:
1-2 hours
Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT separation strategy, RACI
Output: IT’s M&A communication plan
Materials: Flip charts/whiteboard, Markers, RACI, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.
Record the results in the M&A Sell Playbook.
As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when the business is pursuing a sale and IT has to assess the IT organization. As a result, having a standardized template to quickly assess the potential acquiring organization is important.
Assessing potential organizations is not just for the purchaser. The seller should also know what the purchasing organization’s history with M&As is and what potential risks could occur if remaining connected through ongoing SLAs.
Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends
Output: IT’s valuation of the potential organization(s) for selling or divesting
Materials: M&A Sell Playbook
Participants: IT executive/CIO
The purpose of this activity is to assess the organization(s) that your organization is considering selling or divesting to.
Record the results in the M&A Sell Playbook.
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|
|
|
|
Pre-Work | Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
Establish the Transaction Foundation | Discover the Motivation for Separation | Identify Expectations and Create the Carve-Out Roadmap | Prepare and Manage Employees | Plan the Separation Roadmap | Next Steps and Wrap-Up (offsite) | |
Activities |
|
|
|
|
|
|
Deliverables |
|
|
|
|
|
|
The Due Diligence & Preparation phase during a sale or divestiture is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to separation expectations set by the business.
If your organization is being sold in its entirety, staff will have major concerns about their future in the new organization. Making this transition as smooth as possible and being transparent could go a long way in ensuring their success in the new organization.
In a divestiture, this is the time to determine where it’s possible for the organization to divide or separate from itself. A lack of IT involvement in these conversations could lead to an overcommitment by the business and under-delivery by IT.
Goal: To ensure that, as the selling or divesting organization, you comply with regulations, prepare staff for potential changes, and identify a separation strategy if necessary
Before coming into the Due Diligence & Preparation phase, you must have addressed the following:
Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:
All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.
Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.
This step of the process is when IT should prepare and support the business in due diligence and gather the necessary information about staff changes.
1-2 hours
Input: Key roles for the transaction team, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team
Output: IT Due Diligence Charter
Materials: M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.
Record the results in the M&A Sell Playbook.
4 hours
Input: Future-state operating model, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team
Output: List of items to acquire and verify can be provided to the purchasing organization while in the data room
Materials: Critical domain lists on following slides, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team, Legal team, Compliance/privacy officers
The purpose of this activity is to create a list of the key artifacts that you could be asked for during the due diligence process.
**Note that if your organization is not leading/initiating the data room, then you can ignore this activity.
Record the results in the M&A Sell Playbook.
Domain |
Stakeholders |
Key Artifacts |
Key Information to request |
Business |
|
|
|
Leadership/IT Executive |
|
|
|
Data & Analytics |
|
|
|
Applications |
|
|
|
Infrastructure |
|
|
|
Products and Services |
|
|
|
Domain | Stakeholders | Key Artifacts | Key Information to request |
Operations |
|
|
|
IT Processes |
|
|
|
IT People |
|
|
|
Security |
|
|
|
Projects |
|
|
|
Vendors |
|
|
|
3-4 hours
Input: Engagement survey
Output: Baseline engagement scores
Materials: Build an IT Employee Engagement Program
Participants: IT executive/CIO, IT senior leadership, IT employees of current organization
The purpose of this activity is to measure current staff engagement to have a baseline to measure against in the future state. This is a good activity to complete if you will be divesting or selling in entirety.
The results from the survey should act as a baseline to determine what the organization is doing well in terms of employee engagement and what drivers could be improved upon.
Record the results in the M&A Sell Playbook.
Target Organization's Culture. The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.
Your Organization’s Culture. The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.
Ideal Culture. What will the future culture of the IT organization be once separation is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?
Competitive
|
Innovative
|
Traditional
|
Cooperative
|
3-4 hours
Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization
Output: Goal for IT culture
Materials: IT Culture Diagnostic
Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team
The purpose of this activity is to assess the different cultures that might exist within the IT environments of the organizations involved. By understanding the culture that exists in the purchasing organization, you can identify the fit and prepare impacted staff for potential changes.
Record the results in the M&A Sell Playbook.
Have an established plan of action toward separation across all domains and a strategy toward resources.
Testing the carve capabilities of the IT organization often takes 3 months. (Source: Cognizant, 2014)
Daimler-Benz lost nearly $19 billion following its purchase of Chrysler by failing to recognize the cultural differences that existed between the two car companies. (Source: Deal Room)
Separating the IT organization requires more time and effort than business leaders will know. Frequently communicate challenges and lost opportunities when carving the IT environment out.
Set up a meeting with your IT due diligence team to:
Use this opportunity to:
The approach IT takes will depend on the business objectives for the M&A.
Key considerations when choosing an IT separation strategy include:
6 hours
Input: Items included in the carve-out, Dependencies, Whether testing is completed, If the carve-out will pass audit, If the carve-out item is prepared to be separated
Output: Carve-out roadmap
Materials: Business’ divestiture plan, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team
The purpose of this activity is to prepare the IT environment by identifying a carve-out roadmap, specifically looking at data, infrastructure, and applications. Feel free to expand the roadmap to include other categories as your organization sees fit.
Record the results in the M&A Sell Playbook.
2 hours
Input: Separation tasks, Transition team, M&A RACI
Output: Prioritized separation list
Materials: Separation task checklist, Separation roadmap
Participants: IT executive/CIO, IT senior leadership, Company M&A team
The purpose of this activity is to prioritize the different separation tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.
Record the updates in the M&A Separation Project Management Tool (SharePoint).
Record the updates in the M&A Separation Project Management Tool (Excel).
Input: Prioritized separation tasks, Carve-out roadmap, Employee transition plan, Separation RACI, Costs for activities, Activity owners
Output: Separation roadmap
Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel), SharePoint Template: Step-by-Step Deployment Guide
Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team
The purpose of this activity is to create a roadmap to support IT throughout the separation process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth separation.
Record the updates in the M&A Separation Project Management Tool (SharePoint).
Record the updates in the M&A Separation Project Management Tool (Excel).
For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.
Input: Carve-out roadmap, Separation roadmap, Up-to-date version of the agreement
Output: Buyer’s IT expectations
Materials: Questions for meeting
Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership
The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization. By identifying, documenting, and agreeing on what services your IT organization will be responsible for, you can obtain a final agreement to protect you as the selling organization.
6 hours
Input: Buyer's expectations, Separation roadmap
Output: SLA for the purchasing organization
Materials: Service Catalog Internal Service Level Agreement Template, M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)
Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership
The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization post-transaction that your IT organization is agreeing to provide.
*For organizations being purchased in their entirety, this activity may not be relevant.
Modify the Service Catalog Internal Service Level Agreement with the agreed-upon terms of the SLA.
Separation costs are more related to the degree of change required than the size of the transaction.
3-4 hours
Input: Separation tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees
Output: List of anticipated costs required to support IT separation
Materials: Separation task checklist, Separation roadmap, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team
The purpose of this activity is to estimate the costs that will be associated with the separation. Identify and communicate a realistic figure to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.
Record the results in the M&A Sell Playbook.
Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.
3-4 hours
Input: IT strategy, IT organizational design
Output: Employee transition plans
Materials: M&A Sell Playbook, Whiteboard, Sticky notes, Markers
Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team
The purpose of this activity is to create a transition plan for employees.
**Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.
Record the results in the M&A Sell Playbook.
3-4 hours
Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners
Output: Employee functional workplans
Materials: M&A Sell Playbook, Learning and development tools
Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team
The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.
It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.
Record the results in the M&A Sell Playbook.
3-4 hours
Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners, M&A goals
Output: Separation-specific metrics to measure success
Materials: Separation roadmap, M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Transition team
The purpose of this activity is to understand how to measure the success of the separation project by aligning metrics to each identified task.
Record the results in the M&A Sell Playbook.
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|
|
|
|
Pre-Work | Day 1 | Day 2 | Day 3 | Engage in Separation | Day 4 | |
Establish the Transaction Foundation | Discover the Motivation for Integration | Plan the Separation Roadmap | Prepare Employees for the Transition | Engage in Separation | Assess the Transaction Outcomes (Must be within 30 days of transaction date) | |
Activities |
|
|
|
|
|
|
Deliverables |
|
|
|
|
|
|
Once the transaction comes to a close, it’s time for IT to deliver on the critical separation tasks. As the selling organization in this transaction, you need to ensure you have a roadmap that properly enables the ongoing delivery of your IT environment while simultaneously delivering the necessary services to the purchasing organization.
Throughout the separation transaction, some of the most common obstacles IT should prepare for include difficulty separating the IT environment, loss of key personnel, disengaged employees, and security/compliance issues.
Post-transaction, the business needs to understands the value they received by engaging in the transaction and the ongoing revenue they might obtain as a result of the sale. You also need to ensure that the IT environment is functioning and mitigating any high-risk outcomes.
Goal: To carry out the planned separation activities and deliver the intended value to the business.
Before coming into the Execution & Value Realization phase, you must have addressed the following:
Before coming into the Execution & Value Realization phase, we recommend addressing the following:
Successfully execute the separation of the IT environments and update the project plan, strategizing against any roadblocks as they come.
If you are entering the transaction at this point, consider and monitor the following three items above all else.
Your IT environment, reputation as an IT leader, and impact on key staff will depend on monitoring these aspects.
For more information, review:
Input: Original service agreement, Risk register
Output: Service agreement confirmed
Materials: Original service agreement
Participants: IT executive/CIO, IT senior leadership, External organization IT senior leadership
The purpose of this activity is to monitor the established service agreements on an ongoing basis. Your organization is most at risk during the initial months following the transaction.
For additional information and support for this activity, see the blueprint Build an IT Risk Management Program.
Input: Prioritized separation tasks, Separation RACI, Activity owners
Output: Updated separation project plan
Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)
Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team
The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.
Record the updates in the M&A Separation Project Management Tool (SharePoint).
Record the updates in the M&A Separation Project Management Tool (Excel).
Review the value that IT was able to generate around the transaction and strategize about how to improve future selling or separating transactions.
3-4 hours
Input: Separation tasks, Carve-out roadmap, Transition team, Previous RACI, Estimated separation costs
Output: Actual separation costs
Materials: M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Transaction team, Company M&A team
The purpose of this activity is to confirm the associated costs around separation. While the separation costs would have been estimated previously, it’s important to confirm the costs that were associated with the separation in order to provide an accurate and up-to-date report to the company’s M&A team.
Record the results in the M&A Sell Playbook.
Throughout the transaction, the business would have communicated its goals, rationales, and expectations for the transaction. Sometimes this is done explicitly, and other times the information is implicit. Either way, IT needs to ensure that metrics have been defined and are measuring the intended value that the business expects. Ensure that the benefits realized to the organization are being communicated regularly and frequently.
3-4 hours
Input: Prioritized separation tasks, Separation RACI, Activity owners, M&A company goals
Output: Transaction value
Materials: M&A Sell Playbook
Participants: IT executive/CIO, IT senior leadership, Company's M&A team
The purpose of this activity is to track how your IT organization performed against the originally identified metrics.
Record the results in the M&A Sell Playbook.
2 hours
Input: Separation costs, Retention rates, Value that IT contributed to the transaction
Output: Strengths, weaknesses, opportunities, and threats
Materials: Flip charts, Markers, Sticky notes
Participants: IT executive/CIO, IT senior leadership, Business transaction team
The purpose of this activity is to assess the positive and negative elements of the transaction.
Record the results in the M&A Sell Playbook.
4 hours
Input: Transaction and separation SWOT
Output: Refined M&A playbook
Materials: M&A Sell Playbook
Participants: IT executive/CIO
The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.
Record the results in the M&A Sell Playbook.
Congratulations, you have completed the M&A Sell Blueprint!
Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in a separation or sale transaction. You have:
Now that you have done all of this, reflect on what went well and what can be improved if you were to engage in a similar divestiture or sale again.
Ibrahim Abdel-Kader
Research Analyst | CIO Info-Tech Research Group |
Brittany Lutes
Senior Research Analyst | CIO Info-Tech Research Group |
|
John Annand
Principal Research Director | Infrastructure Info-Tech Research Group |
Scott Bickley
Principal Research Director | Vendor Management Info-Tech Research Group |
|
Cole Cioran
Practice Lead | Applications Info-Tech Research Group |
Dana Daher
Research Analyst | Strategy & Innovation Info-Tech Research Group |
|
Eric Dolinar
Manager | M&A Consulting Deloitte Canada |
Christoph Egel
Director, Solution Design & Deliver Cooper Tire & Rubber Company |
|
Nora Fisher
Vice President | Executive Services Advisory Info-Tech Research Group |
Larry Fretz
Vice President | Industry Info-Tech Research Group |
David Glazer
Vice President of Analytics Kroll |
Jack Hakimian
Senior Vice President | Workshops and Delivery Info-Tech Research Group |
|
Gord Harrison
Senior Vice President | Research & Advisory Info-Tech Research Group |
Valence Howden
Principal Research Director | CIO Info-Tech Research Group |
|
Jennifer Jones
Research Director | Industry Info-Tech Research Group |
Nancy McCuaig
Senior Vice President | Chief Technology and Data Office IGM Financial Inc. |
|
Carlene McCubbin
Practice Lead | CIO Info-Tech Research Group |
Kenneth McGee
Research Fellow | Strategy & Innovation Info-Tech Research Group |
|
Nayma Naser
Associate Deloitte |
Andy Neill
Practice Lead | Data & Analytics, Enterprise Architecture Info-Tech Research Group |
Rick Pittman
Vice President | Research Info-Tech Research Group |
Rocco Rao
Research Director | Industry Info-Tech Research Group |
|
Mark Rosa
Senior Vice President & Chief Information Officer Mohegan Gaming and Entertainment |
Tracy-Lynn Reid
Research Lead | People & Leadership Info-Tech Research Group |
|
Jim Robson
Senior Vice President | Shared Enterprise Services (retired) Great-West Life |
Steven Schmidt
Senior Managing Partner Advisory | Executive Services Info-Tech Research Group |
|
Nikki Seventikidis
Senior Manager | Finance Initiative & Continuous Improvement CST Consultants Inc. |
Allison Straker
Research Director | CIO Info-Tech Research Group |
|
Justin Waelz
Senior Network & Systems Administrator Info-Tech Research Group |
Sallie Wright
Executive Counselor Info-Tech Research Group |
“5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.
Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.
“America’s elite law firms are booming.” The Economist, 15 July 2021. Web.
Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.
Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.
Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.
Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.
Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.
Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.
Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.
Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.
“Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.
Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.
Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.
Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.
Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.
“How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.
Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.
Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.
Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.
Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.
Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.
Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.
Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.
Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.
“M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.
Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.
Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.
“Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.
“Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.
“Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.
Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.
O'Connell, Sean, et al. “Divestitures: How to Invest for Success.” McKinsey, 1 Aug. 2015. Web
Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.
Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.
Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.
Ravid, Barak. “How divestments can re-energize the technology growth story.” EY, 14 July 2021. Web.
Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.
Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.
Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.
Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.
“SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.
Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.
Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.
“The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.
“The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.
Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.
“Valuation Methods.” Corporate Finance Institute, n.d. Web.
Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess whether you’re ready to optimize the service desk with a shift-left strategy, get buy-in for the initiative, and define metrics to measure success.
Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods, to the end-user through self-service, and to automation and AI.
Identify, track, and implement specific shift-left opportunities and document a communications plan to increase adoption.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define how shift left would apply in your organization, get buy-in for the initiative, and define metrics to measure success.
Defined scope and objectives for the shift-left initiative
Buy-in for the program
Metrics to keep the project on track and evaluate success
1.1 Review current service desk structure
1.2 Discuss challenges
1.3 Review shift-left model and discuss how it would apply in your organization
1.4 Complete the Shift-Left Prerequisites Assessment
1.5 Complete a RACI chart for the project
1.6 Define and document objectives
1.7 Review the stakeholder buy-in presentation
1.8 Document critical success factors
1.9 Define KPIs and metrics
Shift-left scope
Completed shift-left prerequisites assessment
RACI chart
Defined objectives
Stakeholder buy-in presentation
Critical success factors
Metrics to measure success
Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods.
Identified initiatives to shift work to Level 1
Documented knowledge management process workflows and strategy
2.1 Identify barriers to Level 1 resolution
2.2 Discuss knowledgebase challenges and areas for improvement
2.3 Optimize KB input process
2.4 Optimize KB usage process
2.5 Optimize KB review process
2.6 Discuss and document KCS strategy and roles
2.7 Document knowledge success metrics
2.8 Brainstorm additional methods of increasing FLR
KB input workflow
KB usage workflow
KB review workflow
KCS strategy and roles
Knowledge management metrics
Identified opportunities to shift to Level 1
Build strategy and identify specific opportunities to shift service support left to the end user through self-service and to automation and AI.
Identified initiatives to shift work to self-service and automation
Evaluation of self-service portal and identified opportunities for improvement
3.1 Review existing self-service portal and discuss vision
3.2 Identify opportunities to improve portal accessibility, UI, and features
3.3 Evaluate the user-facing knowledgebase
3.4 Optimize the ticket intake form
3.5 Document plan to improve, communicate, and evaluate portal
3.6 Map the user experience with a workflow
3.7 Document your AI strategy
3.8 Identify candidates for automation
Identified opportunities to improve portal
Improvements to knowledgebase
Improved ticket intake form
Strategy to communicate and measure success of portal
Self-service resolution workflow
Strategy to apply AI and automation
Identified opportunities to shift tasks to automation
Build an action plan to implement shift left, including a communications strategy.
Action plan to track and implement shift-left opportunities
Communications plan to increase adoption
4.1 Examine process workflows for shift-left opportunities
4.2 Document shift-left-specific responsibilities for each role
4.3 Identify and track shift-left opportunities in the action plan
4.4 Brainstorm objections and responses
4.5 Document communications plan
Incident management workflow with shift-left opportunities
Shift left responsibilities for key roles
Shift-left action plan
Objection handling responses
Communications plan
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Integrate data from exit surveys and interviews, engagement surveys, and stay interviews to understand the most commonly cited reasons for employee departure in order to select and prioritize tactics that improve retention. This blueprint will help you identify reasons for regrettable turnover, select solutions, and create an action plan.
Use this tool to document and analyze turnover data to find suitable retention solutions.
The Stay Interview Guide helps managers conduct interviews with current employees, enabling the manager to understand the employee's current engagement level, satisfaction with current role and responsibilities, suggestions for potential improvements, and intent to stay with the organization.
Review best-practice solutions to identify those that are most suitable to your organizational culture and employee needs. Use the IT Retention Solutions Catalog to explore a variety of methods to improve retention, understand their use cases, and determine stakeholder responsibilities.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify the main drivers of turnover at the organization.
Find out what to explore during focus groups.
1.1 Review data to determine why employees join, stay, and leave.
1.2 Identify common themes.
1.3 Prepare for focus groups.
List of common themes/pain points recorded in the Retention Plan Workbook.
Conduct focus groups to explore retention drivers.
Explore identified themes.
2.1 Conduct four 1-hour focus groups with the employee segment(s) identified in the pre-workshop activities.
2.2 Info-Tech facilitators independently analyze results of focus groups and group results by theme.
Focus group feedback.
Focus group feedback analyzed and organized by themes.
Home in on employee needs that are a priority.
A list of initiatives to address the identified needs
3.1 Create an empathy map to identify needs.
3.2 Shortlist retention initiatives.
Employee needs and shortlist of initiatives to address them.
Prepare to launch your retention initiatives.
A clear action plan for implementing your retention initiatives.
4.1 Select retention initiatives.
4.2 Determine goals and metrics.
4.3 Plan stakeholder communication.
4.4 Build a high-level action plan.
Finalized list of retention initiatives.
Goals and associated metrics recorded in the Retention Plan Workbook.
Many organizations are facing an increase in voluntary turnover as low unemployment, a lack of skilled labor, and a rise in the number of vacant roles have given employees more employment choices.
Regrettable turnover is impacting organizational productivity and leading to significant costs associated with employee departures and the recruitment required to replace them.
Many organizations tackle retention from an engagement perspective: Increase engagement to improve retention. This approach doesn't consider the whole problem.
Build the case for creating retention plans by leveraging employee data and feedback to identify the key reasons for turnover that need to be addressed.
Target employee segments and work with management to develop solutions to retain top talent.
Engagement surveys mask the volatility of the employee experience and hide the reason why individual employees leave. You must also talk to employees to understand the moments that matter and engage managers to understand turnover triggers.
As the economy continues to recover from the pandemic, unemployment continues to trend downward even with a looming recession. This leaves more job openings vacant, making it easier for employees to job hop.
With more employees voluntarily choosing to leave jobs, it is more important than ever for organizations to identify key employees they want to retain and put plans in place to keep them.
The number of HR professionals citing retention/turnover as a top workforce management challenge is increasing, and it is now the second highest recruiting priority ("2020 Recruiter Nation Survey," Jobvite, 2020).
65% of employees believe they can find a better position elsewhere (Legaljobs, 2021). This is a challenge for organizations in that they need to find ways to ensure employees want to stay at the organization or they will lose them, which results in high turnover costs.
Executives and IT are making retention and turnover – two sides of the same coin – a priority because they cost organizations money.
Employees with longer tenure have an increased understanding of an organization's policies and processes, which leads to increased productivity (Indeed, 2021).
Turnover often ripples across a team or department, with employees following each other out of the organization (Mereo). Retaining even one individual can often have an impact across the organization.
Retaining key individuals allows them to pass it on to other employees through communities of practice, mentoring, or other knowledge-sharing activities.
Improving retention goes beyond cost savings: Employees who agree with the statement "I expect to be at this organization a year from now" are 71% more likely to put in extra hours and 32% more likely to accomplish more than what is expected of their role (McLean & Company Engagement Survey, 2021; N=77,170 and 97,326 respectively).
Employee engagement is a strong driver of retention, with only 25% of disengaged employees expecting to be at their organization a year from now compared to 92% of engaged employees (McLean & Company Engagement Survey, 2018-2021; N=117,307).
However, engagement surveys mask the volatility of the employee experience and hide the reason why individual employees leave.
This analysis of McLean & Company's engagement survey results shows that while an organization's average employee net promoter score (eNPS) stays relatively static, at an individual level there is a huge amount of volatility.
This demonstrates the need for an approach that is more capable of responding to or identifying employees' in-the-moment needs, which an annual engagement survey doesn't support.
Retention needs to be monitored throughout the employee lifecycle. To address the variety of issues that can appear, consider three main paths to turnover:
Engagement drivers are strong predictors of turnover.
Employees who are highly engaged are 3.6x more likely to believe they will be with the organization 12 months from now than disengaged employees (McLean & Company Engagement Survey, 2018-2021; N=117,307).
Turnover triggers are events that act as shocks or catalysts that quickly lead to an employee's departure.
Turnover triggers are a cause for voluntary turnover more often than accumulated issues (Lee et al.).
Employee experience is the employee's perception of the accumulation of moments that matter within their employee lifecycle.
Retention rates increase from 21% to 44% when employees have positive experiences in the following categories: belonging, purpose, achievement, happiness, and vigor at work. (Workhuman, 2020).
Research shows managers do not appear as one of the common reasons for employee turnover.
Top five most common reasons employees leave an organization (McLean & Company, Exit Survey, 2018-2021; N=107 to 141 companies,14,870 to 19,431 responses).
Turnover factors | Rank |
---|---|
Opportunities for career advancement | 1 |
Satisfaction with my role and responsibilities | 2 |
Base pay | 3 |
Opportunities for career-related skill development | 4 |
The degree to which my skills were used in my job | 5 |
However, managers can still have a huge impact on the turnover of their team through each of the three main paths to turnover:
Employees who believe their managers care about them as a person are 3.3x more likely to be engaged than those who do not (McLean & Company, 2021; N=105,186).
Managers who are involved with and aware of their staff can serve as an early warning system for triggers that lead to turnover too quickly to detect with data.
Managers have a direct connection with each individual and can tailor the employee experience to meet the needs of the individuals who report to them.
Gallup has found that 52% of exiting employees say their manager could have done something to prevent them from leaving (Gallup, 2019). Do not discount the power of managers in anticipating and preventing regrettable turnover.
HR traditionally seeks to examine engagement levels when faced with retention challenges, but engagement is only a part of the full picture. You must also talk to employees to understand the moments that matter and engage managers to understand turnover triggers.
After completing this step you will have:
Employee engagement | Employee engagement and moments that matter are easily tracked by data. Validating employee feedback data by speaking and empathizing with employees helps to uncover moments that matter. This step focuses on analyzing existing data and validating it through focus groups. |
---|---|
Engagement drivers such as compensation or working environment are strong predictors of turnover. | |
Moments that matter | |
Employee experience (EX) is the employee's perception of the accumulation of moments that matter with the organization. | |
Turnover triggers | |
Turnover triggers are events that act as shocks or catalysts that quickly lead to an employee's departure. | |
Turnover triggers | This step will not touch on turnover triggers. Instead, they will be discussed in step 2 in the context of the role of the manager in improving retention. |
Turnover triggers are events that act as shocks or catalysts that quickly lead to an employee's departure. |
IT managers often have insights into where and why retention is an issue through their day-to-day work. Gathering detailed quantitative and qualitative data provides credibility to these insights and is key to building a business case for action. Keep an open mind and allow the data to inform your gut feeling, not the other way around.
Start to gather and examine additional data to accurately identify the reason(s) for high turnover. Begin to uncover the story behind why these employees join, stay, and leave your organization through themes and trends that emerge.
Look for these icons throughout step 2. | Why do candidates join your organization? | |
---|---|---|
![]() | Why do employees stay with your organization? | |
![]() | Why do employees leave your organization? |
For more information on analysis, visualization, and storytelling with data, see Info-Tech's Start Making Data-Driven People Decisions blueprint.
Classify where key employee needs fall within the employee lifecycle diagram in tab 2 of the Retention Plan Workbook. This will be used in step 2 to pinpoint and prioritize solutions.
The employee lifecycle is a valuable way to analyze and organize engagement pain points, moments that matter, and turnover triggers. It ensures that you consider the entirety of an employee's tenure and the different factors that lead to turnover.
While conducting a high-level analysis of new hire data, look for these three key themes impacting retention:
Issues or pain points that occurred during the hiring process.
Reasons why employees joined your organization.
The experience of their first 90 days. This can include their satisfaction with the onboarding process and their overall experience with the organization.
Themes will help to identify areas of strength and weakness organization-wide and within key segments. Document in tab 3 of the Retention Plan Workbook.
Employees who are engaged are 3.6x more likely to believe they will be with the organization 12 months from now (McLean & Company Engagement Survey, 2018-2021; N=117,307). Given the strength of this relationship, it is essential to identify areas of strength to maintain and leverage.
If you use Info-Tech's Engagement Survey, look in detail at what are classified as "Retention Drivers": total compensation, working environment, and work-life balance.
If you use a product other than Info-Tech's Engagement Survey, your results will look different. The key is to look at areas of weakness that emerge from the data.
If you use Info-Tech's Engagement Survey, look in detail at what are classified as "Retention Drivers": total compensation, working environment, and work-life balance.
Conduct a high-level analysis of the data from your employee exit diagnostic. While analyzing this data, consider the following:
If your organization conducts exit interviews, analyze the results alongside or in lieu of exit survey data.
Determine if new hire expectations weren't met, prompting employees to leave your organization, to help identify where in the employee lifecycle issues driving turnover may be occurring.
A result where employees are leaving for the same reason they're joining the organization could signal a disconnect between your organization's employee value proposition and the lived experience.
Your employee value proposition (EVP), formal or informal, communicates the value your organization can offer to prospective employees.
If your EVP is mismatched with the lived experience of your employees, new hires will be in for a surprise when they start their new job and find out it isn't what they were expecting.
Forty-six percent of respondents who left a job within 90 days of starting cited a mismatch of expectations about their role ("Job Seeker Nation Study 2020," Jobvite, 2020).
Through focus groups, explore the themes you have uncovered with employees to discover employee needs that are not being met. Addressing these employee needs will be a key aspect of your retention plan.
Identify employee groups who will participate in focus groups:
Customize Info-Tech's Standard Focus Group Guide based on the themes you have identified in tab 3 of the Retention Plan Workbook.
The goal of the focus group is to learn from employees and use this information to design or modify a process, system, or other solution that impacts retention.
Focus questions on the employees' personal experience from their perspective.
Key things to remember:
Maintaining an open dialogue with employees will help flesh out the context behind the data you've gathered and allow you to keep in mind that retention is about people first and foremost.
Look for discrepancies between what employees are saying and doing. | 1. Say "What words or quotes did the employee use?" | 3.Think "What might the employee be thinking?" | Record feelings and thoughts discussed, body language observed, tone of voice, and words used. Look for areas of negative emotion to determine the moments that matter that drive retention. |
2. Do "What actions or behavior did the employee demonstrate?" | 4. Feel "What might the employee be feeling?" | ||
Record them in tab 3 of the Retention Plan Workbook. | 5. Identify Needs | "Needs are verbs (activities or desires), not nouns (solutions)" | Synthesize focus group findings using Info-Tech's Empathy Map Template. |
---|---|---|---|
6. Identify Insights | "Ask yourself, why?" |
(Based on Stanford d.school Empathy Map Method)
Take employee needs revealed by your data and focus groups and prioritize three to five needs.
Select a limited number of employee needs to develop solutions to ensure that the scope of the project is feasible and that the resources dedicated to this project are not stretched too thin. The remaining needs should not be ignored – act on them later.
Share the needs you identify with stakeholders so they can support prioritization and so you can confirm their buy-in and approval where necessary.
Ask yourself the following questions to determine your priority employee needs:
After completing this step, you will have:
First, select and prioritize solutions to address employee needs identified in the previous step. These solutions will address reasons for turnover that influence employee engagement and moments that matter.
Next, create a plan to launch stay interviews to increase managers' accountability in improving retention. Managers will be critical to solving issues stemming from turnover triggers.
Finally, create an action plan and present to senior leadership for approval.
Look for these icons in the top right of slides in this step.
Based on the priority needs you have identified, use the Retention Solutions Catalog to review best-practice solutions for pain points associated with each stage of the lifecycle.
Use this tool as a starting point, adding to it and iterating based on your own experience and organizational culture and goals.
Use Info-Tech's Retention Solutions Catalog to start the brainstorming process and produce a shortlist of potential solutions that will be prioritized on the next slide.
Unless you have the good fortune of having only a few pain points, no single initiative will completely solve your retention issues. Combine one or two of these broad solutions with people-leader initiatives to ensure employee needs are addressed on an individual and an aggregate level.
Target efforts accordingly
Quick wins are high-impact, low-effort initiatives that will build traction and credibility within the organization.
Long-term initiatives require more time and need to be planned for accordingly but will still deliver a large impact. Review the planning horizon to determine how early these need to begin.
Re-evaluate low-impact and low-effort initiatives and identify ones that either support other higher impact initiatives or have the highest impact to gain traction and credibility. Look for low-hanging fruit.
Deprioritize initiatives that will take a high degree of effort to deliver lower-value results.
When assessing the impact of potential solutions, consider:
It's better to master a few initiatives than under-deliver on many. Start with a few solutions that will have a measurable impact to build the case for further action in the future.
Low Impact | Medium Impact | Large Impact | |
---|---|---|---|
Large Effort | ![]() | ||
Medium Effort | |||
Low Effort |
Use tab 3 of the Retention Plan Workbook to prioritize your shortlist of solutions.
Leaders at all levels have a huge impact on employees.
Support leaders in recommitting to their role as people managers through Learning & Development initiatives with particular emphasis on coaching and building trust.
For coaching training, see Info-Tech's Build a Better Manager: Team Essentials – Feedback and Coaching training deck.
For more information on supporting managers to become better people leaders, see Info-Tech's Build a Better Manager: Manage Your People blueprint.
"HR can't fix turnover. But leaders on the front line can."
– Richard P. Finnegan, CEO, C-Suite Analytics
Managers often have the most visibility into their employees' personal and work lives and have a key opportunity to anticipate and address turnover triggers.
Stay interviews are an effective way of uncovering potential retention issues and allowing managers to act as an early warning system for turnover triggers.
Sources: Richard P. Finnegan, CEO, C-Suite Analytics; SHRM
For each initiative identified, map out timelines and actions that need to be taken.
Be clear about manager accountabilities for initiatives they will own, such as stay interviews. Plan to communicate the goals and timelines managers will be asked to meet, such as when they must conduct interviews or their responsibility to follow up on action items that come from interviews.
Insight 1 | Insight 2 | Insight 3 |
---|---|---|
Retention and turnover are two sides of the same coin. You can't fix retention without first understanding turnover. | Engagement surveys mask the volatility of the employee experience and hide the reason why individual employees leave. You must also talk to employees to understand the moments that matter and engage managers to understand turnover triggers. | Improving retention isn't just about lowering turnover, it's about discovering what healthy retention looks like for your organization. |
Insight 4 | Insight 5 | Insight 6 |
HR professionals often have insights into where and why retention is an issue. Gathering detailed employee feedback data through surveys and focus groups provides credibility to these insights and is key to building a case for action. Keep an open mind and allow the data to inform your gut feeling, not the other way around. | Successful retention plans must be owned by both IT leaders and HR. | IT leaders often have the most visibility into their employees' personal and work lives and have a key opportunity to anticipate and address turnover triggers. Stay interviews help managers anticipate potential retention issues on their teams. |
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Info-Tech Analysts | Pre-work | Post-work |
---|---|---|
Client Data Gathering and Planning | Implementation Supported Through Analyst Calls | |
1.1 Discuss participants, logistics, overview of workshop activities 1.2 Provide support to client for below activities through calls. | 2.1 Schedule follow-up calls to work through implementation of retention solutions based on identified needs. | |
Client | 1.Gather results of engagement survey, new hire survey, exit survey, and any exit and stay interview feedback. 2.Gather and analyze turnover data. 3.Identify key employee segment(s) and identify and organize participants for focus groups. 4.Complete cost of turnover analysis. 5.Review turnover data and prioritize list of employee segments. | 1.Obtain senior leader approval to proceed with retention plan. 2.Finalize and implement retention solutions. 3.Prepare managers to conduct stay interviews. 4.Communicate next steps to stakeholders. |
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Activities | Day 1 | Day 2 | Day 3 | Day 4 |
---|---|---|---|---|
Assess Current State | Conduct Focus Groups | Identify Needs and Retention Initiatives | Prepare to Communicate and Launch | |
1.1 Review data to determine why employees join, stay, and leave. 1.2 Identify common themes. 1.3 Prepare for focus groups. | 2.1 Conduct four 1-hour focus groups with the employee segment(s) identified in the pre-workshop activities.. 2.2 Info-Tech facilitators independently analyze results of focus groups and group results by theme. | 3.1 Create an empathy map to identify needs 3.2 Shortlist retention initiatives | 4.1 Select retention initiatives 4.2 Determine goals and metrics 4.3 Plan stakeholder communication4.4 Build a high-level action plan | |
Deliverables | 1.List of common themes/pain points recorded in the Retention Plan Workbook 2.Plan for focus groups documented in the Focus Group Guide | 1.Focus group feedback 2.Focus group feedback analyzed and organized by themes | 1.Employee needs and shortlist of initiatives to address them | 1.Finalized list of retention initiatives |
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Jeff Bonnell
VP HR
Info-Tech Research Group
Phillip Kotanidis
CHRO
Michael Garron Hospital
Michael McGuire
Director, Organizational Development
William Osler Health System
Dr. Iris Ware
Chief Learning Officer
City of Detroit
Richard P. Finnegan
CEO
C-Suite Analytics
Dr. Thomas Lee
Professor of Management
University of Washington
Jane Moughon
Specialist in increasing profits, reducing turnover, and maximizing human potential in manufacturing companies
Lisa Kaste
Former HR Director
Citco
Piyush Mathur
Head of Workforce Analytics
Johnson & Johnson
Gregory P. Smith
CEO
Chart Your Course
"17 Surprising Statistics about Employee Retention." TINYpulse, 8 Sept. 2020. Web.
"2020 Job Seeker Nation Study." Jobvite, April 2020. Web.
"2020 Recruiter Nation Survey." Jobvite, 2020. Web.
"2020 Retention Report: Insights on 2019 Turnover Trends, Reasons, Costs, & Recommendations." Work Institute, 2020. Web.
"25 Essential Productivity Statistics for 2021." TeamStage, 2021. Accessed 22 Jun. 2021.
Agovino, Theresa. "To Have and to Hold." SHRM, 23 Feb. 2019. Web.
"Civilian Unemployment Rate." Bureau of Labor Statistics, June 2020. Web.
Foreman, Paul. "The domino effect of chief sales officer turnover on salespeople." Mereo, 19 July 2018. Web.
"Gross Domestic Product." U.S. Bureau of Economic Analysis, 27 May 2021. Accessed 22 Jun. 2020.
Kinne, Aaron. "Back to Basics: What is Employee Experience?" Workhuman, 27August 2020. Accessed 21 Jun. 2021.
Lee, Thomas W, et al. "Managing employee retention and turnover with 21st century ideas." Organizational Dynamics, vol 47, no. 2, 2017, pp. 88-98. Web.
Lee, Thomas W. and Terence R. Mitchell. "Control Turnover by Understanding its Causes." The Blackwell Handbook of Principles of Organizational Behaviour. 2017. Print.
McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup. 13 March 2019. Web.
"Table 18. Annual Quit rates by Industry and Region Not Seasonally Adjusted." Bureau of Labor Statistics. June 2021. Web.
"The 2019 Compensation Best Practices Report: Will They Stay or Will They Go? Employee Retention and Acquisition in an Uncertain Economy." PayScale. 2019. Web.
Vuleta, Branka. "30 Troubling Employee Retention Statistics." Legaljobs. 1 Feb. 2021. Web.
"What is a Tenured Employee? Top Benefits of Tenure and How to Stay Engaged as One." Indeed. 22 Feb. 2021. Accessed 22 Jun. 2021.