The Accessibility Business Case for IT

  • Buy Link or Shortcode: {j2store}519|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Lead
  • Parent Category Link: /lead
  • Laws requiring digital accessibility are changing and differ by location.
  • You need to make sure your digital assets, products, and services (internal and external) are accessible to everyone, but getting buy-in is difficult.
  • You may not know where your gaps in understanding are because conventional thinking is driven by compliance and risk mitigation.

Our Advice

Critical Insight

  • The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.
  • Implementing accessibility feels counterintuitive to IT departments. IT always wants to optimize and move forward, but with accessibility you may stay at one level for what feels like an uncomfortably long period. Don’t worry; building consistency and shifting culture takes time.
  • Accessibility goes beyond compliance, which should be an outcome, not the objective. With 1 billion people worldwide with some form of disability, nearly everyone likely has a connection to disability, whether it be in themselves, family, or colleagues. The market of people with disabilities has a spending power of more than $6 trillion (WAI, 2018).

Impact and Result

  • Take away the overwhelm that many feel when they hear “accessibility” and make the steps for your organization approachable.
  • Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.
  • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

The Accessibility Business Case for IT Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. The Accessibility Business Case for IT – Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.

A step-by-step approach to walk you through understanding your current state related to accessibility maturity, identifying your desired future state, and building your business case to seek buy-in. This storyboard will help you figure out what’s right for your organization and build the accessibility business case for IT.

  • The Accessibility Business Case for IT – Phases 1-3

2. Accessibility Business Case Template – A clear, concise, and compelling business case template to communicate the criticality of accessibility.

The business case for accessibility is strong. Use this template to communicate to senior leaders the benefits, challenges, and risks of inaction.

  • Accessibility Business Case Template

3. Accessibility Maturity Assessment – A structured tool to help you identify your current accessibility maturity level and identify opportunities to ensure progress.

This tool uses a capability maturity model framework to evaluate your current state of accessibility. Maturity level is assessed on three interconnected aspects (people, process, and technology) across six dimensions proven to impact accessibility. Complete the assessment to get recommendations based on where you’re at.

  • Accessibility Maturity Assessment

Infographic

Further reading

The Accessibility Business Case for IT

Accessibility goes beyond compliance

Analyst Perspective

Avoid tech debt related to accessibility barriers

Accessibility is important for individuals, businesses, and society. Diverse populations need diverse access, and it’s essential to provide access and opportunity to everyone, including people with diverse abilities. In fact, access to information and communications technologies (ICT) is a basic human right according to the United Nations.

The benefits of ICT accessibility go beyond compliance. Many innovations that we use in everyday life, such as voice activation, began as accessibility initiatives and ended up creating a better lived experience for everyone. Accessibility can improve user experience and satisfaction, and it can enhance your brand, drive innovation, and extend your market reach (WAI, 2022).

Although your organization might be required by law to ensure accessibility, understanding your users’ needs and incorporating them into your processes early will determine success beyond just compliance.

Heather Leier-Murray, Senior Research Analyst, People and Leadership

Heather Leier-Murray
Senior Research Analyst, People and Leadership
Info-Tech Research Group

Executive Summary

Your Challenge Common Obstacles Info-Tech’s Approach

Global IT and business leaders are challenged to make digital products and services accessible because inaccessibility comes with increasing risk to brand reputation, legal ramifications, and constrained market reach.

  • Laws requiring digital accessibility are changing and differ by location.
  • You need to make sure your digital assets, products, and services (internal and external) are accessible to everyone.
  • The cost of inaction is rising.

Understanding where to start, where accessibility lives, and if or when you’re done can be overwhelmingly difficult.

  • Executive leadership buy-in is difficult to get.
  • Conventional thinking is driven by compliance and risk mitigation.
  • You don’t know where your gaps in understanding are.

Conventional approaches to accessibility often fail because users are expected to do the hard work. You have to be doing 80% of the hard work.1

Use Info-Tech’s research and resources to do what’s right for your organization. This framework takes away the overwhelm that many feel when they hear “accessibility” and makes the steps for your organization approachable.

  • Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.
  • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

1. Harvard Business Review, 2021

Info-Tech Insight
The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.

Your challenge

This research is designed to help organizations who are looking to:

  • Build a business case for accessibility.
  • Ensure that digital assets, products, and services are accessible to everyone, internally and externally.
  • Support staff and build skills to support the organization with accessibility and accommodation.
  • Get assistance figuring out where to start on the road to accessibility compliance and beyond.

The cost of inaction related to accessibility is rising. Preparing for accessibility earlier helps prevent tech debt; the longer you wait to address your accessibility obligations, the more costly it gets.

More than 3,500 digital accessibility lawsuits were filed in the US in 2020, up more than 50% from 2018.

Source: UsableNet. Inc.

Common obstacles

These barriers make accessibility difficult to address for many organizations:

  • You don’t know where your gaps in understanding are. Recognizing the importance of accessibility and how it fits into the bigger picture is key to developing buy-in.
  • Too often organizations focus on mitigating risk by being compliance driven. Shifting focus to the user experience, internally and externally, will realize better results.
  • Conventional approaches to accessibility often fail because the expectation is for users to do the hard work. One in five people have a permanent disability, but it’s likely everyone will be faced with some sort of disability at some point in their lives.1 Your organization has to be doing at least 80% of the hard work.2
  • Other types of compliance reside clearly with one area of the organization. Accessibility, however, has many homes: IT, user experience (UX), customer experience (CX), and even HR.

1. Smashing Magazine

2. Harvard Business Review, 2021

90% of companies claim to prioritize diversity.

Source: Harvard Business Review, 2020

Only 4% of those that claim to prioritize diversity consider disability in those initiatives.

Source: Harvard Business Review, 2020

The four principles of accessibility

WCAG (Web Content Accessibility Guidelines) identifies four principles of accessibility. WCAG is the most referenced standard in website accessibility lawsuits.

The four principles of accessibility

Source: eSSENTIAL Accessibility, 2022

Why organizations address accessibility

Top three reasons:

61% 62% 78%
To comply with laws To provide the best UX To include people with disabilities

Source: Level Access

Still, most businesses aren’t meeting compliance standards. Even though legislation has been in place for over 30 years, a 2022 study by WebAIM of 1,000,000 homepages returned a 96.8% WCAG 2.0 failure rate.

Source: Institute for Disability Research, Policy, and Practice

How organizations prioritize digital accessibility

43% rated it as a top priority.

36% rated it as important.

Fewer than 5% rated as either low priority or not even on the radar.

More than 65% agreed or strongly agreed it’s a higher priority than last year.

Source: Angel Business Communications

Organizations expect consumers to do more online

The pandemic led to many businesses going digital and more people doing things online.

Chart of activities performed more often compared to before COVID-19

Chart of activities performed for the first time during COVID-19

Source: Statistics Canada

Disability is part of being human

Merriam-Webster defines disability as a “physical, mental, cognitive, or developmental condition that impairs, interferes with, or limits a person’s ability to engage in certain tasks or actions or participate in typical daily activities and interactions.”1

The World Health Organization (WHO) points out that a crucial part of the definition of disability is that it’s not just a health problem, but the environment impacts the experience and extent of disability. Inaccessibility creates barriers for full participation in society.2

The likelihood of you experiencing a disability at some point in your life is very high, whether a physical or mental disability, seen or unseen, temporary or permanent, severe or mild.2

Many people acquire disabilities as they age yet may not identify as “a person with a disability.”3 Where life expectancies are over 70 years of age, 11.5% of life is spent living with a disability. 4

“Extreme personalization is becoming the primary difference in business success, and everyone wants to be a stakeholder in a company that provides processes, products, and services to employees and customers with equitable, person-centered experiences and allows for full participation where no one is left out.”
– Paudie Healy, CEO, Universal Access

1. Merriam-Webster
2. World Health Organization
3. Digital Leaders, as cited in WAI, 2018
4. Disabled World, as cited in WAI, 2018

Untapped talent resource

Common myths about people with disabilities:

  • They can’t work.
  • They need more time off or are absent more often.
  • Only basic, unskilled work is appropriate for them.
  • Their productivity is lower than that of coworkers.
  • They cost more to recruit, train, and employ.
  • They decrease others’ productivity.
  • They’re not eligible for governmental financial incentives (e.g. apprentices).
  • They don’t fit in.

These assumptions prevent organizations from hiring valuable people into the workforce and retaining them.

Source: Forbes

50% to 70% of people with disabilities are unemployed in industrialized countries. In the US alone, 61 million adults have a disability.

Source: United Nations, as cited in Forbes

Thought Model

Info-Tech’s methodology for the accessibility business case for IT

1. Understand Current State 2. Plan for Buy-in 3. Prepare Your Business Case
Phase Steps
  1. Understand standards and legislation
  2. Build awareness
  3. Understand current accessibility maturity level Define desired future state
  1. Define desired future state
  2. Define goals and objectives
  3. Document roles and responsibilities
  1. Customize and populate the Accessibility Business Case Template and gain approval
  2. Validate post-approval steps and establish timelines
Phase Outcomes
  • Accessibility maturity assessment
  • Accessibility drivers determined
  • Goals defined
  • Objectives identified
  • Roles and responsibilities documented
  • Business case drafted
  • Approval to move forward with implementing your accessibility program
  • Next steps and timelines

Insight Summary

Insight 1 The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.
Insight 2 Implementing accessibility feels counterintuitive to IT departments. IT always wants to optimize and move forward, but with accessibility you may stay at one level for what feels like an uncomfortably long period. Don’t worry; building consistency and shifting culture takes time.
Insight 3 Accessibility goes beyond compliance, which should be an outcome, not the objective. With 1 billion people worldwide with some form of disability, nearly everyone likely has a connection to disability, whether it be in themselves, family, or colleagues. The market of people with disabilities has a spending power of more than $6 trillion.1

1. WAI, 2018

Blueprint deliverables

This blueprint is accompanied by supporting deliverables to help you accomplish your goals.

Accessibility Business Case Template

The business case for accessibility is strong. Use this template to communicate to senior leaders the benefits and challenges of accessibility and the risks of inaction.

Accessibility Maturity Assessment

Use this assessment to understand your current accessibility maturity.

Blueprint benefits

Business Benefits IT Benefits
  • Don’t lose out on a 6-trillion-dollar market.
  • Don’t miss opportunities to work with organizations because you’re not accessible.
  • Enable and empower current employees with disabilities.
  • Minimize potential for negative brand reputation due to a lack of consideration for people with disabilities.
  • Decrease the risk of legal action being brought upon the organization.
  • Understand accessibility and know your role in it for your organization and your team members.
  • Be prepared and able to provide the user experience you want.
  • Decrease tech debt – start early to ensure accessibility for everyone.
  • Access an untapped labor market.
  • Mitigate IT retention challenges.

Measure the value of this blueprint

Improve stakeholder satisfaction and engagement

  • Tracking measures to understand the value of this blueprint is a critical part of the process.
  • Monitor employee engagement, overall stakeholder satisfaction with IT, and the overall end-customer satisfaction.
  • Remember, accessibility is not a one-and-done project – just because measures are positive does not mean your work is done.

In phase 2 of this blueprint, we will help you establish current-state and target-state metrics for your organization.

Suggested Metrics
Overall end-customer satisfaction
Monies saved through cost optimization efforts
Employee engagement
Monies save through application rationalization and standardization

For more metrics ideas, see the Info-Tech IT Metrics Library.

Executive Brief Case Study

INDUSTRY
Technology

SOURCE
W3C Web Accessibility Initiative (WAI), 2018

Google

Investing in accessibility
With an innovative edge, Google invests in accessibility with the objective of making life easier for everyone. Google has created a broad array of accessibility innovations in its products and services so that people with disabilities get as much out of them as anyone else.

Part of Google’s core mission, accessibility means more to Google than implementing fixes. It is viewed positively by the organization and drives it to be more innovative to make information available to everyone. Google approaches accessibility problems not as barriers but as ways to innovate and discover breakthroughs that will become mainstream in the future.

Results
Among Google’s innovations are contrast minimums, auto-complete, voice-control, AI advances, and machine learning auto-captioning. All of these were created for accessibility purposes but have positively impacted the user experience in general for Google.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit Guided Implementation Workshop Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 4 to 6 calls over the course of 2 to 4 months.

What does a typical GI on this topic look like?

Phase 1 Phase 2 Phase 3

Call #1: Discuss motivation for the initiative and foundational knowledge requirements.

Call #2: Discuss next steps to assess current accessibility maturity.

Call #3: Discuss stakeholder engagement and future-state analysis.

Call #4: Discuss defining goals and objectives, along with roles and responsibilities.

Call #5: Review draft business case presentation.

Call #6: Discuss post-approval steps and timelines.

Phase 1

Understand Your Current State

Phase 1
1.1 Understand standards and legislation
1.2 Build awareness
1.3 Understand maturity level

Phase 2
2.1 Define desired future state
2.2 Define goals and objectives
2.3 Document roles and responsibilities

Phase 3
3.1 Prepare business case template for presentation and approval
3.2 Validate post-approval steps and establish timelines

The Accessibility Business Case for IT

This phase will walk you through the following activities:

  • Identifying and understanding accessibility and compliance requirements and the ramifications of noncompliance.
  • Defining accessibility, disability, and disability inclusion and building awareness of these with senior leaders.
  • Completing the Accessibility Maturity Assessment to help you understand your current state.

Step 1.1

Understand standards and legislation

Activities

1.1.1 Make a list of the legislation you need to comply with

1.1.2 Seek legal and/or professional services’ input on compliance

1.1.3 Detail the risks of inaction for your organization

Understand Your Current State

Outcomes of this step
You will gain foundational understanding of the breadth of the regulation requirements for your organization. You will have reviewed and understand what is applicable to your organization.

The regulatory landscape is evolving

Canada

  • Canadian Human Rights Act
  • Policy on Communications and Federal Identity
  • Canadian Charter of Rights and Freedoms
  • Accessibility for Ontarians with Disabilities Act
  • Accessible Canada Act of 2019 (ACA)

Europe

  • UK Equality Act 2010
  • EU Web and Mobile Accessibility Directive (2016)
  • EN 301 549 European Standard – Accessibility requirements for public procurement of ICT products and services

United States

  • Section 508 of the US Rehabilitation Act of 1973
  • Americans with Disabilities Act of 1990 (ADA)
  • Section 255 of the Telecommunications Act of 1996
  • Air Carrier Access Act of 1986
  • 21st Century Communications and Video Accessibility Act of 2010 (CVAA)

New Zealand

  • Human Rights Act 1993
  • Online Practice Guidelines for Government

Australia

  • Disability Discrimination Act 1992 (DDA)

Regulatory systems are moving toward an international standard.

1.1.1 Make a list of the legislation you need to comply with

  1. Download the Accessibility Business Case Template.
  2. Conduct research and investigate what legislation and standards are applicable to your organization.
  3. a) Start by looking at your local legislation.
    b) Then consider any other regions you conduct business in.
    c) Also account for the various industries you are in.
  4. While researching, build a list of legislation requirements. Document these in your Accessibility Business Case Template as part of the Project Context section.
Input Output
  • Research
  • Websites
  • Articles
  • List of legislation that applies to the organization related to accessibility
Materials Participants
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

1.1.2 Seek professional advice on compliance

  1. Have general counsel review your list of regulations and standards related to accessibility or seek legal and/or professional support to review your list.
  2. Review or research further the implications of any suggestions from legal counsel.
  3. Make any updates to the Legal Landscape slide in the Accessibility Business Case Template.
Input Output
  • Compiled list of applicable legislation and standards
  • Confirmed list of regulations that are applicable to your organization related to accessibility
Materials Participants
  • Accessibility Business Case Template
  • Project leader/initiator
  • General counsel/professional services

Download the Accessibility Business Case Template

Ramifications of noncompliance

Go beyond financial consequences

Beyond the costs resulting from a claim, noncompliance can damage your organization in several ways.

Financial Impact

ADA Warning Shot: A complaint often indicates pending legal action to come. Addressing issues on a reactive, ad hoc basis can be quite expensive. It can cost almost $10,000 to address a single complaint, and chances are if you have one complaint, you have many.

Lawsuit Costs: In the US, 265,000 demand letters were sent in 2020 under the ADA for inaccessible websites. On average, a demand letter could cost the company $25,000 (conservatively). These are low-end numbers; another estimate is that a small, quickly settled digital accessibility lawsuit could cost upwards of $350,000 for the defendant.

Non-Financial Impact

Reputational Impact: Claims brought upon a company can bring negative publicity with them. In contrast, having a clear commitment to accessibility demonstrates inclusion and can enhance brand image and reputation. Stakeholder expectations are changing, and consumers, investors, and employees alike want to support businesses with a purpose.

Technology Resource Strains: Costly workarounds and ad hoc accommodation processes take away from efficiency and effectiveness. Updates and redesigns for accessibility and best practices will reduce costs associated with maintenance and service, including overall stakeholder satisfaction improvements.

Access to Talent: 2022 saw a record high number of job openings, over 11.4 million in the US alone. Ongoing labor shortages require eliminating bias and keeping an open mind about who is qualified.

Source: May Hopewell

In the last four years, 83% of the retail 500 have been sued. Since 2018, 417 of the top 500 have received ADA-based digital lawsuits.

Source: UsableNet

1.1.3 Detail the risks of inaction for your organization

  1. Using the information that you’ve gathered through your research and legal/professional advice, detail the risks of inaction for your organization.
  2. a) Consider legal risks, consumer risks, brand risks, and employee risks. (Remember, risks aren’t just monetary.)
  3. Document the risks in your Accessibility Business Case Template.
InputOutput
  • List of applicable legislation and standards
  • Information about risks
  • Identified accessibility maturity level
MaterialsParticipants
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

Step 1.2

Build awareness of accessibility and disability inclusion

Activities

1.2.1 Identify gaps in understanding

1.2.2 Brainstorm how to reframe accessibility positively

Understand Your Current State

Outcomes of this step
You’ll have a better understanding of accessibility so that you can effectively implement and promote it.

Where to look for understanding

First-hand experience of how people with disabilities interact with your organization is often eye-opening. It will help you understand the benefits and value of accessibility.

Where to look for understanding

  • Talk with people you know with disabilities that are willing to share.*
  • Find role-specific training that’s appropriate.
  • Research. Articles and videos are easy to find.
  • Set up assistive technology trials.
  • Seek out first-hand experience from people with disabilities and how they work and use digital assets.

Source: WAI, 2016

* Remember, people with disabilities aren't obligated to discuss or explain their disabilities and may not be comfortable sharing. If you're asking for their time, be respectful, only ask if appropriate, and accept a "no" answer if the person doesn't wish to assist.

1.2.1 Identify gaps in understanding

Find out what accessibility is and why it is important. Learn the basics.

  1. Using the information that you’ve gathered through your research and legal counsel, conduct further research to understand the importance of accessibility.
  2. Answer these questions:
  3. a) What is accessibility? Why is it important?
    b) From the legislation and standards identified in step 1.1, what gaps exist?
    c) What is the definition of disability?
    d) How does your organization currently address accessibility?
    e) What are your risks?
    f) Do you have any current employees who have disabilities?
  4. Review the previous slide for suggestions on where to find more information to answer the above questions.
  5. Document any changes to the risks in your Accessibility Business Case Template.
InputOutput
  • Articles
  • Interviews
  • Websites
  • Greater understanding of the lived experience of people with disabilities
MaterialsParticipants
  • Articles
  • Websites
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

Reframe accessibility as a benefit, not a burden

A clear understanding of accessibility and the related standards and regulations can turn accessibility from something big and scary to an achievable part of the business.

The benefits of accessibility are:

Market Reach Minimized Legal Risks Innovation Retention
Over 1 billion people with a spending power of $6 trillion make up the global market of people with disabilities.1 Accessibility improves the experience for all users. In addition, many organizations require you to provide proof you meet accessibility standards during the RFP process. Accessibility regulations are changing, and claims are rising. Costs associated with legal proceedings can be more than just financial. Many countries have laws you need to follow. People with disabilities bring diversity of thought, have different lived experiences, and benefit inclusivity, which helps drive engagement. Plus accessibility features often solve unanticipated problems. Employing and supporting people with disabilities can reduce turnover and improve retention, reliability, company image, employee loyalty, ability awareness, and more.

Source 1: WAI, 2018

1.2.2 Brainstorm ways to reframe accessibility positively

  1. Using the information that you’ve gathered through your research, brainstorm additional positives of accessibility for your organization.
  2. Clearly identify the problem you want to solve (e.g., reframing accessibility positively in your organization).
  3. Collect any tools you want to use to during brainstorming (e.g., whiteboard, markers, sticky notes)
  4. Write down all the ideas that come to mind.
  5. Review all the points and group them into themes.
  6. Update the Accessibility Business Case Template with your findings.
InputOutput
  • Research you have gathered
  • List of ways to positively reframe accessibility for your organization
MaterialsParticipants
  • Sticky notes, whiteboard, pens, paper, markers.
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

Make it part of the conversation

A first step to disability and accessibility awareness is to talk about it. When it is talked about as freely as other things are in the workplace, this can create a more welcoming workplace.

Accessibility goes beyond physical access and includes technological access and support as well as our attitudes.

Accessibility is making sure everyone (disabled or abled) can access the workplace equally.

Adjustments in the workplace are necessary to create an accessible and welcoming environment. Understanding the three dimensions of accessibility in the workplace is a good place to start.

Source: May Hopewell

Three dimensions of accessibility in the workplace

Three dimensions of accessibility in the workplace

Case Study

INDUSTRY
Professional Services

SOURCE
Accenture

Accenture takes an inclusive approach to increase accessibility.

Accessibility is more than tools

Employee experience was the focus of embarking on the accessibility journey, ensuring inclusivity was built in and every employee was able to use the tools they needed and could achieve their goals.

"We are removing barriers in technology to make all of our employees, regardless of their ability, more productive.”
— Melissa Summers, Managing Director – Global IT, Corporate Technology, Accenture

Accessibility is inclusive

The journey began with formalizing a Global IT Accessibility practice and defining an accessibility program charter. This provided direction and underpinned the strategy used to create a virtual Accessibility Center of Excellence and map out a multiyear plan of initiatives.

The team then identified all the technologies they wanted to enhance by prioritizing ones that were high use and high impact. Involving disability champions gave insight into focus areas.

Accessibility is innovation

Working with partners like Microsoft and over 100 employees, Accenture continues toward the goal of 75% accessibility for all its global high-traffic internal platforms.

Achievements thus far include:

  • 100% of new Accenture video and broadcast content is automatically captioned.
  • Accenture received a perfect Disability Equality Index (US) score of 100 out of 100 for 2017, 2018, and 2019.

Step 1.3

Understand your current accessibility maturity level

Activities

1.3.1 Complete the Accessibility Maturity Assessment

Understand Your Current State

Outcomes of this step
Completed Accessibility Maturity Assessment to inform planning for and building your business case in Phases 2 and 3.

Know where you are to know where to go

Consider accessibility improvements from three interconnected aspects to determine current maturity level

Accessibility Maturity

People

  • Consider employee, customer, and user experience.

Process

  • Review processes to ensure accessibility is considered early.

Technology

  • Whether it’s new or existing, technology is an important tool to increase accessibility.

Accessibility maturity levels

INITIAL DEVELOPING DEFINED MANAGED OPTIMIZE
At this level, accessibility processes are mostly undocumented, if they exist. Accessibility is most likely happening on a reactive, ad hoc basis. No one understands who is responsible for accessibility or what their role is. At this stage the organization is driven by the need for compliance. At the developing level, the organization is taking steps to increase accessibility but still has a lot of opportunity for improvements. The organization is defining and refining processes and is working toward building a library of assistive tools. At this level, processes related to accessibility are repeatable. However, there’s a tendency to resort to old habits under stress. The organization has tools in place to facilitate accommodation requests and technology is compatible with assistive technologies. Accessibility initiatives are driven by the desire to make the user experience better. The managed level is defined by its effective accessibility controls, processes, and metrics. The organization can mostly anticipate preferences of customers, employees, and users. The roles and responsibilities are defined, and disability is included as part of the organization’s diversity, equity, and inclusion (DEI) initiatives. This level is not the goal for all organizations. At this level there is a shift in the organization’s culture to a feeling of belonging. The organization also demonstrates ongoing process improvements. Everyone can experience a seamless interaction with the organization. The focus is on continuous improvement and using feedback to inform future initiatives.

Determine your level of maturity

Use Info-Tech’s Accessibility Maturity Assessment

  • On the accessibility questionnaire, tab 2, choose how much the statements apply to your organization. Answer the questions based on your knowledge of your current state organizationally.
  • Once you’ve answered all the questions, see the results on the tab 3, Accessibility Results. You can see your overall maturity level and the maturity level for each of six dimensions that are necessary to increase the success of an accessibility program.
  • Click through to tab 4, Recommendations, to see specific recommendations based on your results and proven research to progress through the maturity levels. Keep in mind that not all organizations will or should aspire to the “Optimize” maturity level.

1.3.1 Complete the Accessibility Maturity Assessment

  1. Download the Accessibility Maturity Assessment and save it with the date so that as you work on your accessibility program, you can reassess later and track your progress.
  2. Once you have saved the assessment, select the appropriate answer for each statement on tab 2, Accessibility Questions, based on your knowledge of the organization’s approach.
  3. After reviewing all the accessibility statements, see your maturity level results on tab 3, Accessibility Results. Then see tab 4, Recommendations, for suggestions based on your answers.
  4. Document your accessibility maturity results in your Accessibility Business Case Template.
Input Output
  • Assess your current state of accessibility by choosing all the statements that apply to your organization
  • Identified accessibility maturity level
Materials Participants
  • Accessibility Maturity Assessment
  • Accessibility Business Case Template
  • Project leader/sponsor
  • IT leadership team

Download the Accessibility Business Case Template

Phase 2

Plan for Senior Leader Buy-In

Phase 1
1.1 Understand standards and legislation
1.2 Build awareness
1.3 Understand maturity level

Phase 2
2.1 Define desired future state
2.2 Define goals and objectives
2.3 Document roles and responsibilities

Phase 3
3.1 Prepare business case template for presentation and approval
3.2 Validate post-approval steps and establish timelines

The Accessibility Business Case for IT

This phase will walk you through the following activities:

  • Defining your desired future state.
  • Determining your accessibility program goals and objectives.
  • Clarifying and documenting roles and responsibilities related to accessibility in IT.

This phase involves the following participants:

  • Project lead/sponsor
  • IT leadership team
  • Senior leaders/decision makers

Step 2.1

Define the desired future state of accessibility

Activities

2.1.1 Identify key stakeholders

2.1.2 Hold a key stakeholder focus group

2.1.3 Conduct a future-state analysis

Outcomes of this step
Following this step, you will have identified your aspirational maturity level and what your accessibility future state looks like for your organization.

Plan for Senior Leader Buy-In

Cheat sheet: Identify stakeholders

Ask stakeholders, “Who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

Identify stakeholders through the following questions:
  • Who in areas of influence will be adversely affected by potential environmental and social impacts of what you are doing?
  • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
  • Will other stakeholders emerge as the phases are started and completed?
  • Who is sponsoring the initiative?
  • Who benefits from the initiative?
  • Who is negatively impacted by the initiative?
  • Who can make approvals?
  • Who controls resources?
  • Who has specialist skills?
  • Who implements the changes?
  • Who are the owners, governors, customers, and suppliers of impacted capabilities or functions?
Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
  • Executives
  • Peers
  • Direct reports
  • Partners
  • Customers
  • Subcontractors
  • Subcontractors
  • Contractors
  • Lobby groups
  • Regulatory agencies

Categorize your stakeholders with a stakeholder prioritization map

A stakeholder prioritization map helps teams categorize their stakeholders by their level of influence and ownership.

There are four areas in the map, and the stakeholders within each area should be treated differently.

Players – Players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

Mediators – Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

Noisemakers – Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

Spectators – Generally, spectators are apathetic and have little influence over or interest in the initiative.

Stakeholder prioritization map

Define strategies for engaging stakeholders by type

Each group of stakeholders draws attention and resources away from critical tasks.

By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

Type Quadrant Actions
Players High influence, high interest Actively Engage
Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
Mediators High influence, low interest Keep Satisfied
They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
Noisemakers Low influence, high interest Keep Informed
Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
Spectators Low influence, low interest Monitor
They are followers. Keep them in the loop by providing clarity on objectives and status updates.

2.1.1 Identify key stakeholders

Collect this information by:

  1. List direct stakeholders for your area. Include stakeholders across the organization (both IT and business units) and externally.
  2. Create a stakeholder map to capture your stakeholders’ interest in and influence on digital accessibility.
  3. Shortlist stakeholders to invite as focus group participants in activity 2.1.2.
    • Aim for a combination of Players, Mediators, and Noisemakers.
Input Output
  • List of stakeholders
  • Stakeholder requirements
  • A stakeholder map
  • List of stakeholders to include in the focus group in step 2.1.2
Materials Participants
  • Sticky notes, pens, whiteboard, markers (optional)
  • Project leader/sponsor

Hold a focus group to initiate planning

Involve key stakeholders to determine the organizational drivers of accessibility, identify target maturity and key performance indicators (KPIs), and ultimately build the project charter.

Building the project charter as a group will help you to clarify your key messages and secure buy-in from critical stakeholders up-front, which is key.

Executing the business case for accessibility requires significant involvement from your IT leadership team. The challenge is that accessibility can be overwhelming because of inherent bias. Members of your IT leadership team will also need to participate in knowledge transfer, so get them involved up-front. The focus group will help stakeholders feel more engaged in the project, which is pivotal for success.

You may feel like a full project charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important regardless. No matter your current climate, some level of socializing the value of and plans for accessibility will be necessary.

Meeting Agenda

  1. Short introduction
    Led by: Project Sponsor
    • Why the initiative is being considered.
  2. Make the case for the project
    Led by: Project Manager
    • Current state: What does the initiative address?
    • Future state: What is our target state of maturity?
  3. Success criteria
    Led by: Project Manager
    • How will success be measured?
  4. Define the project team
    Led by: Project Manager
    • Description of planned approach.
    • Stakeholder assessment.
    • What is required of the sponsor and stakeholders?
  5. Determine next steps
    Led by: Project Manager

2.1.2 Hold a stakeholder focus group

Identify the pain points you want to resolve and some of the benefits that you’d like to see from a program. By doing so, you’ll get a holistic view of what you need to achieve and what your drivers are.

  1. Ask the working group participants (as a whole or in smaller groups) to discuss pain points created by inaccessibility.
    • Challenges related to stakeholders.
    • Challenges created by process issues.
    • Difficulties improving accessibility practices.
  2. Discuss opportunities to be gained from improving these practices.
  3. Have participants write these down on sticky notes and place them on a whiteboard or flip chart.
  4. Review all the points as a group. Group challenges and benefits into themes.
  5. Have the group prioritize the risks and benefits in terms of what the solution must have, should have, could have, and won’t have.
Input Output
  • Reasons for the project
  • Stakeholder requirements
  • Pain points and risks
  • A prioritized list of risks and benefits of the solution
Materials Participants
  • Agenda (see previous slide)
  • Sticky notes, pens, whiteboard, markers (optional)
  • IT leadership
  • Other key stakeholders

While defining future state, consider your drivers

The Info-Tech Accessibility Maturity Framework identifies three key strategic drivers: compliance, experience, and incorporation.

  • Over 30% of organizations are focused on compliance, according to a 2022 survey by Harvard Business Review and Slack’s Future Forum. The survey asked more than 10,000 workers in six countries about their organizations’ approach to DEI.2

Even though 90% of companies claim to prioritize diversity,1 over 30% are focused on compliance.2

1. Harvard Business Review, 2020
2. Harvard Business Review, 2022

31.6% of companies remain in the Compliant stage, where they are focused on DEI compliance and not on integrating DEI throughout the organization or on creating continual improvement.

Source: Harvard Business Review, 2022

Align the benefits of program drivers to organizational goals or outcomes

Although there will be various motivating factors, aligning the drivers of your accessibility program provides direction to the program. Connecting the advantages of program drivers to organizational goals builds the confidence of senior leaders and decision makers, increasing the continued commitment to invest in accessibility programming.

Drivers Compliance Experience Incorporation
Maturity level Initial Developing Defined Managed Optimized
Description Any accessibility initiative is to comply with the minimum legislated requirement. Desire to avoid/decrease legal risk. Accessibility initiatives are focused on improving the experience of everyone from the start. Most organizations will be experience driven. Desire to increase accessibility and engagement. Accessibility is a seamless part of the whole organization and initiatives are focused on impacting social issues.
Advantages Compliance is a good starting place for accessibility. It will reduce legal risk. Being people focused from the start of processes enables the organization to reduce tech debt, provide the best user experience, and realize other benefits of accessibility. There is a sense of belonging in the organization. The entire organization experiences the benefits of accessibility.
Disadvantages Accessibility is about more than just compliance. Being compliance driven won’t give you the full benefits of accessibility. This can mean a culture change for the organization, which can take a long time. IT is used to moving quickly – it might feel counterintuitive to slow down and take time. It takes much longer to reach the associated level of maturity. Not possible for all organizations.

Info-Tech Accessibility Maturity Framework

Info-Tech Accessibility Maturity Framework

After initially ensuring your organization is compliant with regulations and standards, you will progress to building disciplined process and consistent standardized processes. Eventually you will build the ability for predictable process, and lastly, you’ll optimize by continuously improving.

Depending on the level of maturity you are trying to achieve, it could take months or even years to implement. The important thing to understand, however, is that accessibility work is never done.

At all levels of the maturity framework, you must consider the interconnected aspects of people, process, and technology. However, as the organization progresses, the impact will shift from largely being focused on process and technology improvement to being focused on people.

Info-Tech Insight
IT typically works through maturity frameworks from the bottom to the top, progressing at each level until they reach the end. When it comes to digital accessibility initiatives, being especially thorough, thoughtful, and collaborative is critical to success. This will mean spending more time in the Developing, Defined, and Managed levels of maturity rather than trying to reach Optimized as quickly as you can. This may feel contrary to what IT historically considers as a successful implementation.

Accessibility maturity levels

Driver Description Benefits
Initial Compliance
  • Accessibility processes are mostly undocumented.
  • Accessibility happens mostly on a reactive or ad hoc basis.
  • No one is aware of who is responsible for accessibility or what role they play.
  • Heavily focused on complying with regulations and standards to decrease legal risk.
  • The organization is aware of the need for accessibility.
  • Legal risk is decreased.
Developing Experience
  • The organization is starting to take steps to increase accessibility beyond compliance.
  • Lots of opportunity for improvement.
  • Defining and refining processes.
  • Working toward building a library of assistive tools.
  • Awareness of the need for accessibility is growing.
  • Process review for accessibility increases process efficiency through avoiding rework.
Defined Experience
  • Accessibility processes are repeatable.
  • There is a tendency to resort to old habits under stress.
  • Tools are in place to facilitate accommodation.
  • Employees know accommodations are available to them.
  • Accessibility is becoming part of daily work.
Managed Experience
  • Defined by effective accessibility controls, processes, and metrics.
  • Mostly anticipating preferences.
  • Roles and responsibilities are defined.
  • Disability is included as part of DEI.
  • Employees understand their role in accessibility.
  • Engagement is positively impacted.
  • Attraction and retention are positively impacted.
Optimized Incorporation
  • Not the goal for every organization.
  • Characterized by a dramatic shift in organizational culture and a feeling of belonging.
  • Ongoing continuous improvement.
  • Seamless interactions with the organization for everyone.
  • Using feedback to inform future initiatives.
  • More likely to be innovative and inclusive, reach more people positively, and meet emerging global legal requirements.
  • Better equipped for success.

2.1.3 Conduct future-state analysis

Identify your target state of maturity

  1. Provide the group with your maturity assessment results to review as well as the slides on the maturity levels, framework, and drivers.
  2. Compare the benefits listed on the Accessibility maturity levels slide to those that you named in the previous exercise and determine which maturity level best describes your target state.
  3. Discuss as a group and agree on one desired maturity level to reach.
  4. Review the other levels of maturity and determine what is in and out of scope for the project (higher-level benefits would be considered out of scope).
  5. Document your target state of maturity in your Accessibility Business Case Template.
Input Output
  • Accessibility maturity levels chart on previous slide
  • Maturity level assessment results
  • Target maturity level documented
Materials Participants
  • Paper and pens
  • Handouts of maturity levels
  • Accessibility Business Case Template
  • IT leadership team

Download the Accessibility Business Case Template

Case Study

Accessibility as a differentiator

INDUSTRY
Financial

SOURCE
WAI-Engage

Accessibility inside and out

As a financial provider, Barclays embarked on the accessibility journey to engage customers and employees with the goal of equal access for all. One key statement that provided focus was “Essential for some, easier for all. ”

“It's about helping everyone to work, bank and live their lives regardless of their age, situation, abilities or circumstances.”

Embedding into experiences

“The Barclays Accessibility team [supports] digital teams to embed accessibility into our services and culture through effective governance, partnering, training and tools. Establishing an enterprise-wide accessibility strategy, standards and programmes coupled with senior sponsorship helps support our publicly stated ambition of becoming the most accessible and inclusive FTSE company.”

– Paul Smyth, Head of Digital Accessibility, Barclays

It’s a circle, not a roadmap

  • Barclays continues the journey through partnerships with disability charities and accessibility experts and through regularly engaging with customers and colleagues with disabilities directly.
  • More accessible, inclusive products and services engage and attract more people with disabilities. This translates to a more diverse workforce that identifies opportunities for innovation. This leads to being attractive to diverse talent, and the circle continues.
  • Barclays’ mobile banking app was first to be accredited by accessibility consultants AbilityNet.

Step 2.2

Define your accessibility program goals and objectives

Activities

2.2.1 Create a list of goals and objectives

2.2.2 Finalize key metrics

Plan for Senior Leader Buy-In

Outcomes of this step
You will have clear measurable goals and objectives to respond to identified accessibility issues and organizational goals.

What does a good goal look like?

Use the SMART framework to build effective goals.

S Specific: Is the goal clear, concrete, and well defined?
M Measurable: How will you know when the goal is met?
A Achievable: Is the goal possible to achieve in a reasonable time?
R Relevant: Does this goal align with your responsibilities and with departmental and organizational goals?
T Time-based: Have you specified a time frame in which you aim to achieve the goal?

SMART is a common framework for setting effective goals. Make sure your goals satisfy these criteria to ensure you can achieve real results.

2.2.1 Create a list of goals and objectives

Use the outcomes from activity 2.1.2.

  1. Using the prioritized list of what your solution must have, should have, could have, and won’t have from activity 2.1.2, develop goals.
  2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
  3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
  4. Document your goals and objectives in your Accessibility Business Case Template.
InputOutput
  • Outcomes of activity 2.1.2
  • Organizational and departmental goals
  • Goals and objectives added to your Accessibility Business Case Template
MaterialsParticipants
  • Accessibility Business Case Template
  • IT leadership team

Download the Accessibility Business Case Template

2.2.1 Create a list of goals and objectives

Use the outcomes from activity 2.1.2.

  1. Using the prioritized list of what your solution must have, should have, could have, and won’t have from activity 2.1.2, develop goals.
  2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
  3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
  4. Document your goals and objectives in your Accessibility Business Case Template.

Establish Baseline Metrics

Baseline metrics will be improved through:

  1. Progressing through the accessibility maturity model.
  2. Addressing accessibility earlier in processes to avoid tech debt and rework late in projects or releases.
  3. Making accessibility part of the procurement process as a scoring consideration and vendor choice.
  4. Ensuring compliance with regulations and standards.
Metric Current Goal
Overall end-customer satisfaction 90 120
Monies saved through cost optimization efforts
Employee engagement
Monies save through application rationalization and standardization

For more metrics ideas, see the Info-Tech IT Metrics Library.

2.2.2 Finalize key metrics

Finalize key metrics the organization will use to measure accessibility success

  1. Brainstorm how you would measure the success of each goal based on the benefits, challenges, and risks you previously identified.
  2. Write each of the metric ideas down and finalize three to five key metrics which you will track. The metrics you choose should relate to the key challenges or risks you have identified and match your desired maturity level and driver.
  3. Document your key metrics in the Accessibility Business Case Template.
InputOutput
  • Accessibility challenges and benefits
  • Goals from activity 2.2.1
  • Three to five key metrics to track
MaterialsParticipants
  • Accessibility Business Case Template
  • IT leadership team
  • Project lead/sponsor

Download the Accessibility Business Case Template

Step 2.3

Document accessibility program roles and responsibilities

Activities

2.3.1 Populate a RACI chart

Plan for Senior Leader Buy-In

Outcomes of this step
At the end of this step, you will have a completed RACI chart documenting the roles and responsibilities related to accessibility for your accessibility business case.

2.3.1 Populate a RACI

Populate a RACI chart to identify who should be responsible, accountable, consulted, and informed for each key activity.

Define who is responsible, accountable, consulted, and informed for the project team:

  1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key project steps along the left-hand side.
  2. For each initiative, identify each team member’s role. Are they:
    Responsible: The one responsible for getting the job done.
    Accountable: Only one person can be accountable for each task.
    Consulted: Are involved by providing knowledge.
    Informed: Receive information about execution and quality.
  3. As you proceed, continue to add tasks and assign responsibility to the RACI chart in the appendix of the Accessibility Business Case Template.
InputOutput
  • Stakeholder list
  • Key project steps
  • Project RACI chart
MaterialsParticipants
  • Whiteboard
  • Accessibility Business Case Template
  • IT leadership team

Download the Accessibility Business Case Template

Phase 3

Prepare your business case and get approval

Phase 1
1.1 Understand standards and legislation
1.2 Build awareness
1.3 Understand maturity level

Phase 2
2.1 Define desired future state
2.2 Define goals and objectives
2.3 Document roles and responsibilities

Phase 3
3.1 Prepare business case template for presentation and approval
3.2 Validate post-approval steps and establish timelines

The Accessibility Business Case for IT

This phase will walk you through the following activities:

  • Compiling the work and learning you’ve done so far into a business case presentation.

This phase involves the following participants:

  • Project lead/sponsor
  • Senior leaders/approval authority

There is a business case for accessibility

  • When planning for initiatives, a business case is a necessary tool. Although it can feel like an administrative exercise, it helps create a compelling argument to senior leaders about the benefits and necessity of building an accessibility program.
  • No matter the industry, you need to justify how the budget and effort you require for the initiative support organizational goals. However, senior leaders of different industries might be motivated by different reasons. For example, government is strongly motivated by legal and equity aspects, commercial companies may be attracted to the increase in innovation or market reach, and educational and nonprofit companies are likely motivated by brand enhancement.
  • The organizational focus and goals will guide your business case for accessibility. Highlight the most relevant benefits to your operational landscape and the risk of inaction.

Source: WAI, 2018

“Many organizations are waking up to the fact that embracing accessibility leads to multiple benefits – reducing legal risks, strengthening brand presence, improving customer experience and colleague productivity.”
– Paul Smyth, Head of Digital Accessibility, Barclays
Source: WAI, 2018

Step 3.1

Customize and populate the Accessibility Business Case Template

Activities

3.1.1 Prepare your business case template for presentation and approval

Build Your Business Case

Outcomes of this step
Following this step, you will have a customized business case presentation that you can present to senior leaders.

Use Info-Tech’s template to communicate with stakeholders

Obtain approval for your accessibility program by customizing Info-Tech’s Accessibility Business Case Template, which is designed to effectively convey your key messages. Tailor the template to suit your needs.

It includes:

  • Project context
  • Project scope and objectives
  • Knowledge transfer roadmap
  • Next steps

Info-Tech Insight
The support of senior leaders is critical to the success of your accessibility program development. Remind them of the benefits and impact and the risks associated with inaction.

Download the Accessibility Business Case Template

3.1.1 Prepare a presentation for senior leaders to gain approval

Now that you understand your current and desired accessibility maturity, the next step is to get sign-off to begin planning your initiatives.

Know your audience:

  1. Consider who will be included in your presentation audience.
  2. You want your presentation to be succinct and hard-hitting. Management’s time is tight, and they will lose interest if you drag out the delivery. Impact them hard and fast with the challenges, benefits, and risks of inaction.
  3. Contain the presentation to no more than an hour. Depending on your audience, the actual presentation delivery could be quite short. You want to ensure adequate time for questions and answers.
  4. Schedule a meeting with the key decision makers who will need to approve the initiatives (IT leadership team, executive team, the board, etc.) and present your business case.
InputOutput
  • Activity results
  • Accessibility Maturity Assessment results
  • A completed presentation to communicate your accessibility business case
MaterialsParticipants
  • Accessibility Business Case Template
  • IT leadership team
  • Project sponsor
  • Project stakeholders
  • Senior leaders

Download the Accessibility Business Case Template

Step 3.2

Validate post-approval steps and establish timelines

Activities

3.2.1 Prepare for implementation: Complete the implementation prep to-do list and assign proposed timelines

Build Your Business Case

Outcomes of this step
This step will help you gain leadership’s approval to move forward with building and implementing the accessibility program.

Prepare to implement your program

Complete the to-do list to ensure you are ready to move your accessibility program forward.

To Do Proposed Timeline
Reach out to your change management team for assistance.
Discuss your plan with HR.
Build a project team.
Incorporate any necessary changes from senior leaders into your business case.
[insert your own addition here]
[insert your own addition here]
[insert your own addition here]
[insert your own addition here]

3.2.1 Prep for implementation (action planning)

Use the implementation prep to-do list to make sure you have gathered relevant information and completed critical steps to be ready for success.

Use the list on the previous slide to make sure you are set up for implementation success and that you’re ready to move your accessibility program forward.

  1. Assign proposed timelines to each of the items.
  2. Work through the list, collecting or completing each item.
  3. As you proceed, keep your identified drivers, current state, desired future state, goals, and objectives in mind.
Input Output
  • Accessibility Maturity Assessment
  • Business case presentation and any feedback from senior leaders
  • Goals, objectives, identified drivers, and desired future state
  • High-level action plan
Materials Participants
  • Previous slide containing the checklist
  • Project lead

Related Info-Tech Research

Implement and Mature Your User Experience Design Practice

  • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
    • Establishing a practice with a common vision.
    • Enhancing the practice through four design factors.
    • Communicating a roadmap to improve your business through design.

Modernize Your Corporate Website to Drive Business Value

  • Users are demanding more valuable web functionalities and improved access to your website services.
  • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

IT Diversity & Inclusion Tactics

  • Although inclusion is key to the success of a diversity and inclusion (D&I) strategy, the complexity of the concept makes it a daunting pursuit.
  • This is further complicated by the fact that creating inclusion is not a one-and-done exercise. Rather, it requires the ongoing commitment of employees and managers to reassess their own behaviors and to drive a cultural shift.

Fix Your IT Culture

  • Go beyond value statements to create a culture that enables the departmental strategy.
  • There is confusion about how to translate culture from an abstract concept to something that is measurable, actionable, and process driven.
  • Organizations lack clarity about who is accountable and responsible for culture, with groups often pointing fingers at each other.

Works cited

“2021 State of Digital Accessibility.” Level Access, n.d. Accessed 10 Aug. 2022

”2022 Midyear Report: ADA Digital Accessibility Lawsuits.” UsableNet, 2022. Accessed 9 Nov. 2022

“Barclay’s Bank Case Study.” WAI-Engage, 12 Sept. 2018. Accessed 7 Nov. 2022.

Bilodeau, Howard, et al. “StatCan COVID-19 Data to Insights for a Better Canada.” Statistics Canada, 24 June 2021. Accessed 10 Aug. 2022.

Casey, Caroline. “Do Your D&I Efforts Include People With Disabilities?” Harvard Business Review, 19 March 2020. Accessed 28 July 2022.

Digitalisation World. “Organisations failing to meet digital accessibility standards.” Angel Business Communications, 19 May 2022. Accessed Oct. 2022.

“disability.” Merriam-Webster.com Dictionary, Merriam-Webster, https://www.merriam-webster.com/dictionary/disability. Accessed 10 Aug. 2022.

“Disability.” World Health Organization, 2022. Accessed 10 Aug 2022.

“Driving the Accessibility Advantage at Accenture.” Accenture, 2022. Accessed 7 Oct. 2022.

eSSENTIAL Accessibility. The Must-Have WCAG 2.1 Checklist. 2022

Hopewell, May. Accessibility in the Workplace. 2022.

“Initiate.” W3C Web Accessibility Initiative (WAI), 31 March 2016. Accessed 18 Aug. 2022.

Kalcevich, Kate, and Mike Gifford. “How to Bake Layers of Accessibility Testing Into Your Process.” Smashing Magazine, 26 April 2021. Accessed 31 Aug. 2022.

Noone, Cat. “4 Common Ways Companies Alienate People with Disabilities.” Harvard Business Review, 29 Nov. 2021. Accessed Jul. 2022.

Taylor, Jason. “A Record-Breaking Year for ADA Digital Accessibility Lawsuits.” UsableNet, 21 December 2020. Accessed Jul. 2022.

“The Business Case for Digital Accessibility.” W3C Web Accessibility Initiative (WAI), 9 Nov. 2018. Accessed 4 Aug. 2022.

“The WebAIM Million.” Web AIM, 31 March 2022. Accessed 28 Jul. 2022.

Washington, Ella F. “The Five Stages of DEI Maturity.” Harvard Business Review, November - December 2022. Accessed 7 Nov. 2022.

Wyman, Nicholas. “An Untapped Talent Resource: People With Disabilities.” Forbes, 25 Feb. 2021. Accessed 14 Sep. 2022.

Leadership, Culture and Values

  • Buy Link or Shortcode: {j2store}34|cart{/j2store}
  • Related Products: {j2store}34|crosssells{/j2store}
  • member rating overall impact (scale of 10): 9.4/10
  • member rating average dollars saved: $912
  • member rating average days saved: 7
  • Parent Category Name: People and Resources
  • Parent Category Link: /people-and-resources

The challenge

  • Your talent pool determines IT performance and stakeholder satisfaction. You need to retain talent and continually motivate them to go the extra mile.
  • The market for IT talent is growing, in the sense that talent has many more options these days. Turnover is a serious threat to IT's ability to deliver top-notch service to your company.
  • Engagement is more than HR's responsibility. IT leadership is accountable for the retention of top talent and the overall productivity of IT employees.

Our advice

Insight

  • Engagement goes both ways. Your initiatives must address a real need, and employees must actively seek the outcomes. Engagement is not a management edict.
  • Engagement is not about access to the latest perks and gadgets. You must address the right and challenging issues. Use a systematic approach to find what lives among the employees and address these.
  • Your impact on your employees is many times bigger than HR's. Leverage your power to lead your team to success and peak performance.

Impact and results 

  • Our engagement diagnostic and other tools will help get to the root of disengagement in your team.
  • Our guidance helps you to avoid common errors and engagement program pitfalls. They allow you to take control of your own team's engagement.

The roadmap

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

Get started

Our concise executive brief shows you why engagement is critical to IT performance in your company. We'll show you our methodology and the ways we can help you in handling this.

Measure your employee engagement

You can use our full engagement surveys.

  • Improve Employee Engagement to Drive IT Performance – Phase 1: Measure Employee Engagement (ppt)
  • Engagement Strategy Record (doc)
  • Engagement Communication Template (doc)

Analyze the results and brainstorm solutions

Understand your employees' engagement drivers. Involve your team in brainstorming engagement initiatives.

  • Improve Employee Engagement to Drive IT Performance – Phase 2: Analyze Results and Ideate Solutions (ppt)
  • Engagement Survey Results Interpretation Guide (ppt)
  • Full Engagement Survey Focus Group Facilitation Guide (ppt)
  • Pulse Engagement Survey Focus Group Facilitation Guide (ppt)
  • Focus Group Facilitation Guide Driver Definitions (doc)
  • One-on-One Manager Meeting Worksheet (doc)

Select and implement engagement initiatives

Choose those initiatives that show the most promise with the most significant impact. Create your action plan and establish transparent and open, and ongoing communication with your team.

  • IT Knowledge Transfer Plan Template (xls)
  • IT Knowledge Identification Interview Guide Template (doc)

Build your knowledge transfer roadmap

Knowledge transfer is an ongoing effort. Prioritize and define your initiatives.

  • Improve Employee Engagement to Drive IT Performance – Phase 3: Select and Implement Engagement Initiatives (ppt)
  • Summary of Interdepartmental Engagement Initiatives (doc)
  • Engagement Progress One-Pager (ppt)

 

2021 CIO Priorities Report

  • Buy Link or Shortcode: {j2store}83|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: IT Strategy
  • Parent Category Link: /it-strategy
  • It is a new year, but the challenges of 2020 remain: COVID-19 infection rates continue to climb, governments continue to enforce lockdown measures, we continue to find ourselves in the worst economic crisis since the Great Depression, and civil unrest grows in many democratic societies.
  • At the start of 2020, no business leader predicted the disruption that was to come. This left IT in a reactive but critical role as the health crisis hit. It was core to delivering the organization’s products and services, as it drove the radical shift to work-from-home.
  • For the year ahead, IT will continue to serve a critical function in uncertain times. However, unlike last year, CIOs can better prepare for 2021. That said, in the face of the uncertainty and volatility of the year ahead, what they need to prepare for is still largely undefined.
  • But despite the lack of confidence on knowing specifically what is to come, most business leaders will admit they need to get ready for it. This year’s priority report will help.

Our Advice

Critical Insight

  • “Resilience” is the theme for this year’s CIO Priorities Report. In this context, resilience is about building up the capacity and the capabilities to effectively respond to emergent and unforeseen needs.
  • Early in 2021 is a good time to develop resilience in several different areas. As we explore in this year’s Report, CIOs can best facilitate enterprise resilience through strategic financial planning, proactive risk management, effective organizational change management and capacity planning, as well as through remaining tuned into emergent technologies to capitalize on innovations to help weather the uncertainty of the year ahead.

Impact and Result

  • Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.
  • Each of our priorities is backed up by a “call to action” that will help CIOs start to immediately implement the right drivers of resilience for their organization.
  • By building up resilience across our five key areas, CIOs will not only be able to better prepare for the year to come, but also strengthen business relations and staff morale in difficult times.

2021 CIO Priorities Report Research & Tools

Read the 2021 CIO Priorities Report

Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Create an appropriate budget reserve

Identifying and planning sources of financial contingency will help ensure CIOs can meet unforeseen and emergent operational and business needs throughout the year.

  • 2021 CIO Priorities Report: Priority 1 – Create an Appropriate Budget Reserve

2. Refocus IT risk planning

The start of 2021 is a time to refocus and redouble IT risk management and business continuity planning to bring it up to the standards of our “new normal.” Indeed, if last year taught us anything, it’s that no “black swan” should be off the table in terms of scenarios or possibilities for business disruption.

  • 2021 CIO Priorities Report: Priority 2 – Refocus IT Risk Planning

3. Strengthen organizational change management capabilities

At its heart, resilience is having the capacity to deal with unexpected change. Organizational change management can help build up this capacity, providing the ability to strategically plot known changes while leaving some capacity to absorb the unknowns as they present themselves.

  • 2021 CIO Priorities Report: Priority 3 – Strengthen Organizational Change Management Capabilities

4. Establish capacity awareness

Capacity awareness facilitates resilience by providing capital in the form of resource data. With this data, CIOs can make better decisions on what can be approved and when it can be scheduled for.

  • 2021 CIO Priorities Report: Priority 4 – Establish Capacity Awareness

5. Keep emerging technologies in view

Having an up-to-date view of emerging technologies will enable the resilient CIO to capitalize on and deploy leading-edge innovations as the business requires.

  • 2021 CIO Priorities Report: Priority 5 – Keep Emerging Technologies in View
[infographic]

Build Your First RPA Bot

  • Buy Link or Shortcode: {j2store}238|cart{/j2store}
  • member rating overall impact (scale of 10): 9.4/10 Overall Impact
  • member rating average dollars saved: $53,126 Average $ Saved
  • member rating average days saved: 24 Average Days Saved
  • Parent Category Name: Optimization
  • Parent Category Link: /optimization
  • Your organization has many business processes that rely on manual, routine, and repetitive data collection and processing work. These processes need to be automated to meet strategic priorities.
  • Your stakeholders decided to invest in robotic process automation (RPA). They are ready to begin the planning and delivery of their first RPA bot.
  • However, your organization lacks the critical foundations involved in successful RPA delivery, such as analysis of the suitability of candidate processes, business and IT collaboration, and product ownership.

Our Advice

Critical Insight

  • Manage your business and IT debt before you adopt RPA. RPA doubles down on your process inefficiencies, lack of operations and architectural standardization, and unenforced quality standards. RPA solutions will be fragile and prone to failure if debt is not managed.
  • Adopt BizDevOps. RPA will not be successful if your lines-of-business (LOBs) and IT are not working together. IT must empathize with how LOBs operate and proactively support the underlying operational systems. LOBs must be accountable for all products leveraging RPA and be able to rationalize RPA’s technical feasibility.
  • Start with RPA 1.0. Don’t get caught up in the AI and machine learning (RPA 2.0) hype. Evaluate the acceptance and value of RPA 1.0 to establish a sustainable and collaborative foundation for its delivery and management. Then use the lessons learned to prepare for future RPA 2.0 adoption. In many cases, RPA 1.0 is good enough.

Impact and Result

  • Establish the right expectations. Gain a grounded understanding of RPA value and limitations in your context. Discuss current IT and business operations challenges to determine if they will impact RPA success.
  • Build your RPA governance. Clarify the roles, processes, and tools needed to support RPA delivery and management through IT and business collaboration.
  • Evaluate the fit of RPA. Obtain a thorough view of the business and technical complexities of your candidate processes. Indicate where and how RPA is expected to generate the most return.

Build Your First RPA Bot Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how you should build your first RPA bot, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Define your RPA governance

Set the expectations of your first RPA bot. Define the guiding principles, ethics, and delivery capabilities that will govern RPA delivery and support.

  • Build Your First RPA Bot – Phase 1: Define Your RPA Governance

2. Deliver and manage your bots

Validate the fit of your candidate business processes for RPA and ensure the support of your operational system. Shortlist the features of your desired RPA vendor. Modernize your delivery process to accommodate RPA.

  • Build Your First RPA Bot – Phase 2: Deliver and Manage Your Bots

3. Roadmap your RPA adoption

Build a roadmap of initiatives to implement your first bot and build the foundations of your RPA practice.

  • Build Your First RPA Bot – Phase 3: Roadmap Your RPA Adoption
[infographic]

Workshop: Build Your First RPA Bot

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Define Your RPA Governance

The Purpose

State the success criteria of your RPA adoption through defined objectives and metrics.

Define your RPA guiding principles and ethics.

Build the RPA capabilities that will support the delivery and management of your bots.

Key Benefits Achieved

Grounded stakeholder expectations

RPA guiding principles

RPA capabilities and the key roles to support RPA delivery and management

Activities

1.1 State Your RPA Objectives.

1.2 Define Your RPA Principles

1.3 Develop Your RPA Capabilities

Outputs

RPA objectives and metrics

RPA guiding principles and ethics

RPA and product ownership, RPA capabilities, RPA role definitions

2 Deliver and Manage Your Bots

The Purpose

Evaluate the fit of your candidate business processes for automation.

Define the operational platform to support your RPA solution.

Shortlist the desired RPA vendor features.

Optimize your product delivery process to support RPA.

Key Benefits Achieved

Verifies the decision to implement RPA for the candidate business process

The system changes and modifications needed to support RPA

Prioritized list of RPA vendor features

Target state RPA delivery process

Activities

2.1 Prepare Your RPA Platform

2.2 Select Your RPA Vendor

2.3 Deliver and Manage Your Bots

Outputs

Assessment of candidate business processes and supporting operational platform

List of desired RPA vendor features

Optimized delivery process

3 Roadmap Your RPA Adoption

The Purpose

Build your roadmap to implement your first RPA bot and build the foundations of your RPA practice.

Key Benefits Achieved

Implementation initiatives

RPA adoption roadmap

Activities

3.1 Roadmap Your RPA Adoption

Outputs

RPA adoption roadmap

Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

  • Buy Link or Shortcode: {j2store}472|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Cloud Strategy
  • Parent Category Link: /cloud-strategy
  • The organization is planning to move resources to cloud or devise a networking strategy for their existing cloud infrastructure to harness value from cloud.
  • The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies and provide access to shared services on cloud.
  • A perennial challenge for infrastructure on cloud is planning for governance vs flexibility which is often overlooked.

Our Advice

Critical Insight

Don’t wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and the future.

Impact and Result

  • Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.
  • Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Deck – A document to guide you through designing your network in the cloud.

What cloud networking topology should you use? How do you provide access to shared resources in the cloud or hybrid infrastructure? What sits in the hub and what sits in the spoke?

  • Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Storyboard
[infographic]

Further reading

Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

Don't revolve around a legacy design; choose a network design that evolves with the organization.

Analyst Perspective

Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.

Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.

An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.

Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.

This is a picture of Nitin Mukesh

Nitin Mukesh
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Your Challenge

The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.

The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.

A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.

Common Obstacles

The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.

Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.

Info-Tech's Approach

Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.

Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

Insight Summary

Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.

Your challenge

Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.

Finding the right cloud networking infrastructure for:

  • Management efficiencies
  • Network-level isolation of resources
  • Access to shared services

Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.

Mesh network topology

A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.

In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.

While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.

Mesh Network on AWS

This is an image of a Mesh Network on AWS

Source: AWS, 2018

Constraints

The disadvantages of peering VPCs into a mesh quickly arise with:

  • Transitive connections: Transitive connections are not supported in the cloud, unlike with on-prem networking. This means that if there are two networks that need to communicate, a single peering link can be set up between them. However, if there are more than two networks and they all need to communicate, they should all be connected to each other with separate individual connections.
  • Cost of operation: The lack of transitive routing requires many connections to be set up, which adds up to a more expensive topology to operate as the number of networks grows. Cloud providers also usually limit the number of peering networks that can be set up, and this limit can be hit with as few as 100 networks.
  • Management: Mesh tends to be very complicated to set up, owing to the large number of different peering links that need to be established. While this may be manageable for small organizations with small operations, for larger organizations with robust cybersecurity practices that require multiple VPCs to be deployed and interconnected for communications, mesh opens you up to multiple points of failure.
  • Redundancy: With multiple points of failure already being a major drawback of this design, you also cannot have more than one peered connection between any two networks at the same time. This makes designing your networking systems for redundancy that much more challenging.
Number of virtual networks 10 20 50 100
Peering links required
[(n-1)*n]/2
45 190 1225 4950

Proportional relationship of virtual networks to required peering links in a mesh topology

Case study

INDUSTRY: Blockchain
SOURCE: Microsoft

An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.

The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.

This is an image of the connections involved in a mesh network with four participants.

Source: Microsoft, 2017

Hub and spoke network topology

In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.

Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.

A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.

Hub and Spoke Network on AWS

This is an image of the Hub and Spoke Network on AWS

What hub and spoke networks do better

  1. Ease of connectivity: Hub and spoke decreases the liabilities of scale that come from a growing business by providing a consistent connection that can be scaled easily. As more networks are added to an organization, each will only need to be connected once – to the hub. The number of connections is considerably lower than in a mesh topology and makes it easier to maintain and manage.
  2. Business agility and scalability: It is easier to increase the number of networks than in mesh, making it easier to grow your business into new channels with less time, investment, and risk.
  3. Data collection: With a hub and spoke design, all data flows through the hub – depending on the design, this includes all ingress and egress to and from the system. This makes it an excellent central network to collect all business data.
  4. Network-level isolation: Hub and spoke enables separation of workloads and tiers into different networks. This is particularly useful to ensure an issue affecting a network or a workload does not affect the rest.
  5. Network changes: Changes to a separated network are much easier to carry out knowing the changes made will not affect all the other connected networks. This reduces work-hours significantly when systems or applications need to be altered.
  6. Compliance: Compliance requirements such as SOC 1 and SOC 2 require separate environments for production, development, and testing, which can be done in a hub and spoke model without having to re-create security controls for all networks.

Hub and spoke constraints

While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.

Point-to-point peering

The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.

Global access speeds with a monolithic design

With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.

Costs for a resilient design

Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.

Leverage the hub and spoke strategy for:

Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.

Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.

Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.

Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.

Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.

Hub and spoke – mesh hybrid

The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.

However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.

Where it can be useful:

An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.

An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.

Hub and spoke – mesh hybrid network on AWS

This is an image of the Hub and spoke – mesh hybrid network on AWS

Why mesh can still be useful

Benefits Of Mesh

Use Cases For Mesh

Security: Setting up a peering connection between two VPCs comes with the benefit of improving security since the connection can be private between the networks and can isolate public traffic from the internet. The traffic between the networks never has to leave the cloud provider's network, which helps reduce a class of risks.

Reduced network costs: Since the peered networks communicate internally through the cloud's internal networks, the data transfer costs are typically cheaper than over the public internet.

Communication speed: Improved network latency is a key benefit from using mesh because the peered traffic does not have to go over the public internet but rather the internal network. The network traffic between the connections can also be quickly redirected as needed.

Higher flexibility for backend services: Mesh networks can be desirable for back-end services if egress traffic needs to be blocked to the public internet from the deployed services/servers. This also helps avoid having to set up public IP or network address translation (NAT) configurations.

Connecting two or more networks for full access to resources: For example, consider an organization that has separate networks for each department, which don't all need to communicate with each other. Here, a peering network can be set up only between the networks that need to communicate with full or partial access to each other such as finance to HR or accounting to IT.

Specific security or compliance need: Mesh or VPC peering can also come in handy to serve specific security needs or logging needs that require using a network to connect to other networks directly and in private. For example, global organizations that face regulatory requirements of storing or transferring data domestically with private connections.

Systems with very few networks that do not need internet access: Workloads deployed in networks that need to communicate with each other but do not require internet access or network address translation (NAT) can be connected using mesh especially when there are security reasons to keep them from being connected to the main system, e.g. backend services such as testing environments, labs, or sandboxes can leverage this design.

Designing for governance vs. flexibility in hub and spoke

Governance and flexibility in managing resources in the cloud are inversely proportional: The higher the governance, the less freedom you have to innovate.

The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.

This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.

The two networking patterns in the cloud have layered complexities that need to be systematically addressed.

Designing for governance vs. flexibility in hub and spoke

If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.

  • Function: The function the domain network is assigned to and the autonomy the function needs to be successful. For example, software R&D usually requires high flexibility to be successful.
  • Regulations: The extent of independence from both internal and external regulatory constraints the domain has. For example, a treasury reporting domain typically has high internal and external regulations to adhere to.
  • Human resources: The freedom a domain has to hire and manage its resources to perform its function. For example, production facilities in a huge organization have the freedom to manage their own resources.
  • Operations: The freedom a domain has to control its operations and manage its own spending to perform its functions. For example, governments usually have different departments and agencies, each with its own budget to perform its functions.
  • Technology: The independence and the ability a domain has to manage its selection and implementation of technology resources in the cloud. For example, you may not want a software testing team to have complete autonomy to deploy resources.

Optimal placement of services between the hub and spoke

Shared services and vendor management

Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.

Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.

Network egress and interaction

Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.

For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.

Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.

A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.

Security

While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.

Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.

Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.

Cloud metering

The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.

For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.

Don't get stuck with your on-prem network design. Design for the cloud.

  1. Peering VPCs into a mesh design can be an easy way to get onto the cloud, but it should not be your networking strategy for the long run.
  2. Hub and spoke network design offers more benefits than any other network strategy to be adopted only when the need arises. Plan for the design early on and keep a strategy in place to deploy it as early as possible.
  3. Hybrid of mesh and hub and spoke will be very useful in connecting multiple large networks especially when they need to access the same resources without having to route the traffic over the internet.
  4. Governance vs. flexibility should be a key consideration when designing for hub and spoke to leverage the best out of your infrastructure.
  5. Distribute domains across the hub or spokes to leverage costs, security, data collection, and economies of scale, and to foster secure interactions between networks.

Cloud network design strategy

This is an image of the framework for developing a Cloud Network Design Strategy.

Bibliography

Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
"What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.

Identify and Build the Data & Analytics Skills Your Organization Needs

  • Buy Link or Shortcode: {j2store}301|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management

The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some common obstacles that could prevent you from identifying and building the data & analytics skills your organization needs include:

  • Lack of resources and knowledge to secure professionals with the right mix of D&A skills and right level of experience/skills
  • Lack of well-formulated and robust data strategy
  • Underestimation of the value of soft skills

Our Advice

Critical Insight

Skill deficiency is frequently stated as a roadblock to realizing corporate goals for data & analytics. Soft skills and technical skills are complementary, and data & analytics teams need a combination of both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization’s data strategy to ensure the right skills are available at the right time and minimize pertinent risks.

Impact and Result

Follow Info-Tech's advice on the roles and skills needed to support your data & analytics strategic growth objectives and how to execute an actionable plan:

  • Define the skills required for each essential data & analytics role.
  • Identify the roles and skills gaps in alignment with your current data strategy.
  • Establish an action plan to close the gaps and reduce risks.

Identify and Build the Data & Analytics Skills Your Organization Needs Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify and Build the Data & Analytics Skills Your Organization Needs Deck – Use this research to assist you in identifying and building roles and skills that are aligned with the organization’s data strategy.

To generate business value from data, data leaders must first understand what skills are required to achieve these goals, identify the current skill gaps, and then develop skills development programs to enhance the relevant skills. Use Info-Tech's approach to identify and fill skill gaps to ensure you have the right skills at the right time.

  • Identify and Build the Data & Analytics Skills Your Organization Needs Storyboard

2. Data & Analytics Skills Assessment and Planning Tool – Use this tool to help you identify the current and required level of competency for data & analytics skills, analyze gaps, and create an actionable plan.

Start with skills and roles identified as the highest priority through a high-level maturity assessment. From there, use this tool to determine whether the organization’s data & analytics team has the key role, the right combination of skill sets, and the right level competency for each skill. Create an actionable plan to develop skills and fill gaps.

  • Data & Analytics Skills Assessment and Planning Tool
[infographic]

Further reading

Identify and Build the Data & Analytics Skills Your Organization Needs

Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

Analyst Perspective

Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

In today's changing environment, data & analytics (D&A) teams have become an essential component, and it is critical for organizations to understand the skill and talent makeup of their D&A workforce. Chief data & analytics officers (CDAOs) or other equivalent data leaders can train current data employees or hire proven talent and quickly address skills gaps.

While developing technical skills is critical, soft skills are often left underdeveloped, yet lack of such skills is most likely why the data team would face difficulty moving beyond managing technology and into delivering business value.

Follow Info-Tech's methodology to identify and address skills gaps in today's data workplace. Align D&A skills with your organization's data strategy to ensure that you always have the right skills at the right time.

Ruyi Sun
Research Specialist,
Data & Analytics, and Enterprise Architecture
Info-Tech Research Group

Executive Summary

Your Challenge

The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some critical challenges organizations with skills deficiencies might face include:

  • Time loss due to delayed progress and reworking of initiatives
  • Poor implementation quality and low productivity
  • Reduced credibility of data leader and data initiatives

Common Obstacles

Some common obstacles that could prevent you from identifying and building the data and analytics (D&A) skills your organization needs are:

  • Lack of resources and knowledge to secure professionals with the right mixed D&A skills and the right experience/skill level
  • Lack of well-formulated and robust data strategy
  • Neglecting the value of soft skills and placing all your attention on technical skills

Info-Tech's Approach

Follow Info-Tech's guidance on the roles and skills required to support your D&A strategic growth objectives and how to execute an actionable plan:

  • Define skills required for each essential data and analytics role
  • Identify roles and skills gap in alignment with your current data strategy
  • Establish action plan to close the gaps and reduce risks

Info-Tech Insight

Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills required by your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

The rapidly changing environment is impacting the nature of work

Scarcity of data & analytics (D&A) skills

  • Data is one of the most valuable organizational assets, and regardless of your industry, data remains the key to informed decision making. More than 75% of businesses are looking to adopt technologies like big data, cloud computing, and artificial intelligence (AI) in the next five years (World Economic Forum, 2023). As organizations pivot in response to industry disruptions and technological advancements, the nature of work is changing, and the demand for data expertise has grown.
  • Despite an increasing need for data expertise, organizations still have trouble securing D&A roles due to inadequate upskilling programs, limited understanding of the skills required, and more (EY, 2022). Notably, scarce D&A skills have been critical. More workers will need at least a base level of D&A skills to adequately perform their jobs.

Stock image of a data storage center.

Organizations struggle to remain competitive when skills gaps aren't addressed

Organizations identify skills gaps as the key barriers preventing industry transformation:

60% of organizations identify skills gaps as the key barriers preventing business transformation (World Economic Forum, 2023)

43% of respondents agree the business area with the greatest need to address potential skills gaps is data analytics (McKinsey & Company, 2020)

Most organizations are not ready to address potential role disruptions and close skills gaps:

87% of surveyed companies say they currently experience skills gaps or expect them within a few years (McKinsey & Company, 2020)

28% say their organizations make effective decisions on how to close skills gaps (McKinsey & Company, 2020)

Neglecting soft skills development impedes CDOs/CDAOs from delivering value

According to BearingPoint's CDO survey, cultural challenges and limited data literacy are the main roadblocks to a CDO's success. To drill further into the problem and understand the root causes of the two main challenges, conduct a root cause analysis (RCA) using the Five Whys technique.

Bar Chart of 'Major Roadblocks to the Success of a CDO' with 'Limited data literacy' at the top.
(Source: BearingPoint, 2020)

Five Whys RCA

Problem: Poor data literacy is the top challenge CDOs face when increasing the value of D&A. Why?

  • People that lack data literacy find it difficult to embrace and trust the organization's data insights. Why?
  • Data workers and the business team don't speak the same language. Why?
  • No shared data definition or knowledge is established. Over-extensive data facts do not drive business outcomes. Why?
  • Leaders fail to understand that data literacy is more than technical training, it is about encompassing all aspects of business, IT, and data. Why?
  • A lack of leadership skills prevents leaders from recognizing these connections and the data team needing to develop soft skills.

Problem: Cultural challenge is one of the biggest obstacles to a CDO's success. Why?

  • Decisions are made from gut instinct instead of data-driven insights, thus affecting business performance. Why?
  • People within the organization do not believe that data drives operational excellence, so they resist change. Why?
  • Companies overestimate the organization's level of data literacy and data maturity. Why?
  • A lack of strategies in change management, continuous improvement & data literacy for data initiatives. Why?
  • A lack of expertise/leaders possessing these relevant soft skills (e.g. change management, etc.).

As organizations strive to become more data-driven, most conversations around D&A emphasize hard skills. Soft skills like leadership and change management are equally crucial, and deficits there could be the root cause of the data team's inability to demonstrate improved business performance.

Data cannot be fully leveraged without a cohesive data strategy

Business strategy and data strategy are no longer separate entities.

  • For any chief data & analytics officer (CDAO) or equivalent data leader, a robust and comprehensive data strategy is the number one tool for generating measurable business value from data. Data leaders should understand what skills are required to achieve these goals, consider the current skills gap, and build development programs to help employees improve those skills.
  • Begin your skills development programs by ensuring you have a data strategy plan prepared. A data strategy should never be formulated independently from the business. Organizations with high data maturity will align such efforts to the needs of the business, making data a major part of the business strategy to achieve data centricity.
  • Refer to Info-Tech's Build a Robust and Comprehensive Data Strategy blueprint to ensure data can be leveraged as a strategic asset of the organization.

Diagram of 'Data Strategy Maturity' with two arrangements of 'Data Strategy' and 'Business Strategy'. One is 'Aligned', the other is 'Data Centric.'

Info-Tech Insight

The process of achieving data centricity requires alignment between the data and business teams, and that requires soft skills.

Follow Info-Tech's methodology to identify the roles and skills needed to execute a data strategy

  1. Define Key Roles and Skills

    Digital Leadership Skills, Soft Skills, Technical Skills
    Key Output
    • Defined essential competencies, responsibilities for some common data roles
  2. Uncover the Skills Gap

    Data Strategy Alignment, High-Level Data Maturity Assessment, Skills Gap Analysis
    Key Output
    • Data roles and skills aligned with your current data strategy
    • Identified current and target state of data skill sets
  3. Build an Actionable Plan

    Initiative Priority, Skills Growth Feasibility, Hiring Feasibility
    Key Output
    • Identified action plan to address the risk of data skills deficiency

Info-Tech Insight

Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

Research benefits

Member benefits

  • Reduce time spent defining the target state of skill sets.
  • Gain ability to reassess the feasibility of execution on your data strategy, including resources and timeline.
  • Increase confidence in the data leader's ability to implement a successful skills development program that is aligned with the organization's data strategy, which correlates directly to successful business outcomes.

Business benefits

  • Reduce time and cost spent hiring key data roles.
  • Increase chance of retaining high-quality data professionals.
  • Reduce time loss for delayed progress and rework of initiatives.
  • Optimize quality of data initiative implementation.
  • Improve data team productivity.

Insight summary

Overarching insight

Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

Phase 1 insight

Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

Phase 2 insight

Understanding and knowing your organization's data maturity level is a prerequisite to assessing your current skill and determining where you must align in the future.

Phase 3 insight

One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A.

While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

Tactical insight

Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is four to six calls over the course of two to three months.

What does a typical GI on this topic look like?

Phase 1

Phase 2

Phase 3

Call #1: Understand common data & analytics roles and skills, and your specific objectives and challenges. Call #2: Assess the current data maturity level and competency of skills set. Identify the skills gap. Call #3: Identify the relationship between current initiatives and capabilities. Initialize the corresponding roadmap for the data skills development program.

Call #4: (follow-up call) Touching base to follow through and ensure that benefits have received.

Identify and Build the Data & Analytics Skills Your Organization Needs

Phase 1

Define Key Roles and Skills

Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

This phase will walk you through the following activities:

  • 1.1 Review D&A Skill & Role List in Data & Analytics Assessment and Planning Tool

This phase involves the following participants:

  • Data leads

Key resources for your data strategy: People

Having the right role is a key component for executing effective data strategy.

D&A Common Roles

  • Data Steward
  • Data Custodian
  • Data Owner
  • Data Architect
  • Data Modeler
  • Artificial Intelligence (AI) and Machine Learning (ML) Specialist
  • Database Administrator
  • Data Quality Analyst
  • Security Architect
  • Information Architect
  • System Architect
  • MDM Administrator
  • Data Scientist
  • Data Engineer
  • Data Pipeline Developer
  • Data Integration Architect
  • Business Intelligence Architect
  • Business Intelligence Analyst
  • ML Validator

AI and ML Specialist is projected to be the fastest-growing occupation in the next five years (World Economic Forum, 2023).

While tech roles take an average of 62 days to fill, hiring a senior data scientist takes 70.5 days (Workable, 2019). Start your recruitment cycle early for this demand.

D&A Leader Roles

  • Chief Data Officer (CDO)/Chief Data & Analytics Officer (CDAO)
  • Data Governance Lead
  • Data Management Lead
  • Information Security Lead
  • Data Quality Lead
  • Data Product Manager
  • Master Data Manager
  • Content and Record Manager
  • Data Literacy Manager

CDOs act as impactful change agents ensuring that the organization's data management disciplines are running effectively and meeting the business' data needs. Only 12.0% of the surveyed organizations reported having a CDO as of 2012. By 2022, this percentage had increased to 73.7% (NewVantage Partners, 2022).

Sixty-five percent of respondents said lack of data literacy is the top challenge CDOs face today (BearingPoint, 2020). It has become imperative for companies to consider building a data literacy program which will require a dedicated data literacy team.

Key resources for your data strategy: Skill sets

Distinguish between the three skills categories.

  • Soft Skills

    Soft skills are described as power skills regarding how you work, such as teamwork, communication, and critical thinking.
  • Digital Leadership Skills

    Not everyone working in the D&A field is expected to perform advanced analytical tasks. To thrive in increasingly data-rich environments, however, every data worker, including leaders, requires a basic technological understanding and skill sets such as AI, data literacy, and data ethics. These are digital leadership skills.
  • Technical Skills

    Technical skills are the practical skills required to complete a specific task. For example, data scientists and data engineers require programming skills to handle and manage vast amounts of data.

Info-Tech Insight

Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

Soft skills aren't just nice to have

They're a top asset in today's data workplace.

Leadership

  • Data leaders with strong leadership abilities can influence the organization's strategic execution and direction, support data initiatives, and foster data cultures. Organizations that build and develop leadership potential are 4.2 times more likely to financially outperform those that do not (Udemy, 2022).

Business Acumen

  • The process of deriving conclusions and insights from data is ultimately utilized to improve business decisions and solve business problems. Possessing business acumen helps provide the business context and perspectives for work within data analytics fields.

Critical Thinking

  • Critical thinking allows data leaders at every level to objectively assess a problem before making judgment, consider all perspectives and opinions, and be able to make decisions knowing the ultimate impact on results.

Analytical Thinking

  • Analytical thinking remains the most important skill for workers in 2023 (World Economic Forum, 2023). Data analytics expertise relies heavily on analytical thinking, which is the process of breaking information into basic principles to analyze and understand the logic and concepts.

Design Thinking & Empathy

  • Design thinking skills help D&A professionals understand and prioritize the end-user experience to better inform results and assist the decision-making process. Organizations with high proficiency in design thinking are twice as likely to be high performing (McLean & Company, 2022).

Learning Focused

  • The business and data analytics fields continue to evolve rapidly, and the skills, especially technical skills, must keep pace. Learning-focused D&A professionals continuously learn, expanding their knowledge and enhancing their techniques.

Change Management

  • Change management is essential, especially for data leaders who act as change agents developing and enabling processes and who assist others with adjusting to changes with cultural and procedural factors. Organizations with high change management proficiency are 2.2 times more likely to be high performing (McLean & Company, 2022).

Resilience

  • Being motivated and adaptable is essential when facing challenges and high-pressure situations. Organizations highly proficient in resilience are 1.8 times more likely to be high performing (McLean & Company, 2022).

Managing Risk & Governance Mindset

  • Risk management ability is not limited to highly regulated institutions. All data workers must understand risks from the larger organizational perspective and have a holistic governance mindset while achieving their individual goals and making decisions.

Continuous Improvement

  • Continuously collecting feedback and reflecting on it is the foundation of continuous improvement. To uncover and track the lessons learned and treat them as opportunities, data workers must be able to discover patterns and connections.

Teamwork & Collaboration

  • Value delivery in a data-centric environment is a team effort, requiring collaboration across the business, IT, and data teams. D&A experts with strong collaborative abilities can successfully work with other teams to achieve shared objectives.

Communication & Active Listening

  • This includes communicating with relevant stakeholders about timelines and expectations of data projects and associated technology and challenges, paying attention to data consumers, understanding their requirements and needs, and other areas of interest to the organization.

Technical skills for everyday excellence

Digital Leadership Skills

  • Technological Literacy
  • Data and AI Literacy
  • Cloud Computing Literacy
  • Data Ethics
  • Data Translation

Data & Analytics Technical Competencies

  • Data Mining
  • Programming Languages (Python, SQL, R, etc.)
  • Data Analysis and Statistics
  • Computational and Algorithmic Thinking
  • AI/ML Skills (Deep Learning, Computer Vision, Natural Language Processing, etc.)
  • Data Visualization and Storytelling
  • Data Profiling
  • Data Modeling & Design
  • Data Pipeline (ETL/ELT) Design & Management
  • Database Design & Management
  • Data Warehouse/Data Lake Design & Management

1.1 Review D&A Skill & Role List in the Data & Analytics Assessment and Planning Tool

Sample of Tab 2 in the Data & Analytics Assessment and Planning Tool.

Tab 2. Skill & Role List

Objective: Review the library of skills and roles and customize them as needed to align with your organization's language and specific needs.

Download the Data & Analytics Assessment and Planning Tool

Identify and Build the Data & Analytics Skills Your Organization Needs

Phase 2

Uncover the Skills Gap

Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

This phase will walk you through the following activities:

  • 2.1 High-level assessment of your present data management maturity
  • 2.2 Interview business and data leaders to clarify current skills availability
  • 2.3 Use the Data & Analytics Assessment and Planning Tool to Identify your skills gaps

This phase involves the following participants:

  • Data leads
  • Business leads and subject matter experts (SMEs)
  • Key business stakeholders

Identify skills gaps across the organization

Gaps are not just about assigning people to a role, but whether people have the right skill sets to carry out tasks.

  • Now that you have identified the essential skills and roles in the data workplace, move to Phase 2. This phase will help you understand the required level of competency, assess where the organization stands today, and identify gaps to close.
  • Using the Data & Analytics Assessment and Planning Tool, start with areas that are given the highest priority through a high-level maturity assessment. From there, three levels of gaps will be found: whether people are assigned to a particular position, the right combination of D&A skill sets, and the right competency level for each skill.
  • Lack of talent assigned to a position

  • Lack of the right combination of D&A skill sets

  • Lack of appropriate competency level

Info-Tech Insight

Understanding your organization's data maturity level is a prerequisite to assessing the skill sets you have today and determining where you need to align in the future.

2.1 High-level assessment of your present data management maturity

Identifying and fixing skills gaps takes time, money, and effort. Focus on bridging the gap in high-priority areas.

Input: Current state capabilities, Use cases (if applicable), Data culture diagnostic survey results (if applicable)
Output: High-level maturity assessment, Prioritized list of data management focused area
Materials: Data Management Assessment and Planning Tool (optional), Data & Analytics Assessment and Planning Tool
Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

Objectives:

Prioritize these skills and roles based on your current maturity levels and what you intend to accomplish with your data strategy.

Steps:

  1. (Optional Step) Refer to the Build a Robust and Comprehensive Data Strategy blueprint. You can assess your data maturity level using the following frameworks and methods:
    • Review current data strategy and craft use cases that represent high-value areas that must be addressed for their teams or functions.
    • Use the data culture assessment survey to determine your organization's data maturity level.
  2. (Optional Step) Refer to the Create a Data Management Roadmap blueprint and Data Management Assessment and Planning Tool to dive deep into understanding and assessing capabilities and maturity levels of your organization's data management enablers and understanding your priority areas and specific gaps.
  3. If you have completed Data Management Assessment and Planning Tool, fill out your maturity level scores for each of the data management practices within it - Tab 3 (Current-State Assessment). Skip Tab 4 (High-Level Maturity Assessment).
  4. If you have not yet completed Data Management Assessment and Planning Tool, skip Tab 3 and continue with Tab 4. Assign values 1 to 3 for each capability and enabler.
  5. You can examine your current-state data maturity from a high level in terms of low/mid/high maturity using either Tabs 3 or 4.
  6. Suggested focus areas along the data journey:
    • Low Maturity = Data Strategy, Data Governance, Data Architecture
    • Mid Maturity = Data Literacy, Information Management, BI and Reporting, Data Operations Management, Data Quality Management, Data Security/Risk Management
    • High Maturity = MDM, Data Integration, Data Product and Services, Advanced Analytics (ML & AI Management).

Download the Data & Analytics Assessment and Planning Tool

2.2 Interview business and data leaders to clarify current skills availability

1-2 hours per interview

Input: Sample questions targeting the activities, challenges, and opportunities of each unit
Output: Identified skills availability
Materials: Whiteboard/Flip charts, Data & Analytics Assessment and Planning Tool
Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

Instruction:

  1. Conduct a deep-dive interview with each key data initiative stakeholder (data owners, SMEs, and relevant IT/Business department leads) who can provide insights on the skill sets of their team members, soliciting feedback from business and data leaders about skills and observations of employees as they perform their daily tasks.
  2. Populate a current level of competency for each skill in the Data & Analytics Assessment and Planning Tool in Tabs 5 and 6. Having determined your data maturity level, start with the prioritized data management components (e.g. if your organization sits at low data maturity level, start with identifying relevant positions and skills under data governance, data architecture, and data architecture elements).
  3. More detailed instructions on how to utilize the workbook are at the next activity.

Key interview questions that will help you :

  1. Do you have personnel assigned to the role? What are their primary activities? Do the personnel possess the soft and technical skills noted in the workbook? Are you satisfied with their performance? How would you evaluate their degree of competency on a scale of "vital, important, nice to have, or none"? The following aspects should be considered when making the evaluation:
    • Key Performance Indicators (KPIs): Business unit data will show where the organization is challenged and will help identify potential areas for development.
    • Project Management Office: Look at successful and failed projects for trends in team traits and competencies.
    • Performance Reviews: Look for common themes where employees excel or need to improve.
    • Focus Groups: Speak with a cross section of employees to understand their challenges.
  2. What technology is currently used? Are there requirements for new technology to be bought and/or optimized in the future? Will the workforce need to increase their skill level to carry out these activities with the new technology in place?

Download the Data & Analytics Assessment and Planning Tool

2.3 Use the Data & Analytics Assessment and Planning Tool to identify skills gaps

1-3 hours — Not everyone needs the same skill levels.

Input: Current skills competency, Stakeholder interview results and findings
Output: Gap identification and analysis
Materials: Data & Analytics Assessment and Planning Tool
Participants: Data leads

Instruction:

  1. Select your organization's data maturity level in terms of Low/Mid/High in cell A6 for both Tab 5 (Soft Skills Assessment) and Tab 6 (Technical Skills Assessment) to reduce irrelevant rows.
  2. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to determine whether the data role exists in the organization. If yes, assign a current-state value from “vital, important, nice to have, or none” for each skill in the assessment tool. Info-Tech has specified the desired/required target state of each skill set.
  3. Once you've assigned the current-state values, the tool will automatically determine whether there is a gap in skill set.

Download the Data & Analytics Assessment and Planning Tool

Identify and Build the Data & Analytics Skills Your Organization Needs

Phase 3

Build an Actionable Plan

Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

This phase will walk you through the following activities:

  • 3.1 Use the Data & Analytics Assessment and Planning Tool to build your actionable roadmap

This phase involves the following participants:

  • Data leads
  • Business leads and subject matter experts (SMEs)
  • Key business stakeholders

Determine next steps and decision points

There are three types of internal skills development strategies

  • There are three types of internal skills development strategies organizations can use to ensure the right people with the right abilities are placed in the right roles: reskill, upskill, and new hire.
  1. Reskill

    Reskilling involves learning new skills for a different or newly defined position.
  2. Upskill

    Upskilling involves building a higher level of competency in skills to improve the worker's performance in their current role.
  3. New hire

    New hire involves hiring workers who have the essential skills to fill the open position.

Info-Tech Insight

One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A. While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

How to determine when to upskill, reskill, or hire to meet your skills needs

Reskill

Reskilling often indicates a change in someone's career path, so this decision requires a goal aligned with both individuals and the organization to establish a mutually beneficial situation.

When making reskilling decisions, organizations should also consider the relevance of the skill for different positions. For example, data administrators and data architects have similar skill sets, so reskilling is appropriate for these employees.

Upskill

Upskilling tends to focus more on the soft skills necessary for more advanced positions. A data strategy lead, for example, might require design thinking training, which enables leaders to think from different perspectives.

Skill growth feasibility must also be considered. Some technical skills, particularly those involving cutting-edge technologies, require continual learning to maintain operational excellence. For example, a data scientist may require AI/ML skills training to incorporate use of modern automation technology.

New Hire

For open positions and skills that are too resource-intensive to reskill or upskill, it makes sense to recruit new employees. Consider, however, time and cost feasibility of hiring. Some positions (e.g. senior data scientist) take longer to fill. To minimize risks, coordinate with your HR department and begin recruiting early.

Data & Analytics skills training

There are various learning methods that help employees develop priority competencies to achieve reskilling or upskilling.

Specific training

The data team can collaborate with the human resources department to plan and develop internal training sessions aimed at specific skill sets.

This can also be accomplished through external training providers such as DCAM, which provides training courses on data management and analytics topics.

Formal education program

Colleges and universities can equip students with data analytics skills through formal education programs such as MBAs and undergraduate or graduate degrees in Data Science, Machine Learning, and other fields.

Certification

Investing time and effort to obtain certifications in the data & analytics field allows data workers to develop skills and gain recognition for continuous learning and self-improvement.

AWS Data Analytics and Tableau Data Scientist Certification are two popular data analytics certifications.

Online learning from general providers

Some companies offer online courses in various subjects. Coursera and DataCamp are two examples of popular providers.

Partner with a vendor

The organization can partner with a vendor who brings skills and talents that are not yet available within the organization. Employees can benefit from the collaboration process by familiarizing themselves with the project and enhancing their own skills.

Support from within your business

The data team can engage with other departments that have previously done skills development programs, such as Finance and Change & Communications, who may have relevant resources to help you improve your business acumen and change management skills.

Info-Tech Insight

Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

Data & Analytics skills reinforcement

Don't assume learners will immediately comprehend new knowledge. Use different methods and approaches to reinforce their development.

Innovation Space

  • Skills development is not a one-time event, but a continuous process during which innovation should be encouraged. A key aspect of being innovative is having a “fail fast” mentality, which means collecting feedback, recognizing when something isn't working, encouraging experimentation, and taking a different approach with the goal of achieving operational excellence.
  • Human-centered design (HCD) also yields innovative outcomes with a people-first focus. When creating skills development programs for various target groups, organizations should integrate a human-centered approach.

Commercial Lens

  • Exposing people to a commercial way of thinking can add long-term value by educating people to act in the business' best interest and raising awareness of what other business functions contribute. This includes concepts such as project management, return on investment (ROI), budget alignment, etc.

Checklists/Rubrics

  • Employees should record what they learn so they can take the time to reflect. A checklist is an effective technique for establishing objectives, allowing measurement of skills development and progress.

Buddy Program

  • A buddy program helps employees gain and reinforce knowledge and skills they have learned through mutual support and information exchange.

Align HR programs to support skills integration and talent recruitment

With a clear idea of skills needs and an executable strategy for training and reinforcing of concepts, HR programs and processes can help the data team foster a learning environment and establish a recruitment plan. The links below will direct you to blueprints produced by McLean & Company, a division of Info-Tech Research Group.

Workforce Planning

When integrating the skills of the future into workforce planning, determine the best approach for addressing the identified talent gaps – whether to build, buy, or borrow.

Integrate the future skills identified into the organization's workforce plan.

Talent Acquisition

In cases where employee development is not feasible, the organization's talent acquisition strategy must focus more on buying or borrowing talent. This will impact the TA process. For example, sourcing and screening must be updated to reflect new approaches and skills.

If you have a talent acquisition strategy, assess how to integrate the new roles/skills into recruiting.

Competencies/Succession Planning

Review current organizational core competencies to determine if they need to be modified. New skills will help inform critical roles and competencies required in succession talent pools.

If no competency framework exists, use McLean & Company's Develop a Comprehensive Competency Framework blueprint.

Compensation

Evaluate modified and new roles against the organization's compensation structure. Adjust them as necessary. Look at market data to understand compensation for new roles and skills.

Reassess your base pay structure according to market data for new roles and skills.

Learning and Development

L&D plays a huge role in closing the skills gap. Build L&D opportunities to support development of new skills in employees.

Design an Impactful Employee Development Program to build the skills employees need in the future.

3.1 Use the Data & Analytics Assessment and Planning Tool to build an actionable plan

1-3 hours

Input: Roles and skills required, Key decision points
Output: Actionable plan
Materials: Data & Analytics Assessment and Planning Tool
Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

Instruction:

  1. On Tab 7 (Next Steps & Decision Points), you will find a list of tasks that correspond to roles that where there is a skills gap.
  2. Customize this list of tasks initiatives according to your needs.
  3. The Gantt chart, which will be generated automatically after assigning start and finish dates for each activity, can be used to structure your plan and guarantee that all the main components of skills development are addressed.

Sample of Tab 7 in the Data & Analytics Assessment and Planning Tool.

Download the Data & Analytics Assessment and Planning Tool

Related Info-Tech Research

Sample of the Create a Data Management Roadmap blueprint.

Create a Data Management Roadmap

  • This blueprint will help you design a data management practice that will allow your organization to use data as a strategic enabler.

Stock image of a person looking at data dashboards on a tablet.

Build a Robust and Comprehensive Data Strategy

  • Put a strategy in place to ensure data is available, accessible, well-integrated, secured, of acceptable quality, and suitably visualized to fuel organization-wide decision making. Start treating data as strategic and corporate asset.

Sample of the Foster Data-Driven Culture With Data Literacy blueprint.

Foster Data-Driven Culture With Data Literacy

  • By thoughtfully designing a data literacy training program appropriate to the audience's experience, maturity level, and learning style, organizations build a data-driven and engaged culture that helps them unlock their data's full potential and outperform other organizations.

Research Authors and Contributors

Authors:

Name Position Company
Ruyi Sun Research Specialist Info-Tech Research Group

Contributors:

Name Position Company
Steve Wills Practice Lead Info-Tech Research Group
Andrea Malick Advisory Director Info-Tech Research Group
Annabel Lui Principal Advisory Director Info-Tech Research Group
Sherwick Min Technical Counselor Info-Tech Research Group

Bibliography

2022 Workplace Learning Trends Report.” Udemy, 2022. Accessed 20 June 2023.

Agrawal, Sapana, et al. “Beyond hiring: How companies are reskilling to address talent gaps.” McKinsey & Company, 12 Feb. 2020. Accessed 20 June 2023.

Bika, Nikoletta. “Key hiring metrics: Useful benchmarks for tech roles.” Workable, 2019. Accessed 20 June 2023.

Chroust, Tomas. “Chief Data Officer – Leaders of data-driven enterprises.” BearingPoint, 2020. Accessed 20 June 2023.

“Data and AI Leadership Executive Survey 2022.” NewVantage Partners, Jan 2022. Accessed 20 June 2023.

Dondi, Marco, et al. “Defining the skills citizens will need in the future world of work.” McKinsey & Company, June 2021. Accessed 20 June 2023.

Futschek, Gerald. “Algorithmic Thinking: The Key for Understanding Computer Science.” Lecture Notes in Computer Science, vol. 4226, 2006.

Howard, William, et al. “2022 HR Trends Report.” McLean & Company, 2022. Accessed 20 June 2023.

“Future of Jobs Report 2023.” World Economic Forum, May 2023. Accessed 20 June 2023.

Knight, Michelle. “What is Data Ethics?” Dataversity, 19 May 2021. Accessed 20 June 2023.

Little, Jim, et al. “The CIO Imperative: Is your technology moving fast enough to realize your ambitions?” EY, 22 Apr. 2022. Accessed 20 June 2023.

“MDM Roles and Responsibilities.” Profisee, April 2019. Accessed 20 June 2023.

“Reskilling and Upskilling: A Strategic Response to Changing Skill Demands.” TalentGuard, Oct. 2019. Accessed 20 June 2023.

Southekal, Prashanth. “The Five C's: Soft Skills That Every Data Analytics Professional Should Have.” Forbes, 17 Oct. 2022. Accessed 20 June 2023.

Map Technical Skills for a Changing Infrastructure & Operations Organization

  • Buy Link or Shortcode: {j2store}333|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: 5 Average Days Saved
  • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • Parent Category Name: Strategy and Organizational Design
  • Parent Category Link: /strategy-and-organizational-design
  • Infrastructure & Operations is changing rapidly. It’s a constant challenge to find the right skills to support the next new technology while at the same time maintaining the skills in house that allow you to support your existing platforms.
  • A lack of clarity around required skills makes finding the right skills difficult, and it’s not clear whether you should train, hire, contract, or outsource to address gaps.
  • You need to keep up with changes and new strategy while continuing to support your existing environment.

Our Advice

Critical Insight

  • Take a strategic approach to acquiring skills – looking only as far as the needs of the next project will lead to a constant skills shortage with no plan for it to be addressed.
  • Begin by identifying your future state. Identify needed skills in the organization to support planned projects and initiatives, and to mitigate skills-related risks.

Impact and Result

  • Leverage your infrastructure roadmap and cloud strategy to identify needed skills in your future state environment.
  • Decide how you’ll acquire needed skills based on the characteristics of need for each skill.
  • Communicate the change and create a plan of action for the skills transformation.

Map Technical Skills for a Changing Infrastructure & Operations Organization Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should map technical skills for a changing Infrastructure & Operations organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify skills needs for the future state environment

Identify what skills are needed based on where the organization is going.

  • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 1: Identify Skills Needs for Your Future State Environment
  • Future State Playbook
  • IT/Cloud Solutions Architect
  • IT/Cloud Engineer
  • IT/Cloud Administrator
  • IT/Cloud Demand Billing & Accounting Analyst

2. Acquire needed skills

Ground skills acquisition decisions in the characteristics of need.

  • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 2: Acquire Needed Skills
  • Technical Skills Map

3. Maximize the value of the skills map

Get stakeholder buy-in; leverage the skills map in other processes.

  • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 3: Maximize the Value of Your Skills Map
  • Technical Skills Map Communication Deck Template
[infographic]

Workshop: Map Technical Skills for a Changing Infrastructure & Operations Organization

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Review Initiatives and Skills-Related Risks

The Purpose

Identify process and skills changes required by the future state of your environment.

Key Benefits Achieved

Set foundation for alignment between strategy-defined technology initiatives and needed skills.

Activities

1.1 Review the list of initiatives and projects with the group.

1.2 Identify how key support, operational, and deployment processes will change through planned initiatives.

1.3 Identify skills-related risks and pain points.

Outputs

Future State Playbook

2 Identify Needed Skills and Roles

The Purpose

Identify process and skills changes required by the future state of your environment.

Key Benefits Achieved

Set foundation for alignment between strategy-defined technology initiatives and needed skills.

Activities

2.1 Identify skills required to support the new environment.

2.2 Map required skills to roles.

Outputs

IT/Cloud Architect Role Description

IT/Cloud Engineer Role Description

IT/Cloud Administrator Role Description

3 Create a Plan to Acquire Needed Skills

The Purpose

Create a skills acquisition strategy based on the characteristics of need.

Key Benefits Achieved

Optimal skills acquisition strategy defined.

Activities

3.1 Modify impact scoring scale for key skills decision factors.

3.2 Apply impact scoring scales to needed skills

3.3 Decide whether to train, hire, contract, or outsource to acquire needed skills.

Outputs

Technical Skills Map

4 Develop a Communication Plan

The Purpose

Create an effective communication plan for different stakeholders across the organization.

Identify opportunities to leverage the skills map elsewhere.

Key Benefits Achieved

Create a concise, clear, consistent, and relevant change message for stakeholders across the organization.

Activities

4.1 Review skills decisions and decide how you will acquire skills in each role.

4.2 Update roles descriptions.

4.3 Create a change message.

4.4 Identify opportunities to leverage the skills map in other processes.

Outputs

Technical Skills Map Communication Deck

Build an Extensible Data Warehouse Foundation

  • Buy Link or Shortcode: {j2store}342|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Big Data
  • Parent Category Link: /big-data
  • Data warehouse implementation is a costly and complex undertaking, and can end up not serving the business' needs appropriately.
  • Too heavy a focus on technology creates a data warehouse that isn’t sustainable and ends up with poor adoption.
  • Emerging data sources and technologies add complexity to how the appropriate data is made available to business users.

Our Advice

Critical Insight

  • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
  • Governance, not technology needs to be the core support system for enabling a data warehouse program.
  • Understand business processes at the operational, tactical, and ad hoc levels to ensure a fit-for-purpose DW is built.

Impact and Result

  • Leverage an approach that focuses on constructing a data warehouse foundation that is able to address a combination of operational, tactical, and ad hoc business needs.
  • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
  • Develop “Rosetta Stone” views of your data assets to facilitate data modeling.
  • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

Build an Extensible Data Warehouse Foundation Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why the data warehouse is becoming an important tool for driving business value, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Prepare for the data warehouse foundation project

Begin the data warehouse foundation by defining the project and governance teams, as well as reviewing supporting data management practices.

  • Build an Extensible Data Warehouse Foundation – Phase 1: Prepare for the Data Warehouse Foundation Project
  • Data Warehouse Foundation Project Plan Template
  • Data Warehouse Work Breakdown Structure Template
  • Data (Warehouse) Architect
  • Data Integration Specialist
  • Business Intelligence Specialist
  • Director of Data Warehousing/Business Intelligence
  • Data Warehouse Program Charter Template
  • Data Warehouse Steering Committee Charter Template

2. Establish the business drivers and data warehouse strategy

Using the business activities as a guide, develop a data model, data architecture, and technology plan for a data warehouse foundation.

  • Build an Extensible Data Warehouse Foundation – Phase 2: Establish the Business Drivers and Data Warehouse Strategy
  • Business Data Catalog
  • Data Classification Inventory Tool
  • Data Warehouse Architecture Planning Tool
  • Master Data Mapping Tool

3. Plan for data warehouse governance

Start developing a data warehouse program by defining how users will interact with the new data warehouse environment.

  • Build an Extensible Data Warehouse Foundation – Phase 3: Plan for Data Warehouse Governance
  • Data Warehouse Standard Operating Procedures Template
  • Data Warehouse Service Level Agreement
[infographic]

Workshop: Build an Extensible Data Warehouse Foundation

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Prepare for the Data Warehouse Foundation Project

The Purpose

Identify the members of the foundation project team.

Define overarching statements and define success factors/risks.

Outline basic project governance.

Key Benefits Achieved

Defined membership, roles, and responsibilities involved in the foundation project.

Establishment of a steering committee as a starting point for the data warehouse program.

Activities

1.1 Identify foundation project team and create a RACI chart.

1.2 Understand what a data warehouse can and cannot enable.

1.3 Define critical success factors, key performance metrics, and project risks.

1.4 Develop rough timelines for foundation project completion.

1.5 Define the current and future states for key data management practices.

Outputs

Job Descriptions and RACI

Data Warehouse Steering Committee Charter

Data Warehouse Foundation Project Plan

Work Breakdown Structure

2 Establish the Business Drivers and Data Warehouse Strategy

The Purpose

Define the information needs of the business and its key processes.

Create the components that will inform an appropriate data model.

Design a data warehouse architecture model.

Key Benefits Achieved

Clear definition of business needs that will directly inform the data and architecture models.

Activities

2.1 Understand the most fundamental needs of the business.

2.2 Define the data warehouse vision, mission, purpose, and goals.

2.3 Detail the most important operational, tactical, and ad hoc activities the data warehouse should support.

2.4 Link the processes that will be central to the data warehouse foundation.

2.5 Walk through the four-column model and business entity modeling as a starting point for data modeling.

2.6 Create data models using the business data glossary and data classification.

2.7 Identify master data elements to define dimensions.

2.8 Design lookup tables based on reference data.

2.9 Create a fit-for-purpose data warehousing model.

Outputs

Data Warehouse Program Charter

Data Warehouse Vision and Mission

Documentation of Business Processes

Business Entity Map

Business Data Glossary

Data Classification Scheme

Data Warehouse Architecture Model

3 Plan for Data Warehouse Governance

The Purpose

Create a plan for governing your data warehouse efficiently and effectively.

Key Benefits Achieved

Documentation of current standard operating procedures.

Identified members of a data warehouse center of excellence.

Activities

3.1 Develop a technology capability map to visualize your desired state.

3.2 Establish a data warehouse center of excellence.

3.3 Create a data warehouse foundation roadmap.

3.4 Define data warehouse service level agreements.

3.5 Create standard operating procedures.

Outputs

Technology Capability Map

Project Roadmap

Service Level Agreement

Data Warehouse Standard Operating Procedure Workbook

Build Your Enterprise Application Implementation Playbook

  • Buy Link or Shortcode: {j2store}605|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Selection & Implementation
  • Parent Category Link: /selection-and-implementation
  • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
  • In addition, rapid changes in the business make maintaining project sponsors’ engagement challenging.
  • Project sprawl across the organization has created a situation where each project lead tracks progress in their own way. This makes it difficult for leadership to identify what was successful – and what wasn’t.

Our Advice

Critical Insight

An effective enterprise application implementation playbook is not just a list of steps, but a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

Impact and Result

Follow these steps to build your enterprise application playbook:

  • Define your sponsor, map out your stakeholders, and lay out the vision, goals and objectives for your project.
  • Detail the scope, metrics, and the team that will make it happen.
  • Outline the steps and processes that will carry you through the implementation.

Build Your Enterprise Application Implementation Playbook Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build Your Enterprise Application Implementation Playbook Deck - Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

This blueprint provides the steps necessary to build your own enterprise application implementation playbook that can be deployed and leveraged by your implementation teams.

  • Build Your Enterprise Application Implementation Playbook – Phases 1-3

2. Your Enterprise Application Implementation Playbook – The key output from leveraging this research is a completed implementation playbook.

This is the main playbook that you build through the exercises defined in the blueprint.

  • Your Enterprise Application Implementation Playbook

3. Your Enterprise Application Implementation Playbook - Timeline Tool – Supporting tool that captures the project timeline information, issue log, and follow-up dashboard.

This tool provides input into the playbook around project timelines and planning.

  • Your Enterprise Application Implementation Playbook - Timeline Tool

4. Light Project Change Request Form Template – This tool will help you record the requested change, allow assess the impact of the change and proceed the approval process.

This provides input into the playbook around managing change requests

  • Light Project Change Request Form Template

Infographic

Workshop: Build Your Enterprise Application Implementation Playbook

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Understand the Project

The Purpose

Lay out the overall objectives, stakeholders, and governance structure for the project.

Key Benefits Achieved

Align everyone on the sponsor, key stakeholders, vision, and goals for your project

Activities

1.1 Select the project sponsor.

1.2 Identify your stakeholders.

1.3 Align on a project vision.

1.4 List your guiding principles.

1.5 Confirm your goals and objectives for the implementation project.

1.6 Define the project governance structure.

Outputs

Project sponsor has been selected.

Project stakeholders have been identified and mapped with their roles and responsibilities.

Vision has been defined.

Guiding principles have been defined.

Articulated goals and objectives.

Detailed governance structure.

2 Set up for Success

The Purpose

Define the elements of the playbook that provide scope and boundaries for the implementation.

Key Benefits Achieved

Align the implementation team on the scope for the project and how the team should operate during the implementation.

Activities

2.1 Gather and review requirements, with an agreed to scope.

2.2 Define metrics for your project.

2.3 Define and document the risks that can impact the project.

2.4 Establish team composition and identify the team.

2.5 Detail your OCM structure, resources, roles, and responsibilities.

2.6 Define requirements for training.

2.7 Create a communications plan for stakeholder groups and delivery teams.

Outputs

Requirements for enterprise application implementation with an agreed-to scope.

Metrics to help measure what success looks like for the implementation.

Articulated list of possible risks during the implementation.

The team responsible and accountable for implementation is identified.

Details of your organization’s change management process.

Outline of training required.

An agreed-to plan for communication of project status.

3 Document Your Plan

The Purpose

With the structure and boundaries in place, we can now lay out the details on the implementation plan.

Key Benefits Achieved

A high-level plan is in place, including next steps and a process on running retrospectives.

Activities

3.1 Define your implementation steps.

3.2 Create templates to enable follow-up throughout the project.

3.3 Decide on the tracking tools to help during your implementation.

3.4 Define the follow-up processes.

3.5 Define project progress communication.

3.6 Create a Change request process.

3.7 Define your retrospective process for continuous improvement.

3.8 Prepare a closure document for sign-off.

Outputs

An agreed to high-level implementation plan.

Follow-up templates to enable more effective follow-ups.

Shortlist of tracking tools to leverage during the implementation.

Defined processes to enable follow-up.

Defined project progress communication.

A process for managing change requests.

A process and template for running retrospectives.

A technique and template for closure and sign-off.

Further reading

Build Your Enterprise Application Implementation Playbook

Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

Analyst Perspective

Your implementation is not just about technology, but about careful planning, collaboration, and control.

Recardo de Oliveira

A successful enterprise application implementation requires more than great software; it requires a clear line of sight to the people, processes, metrics, and tools that can help make this happen.

Additionally, every implementation is unique with its own set of challenges. Working through these challenges requires a tailored approach taking many factors into account. Building out your playbook for your implementation is an important initial step before diving head-first into technology.

Regardless of whether you use an implementation partner, a playbook ensures that you don’t lose your enterprise application investment before you even get started!

Ricardo de Oliveira

Research Director,
Application Delivery and Management
Info-Tech Research Group

Executive Summary

Your Challenge

  • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
  • Rapid changes in the business make maintaining project sponsors’ engagement challenging.
  • Project sprawl across the organization has created a situation where project leads track progress in their own way. This makes it difficult for leadership to identify what was successful (and what wasn’t).

Common Obstacles

  • Your best process experts are the same people you need to keep the business running. The business cannot afford to have its best people pulled into the implementation for long periods of time.
  • Enterprise application implementations generate huge organizational changes and the adoption of the new systems and processes resulting from these projects are quite difficult.
  • People are generally resistant to change, especially large, transformational changes that will impact the day-to-day way of doing things.

Info-Tech's Approach

  • Build your enterprise application implementation playbook. Follow these steps to build your enterprise application playbook:
    • Define your sponsor, map out your stakeholders, and lay out the vision, goals, and objectives for your project.
    • Detail the scope, metrics, and the team that will make it happen.
    • Detail the steps and processes that will carry you through the implementation

Info-Tech Insight

An effective enterprise application implementation playbook is not just a list of steps; it is a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

Enterprise Applications Lifescycle Advisory Services. Strategy, selection, implementation, optimization and operations.

Insight summary

Building an effective playbook starts with asking the right questions, not jumping straight into the technical details.

  • This blueprint provides the steps required to lay out an implementation playbook to align the team on what is necessary to support the implementation.
  • Build your Enterprise Application Implementation Playbook by:
    • Aligning and confirming project’s goals, stakeholders, governance and team.
    • Clearly defining what is in and out of scope for the project and the risks involved.
    • Building up a strong change management process.
    • Providing the tools and processes to keep track of the project.
    • Pulling it all together into an actionable playbook.

Grapsh showing 39%

Lack of planning is the reason that 39% of projects fail. Poor project planning can be disastrous: The consequences are usually high costs and time overruns.

Graph showing 20%

Almost 20% of IT projects can fail so badly that they can become a threat to a company’s existence. Lack of proper planning, poor communication, and poorly defined goals all contribute to the failure of projects.

Graph showig 2.5%

A PwC study of over 10,640 projects found that a tiny portion of companies – 2.5% – completed 100% of their projects successfully. These failures extract a heavy cost – failed IT projects alone cost the United States $50-$150B in lost revenue and productivity.

Source: Forbes, 2020

Planning and control are key to enterprise project success

An estimated 70% of large-scale corporate projects fail largely due to a lack of change management infrastructure, proper oversight, and regular performance check-ins to track progress (McKinsey, 2015).

Table showing that 88% of projects completed on time, 90% completed within budget and 92% meet original goals. 68% of projects have scope creep, 24% deemed failures and 46% experience budget lose when project fails

“A survey published in HBR found that the average IT project overran its budget by 27%. Moreover, at least one in six IT projects turns into a ‘black swan’ with a cost overrun of 200% and a schedule overrun of 70%. Kmart’s massive $1.2B failed IT modernization project, for instance, was a big contributor to its bankruptcy.”

Source: Forbes, 2020

Sponsor commitment directly improves project success.

Having the right sponsor significantly improves your chances of success across many different dimensions:

  1. On-time delivery
  2. Delivering within budget
  3. Delivered within an agreed-to scope
  4. Delivered with sufficient quality.
Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

Source: Info-Tech, PPM Current State Scorecard Diagnostic

Executive Brief Case Study

Chocolate manufacturer implementing a new ERP

INDUSTRY

Consumer Products

SOURCE

Carlton, 2021

Challenge

Not every ERP ends in success. This case study reviews the failure of Hershey, a 147-year-old confectioner, headquartered in Hershey Pennsylvania. The enterprise saw the implementation of an ERP platform as being central to its future growth.

Solution

Consequently, rather than approaching its business challenge on the basis of an iterative approach, it decided to execute a holistic plan, involving every operating center in the company. Subsequently, SAP was engaged to implement a $10 million systems upgrade; however, management problems emerged immediately.

Results

The impact of this decision was significant, and the company was unable to conduct business because virtually every process, policy, and operating mechanism was in flux simultaneously. The consequence was the loss of $150 million in revenue, a 19% reduction in share price, and the loss of 12% in international market share.

Remember: Poor management can scupper implementation, even when you have selected the perfect system.

A successful software implementation provides more than simply immediate business value…

It can build competitive advantage.

  • When software projects fail, it can jeopardize an organization’s financial standing and reputation, and in some severe cases, it can bring the company down altogether.
  • Rarely do projects fail for a single reason, but by understanding the pitfalls, developing a risk mitigation plan, closely monitoring risks, and self-evaluating during critical milestones, you can increase the probability of delivering on time, on budget, and with the intended benefits.

Benefits are not limited to just delivering on time. Some others include:

  • Building organizational delivery competence and overall agility.
  • The opportunity to start an inventory of best practices, eventually building them into a center of excellence.
  • Developing a competitive advantage by maximizing software value and continuously transforming the business.
  • An opportunity to develop a competent pool of staff capable of executing on projects and managing organizational change.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Your Enterprise Application Implementation Playbook – Timeline Tool

Supporting template that captures the project timeline information, issue log, and follow-up dashboard.

Info-Tech: Project Planning and Monitoring Tool.
Light Project Change Request Form Template

This tool will help you record the requested change, and allow you to assess the impact of the change and proceed with the approval process.

Info-Tech: Light change request form template.

Key deliverable:

Your Enterprise Application Implementation Playbook

Record the results from the exercises to define the steps for a successful implementation.

Build your enterprise application implementation playbook.

Info-Tech’s methodology for Your Enterprise Application Implementation Playbook

Phase Steps

1. Understand the Project

  1. Identify the project sponsor
  2. Define project stakeholders
  3. Review project vision and guiding principles
  4. Review project objectives
  5. Establish project governance

2. Set up for success

  1. Review project scope
  2. Define project metrics
  3. Prepare for project risks
  4. Identify the project team
  5. Define your change management process

3. Document your plan

  1. Develop a master project plan
  2. Define a follow-up plan
  3. Define the follow-up process
  4. Understand what’s next
Phase Outcomes
  • Project sponsor has been selected
  • Project stakeholders have been identified and mapped with their roles and responsibilities.
  • Vision, guiding principles, goals objectives, and governance have been defined
  • Project scope has been confirmed
  • Project metrics to identify successful implementation has been defined
  • Risks have been assessed and articulated.
  • Identified project team
  • An agreed-to change management process
  • Project plan covering the overall implementation is in place, including next steps and retrospectives

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostic and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

The three phases of guided implementation.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889 Activities and deliverables for each module of the workshop. Module 1: understanding the project, Module 2: Set up for success, Modeule 3: Document your plan, and Post Workshop: Next steps and Wrap-up(offsite).

Phase 1

Understand the project

3 phases, phase 1 is highlighted.

This phase will walk you through the following activities:

1.1 Identify the project sponsor

1.2 Identify project stakeholders

1.3 Review project vision and guiding principles

1.4 Review project objectives

1.5 Establish project governance

This phase involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Step 1.1

Identify the project sponsor

Activities

1.1.1 Define the project sponsor's responsibilities

1.1.2 Shortlist potential sponsors

1.1.3 Select the project sponsor

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Selected sponsor.

Sponsor commitment directly improves project success.

Having the right sponsor significantly improves your chances of success across many different dimensions:

  1. On-time delivery
  2. Delivering within budget
  3. Delivered within an agreed-to scope
  4. Delivered with sufficient quality.

Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

Source: Info-Tech, PPM Current State Scorecard Diagnostic

Typical project sponsor responsibilities

  • Help define the business goals of their projects before they start.
  • Provide guidance and support to the project manager and the project team throughout the project management lifecycle.
  • Ensure that sufficient financial resources are available for their projects.
  • Resolve problems and issues that require authority beyond that of the project manager.
  • Ensure that the business objectives of their projects are achieved and communicated.

For further discussion on sponsor responsibilities, use Info-Tech’s blueprint, Drive Business Value With a Right-Sized Project Gating Process

Portrait of head with multiple layers representing the responsibilities of a sponsor. From top down: Define business goals, provide guidance, ensure human ad financial resources, resolve problems and issues.

1.1.1 Define the project sponsor’s responsibilities

0.5-1 hour

  1. Discuss the minimum requirements for a sponsor at your organization.
  2. As a group, brainstorm the criteria necessary for an individual to be a project sponsor:
    1. Is there a limit to the number of projects they can sponsor at one time?
    2. Is there a minimum number of hours they must be available to the project team?
    3. Do they have to be at a certain seniority level in the organization?
    4. What is their role at each stage of the project lifecycle?
  3. Document these criteria on a whiteboard.
  4. Record the sponsor’s responsibilities in section 1.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • Requirements for a sponsor
  • Your responsibilities as a sponsor

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

1.1.1 Define the project sponsor’s responsibilities (Continued)

Example

Project sponsor responsibilities.

1.1.2 Shortlist potential sponsors

0.5-1 hour

  1. Based on the responsibilities defined in Exercise 1.1.1, produce a list of the potential sponsors.
  2. Record the sponsor’s shortlist in section 1.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • Characteristics of a sponsor
  • Your list of candidates

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

1.1.2 Shortlist potential sponsors (Continued)

Example

Shortlist of potential sponsors. 6 names listed with checkmarks on criteria ranking.

Don’t forget, the project team is there to support the sponsor

Given the burden of the sponsor role, the project team is committed to doing their best to facilitate a successful outcome.

Project Success: Follow best practices, escalate issues, stay focused, communicate, adapt to change.

  • Follow the framework set out by the governance group at the organization to drive efficiency on the project.
  • Ensure stakeholders with proper authority are notified of issues that occur during the project.
  • Stay focused on the project tasks to drive quality on the deliverables and avoid rework after the project.
  • Communicate within the project team to drive coordination of tasks, complete deliverables, and avoid resource waste.
  • Changes are more common than not; the team must be prepared to adjust plans and stay agile to adapt to changes for the project.

Seek the key characteristics of a sponsor

Man walking up stairs denoting characteristics of a good sponsor. First step: Leader, second step: Strong Communicator, third step: knowledgeable, fourth step: problem solver, fifth step: delegator, final step: dedicated.

1.1.3 Select the project sponsor

0.5-1 hour

  1. Review the characteristics and the list of potential candidates.
  2. Assess availability, suitability, and desire of the selected sponsor.
  3. Record the selected sponsor in section 1.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • List of candidates
  • Characteristics of a sponsor
  • Your selected sponsor

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

1.1.3 Select the project sponsor (Continued)

Example

Name of example sponsor with their key traits listed.

Step 1.2

Identify the project stakeholders

Activities

1.2.1 Identify your stakeholders

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Stakeholders’ management plan

How to find the right stakeholders

Start with the obvious candidates, but keep an open mind.

How to find stakeholders

  • Talk to your stakeholders and ask who else you should be talking to, to discover additional stakeholders and ensure you don’t miss anyone.
  • Less obvious stakeholders can be found by conducting various types of trace analysis, i.e. following various paths flowing from your initiative through to the path’s logical conclusion.

Create a stakeholder network map for your application implementation

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Stakeholder network map showing direction of professional influence as well as bidirectional, informal influence relationships.

Info-Tech Insight

Your stakeholder map defines the influence landscape your enterprise application operates in. It is every bit as important as the teams who enhance, support, and operate your applications directly.

Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have substantial informal relationships with your stakeholders.

Understand how to navigate the complex web of stakeholders

Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

Graph showing influence vs. interest, divided into 4 quadrants. Low influence and intersest is labeled: Monitor, low influence and high interest is labeled: Keep informed, High influence and low interest is labeled: Keep satisfied, and high influence and high interest is labeled: Involve closely

Large-scale projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

Map the organization’s stakeholders

List of various stakeholder titles. As well as a graph showing the influence vs involvement of each stakeholder title. Influence and interest is divided into 4 quadrants: Monitor, Keep informed, keep satisfied, and involve closely.

1.2.1 Identify your stakeholders

1-2 hours

  1. As a group, identify all the project stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
  2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project
  3. Identify stakeholders and add them to the list.
  4. Record the stakeholders list in section 1.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.
  5. Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Types of stakeholders
    • Your stakeholders initial list

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

1.2.1 Identify your stakeholders(Continued)

Example

Table with rows of stakeholders: Customer, End Users, IT, Vendor and other listed. Columns provide: description, examples, value and involvement level of each stakeholder.

Step 1.3

Review project vision and guiding principles

Activities

1.3.1 Align on a project vision

1.3.2 List your guiding principles

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Project vision and guiding principles

Vision and guiding principles

GUIDING PRINCIPLES

Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

Creating Guiding Principles

Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

EXAMPLES
  • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
  • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
  • [Organization] is aiming at taking advantage of industry best practices and strives to minimize the level of customization required in solution.

Questions to Ask

  1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
  2. What are your overarching requirements for business processes?
  3. What do you ultimately want to achieve?
  4. What is a statement that will ensure all stakeholders are on the same page for the project?

1.3.1 Align on a project vision

1-2 hours

  1. As a group, discuss whether you want to create a separate project vision statement or restate your corporate vision and/or goals.
    1. A project vision statement will provide project-guiding principles, encompass the project objectives, and give a rationale for the project.
    2. Using the corporate vision/goals will remind the business and IT that the project is to implement an enterprise application that supports and enhances the organizational objectives.
  2. Record the project vision in section 1.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • Project vision statement defined during strategy building
  • Your project vision

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

1.3.1 Align on a project vision (Continued)

Example

Project Vision

We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real-time data-driven decisions, increased employee productivity, and IT investment protection.

Guiding principles examples

The guiding principles will help guide your decision-making process. These can be adjusted to align with your internal language.

  • Support business agility: A flexible and adaptable integrated business system providing a seamless user experience.
  • Use best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
  • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
  • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
  • Strive for "one source of truth": Unify data model and integrate processes where possible. Assess integration needs carefully.

1.3.2 List your guiding principles

1-2 hours

  1. Start with the guiding principles defined during the strategy building.
  2. Review each of the sample guiding principles provided and ask the following questions:
    1. Do we agree with the statement?
    2. Is this statement framed in the language we use internally? Does everyone agree on the meaning of the statement?
    3. Will this statement help guide our decision-making process?
  3. Record the guiding principles in section 1.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • Guiding principles defined during strategy building
  • Your guiding principles

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

1.3.2 List your guiding principles (Continued)

Example

Guiding principals: Support business agility, use best practices, automate, stay focused, strive for `one source truth`.

Step 1.4

Review project objectives

Activities

1.4.1 Confirm your goals and objectives for the implementation project

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

The objectives of the implementation project

Review the elements of the project charter

Leverage completed deliverables to get project managers started down the path of success.

Deliverables of project chaters for PMs. Project purpose, scope, logistics and sign-off.

1.4.1 List your guiding principles

1-2 hours

  1. Articulate the high-level objectives of the project. (What are the goals of the project?)
  2. Elicit the business benefits the sponsor is committed to achieving. (What are the business benefits of the project?)
  3. Record Project goals and objectives in section 1.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • Your BizDevOps objectives and metrics
  • Understanding of various collaboration methods, such as Scrum, Kanban, and Scrumban
  • Your chosen collaboration method

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

1.4.1 Confirm your goals and objectives for the implementation project (Continued)

Example:

Project Objectives: End-user visibility, New business development, employee experience. Business Benefits for each objective listed.

Step 1.5

Establish project governance

Activities

1.5.1 Define the project governance structure

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Approach to build an effective project governance

1.5.1 List your guiding principles

0.5-1 hour

  1. Identify the IT governance structure in place today and document the high-level function of each body (councils, steering committees, review boards, centers of excellence, etc.).
  2. Identify and document the existing enterprise applications governance structure, roles, and responsibilities (if any exist).
  3. Identify gaps and document the desired enterprise applications governance structure, roles, and responsibilities.
  4. Record the project governance structure in section 1.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • IT governance structure
  • Your project governance structure

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Governance is NOT management

Three levels of governance: Team Level, Steering Committee Level, and Executive Governance Level.

Info-Tech Insight

You won’t get engagement unless there is a sense of accountability. Do not leave this vague. Accountability needs to be assigned to specific individuals in your organization to ensure the system development achieves what was intended by your organization and not what your system integrator (SI) intended.

Who is accountable?

Too many assumptions are made that the SI is accountable for all implementation activities and deliverables – this is simply untrue. All activities can be better planned for, and misunderstandings can be avoided, with a clear line of sight on roles and responsibilities and the documentation that will support these assumptions.

Discuss, define, and document roles and responsibilities:
  • For each role (e.g. executive sponsor, delivery manager, test lead, conversion lead), clearly articulate the responsibilities of the role, who is accountable for fulfillment, and whether it’s a client role, SI role, or both.
  • Articulate the purpose of each deliverable clearly, define which individual or team has responsibility for it, and document who is expected to contribute.
  • Empower the team by granting them the authority to make decisions. Ease their reluctance to think outside the box for fear of stakeholder or user backlash.
  • The implementation cannot and will not be transformative if the wrong people are involved or if the right people have not been given the tools required to succeed in their role.

1.5.2 List your guiding principles

0.5-1 hour

  1. Assess the skills necessary for an enterprise implementation. Inventory the competencies required for an enterprise implementation team. Map your internal resources to each competency as applicable.
  2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
  3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline, integration environment complexity, and cost constraints as you make your resourcing plan.
  4. Record governance team roles and responsibilities in 1.9 section of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • Available resources (internal, external, contract)
  • Your governance structure roles and responsibilities

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

1.5.2 Define governance team roles and responsibilities (Continued)

Example

Governance team roles and their responsibilities.

Phase 2

Set up for success

3 phases, phase 2 is highlighted.

This phase will walk you through the following activities:

2.1. Review project scope

2.2. Define project metrics

2.3. Prepare for project risks

2.4. Identify the project team

2.5. Define your change management process

This phase involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Step 2.1

Review project scope

Activities

2.1.1 Gather and review requirements

2.1.2 Confirm your scope for implementation

2.1.3 Formulate a scope statement

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

The project scope

Requirements are key to defining scope

Project scope management includes the processes required to ensure that the project includes all and only the work required to complete the project successfully. Therefore, managing project scope is about defining and controlling what is and is not included in the project.

PMBOK defines requirements as “conditions or capabilities that are to be met by the project or present in the product, service, or result to satisfy an agreement or other formally imposed specification.” Detailed requirements should be gathered and elicited in order to provide the basis for defining the project scope.

70% of projects fail due to poor requirements, organizations using poor practices spent 62% more, 4th highest correlation to high IT performance is requirements gathering.

Well-executed requirements gathering results in:

  • Consistent approach from project to project, resulting in more predictable outcomes.
  • Solutions that meet the business need on the surface and under the hood.
  • Reduce risk for fast-tracked projects by establishing a right-sized approach.
  • Requirements team that can drive process improvement and improved execution.
  • Confidence when exploring solution alternatives.

Poorly executed requirements gathering results in:

  • IT receiving the blame for any project shortcomings or failures.
  • Business needs getting lost in the translation between the initial request and final output.
  • Inadequate solutions or cost overruns and dissatisfaction with IT.
  • IT losing its credibility as stakeholders do not see the value and work around the process.
  • Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget.
  • Inconsistent project execution, leading to inconsistent outcomes.

Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

High stakeholder satisfaction with requirements results in higher satisfaction in other areas.

Note: “High satisfaction” was classified as a score greater or equal to eight, and “low satisfaction” was every organization that scored below eight on the same questions.

2.1.1 Gather and review requirements

1-2 hours

  1. Once existing documentation has been gathered, evaluate the effectiveness of the documentation and decide whether you need additional information to proceed to current-state mapping.
  2. The initiative team should avoid spending too much time on the discovery phase, as the goal of discovery is to obtain enough information to produce a level-one current-state map.
  3. Consider reviewing capabilities, business processes, current applications, integration, and data migration.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • Your requirements, capabilities, business processes, current applications, integration, and/or data migration
  • Your requirements, capabilities, business processes, current applications, integration, and/or data migration revisited

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.1.1 Requirements list

Example

Requirements with description, category and priority.

2.1.2 Confirm your scope for implementation

1-2 hours

  1. Based on the requirements, write down features of the product or services, as well as dependencies with other interfaces.
  2. Write down exclusions to guard against scope creep.
  3. Validate the scope by asking these questions:
    1. Will this scope provide a common understanding for all stakeholders, including those outside of IT, as to what the project will accomplish and what it excludes?
    2. Should any detail be added to prevent scope creep later?
  4. Record the project scope in section 2.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook

Input

Output

  • What’s in scope
  • What’s out of scope
  • What needs to integrate
  • Your scope areas

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.1.2 Scope detail

Example

Example of scope detail. Table with scope levels: In scope, out of scope and existing scope. Each scope level has details about it listed.

Distill your requirements into a scope statement

Requirements are about the what and the how.
Scope specifies the features of the product or service – what is in and what is out
Table showing Requirement document vs. Scope statement. It lists the audience, content, inputs and outputs for each.

The Build Your Enterprise Application Implementation Playbook 2.2 Project Scope Statement includes:

  • Scope description (features, how it interfaces with other solution components, dependencies).
  • Exclusions (what is not part of scope).
  • Deliverables (product outputs, documentation).
  • Acceptance criteria (what metrics must be satisfied for the deliverable to be accepted).
  • Final sign-off (owner).
  • Project exclusions (scope item, details).

The scope statement should communicate the breadth of the project

To assist in forming your scope statement, answer the following questions:
  • What are the major coverage points?
  • Who will be using the systems?
  • How will different users interact with the systems?
  • What are the objectives that need to be addressed?
  • Where do we start?
  • Where do we draw the line?

2.1.3 Formulate a scope statement

1-2 hours

  1. Lay out the scope description (features, how it interfaces with other solution components, dependencies).
  2. Record the exclusions (what is not part of scope).
  3. Fill out the scope statement.
  4. Record the scope statement in section 2.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook.

Input

Output

  • Your scope areas
  • Your scope statement

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Scope statement template
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.1.3 Scope statement

Example

Examples of scope statements showing the following: Product or service in scope, project deliverables and acceptance criteria, and project exclusions.

Step 2.2

Review project scope

Activities

2.2.1 Define metrics for your project

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

The project metrics

Building leading indicators

Lagging KPIs are relatively simple to identify, whereas leading KPIs can be more elusive.

For example, take the lagging KPI “Customer Satisfaction.” How do you turn that into a leading KPI? One method is to look at sources of customer complaints. In a retail sales system, backordered items will negatively impact customer satisfaction. As a leading indicator, track the number of orders with backordered lines and the percentage of the total order that was backordered.

Performance Metrics

Use leading and lagging metrics, as well as benchmarks, to track the progress of your system.

Leading KPIs: Input-oriented measures:

  • Number of active users in the system.
  • Time-to-completion for processes that previously experienced efficiency pain points.

Lagging KPIs: Output-oriented measures:

  • Faster production times.
  • Increased customer satisfaction scores

Benchmarks: A standard to measure performance against:

  • Number of days to ramp up new users.

Info-Tech Insight

Leading indicators make the news; lagging indicators report on the news. Focusing on leading indicators allows you to address challenges before they become large problems with only expensive solutions.

2.2.1 Define metrics for your project

1-2 hours

  1. Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
  2. Look at historical trends and figures when available. However, be careful of frequent anomalies, as these may indicate a root cause that needs to be addressed.
  3. Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
  4. Record the Project Metrics in section 2.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook.

Input

Output

  • Outputs of any feedback mechanism
  • Historical trends
  • Your project tracking metrics

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.2.1 Metrics

In addition to delivery metrics and system performance metrics, equip the business with process-based metrics to continuously prove the value of the enterprise software. Review the examples below as a starting point.

Table showing metrics and desciption. Metrics listed are: Percent of requirements complete, issues found, issues resolved, and percent of processess complete.

Step 2.3

Prepare for project risks

Activities

2.3.1 Build a risk event menu

2.3.2 Determine contextual risks

2.3.3 Determine process risks

2.3.4 Determine business risks

2.3.5 Determine change risks

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Steps to create your product canvas and product vision statement

All risks are not created equal

Project Risk consists of: Contextual risk, process risk, change risk and business risk.

For more information on Info-Tech’s Four-Pillar Risk Framework, please see Right-Size Your Project Risk Investment.

Info-Tech’s Four-Pillar Risk Framework

Unusual risks should be detected by finding out how each project is different from the norm. Use this framework to start this process by confronting the risks that are more easily anticipated.

2.3.1 Build a risk event menu

0.5-1 hour

  1. Build and maintain an active menu of potential risk events across the four risk categories.
  2. Record the risk event menu in section 2.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook.

Input

Output

  • Risk events
  • Your risk events menu

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.3.1 Risk event menu

Example

Risk event menu example. A table with: Contextual Risk, process risk, business risk, change risk events with examples for each.

2.3.2 Determine contextual risks

0.5-1 hour

  1. Contextual risk factors are those that operate within the context of your department, organization, and/or community.
  2. Fill out contextual risks.
  3. Record the contextual risks in section 2.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your risk events menu
  • Your list of people involved in risk management
  • Your contextual risks

Materials

Participants

  • Project Risk Management Workbook
  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.3.2 Contextual risks

Example

two tables for Contextual risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

2.3.3 Determine process risks

0.5-1 hour

  1. Process risks are those that involve project sponsorship, project management, business and functional requirements, work assignment, communication, and/or visibility.
  2. Fill out process risks.
  3. Record the process risks in section 2.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your risk events menu
  • Your list of people involved in risk management
  • Your process risks

Materials

Participants

  • Project Risk Management Workbook
  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.3.3 Process risks

Example

two tables for Process risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

2.3.4 Determine business risks

0.5-1 hour

  1. Business risks are those that affect the bottom line of the organization. They usually have implications on revenue, costs, and/or image.
  2. Fill out business risks.
  3. Record the business risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your risk events menu
  • Your list of people involved in risk management
  • Your business risks

Materials

Participants

  • Project Risk Management Workbook
  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.3.4 Business risks

Example

two tables for Business risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

2.3.5 Determine change risks

0.5-1 hour

  1. Change risks are those that result from imposing changes on the people and customers of the organization and their daily routines.
  2. Fill change risks.
  3. Record the change risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download Your Enterprise Application Implementation Playbook.

Input

Output

  • Your risk events menu
  • Your list of people involved in risk management
  • Your business risks

Materials

Participants

  • Project Risk Management Workbook
  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.3.5 Change risks

Example

two tables for Change risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

Step 2.4

Identify the project team

Activities

2.4.1 Establish team composition

2.4.2 Identify the team

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Steps to get your project team ready

Understand the unique external resource considerations for the implementation

Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

The most common project resourcing structures for enterprise projects are:

  1. Management consultant
  2. Vendor consultant
  3. System integrator

When contemplating a resourcing structure, consider:

  • Availability of in-house implementation competencies and resources.
  • Timeline and cost constraints.
  • Integration environment complexity.

CONSIDER THE FOLLOWING

Internal Vs. External Roles and Responsibilities

Clearly delineate between internal and external team responsibilities and accountabilities and communicate this to your technology partner upfront.

Internal Vs. External Accountabilities

Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

Partner Implementation Methodologies

Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner’s implementation methodology; however, you know what will work for your organization.

Info-Tech Insight

Selecting a partner is not just about capabilities, it’s about compatibility! Ensure you select a partner that has a culture compatible with your own.

2.4.1 Establish team composition

0.5-1 hour

  1. Assess the skills necessary for an enterprise implementation.
  2. Select your internal implementation team.
  3. Identify the number of external consultants/support required for implementation.
  4. Document the roles and responsibilities, accountabilities, and other expectations as they relate to each step of the implementation.
  5. Record the team composition in section 2.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • List of project team skills
  • Your team composition
  • Your business risks

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.4.1 Team composition

Example

Team composition: Role of each team member, and their skills.

2.4.2 Identify the team

0.5-1 hour

  1. Identify a candidate for each role and determine their responsibility in the project and their expected time commitment.
  2. The project will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
  3. Create a RACI matrix for the project.
  4. Record the team list in section 2.10 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your team composition
  • Your team with responsibilities and commitment

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.4.2 Team list

Example

Team list: Role of each team member, candidate, responsibilities, and their commitment in hours per week.

RACI example

RACI example. Responsibilities and team member roles that are tasked with each responsibility.

Step 2.5

Define your change management process

Activities

2.5.1 Define OCM structure and resources

2.5.2 Define OCM team’s roles and responsibilities

2.5.3 Define requirements for training

2.5.4 Create a communications plan for stakeholder groups, and delivery teams

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

A structure and procedures for an effective organizational change management

Define your change management process to improve quality and adoption

Organizational change management is the practice through which the PMO can improve user adoption rates and maximize project benefits.

Correlation of change management effectiveness with meeting results.

“It’s one thing to provide a new technology tool to your end users.

It’s quite another to get them to use the tool, and still different for them to use the new tool proficiently.

When your end users fully use a new technology and make it part of their daily work habits, they have ‘adopted’ the new tool.”

– “End-User Adoption and Change Management Process” (2022)

Large projects require organizational change management

Organizational change management (OCM) governs the introduction of new business processes and technologies to ensure stakeholder adoption. The purpose of OCM is to prepare the business to accept the change.

OCM is a separate body of knowledge. However, as a practice, it is inseparable from project management.

In IT, project planning tends to fixate on technology, and it underestimates the behavioral and cultural factors that inhibit user adoption. Whether change is project-specific or continuous, it’s more important to instill the desire to change than to apply specific tools and techniques.

Accountability for instilling this desire should start with the project sponsor. The project manager should support this with effective stakeholder and communication management plans.

16% of projects with poor change management met or exceeded objectives. 71% of projects with excellent change management finish on or ahead of schedule. 67% of organizations include project change management in their initiatives.

For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

Your application implementation will be best served by centralizing OCM

A centralized approach to OCM is most effective, and the PMO is already a centralized project office and is already accountable for project outcomes.

What’s more, in organizations where accountabilities for OCM are not explicitly defined, the PMO will likely already be assumed to be the default change leader by the wider organization.

It makes sense for the PMO to accept this accountability – in the short term at least – and claim the benefits that will come from coordinating and consistently driving successful project outcomes.

In the long term, OCM leadership will help the PMO become a strategic partner with the executive layer and the business side.

Short-term gains made by the PMO can be used to spark dialogues with those who authorize project spending and have the implicit fiduciary obligation to drive project benefits.

Ultimately, it’s their job to explicitly transfer that obligation along with the commensurate resourcing and authority for OCM activities.

Organizational resistance to change is cited as the #1 challenge to project success that PMOs face. Companies with mature PMOs that effectively manage change meet expectations 90% of the time.

For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

2.5.1 Define OCM structure and resources

0.5-1 hour

  1. Assess the roles and resources that might be needed to help support these OCM efforts.
  2. Record the OCM structure in section 2.11 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your project objectives
  • Your OCM structure and resources

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.5.1 OCM structure and resources

Example

OCM structure example. Table showing OCM activity and resources available to support.

2.5.2 Define OCM team’s roles and responsibilities

0.5-1 hour

  1. Assess the tasks required for the team.
  2. Determine roles and responsibilities.
  3. Record the results in the RACI matrix in section 2.13 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your communications timeline
  • Your OCM structure and resources
  • Your OCM plan and RACI matrix

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

OCM team’s roles and responsibilities

Example

Responsibilities for OCM team members.

2.5.3 Define requirements for training

0.5-1 hour

  1. Analyze HR requirements to ensure efficient use of HR and project stakeholder time.
  2. Outline appropriate HR and training activities.
  3. Define training content and make key logistical decisions concerning training delivery for staff and users.
  4. Record training requirements in section 2.14 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your OCM Plan and RACI matrix
  • Your HR training needs

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

2.5.3 Training requirements

Example

Training requirements example: Project milestones, milestone time frame, hr/training activities, activity timing, and notes.

Project communication plans must address creation, flow, deposition, and security of project information

A good communication management plan is like the oil that keeps moving parts going. Ensuring smooth information flow is a fundamental aspect of project management.

Project communication management is more than keeping track of stakeholder requirements. A communication management plan must address timely and appropriate creation, flow, and deposition of information about the project – as well as the security of the information.

Create:

  • In addition to standardized status reporting elements discussed for level 1 projects, level 2 and 3 projects may require additional information to be disseminated among key stakeholders and the PMO.

Flow:

  • The plan must address the methods of communication. Distributed project teams require more careful planning, as they pose additional communication challenges.

Deposit:

  • As the volume of information continues to grow exponentially, retrieving information becomes a challenge. The plan for depositing project information must be consistent with your organization’s content management policies.

Security:

  • Preventing unauthorized access and information leaks is important for projectsthat are intended to provide the organization with a competitive edge or for projects that deal with confidential data.
45% of organizations had established mature communications and engagement processes.

2.5.4 Create a communications timeline

0.5-1 hour

  1. Base your change communications on your organization’s cultural appetite for change in general.
  2. Document communications plan requirements.
  3. Create a high-level communications timeline.
  4. Tailor a communications strategy for each stakeholder group.
  5. Record the communications timeline in section 2.12 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your OCM structure and resources
  • Your project objectives
  • Your project scope
  • Your stakeholders’ management plan
  • Your communications timeline

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Example of communications timeline

Project sponsors are the most compelling storytellers to communicate the change

Example of project communications timeline. Planning, requirements, design, development, QA, deployment, warranty, and benefits/closure.

Info-Tech Insight

Communication with stakeholders and sponsors is not a single event, but a continual process throughout the lifecycle of the project implementation – and beyond!

Phase 3

Document your plan

3 phases, phase 3 is highlighted.

This phase will walk you through the following activities:

3.1 Develop a master project plan

3.2. Define a follow-up plan

3.3. Define the follow-up process

3.4. Understand what’s next

This phase involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Step 3.1

Develop a master project plan

Activities

3.1.1 Define your implementation steps

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Steps to create your resourcing and master plans

Resources Vs. Demand

Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

Project demand: Data classification, cloud strategy, application rationalization, recovery planning etc. must be weighted against the organizations internal staffing resources.

Competing priorities

Example

Table for competing priorities: List of projects, their timeline, priority notes, and their implications.

3.1.1 Define your implementation steps

0.5-1 hour

  1. Write each phase of the project on a separate sticky note and add it to the whiteboard. Determine what steps make up each phase. Write each step of the phase on a separate sticky note and add it to the whiteboard.
  2. Determine what tasks make up each step. Write each task of the step on a separate sticky note and add it to the whiteboard.
  3. Record the tasks in the Your Enterprise Application Implementation Playbook – Timeline tool. This tool has an example of a typical list of tasks, to help you start your master plan. Use the timeline for project planning and progress tracking.
  4. Record your project’s basic data and work schedule.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Project's work breakdown structure
  • Your project master plan

Materials

Participants

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Implementation plan – basic data

Record your project name, project manager, and stakeholders from previous exercises.

Example project information form: Project name, estimated start date, estimated end date, project manager, stakeholders, and time off of project.

Implementation plan – work schedule

Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

“Actual Start Date” and “Actual Completion Date” columns must be updated to be reflected in the Gantt chart.

This information will also be captured as the source for session 3.2.1 dashboards.

Step 3.2

Define a follow up plan

Activities

3.2.1 Create templates to enable follow-up throughout the project

3.2.2 Decide on the tracking tools to help during your implementation

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Steps to create the processes and define the tools to track progress

Leveraging dashboards

Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

For further information on monitoring the project, use Info-Tech’s blueprint, Governance and Management of Enterprise Software Implementation

Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

3.2.1 Create templates to enable follow-up throughout the project

0.5-1 hour

  1. Create status report, dashboards/charts, budget control, risk/issues/gaps templates, and change request forms.
  2. Build a dashboard that reflects the leading metrics you have identified.
  3. Call out requirements that represent key milestones in the implementation.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your projects master plan
  • Your project follow-up kit

Materials

Participants

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Dashboards

Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress

Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress.

This executive overview of the project's progress is meant to be used during the status meeting.

Select the right tools

Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

SoftwareReviews, Requirements Management, 2023

SoftwareReviews, Project Management, 2023

SoftwareReviews, Business Intelligence & Analytics, 2023

3.2.2 Decide on the tracking tools to help during your implementation

0.5-1 hour

  1. Based on the standards within your organization, select the appropriate project tracking tools to help you track the implementation project.
  2. If you do not have any tools or wish to change them, please see leverage Info-Tech’s SoftwareReviews to help you in making your decision.
  3. Consider tooling across a number of different categories:
    1. Requirements Management
    2. Project Management
    3. Reporting and Analytics
  4. Record the project tracking tools in section 3.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your project follow-up kit
  • Your project follow-up kit tools

Materials

Participants

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Example: project tools

Table listing project tools by type, use, and products available.

Step 3.3

Define a follow-up process

Activities

3.3.1 Define project progress communication

3.3.2 Create a change request process

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Steps to create your follow-up process

Project status updates should occur throughout the implementation

Project status updates can be both formal and informal. Formal status updates provide a standardized means of disseminating information on project progress. It is the lifeblood of project management: Accurate and up-to-date status reporting enables your project manager to ensure that your project can continue to use the resources needed.

Informal status updates are done over coffee with key stakeholders to address their concerns and discuss key outcomes they want to see. Informal status updates help to build a more personal relationship.

Ask for feedback during the status update meetings. Use the meeting as an opportunity to align values, goals, and incentives.

Codify the following considerations:

  • Minimum requirement for a formal status update:
    • Frequency of reporting, as required by the project portfolio
    • Parties to be consulted and informed
    • Recording, producing, and archiving meeting minutes, both formal and informal
  • Procedure for follow-up on feedback generated from status updates:
    • Filing change requests
    • Keeping the change requester/relevant stakeholders in the loop

3.3.1 Define project progress communication

0.5-1 hour

  1. Provide a standardized means of disseminating information on project progress.
  2. Create an accurate and up-to-date status report to help keep team engaged and leadership supporting the project.
  3. Record the project progress communication in section 3.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your project follow-up process
  • Your project progress communication

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Project progress communication

Example

Example table of project progress communication. Audience, purpose, delivery/format, communicator, delivery date, and status/notes.

Manage project scope changes

  1. Change in project scope is unpredictable and almost inevitable regardless of project size. If changes are not properly managed, the project runs the risk of scope creep and loss of progress. Therefore, changes need to be monitored and controlled.
  2. Scope change can be initiated voluntarily by the project sponsor or other stakeholders, or it could be a mandatory reaction to changing project process.
  3. Scope change may also take place due to internal factors such as a stakeholder requiring more extensive insights or external factors such as changing market conditions.
  4. Scope changes have the potential to affect project outcomes either positively or negatively, depending on how the change is managed and implemented. The project manager should take care to maintain focus on the project’s ultimate objectives; consideration needs to be given as to what to do and what to give up.
  5. If changes arise, project managers should ensure that adequate resources and actions are provided so the project can be completed on time and on budget.
  • The project manager needs to use both hard and soft skills: analytical skills for evaluating and quantifying the impact of potential changes and communication skills for communicating and negotiating with stakeholders.
  • Build trust and credibility by taking an evidence-based approach when presenting changes. This gives you room to respectfully push back on certain changes.
  • Assess changes before crossing them off the list, but don’t be afraid to say no. Greater care must be taken when there is very limited budgetary freedom or when scope changes will interfere with the critical path.
  • All change requests must be received by the project manager first so they can make sure that IT project resources are not approached with multiple ad hoc change requests.

Document your process to manage project change requests

1 Initial assessment

Using the scope statement as the reference point:

  • Why do we need the change?
  • Is the change necessary?
  • What is the business value that the change brings to the project?

Recommend alternative solutions that are easier to implement while consulting the requester.

2 Minor change

If the change has been classified as minor, the project manager and the project team can tackle it directly, since it doesn’t affect project budget or schedule in a significant way. Ensure that the change is documented.

3 conduct an in-depth assessment

The project manager should bring major changes to the attention of the project sponsor and carry out a detailed assessment of the change and its impact.

Additional time and resources are required to do the in-depth assessment because the impact on the project can be complex and affect requirements, resources, budget, and schedule.

4 Obtain approval from the governing body

Present the results to the governing body. Since a major change significantly affects the project baseline beyond the authorized contingency, it is the responsibility of the governing body to either approve the change with allocation of additional resources or reject the change and maintain course.

Flow chart to document your process to manage project change requests.

For further discussion on change requests, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind

3.3.2 Create a change request process

0.5-1 hour

  1. Identify any existing processes that you have for addressing changes for projects.
  2. Discuss whether or not the current change request process will suit the project at hand.
  3. Define the agreed-to change request process that fits your organization’s culture.
  4. For a change request template, you can leverage, refer to section 3.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.
  5. Make any changes to the template as necessary.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your project scope
  • Your change request

Materials

Participants

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

3.3.2 Create a change request process (Continued)

Example of a change request process form.

Step 3.4

Understand what's next

Activities

3.4.1 Run a “lessons learned” session for continuous improvement

3.4.2 Prepare a closure document for sign-off

3.4.3 Document optimization and future release opportunities

This step involves the following participants:

  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Outcomes of this step

Lessons learned throughout the project-guiding

Good project planning is key to smooth project closing

Begin with the end in mind. Without a clear scope statement and criteria for acceptance, it’s anyone’s guess when or how a project will end.

During the closing process, the project manager should use planning and execution documents, such as the project charter and the scope statement, to assess project completeness and obtain sign-off based on the acceptance criteria.

Project completion criteria should be clearly defined. For example, the project is defined as finished when costs are in, vendor receipts are received, financials are reviewed and approved, etc.

However, there are other steps to be taken after completing the project deliverables. These activities include:

  • Transferring project knowledge and operations to support
  • Completing user training
  • Obtaining business sign-off and acceptance
  • Releasing resources
  • Conducting post-mortem meeting
  • Archiving project assets

The project manager needs to complete all project management processes, including:

  • Risk management (close out risk assessment and action plan)
  • Quality management (test the final deliverables against acceptance criteria)
  • Stakeholder management (decision log, close out issues, plan and assign owners for resolutions of open issues)
  • Project team management (performance evaluation for team members as well as the project manager)

3.4.1 Define the process for lessons learned

0.5-1 hour

  1. Determine the reporting frequency for lessons learned.
  2. Consider attributing lessons learned to project phases.
  3. Coordinate lessons learned check-ins with project milestones to review and reflect.
  4. At each reporting session, the project team should identify challenges and successes informally.
  5. The PM and the PMO should transform the reports from each team member into formalized lessons.
  6. Record lessons learned for each project in section 3.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your project's lessons learned

Materials

Participants

  • Project Lessons Learned Template
  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Lessons learned

Example

Form: Project successes, notes, areas of imporvement, impact, solution.

Watch for these potential problems with project closure

Don’t leave the door open for stakeholder dissatisfaction. Properly close out your projects.

Potential problems with project closure.

For further information on project closure issues, use Info-Tech’s blueprint, Get Started With Project Management Excellence.

3.4.2 Prepare a closure document for sign-off

0.5-1 hour

  1. Create a realistic closure and transition process that gains sign-off from the sponsor.
  2. Prepare a project closure checklist.
  3. Transfer accountability to operations, release project resources, and avoid disrupting other projects that are trying to get started.
  4. Record the project closure document in section 3.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your project objectives
  • Your project scope
  • Your project's closure checklist

Materials

Participants

  • Project closure checklist Template
  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Closure checklist

Project closure checklist. project management checklist, deliverables, goals, benefits, outstanding action items and issues, handover of technical documents, knowledge transfer, sign-off.

For further information on closure procedures, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind.

3.4.3 Document optimization and future release opportunities

0.5-1 hour

Consider the future opportunities for improvement post-release:

  1. Product and vendor satisfaction opportunities
  2. Capability and feature optimization opportunities
  3. Process optimization opportunities
  4. Integration optimization opportunities
  5. Data optimization opportunities
  6. Cost-saving opportunities
  7. Record optimization and future release opportunities in section 3.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

Download

Your Enterprise Application Implementation Playbook.

Input

Output

  • Your project objectives
  • Your project scope
  • Your optimization opportunities list

Materials

Participants

  • Whiteboard/flip charts
  • Your Enterprise Application Implementation Playbook.
  • Project team
  • Operations
  • SMEs
  • Team lead and facilitators
  • IT leaders

Optimization opportunities

Example

Optimization types and opportunities.

Related Info-Tech Research

Build upon your foundations

Build an ERP Strategy and Roadmap

  • A business-led, top-management-supported initiative partnered with IT has the greatest chance of success. This blueprint provides business and IT the methodology for getting the right level of detail for the business processes that the ERP supports thus avoiding getting lost in the details.

Governance and Management of Enterprise Software Implementation

  • Implementing enterprise software is hard. You need a framework that will greatly improve your chance of success. Traditional Waterfall project implementations have a demonstrated a low success rate for on-time, on-budget delivery.

Select and Implement a Human Resource Information System

  • Your organization is in the midst of a selection and implementation process for a human resource information system (HRIS), and there is a need to disambiguate the market and arrive at a shortlist of vendors.

Select and Implement an ERP Solution

  • Selecting and implementing an ERP is one of the most expensive and time-consuming technology transformations an organization can undertake. ERP projects are notorious for time and budget overruns, with only a margin of the anticipated benefits being realized.

Right-Size Your Project Risk Investment

  • Avoid the all-or-nothing mindset; even modest investments in risk will provide a return. Learn from and record current and historical risk events so lessons learned can easily be embedded into future projects. Assign someone to own the risk topic and make it their job to keep a relevant menu of risks.

Related Info-Tech Research

Build upon your foundations

Drive Business Value With a Right-Sized Project Gating Process

  • Many organizations have implemented gating as part of their project management process. So, what separates those who are successful from those who are not? For starters, successful gating requires that each gate is treated as an essential audit. That means there need to be clear roles and responsibilities in the framework.

Master Organizational Change Management Practices

  • Organizational change management (OCM) is often an Achilles’ heel for IT departments and business units, putting projects and programs at risk – especially large, complex, transformational projects.

Get Started With Project Management Excellence

  • Lack of proper scoping at the beginning of the project leads to constant rescoping, rescheduling, and budget overruns.

ERP Requirements Picklist Tool

  • Use this tool to collect ERP requirements in alignment with the major functional areas of ERP. Review the existing set of ERP requirements as a starting point to compiling your organization's requirements.

Begin Your Projects With the End in Mind

  • Stakeholders are dissatisfied with IT’s inability to meet or even provide consistent, accurate estimates. The business’ trust in IT erodes every time a project is late, lost, or unable to start.

Get Started With IT Project Portfolio Management

  • Most companies are struggling to get their project work done. This is due in part to the fact that many prescribed remedies are confusing, disruptive, costly, or ineffective.

Bibliography

7 Shocking Project Management Statistics and Lessons We Should Learn.” TeamGantt, Jan. 2017.

Akrong, Godwin Banafo, et al. "Overcoming the Challenges of Enterprise Resource Planning (ERP): A Systematic Review Approach." IJEIS vol.18, no.1 2022: pp.1-41.

Andriole, S. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

Andriole, Steve. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

Beeson, K. “ERP Implementation Plan (ERP Implementation Process Guide).” ERP Focus, 8 Aug. 2022.

Biel, Justin. “60 Critical ERP Statistics: 2022 Market Trends, Data and Analysis.” Oracle Netsuite, 12 July 2022.

Bloch, Michael, et al. “Delivering Large-Scale IT Projects on Time, on Budget, and on Value.” McKinsey & Company, 2012.

Buverud, Heidi. ERP System Implementation: How Top Managers' Involvement in a Change Project Matters. 2019. Norwegian School of Economics, Ph.D. thesis.

Carlton, R. “Four ERP Implementation Case Studies You Can Learn From.” ERP Focus, 15 July 2015.

Gopinath, S. Project Management in the Emerging World of Disruption. PMI India Research and Academic Conference 2019. Kozhikode Publishers.

Grabis, J. “On-Premise or Cloud Enterprise Application Deployment: Fit-Gap Perspective.” Enterprise Information Systems. Edited by Filipe, J., Śmiałek, M., Brodsky, A., Hammoudi, S. ICEIS, 2019.

Harrin, E. The Definitive Guide to Project Sponsors. RGPM, 13 Dec. 2022.

Jacobs-Long, Ann. “EPMO’s Can Make A Difference In Your Organization.” 9 May 2012.

Kotadia, C. “Challenges Involved in Adapting and Implementing an Enterprise Resource Planning (ERP) Systems.” International Journal of Research and Review vol. 7 no. 12 December 2020: 538-548.

Panorama Consulting Group. "2018 ERP Report." Panorama Consulting Group, 2018. Accessed 12 Oct. 2021.

Panorama Consulting Group. "2021 ERP Report." Panorama Consulting Group, 2021. Accessed 12 Oct. 2021.

PM Solutions. (2014). The State of the PMO 2014.

PMI. Pulse of the Profession. 2017.

Podeswa, H. “The Business Case for Agile Business Analysis.” Requirements Engineering Magazine, 21 Feb. 2017.

Project Delivery Performance in Australia. AIPM and KPMG, 2020.

Prosci. (2020). Prosci 2020 Benchmarking Data from 2007, 2009, 2011, 2013, 2015, 2017, 2019.

Swartz, M. “End User Adoption and Change Management Process.” Swartz Consulting LLC, 11 July 2022.

Trammell, H. “28 Important Project Management KPIs (& How To Track Them).” ClearPoint Strategy, 2022.

“What are Business Requirements?" Requirements.com, 18 Oct. 2018.

“What Is the Role of a Project Sponsor?” Six Sigma Daily, 18 May 2022.

“When Will You Think Differently About Programme Delivery?” 4th Global Portfolio and Programme Management Survey. PricewaterhouseCoopers, Sept. 2014.

Drive Ongoing Adoption With an M365 Center of Excellence

  • Buy Link or Shortcode: {j2store}66|cart{/j2store}
  • member rating overall impact (scale of 10): 9.0/10 Overall Impact
  • member rating average dollars saved: 20 Average Days Saved
  • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • Parent Category Name: End-User Computing Applications
  • Parent Category Link: /end-user-computing-applications

There are roadblocks common to all CoEs: lack of in-house expertise, lack of resources (time, budget, etc.), and employee perception that this is just another burdensome administrative layer. These are exacerbated when building an M365 CoE.

  • Constant vendor-initiated change in M365 means expertise always needs updating.
  • The self-service architecture of M365 is at odds with centralized limits and controls.
  • M365 has a multitude of services that can be adopted across a huge swath of the organization compared to the specific capabilities and limited audience of traditional CoEs.

Our Advice

Critical Insight

The M365 CoE should be somewhat decentralized to avoid an “us versus them” mentality. Having clear KPIs at the center of the program makes it easier to demonstrate improvements and competencies. COMMUNICATE these early successes! They are vital in gaining widespread credibility and momentum.

Impact and Result

Having a clear vision of what you want business outcomes you want your Microsoft 365 CoE to accomplish is key. This vision helps select the core competencies and deliverables of the CoE.

  • Ongoing measurement and reporting of business value generated from M365 adoption.
  • Servant leadership allows the CoE to work closely and deeply with end users, which builds them up to share knowledge with others
  • Focus and clear lines of accountability ensure that everyone involved feels part of the compromise when decisions are to be made.

Drive Ongoing Adoption With an M365 Center of Excellence Research & Tools

Build out your M365 CoE competencies, membership, and roles; create success metrics and build your M365 adoption, then communicate

In this deck we explain why your M365 CoE needs to be distributed and how it should be organized. Using a roadmap will assist you in building competency and maturity through training, certifications, and building governance.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Drive Ongoing Adoption With an M365 Center of Excellence Storyboard
[infographic]

Further reading

Drive Ongoing Adoption With an M365 Center of Excellence

Accelerate business processes change and get more value from your subscription by building and sharing thanks to an effective Centre of Excellence.

CLIENT ADVISORY DECK

Drive Ongoing Adoption With an M365 Centre of Excellence

Accelerate business processes change and get more value from your subscription by building and sharing thanks to an effective Centre of Excellence

Research Team:
John Donovan
John Annand
Principal Research Directors I&O Practice

41 builds released in 2021!
IT can no longer be expected to provide training to all users on all features

  • Traditional classroom training (online and self-paced) is time consuming and overly generic
  • Users tend to hold onto old familiar tools even as new ones roll out
  • Citizen Programming comes with a lot of promise but also the spectre of reliving the era of Access ‘97 databases
  • Seemingly small decisions around configuration have outsized impacts
  • Every enterprises’ journey through adoption is unique

▲20% $ spent in 2021

148% more meetings
66% more users collaborating on documents
40.6B more emails

2021 vs. 2022 Source: Microsoft The Work Trend Index

  • Who needs to be in a CoE? What daily tasks do they undertake?
  • How do you turn artifacts like best practice documents into actual behavioral change?
  • How does CoE differ from governance? And why is it going to be any more successful?
  • How does the CoE evolve over time as enterprises become more mature?

CoE Competencies, Membership and Roles
Communication, Standards Templates
Adoption, and Business Success Metrics

this image depicts the key CoE Competencies: Goals; Controls; Tools; Training; and Support

Using these deliverables, Info-Tech will help you drive consistency in your enterprise collaboration, increase end-user satisfaction in the tools they are provided, optimize your license spending, fill the gaps between implementation of a technology and realization of business value, and empower end-users to innovate in ways that senior leadership had not imagined.

Executive Summary

Insight

User adoption is the primary focus of the efforts in the CoE

User adoption and setting up guardrails in governance are the focuses of the CoE in its early stages. Purging obsolete data from legacy share servers, and exchange, and rationalize legacy applications that are comparable to Microsoft offerings. The primary goal is M365 excellence, but that needs to be primed with a Roadmap, and laying down clear milestones to show progress, along with setting up quick wins to get buy in from the organization.

Breakdown your CoE into distinct areas for improvement

Due to the size and complexity of Microsoft 365, breaking it into clearly defined divisions makes sense. The parts that need to be fragmented into are, Collaboration, Power Apps, Office tools, Learning, Professional Training and Certifications, Governance and Support. Subject Matter experts needs to keep pace with the ever-changing M365 environment with enhancements continuously being rolled out. (There were 41 build releases in 2021 alone! )

Set up your M365 CoE in a decentralized design

Define how your CoE will be set up. It will either be centralized, distributed, or a combination of both. They all have their strengths and weaknesses; however a distributed CoE can ensure there is buy-in from the various departments across the CoE, as they participate in the decision making and therefore the direction the CoE goes. Additionally, it ensures that each segment of the CoE is accountable for the success of the M365 adoption, its usage, and delivering value to the organization.

Summary

Your Challenge

You have purchased Microsoft 365 for your business, and you have determined that you are not realizing the full value and potential of the product, neither adoption nor usage – for example, you have legacy applications that the user base is reluctant to move away from, whether it be Skype, Jabber, or other collaboration tools available to them. You have released Teams to the organization but may have not shown how useful it is and you have not communicated to the business that it is your new collaboration tool, along with SharePoint Online and OneDrive. How do you fix this problem?

Common Obstacles

There are roadblocks common to all CoEs: lack of in-house expertise, lack of resources (time, budget, etc.) and employee perception of just another burdensome administrative layer. These are exacerbated when building an M365 CoE.

  • Constant vendor-initiated change in M365 means expertise always needs updating
  • The self-service architecture of M365 is at odds with centralized limits and controls
  • M365 is a multitude of services, adopted across a huge swath of the organization compared to the specific capabilities and limited audience of traditional CoEs

Info-Tech’s Approach

Having a clear vision of what business outcomes you want your Microsoft 365 CoE to accomplish is key. This vision helps select the core competencies and deliverables of the CoE.

  1. Ongoing measurement and reporting of business value generated from M365 adoption
  2. Servant leadership allows the CoE to work closely and deeply with end-users, which builds them up to share knowledge with others
  3. Focus and clear lines of accountability ensure that everyone involved feels part of the compromise when decisions are to be made

Info-Tech Insight

The M365 CoE should be somewhat decentralized to avoid an “us versus them” mentality. Having clear KPIs at the center of the program makes it easier to demonstrate improvements and competencies. COMMUNICATE these early successes! They are vital in gaining widespread credibility and momentum.

Charter Mandate Authority to Operate

Mission : To accelerate the value that M365 brings to the organization by using the M365 CoE to increase adoption, build competency through training and best practices, and deliver on end user innovation throughout the business.

Vision Statement: To transform the organization’s efficiencies and performance through an optimized world-class M365 CoE by meeting all KPIs set out in the Charter.

Info-Tech Insights

A mission and vision for your M365 CoE are a necessary step to kick the program off. Not aving clear goals and a roadmap to get there will hinder your progress. It may even stall the whole objective if you cannot agree or measure what you are trying to accomplish

  • The scope of the M365 CoE is to build the adoption rate that can meet milestone goals to advance user competency, as well as the maturation of the SMEs in each segment of the CoE leadership and contributors.
  • Maturity will be measured through 100% adoption, specifically around collaboration tools and Office apps across the organization that use M365. Strategic value will be measured by core competencies within the CoE.
  • SMEs are developed and educated with certifications and other training throughout the course of the CoE development to bring “bench strength” to the vision of optimizing a world-class M365 CoE.
  • SMEs will all be certified Microsoft professionals. They will set the standard to be met within the CoE. The SMEs can either be internal candidates or external hires, depending on the current IT department competency.
  • Additional resources required will be tech savvy department leads that understand and can help in the training of staff, who also are willing to spend a certain amount of their work time in coaching colleagues.
  • They will be assisted by the training through the SMEs providing relevant material and various M365 courses both in class and self-paced online learning using M365 VIVA tools.

Charter Metrics

Areas in Scope:

  • Ensure Mission is aligned to the business objectives.
  • Form core team for M365 CoE, including steering committee.
  • Create document for signoff from business sponsors.
  • Build training plans for users, engineers, and admins.
  • Document best practices and build standard templates for organizational uniformity.
  • Build governance charter and priorities, setting up guardrails early to ensure compliance and security.
  • Transition away and retire all legacy on-Prem apps to M365 Cloud apps.
  • Build a RACI model for roles and responsibility.

Info-Tech Insights

If meaningful metrics are set up correctly, the CoE can produce results early in the one- or two-year process, demonstrating business value and increasing production amongst staff and demonstrating SME development.

this image contains example metrics, spread across three phases.

CoE

What are the reason to build an M365 CoE, and what is it expected to deliver?

What It IS NOT

It does not design or build applications, migrate applications, or create migration plans. It does not deploy applications nor does it operate and monitor applications. While a steering committee is a key part of the M365 CoE, its real function is to set the standards to be achieved though metrics that can measure a successful, efficient, and best-in-class M365 operation. It does not set business goals but does align M365 goals to the business drivers. SMEs in the CoE give guidance on M365 best practices and assist in its adoption and users’ competency.

What It IS

M365 CoE means investing in and developing usage growth and adoption while maintaining governance and control. A CoE is designed to drive innovation and improvement, and as a business-wide functional unit, it can break down geographical and organizational silos that utilize their own tools and collaboration platforms. It builds a training and artifacts database of relevant and up-to-date materials.

Why Build It

Benefits that can be realized are:

  • Building efficiencies, delivering quality training and knowledge transfer, and reducing risk from an organized and effective governance.
  • Consistency in document and information management.
  • Reusable templates and blueprints that standardize the business processes.
  • Standardized and communicated business policies around security and best practices.
  • Overcoming the challenges that comes with the titan of a platform that is M365.

Expected Goals and Benefits With Risk

Demonstrated impact for sustainability
Ensuring value is delivered
Ability to escalate to executive branch

The What?

What does the M365 CoE solve?

  • M365 Adoption
  • M365 tools templates
  • SME in tools deployment and delivery
  • Training and education – create artifacts and organize training sessions and certifications
  • Empower users into super users
  • Build analytics around usage, adoption, and ROI from license optimization

And the How?

How does the M365 CoE do it?

  • By defining clear adoption goals and best practices
  • By building a dedicated team with the confidence to improve the user experience
  • By creating a collection of reusable artifacts.
  • By establishing a stable, tested environment ensures users are not hindered in execution of the tools
  • By continuously improving M365 processes

What are the Risks?

  • All goals must be achievable
  • Timeline phases are based on core SME competency of the IT department and the training quality of end users
  • Current state of SMEs in house or hired to execute the mandate of the M365 CoE
  • Business success – if business is struggling to make profits and grow, its usually the CoE that will get chopped – mainly due to layoffs
  • Inability to find SMEs or train SMEs
  • Turnover in CoE due to job function changes or attrition
  • Overload of day-to-day responsibilities preventing SMEs from executing work for the CoE – Need to align SMEs and CoE steering chair to establish and enable shared responsibilities.

Who needs to be in a CoE for M365

Design the CoE – What model to be used?

What are their daily tasks? Is the CoE centralized, decentralized, or a combination?

a flow chart is depicted, starting with the executive steering committee, describing governance 365, and VP applications.

Info-Tech Insights

Due to the size and complexity of Microsoft 365, a decentralized model works best. Each segment of the group could in themselves be a CoE, as in governance, training, or collaboration CoE. Maintaining SME in each group will drive the success of the M365 CoE.

Key Competencies for CoE

  • Build a team of experts in M365 with sub teams in Products.
  • Manage the business processes around M365.
  • Train and optimize technical teams.
  • Share best practices and create a knowledge base.
  • Build processes that are repeatable and self-provisioned.
This image depicts the core Coe Competencies, Strategy; Technology; Governance; and Skills/Capabilities.

CoE for M365

What is the Structure? Is it centralized, decentralized, or combination? What are the pros and cons?

Thought Model

This image depicts a thought model describing CoE for M365.

How does the CoE differ from governance?

Why is it going to be any more successful?

“These problems already exist and haven't been successfully addressed by governance – how is the CoE going to be any different?”

  • Leadership
  • Empower end users
  • Automation of processes
  • Retention policies
  • Governance priorities
  • Risk management
  • Standard procedures
  • Set metrics
  • Self service
  • Training
  • SMEs
  • Automation
  • Innovation

CoE

While M365 governance is an integral part of the M365 CoE, the CoE is a more strategic program aimed at providing guidance, experienced leadership, and training.

The CoE is designed to drive innovation and improvements throughout the organization’s M365 deployment. It will build best practices, create artifacts, and mentor members to become SMEs.

Governance

CoE is a form of collaborative governance. Those responsible for making the rules are the same ones who are working through how the rules are implemented in practice.

The word most associated with CoE is "nurture." The word most associated with governance is "prevent."

The CoE is experimental and innovative and constantly revising its guidance compared to governance, which is opaque and static.

RACI chart for CoE define activities and ownership

The Work

Build artifacts

Templates

Scripts

Reference architecture

Policies definition

Blueprints

Version control

Measure usage and ROI

Quality assurance

Baseline creation and integrity

ActivitiesSupport Steering CTraining TeamM365 Tools Admin M365 Security AdminDoc Mgt
Monitor M365 ChangeAIRR
CommunicationsIR
TrainingAR
Support – Microsoft + HelpdeskRI
Monitor UsageR
Security and ComplianceAR
Decom On-PremAR
Eliminate Shadow ITR
Identity and AccessAR
Automate Policies in TennantAR
Audit MonitorAR
Data and Information ProtectionARR
Build TemplatesAAR
Manage ArtifactsARA

Steering Committee

This image contains a screenshot of the organization of the CoE Steering Committee

Roles and Responsibilities

  • Set the goals and metrics for the CoE charter
  • Ensure the CoE is aligned to the business objectives
  • Clear any roadblocks that may hinder progress for the team leads
  • Provide guidance on best practices
  • Set expectations for training and certifications
  • Build SME strength through mentoring
  • Promote and facilitate research into M365 developments and releases
  • Ensure knowledge transfer is documented
  • Create roadmap to ensure phase KPIs are met and drive toward excellence

Info-Tech Insight

Executive sponsorship is an element of the CoE that cannot be overlooked. If this occurs, the funding and longevity of the CoE will be limited. Additionally, ensure you determine if the CoE will have an end of life and what that looks like.

M365 Governance CoE Team

Governance and Management

After you’ve developed and implemented your data classification framework, ongoing governance and maintenance will be critical to your success. In addition to tracking how sensitivity labels are used in practice, you’ll need to update your control requirements based on changes in regulations, cybersecurity leading practices, and the nature of the content you manage. Governance and maintenance efforts can include:

  • Establishing a governance body dedicated to data classification or adding a data classification responsibility to the charter of an existing information security body.
  • Defining roles and responsibilities for those overseeing Data Classification
  • Establishing KPIs to monitor and measure progress
  • Tracking cybersecurity leading practices and regulatory changes
  • Developing Standard Operating Procedures that support and enforce a data classification framework

Governance CoE

Tools Used in the Governance CoE Identity – MFA, SSO, Identity Manager, Conditional Access, AD , Microsoft Defender, Compliance Assessments Templates

Security and Compliance - Azure Purview, Microsoft Defender Threat Analytics, Rules-Based Classification (AIP Client & Scanner), Endpoint DLP, Insider Risk Management

Information Management – Audit Log Retention, Information Protection and Governance, Trainable Classifiers

Licenses – Entitlement Management, Risk-Based Conditional Access.

 This image depicts the M365 Governance CoE Team organization.

M365 Tools CoE Team

  • Collaboration tools are at the center of the product portfolio for M365.
  • Need to get users empowered to manage and operate Teams, OneDrive, and SharePoint Online and promote uniform communications and collaborate with document building, sharing, and storing.

This image depicts a screenshot of the Tools CoE Team organization

Collaboration SME – Teams admin, Exchange admin, SharePoint, One Drive admin, Viva Learning (Premium), and Viva Insights (Premium)

Application SME – Covers all updates and new features related to Office programs

Power BI SME – Covers Power Automate for Office 365, Power Apps for Office 365, and Power BI Pro

Voice and Video – Tools-Calling Plan, Audio Conference (Full), Teams Phone, Mobility

PMO – Manages all M365 products online and in production. Also coordinates enhancements, writes up documentation for updates, and releases them to the training CoE for publication.

Microsoft 365 tools used to support business

M365 Training CoE Team

Training and certifications for both end users and technical staff managing the M365 platform. Ensure that you set goals and objectives with your training schedule.

this image depicts the framework for the training CoE team.

Training for SMEs can be broken into two categories:

First line training is internal training for users, in the collaboration space. Teams, One Drive, SharePoint Online, Exchange, and specialty training on Office tools – Word, PowerPoint, Excel, and Microsoft Forms.

Second line training is professional development for the SMEs including certifications in M365 admin, Global admin, Teams admin, and SharePoint administrator.

Additional training and certification can be obtained in governance, information management, and in the admin center for licencing optimization and compliance.

Tools used

  • Viva topics – Integrated knowledge and expert discovery
  • Viva Insight
  • Viva Learning
  • Viva Connections
  • Dynamics 365
  • Voice of the customer surveys

Support M365 CoE Team

This image depicts the framework for m365 CoE team support.

Support CoE:

In charge of creating a knowledge base for M365. Manages incidents with access, usage, and administering apps to desktop. Manages change issues related to updates in patching.

Help Desk Admin:

Resets passwords when self service fails, force sign out, manages service requests.

Works with learning CoE to populate knowledge base with articles and templates.

Manages end user issues with changes and enhancements for M365.

Supporting Metrics

  • Number of calls for M365 support
  • Recurring M365 incidents
  • Number of unresolved Platform issues
  • First call resolution
  • Knowledge sharing of M365
  • Customer satisfaction
  • Turnaround time of tickets created

Roadmap

How does the CoE evolve over time as enterprises become more mature?

  • Depending on the complexity and regulatory requirements of the business, baseline governance and rules around external partners sharing internal documents will need to be set up.
  • Identifying your SMEs in the organization is a perquisite at the beginning stages of setting up the M365 working group.
  • Build a roadmap to get to maturity and competency that brings strategic business value.
  • Meet milestone goals through a two-year, three-phase process. Begin with setting up governance guardrails.
  • Set up foundational baselines against which metrics will be measured.
  • Set up the M365 CoE, at first with target easy wins through group training and policy communications throughout the organization.
this image depicts the CoE Roadmap, from Foundational Baseline, to Standardize Process, to Optimization

How do you turn artifacts like best practice documents into actual behavior change?

this image depicts the process of turning M365 ARtifacts into actual behavioural change within a company

Info-Tech Insights

Building Blocks
The building blocks for a change in end user behavior are based on four criteria which must be clearly communicated. Knowledge transfer from SMEs to the training team is key. That in turn leads to effective knowledge transfer, allowing end users to develop skills quickly that can be shared with their teams. Sharing practices leads to best practices and maintaining these in a repository that can be quickly accessed will build on the efficiencies and effectiveness of the employees.

How Do You Empower End Users to Innovate?

Info-Tech Insights

Understand the Vision

Empowering End users starts with understanding the business vision that is embedded into the M365 CoE charter.

Ensure that the business innovation goals are aligned to the organizational strategies.

The innovative strategies need to be clearly communicated to the employees and the tools to achieve this needs to be mapped out and trained. Clearly lay out the goals, outcomes, and expectations.

End users need to understand how the M365 CoE will assist them in their day-to-day operations, whether in the collaboration space with their colleagues, or with power BI that assists them in their decision making though analytics.

The Right Resources

Arm your team with the resources they need to be successful. Building use cases as part of the training program will give the employees insight into how the M365 tools can be used in their daily work environment. It will also address the pervasive use of nonstandard tools as is seen throughout organizations that are operated in a vacuum.

Empowering your user base though the knowledge transfer borne through the building of artifacts that deal with real life examples that join the dots for employees.

By painting a picture of how the innovative use of the M365 platform can be achieved, users will feel empowered and use those use cases to build out their own innovative ideas.

Hybrid Work

Digital fabric

Collaboration – Communication – Creation

Cloud Services – Innovative Apps – Security

Productivity anywhere any place

Shared working documents in secure cloud

Mesh for Microsoft Teams/Viva

Power apps and dataverse for Teams

Self Service M365

My Apps

My Sign-Ins

My Groups

My Staff

My Access

My Account

Password reset

Sample Best Practices
Tools and Standards Templates

Then communicate them

Collaboration Best Practices

Sharing documents

Real time co-authoring

Comment

Meet

Mobile

Version History

Security Best Practices

This is a screenshot of the Security Best Practices

Default Security Settings

Microsoft Security Score

Enable Alert Policies

Assign RBAC for Admins

Enable Continuous Access Evaluation

Admin Roles Best Practices in M365

This is a screenshot of the admin roles best ractices in M365.

Business Success Metrics for M365 CoE

What does success look like?

  • Are you aligning the M365 metrics to business goals?
  • Are your decisions data driven?
  • Are you able to determine opportunities to improve with your metrics – continuous process improvement?
  • Are you seeing productivity gains, and are they being measured?
This image contains a screenshot of the Business Success Metrics for M365-CoE: SMC Training; Content published and tagged; Usage Metrics; Cost Metrics; Adoption Metrics; New Product Introduction

Activity Output

Start building your M365 CoE and considering the steps for the Phase 1 checklist

BUILD A FOUNDATIONAL BASELINE

Step 1

  1. Select Resources to create a CoE working group
  2. Define your goals and objectives
  3. Identify SMEs within the business and do a gap analysis
  4. Build the M365 charter, mission, and vision
  5. Build consensus and sponsorship from C suite
  6. Create an organizational M365 framework that provides best coverage for all touch points to the platform, from support to training to controls.
  7. Determine the type of CoE you want to create that fits your business (centralized, distributed, or a combination).

Step 2

  1. Build training plans for SMEs and M365 teams
  2. Populate company intranet with artifacts, knowledge articles, and user training portal with all things M365
  3. Build out best practice workbooks, tools, and templates that encompass all departments
  4. Create roles and responsibilities matrix
  5. Identify “super users” in departments to assist with promoting learning and knowledge sharing.
  6. Develop Metrics scorecards on success criteria ensuring they align to business goals

Step 3

  1. Rational M365 licensing
  2. Create communication plan promoting CoE and M365 advantages
  3. Align your governance posture and building guardrails
  4. Identify legacy apps that can be retired and replaced
  5. Train support team and analysts with metrics supporting M365 CoE goals
  6. Create baseline metrics with clear alignment to business KPIs

Related Blueprints

Modernize Your Microsoft Licensing for the Cloud Era

  • Take control of your Microsoft licensing and optimize spend

Govern Office 365

  • Office 365 is as difficult to wrangle as it is valuable. Leverage best practices to produce governance outcomes aligned with your goals

Migrate to Office 365 Now

  • One small step to cloud, one big leap to Office 365. The key is to look before you leap

Build a Data Classification MVP for M365

  • Kickstart your governance with data classification users will actually use!

Bibliography

“Five Guiding Principles of a successful Center of Excellence” Perficient, n.d. Web.

“Self Service in Microsoft 365.” Janbakker.tech, n.d. Web.

“My Apps portal overview.” Microsoft, June 2, 2022. Web.

“Collaboration Best Practices Microsoft365.” Microsoft, n.d. Web.

“Security Best Practices Microsoft 365” Microsoft, July 1, 2022. Web.

Automate Testing to Get More Done

  • Buy Link or Shortcode: {j2store}285|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: $29,139 Average $ Saved
  • member rating average days saved: 5 Average Days Saved
  • Parent Category Name: Testing, Deployment & QA
  • Parent Category Link: /testing-deployment-and-qa
  • Today’s rapidly changing software products and operational processes create mounting pressure on software delivery teams to release new features and changes quickly while meeting high and demanding quality standards.
  • Most organizations see automated testing as a solution to meet this demand alongside their continuous delivery pipeline. However, they often lack the critical foundations, skills, and practices that are imperative for success.
  • The technology is available to enable automated testing for many scenarios and systems, but industry noise and an expansive tooling marketplace create confusion for those interested in adopting this technology.

Our Advice

Critical Insight

  • Good automated testing improves development throughput. No matter how quickly you put changes into production, end users will not accept them if they do not meet quality standards. Escaped defects, refactoring, and technical debt can significantly hinder your team’s ability to deliver software on time and on budget. In fact, 65% of organizations saw a reduction of test cycle time and 62% saw reductions in test costs with automated testing (Sogeti, World Quality Report 2020–21).
  • Start automation with unit and functional tests. Automated testing has a sharp learning curve, due to either the technical skills to implement and operate it or the test cases you are asked to automate. Unit tests and functional tests are ideal starting points in your automation journey because of the available tools and knowledge in the industry, the contained nature of the tests you are asked to execute, and the repeated use of the artifacts in more complicated tests (such as performance and integration tests). After all, you want to make sure the application works before stressing it.
  • Automated testing is a cross-functional practice, not a silo. A core component of successful software delivery throughput is recognizing and addressing defects, bugs, and other system issues early and throughout the software development lifecycle (SDLC). This involves having all software delivery roles collaborate on and participate in automated test case design, configure and orchestrate testing tools with other delivery tools, and proactively prepare the necessary test data and environments for test types.

Impact and Result

  • Bring the right people to the table. Automated testing involves significant people, process and technology changes across multiple software delivery roles. These roles will help guide how automated testing will compliment and enhance their responsibilities.
  • Build a foundation. Review your current circumstances to understand the challenges blocking automated testing. Establish a strong base of good practices to support the gradually adoption of automated testing across all test types.
  • Start with one application. Verify and validate the automated testing practices used in one application and their fit for other applications and systems. Develop a reference guide to assist new teams.

Automate Testing to Get More Done Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should automate testing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

2. Adopt good automated testing practices

Develop and implement practices that mature your automated testing capabilities.

  • Automated Testing Quick Reference Template

Infographic

Workshop: Automate Testing to Get More Done

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Adopt Good Automated Testing Practices

The Purpose

Understand the goals of and your vision for your automated testing practice.

Develop your automated testing foundational practices.

Adopt good practices for each test type.

Key Benefits Achieved

Level set automated testing expectations and objectives.

Learn the key practices needed to mature and streamline your automated testing across all test types.

Activities

1.1 Build a foundation.

1.2 Automate your test types.

Outputs

Automated testing vision, expectations, and metrics

Current state of your automated testing practice

Ownership of the implementation and execution of automated testing foundations

List of practices to introduce automation to for each test type

Create a Data Management Roadmap

  • Buy Link or Shortcode: {j2store}122|cart{/j2store}
  • member rating overall impact (scale of 10): 9.3/10 Overall Impact
  • member rating average dollars saved: $100,135 Average $ Saved
  • member rating average days saved: 36 Average Days Saved
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management

Data has quickly become one of the most valuable assets in any organization. But when it comes to strategically and effectively managing those data assets, many businesses find themselves playing catch-up. The stakes are high because ineffective data management practices can have serious consequences, from poor business decisions and missed revenue opportunities to critical cybersecurity risks.

Successful management and consistent delivery of data assets requires collaboration between the business and IT and the right balance of technology, process, and resourcing solutions.

Build an effective and collaborative data management practice

Data management is not one-size-fits-all. Cut through the noise around data management and create a roadmap that is right for your organization:

  • Align data management plans with business requirements and strategic plans.
  • Create a collaborative plan that unites IT and the business in managing data assets.
  • Design a program that can scale and evolve over time.
  • Perform data strategy planning and incorporate data capabilities into your broader plans.
  • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

This blueprint will help you design a data management practice that builds capabilities to support your organization’s current use of data and its vision for the future.

Create a Data Management Roadmap Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Create a Data Management Roadmap Storyboard – Use this deck to help you design a data management practice and turn data into a strategic enabler for the organization.

Effective data delivery and management provides the business with new and improved opportunities to leverage data for business operations and decision making. This blueprint will help you design a data management practice that will help your team build capabilities that align to the business' current usage of data and its vision for the future.

  • Create a Data Management Roadmap – Phases 1-2

2. Data Management Strategy Planning Tools – Use these tools to align with the business and lay the foundations for the success of your data management practice.

Begin by using the interview guide to engage stakeholders to gain a thorough understanding of the business’ challenges with data, their strategic goals, and the opportunities for data to support their future plans. From there, these tools will help you identify the current and target capabilities for your data management practice, analyze gaps, and build your roadmap.

  • Data Strategy Planning Interview Guide
  • Data Management Assessment and Planning Tool
  • Data Management Project Charter Template

3. Stakeholder Communication and Assessment Tools – Use these templates to develop a communication strategy that will convey the value of the data management project to the organization and meet the needs of key stakeholders.

Strong messaging around the value and purpose of the data management practice is essential to ensure buy-in. Use these templates to build a business case for the project and socialize the idea of data management across the various levels of the organization while anticipating the impact on and reactions from key stakeholders.

  • Data Management Communication/Business Case Template
  • Project Stakeholder and Impact Assessment Tool

4. Data Management Strategy Work Breakdown Structure Template – Use this template to maintain strong project management throughout your data management project.

This customizable template will support an organized approach to designing a program that addresses the business’ current and evolving data management needs. Use it to plan and track your deliverables and outcomes related to each stage of the project.

  • Data Management Strategy Work Breakdown Structure Template

5. Data Management Roadmap Tools – Use these templates to plan initiatives and create a data management roadmap presentation.

Create a roadmap for your data management practice that aligns to your organization’s current needs for data and its vision for how it wants to use data over the next 3-5 years. The initiative tool guides you to identify and record all initiative components, from benefits to costs, while the roadmap template helps you create a presentation to share your project findings with your executive team and project sponsors.

  • Initiative Definition Tool
  • Data Management Roadmap Template

6. Track and Measure Benefits Tool – Use this tool to monitor the project’s progress and impact.

Benefits tracking enables you to measure the effectiveness of your project and make adjustments where necessary to realize expected benefits. This tool will help you track benefit metrics at regular intervals to report progress on goals and identify benefits that are not being realized so that you can take remedial action.

  • Track and Measure Benefits Tool

Infographic

Workshop: Create a Data Management Roadmap

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Develop Data Strategies

The Purpose

Understand the business’s vision for data and the role of the data management practice.

Determine business requirements for data.

Map business goals and strategic plans to create data strategies.

Key Benefits Achieved

Understanding of business’s vision for data

Unified vision for data management (business and IT)

Identification of the business’s data strategies

Activities

1.1 Establish business context for data management.

1.2 Develop data management principles and scope.

1.3 Develop conceptual data model (subject areas).

1.4 Discuss strategic information needs for each subject area.

1.5 Develop data strategies.

1.6 Identify data management strategies and enablers.

Outputs

Practice vision

Data management guiding principles

High-level data requirements

Data strategies for key data assets

2 Assess Data Management Capabilities

The Purpose

Determine the current and target states of your data management practice.

Key Benefits Achieved

Clear understanding of current environment

Activities

2.1 Determine the role and scope of data management within the organization.

2.2 Assess current data management capabilities.

2.3 Set target data management capabilities.

2.4 Identify performance gaps.

Outputs

Data management scope

Data management capability assessment results

3 Analyze Gaps and Develop Improvement Initiatives

The Purpose

Identify how to bridge the gaps between the organization’s current and target environments.

Key Benefits Achieved

Creation of key strategic plans for data management

Activities

3.1 Evaluate performance gaps.

3.2 Identify improvement initiatives.

3.3 Create preliminary improvement plans.

Outputs

Data management improvement initiatives

4 Design Roadmap and Plan Implementation

The Purpose

Create a realistic and action-oriented plan for implementing and improving the capabilities for data management.

Key Benefits Achieved

Completion of a Data Management Roadmap

Plan for how to implement the roadmap’s initiatives

Activities

4.1 Align data management initiatives to data strategies and business drivers.

4.2 Identify dependencies and priorities

4.3 Build a data management roadmap (short and long term)

4.4 Create a communication plan

Outputs

Data management roadmap

Action plan

Communication plan

Further reading

Contents

Executive Brief
Analyst Perspective
Executive Summary
Phase 1: Build Business and User Context
Phase 2: Assess Data Management and Build Your Roadmap
Additional Support
Related Research
Bibliography

Create a Data Management Roadmap

Ensure the right capabilities to support your data strategy.

EXECUTIVE BRIEF

Analyst Perspective

Establish a data management program to realize the data strategy vision and data-driven organization.

Data is one of the most valuable organizational assets, and data management is the foundation – made up of plans, programs, and practices – that delivers, secures, and enhances the value of those assets.

Digital transformation in how we do business and innovations like artificial intelligence and automation that deliver exciting experiences for our customers are all powered by readily available, trusted data. And there’s so much more of it.

A data management roadmap designed for where you are in your business journey and what’s important to you provides tangible answers to “Where do we start?” and “What do we do?”

This blueprint helps you build and enhance data management capabilities as well as identify the next steps for evaluating, strengthening, harmonizing, and optimizing these capabilities, aligned precisely with business objectives and data strategy.

Andrea Malick
Director, Research & Advisory, Data & Analytics Practice
Info-Tech Research Group

Frame the problem

Who this research is for
  • Data management professionals looking to improve the organization’s ability to leverage data in value-added ways
  • Data governance managers and data analysts looking to improve the effectiveness and value of their organization’s data management practice
This research will help you
  • Align data management plans with business requirements and strategic plans.
  • Create a collaborative plan that unites IT and the business in managing the organization’s data assets.
  • Design a data management program that can scale and evolve over time.
This research will also assist
  • Business leaders creating plans to leverage data in their strategic planning and business processes
  • IT professionals looking to improve the environment that manages and delivers data
This research will also help you
  • Perform data strategy planning and incorporate data capabilities and plans into your broader plans.
  • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

Executive Summary

Your Challenge
  • The organizational appetite for data is increasing, with growing demands for data to better support business processes and inform decision making.
  • For data to be accessible and trustworthy for the business it must be effectively managed throughout its lifecycle.
  • With so much data circulating throughout our systems and a steady flow via user activity and business activities, it is imperative that we understand our data environment, focus our data services and oversight on what really matters, and work closely with business leads to ensure data is an integral part of the digital solution.
Common Obstacles
  • Despite the growing focus on data, many organizations struggle to develop an effective strategy for managing their data assets.
  • Successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.
  • Employees are doing their best to just get things done with their own spreadsheets and familiar patterns of behavior. It takes leadership to pause those patterns and take a thoughtful enterprise and strategic approach to a more streamlined – and transformed – business data service.
Info-Tech’s Approach
  • Incremental approach: Building a mature and optimized practice doesn’t occur overnight – it takes time and effort. Use this blueprint’s approach and roadmap results to support your organization in building a practice that prioritizes scope, increases the effectiveness of your data management practice, and improves your alignment with business data needs.
  • Build smart: Don’t do data management for data management’s sake; instead, align it to business requirements and the business’ vision for the organization’s data. Ensure initiatives and program investments best align to business priorities and support the organization in becoming more data driven and data centric.

Info-Tech Insight

Use value streams and business capabilities to develop a prioritized and practical data management plan that provides the highest business satisfaction in the shortest time.

Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

Data Management Capabilities

A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

Data is a business asset and needs to be treated like one

Data management is an enabler of the business and therefore needs to be driven by business goals and objectives. For data to be a strategic asset of the business, the business and IT processes that support its delivery and management must be mature and clearly executed.

Business Drivers
  1. Client Intimacy/Service Excellence
  2. Product and Service Innovations
  3. Operational Excellence
  4. Risk and Compliance Management
Data Management Enablers
  • Data Governance
  • Data Strategy Planning
  • Data Architecture
  • Data Operations Management
  • Data Risk Management
  • Data Quality Management

Industry spotlight: Risk management in the financial services sector

REGULATORY
COMPLIANCE

Regulations are the #1 driver for risk management.

US$11M:

Fine incurred by a well-known Wall Street firm after using inaccurate data to execute short sales orders.
“To successfully leverage customer data while maintaining compliance and transparency, the financial sector must adapt its current data management strategies to meet the needs of an ever-evolving digital landscape.” (Phoebe Fasulo, Security Scorecard, 2021)

Industry spotlight: Operational excellence in the public sector

GOVERNMENT
TRANSPARENCY

With frequent government scandals and corruption dominating the news, transparency to the public is quickly becoming a widely adopted practice at every level of government. Open government is the guiding principle that the public has access to the documents and proceedings of government to allow for effective public oversight. With growing regulations and pressure from the public, governments must adopt a comprehensive data management strategy to ensure they remain accountable to their rate payers, residents, businesses, and other constituents.

  1. Transparency Transparency is not just about access; it’s about sharing and reuse.
  2. Social and commercial value Everything from finding your local post office to building a search engine requires access to data.
  3. Participatory government Open data enables citizens to be more directly informed and involved in decision making.

Industry spotlight: Operational excellence and client intimacy in major league sports

SPORTS
ANALYTICS

A professional sports team is essentially a business that is looking for wins to maximize revenue. While they hope for a successful post-season, they also need strong quarterly results, just like you. Sports teams are renowned for adopting data-driven decision making across their organizations to do everything from improving player performance to optimizing tickets sales. At the end of the day, to enable analytics you must have top-notch information management.

Team Performance Benefits
  1. Talent identification
  2. In-game decision making
  3. Injury reduction
  4. Athlete performance
  5. Bargaining agreement
Team Performance Benefits
  1. Fan engagement
  2. Licensing
  3. Sports gambling
(Deloitte Insights, 2020)
Industry leaders cite data, and the insights they glean from it, as their means of standing apart from their competitors.

Industry spotlight: Operational excellence and service delivery within manufacturing and supply chain services

SUPPLY CHAIN
EFFICIENCY

Data offers key insights and opportunities when it comes to supply chain management. The supply chain is where the business strategy gets converted to operational service delivery of the business. Proper data management enables business processes to become more efficient, productive, and profitable through the greater availability of quality data and analysis.

Fifty-seven percent of companies believe that supply chain management gives them a competitive advantage that enables them to further develop their business (FinancesOnline, 2021).

Involving Data in Your Supply Chain

25%

Companies can reap a 25% increase in productivity, a 20% gain in space usage, and a 30% improvement in stock use efficiency if they use integrated order processing for their inventory system.

36%

Thirty-six percent of supply chain professionals say that one of the top drivers of their analytics initiatives is the optimization of inventory management to balance supply and demand.
(Source: FinancesOnline, 2021)

Industry spotlight: Intelligent product innovation and strong product portfolios differentiate consumer retailers and CPGs

INFORMED PRODUCT
DEVELOPMENT
Consumer shopping habits and preferences are notoriously variable, making it a challenge to develop a well-received product. Information and insights into consumer trends, shopping preferences, and market analysis support the probability of a successful outcome.

Maintaining a Product Portfolio
What is selling? What is not selling?

Product Development
  • Based on current consumer buying patterns, what will they buy next?
  • How will this product be received by consumers?
  • What characteristics do consumers find important?
A combination of operational data and analytics data is required to accurately answer these questions.
Internal Data
  • Organizational sales performance
External Data
  • Competitor performance
  • Market analysis
  • Consumer trends and preferences
Around 75% of ideas fail for organizational reasons – viability or feasibility or time to market issues. On the other hand, around 20% of product ideas fail due to user-related issues – not valuable or usable (Medium, 2020).

Changes in business and technology are changing how organizations use and manage data

The world moves a lot faster today

Businesses of today operate in real time. To maintain a competitive edge, businesses must identify and respond quickly to opportunities and events.

To effectively do this businesses must have accurate and up-to-date data at their fingertips.

To support the new demands around data consumption, data velocity (pace in which data is captured, organized, and analyzed) must also accelerate.

Data Management Implications
  • Strong integration capabilities
  • Intelligent and efficient systems
  • Embedded data quality management
  • Strong transparency into the history of data and its transformation

Studies and projections show a clear case of how data and its usage will grow and evolve.

Zettabyte Era

64.2

More Data

The amount of data created, consumed, and stored globally is forecast to increase rapidly, reaching 64.2 zettabytes in 2020 and projected to grow to over 180 zettabyes in 2025 (Statista, 2021).

Evolving Technologies

$480B

Cloud Proliferation

Global end-user spending on public cloud services is expected to exceed $480 billion next year (Info-Tech, 2021).

To differentiate and remain competitive in today’s marketplace, organizations are becoming more data-driven

Pyramid with a blue tip. Sublevels from top down are labelled 'Analytical Companies', 'Analytical Aspirations', 'Localized Analytics', and 'Analytically Impaired'.

Analytic Competitor

“Given the unforgiving competitive landscape, organizations have to transform now, and correctly. Winning requires an outcome-focused analytics strategy.” (Ramya Srinivasan, Forbes, 2021)
Data and the use of data analytics has become a centerpiece to effective modern business. Top-performing organizations across a variety of industries have been cited as using analytics five times more than lower performers (MIT Sloan).

The strategic value of data

Power intelligent and transformative organizational performance through leveraging data.

Respond to industry disruptors

Optimize the way you serve your stakeholders and customers

Develop products and services to meet ever-evolving needs

Manage operations and mitigate risk

Harness the value of your data

Despite investments in data initiatives, organizations are carrying high levels of data debt

Data debt is the accumulated cost that is associated with the suboptimal governance of data assets in an enterprise, like technical debt.

Data debt is a problem for 78% of organizations.

40%

of organizations say individuals within the business do not trust data insights.

66%

of organizations say a backlog of data debt is impacting new data management initiatives.

33%

of organizations are not able to get value from a new system or technology investment.

30%

of organizations are unable to become data-driven.

(Source: Experian, 2020)

The journey to being data-driven

The journey to becoming a data-driven organization requires a pit stop at data enablement.

The Data Economy

Diagram of 'The Data Economy' with three points on an arrow. 'Data Disengaged: You have a low appetite for data and rarely use data for decision making.' 'Data Enabled: Technology, data architecture, and people and processes are optimized and supported by data governance.' 'Data Driven: You are differentiating and competing on data and analytics, described as a “data first” organization. You’re collaborating through data. Data is an asset.'

Measure success to demonstrate tangible business value

Put data management into the context of the business:
  • Tie the value of data management and its initiatives back to the business capabilities that are enabled.
  • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

Don’t let measurement be an afterthought:

Start substantiating early on how you are going to measure success as your data management program evolves.

Build a right-sized roadmap

Formulate an actionable roadmap that is right-sized to deliver value in your organization.

Key considerations:
  • When building your data management roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
  • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data management partners, also be mindful of the more routine yet still demanding initiatives.
  • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data management milestones
Sample milestones:
  • Data Management Leadership & Org Structure Definition
    Define the home for data management, as approved by senior leadership.
  • Data Management Charter and Policies
    Create a charter for your program and build/refresh associated policies.
  • Data Culture Diagnostic
    Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
  • Use Case Build and Prioritization
    Build a use case that is tied to business capabilities. Prioritize accordingly.
  • Business Data Glossary/Catalog
    Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
  • Tools & Technology
    Explore the tools and technology offering in the data management space that would serve as an enabler to the program (e.g. RFI, RFP).

Insight summary

Overarching insight

Your organization’s value streams and the associated business capabilities require effectively managed data. Whether building customer service excellence or getting ahead of cyberattacks, a data management practice is the dependable mainstay supporting business operations and transformation.

Insight 1

Data – it’s your business.
Data is a digital imprint of business activities. Data architecture and flows are reflective of the organizational business architecture. Take data management capabilities as seriously as other core business capabilities.

Insight 2

Take a data-oriented approach.
Data management must be data-centric – with technology and functional enablement built around the data and its structure and flows. Maintain the data focus during project’s planning, delivery, and evaluation stages.

Insight 3

Get the business into the data business.
Data is not “IT’s thing.” Just as a bank helps you properly allocate your money to achieve your financial goals, IT will help you implement data management to support your business goals, but the accountability for data resides with the business.

Tactical insight

Data management is the program and environment we build once we have direction, i.e. a data strategy, and we have formed an ongoing channel with the guiding voice of the business via data governance. Without an ultimate goal in a strategy or the real requirements of the business, what are we building data systems and processes for? We are used to tech buzz words and placing our hope in promising innovations like artificial intelligence. There are no shortcuts, but there are basic proven actions we can take to meet the digital revolution head on and let our data boost our journey.

Key deliverable:

Data Management Roadmap Template

Use this template to guide you in translating your project's findings and outcomes into a presentation that can be shared with your executive team and project sponsors.

Sample of the 'Data Management Roadmap Template' key deliverable.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Data Management Assessment and Planning Tool

Use this tool to support your team in assessing and designing the capabilities and components of your organization's data management practice. Sample of the 'Data Management Assessment and Planning Tool' deliverable.

Data Culture Diagnostic and Scorecard

Sample of the 'Data Culture Diagnostic and Scorecard' deliverable.

Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.

Business Capability Map

This template takes you through a business capability and value stream mapping to identify the data capabilities required to enable them. Sample of the 'Business Capability Map' deliverable.

Measure the value of this blueprint

Leverage this blueprint’s approach to ensure your data management initiatives align and support your key value streams and their business capabilities.
  • Aligning your data management program and its initiatives to your organization’s business capabilities is vital for tracing and demonstrating measurable business value for the program.
  • This alignment of data management with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.

Project outcome

Metric

Timely data delivery Time of data delivery to consumption
Improved data quality Data quality scorecard metrics
Data provenance transparency Time for data auditing (from report/dashboard to the source)
New reporting and analytic capabilities Number of level 2 business capabilities implemented as solutions
In Phase 1 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data management capabilities and strengths.

In Phase 2, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data management capabilities so that data is well positioned to deliver on those defined business metrics.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Create a Data Management Roadmap project overview

1. Build Business Context and Drivers for the Data Management Program 2. Assess Data Management and Build Your Roadmap
Best-Practice Toolkit

1.1 Review the Data Management Framework

1.2 Understand and Align to Business Drivers

1.3 Build High-Value Use Cases

1.4 Create a Vision

2.1 Assess Data Management

2.2 Build Your Data Management Roadmap

2.3 Organize Business Data Domains

Guided Implementation
  • Call 1
  • Call 2
  • Call 3
  • Call 4
  • Call 5
  • Call 6
  • Call 7
  • Call 8
  • Call 9
Phase Outcomes
  • An understanding of the core components of an effective data management program
  • Your organization’s business capabilities and value streams
  • A business capability map for your organization
  • High-value use cases for data management
  • Vision and guiding principles for data management
  • An understanding of your organization’s current data management capabilities
  • Definition of target-state capabilities and gaps
  • Roadmap of priority data management initiatives
  • Business data domains and ownership

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

What does a typical GI on this topic look like?

Phase 1

Phase 2

Call #1: Understand drivers, business context, and scope of data management at your organization. Learn about Info-Tech’s approach and resources.

Call #2: Get a detailed overview of Info-Tech’s approach, framework, Data Culture Diagnostic, and blueprint.

Call #3:Align your business capabilities with your data management capabilities. Begin to develop a use case framework.

Call #4:Further discuss alignment of business capabilities to data management capabilities and use case framework.

Call #5: Assess your current data management capabilities and data environment. Review your Data Culture Diagnostic Scorecard, if applicable.

Call #6: Plan target state and corresponding initiatives.

Call #7: Identify program risks and formulate a roadmap.

Call #8: Identify and prioritize improvements. Define a RACI chart.

Call #9: Summarize results and plan next steps.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 Day 2 Day 3 Day 4 Day 5
Activities
Understand and contextualize

1.1 Review your data strategy.

1.2 Learn data management capabilities.

1.3 Discuss DM capabilities cross-dependencies and interactions.

1.4 Develop high-value use cases.

Assess current DM capabilities and set improvement targets

2.1 Assess you current DM capabilities.

2.2 Set targets for DM capabilities.

Formulate and prioritize improvement initiatives

3.1 Formulate core initiatives for DM capabilities improvement.

3.2 Discuss dependencies across the initiatives and prioritize them.

Plan for delivery dates and assign RACI

4.1 Plan dates and assign RACI for the initiatives.

4.2 Brainstorm initiatives to address gaps and enable business goals.

Next steps and wrap-up (offsite)

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables
  1. Understanding of the data management capabilities and their interactions and logical dependencies
  2. Use cases
  1. DM capability assessment results
  2. DM vision and guiding principles
  1. Prioritized DM capabilities improvement initiatives
  1. DM capabilities improvement roadmap
  2. Business data domains and ownership
  1. Workshop final report with key findings and recommendations

Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

What is data management and why is it needed?

“Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

Achieving successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.

Who:

This research is designed for:
  • Data management heads and professionals looking to improve their organization’s ability to leverage data in value-added ways.
  • Data management and IT professionals looking to optimize the data environment, from creation and ingestion right through to consumption.

Are your data management capabilities optimized to support your organization’s data use and demand?

What is the current situation?

Situation
  • The volume and variety of data are growing exponentially and show no sign of slowing down.
  • Business landscapes and models are evolving.
  • Users and stakeholders are becoming more and more data-centric, with maturing and demanding expectations.
Complication
  • Organizations struggle to develop a comprehensive approach to optimizing data management.
  • In their efforts to keep pace with the demands for data, data management groups often adopt a piecemeal approach that includes turning to tools as a means to address the needs.
  • Data architecture, models, and designs fail to deliver real and measurable business impact and value. Technology ROI is not realized.
Info-Tech Insight

A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

Info-Tech’s Data Management Framework

What Is Data Management?

Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

The three-tiered Data Management Framework, tiers are labelled 'Data Management Enablers', 'Information Dimensions', and 'Business Information'.

Adapted from DAMA-DMBOK and Advanced Knowledge Innovations Global Solutions

Info-Tech’s Approach

Info-Tech’s Data Management Framework is designed to show how an organization’s business model sits as the foundation of its data management practice. Drawing from the requirements of the underpinning model, a practice is designed and maintained through the creation and application of the enablers and dimensions of data management.

Build a data management practice that is centered on supporting the business and its use of key data assets

Business Resources

Data subject areas provide high-level views of the data assets that are used in business processes and enable an organization to perform its business functions.

Classified by specific subjects, these groups reflect data elements that, when used effectively, are able to support analytical and operational use cases of data.

This layer is representative of the delivery of the data assets and the business’ consumption of the data.

Data is an integral business asset that exists across all areas of an organization

Equation stating 'Trustworthy and Usable Data' plus 'Well-Designed and Executed Processes' equals 'Business Capabilities and Functions'.
Data Management Framework with only the bottom tier highlighted.

For a data management practice to be effective it ultimately must show how its capabilities and operations better support the business in accessing and leveraging its key data assets.*

*This project focuses on building capabilities for data management. Leverage our data quality management research to support you in assessing the performance of this model.

Information dimensions support the different types of data present within an organization’s environment

Information Dimensions

Components at the Information Dimensions layer manage the different types of data and information present with an environment.

At this layer, data is managed based on its type and how the business is looking to use and access the data.

Custom capabilities are developed at this level to support:

  • Structured data
  • Semi-structured data
  • Unstructured data
The types, formats, and structure of the data are managed at this level using the data management enablers to support their successful execution and performance.
Data Management Framework with only the middle tier highlighted.

Build a data management practice with strong process capabilities

Use these guiding principles to contextualize the purpose and value for each data management enabler.

Data Management Framework with only the top tier highlighted.

Data Management Enablers

Info-Tech categorizes data management enablers as the processes that guide the management of the organization’s data assets and support the delivery.

Govern and Direct

  • Ensures data management practices and processes follow the standards and policies outlined for them
  • Manages the executive oversight of the broader practice

Align and Plan

  • Aligns data management plans to the business’ data requirements
  • Creates the plans to guide the design and execution of data management components

Build, Acquire, Operate, Deliver, and Support

  • Executes the operations that manage data as it flows through the business environment
  • Manages the business’ risks in relation to its data assets and the level of security and access required

Monitor and Improve

  • Analyzes the performance of data management components and the quality of business data
  • Creates and execute plans to improve the performance of the practice and the quality and use of data assets

Use Info-Tech’s assessment framework to support your organization’s data management planning

Info-Tech employs a consumer-driven approach to requirements gathering in order to support a data management practice. This will create a vision and strategic plan that will help to make data an enabler to the business as it looks to achieve its strategic objectives.

Data Strategy Planning

To support the project in building an accurate understanding of the organization’s data requirements and the role of data in its operations (current and future), the framework first guides organizations on a business and subject area assessment.

By focusing on data usage and strategies for unique data subject areas, the project team will be better able to craft a data management practice with capabilities that will generate the greatest value and proactively handle evolving data requirements.

Arrow pointing right.

Data Management Assessment

To support the design of a fit-for-purpose data management practice that aligns with the business’ data requirements this assessment will guide you in:

  • Determining the target capabilities for the different dimensions of data management.
  • Identifying the interaction dependencies and coordination efforts required to build a successful data management practice.

Create a Data Management Roadmap

Phase 1

Build Business Context and Drivers for the Data Management Program

Phase 1

1.1 Review the Data Management Framework

1.2 Understand and Align to Business Drivers

1.3 Build High-Value Use Cases

1.4 Create a Vision

Phase 2

2.1 Assess Data Management

2.2 Build Your Data Management Roadmap

2.3 Organize Business Data Domains

This phase will walk you through the following activities:

  • Identify your business drivers and business capabilities.
  • Align data management capabilities with business goals.
  • Define scope and vision of the data management plan.
  • This phase involves the follow

This phase involves the following participants:

  • Data Management Lead/Information Management Lead, CDO, Data Lead
  • Senior Business Leaders
  • Business SMEs
  • Data Owners, Records Managers, Regulatory Subject Matter Experts (e.g. Legal Counsel, Security)

Step 1.1

Review the Data Management Framework

Activities

1.1.1 Walk through the main parts of the best-practice Data Management Framework

This step will guide you through the following activities:

  • Understand the main disciplines and makeup of a best-practice data management program.
  • Determine which data management capabilities are considered high priority by your organization.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map
Build Business Context and Drivers
Step 1.1 Step 1.2 Step 1.3 Step 1.4

Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

Data Management Capabilities

A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

Build a Robust & Comprehensive Data Strategy

Business Strategy

Organizational Goals & Objectives

Business Drivers

Industry Drivers

Current Environment

Data Management Capability Maturity Assessment

Data Culture Diagnostic

Regulatory and Compliance Requirements

Data Strategy

Organizational Drivers and Data Value

Data Strategy Objectives & Guiding Principles

Data Strategy Vision and Mission

Data Strategy Roadmap

People: Roles and Organizational Structure

Data Culture & Data Literacy

Data Management and Tools

Risk and Feasibility

Unlock the Value of Data

Generate Game-Changing Insights

Fuel Data-Driven Decision Making

Innovate and Transform With Data

Thrive and Differentiate With a Data-Driven Culture

Elevate Organizational Data IQ

Build a Foundation for Data Valuation

What is a data strategy and why is it needed?

  • Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.
  • For any CDO or equivalent data leader, a robust and comprehensive data strategy is the number one tool in your toolkit for generating measurable business value from data.
  • The data strategy will serve as the mechanism for making high-quality, trusted, and well-governed data readily available and accessible to deliver on your organizational mandate.

What is driving the need to formulate or refresh your organization’s data strategy?

Who:

This research is designed for:

  • Chief Data Officer (CDO) or equivalent
  • Head of Data
  • Chief Analytics Officer (CAO)
  • Head of Digital Transformation
  • CIO

Info-Tech Insight

A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

Info-Tech’s Data Governance Framework

Model of Info-Tech's Data Governance Framework titled 'Key to Data Enablement'. There are inputs, a main Data Governance cycle, and a selection of outputs. The inputs are 'Business Strategy' and 'Data Strategy' injected into the cycle via 'Strategic Goals & Objectives'. The cycle consists of 'Operating Model', 'Policies & Procedures', 'Data Literacy & Culture', 'Enterprise Projects & Services', 'Data Management', 'Data Privacy & Security', 'Data Leadership', and 'Data Ownership & Stewardship'. The latter two are part of 'Enterprise Governance's 'Oversight & Alignment' cycle. Outputs are 'Defined Data Accountability & Responsibility', 'Knowledge & Common Understanding of Data Assets', 'Trust & Confidence in Traceable Data', 'Improved Data ROI & Reduced Data Debt', and 'Support of Ethical Use of Data in a Data-Driven Culture'.

What is data governance and why is it needed?

  • Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.
  • It should deliver agreed-upon models that are conducive to your organization’s operating culture, where there is clarity on who can do what with which data and via what means.
  • It is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization.
  • It promotes and drives responsible and ethical use and handling of data while helping to build and foster an organizational culture of data excellence.

Do you feel there is a clear definition of data accountability and responsibility in your organization?

Who:

This research is designed for:

  • Chief Data Officer (CDO) or equivalent
  • Head of Data Governance, Lead Data Governance Officer
  • Head of Data
  • Head of Digital Transformation
  • CIO

Info-Tech Insight

Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function.

A diagram titled 'Data Platform Selection - Make complex tasks simple by applying proven methodology to connect businesses to software' with five steps. '1. Formalize a Business Strategy', '2. Identify Platform Specific Considerations', '3. Execute Data Platform Architecture Selection', 'Select Software', 'Achieve Business Goals'.

Info-Tech’s Data Platform Framework

Data pipeline for versatile and scalable data delivery

a diagram showing the path from 'Data Creation' to 'Data Accumulation', to 'Engineering & Augmentation', to 'Data Delivery'. Each step has a 'Fast Lane', 'Operational Lane', and 'Curated Lane'.

What are the data platform and practice and why are they needed?

  • The data platform and practice are two parts of the data and analytics equation:
    • The practice is about the operating model for data; that is, how stakeholders work together to deliver business value on your data platform. These stakeholders are a combination of business and IT from across the organization.
    • The platform is a combination of the architectural components of the data and analytics landscape that come together to support the role the business plays day to day with respect to data.
  • Don’t jump directly into technology: use Info-Tech tools to solve and plan first.
  • Create a continuous roadmap to implement and evolve your data practice and platform.
  • Promote collaboration between the business and IT by clearly defining responsibilities.

Does your data platform effectively serve your reporting and analytics capabilities?

Who:

This research is designed for:

  • Data and Information Leadership
  • Enterprise Information Architect
  • Data Architect
  • Data Engineer/Modeler

Info-Tech Insight

Info-Tech’s approach is driven by business goals and leverages standard data practice and platform patterns. This enables the implementation of critical and foundational data and analytics components first and subsequently facilitates the evolution and development of the practice and platform over time.

Info-Tech’s Reporting and Analytics Framework

Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layers is in turn driven by the enterprise reporting and analytics strategy.
A diagram of the 'Reporting and Analytics Framework' with 'Business vision/strategies' fed through four stages beginning with 'Business Intelligence: Reporting & Analytics Strategy', 'Data Warehouse: Data Warehouse/ Data Lake Strategy', 'Integration and Translation: Data Integration Strategy', 'Sources: Source Strategy (Content/Quality)'
The current states of your integration and warehouse platforms determine what data can be used for BI and analytics.
Your enterprise reporting and analytics strategy is driven by your organization’s vision and corporate strategy.

What is reporting and analytics and why is it needed?

  • Reporting and analytics bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed or evidence-based decision making.
  • The reporting and analytics strategy drives data warehouse and integration strategies and the data needs to support business decisions.
  • The reporting and analytics strategy ensures that the investment made in optimizing the data environment to support reporting and analytics is directly aligned with the organization’s needs and priorities and hence will deliver measurable business value.

Do you have a strategy to enable self-serve analytics? What does your operating model look like? Have you an analytics CoE?

Who:

This research is designed for:

  • Head of BI and Analytics
  • CIO or Business Unit (BU) Leader looking to improve reporting and analytics
  • Applications Lead

Info-Tech Insight

Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layer is in turn driven by the enterprise reporting and analytics strategy.

Info-Tech’s Data Architecture Framework

Info-Tech’s methodology:
    1. Prioritize your core business objectives and identify your business driver.
    2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
    3. Determine the appropriate tactical pattern that addresses your most important requirements.
Visual diagram of the first two parts of the methodology on the left. Objectives apply to the data architecture model, which appropriates tactical patterns, which leads to a focus.
    1. Select the areas of the five-tier architecture to focus on.
    2. Measure your current state.
    3. Set the targets of your desired optimized state.
    1. Roadmap your tactics.
    2. Manage and communicate change.
Visual diagram of the third part of the methodology on the left. A roadmap of tactics leads to communicating change.

What is data architecture and why is it needed?

  • Data architecture is the set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.
  • In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

Is your architecture optimized to sustainably deliver readily available and accessible data to users?

Who:

This research is designed for:

  • Data Architects or their equivalent
  • Enterprise Architects
  • Head of Data
  • CIO
  • Database Administrators

Info-Tech Insight

Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify your business’ priorities and adapt your data architecture to those needs.

A diagram titled 'Build Your Data Quality Program'. '1. Data Quality & Data Culture Diagnostics Business Landscape Exercise', '2. Business Strategy & Use Cases', '3. Prioritize Use Cases With Poor Quality'. 'Info-Tech Insight: As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.' A data flow diagram points out how 'Data quality issues can occur at any stage of the data flow', and that it is better to 'Fix data quality root causes here' during the 'Data Creation', 'Data Ingestion', and 'Data Accumulation & Engineering' stages in order 'to prevent expensive cures here' in the 'Data Delivery' and 'Reporting & Analytics' stages.

What is data quality management and why is it needed?

  • Data is the foundation of decisions made at data-driven organizations.
  • Data quality management ensures that foundation is sustainably solid.
  • If there are problems with the organization’s underlying data, it can have a domino effect on many downstream business functions.
  • The transformational insights that executives are constantly seeking can be uncovered by a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

Do your users have an optimal level of trust and confidence in the quality of the organization’s data?

Who:

This research is designed for:

  • Chief Data Officer (CDO) or equivalent Head of Data
  • Chief Analytics Officer (CAO)
  • Head of Digital Transformation
  • CIO

Info-Tech Insight

Data quality suffers most at the point of entry. The resulting domino effect of error propagation makes these errors among the most costly forms of data quality errors. Fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a majority of data quality issues.

Info-Tech’s Enterprise Content Management Framework

Drivers Governance Information Architecture Process Policy Systems Architecture
Regulatory, Legal –›
Efficiency, Cost-Effectiveness –›
Customer Service –›
User Experience –›
  • Establish decision-making committee
  • Define and formalize roles (RACI, charter)
  • Develop policies
  • Create business data glossary
  • Decide who approves documents in workflow
  • Operating models
  • Information categories (taxonomy)
  • Classifications, retention periods
  • Metadata (for findability and as tags in automated workflows)
  • Review and approval process, e.g. who approves
  • Process for admins to oversee performance of IM service
  • Process for capturing and classifying incoming documents
  • Audit trails and reporting process
  • Centralized index of data and records to be tracked and managed throughout their lifecycle
  • Data retention policy
  • E-signature policy
  • Email policy
  • Information management policies
  • Access/privacy rules
  • Understand the flow of content through multiple systems (e.g. email, repositories)
  • Define business and technical requirements to select a new content management platform/service
  • Improve integrations
  • Right-size solutions for use case (e.g. DAM)
  • Communication/Change Management
  • Data Literacy

What is enterprise content management and why is it needed?

“Enterprise Content Management is the systematic collection and organization of information that is to be used by a designated audience – business executives, customers, etc. Neither a single technology nor a methodology nor a process, it is a dynamic combination of strategies, methods and tools used to capture, manage, store, preserve and deliver information supporting key organizational processes through its entire lifecycle.” (AIIM, 2021)

  • Changing your ECM capabilities is about changing organizational behavior; take an all-hands-on-deck approach to make the most of information gathering, create a vested interest, and secure buy-in.
  • It promotes and drives responsible and ethical use and handling of content while helping to build and foster an organizational culture of information excellence.

Who:

This research is designed for:

  • Information Architect
  • Chief Data Officer (CDO)
  • Head of Data, Information Management
  • Records Management
  • CIO

Info-Tech Insight

ECM is critical to becoming a digital and modernized operation, where both structured data (such as sales reports) and unstructured content (such as customer sentiment in social media) are brought together for a 360-degree view of the customer or for a comprehensive legal discovery.

Metadata management/Data cataloging

Overview

Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about data or information about information (NISO).

Metadata management is the function that manages and maintains the technology and processes that creates, processes, and stores metadata created by business processes and data.

90%

The majority of data is unstructured information like text, video, audio, web server logs, social media, and more (MIT Sloan, 2021).
As data becomes more unstructured, complex, and manipulated, the importance and value of metadata will grow exponentially and support improved:
  • Data consumption
  • Quality management
  • Risk management

Value of Effective Metadata Management

  • Supports the traceability of data through an environment.
  • Creates standards and logging that enable information and data to be searchable and cataloged.
  • Metadata schemas enable easier transferring and distribution of data across different environments.
Data about data: The true value of metadata and the management practices supporting it is its ability to provide deeper understanding and auditability to the data assets and processes of the business.
Metadata supports the use of:
Big Data
Unstructured data
Content and Documents
Unstructured and semi-structured data
Structured data
Master, reference, etc.

Critical Success Factors of Metadata Management

  • Consistent and documented data standards and definitions
  • Architectural planning for metadata
  • Incorporation of metadata into system design and the processing of data
  • Technology to support metadata creation, collection, storage, and reviews (metadata repository, meta marts, etc.)

Info-Tech’s Data Integration Framework

On one hand…

Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

On the other hand…

It is difficult to bring data together from different sources to generate insights and prevent stale data.

How can these two ideas be reconciled?

Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level and is used to design a common data-centric integration environment.

A diagram of the 'Data Integration Onion Framework' with five layers: 'Enterprise Business Processes', 'Enterprise Analytics', 'Enterprise Integration', 'Enterprise Data Repositories', and 'Enterprise Data' at the center.
Info-Tech’s Data Integration Onion Framework
Data-centric integration is the solution you need to bring data together to break down data silos.

What is data integration and why is it needed?

  • To get more value from their information, organizations are relying on increasingly more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of that data.
  • Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and that leads to the formation of data silos.
  • Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

Is your integration near real time and scalable?

Who:

This research is designed for:

  • Data Engineers
  • Business Analysts
  • Data Architects
  • Head of Data Management
  • Enterprise Architects

Info-Tech Insight

Every IT project requires data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.

Info-Tech’s Master Data Management Framework

Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).

The Data Management Framework from earlier with tier 2 item 'Reference and Master' highlighted.

Fundamental objective of MDM: Enable the business to see one view of critical data elements across the organization.

Phases of the MDM Framework. 'Phase 1: Build a Vision for MDM' entails a 'Readiness Assessment', then both 'Identify the Master Data Needs of the Business' and 'Create a Strategic Vision'. 'Phase 2: Create a Plan and Roadmap for the Organization’s MDM Program' entails 'Assess Current MDM Capabilities', then 'Initiative Planning', then 'Strategic Roadmap'.

What is MDM and why is it needed?

  • Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).
  • The fundamental objective of MDM is to enable the business to see one view of critical data elements across the organization.
  • What is included in the scope of MDM?
    • Party data (employees, customers, etc.)
    • Product/service data
    • Financial data
    • Location data

Is there traceability and visibility into your data’s lineage? Does your data pipeline facilitate that single view across the organization?

Who:

This research is designed for:

  • Chief Data Officer (CDO)
  • Head of Data Management, CIO
  • Data Architect
  • Head of Data Governance, Data Officer

Info-Tech Insight

Successful MDM requires a comprehensive approach. To be successfully planned, implemented, and maintained it must include effective capabilities in the critical processes and subpractices of data management.

Data Modeling Framework

  • The framework consists of the business, enterprise, application, and implementation layers.
  • The Business Layer encodes real-world business concepts via the conceptual model.
  • The Enterprise Layer defines all enterprise data asset details and their relationships.
  • The Application Layer defines the data structures as used by a specific application.
  • The Implementation Layer defines the data models and artifacts for use by software tools.
Data Modeling Framework with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

Model hierarchy

  • The Conceptual data model describes the organization from a business perspective.
  • The Message model is used to describe internal- and external-facing messages and is equivalent to the canonical model.
  • The Enterprise model depicts the whole organization and is divided into domains.
  • The Analytical model is built for specific business use cases.
  • Application models are application-specific operational models.
Model hierarchy with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

Info-Tech Insight

The Conceptual model acts as the root of all the models required and used by an organization.

Data architecture and modeling processes

A diagram moving from right to left through 5 phases: 'Business concepts defined and organized', 'Business concepts enriched with attribution', 'Physical view of the data, still vendor agnostic', 'The view being used by developers and business', and 'Manage the progression of your data assets'.

Info-Tech Insight

The Conceptual data model adds relationships to your business data glossary terms and is the first step of the modeling journey.

Data operations

Objectives of Data Operations Management

  • Implement and follow policies and procedures to manage data at each stage of its lifecycle.
  • Maintain the technology supporting the flow and delivery of data (applications, databases, systems, etc.).
  • Control the delivery of data within the system environment.

Indicators of Successful Data Operations Management

  • Effective delivery of data assets to end users.
  • Successful maintenance and performance of the technical environment that collects, stores, delivers, and purges organizational data.
'Data Lifecycle' with steps 'Create', 'Acquire', 'Store', 'Maintain', 'Use', and 'Archive/Destroy'.
This data management enabler has a heavy focus on the management and performance of data systems and applications.
It works closely with the organization’s technical architecture to support successful data delivery and lifecycle management (data warehouses, repositories, databases, networks, etc.).

Step 1.2

Understand and Align to Business Drivers

Activities

1.2.1 Define your value streams

1.2.2 Identify your business capabilities

1.2.3 Categorize your organization’s key business capabilities

1.2.4 Develop a strategy map tied to data management

This step will guide you through the following activities:

  • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map.
  • Determine which business capabilities are considered high priority by your organization.
  • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Build Business Context and Drivers

Step 1.1 Step 1.2 Step 1.3 Step 1.4

Identifying value streams

Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities.
There are several key questions to ask when endeavouring to identify value streams.

Key Questions

  • Who are your customers?
  • What are the benefits we deliver to them?
  • How do we deliver those benefits?
  • How does the customer receive the benefits?

1.2.1 Define value streams

1-3 hours

Input: Business strategy/goals, Financial statements, Info-Tech’s industry-specific business architecture

Output: List of organization-specific value streams, Detailed value stream definition(s)

Materials: Whiteboard/kanban board, Info-Tech’s Reference Architecture Template – contact your Account Representative for details, Other industry standard reference architecture models: BIZBOK, APQC, etc., Info-Tech’s Archimate models

Participants: Enterprise/Business Architect, Business Analysts, Business Unit Leads, CIO, Departmental Executive & Senior managers

Unify the organization’s perspective on how it creates value.

  1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
  2. Consider:
    • How does the organization deliver those benefits?
    • How does the customer receive the benefits?
    • What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
  3. Avoid:
    • Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.

Contact your Account Representative for access to Info-Tech’s Reference Architecture Template

Define or validate the organization’s value streams

Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.

If the organization does not have a business architecture function to conduct and guide Activity 1.2.1, you can leverage the following approach:

  • Meet with key stakeholders regarding this topic, then discuss and document your findings.
  • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture–related work? Who has the relevant skills, competencies, experience, and knowledge about the organization?
  • Engage with these stakeholders to define and validate how the organization creates value. Consider:
    • Who are your main stakeholders? This will depend on the industry in which you operate. For example, they could be customers, residents, citizens, constituents, students, patients.
    • What are your stakeholders looking to accomplish?
    • How does your organization’s products and/or services help them accomplish that?
    • What are the benefits your organization delivers to them and how does your organization deliver those benefits?
    • How do your stakeholders receive those benefits?

Align data management to the organization’s value realization activities.

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

Info-Tech Insight

Your organization’s value streams and the associated business capabilities require effectively managed and governed data. Without this, you could face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

Example of value streams – Retail Banking

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Retail Banking

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Retail Banking with five value chains. 'Attract Customers: Retail banks design new products to fill gaps in their product portfolios by analyzing the market for changing customer needs and new competitor offerings or pricing; Pricing a product correctly through analysis and rate setting is a delicate balance and fundamental to a bank’s success.' 'Supply Loans and Mortgages and Credit Cards: Selecting lending criteria helps banks decide on the segment of customer they should take on and the degree of risk they are willing to accept.' 'Provide Core Banking Services: Servicing includes the day-to-day interactions with customers for onboarding, payments, adjustments, and offboarding through multiple banking channels; Customer retention and growing share of wallet are crucial capabilities in servicing that directly impact the growth and profitability of retail banks.' 'Offer Card Services: Card servicing involves quick turnarounds on card delivery and acceptance at a large number of merchants; Accurate billing and customizable spending alerts are crucial in ensuring that the customer understands their spending habits.' 'Grow Investments and Manage Wealth: Customer retention can be increased through effective wealth management and additional services that will increase the number of products owned by a customer.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Retail Banking.

Example of value streams – Higher Education

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Higher Education

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Higher Education with five value chains. 'Shape Institutional Research: Institutional research provides direct benefits to both partners and faculty, ensuring efficient use of resources and compliance with ethical and methodological standards; This value stream involves all components of the research lifecycle, from planning and resourcing to delivery and commercialization.' 'Facilitate Curriculum Design: Curriculum design is the process by which learning content is designed and developed to achieve desired student outcomes; Curriculum management capabilities include curriculum planning, design and commercialization, curriculum assessment, and instruction management.' 'Design Student Support Services: Support services design and development provides a range of resources to assist students with academic success, such as accessibility, health and counseling, social services, housing, and academic skills development.' 'Manage Academic Administration: Academic administration involves the broad capabilities required to attract and enroll students in institutional programs; This value stream involves all components related to recruitment, enrollment, admissions, and retention management.' 'Deliver Student Services: Delivery of student services comes after curricular management, support services design, and academic administration. It comprises delivery of programs and services to enable student success; Program and service delivery capabilities include curriculum delivery, convocation management, and student and alumni support services.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.

Example of value streams – Local Government

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Local Government

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Local Government with five value chains. 'Sustain Land, Property, and the Environment: Local governments act as the stewards of the regional land and environment that are within their boundaries; Regional government bodies are responsible for ensuring that the natural environment is protected and sustained for future citizens in the form of parks and public land.' 'Facilitate Civic Engagement: Local governments engage with constituents to maintain a high quality of life through art, culture, and education.' 'Protect Local Health and Safety: Health concerns are managed by a local government through specialized campaigns and clinics; Emergency services are provided by the local authority to protect and react to health and safety concerns including police and firefighting services.' 'Grow the Economy: Economic growth is a cornerstone of a strong local government. Growth comes from flourishing industries, entrepreneurial success, high levels of employment, and income from tourism.' 'Provide Regional Infrastructure: Local governments ensure that infrastructure is built, maintained, and effective in meeting the needs of constituents. (Includes: electricity, water, sustainable energy sources, waste collection, transit, and local transportation.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.

Example of value streams – Manufacturing

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Manufacturing

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Manufacturing with three value chains. 'Design Product: Manufacturers proactively analyze their respective markets for any new opportunities or threats; They design new products to serve changing customer needs or to rival any new offerings by competitors; A manufacturer’s success depends on its ability to develop a product that the market wants at the right price and quality level.' 'Produce Product: Optimizing production activities is an important capability for manufacturers. Raw materials and working inventories need to be managed effectively to minimize wastage and maximize the utilization of the production lines; Processes need to be refined continuously over time to remain competitive and the quality of the materials and final products needs to be strictly managed.' 'Sell Product: Once produced, manufacturers need to sell the products. This is done through distributors, retailers, and, in some cases, directly to the end consumer; After the sale, manufacturers typically have to deliver the product, provide customer care, and manage complaints; Manufacturers also randomly test their end products to ensure they meet quality requirements.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.

Define the organization’s business capabilities in a business capability map

A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”

If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

Working with the stakeholders as described in the slide entitled “Define or validate the organization’s value streams”:

  • Analyze the value streams to identify and describe the organization’s capabilities that support them.
  • Consider the objective of your value stream. (This can highlight which capabilities support which value stream.)
  • As you initiate your engagement with your stakeholders, don’t start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
  • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organization, remove the ones that don’t, and add any needed.

Align data management to the organization’s value realization activities.

Info-Tech Insight

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data management program must support.

For more information, refer to Info-Tech’s Document Your Business Architecture.

1.2.2 Identify your business capabilities

Input: List of confirmed value streams and their related business capabilities

Output: Business capability map with value streams for your organization

Materials: Your existing business capability map, Business Alignment worksheet provided in the Data Management Assessment and Planning Tool, Info-Tech’s Document Your Business Architecture blueprint

Participants: Key business stakeholders, Data stewards, Data custodians, Data leads and administrators

Confirm your organization's existing business capability map or initiate the formulation of a business capability map:

  • If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organization creates and captures value) and their business capabilities reflect the organization’s current business environment.
  • If you do not have an existing business capability map, complete this activity to initiate the formulation of a map (value streams and related business capabilities):
    1. Define the organization’s value streams. Meet with senior leadership and other key business stakeholders to define how your organization creates and captures value.
    2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of one another, and typically will have a defined business outcome.

Example business capability map – Retail Banking

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

Example business capability map for: Retail Banking

Example business capability map for Retail Banking with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.

Example business capability map – Higher Education

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

Example business capability map for: Higher Education

Example business capability map for Higher Education with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.

Example business capability map – Local Government

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Local Government

Example business capability map for Local Government with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.

Example business capability map – Manufacturing

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Manufacturing

Example business capability map for Manufacturing with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.

Example business capability map – Retail

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Retail

Example business capability map for Retail with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

1.2.3 Categorize your organization’s key capabilities

Input: Strategic insight from senior business stakeholders on the business capabilities that drive value for the organization

Output: Business capabilities categorized and prioritized (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk) See next slide for an example

Materials: Your existing business capability map or the business capability map derived in Activity 1.2.2

Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

Determine which capabilities are considered high priority in your organization.

  1. Categorize or heatmap the organization’s key capabilities. Consult with senior and other key business stakeholders to categorize and prioritize the business’ capabilities. This will aid in ensuring your data governance future-state planning is aligned with the mandate of the business. One approach to prioritizing capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
  2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organization. Highlight these capabilities and prioritize programs that support them.
  3. Identify competitive advantage differentiators. Focus on capabilities that give your organization an edge over rivals or other players in your industry.

This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.

For more information, refer to Info-Tech’s Document Your Business Architecture.

Example of business capabilities categorization or heatmapping – Retail

This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

  • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
  • The business’ priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organization’s competitive advantage creators.

Example: Retail

Example business capability map for Retail with capabilities categorized into Cost Advantage Creators and Competitive Advantage creators via a legend. Value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

1.2.4 Develop a strategy map tied to data management

Input: Strategic objectives as outlined by the organization’s business strategy and confirmed by senior leaders

Output: A strategy map that maps your organizational strategic objectives to value streams, business capabilities, and ultimately data programs

Materials: Your existing business capability map or the one created in Activity 1.2.2, Business strategy (see next slide for an example)

Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business–data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.

  1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
  2. Leverage their knowledge of the organization’s business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and ultimately data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organization.
  3. Confirm the strategy mapping with other relevant stakeholders.

Example of a strategy map tied to data management

  • Strategic objectives are the outcomes the organization is looking to achieve.
  • Value streams enable an organization to create and capture value in the market through interconnected activities that support strategic objectives.
  • Business capabilities define what a business does to enable value creation in value streams.
  • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap that will enable one or multiple business capabilities in its desired target state.

Info-Tech Tip: Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.

Example: Retail

Example of a strategy map tied to data management with diagram column headers 'Strategic Objectives' (are realized through...) 'Value Streams' (are enabled by...) 'Key Capabilities' (are driven by...) 'Data Capabilities and Initiatives'. Row headers are objectives and fields are composed of three examples of each column header.

For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.

Step 1.3

Build High-Value Use Cases for Data Management

Activities

1.3.1 Build high-value use cases

This step will guide you through the following activities:

  • Understand the main disciplines and makeup of a best-practice data management program.
  • Determine which data management capabilities are considered high priority by your organization.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Build Business Context and Drivers

Step 1.1 Step 1.2 Step 1.3 Step 1.4

1.3.1 Build high-value use cases

Input: Value streams and business capabilities as defined by business leaders, Business stakeholders’ subject area expertise, Data custodian systems, integration, and data knowledge

Output: Use cases that articulate data-related challenges, needs, or opportunities that are tied to defined business capabilities and hence, if addressed, will deliver measurable value to the organization

Materials: Your business capability map from Activity 1.2.2, Info-Tech’s Data Use Case Framework Template, Whiteboard or flip charts (or shared screen if working remotely), Markers/pens

Participants: Key business stakeholders, Data stewards and business SMEs, Data custodians, Data leads and administrators

This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

  1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
  2. Leverage Info-Tech’s Data Use Case Framework Template as seen on the next slide.
  3. Have the stakeholders move through each breakout session outlined in the use case worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
  4. Debrief and document results in the Data Use Case Framework Template.
  5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

Download Info-Tech’s Data Use Case Framework Template

Data use cases

Sample Data

The following is the list of use cases as articulated by key stakeholders at [Organization Name].

The stakeholders see these as areas that are relevant and highly valuable for delivering strategic value to [Organization Name].

Use Case 1: Customer/Student/Patient/Resident 360 View

Use Case 2: Project/Department Financial Performance

Use Case 3: Vendor Lifecycle Management

Use Case 4: Project Risk Management

Prioritization of use cases

Example table for use case prioritization. Column headers are 'Use Case', 'Order of Priority', and 'Comments'. Fields are empty.

Use case 1

Sample Data

Problem statement:

  • We are not realizing our full growth potential because we do not have a unified 360 view of our customers/clients/[name of external stakeholder].
  • This impacts: our cross-selling; upselling; talent acquisition and retention; quality of delivery; ability to identify and deliver the right products, markets, and services...

If we could solve this:

  • We would be able to better prioritize and position ourselves to meet evolving customer needs.
  • We would be able to optimize the use of our limited resources.

Use case 1: challenges, risks, and opportunities

Sample Data

  1. What is the number one risk you need to alleviate?
    • Loss of potential revenue, whether from existing or net new customers.
      • How?
        • By not maximizing opportunities with customers or even by losing customers; by not understanding or addressing their greatest needs
        • By not being able to win potential new customers because we don’t understand their needs
  2. What is the number one opportunity you wish to see happen?
    • The ability to better understand and anticipate the needs of both existing and potential customers.
  3. What is the number one pain point you have when working with data?
    • I can’t do my job with confidence because it’s not based on comprehensive, sound, reliable data. My group spends significant time reconciling data sets with little time left for data use and analysis.
  4. What are your challenges in performing the activity today?
    • I cannot pull together customer data in a timely manner due to having a high level of dependence on specific individuals with institutional knowledge rather than having easy access to information.
    • It takes too much time and effort to pull together what we know about a customer.
    • The necessary data is not consolidated or readily/systematically available for consumption.
    • These challenges are heightened when dealing with customers across markets.

Use case 1 (cont'd)

Sample Data

  1. What does “amazing” look like if we solve this perfectly?
    • Employees have immediate, self-service access to necessary information, leading to better and more timely decisions. This results in stronger business and financial growth.
  2. What other business unit activities/processes will be impacted/improved if we solve this?
    • Marketing/bid and proposal, staffing, procurement, and contracting strategy
  3. What compliance/regulatory/policy concerns do we need to consider in any solution?
    • PII, GDPR, HIPAA, CCPA, etc.
  4. What measures of success/change should we use to prove the value of the effort (KPIs/ROI)?
    • Win rate, number of services per customer, gross profit, customer retention, customer satisfaction scores, brand awareness, and net promoter score
  5. What are the steps in the process/activity today?
    • Manual aggregation (i.e. pull data from systems into Excel), reliance on unwritten knowledge, seeking IT support, canned reports

Use case 1 (cont'd)

Sample Data

  1. What are the applications/systems used at each step?
    • Salesforce CRM, Excel, personal MS Access databases, SharePoint
  2. What data elements (domains) are involved, created, used, or transformed at each step?
    • Bid and proposal information, customer satisfaction, forecast data, list of products, corporate entity hierarchy, vendor information, key staffing, recent and relevant news, and competitor intelligence

Use case worksheet

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

1.

What business capability (or capabilities) in your business area is this use case tied to?

Examples: Demand Planning, Assortment Planning, Allocation & Replenishment, Fulfillment Planning, Customer Management
2.

What are your data-related challenges in performing this today?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

3.

What are the steps in the process/activity today?

4.

What are the applications/systems used at each step today?

5.

What data domains are involved, created, used, or transformed at each step today?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

6.

What does an ideal or improved state look like?

7.

What other business units, business capabilities, activities, or processes will be impacted and/or improved if this were to be solved?

8.

Who are the stakeholders impacted by these changes? Who needs to be consulted?

9.

What are the risks to the organization (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

10.

What compliance, regulatory, or policy concerns do we need to consider in any solution?

11.

What measures of success or change should we use to prove the value of the effort (KPIs/ROI)? What is the measurable business value of doing this?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

10.

Conclusion: What are the data capabilities that need to be optimized, addressed, or improved to support or help realize the business capability (or capabilities) highlighted in this use case?

(Tip: This will inform your future-state data capabilities optimization planning and roadmapping activities.)

Data Management Workshop
Use Case 1: Covid-19 Emergency Management

[SAMPLE]

Problem Statement

Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

Challenges
  • Data is not suitable for analytics. It takes lot of effort to clean data.
  • Data intervals are not correct and other data quality issues.
  • The roles are not clearly defined.
  • Lack of communication between key stakeholders.
  • Inconsistent data/reporting/governance in the agencies. This has resulted in number of issues for Covid-19 emergency management. Not able to report accurately on number of cases, deaths, etc.
  • Data collection systems changed overtime (forms, etc.).
  • GIS has done all the reporting. However, why GIS is doing all the reporting is not clear. GIS provides critical information for location. Reason: GIS was ready with reporting solution ArcGIS.
  • Problem with data collection, consolidation, and providing hierarchical view.
  • Change in requirements, metrics – managing crisis by email and resulting in creating one dashboard after another. Not sure whether these dashboards being used.
  • There is a lot of manual intervention and repeated work.
What Does Amazing Look Like?
  • One set of dashboards (or single dashboard) – too much time spend on measure development
  • Accurate and timely data
  • Automated data
  • Access to granular data (for researchers and other stakeholders)
  • Clear ownership of data and analytics
  • It would have been nice to have governance already prior to this crisis
  • Proper metrics to measure usage and value
  • Give more capabilities such as predictive analytics, etc.
Related Processes/Impact
  • DPH
  • Schools
  • Business
  • Citizens
  • Resources & Funding
  • Data Integration & GIS
  • Data Management
  • Automated Data Quality
Compliance
  • HIPAA, FERPA, CJIS, IRS
  • FEMA
  • State compliance requirement – data classification
  • CDC
  • Federal data-sharing agreements/restrictions
Benefits/KPIs
  • Reduction in cases
  • Timely response to outbreak
  • Better use of resources
  • Economic impact
  • Educational benefits
  • Trust and satisfaction

Data Management Workshop
Use Case 1: Covid-19 Emergency Management

[SAMPLE]

Problem Statement

Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

Current Steps in Process Activity (Systems)
  1. Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM
  2. KYEM stores this information/data
  3. Deduplicate data (emergency preparedness group)
  4. Generate dashboard using ArcGIS
  5. Map to monitor status of the update
  6. Error correction using web portal (QAQC)
  7. Download Excel/CVS after all 97 hospital reports
  8. Sent to federal platform (White House, etc.)
  9. Generate reports for epidemiologist (done manually for public reporting)
Data Flow diagram

Data flow diagram.

SystemsData Management Dimensions
  1. Data Governance
  2. Data Quality
  3. Data Integrity
  4. Data Integration
  1. Data Architecture
  2. Metadata
  3. Data Warehouse, Reporting & Analytics
  4. Data Security

Data Management Workshop
Use Case 1: Covid-19 Emergency Management

[SAMPLE]

Problem Statement

Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

List Future Process Steps

Prior to COVID-19 Emergency Response:

  • ArcGIS data integrated available in data warehouse/data lake.
  • KYEM data integrated and available in data warehouse/data lake.
  • CHFS data integrated and available in data warehouse/data lake.
  • Reporting standards and tools framework established.

After COVID-19 Emergency Response:

  • Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM.
  • Error correction using web portal (QAQC).
  • Generate reports/dashboard/files as per reporting/analytical requirements:
    • Federal reporting
    • COVID dashboards
    • Epidemiologist reports
    • Lab reporting
Future Process and Data Flow

Data flow diagram with future processes.

Step 1.4

Create a Vision and Guiding Principles for Data Management

Activities

1.4.1 Craft a vision

1.4.2 Create guiding principles

This step will guide you through the following activities:

  • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map, guided by info-Tech’s approach.
  • Determine which business capabilities are considered high priority by your organization.
  • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Build Business Context and Drivers

Step 1.1 Step 1.2 Step 1.3 Step 1.4

1.4.1 Craft a vision

Input: Organizational vision and mission statements, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

Output: Vision and mission statements

Materials: Markers and pens, Whiteboard, Online whiteboard, Vision samples and templates

Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

Complete the vision statement to set the direction, the “why,” for the changes we’re making. The vision is a reference point that should galvanize everyone in the organization and set guardrails for technical and process decisions to follow.

  1. Bring together key business stakeholders (content owners, SMEs, and relevant IT custodians) to craft a data management vision statement.
  2. Start by brainstorming keywords, such as customer-focused, empower the business, service excellence, findable and manageable, protected, accessible, paperless.
  3. Highlight the keywords that resonate most with the group. Refer to example vision statements for ideas.

Create a common data management vision that is consistently communicated to the organization

A data management program should be an enterprise-wide initiative.

  • To create a strong vision for data management, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.
  • Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.
  • The data management program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.
Stock image of a megaphone with multiple icons pouring from its opening.

Info-Tech Tips

  • Use information from the stakeholder interviews to derive business goals and objectives.
  • Work to integrate different opinions and perspectives into the overall vision for data management.
  • Brainstorm guiding principles for content and understand the overall value to the organization.

Create compelling vision and mission statements for the organization’s future data management practice

A vision represents the way your organization intends to be in the future.

A clear vision statement helps align the entire organization to the same end goal.

Your vision should be brief, concise, and inspirational; it is attempting to say a lot in a few words, so be very thoughtful and careful with the words you choose. Consider your strengths across departments – business and IT, the consumers of your services, and your current/future commitments to service quality.

Remember that a vision statement is internally facing for other members of your company throughout the process.

A mission expresses why you exist.

While your vision is a declaration of where your organization aspires to be in the future, your mission statement should communicate the fundamental purpose of the data management practice.

It identifies the function of the practice, what it produces, and its high-level goals that are linked to delivering timely, high-quality, relevant, and valuable data to business processes and end users. Consider if the practice is responsible for providing data for analytical and/or operational use cases.

A mission statement should be a concise and clear statement of purpose for both internal and external stakeholders.

“The Vision is the What, Where or Who you want the company to become. The Mission is the WHY the company exists, it is your purpose, passion or cause.” (Doug Meyer-Cuno, Forbes, 2021)

Data Management Vision and Mission Statements: Draft

Vision and mission statements crafted by the workshop participants. These statements are to be reviewed, refined into a single version, approved by members of the senior leadership team, and then communicated to the wider organization.

Corporate

Group 1

Group 2

Vision:
Create and maintain an institution of world-class excellence.
Vision: Vision:
Mission:
Foster an economic and financial environment conducive to sustainable economic growth and development.
Mission: Mission:

Information management framework

The information management framework is a way to organize all the ECM program’s guidelines and artifacts

Information management framework with 'Information Management Vision' above six principles. Below them are 'Information Management Policies' and 'Information Management Standards and Procedures.'

The vision is a statement about the organization’s goals and provides a basis to guide decisions and rally employees toward a shared goal.

The principles or themes communicate the organization’s priorities for its information management program.

Policies are a set of official guidelines that determine a course of action. For example: Company is committed to safety for its employees.

Procedures are a set of actions for doing something. For example: Company employees will wear protective gear while on the production floor.

Craft your vision

Use the insights you gathered from users and stakeholders to develop a vision statement
  • The beginning of a data management practice is a clear set of goals and key performance indicators (KPIs).
    A good set of goals takes time and input from senior leadership and stakeholders.
  • The data management program lead is selling a compelling vision of what is possible.
  • The vision also helps set the scope and expectations about what the data management program lead is and is not doing.
  • Be realistic about what you can do and how long it will take to see a difference.
Table comparing the talk (mission statements, vision statements, and values) with the walk (strategies/goals, objectives, and tactical plans). Example vision statements:
  • The organization is dedicated to creating an enabling structure that helps the organization get the right information to the right people at the right time.
  • The organization is dedicated to creating a program that recognizes data as an asset, establishing a data-centric culture, and ensuring data quality and accessibility to achieve service excellence.
The vision should be short, memorable, inspirational and draw a clear picture of what that future-state data management experience looks like.

Is it modern and high end, with digital self-service?

Is it a trusted and transparent steward of customer assets?

1.4.2 Create guiding principles

Input: Sample data management guiding principles, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

Output: Data management guiding principles

Materials: Markers and pens, Whiteboard, Online whiteboard, Guiding principles samples and templates

Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

Draft a set of guiding principles that express your program’s values as a framework for decisions and actions and keep the data strategy alive.

  1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to craft a set of data management guiding principles.
  2. Refer to industry sample guiding principles for data management.
  3. Discuss what’s important to stakeholders and owners, e.g. security, transparency, integrity. Good guiding principles address real challenges.
  4. A helpful tip: Craft principles as “We will…” statements for the problems you’ve identified.

Twelve data management universal principles

[SAMPLE]
Principle Definitions
Data Is Accessible Data is accessible across the organization based on individuals’ roles and privileges.
Treat Data as an Asset Treat data as a most valuable foundation to make right decisions at the right time. Manage the data lifecycle across organization.
Manage Data Define strategic enterprise data management that defines, integrates, and effectively retrieves data to generate accurate, consistent insights.
Define Ownership & Stewardship Organizations should clearly appoint data owners and data stewards and ensure all team members understand their role in the company’s data management system.
Use Metadata Use metadata to ensure data is properly managed by tacking how data has been collected, verified, reported, and analyzed.
Single Source of Truth Ensure the master data maintenance across the organization.
Ensure Data Quality Ensure data integrity though out the lifecycle of data by establishing a data quality management program.
Data Is Secured Classify and maintain the sensitivity of the data.
Maximize Data Use Extend the organization’s ability to make the most of its data.
Empower the Users Foster data fluency and technical proficiency through training to maximize optimal business decision making.
Share the Knowledge Share and publish the most valuable insights appropriately.
Consistent Data Definitions Establish a business data glossary that defines consistent business definitions and usage of the data.

Create a Data Management Roadmap

Phase 2

Assess Data Management and Build Your Roadmap

Phase 1

1.1 Review the Data Management Framework

1.2 Understand and Align to Business Drivers

1.3 Build High-Value Use Cases

1.4 Create a Vision

Phase 2

2.1 Assess Data Management

2.2 Build Your Data Management Roadmap

2.3 Organize Business Data Domains

This phase will walk you through the following activities:

  • Understand your current data management capabilities.
  • Define target-state capabilities required to achieve business goals and enable the data strategy.
  • Identify priority initiatives and planning timelines for data management improvements.

This phase involves the following participants:

  • Data Management Lead/Information Management Lead, CDO, Data Lead
  • Senior Business Leaders
  • Business SMEs
  • Data owners, records managers, regulatory subject matter experts (e.g. legal counsel, security)

Step 2.1

Assess Your Data Management Capabilities

Activities

2.1.1 Define current state of data management capabilities

2.1.2 Set target state and identify gaps

This step will guide you through the following activities:

  • Assess the current state of your data management capabilities.
  • Define target-state capabilities required to achieve business goals and enable the data strategy.
  • Identify gaps and prioritize focus areas for improvement.

Outcomes of this step

  • A prioritized set of improvement areas aligned with business value stream and drivers

Assess Data Management and Build Your Roadmap

Step 2.1 Step 2.2 Step 2.3

Define current state

The Data Management Assessment and Planning Tool will help you analyze your organization’s data requirements, identify data management strategies, and systematically develop a plan for your target data management practice.
  • Based on Info-Tech’s Data Management Framework, evaluate the current-state performance levels for your organization’s data management practice.
  • Use the CMMI maturity index to assign values 1 to 5 for each capability and enabler.

A visualization of stairs numbered up from the bottom. Main headlines of each step are 'Initial and Reactive', 'Managed while developing DG capabilities', 'Defined DG capabilities', 'Quantitatively Managed by DG capabilities', and 'Optimized'.

Sample of the 'Data Management Current State Assessment' form the Data Management Assessment and Planning Tool.

2.1.1 Define current state

Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map

Output: Current-state data management capabilities

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g. Data Governance, Data Quality, Risk.

  1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign current-state maturity levels in each question of the worksheet.
  2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
  3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
  4. In tab 4, “Current State Assessment,” populate a current-state value for each item in the Data Management Capabilities worksheet.
  5. Once you’ve entered values in tab 4, a visual and summary report of the results will be generated on tab 5, “Current State Results.”

2.1.2 Set target state and identify gaps

Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map to identify priorities

Output: Target-state data management capabilities, Gaps identification and analysis

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g., Data Governance, Data Quality, Risk.

  1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign target-state maturity levels in each question of the worksheet.
  2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
  3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
  4. In tab 6, “Target State & Gap Analysis,” enter maturity values in each item of the Capabilities worksheet in the Target State column.
  5. Once you’ve assigned both target-state and current-state values, the tool will generate a gap analysis chart on tab 7, “Gap Analysis Results,” where you can start to decide first- and second-line priorities.

Step 2.2

Build Your Data Management Roadmap

Activities

2.2.1 Describe gaps

2.2.2 Define gap initiatives

2.2.2 Build a data management roadmap

This step will guide you through the following activities:

  • Identify and understand data management gaps.
  • Develop data management improvement initiatives.
  • Build a data management–prioritized roadmap.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Assess Data Management and Build Your Roadmap

Step 2.1 Step 2.2 Step 2.3

2.2.1 Describe gaps

Input: Target-state maturity level

Output: Detail and context about gaps to lead planners to specific initiatives

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Based on the gaps result, describe the nature of the gap, which will lead to specific initiatives for the data management plan:

  1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, enter additional context about the nature and extent of each gap in the Gap Description column.
  2. Based on the best-practices framework we walked through in Phase 1, note the specific areas that are not fully developed in your organization; for example, we don’t have a model of our environment and its integrations, or there isn’t an established data quality practice with proactive monitoring and intervention.

2.2.2 Define gap initiatives

Input: Gaps analysis, Gaps descriptions

Output: Data management initiatives

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Based on the gap analysis, start to define the data management initiatives that will close the gaps and help the organization achieve its target state.

  1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, note in the Gap Initiative column what actions you can take to address the gap for each item. For example, if we found through diagnostics and use cases that users didn’t understand the meaning of their data or reports, an initiative might be, “Build a standard enterprise business data catalog.”
  2. It’s an opportunity to brainstorm, to be creative, and think about possibilities. We’ll use the roadmap step to select initiatives from this list.
  3. There are things we can do right away to make a difference. Acknowledge the resources, talent, and leadership momentum you already have in your organization and leverage those to find activities that will work in your culture. For example, one company held a successful Data Day to socialize the roadmap and engage users.

2.2.3 Build a data management roadmap

Input: Gap initiatives, Target state and current-state assessment

Output: Data management initiatives and roadmap

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Start to list tangible actions you will take to address gaps and achieve data objectives and business goals along with timelines and responsibility:

  1. With an understanding of your priority areas and specific gaps, and referring back to your use cases, draw up specific initiatives that you can track, measure, and align with your original goals.
  2. For example, in data governance, initiatives might include:
    • Assign data owners and stewards for all data assets.
    • Consolidate disparate business data catalogs.
    • Create a data governance charter or terms of reference.
  3. Alongside the initiatives, fill in other detail, especially who is responsible and timing (start and end dates). Assigning responsibility and some time markers will help to keep momentum alive and make the work projects real.

Step 2.3

Organize Business Data Domains

Activities

2.3.1 Define business data domains and assign owners

This step will guide you through the following activities:

  • Identify business data domains that flow through and support the systems environment and business processes.
  • Define and organize business data domains with assigned owners, artifacts, and profiles.
  • Apply the domain map to building governance program.

Outcomes of this step

  • Business data domain map with assigned owners and artifacts

Assess Data Management and Build Your Roadmap

Step 2.1 Step 2.2 Step 2.3

2.3.1 Define business data domains

Input: Target-state maturity level

Output: Detail and context about gaps to lead planners to specific initiatives

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Identify the key data domains for each line of business, where the data resides, and the main contact or owner.

  1. We have an understanding of what the business wants to achieve, e.g. build customer loyalty or comply with privacy laws. But where is the data that can help us achieve that? What systems is that data moving and living in and who, if anyone, owns it?
  2. Define the main business data domains apart from what system it may be spread over. Use the worksheet on the next slide as an example.
  3. Examples of business data domains: Customer, Product, Vendor.
  4. Each domain should have owners and associated business processes. Assign data domain owners, application owners, and business process owners.

Business and data domains

[SAMPLE]

Business Domain App/Data Domains Business Stewards Application Owners Business Owners
Client Experience and Sales Tech Salesforce (Sales, Service, Experience Clouds), Mulesoft (integration point) (Any team inputting data into the system)
Quality and Regulatory Salesforce
Operations Salesforce, Salesforce Referrals, Excel spreadsheets, SharePoint
Finance Workday, Sage 300 (AccPac), Salesforce, Moneris Finance
Risk/Legal Network share drive/SharePoint
Human Resources Workday, Network share drive/SharePoint HR team
Corporate Sales Salesforce (Sales, Service, Health, Experience Clouds),
Sales and Client Success Mitel, Outlook, PDF intake forms, Workday, Excel. Sales & Client Success Director, Marketing Director CIO, Sales & Client Success Director, Marketing Director

Embrace the technology

Make the available data governance tools and technology work for you:
  • Data catalog
  • Business data glossary
  • Data lineage
  • Metadata management
While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.
Array of logos of tech companies whose products are used for this type of work: Informatica, Collibra, Tibco, Alation, Immuta, TopQuadrant, and SoftwareReviews.

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.
Photo of an analyst.

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

The following are sample activities that will be conducted by Info-Tech analysts with your team:
Sample of the Data Governance Strategy Map slide from earlier.

Build Your Business and User Context

Work with your core team of stakeholders to build out your data management roadmap, aligning data management initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.
Sample of a 'Data Management Enablers' table.

Formulate a Plan to Get to Your Target State

Develop a data management future-state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

Related Info-Tech Research

Stock image of people pointing to a tablet with a dashboard.

Build a Robust and Comprehensive Data Strategy

Key to building and fostering a data-driven culture.
Sample of the 'Data & Analytics Landscape' slide from earlier.

Understand the Data and Analytics Landscape

Optimize your data and analytics environment.
Stock image of co-workers looking at the same thing.

Build a Data Pipeline for Reporting and Analytics

Data architecture best practices to prepare data for reporting and analytics.

Research Contributors

Name Position Company
Anne Marie Smith Board of Directors DAMA International
Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
Mario Cantin Chief Data Strategist Prodago
Martin Sykora Director NexJ Analytics
Michael Blaha Author, Patterns of Data Modeling Consultant
Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
Ranjani Ranganathan Product Manager, Research – Workshop Delivery Info-Tech Research Group
Reddy Doddipalli Senior Workshop Director Info-Tech Research Group

Bibliography

AIIM, “What is Enterprise Content Management (ECM)?” Intelligent Information Management Glossary, AIIM, 2021. Web.

BABOK V3: A Guide to Business Analysis Body of Knowledge. IIBA, 2014. Web.

Barton, Dominic, and David Court. "Three Keys To Building a Data-Driven Strategy." McKinsey and Company, 1 Mar. 2013. Web.

Boston University Libraries. "Data Life Cycle » Research Data Management | Boston University." Research Data Management RSS. Boston University, n.d. Accessed Oct. 2015.

Chang, Jenny. “97 Supply Chain Statistics You Must Know: 2020 / 2021 Market Share Analysis & Data.” FinancesOnline, 2021. Web.

COBIT 5: Enabling Information. ISACA, 2013. Web.

CSC (Computer Sciences Corporation), Big Data Infographic, 2012. Web.

DAMA International. DAMA-DMBOK Guide. 1st ed., Technics Publications, 2009. Digital.

DAMA International. “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK2 Guide).” 2nd ed., 2017. Accessed June 2017.

Davenport, Thomas H. "Analytics in Sports: The New Science of Winning." International Institute for Analytics, 2014. Web.

Department of Homeland Security. Enterprise Data Management Policy. Department of Homeland Security, 25 Aug. 2014. Web.

Enterprise Data Management Data Governance Plan. US Federal Student Aid, Feb. 2007. Accessed Oct. 2015.

Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021.

Fasulo, Phoebe. “6 Data Management Trends in Financial Services.” SecurityScorecard, 3 June 2021. Web.

Georgia DCH Medicaid Enterprise – Data Management Strategy. Georgia Department of Community Health, Feb. 2015. Accessed Oct. 2015.

Hadavi, Cyrus. “Use Exponential Growth of Data to Improve Supply Chain Operations.” Forbes, 5 Oct. 2021. Web.

Harbert, Tam. “Tapping the power of unstructured data.” MIT Sloan, 1 Feb. 2021. Web.

Hoberman, Steve, and George McGeachie. Data Modeling Made Simple with PowerDesigner. Technics Pub, 2011. Print.

“Information Management Strategy.” Information Management – Alberta. Service Alberta, Nov.-Dec. 2013. Web.

Jackson, Brian, et al. “2021 Tech Trends.” Info-Tech Research Group, 2021. Web.

Jarvis, David, et al. “The hyperquantified athlete: Technology, measurement, and the business of sports.” Deloitte Insights, 7 Dec. 2020. Web.

Bibliography

Johnson, Bruce. “Leveraging Subject Area Models.” EIMInsight Magazine, vol. 3, no. 4, April 2009. Accessed Sept. 2015.

Lewis, Larry. "How to Use Big Data to Improve Supply Chain Visibility." Talking Logistics, 14 Sep. 2014. Web.

McAfee, Andrew, and Erik Brynjolfsson. “Big Data: The Management Revolution,” Harvard Business Review, vol. 90, no. 10, 2012, pp. 60-68.

Meyer-Cuno, Doug. “Is A Vision Statement Important?” Forbes, 24 Feb. 2021. Web.

MIT. “Big Data: The Management Revolution.” MIT Center for Digital Business, 29 May 2014. Accessed April 2014.

"Open Framework, Information Management Strategy & Collaborative Governance.” MIKE2 Methodology RSS, n.d. Accessed Aug. 2015.

PwC. “Asset Management 2020: A Brave New World.” PwC, 2014. Accessed April 2014.

Riley, Jenn. Understanding Metadata: What is Metadata, and What is it For: A Primer. NISO, 1 Jan. 2017. Web.

Russom, Philip. "TDWI Best Practices Report: Managing Big Data." TDWI, 2013. Accessed Oct. 2015.

Schneider, Joan, and Julie Hall. “Why Most Product Launches Fail.” Harvard Business Review, April 2011. Web.

Sheridan, Kelly. "2015 Trends: The Growth of Information Governance | Insurance & Technology." InformationWeek. UBM Tech, 10 Dec. 2014. Accessed Nov. 2015.

"Sports Business Analytics and Tickets: Case Studies from the Pros." SloanSportsConference. Live Analytics – Ticketmaster, Mar. 2013. Accessed Aug. 2015.

Srinivasan, Ramya. “Three Analytics Breakthroughs That Will Define Business in 2021.” Forbes, 4 May 2021. Web.

Statista. “Amount of data created, consumed, and stored 2010-2020.” Statista, June 2021. Web.

“Understanding the future of operations: Accenture Global Operations Megatrends research.” Accenture Consulting, 2015. Web.

Vardhan, Harsh. “Why So Many Product Ideas Fail?” Medium, 26, Sept. 2020. Web.

Renovate the Data Center

  • Buy Link or Shortcode: {j2store}497|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Data Center & Facilities Optimization
  • Parent Category Link: /data-center-and-facilities-optimization
  • 33% of enterprises will be undertaking facility upgrades or refreshes in 2010 aimed at extending the life of their existing data centers.
  • Every upgrade or refresh targeting specific components in the facility to address short-term pain will have significant impact on the data center environment as a whole. Planning upfront and establishing a clear project scope will minimize expensive changes in later years.
  • This solution set will provide you with step-by-step design, planning, and selection tools to define a Data Center renovation plan to reduce cost and risk while supporting cost-effective long-term growth for power, cooling, standby power, and fire protection renovations.

Our Advice

Critical Insight

  • 88% of organizations cited they would spend more time and effort on documenting and identifying facility requirements for initial project scoping. Organizations can prevent scope creep by conducting the necessary project planning up front and identify requirements and the effect that the renovation project will have in all areas of the data center facility.
  • Data Center facilities renovations must include the specific requirements related to power provisioning, stand-by power, cooling, and fire protection - not just the immediate short-term pain.
  • 39% of organizations cited they would put more emphasis on monitoring contractor management and performance to improve the outcome of the data center renovation project.

Impact and Result

  • Early internal efforts to create a budget and facility requirements yields better cost and project outcomes when construction begins. Each data center renovation project is unique and should have its own detailed budget.
  • Upfront planning and detailed project scoping can prevent a cascading impact on data center renovation projects to other areas of the data center that can increase project size, scope and spend.
  • Contractor selection is one of the most important first steps in a complex data center renovation. Organizations must ensure the contractor selected has experience specifically in data center renovation.

Renovate the Data Center Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify and understand the renovation project.

  • Storyboard: Renovate the Data Center
  • None
  • Data Center Annual Review Checklist

2. Renovate power in the data center.

  • Data Center Power Requirements Calculator

3. Renovate cooling in the data center.

  • Data Center Cooling Requirements Calculator

4. Renovate standby power in the data center.

  • Data Center Standby Power Requirements Calculator

5. Define current and future fire protection requirements.

  • Fire Protection & Suppression Engineer Selection Criteria Checklist
  • None

6. Assess the opportunities and establish a clear project scope.

  • Data Center Renovation Project Charter
  • Data Center Renovation Project Planning & Monitoring Tool

7. Establish a budget for the data center renovation project.

  • Data Center Renovation Budget Tool

8. Select a general contractor to execute the project.

  • None
  • Data Center Renovation Contractor Scripted Interview
  • Data Center Renovation Contractor Scripted Interview Scorecard
  • Data Center Renovation Contractor Reference Checklist
[infographic]

Craft a Customer-Driven Market Strategy With Unbiased Data

  • Buy Link or Shortcode: {j2store}611|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Selection & Implementation
  • Parent Category Link: /selection-and-implementation
  • Market strategies are informed by gut feel and endless brainstorming instead of market data to take their product from concept to customer.
  • Hiring independent market research firms results in a lack of unbiased third-party data. Research firms tell vendors what they want to hear instead of offering an agnostic view of software trends.
  • Dissatisfied customers don’t tell you directly why they are leaving, so there is no feedback loop back into product improvements.
  • Often a market strategy is built after a product is developed to force the product’s fit in the market. The product marketing team has no say in the product vision or future improvements.

Our Advice

Critical Insight

  • Adopt the 5 P’s to building a winning market strategy: Proposition, Product, Pricing, Placement, and Promotion.
  • You can’t be everything to everyone. Testing your proposition in the market to see what sticks is a risky move. Promise future value using past successes by gaining a deeper understanding of which customers and submarkets truly align to your product.
  • Customers have learned to avoid shiny new objects but still expect rapid feature releases. Differentiating features require a closer look at the underpinning vendor capabilities. Having intentional feature releases requires a feedback loop into the product roadmap and increases influence by the product marketing team.
  • Price transparency and sensitivity should drive what you offer to customers. Negotiating solely on price is a race to the bottom.

Impact and Result

  • Leverage this report to gain insights on the software selection process and what top vendors do best.
  • Gain a bird’s-eye view on customer purchasing behavior using over 40,000 data points on satisfaction and importance collected directly from the source.
  • Build a winning market strategy influenced by real customer data that drives vendor success.

Craft a Customer-Driven Market Strategy With Unbiased Data Research & Tools

Read the storyboard

Read our storyboard to find out why you should leverage SoftwareReviews data to craft your market strategy, review Info-Tech’s methodology, and understand unbiased customer data on software purchasing triggers.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Craft a Customer-Driven Market Strategy With Unbiased Data Storyboard
[infographic]

Modernize and Transform Your End-User Computing Strategy

  • Buy Link or Shortcode: {j2store}308|cart{/j2store}
  • member rating overall impact (scale of 10): 9.6/10 Overall Impact
  • member rating average dollars saved: $34,982 Average $ Saved
  • member rating average days saved: 25 Average Days Saved
  • Parent Category Name: End-User Computing Strategy
  • Parent Category Link: /end-user-computing-strategy

IT needs to answer these questions:

  • What types of computing devices, provisioning models, and operating systems should be offered to end users?
  • How will IT support devices?
  • What are the policies and governance surrounding how devices are used?
  • What actions are we taking and when?
  • How do end-user devices support larger corporate priorities and strategies?

Your answers need to balance choice, risk, and cost.

Our Advice

Critical Insight

  • Even if a user has a prestigious tablet, if the apps aren’t built well, they can’t get support on it, or they can’t connect, then that device is useless. Focus on supportability, use cases, connection, and policy – and the device.

Impact and Result

  • Identify desired benefits that align to IT and corporate priorities and strategies.
  • Perform a persona analysis.
  • Define a vision for end-user computing.
  • Define the standard device and app offerings.
  • Improve the supporting services surrounding devices.
  • Develop a roadmap for implementing your strategy.

Modernize and Transform Your End-User Computing Strategy Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. End-User Computing Strategy Deck – A step-by-step document to walk you through end-user computing trends and processes to improve customer satisfaction.

This storyboard will help you identify your goals, build standard offerings for users, define governance and policies around offerings, and develop a roadmap for your EUC program.

  • Modernize and Transform Your End-User Computing Strategy – Phases 1-3

2. End-User Computing Strategy Template – A repository for your current-state and persona analysis to identify technology requirements for each user group.

Use these templates to document your end-user computing strategy. Follow the guidelines in the blueprint and record activity results in the template. The findings will be presented to the management team.

  • End-User Computing Strategy Template
  • User Group Analysis Workbook

3. End-User Computing Ideas Catalog and Standard Offering Guide – Templates that guide you to document the outcome from persona analysis to define standard offerings and policies.

The Ideas Catalog introduces provisioning models, form factors, and supported operating systems. Use the Standard Offering Template to document provisioning models and define computing devices along with apps and peripherals according to the outcome of the user group analysis.

  • Standard End-User Entitlements and Offerings Template
  • End-User Computing Ideas Catalog

4. End-User Computing Policies – Policies that establish requirements for end-user computing.

Use these policy templates to communicate the purposes behind each end-user computing decision and establish company standards, guidelines, and procedures for the purchase of technologies. The policies will ensure purchasing, reimbursement, security, and remote wiping enforcements are consistent and in alignment with the company strategy.

  • Mobile Device Connectivity & Allowance Policy
  • Purchasing Policy
  • Mobile Device Reimbursement Agreement
  • Mobile Device Reimbursement Policy
  • BYOD Acceptable Use Policy
  • Mobile Device Remote Wipe Waiver Template
  • General Security – User Acceptable Use Policy
  • Device Entitlement Policy Template

Infographic

Workshop: Modernize and Transform Your End-User Computing Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Set the Direction

The Purpose

Dig into the current state and build user persona.

Key Benefits Achieved

Determine your challenges and strengths.

Delineate user IT requirements.

Activities

1.1 Assess the current state of end-user computing.

1.2 Perform SWOT analysis.

1.3 Map benefits to stakeholder drivers and priorities.

1.4 Identify user groups.

1.5 Identify supporting technology.

1.6 Identify opportunities to provide value.

Outputs

SWOT analysis of current state

Goals cascade

Persona analysis

2 Define the Offering

The Purpose

Define your EUC vision and standard offerings.

Key Benefits Achieved

Brainstorm EUC vision and mission.

Find out the standard offerings.

Set the direction for end-user computing to support shift-left enablement.

Activities

2.1 Prioritize benefits.

2.2 Craft a vision and mission statement.

2.3 Identify goals.

2.4 Define guiding principles for your strategy.

2.5 Select a provisioning model for each persona.

2.6 Define the standard device offerings.

2.7 Document each persona's entitlements.

Outputs

Vision statement, mission statement, and guiding principles

Goals and indicators

End-user device entitlements standard

3 Support the Offering

The Purpose

Outline supporting practices and define policies for each use case.

Key Benefits Achieved

Document supporting practices.

Document EUC policies.

Activities

3.1 Define device management tools and approach.

3.2 Identify groups involved in supporting practices.

3.3 Identify opportunities to improve customer service.

3.4 Define acceptable use.

3.5 Define BYOD policies.

3.6 Define procurement and entitlement policies.

3.7 Define security policies.

Outputs

List of management tools for end-user computing

Roles and responsibilities for maintaining the end-user computing environment

Opportunities to improve customer service

End-user computing policy templates

4 Bridge the Gap and Create the Roadmap

The Purpose

Build a user migration roadmap.

Key Benefits Achieved

Make the project a reality by documenting initiatives and building a roadmap.

Activities

4.1 Identify the gaps in devices, user support, use cases, policy & governance, and fitness for use.

4.2 Plan the deployment and user migration journey.

4.3 Document initiatives in the roadmap.

Outputs

Initiatives mapped to practice areas

User migration journey map

Further reading

Modernize and Transform Your End-User Computing Strategy

Support the workforce of the future.

EXECUTIVE BRIEF

Analyst Perspective

Focus beyond the device

It’s easy to think that if we give end users nice devices, then they will be more engaged and they will be happy with IT. If only it were that easy.

Info-Tech Research Group has surveyed over 119,000 people through its CIO Business Vision diagnostic. The results show that a good device is necessary but not enough for high satisfaction with IT. Once a user has a decent device, the other aspects of the user’s experience has a higher impact on their satisfaction with IT.

After all, if a person is trying to run apps designed in the 1990s, if they are struggling to access resources through an underperforming VPN connection, or if they can’t get help when their devices and apps aren’t working, then it doesn’t matter that you gave them a state-of-the-art MacBook or Microsoft Surface.

As you build out your end-user computing strategy to reflect the new reality of today’s workforce, ensure you focus on shifting user support left, modernizing apps to support how users need to work, and ensuring that your network and collaboration tools can support the increased demands. End-user computing teams need to focus beyond the device.

Ken Weston, ITIL MP, PMP, Cert.APM, SMC

Research Director, Infrastructure and Operations Info-Tech Research Group

Mahmoud Ramin, PhD

Senior Research Analyst, Infrastructure and Operations Info-Tech Research Group

Executive Summary

Your Challenge

IT needs to answer these questions:

  • What types of computing devices, provisioning models, and operating systems (OSes) should be offered to end users?
  • How will IT support devices?
  • What are the policies and governance surrounding how devices are used?
  • What actions are we taking and when?
  • How do end-user devices support larger corporate priorities and strategies?

Your answers need to balance choice, risk, and cost.

Common Obstacles

Management paradigms have shifted:

  • OSes, device management, and IT asset management (ITAM) practices have changed.
  • Users expect full capabilities on any personal device.
  • Virtual desktops are switching to the cloud.
  • Low-code/no-code platforms allow the business to manage their own apps or comanage with IT.
  • Work-from-anywhere is the default.
  • Users have higher customer service expectations.

Take end-user computing beyond the OS.

Info-Tech's Approach

This blueprint will help you:

  • Identify desired benefits that align to IT and corporate priorities and strategies.
  • Perform a persona analysis.
  • Define a vision for end-user computing.
  • Define the standard device and app offerings.
  • Improve the supporting services surrounding devices.
  • Develop a roadmap for implementing your strategy.

A good device is necessary for satisfaction with IT but it’s not enough.

If a user has a prestigious tablet but the apps aren’t built well, they can’t get support on it, or they can’t connect to the internet, then that device is useless. Focus on supportability, use cases, connection, policy – and device.

Your challenge

This blueprint will help you build a strategy that answers these questions:

  • What types of computing devices should be offered to end users?
  • What provisioning models will be used?
  • What operating systems are supported?
  • How will IT support devices?
  • What are the policies and governance surrounding how devices are used?
  • What actions are we taking and when?
  • How do end-user devices support larger corporate priorities and strategies?

Definition: End-User Computing (EUC)

End-user computing (EUC) is the domain of information and technology that deals with the devices used by workers to do their jobs. EUC has five focus areas: devices, user support, use cases, policy & governance, and fitness for use.

A good end-user computing strategy will effectively balance:

User Choice

Cost

Risk

The right balance will be unique for every organization.

Strike the right balance

The discussion is larger than desktop support

If IT is an influencer, then you get to drive this conversation. If IT is not an influencer, then you need to support whatever option the business wants.

Cost Risk Choice Result
Higher Education High importance Low importance High importance Full BYOD for professors. Standardized offerings for administration.
Software Development Firms Low importance Medium/High importance High importance Standardized offerings for developers. Virtual desktops for users on BYOD.
Legal Firm Medium importance High importance Low importance Partners offered prestigious devices. Everyone else uses Windows PCs. Virtual desktops and apps for remote access.

Healthcare

High importance High importance Low importance Nurses, janitors, and other frontline staff use shared tablets. Doctors are provisioned their own tablet. Admin staff and doctors are provisioned virtual desktops to maintain security and compliance.
Government High importance High importance Low importance Standardized PC offerings for all employees. MacBooks are provided with justification. Devices managed with Intune and ConfigMgr.

Good devices are necessary for overall IT satisfaction

BUT

Good devices are not enough for high satisfaction

A bad device can ruin a person’s satisfaction with IT

Info-Tech’s CIO Business Vision has shown that when someone is dissatisfied with their device, their satisfaction with IT overall is only 40.92% on average.

When a person is satisfied with their device, their average satisfaction increases by approximately 30 percentage points to 70.22%. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,383)

The image is a bar graph, with the Y-axis labelled Overall IT Satisfaction. There are two bars, one labelled Satisfied With Devices, which is at 70.22%, and the other labelled Dissatisfied With Devices, which is at 40.92%.

Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy all have a higher impact on increasing satisfaction.

For every one-point increase in satisfaction in those areas, respondents’ overall satisfaction with IT increased by the respective percentage of a point. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,409)

The image shows a graphic of five arrows pointing upwards. They are labelled (from right to left): Devices--42.20%; IT Policy--45.90%; Network & Comms Infra--59.49%; Business Apps--63.89%; Service Desk--65.19%, 1.54 times the impact of devices.

End-User Paradigms Have Shifted

Take end-user computing beyond the device

Operating System - OS

Only Windows

  • More choices than ever before

Endpoint Management System - UEM

Group Policy & Client Management

  • Modern & Unified Endpoint Management

Personal Devices - BYOD

Limited to email on phones

  • Full capabilities on any device

IT Asset Management - ITAM

Hands-on with images

  • Zero-touch with provisioning packages

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

  • Desktop-as-a-Service in the cloud

Business-Managed Apps - BMA

Performed by IT

  • Performed by the Business and IT

Work-From-Anywhere - WFA

Rare

  • Default

Customer Satisfaction - C Sat

Phone calls and transactional interactions

  • Self-serve & managing entire experience

Don’t limit your focus to only Windows and Macs

Android is the OS with the largest market share

Users and IT have more choices than ever before

Operating System - OS

Only Windows

  • More choices than ever before

Microsoft is still the dominant player in end-user computing, but Windows has only a fraction of the share it once had.

IT needs to revisit their device management practices. Modern management tools such as unified endpoint management (UEM) tools are better suited than traditional client management tools (CMT) for a cross-platform world.

IT must also revisit their application portfolios. Are business apps supported on Android and iOS or are they only supported on Windows? Is there an opportunity to offer more options to end users? Are end users already running apps and handling sensitive data on Android and iOS through software-as-a-service and bring-your-own-device (BYOD) capabilities in Office 365 and Google apps?

The image shows a bar graph titled OS Market Share, 2011-2021. On the x-axis are OS names with a bar in blue representing their market share in 2011, and a bar in purple showing their market share in 2021. The data shown is as follows: Windows--85.98% (2011), 31.62% (2021); Android--1.22% (2011), 40.85% (2021); iOS--2.1% (2011), 16.42% (2021); Mac OS X--6.19% (2011); 6.8% (2021); Other--4.51% (2011), 4.31% (2021). Source: StatCounter Global Stats.

OS market share is partly driven by the digital divide

If someone must choose between a smartphone and a computer, they go with a smartphone

IT can’t expect everyone to be fluent on Windows and Mac, have a computer at home, or even have home broadband.

Of US adults aged 18-29:

  • 96% have a smartphone (the rest have cellphones).
  • Only 70% of US adults aged 18-29 have a home broadband connection.

Further, only 59% of US adults making less than $30,000/year have a laptop or desktop. (“Mobile Technology” and “Digital Divide,” Pew Research, 2021.)

Globally, people are likelier to have a cell subscription than they are to have access to broadband.

The image is a bar graph, with a list of countries on the X-axis, with each having two bars: blue indicating Fixed Broadband Subscriptions per 100 people and purple indicating Mobile Cellular Subscriptions per 100 people. In all listed countries, the number of Mobile Cellular Subscriptions per 100 people is higher than Fixed Broadband Subscriptions. Source: The World Bank, 2020. Most recent data for USA mobile cellular subscriptions is from 2019.

Embrace new device management paradigms

Endpoint Management System - UEM

Group Policy & Client Management

  • Modern & Unified Endpoint Management

Evaluate enterprise mobility management and unified endpoint management to better support a remote-first, cross-platform reality.

Client Management Tool (CMT)

CMTs such as Microsoft Endpoint Configuration Manager (ConfigMgr, aka SCCM) can be used to distribute apps, apply patches, and enforce group policy.

Enterprise Mobility Management (EMM)

EMM tools allow you to manage multiple device platforms through mobile device management (MDM) protocols. These tools enforce security settings, allow you to push apps to managed devices, and monitor patch compliance through reporting.

EMM tools often support mobile application management (MAM) and mobile content management (MCM). Most EMM tools can manage devices running Windows, Mac OS, iOS, and Android, although there are exceptions.

Unified Endpoint Management (UEM)

UEM solutions combine CMT and EMM for better control of remote computers running Windows or Macs. Examples include:

  • Windows devices comanaged by Intune and ConfigMgr.
  • Mac devices managed by Jamf Pro.
  • Mac devices comanaged by Jamf Pro and Intune.

Most UEM tools can manage devices running Windows, Mac OS, iOS, and Android, allowing IT to manage all end-user devices from a unified tool set (although there are exceptions).

Mobile Application Management (MAM)

MAM provides the ability to package an app with security settings, distribute app updates, and enforce app updates. Some capabilities do not require apps to be enrolled in an EMM or UEM solution.

Mobile Content Management (MCM)

MCM tools distribute files to remote devices. Many MCM solutions allow for security settings to be applied, such as encrypting the files or prohibiting data from leaving the secure container. Examples include OneDrive, Box, and Citrix ShareFile.

Adopt modern management with EMM and UEM – better toolsets for today’s state of EUC

Sacrifice your Group Policy Objects to better manage Windows computers

Windows Management Features Traditional CMT Hybrid UEM Cloud-Based EMM
Group Policy ✔ Primary management approach ✔ Available alongside configuration service providers X Replaced by configuration service providers
Manage remote devices without VPN X X
No longer manage and maintain images X ✔ Images are still available ✔ Images replaced by provisioning packages
Secure and support BYOD X (Certain tools may offer limited MDM capabilities)
Support remote zero-touch provisioning X (Only available via PXE boot)
App, patch, update deployments Via defined distribution points Via defined distribution points or MAM Via MAM

IT asset management practices are shifting

IT Asset Management - ITAM

Hands-on with images

  • Zero-touch with provisioning packages

Supply chain issues are making computers longer to procure, meaning users are waiting longer for computers (Cision, 2021). The resulting silicon chip shortage is expected to last until at least 2023 (Light Reading, 2021).

IT departments are delaying purchases, delaying refreshes, and/or purchasing more to reserve devices before they need them.

Remote work has increased by 159% over the past 12 years (NorthOne, 2021). New hires and existing users can’t always go into the office to get a new computer.

IT departments are paying vendors to hold onto computers and then drop-ship them directly to the end user. The devices are provisioned using zero touch (e.g. Autopilot, Apple Device Manager, or another tool). Since zero-touch provisioning tools do not support images, teams have had to switch to provisioning packages.

The pandemic saw an increase in spending on virtual desktops

Virtual desktops offered powerful tools for supporting remote devices and personal computers without compromising sensitive data

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

  • Desktop-as-a-Service in the cloud

The pandemic helped cloud-based virtual desktop infrastructure (VDI)

Citrix saw subscription revenue increase 71% year over year in 2020 (Citrix 2020 Annual Report, p. 4). VMware saw subscription and SaaS revenue increase 38% from January 2020 to 2021 – while on-premises licensing revenue decreased by 5% (VMware Annual Report 2021, p. 40).

IT no longer needs to manage the underlying infrastructure

Microsoft and AWS are offering desktops as a service (i.e. cloud-based virtual desktops). IT needs to manage only the device, not the underlying virtual desktop infrastructure. This is in addition to Citrix’s and VMware’s cloud offerings, where IT doesn’t need to manage the underlying infrastructure that supports VDI.

Visit the blueprint Implement Desktop Virtualization and Transition to Everything as a Service to get started.

Work-from-anywhere (WFA) is now the default

COVID-19 forced this shift

Work-From-Anywhere - WFA

Rare

  • Default

Be prepared to support a hybrid workforce, where people are sometimes working remotely and sometimes working in the office.

  • Device provisioning and deployment need to be rethought. In-person deployment is not always possible. IT should evaluate tools such as zero-touch provisioning.
  • Service desks need better monitoring and management tools. End-user experience management (EUEM) can allow you to better identify where network issues are occurring – in your data center, at the user’s house, in the cloud, or somewhere in between. Remote control tools can then allow your tier 1 to remediate issues on the user’s device.
  • Apps and devices need to be usable from anywhere. Environments that rely on desktops and on-premises apps need to be rearchitected for a remote-first workforce.
  • Users are living inside video conferencing tools. With the impact of the COVID-19 pandemic, there are about 145 million daily users of Microsoft Teams, almost twice the number of users in 2020 (MUO, 2021). Ensure they have the training and expertise to effectively use these tools.

“More technical troubleshooting due to users working from home a lot more. It can be more difficult to talk users through fixes when they are off site if you cannot remotely assist so more emphasis on the communication skill which was already important.” (Service Desk Institute, 2021)

Visit the Hybrid Workplace Research Center to better support a hybrid workforce.

BYOD fully includes personal computers

It’s no longer about whether IT will allow BYOD

Stop pretending BYOD doesn’t happen

Personal Devices - BYOD

Limited to email on phones

  • Full capabilities on any device
  • BYOD (including BYOPC) is turned on by default. SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. Further, the pandemic saw 47% of organizations significantly increase their use of BYOD (Cybersecurity Insiders, 2021; N=271).
  • BYOD can boost productivity. When employees can use smartphones for work, they report that it increases their productivity by 34 percent (Samsung Insights, 2016).
  • BYOD is hard to support, so most organizations don’t. Only 22% of organizations provide full support for mobile devices, while 20% provide no support, 25% provide ad hoc support, and 26% provide limited support (Cybersecurity Insiders, 2021). If smartphones and tablets are heavily ingrained in business processes, then migrating to BYOD can overload the service desk.
  • Securely enable employees. Mobile application management (MAM), mobile content management (MCM), and Office 365 have gotten smarter at protecting corporate data.

Action Item: Identify how IT can provide more support to personally owned computers, tablets, and smartphones.

58% of working Americans say their work devices are “awful to work on." (PCMag, 2021)

But only 22% of organizations provide full support to BYOD. (Cybersecurity Insiders, 2021)

IT must either provide better devices or start fully supporting users on personal PCs.

Build governance practices for low-code development platforms

Managing 1,000 different apps built out on low-code business process management platforms is hard, but it’s not nearly as hard as managing 1,000 unique SaaS apps or access databases

Business-Managed Apps - BMA

Performed by IT

  • Performed by the Business and IT

Pros - Opportunities

  • Offers DIY to users
  • Business can build them quickly
  • IT has central visibility
  • IT can focus on the platform

Cons - Threats

  • Sensitive data can get exposed
  • Users may have issues with continuity and backup
  • Responding to platform changes will be potentially challenging
  • Support may be difficult after the app creator leaves

Action Item: Build a governance framework that describes the roles and responsibilities involved in business-owned apps. Identify the user’s role and end-user computing’s role in supporting low-code apps.

Visit the blueprint Embrace Business-Managed Apps to learn how to build a governance framework for low-code development platforms.

Visit the Low-Code Business Process Management SoftwareReviews category to compare different platforms.

Update your customer service practices

End users expect self-service and help from tier 1

Re-evaluate how you support both corporate-issued and personal-owned computers and mobile devices

Customer Satisfaction - C Sat

Phone calls and transactional interactions

  • Self-serve & managing entire experience

Microsoft’s 2019 “Global State of Customer Service” report shows that people have high expectations:

  • 31% of people expect call agents to have a “deep understanding of the caller’s relationship with the company”
  • 11% expect self-service capabilities

End users have the same expectations of IT, the service desk, and end-user computing teams:

  • Users expect any IT person with whom they are talking to have a deep understanding of their devices, apps, open tickets, and closed tickets.
  • Users expect tier 1 to be able to resolve their incidents and requests without escalating to tier 2 or tier 3 end-user computing specialists.

Most Important Aspects of Customer Service

Resolving issue in one interaction - 35%

Knowledgeable agent - 31%

Finding information myself - 11%

Not repeating information - 20%

(Microsoft, 2019)

Desktop engineering needs to shift left

Revisit what work can only be done by tier 2 and tier 3 teams

Shifting left involves shifting resolution of incidents and service requests down from more costly resources to the first line of support and to end users themselves through self-service options

  • Tier 1 needs up-to-date information on the end users’ devices and open tickets.
  • Users should be able to request apps and download those apps through a self-service portal, a software catalog, or an app store.
  • Tier 1 needs to be empowered to remote wipe devices, see troubleshooting and diagnostics information, and resolve incidents without needing to escalate.

Action Item: Apply shift-left enablement to train tier 1 agents on troubleshooting more incidents and fulfilling more service requests. Build top-notch self-service capabilities for end users.

The image is a graphic titled Shift-Left Strategy. At the top, it lists Auto-Fix; User, Tier 1, Tier 2/3, and Vendor. On the left, it lists Metrics vertically: Cost, Time, Satisfaction. A bar displays how high or low the metric is based on the categories listed at the top.

Work with your service desk on the blueprint Optimize the Service Desk with a Shift-Left Strategy.

Windows 11 is coming

Prepare to make the jump

The sooner you start, the easier the migration will be

  • Begin planning hardware refreshes. Old computers that do not have a TPM 2.0 chip are not currently supported on Windows 11 (“Enable TPM 2.0,” Microsoft, 2021). If you have old computers that will not support the jump to Windows 11– especially given the supply chain disruptions and silicon chip shortages – it is time to consider computer upgrades.
  • The end of Windows 10 is coming. Windows 10’s retirement date is currently October 14, 2025 (“Windows 10 Home and Pro,” Microsoft, 2021). If you want to continue running Windows 10 on older computers beyond that time, you will need to pay for extended support or risk those computers being more easily breached.
  • Begin testing your apps internally. Run Windows 11 within IT and test whether your apps will work on Windows 11.
  • Pilot Windows 11 with IT-friendlies. Find users that are excited for Windows 11 and will not mind a bit of short-term pain.
  • What is your risk appetite? Risk-averse organizations will want to wait until Microsoft, DISA, and/or Center for Internet Security have published security configuration best practices.

Info-Tech’s approach

Master the ever-expanding puzzle of end-user computing

User Group Analysis

Supported Devices and Apps

Fitness for Use

Device Support

The Info-Tech difference:

  1. Balance user choice, risk mitigation, and cost optimization. The right balance will be unique for every organization.
  2. Standardize the nonstandard. Anticipate your users’ needs by having power options and prestigious options ready to offer.
  3. Consider multiple personas when building your standards, training, and migrations. Early Adopters, Late Adopters, VIP Users, Road Warriors, and Hoarders – these five personas will exist in one form or another throughout your user groups.

Modernize and Transform Your End-User Computing Strategy

Focus on the Big Picture

End-User Paradigms Have Shifted

Take end-user computing beyond the device

Operating System - OS

Only Windows

  • More choices than ever before

Endpoint Management System - UEM

Group Policy & Client Management

  • Modern & Unified Endpoint Management

Personal Devices - BYOD

Limited to email on phones

  • Full capabilities on any device

IT Asset Management - ITAM

Hands-on with images

  • Zero-touch with provisioning packages

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

  • Desktop-as-a-Service in the cloud

Business-Managed Apps - BMA

Performed by IT

  • Performed by the Business and IT

Work-From-Anywhere - WFA

Rare

  • Default

Customer Satisfaction - C Sat

Phone calls and transactional interactions

  • Self-serve & managing entire experience

Don't just focus on the device!

Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy have a higher impact on increasing satisfaction.

Impact of End-User Satisfaction of IT by Area Compared to Devices

Devices (x1.0)

IT Policy (x1.09)

Network & Communications Infrastructure (x1.41)

Business Apps (x1.51)

Service Desk (x1.54)

(Info-Tech Research Group, CIO Business Vision, 2021; n=119,409)

Build your strategy with these components...

End-User Group Analysis

  • Work location
  • Information interactions
  • Apps
  • Data and files
  • Business capabilities
  • Current offering
  • Pain points
  • Desired gains

Supported Devices & Apps

  • Primary computing device offerings
  • Power computing device offering
  • Prestigious device offerings
  • Secondary computing device offerings
  • Provisioning models
  • Standard apps
  • Peripherals

Device Support

  • Self-service
  • Service Desk
  • Specialists

Fitness for Use

  • Organizational policies
  • Security policies

Vision

...to answer these questions:

  1. What devices will people have?
  2. How will you support these devices?
  3. How will you govern these devices?

Balance choice, risk, and cost

The right balance will be unique for every organization. Get the balance right by aligning your strategy's goals to senior leadership’s most important priorities.

  • User choice
  • Risk
  • Cost

+ Standardize the non-standard

Have a more prestigious option ready for users, such as VIPs, who want more than the usual offerings. This approach will help you to proactively anticipate your users' needs.

+Consider multiple personas when building your standards, training, and migrations

These five personas will exist in one form or another throughout your user groups.

  • Early Adopters
  • Late Adopters
  • VIP Users
  • Road Warriors
  • Hoarders

Use our approach to answer these questions:

What computers will people have?

Types of computing devices

  • Power desktop
  • Power laptop
  • Desktop
  • Laptop
  • Virtual Desktop
  • Thin Client Device
  • Pro Tablet
  • Tablet
  • Smartphone

Corporate-Issued Approaches

  • Kiosk – Shared, Single Purpose
  • Pooled – Shared, Multipurpose
  • Persistent – Individual
  • Personally Owned

Supported Operating Systems

  • Windows
  • Mac
  • Chrome OS
  • Linux
  • iOS/iPad OS
  • Android

How will you support these devices?

Device Management

  • Manual
  • CMT
  • EMM
  • UEM
  • Pooled Virtual Desktop Manager

Supporting Practices

  • Self-Service
  • Tier 1 Support
  • Specialist Support

How will you govern these devices?

Corporate Policies

  • Personal Use Allowed?
  • Management and Security Policies
  • Personal Device Use Allowed?
  • Supported Apps and Use Cases
  • Who Is Allowed to Purchase?
  • Prohibited Apps and Use Cases
  • Device Entitlement
  • Stipends and/or Reimbursement to Users

Use our blueprint to improve your EUC practices

  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

Info-Tech’s methodology for end-user computing strategy

1. Set the Direction 2. Define the Offering 3. Build the Roadmap
Phase Steps

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

3.1 Develop Initiatives
Phase Outcomes

Current-State Assessment

Goals Cascade

User Group Assessment

Vision Statement

Mission Statement

Guiding Principles

Standard Offerings by User Group

Device Management Model

Technical Support Model

Device Entitlement Policy

Acceptable Use Policy

Remote Wipe Policy & Waiver

Personal Device Reimbursement Policy

End-User Migration Journey Map

Strategy and Roadmap

Insight summary

Once users are satisfied with devices, focus on the bigger picture

If end users are dissatisfied with devices, they will also be dissatisfied with IT. But if you don’t also focus on apps and supportability, then giving users better devices will only marginally increase satisfaction with IT.

Bring it back to stakeholder priorities

Before you build your vision statement, make sure it resonates with the business by identifying senior leadership’s priorities and aligning your own goals to them.

Balance choice, risk, and cost

The balance of user choice, risk mitigation, and cost optimization is unique for each company. Get the balance right by aligning your strategy’s goals to senior leadership’s most important priorities.

Communicate early and often with users

Expect users to become anxious when you start targeting their devices. Address this anxiety by bringing them into the conversation early in the planning – they will see that their concerns are being addressed and may even feel a sense of ownership over the strategy.

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.

Consider multiple personas when building your standards, training, and migrations

Early Adopters, Late Adopters, VIP Users, Road Warriors, and Hoarders – these five personas will exist in one form or another throughout your user groups.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

User Group Analysis Workbook

Use these worksheets to guide your analysis.

End-User Computing Ideas Catalog

Compare options for your end-user computing environment.

Standard End-User Entitlements and Offerings

Define your supported offerings and publish this document in your service catalog.

Policy Templates

Use these templates as a starting point for addressing policy gaps.

Key deliverable:

End-User Computing Strategy

Document your strategy using this boardroom-ready template.

Blueprint benefits

IT Benefits

  • Deliver immediate value to end users.
  • Provide the best service based on the user persona.
  • Provide better device coverage.
  • Use fewer tools to manage a less diverse but equally effective array of end-user computing devices.
  • Provide more managed devices that will help to limit risk.
  • Have better visibility into the end-user computing devices and apps.

Business Benefits

  • Conduct corporate business under one broad strategy.
  • Provide support to IT for specific applications and devices.
  • Take advantage of more scalable economies for providing more advantageous technologies.
  • Experience less friction between end users and the business and higher end-user satisfaction.

Measure the value of this blueprint

Your end-user computing strategy is an investment

Track the returns on your investment, even if those returns are soft benefits and not cost reductions

User Satisfaction

  • Satisfaction with device
  • Satisfaction with business apps
  • Satisfaction with service desk timeliness
  • Satisfaction with service desk effectiveness
  • Satisfaction with IT Employee engagement

Total Cost

  • Spend on each type of device
  • Cost of licenses for management tools, operating systems, and apps
  • Cost of support agreements # of support tickets per device per employee
  • Time spent supporting devices per tier or support team
  • Time spent per OS/app release

Risk Mitigation

  • # of devices that are end-of-life
  • % of devices in compliance
  • # of unmanaged devices
  • # of devices that have not checked in to management tool

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 10 calls over the course of 4 to 6 months.

Phase 1: Set the Direction

  • Call #1: Review trends in end-user computing and discuss your current state.
  • Call #2: Perform a user group analysis.
  • Call #3: Identify desired benefits and map to stakeholder drivers.

Phase 2: Define the Offering

  • Call #4: Define standard offerings.
  • Call #5: Select provisioning models.
  • Call #6: Outline supporting services and opportunities to shift end-user computing support left.
  • Call #7: Identify gaps in governance and policies.

Phase 3: Build the Roadmap

  • Call #8: Develop initiatives.
  • Call #9: Plan migration and build roadmap.

EUC Strategy Workshop Overview

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

Day 1 Day 2 Day 3 Day 4 Day 5
Set the Direction Define the Offering Support the Offering Bridge the Gap and Create the Roadmap Next Steps and Wrap-Up (offsite)
Activities

1.1 Identify desired benefits.

1.1.1 Assess the current state of end-user computing.

1.1.2 Perform a SWOT analysis.

1.1.3 Map benefits to stakeholder drivers and priorities.

1.2 Analyze user groups.

1.2.1 Identify user groups.

1.2.2 Identify supporting technology.

1.2.3 Record use cases.

1.2.4 Identify opportunities to provide value.

1.3 Define the vision.

1.3.1 Prioritize benefits.

1.3.2 Craft a vision and mission statement.

1.3.3 Identify goals.

1.3.4 Define guiding principles for your strategy.

2.1 Define the standard offerings.

2.1.1 Select a provisioning model for each persona.

2.1.2 Define the standard device offerings.

2.1.3 Document each personas’ entitlements.

2.2 Outline supporting practices.

2.2.1 Define device management tools and approach.

2.2.2 Identify groups involved in supporting practices.

2.2.4 Identify opportunities to improve customer service.

2.3 Define policies. 2.3.1 Define acceptable use. 2.3.2 Define BYOD policies. 2.3.3 Define procurement and entitlement policies. 2.3.4 Define security policies.

3.1 Develop initiatives.

3.1.1 Identify the gaps in devices, user support, use cases, policy & governance, and fitness for use.

3.1.2 Plan the deployment and user migration journey.

3.1.3 Document initiatives in the roadmap .

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up time to review workshop deliverables and discuss next steps

Deliverables
  1. SWOT analysis of current state
  2. Goals cascade
  3. Persona analysis
  1. Vision statement, mission statement, and guiding principles
  2. Goals and indicators
  3. End-user device entitlements standard
  1. List of management tools for end-user computing
  2. Roles and responsibilities for maintaining the end-user computing environment
  3. Opportunities to improve customer service
  4. End-user computing policy templates
  1. Initiatives mapped to practice areas
  2. User’s migration journey map
  1. End-user computing strategy template
  2. End-user computing roadmap

Phase 1

Set the Direction

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

  • Current-state analysis
  • Goals cascade
  • Persona analysis

This phase involves the following participants:

  • End-User Computing Team
  • IT Leadership

Set a direction that will create value for IT, stakeholders, and end users

Use your insights to build your strategy

Start by downloading Info-Tech’s End-User Computing Strategy Template

  1. Perform a stop-start-continue exercise for how IT supports end-user devices.
  2. Perform a goals cascade to identify how the end-user computing strategy can align with and support senior leaders’ priorities and strategic objectives.
  3. Perform a user group analysis to identify what IT can do to provide additional value to end users.
  4. Use the results to define a vision for your end-user computing strategy and in-scope benefits.

Download the End-User Computing Strategy Template.

Step 1.1

Identify Desired Benefits

Activities

1.1.1 Assess the current state of end-user computing

1.1.2 Perform a SWOT analysis

1.1.3 Map benefits to stakeholder drivers and priorities

Optional: Identify current total cost of ownership

This step requires the following inputs:

  • Current approach for end-user computing
  • List of strengths and weaknesses of the current approach

This step involves the following participants:

  • CIO
  • End-User Computing Team
  • IT Leadership
  • End-User Computing Manager

Outcomes of this step

  • Defined success metrics that are tied to business value
  • Vision statement, mission statement, and guiding principles

Review your current state for each end-user computing practice

  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

1.1.1 Assess the current state of end-user computing

Discuss IT’s strengths and challenges

Review your success in responding to the trends highlighted in the executive brief.

  • Start by reviewing the trends in the executive brief. Identify which trends you would like to focus on.
  • Review the domains below. Discuss:
    • Your current approach
    • Strengths about this approach
    • Challenges faced with this approach
  • Document the results in the “Current-State Assessment” section of your End-User Computing Strategy.
  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

Download the End-User Computing Strategy Template.

Consider these aspects of end-user computing in your assessment

Devices: As shown in the executive brief, devices are necessary for satisfaction in IT. In your current-state assessment, outline the principal means by which users are provided with a desktop and computing.

  • Corporate-issued devices: Document the types of devices (e.g. laptops, desktops, smartphones) and operating systems that IT currently supports.
    • Strengths: Highlight user satisfaction with your current offerings by referencing recent relationship surveys.
    • Challenges: Document corporate-issued devices where stakeholders and users are not satisfied, platforms that stakeholders would like IT to support, etc.
  • Standard offerings: Name the high-level categories of devices that you offer to end users (e.g. standard device, power device).
    • Strengths: Outline steps that IT has taken to improve the portfolio of standard offerings and to communicate the offerings.
    • Challenges: Identify areas to improve the standard offerings.

User support: Examine how the end-user computing team enables a high-quality customer service experience. Especially consider self-service and tier 1 support.

  • Self-service: Describe the current state of your self-service capabilities (e.g. name of the self-service portal, number of apps in the app store).
    • Strengths: Outline successes with your self-service capabilities (e.g. use of self-service tools, recently deployed tools, newly supported platforms).
    • Challenges: Identify gaps in self-service capabilities.
  • Tier 1 support: Document the number of end-user computing incidents and service requests that are resolved at tier 1 as well as the number of incidents and service requests that are resolvable without escalation.
    • Strengths: Identify technologies that make first contact resolution possible. Outline other items that support tier 1 resolution of end-user computing tickets, such as knowledgebase articles and training programs.
    • Challenges: Document areas in which tier 1 resolution of end-user computing tickets is not feasible.

Considerations (cont’d.)

Use cases: Reflect on how IT and end-user computing supports users’ most important use cases. Consider these aspects:

  • Providing value: Identify the number of user groups for which you have completed a user group analysis. Outline your major approaches for capturing feedback, such as relationship surveys.
    • Strengths: Document any successful initiatives around stakeholder relationships and requirements gathering. You can also highlight successful metrics, such as high satisfaction scores from a team, department, or division.
    • Challenges: Identify where there are dissatisfied stakeholders and gaps in product offerings and where additional work around value generation is required.
  • Business apps: Outline your major business apps and your approach to improvement for these apps. If you need assistance gathering feedback from end users and stakeholders, you can use Info-Tech’s Application Portfolio Assessment.
    • Strengths: Show the EUC team’s successes in supporting critical business apps (e.g. facilitating user acceptance testing, deploying via endpoint management tool).
    • Challenges: Name business apps that are not meeting stakeholder needs. Consider if end users are dissatisfied with an app, if IT is unable to adequately monitor and support a business app, etc.

Policy and governance: Document the current state of policies governing the use of end-user computing devices, both corporate-issued and personally owned. Review Step 2.3 for a list of policy questions to address and for links to policy templates.

  • Personal device use: Explain which users are allowed to use personally owned devices, what use cases are supported, and which types of devices are supported. Also, highlight explicit prohibitions.
    • Strengths: Highlight major accomplishments with BYOD, utilization metrics, etc. Consider including any platforms or apps that support BYOD (e.g. Microsoft Office 365).
    • Challenges: Identify where there are gaps in your support for personal devices. Examples can include insufficient management tools, lack of feedback from end users on BYOD support, undefined policies and governance, and inadequate support for personal devices.

Considerations (cont’d.)

IT policies: List your current policy documents. Include policies that relate to end-user computing, such as security policy documents; acceptable use policy documents; purchasing policies; documents governing entitlements to computers, tablets, smartphones, and prestigious devices; and employee monitoring policy documents.

  • Strengths: Outline the effectiveness of these policies, user compliance to these policies, and your success in enforcing these policies.
  • Challenges: Identify where you have gaps in user compliance, gaps in enforcing policies, many exceptions to a policy, etc.

Fitness for use: Reflect on your ability to secure users, enterprise data, and computers. Document your current capabilities to ensure devices are adequately secured and risks adequately mitigated.

  • Securing devices: Describe your current approach to implementing security baselines, protecting data, and ensuring compliance.
    • Strengths: Highlight your accomplishments with ensuring devices meet your security standards and are adequately managed.
    • Challenges: Identify areas that are not adequately protected, where IT does not have enough visibility, and devices on which IT cannot enforce security standards.
  • Patching: Describe your current approach to distributing OS patches, distributing app patches, and ensuring patch compliance.
    • Strengths: Outline steps that IT has taken to improve release and deployment practices (e.g. user acceptance testing, deployment rings).
    • Challenges: When is IT unable to push a patch to a device? Outline when devices cannot receive a patch, when IT is unable to ensure patches are installed, and when patches are disruptive to end users.

1.1.2 Perform a SWOT analysis

Summarize your current-state analysis

To build a good strategy, you need to clearly understand the challenges you face and opportunities you can leverage.

  • Summarize IT’s strengths. These are positive aspects internal to IT.
  • Summarize IT’s challenge. What internal IT weakness should the strategy address?
  • Identify high-level opportunities. Summarize positive factors that are external to IT (e.g. within the larger organization, strong vendor relationships).
  • Document threats. What external factors present a risk to the strategy?

Record your SWOT analysis in the “Current-State Assessment” section of your End-User Computing Strategy Template.

Download the End-User Computing Strategy Template.

1.1.3 Map benefits to stakeholder drivers and priorities

Use a goals cascade to identify benefits that will resonate with the business

Identify how end-user computing will support larger organizational strategies, drivers, and priorities

  1. Identify stakeholders. Focus on senior leaders – user groups will be addressed in Step 1.2.
  2. For each stakeholder, identify three to five drivers or strategic priorities. Use the drivers as a starting point to:
    1. Increase productivity
    2. Mitigate risks
    3. Optimize costs
  3. Map the benefits you brainstormed in Step 1.1 to the drivers. It’s okay to have benefits map to multiple drivers.
  4. Re-evaluate benefits that don’t map to any drivers. Consider removing them.
Stakeholder Drivers and Strategic Priorities End-User Computing Benefits
CEO Ensure service continuity with remote work
  • Customers can still be served by remote workers
Respond to COVID-19 changes with agility
  • Workers can transition seamlessly between working remotely and working in the office
Reduce unnecessary costs
  • Standardize computer models to reduce spend on devices
COO Business continuity: being able to work from home
  • Workers can transition seamlessly between working remotely and working in the office

Record this table on the “Goals Cascade” slide in the “Vision and Desired Benefits” section of your End-User Computing Strategy Template.

Use the CEO-CIO Alignment Program to identify which business benefits are most important.

Sample end-user computing benefits

Business Goals End-User Computing Benefits
Manage risk Controls are effectively enforced on remote devices Sensitive data is secured Devices and data are accounted for
Ensure service continuity Business processes can still function with remote personnel Customers can still be served by remote workers Personnel can be productive from anywhere IT practices can still operate remotely
Comply with external regulation Improved ability to demonstrate compliance
Respond to change with agility Personnel can be productive from anywhere More business processes can be performed remotely
Improve operational efficiency More efficient sales practices More efficient customer service practices Increased number of digitized business processes Increased use of IT and HR self-service tools
Offer competitive products and services Increased customer satisfaction with online services Number of piloted new products
Manage people Increased employee productivity Increased employee engagement Increased talent attraction Increased workforce retention
Make data-driven decisions Increased workforce retention Improved understanding of customers Access to accurate data on services and spending Improved IT cost forecasting
Improve customer experience Increased customer satisfaction with online services Ability to scale up capacity to meet increased demand Customers can still be served by remote workers Improved customer self-service options
Maximize stakeholder value Transition to OpEx spend and reduce CapEx investments Access to accurate data on services and spending Improved IT cost forecasting

Optional: Identify current total cost of ownership

Be mindful of hidden costs, such as those associated with supporting multiple devices and maintaining a small fleet of corporate devices to ensure business continuity with BYOD.

  • Use the Hardware Asset Management Budgeting Tool to forecast spend on devices (and infrastructure) based on project needs and devices nearing end of life.
  • Use the Mobile Strategy TCO Calculator to estimate the total cost of all the different aspects of your mobile strategy, including:
    • Training
    • Management platforms
    • Custom app development
    • Travel and roaming
    • Stipends and taxes
    • Support
  • Revisit these calculators in Phase 2. Use the TCO calculator when considering different approaches to mobility and end-user computing.

Insert the results into your End-User Computing Strategy Template.

Download the HAM Budgeting Tool.

Download the Mobile Strategy TCO Calculator.

Step 1.2

Perform a User Group Analysis

Activities

1.2.1 Organize roles based on how they work

1.2.2 Organize users into groups

1.2.3 Document the current offerings

1.2.4 Brainstorm pain points and desired gains for each user group

This step requires the following inputs:

  • List of roles and technologies
  • User feedback
  • List of personas

This step involves the following participants:

  • End-User Computing Team
  • IT Leadership
  • End-User Computing Manager

Outcomes of this step

  • List of user groups and use cases for each group
  • List of current offerings for each user group
  • Value analysis for each user group

Gather the information you need

Use the Application Portfolio Assessment to run a relationship survey.

Dive deeper with the blueprint Improve Requirements Gathering.

List of Roles and Technology

Organization chart: Consult with HR or department leaders to provide a list of the different roles that exist in each department.

Identity access management tools: You can consult tools like Active Directory, but only if the data is clean.

Apps and devices used: Run a report from your endpoint management tool to see what devices and apps are used by one another. Supplement this report with a report from a network management tool to identify software as a service that are in use and/or consult with department leaders.

User Feedback

Relationship surveys: Tools like the End-User Application Satisfaction Diagnostic allow you to assess overall satisfaction with IT.

Focus groups and interviews: Gather unstructured feedback from users about their apps and devices.

User shadowing: Observe people as they use technology to identify improvement opportunities (e.g. shadow meetings, review video call recordings).

Ticket data: Identify apps or systems that users submit the most incidents about as well as high-volume requests that could be automated.

1.2.1 Organize roles based on how they work

Start by organizing roles into categories based on where they work and how they interact with information.

  1. Define categories of where people work. Examples include:
    1. In office, at home, at client sites
    2. Stationary, sometimes mobile, always mobile
    3. Always in same location, sometimes in different locations, always in different locations within a site, mobile between sites
  2. Define categories of how people interact with information. Examples include:
    1. Reads information, reads and writes information, creates information
    2. Cases, projects, relationships
  3. Build a matrix. Use the location categories on one axis and the interaction categories on the other axis.
  4. Place unique job roles on the matrix. Review each functional group’s organizational chart. It is okay if you don’t fill every spot. See the diagram on this page for an example.
Always Works in the Same Location Sometimes Works in Different Locations Always Works in Different Locations
Predominantly Reads Information
  • Janitor
  • Receptionist
  • Receiving
  • Accounts Payable Clerk
Reads and Writes Information
  • Sales Rep
  • Sales Manager
  • Director of Sales
  • Developer
  • Scrum Master
  • Customer Service Agent
  • CS Manager
  • Call Center Director
  • Accountant
  • Controller
  • HR Specialist
  • Business Analyst
  • VP, Sales
  • Product Manager
  • Project Manager
  • Director of Engineering
  • VP, HR
  • CFO
  • Director of PMO
  • Field Sales Rep
  • CEO
  • CIO
  • COO
Predominantly Creates Information
  • External Consultants
  • Design
  • Marketing
  • Copywriting

1.2.2 Organize users into groups

Populate a user group worksheet for each in-scope group.

  1. Within each quadrant, group similar roles together into “User Groups.” Consider similarities such as:
    1. Applications they use
    2. Data and files with which they interact
    3. Business capabilities they support
  2. Document their high-level profile:
    1. Where they work
    2. Sensitivity of data they access
    3. Current device and app entitlements
  3. Document the resulting user groups. Record each user group on a separate worksheet in the User Group Analysis Workbook.

Download the User Group Analysis Workbook.

1.2.3 Document the current offerings

For each user group, document:

  • Primary and secondary computing devices: Their most frequently used computing devices.
  • Acceptable use: Whether corporate-issued devices are personally enabled.
  • BYOD: Whether this persona is authorized to use their personal devices.
  • Standard equipment provided: Equipment that is offered to everyone in this persona.
  • Additional devices and equipment offered: Equipment that is offered to a subset of this user group. These items can include more prestigious computers, additional monitors, and office equipment for users allowed to work remotely. This category can include items that require approval from budget owners.
  • Top apps: What apps are most commonly used by this user group? What common nonstandard apps are used by this user group?

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.

1.2.4 Brainstorm pain points and desired gains for each user group

Don’t focus only on their experiences with technology

Reference the common personas listed on the next page to help you brainstorm additional pain points and desired gains.

  1. Brainstorm pain points. Answer these questions for each role:
    1. What do people find tedious about their day-to-day jobs?
    2. What takes the most effort for them to do?
    3. What about their current toolset makes this user frustrated?
    4. What makes working difficult? Consider their experiences working from a home office, attending meetings virtually or in person, and working in the office.
    5. What challenges does that role have with each process?
  2. Brainstorm desired gains from their technology. Answer these questions for each role:
    1. For your end-user computing vision to become a reality for this persona, what outcomes or benefits are required?
    2. What benefits will this persona expect an end-user computing strategy to have?
    3. What improvements does this role desire?
    4. What unexpected benefits or outcomes would surprise this role?
    5. What would make this role’s day-to-day easier?
    6. What location-specific benefits are there (e.g. outcomes specific to working in the office or at home)?

Record each user group’s pain points and desired gains on their respective worksheet.

For additional questions you can ask, visit this Strategyzer blog post by Alexander Osterwalder.

Info-Tech Insight

Identify out-of-scope benefits?

If that desired gain is required for the vision to be achieved for a specific role, you have two options:

  • Bring the benefit in scope. Ensure your metrics are updated.
  • Bring this user group out of scope. End-user computing improvements will not be valuable to this role without that benefit.

Forcing a user group to use an unsatisfactory tool will severely undermine your chance of success, especially in the project’s early stages.

Consider these common personas when brainstorming challenges and desired gains

What unique challenges will these personas face within each of your user groups? What improvements would each of these personas expect out of an end-user computing strategy?

Early Adopters

  • Like trying new ways of working and using the latest technology.
  • Very comfortable solving their own issues.
  • Enjoy exploring and creating new ways of handling challenges.

Late Adopters

  • Prefer consistent ways of working, be it tech or business processes.
  • React to tech issues with anxiety and need assistance to get issues fixed.

VIP

  • Has a prestigious job and would like to use technology that communicates their status.
  • Does not like to resolve their own issues.

Road Warriors

  • Always on the go, running between work meetings and appointments.
  • Value flexibility and want devices, apps, and tech support that can be used anywhere at any time.

Hoarders

  • Want to keep all their devices, data, and apps.
  • Will stall when they need to migrate devices or uninstall apps and become unresponsive any time there is a risk of losing something.

Step 1.3

Define the Vision

Activities

1.3.1 Prioritize which benefits you want to achieve

1.3.2 Identify how you will track performance

1.3.3 Craft a vision statement that demonstrates what you’re trying to create

1.3.4 Craft a mission statement for your end-user computing team

1.3.5 Define guiding principles

This step requires the following inputs:

  • Goals cascade
  • List of benefits
  • List of critical success factors (CSFs)

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • End-User computing KPIs and metrics
  • Vision statement
  • Mission statement

1.3.1 Prioritize which benefits you want to achieve

Use the MoSCoW sorting technique

Select benefits that appear multiple times in the goals cascade from Activity 1.1.3 as well as your challenges from your current-state assessment.

  1. Record which benefits are “Must Haves.” Select benefits that are most important to your highest-priority stakeholders.
  2. Record which benefits are “Should Haves.” These benefits are important but not critical.
  3. Record which benefits are “Could Haves.” These are low-priority benefits.
  4. Record the remaining benefits under “Won’t Have.” These benefits are out-of-scope but can be revisited in the future.

Record the output in your End-User Computing Strategy Template under “Benefit Prioritization” in the “Vision and Desired Benefits” section.

Sample output:

Must Have Should Have Could Have Won't Have
  • Customers can still be served by remote workers.
  • Easier to work in multiple locations.
  • More options for provisioning computers to new workers.
  • Improved patching and security compliance checking of remote devices.
  • Self-service app installs on Windows.
  • More consistent experience across all devices and platforms, including BYOD.
  • Improved visibility into and manageability of BYOD.
  • Ability for users to create their own low-code apps (e.g. in Microsoft Power Apps).
  • Improved guidelines for running hybrid/remote meetings.
  • BYOD support for workers handling sensitive data.
  • Support for any type of Android smartphone or tablet.

1.3.2 Identify how you will track performance

  1. List each unique high-priority benefit from Activity 1.3.1 as a critical success factor (CSF).
  2. For each CSF, identify key performance indicators (KPIs) that you can use to track how well you’re progressing on the CSF.
    1. Articulate that KPI as a SMART goal (specific, measurable, achievable, realistic, and timebound).
  3. For each KPI, identify the metrics you will use to calculate it.
  4. Identify how and when you will:
    1. Capture the current state of these metrics.
    2. Update changes to the metrics.
    3. Re-evaluate the CSFs.
    4. Communicate the progress to the project team and to stakeholders.

Record this information in your End-User Computing Strategy Template.

Sample output:

Critical Success Factor Key Performance Indicator Metrics
Improve remote worker productivity Increase employee engagement by 10% in two years
  • McLean Employee Engagement Score
  • Gallup Q Score
Integrate relevant information sources into one spot for sales Integrate three information sources that will be useful to sales in one year
  • # of sales-specific apps integrated into a dashboard, portal, or workspace
  • Sales satisfaction scores
Reduce real-estate costs Reduce office space by 50% in two cities over three years
  • $ spent on office leases
Securely deliver all apps, information, and data to any device, anywhere, at any time Build the apps and information sources into a digital workspace for three business processes over one year
  • # of business processes supported in the workspace

1.3.3 Craft a vision statement that demonstrates what you’re trying to create

The vision statement communicates a desired future state of the IT organization. The statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived.

Strong IT vision statements have the following characteristics:

  • Describes a desired future
  • Focuses on ends, not means
  • Communicates promise
  • Is:
    • Concise; no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

Sample IT Vision Statements:

  • To support an exceptional employee experience by providing best-in-class end-user devices.
  • Securely enable access to corporate apps and data from anywhere, at any time, on any device.
  • Enable business and digital transformation through secure and powerful virtualization technology.
  • IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset.

1.3.4 Craft a mission statement for your end-user computing team

The IT mission statement specifies the function’s purpose or reason for being. The mission should guide each day’s activities and decisions. The mission statement should use simple and concise terminology and speak loudly and clearly, generating enthusiasm for the organization.

Strong IT mission statements have the following characteristics:

  • Articulate the IT function’s purpose and reason for existence
  • Describe what the IT function does to achieve its vision
  • Define the customers of the IT function
  • Can be described as:
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Inspirational
    • Memorable
    • Concise

Sample IT Mission Statements:

  • To provide infrastructure, support, and innovation in the delivery of secure, enterprise-grade information technology products and services that enable and empower the workforce at [Company Name].
  • To help fulfill organizational goals, the IT department is committed to empowering business stakeholders with technology and services that facilitate effective processes, collaboration, and communication.
  • The mission of the information technology (IT) department is to build a solid, comprehensive technology infrastructure; to maintain an efficient, effective operations environment; and to deliver high-quality, timely services that support the business goals and objectives of [Company Name].
  • The IT group is customer-centered and driven by its commitment to management and staff. It oversees services in computing, telecommunications, networking, administrative computing, and technology training.

1.3.5 Define guiding principles

Select principles that align with your stakeholders’ goals and objectives

Use these examples as a starting point:

IT Principle Name IT Principle Statement
1. Enterprise value focus We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
2. Fit for purpose We maintain capability levels and create solutions that are fit for purpose without over-engineering them.
3. Simplicity We choose the simplest solutions and aim to reduce operational complexity of the enterprise.
4. Reuse > buy > build We maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
5. Managed data We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy.
6. Controlled technical diversity We control the variety of technology platforms we use.
7. Managed security We manage, support, and assist in the implementation of security enterprise-wide in collaboration with our security governance team.
8. Compliance to laws and regulations We operate in compliance with all applicable laws and regulations.
9. Innovation We seek innovative ways to use technology for business advantage.
10. Customer centricity We deliver best experiences to our end users by aligning to customer service best practices.

Phase 2

Define the Offering

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

  • Defining standard device entitlements and provisioning models for end-user devices and equipment
  • Shifting end-user computing support left
  • Identifying policy gaps

This phase involves the following participants:

  • End-User Computing Team
  • IT Leadership

Step 2.1

Define the Standard Offerings

Activities

2.1.1 Identify the provisioning models for each user group

2.1.2 Define the standard device offerings

2.1.3 Document each user group’s entitlements

This step requires the following inputs:

  • Standard End-User Entitlements and Offerings Template
  • List of persona groups
  • Primary computing devices
  • Secondary computing devices
  • Supporting operating systems
  • Applications and office equipment

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • End-user device entitlements and offerings standard

This step will walk you through defining standard offerings

You will define the base offering for all users in each user group as well as additional items that users can request (but that require additional approvals).

  1. Primary Computing Device
    • The main device used by a worker to complete their job (e.g. laptop for knowledge workers, kiosk or shared tablet for frontline workers).
  2. Secondary Computing Devices
    • Additional devices that supports a worker (e.g. a smartphone, tablet, personal computer).
  3. Provisioning Models
    • Whether the equipment is corporate-issued versus personally owned and whether personal use of corporate resources is allowed.
  4. Apps
    • The software used by the worker. Apps can be locally installed, cloud-based (e.g. SaaS), and/or virtualized and running remotely.
  5. Peripherals
    • Additional equipment provisioned to the end user (e.g. monitors, docking station, mice, keyboards).

There is always a challenge of determining who gets what and when

The goal is balancing cost, risk, and employee engagement

The right balance will be different for every organization

  • IT can’t always say no to new ideas from the business. For example, if the organization wants to adopt Macs, rather than resisting IT should focus on identifying how Macs can be safely implemented.
  • Smartphones may not be necessary for a job, but they can be a valid employee perk. Not every employee may be entitled to the perk. There may be resentment between employees of the same level if one of the employees has a corporate-issued, business-only phone for their job function.
  • The same laptop model may not work for everyone. Some employees may need more powerful computers. Some employees may want more prestigious devices. Other employees may require a suite of apps that is only available on non-Windows operating systems.

Action Item: Provide a defined set of standard options to the business to proactively address different needs.

A good end-user computing strategy will effectively balance:

  • User Choice
  • Risk
  • Cost

Your standard offerings need to strike the right balance for your organization.

Review the End-User Computing Ideas Catalog

Compare pros and cons of computing devices and operating systems for better decision making

The catalog provides information about choices in:

  • Provisioning models
  • Operating systems
  • Device form factors

Review the catalog to learn about items that can help your organization to achieve the desired vision from Phase 1.

As you review the catalog, think about these questions:

  • What primary and secondary devices can you provide?
  • What operating systems do these devices support?
  • What are the provisioning models you will use, considering each model’s weaknesses and strengths?
  • How can you more effectively balance user choice, risk, and cost?

Download the End-User Computing Ideas Catalog.

2.1.1 Identify the provisioning models for each user group

  1. Review the definitions in the End-User Computing Ideas Catalog.
  2. Build a table. List the major user groups along the top of the table and applications down the rows.
  3. Brainstorm provisioning models that will be used for primary and secondary devices for each persona group.
  4. Record your provisioning models in the Standard End-User Entitlements and Offerings Template.

Download the End-User Computing Ideas Catalog.

Download the Standard End-User Entitlements and Offerings Template.

Persona Primary Computing Device Secondary Laptops or Computers Smartphone Tablet
Sales COPE BYOD BYOD BYOD
Field Sales CYOD BYOD COBO COBO
Customer Service COBO None None None
Knowledge Worker COPE BYOD BYOD BYOD
App Dev CYOPED None CYOD CYOD
VIP CYOPED CYOPED CYOPE BYOD

Identify multiple device options

Offer standard, power, and prestigious offerings

Prioritize offering models and align them with your user groups.

  • Standard device: This offering will work for most end users.
  • Power device: This offering will provide additional RAM, processor speed, storage, etc., for users that require it. It is usually offered as an additional option that requires approval.
  • Prestigious device: This offering will be provided to VIP users.
  • Portable device: This offering is for employees within a user group that moves around more often than others. This type of offering is optional – consider having a separate user group for these users that get a more portable laptop as their standard device.

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option ready to offer. This approach will help you to proactively anticipate your users’ needs.

Who approves?

Generally, if it is a supported device, then the budget owner determines whether to allow the user to receive a more powerful or more prestigious device.

This decision can be based on factors such as:

  • Business need – does the user need the device to do their job?
  • Perk or benefit – is the device being offered to the end user as a means of increasing their engagement?

If IT gets this answer wrong, then it can result in shadow IT

Document your answer in the Device Entitlement Policy Template.

2.1.2 Define the standard device offerings

Consider all devices and their supporting operating systems.

  1. On a flip chart or whiteboard, build a matrix of the supported form factors and operating systems.
  2. For each cell, document the supported vendor and device model.
  3. Identify where you will provide additional options.
Windows Mac OS iOS Android
Laptops Lenovo T15 Gen 2 MacBook Pro 14” N/A N/A
Power Laptops Lenovo ThinkPad X1 Carbon MacBook Pro 16” N/A N/A
Prestigious Laptops Lenovo ThinkPad X1 Yoga Gen 6 MacBook Pro 16” N/A N/A
Tablets Microsoft Surface N/A iPad Pro Samsung Galaxy Tab
Smartphones N/A N/A iPhone 13 Samsung Galaxy S21

2.1.3 Document each user groups’ entitlements

Not every persona needs to be entitled to every supported option

Use the Standard End-User Entitlements and Offerings Template as a starting point.

  • Create a separate section in the document for each persona. Start by documenting the provisioning models for each type of device.
  • Record the standard offering provided to members of each persona as well as additional items that can be provided with approval. Record this information for:
    • Primary computing devices
    • Secondary computing devices
  • Optional: Document additional items that will be provided to members of each persona as well as additional items they can request, such as:
    • Apps
    • Office equipment

Download the Standard End-User Entitlements and Offerings Template.

Step 2.2

Outline Supporting Services

Activities

2.2.1 Review device management tools and capabilities

2.2.2 Identify common incidents and requests for devices

2.2.3 Record how you want to shift resolution

2.2.4 Define which IT groups are involved in supporting practices

Define the Offering

This step requires the following inputs:

  • Standard End-User Entitlements and Offerings Template
  • List of supporting devices
  • Common incidents and requests
  • List of supporting practices

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • List of IT groups who are involved in supporting devices
  • Responsibilities of each group for requests and incidents

2.2.1 Review device management tools and capabilities

Document the tools that you use to manage each OS and identify gaps

If there are different approaches to managing the same OS (e.g. Windows devices that are co-managed versus Windows devices that are only managed by Intune), then list those approaches on separate rows.

Provision Protect from loss/theft Deploy/update apps Backup & protect Protect from injections Complies with policies Track Decommission
Windows 10 & 11 (co-managed) Autopilot Gap ConfigMgr Gap Windows Security ConfigMgr ConfigMgr Intune Intune and Autopilot
Windows 10 & 11 (Intune) Autopilot Intune (remote wipe) Intune OneDrive for Business Windows Security Microsoft Advanced Threat Protection Intune Intune and Autopilot
Mac OS Jamf Pro Intune (remote wipe) Jamf Pro OneDrive for Business Gap Jamf Pro Intune Jamf Pro

Document the results on the “IT Management Tools” slide in the “IT Support” section of your End-User Computing Strategy Template.

2.2.2 Identify common incidents and requests for devices

Analyze your service desk ticket data. Look for the following information:

  • The most common incidents and service requests around end-user devices and business apps
  • Incident categories and service requests that almost always involve escalations

Record the level at which these tickets can be resolved today. Ensure you include these groups:

  • Tier 0 (i.e. end-user self-service)
  • Tier 1 (i.e. user’s first point of contact at the service desk)
  • Desk-side support and field-support groups
  • End-user computing specialist teams (e.g. desktop engineering, mobile device management teams)
  • Other specialist teams (e.g. security, enterprise applications, DevOps)

Record the desired state. For each incident and request, to where do you want to shift resolution?

Record this chart on the “Current State of IT Support” slide in the “IT Support” section of your End-User Computing Strategy Template.

Most Common Incidents & Requests Self-Service Service Desk Tier 1 Desk-Side or Field Support End-User Computing
Connect/fix a printer X
Web conferencing issue X
Bluetooth issues X
Outlook issues X
Install standard app X
Install app requiring approval X
Install nonstandard app X
Enroll personal iOS/Android device X
Enroll personal Mac/Windows computer X
Perform a factory reset on a lost or stolen device X
Unenroll device X

2.2.3 Record how you want to shift resolution

Identify opportunities to improve self-service and first contact resolution.

Starting with the chart you created in Activity 2.2.2, record the desired state. For each incident and request, to where do you want to shift resolution?

  • Identify quick wins. Where will it take low effort to shift resolution? Denote these items with a “QW” for quick win.
  • Identify high-value, high-effort shifts. Where do you want to prioritize shifting resolution? Base this decision on the desired benefits, guiding principles, and vision statement built in Phase 1. Denote these items with an “H” for high.
  • Identify low-value areas. Where would shifting provide low value to end users and/or would have low alignment to the benefits identified in Phase 1? Denote these items with an “L” for low.
  • Identify where no shift can occur. Some items cannot be shifted to self-service or to tier 1 due to governance considerations, security factors, or technical complexity. Denote these items with an “OoS” for out of scope.

Use the “Opportunities to Provide Self-Service and Articles” and “Desired State” slides in the “IT Support” section of your End-User Computing Strategy Template to document quick wins and high-value, high-effort shifts.

Most Common Incidents & Requests Self-Service Service Desk Tier 1 Desk-Side or Field Support End-User Computing
Connect/fix a printer H QW X
Web conferencing issue H X
Bluetooth issues L X
Outlook issues H H X
Install standard app X
Install app requiring approval H X
Install nonstandard app OoS X
Enroll personal iOS/Android device QW QW X
Enroll personal Mac/Windows computer QW QW X
Perform a factory reset on a lost or stolen device QW QW X
Unenroll device QW QW X

2.2.4 Define which IT groups are involved in supporting practices

Repeat activities 2.2.2 and 2.2.3 with the following list of tasks

IT Asset Management

  • Purchasing devices
  • Purchasing software licenses
  • Imaging devices
  • Deploying devices
  • Deploying software
  • Recovering devices
  • Recovering software

Release Management

  • Testing patches
  • Testing app updates
  • Testing OS updates
  • User acceptance testing

Managing Service Catalogs

  • Defining standard device offerings
  • Defining standard software offerings
  • Defining device and software entitlements
  • Updating published catalog entries

Knowledge Management

  • Writing internal KB articles
  • Writing user-facing articles
  • Training specialists
  • Training service desk agents
  • Training users

Portfolio Management

  • Prioritizing app upgrades or migrations
  • Prioritizing OS migrations
  • Prioritizing end-user computing projects

Step 2.3

Define Governance and Policies

Activities

2.3.1 Answer these organizational policy questions

2.3.2 Answer these security policy questions

Define the Offering

This step requires the following inputs:

  • List of supporting devices
  • List of persona groups
  • List of use cases

This step involves the following participants:

  • End-User Computing Manager
  • CIO
  • Help Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • End-user computing organizational and security policies

Focus on organizational policies and enforcement

Policies set expectations and limits for mobile employees

Enforcement refers to settings on the devices, management and security tools, and process steps.

  • Policies define what should and should not be done with user-facing technology. These policies define expectations about user and IT behavior.
  • Enforcement ensures that policies are followed. User policies must often be enforced through human intervention, while technology policies are often enforced directly through infrastructure before any people get involved.

Use the “Policies” section in the End-User Computing Strategy Template to document the answers in this section. Activities 2.3.2 and 2.3.3 present links to policy templates. Use these templates to help address any gaps in your current policy suite.

2.3.1 Answer these organizational policy questions

Identify if there are different expectations for certain user groups, where exceptions are allowed, and how these policies will be enforced.

Entitlements

  • Who is entitled to receive and use prestigious computers?
  • Who is entitled to receive and use a smartphone?
  • What users are entitled to a stipend for personal device use?

Personal Device Use

  • What use cases are supported and are not supported on personal devices?
  • What level of visibility and control does IT need over personal devices?

Acceptable Use

  • Are people allowed to use corporate resources for personal use?
  • What are the guidelines around personal use?
  • Are users allowed to install personal apps on their corporate-issued computers and/or mobile devices?

Purchasing and Reimbursement

  • Who is allowed to purchase devices? Apps?
  • When can users file a reimbursement request?

Employee Monitoring

  • What user information is monitored?
  • When can that information be used and when can it not be used?

Use the “Policies” section of the End-User Computing Strategy Template to document these answers.

Identify organizational policy gaps

Use these templates as a starting point

Entitlements

Download the Mobile Device Connectivity & Allowance Policy template.

Purchasing & Reimbursement

Download the Purchasing Policy template.

Download the Mobile Device Reimbursement Policy template.

Download the Mobile Device Reimbursement Agreement template.

Acceptable Use

Download the General Security – User Acceptable Use Policy template.

Personal Device Use

Download the BYOD Acceptable Use Policy template.

Download the Mobile Device Remote Wipe Waiver template.

Employee Monitoring

Download the General Security – User Acceptable Use Policy template.

Visit the Reduce and Manage Your Organization’s Insider Threat Risk blueprint to address this gap.

2.3.2 Answer these security policy questions

Identify if there are different expectations for certain user groups, where exceptions are allowed, and how these policies will be enforced.

Use Cases

  • What data and use cases are subject to stricter security measures?
  • Are certain use cases or data prohibited on personal devices?
  • Are there restrictions around where certain use cases are performed and by whom?

Patching

  • Are users expected to apply OS and app updates and patches? Or does IT automate patching?

Physical Security

  • What does the user need to do to secure their equipment?
  • If a device is lost or stolen, who does the user contact to report the lost or stolen device?

Cybersecurity

  • How will IT enforce security configuration baselines?
  • What does the user need to do (or not do) to secure their device?
  • Are certain users allowed to have local admin rights?
  • What happens when a device doesn’t comply with the required security configuration baseline?

Use the “Policies” section of the End-User Computing Strategy Template to document these answers.

Identify security policy gaps

Use these templates as a starting point

Use Cases

Download the General Security – User Acceptable Use Policy template.

Visit the Discover and Classify Your Data blueprint to address this gap.

Patching

Download the General Security – User Acceptable Use Policy template.

Physical and Cyber Security

Download the General Security – User Acceptable Use Policy template.

Visit the Develop and Deploy Security Policies blueprint to address this gap.

For help defining your own security configuration baselines for each operating system, reference best practice documentation such as:

National Institute of Standards and Technology’s National Checklist Program.

Center for Internet Security’s solutions.

Microsoft’s security baseline settings for Windows 10 and 11 Configuration Service Providers.

Phase 3

Build the Roadmap

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

  • Defining initiatives for each EUC domain
  • Building a customer journey map for any end-user computing migrations
  • Building a roadmap for EUC initiatives

This phase involves the following participants:

  • End-User Computing Team

Step 3.1

Develop Initiatives

Activities

3.1.1 Identify initiatives for each EUC practice

3.1.2 Build out the user’s migration journey map

3.1.3 Build out a list of initiatives

Build the Roadmap

This step requires the following inputs:

  • User group workbook
  • Migration initiatives

This step involves the following participants:

  • Infrastructure Director
  • Head of End-User Computing
  • End-User Computing Team
  • Project Manager (if applicable)

Outcomes of this step

  • End-user computing roadmap
  • Migration plan

3.1.1 Identify the gaps in each EUC area

Build a high-level profile of the changes you want to make

For each of the five areas, build a profile for the changes you want to implement. Record:

  1. The owner of the area
  2. The objective that you want to accomplish
  3. The desired benefits from focusing on that area
  4. Any dependencies to the work
  5. Risks that can cause the objective and benefits to not be achieved

Identify the initiatives involved in each area.

Document these profiles and initiatives in the “Roadmap” section of your End-User Computing Strategy Template.

  1. Devices
    • Corporate-issued devices
    • Standard offerings
  2. User Support
    • Self-service
    • Tier 1 support
  3. Use Cases
    • Providing value
    • Business apps
  4. Policy & Governance
    • Personal device use
    • IT policy
  5. Fitness for Use
    • Securing devices
    • Patching

Your initiatives may require a user migration

Plan the user’s migration journey

Consider each user group’s and each persona’s unique needs and challenges throughout the migration.

  1. Preparing to migrate: The user may need to schedule the migration with IT and back up files.
  2. Migrating: IT executes the migration (e.g. updates the OS, changes management tools).
  3. Getting assistance: When a user experiences an error during the migration, how will they get help from IT?
  4. Post-migration: How will IT and the user know that the migration was successful one week later?

Understand the three migration approaches

Online

Users execute the migrate on their own (e.g. Microsoft’s consumer migration to Windows 10).

In person

Users come in person, select a device, and perform the migration with a specialist. If the device needs support, they return to the same place (e.g. buying a computer from a store).

Hybrid

Users select a device. When the device is ready, they can schedule time to pick up the device and perform the migration with a specialist (e.g. purchasing an iPhone in advance from Apple’s website with in-store pick-up).

Be prepared to support remotely

Migrations to the new tool may fail. IT should check in with the user to confirm that the device successfully made the migration.

3.1.2 Build out the user’s migration journey map

Contemplate a roadmap to plan for end-user computing initiatives

  • As a group, brainstorm migration initiatives.
  • For each of the four phases, identify:
    • User activities: actions we need the user to do
    • IT activities: actions and processes that IT will perform internally
    • User touchpoints with IT: how the user will interact with the IT group
    • Opportunities: ideas for how IT can provide additional value to the end user in this phase.
  • Use the example in the End-User Computing Strategy Template as a starting point.

Download the End-User Computing Strategy Template.

Embed requirements gathering throughout your roadmap

Use a combination of surveys, focus groups, and interviews

You’re doing more than eliciting opinions – you’re performing organizational change management.

  • Use surveys to profile the demand for specific requirements. When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.
  • Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements.
  • Focus groups are used to get input from multiple people in a similar role. This format allows you to ask a few open-ended questions to groups of about five people.

The benefits of interviews and focus groups:

  • Foster direct engagement: IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.
  • Offer greater detail: With interviews, greater insight can be gained by leveraging information that traditional surveys wouldn’t uncover. Face-to-face interactions provide thorough answers and context that helps inform requirements.
  • Remove ambiguity: Face-to-face interactions allow opportunities to follow up on ambiguous answers. Clarify what stakeholders are looking for and expect in a project.
  • Enable stakeholder management: Interviews are a direct line of communication with project stakeholders. They provide input and insight and help to maintain alignment, plan next steps, and increase awareness within the IT organization.

Activity instructions:

  1. Early requirements ideation: Identify who you want to interview through one-on-one meetings and focus groups.
  2. Requirements validation and prioritization: Identify which user groups you plan to survey and when.
  3. Usability testing: Plan to include usability testing during each phase. Build it into your release practices.

3.1.3 Build out a list of initiatives

Download a copy of the Roadmap Tool

On tab “1. Setup”:

  • Update category 1 to be all the EUC areas (i.e. Devices, User Support).
  • Update category 2 and category 3 with meaningful items (e.g. operating system, device model, persona group).

Use tab “2. Data Entry” to record your list of initiatives.

  • Each initiative should have its own row. Write a high-level summary under “Roadmap Item” and include more detail under “Description and Rationale.”
  • Enter each initiative’s effort, priority, and timeline for beginning. These are mandatory fields for tab “3. Roadmap” to work properly.

Use tab “3. Roadmap” to visualize your data. You will have to press “Refresh All” under Data in the ribbon for the PivotChart to update.

Copy the roadmap visual on tab “3. Roadmap” into your End-User Computing Strategy Template. You can also copy the list of initiatives over into the document.

Download the Roadmap Tool.

Summary of Accomplishment

Problem Solved

You built a strategy to improve the balance between user enablement, risk mitigation, and cost optimization. Throughout the blueprint, you identified opportunities to provide additional value to end users and stakeholders during these activities:

  • Goals cascade
  • User group analysis
  • Definition of standard device types and platforms
  • IT support shift-left analysis
  • Policy gap analysis
  • Roadmapping

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

Identify User Groups

Identify each user group based on the business processes, tasks, and applications they use.

Define Standard Device Offerings

Record your provisioning models for each user group and the primary and secondary devices, apps, and peripherals that each group receives.

Related Info-Tech Research

Simplify Remote Deployment With Zero-Touch Provisioning

This project helps you align your zero-touch approach with stakeholder priorities and larger IT strategies. You will be able to build your zero-touch provisioning and patching plan from both the asset lifecycle and the end-user perspective to create a holistic approach that emphasizes customer service. Tailor deployment plans to more easily scope and resource deployment projects.

Implement Hardware Asset Management

This project will help you analyze the current state of your HAM program, define assets that will need to be managed, and build and involve the ITAM team from the beginning to help embed the change. It will also help you define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

Govern Office 365

This project will help you conduct a goals exercise and capability assessment for Office 365. You will be able to refine governance objectives, build out controls, formalize governance, build out one pagers, and finalize a communication plan.

Research Contributors and Experts

  • Steve Fox, Deputy IT Director, Virginia State Corporation Commission
  • Mazen Joukhadar, TransForm Shared Service Organization
  • Nathan Schlaud, PMO Senior Director, RPC Inc.
  • Rebecca Mountjoy, Infrastructure Systems Manager, BlueScope Buildings
  • DJ Robins, Director of Information Technology, Mohawk MedBuy
  • Jason Jenkins, Tech. Specialist, Michal Baker Corp.
  • Brad Wells, IT Infrastructure Solutions Architect, London Police Service
  • Danelle Peddell, Director, Project Management Office, Emco Corporation
  • John Annand, Principal Research Director, Info-Tech Research Group
  • Allison Kinnaird, Research Director and Research Lead, Info-Tech Research Group
  • Sandi Conrad, Principal Research Director, Info-Tech Research Group
  • Andrew Kum-Seun, Senior Research Analyst, Info-Tech Research Group
  • Mark Tauschek, Vice President IT Infrastructure & Operations Research, Info-Tech Research Group

A special thank-you to 6 anonymous contributors

Bibliography

“2020 Annual Report and Proxy.” Citrix, 2020. Accessed Oct. 2021.

“2021 BYOD Security Report.” Cybersecurity Insiders, 2021. Web.

Anderson, Arabella. “12 Remote Work Statistics to Know in 2022.” NorthOne, 2021. Accessed Oct. 2021.

Bayes, Scarlett. “ITSM: 2021 & Beyond.” Service Desk Institute, 14 April 2021, p. 14. Web.

Belton, Padraig. “Intel: Chip shortage will extend to at least 2023.” Light Reading, 22 Oct. 2021. Web.

Beroe Inc. “Demand for PC Components Saw a Surge Due to COVID-19, Says Beroe Inc.” Cision PR Newswire, 2 Sept. 2021. Web.

Devaraj, Vivekananthan. “Reference Architecture: Remote PC Access.” Citrix, 2021. Accessed Aug. 2021.

“Elements of the Project Charter and Project Scope Statement.” A Guide to PMBOK, 7th edition, PMI, 2021. Accessed Sept. 2021.

Elliott, Christopher. “This Is How The Pandemic Improved Customer Service.” Forbes, 2021. Accessed Oct. 2021.

“Enable TMP 2.0 on your PC.” Microsoft, Support, Aug. 2021. Web.

“End User Computing Trends to Look Out for in 2021.” Stratodesk, 30 Oct. 2020. Accessed September 2021.

“Global State of Customer Service: The Transformation of Customer Service from 2015 to Present Day.” Microsoft, 2019. Web.

Goodman, Elizabeth et al. “Observing the User Experience” A Practitioner's Guide to User Research, 2nd edition. Elsevier, 2012. Accessed Sept. 2021.

Govindarajulu, Chittibabu. “An Instrument to Classify End-Users Based On the User Cube” Informing Science, June 2002. Accessed September 2021.

Griffith, Eric. “Remote Employees to Bosses: Our PCs Suck!” PCMag, 11 Oct. 2021. Web.

Hutchings, Jeffrey D., and Craig A. de Ridder. “Impact of Remote Working on End User Computing Solutions and Services.” Pillsbury, 2021. Accessed Sept. 2021

“ITIL4 Create, Deliver, and Support.” Axelos, 2020. Accessed Sept. 2021.

“ITIL4 Drive Stakeholder Value” Axelos, 2020. Accessed Sept. 2021.

Mcbride, Neil, and Trevor Wood-Harper. “Towards User-Oriented Control of End-User Computing in Large Organizations” Journal of Organizational and End User Computing, vol. 14, no. 1, pp. 33-41, 2002. Accessed September 2021.

““Microsoft Endpoint Configuration Manager Documentation.” Microsoft Docs, Microsoft, 2021. Accessed Sept. 2021.

“Microsoft Intune documentation.” Microsoft Docs, Microsoft. Accessed Sept. 2021.

“Mobile Cellular Subscriptions (per 100 People).” The World Bank, International Telecommunication Union (ITU) World Telecommunication/ICT Indicators Database, 2020. Web.

Morgan, Jacob. “The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate.” Wiley, 2017. Accessed Sept. 2021.

Murphy, Anna. “How the pandemic has changed customer support forever.” Intercom, 2021. Accessed Sept. 2021.

“Operating System Market Share Worldwide, Jan 2021-Jan 2022.” StatCounter GlobalStats, 2022. Web.

“Operating System Market Share Worldwide, Jan-Dec 2011.” StatCounter GlobalStats, 2012. Web.

Pereira, Karla Susiane, et al. “A Taxonomy to Classify Risk End-User Profile in Interaction with the Computing Environment.” In: Tryfonas T. (eds.) Human Aspects of Information Security, Privacy, and Trust. HAS 2016. Lecture Notes in Computer Science, vol. 9750. Accessed Sept. 2021.

Perrin, Andrew. “Mobile Technology and Home Broadband 2020.” Pew Research Center, 3 June 2021. Web.

Quan-Haase, Anabel. “Technology and Society: Social Networks, Power, and Inequality” Oxford University Press, 2012. Accessed Aug. 2021.

Reed, Karin, and Joseph Allen. “Suddenly Virtual: Making Remote Meetings Work.” Wiley, 2021. Accessed Aug. 2021.

Rockart, John F., and Lauren S. Flannery. “The management of end user computing.” Communications of the ACM, vol. 26, no. 10, Oct. 1983. Accessed September 2021.

Turek, Melanie. “Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research.” Samsung Insights, 3 Aug. 2016. Web.

Vladimirskiy, Vadim. “Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products.” Nerdio, 2021. Accessed Aug. 2021.

“VMware 2021 Annual Report.” VMware, Financial Document Library, 2021. Web.

VMworld 2021, Oct. 2021.

Vogels, Emily A. “Digital divide persists even as americans with lower incomes make gains in tech adoption.” Pew Research Center, 22 June 2021. Web.

“What is End-User computing?” VMware, 2021. Accessed Aug. 2021.

“Windows 10 Home and Pro.” Microsoft, Docs, 2021. Web.

Zibreg, Christian. “Microsoft 365 Now Boasts Over 50 Million Subscribers.” MUD, 29 April 2021. Web.

What is resilience?

Aside from the fact that operational resilience is mandated by law as of January 2025 (yes, next year), having your systems and applications available to your customers whenever they need your services is always a good idea. Customers, both existing and new ones, typically prefer smooth operations over new functionality. If you have any roadblocks in your current customer journey, then solving those is also part of operational resilience (and excellence).

Does this mean you should not market new products or services? Of course not! Solving a customer journey roadblock is ensuring that your company is resilient. The Happy Meal is a prime example: it solved a product roadblock for small children and a profits roadblock for the company. For more info, just google it. But before you bring a new service online, be sure that it can withstand the punches that will be thrown at it. 

What is resilience? 

Resilience is the art of making sure your services are available to your customers whenever they can use them. Note I did not say 24/7/365. Your business may require that, but perhaps your systems need "only" to be available during "normal" business hours.

Resilient systems can withstand adverse events that impair their ability to perform normal functions, and, like in the case the Happy Meals, increased peak demands. Events can include simple breakdowns (like a storage device, an internet connection that fails, or a file that fails to load) or something worse, like a cyber attack or a larger failure in your data center.

Your client does not care what the cause is; what counts for the client is, "Can I access your service? (or buy that meal for my kid.)"

Resilience entails several aspects:

  • availability
  • performance
  • right-sizing
  • hardening
  • restore-ability
  • testing
  • monitoring
  • management and governance

It is now tempting to apply these aspects only to your organization's IT or technical parts. That is insufficient. Your operations, management, and even e.g. sales must ensure that services rendered result in happy clients and happy shareholders/owners. The reason is that resilient operations are a symphony. Not one single department or set of actions will achieve this. When you have product development working with the technical teams to develop a resilient flow at the right level for its earning potential, then you maximize profits.

This synergy ensures that you invest exactly the right level of resources. There are no exaggerated technical or operational elements for ancillary services. That frees resources to ensure your main services receive the full attention they deserve.

Resilience, in other words, is the result of a mindset and a way of operating that helps your business remain at the top of its game and provides a top service to clients while keeping the bottom line in the black. 

Why do we need to spend on this?

I mean, if it ain't broke, don't fix it. That old adage is true, and yet not. Services can remain up and running for a long time with single points of failure. But can you afford to have them break at any time? If yes, and your customers don't mind waiting for you to patch things up, then you can "risk-accept" that situation. But how realistic is that these days? If I cannot buy it at your shop today, I'll more than likely get it from another. If I'm in a contract with you, yet you cannot deliver, we will have a conversation, or at the very least, a moment of disappointment. If you have enough "disappointments," you will lose the customer. Lose enough customers, and you will have a reputational problem or worse.

We don't like to spend resources on something that "may"go wrong. We do risk assessments to determine the true cost of non-delivery and the likelihood of that happening. And there are different ways to deal with that assessment's outcome. Not everything needs to have double the number of people working on it, just in case one resignes. Not every system needs an availability of 99,999%.

But sometimes, we do not have a choice. When lives are at stake, like in medical or aviation services, being sorry is not a good starting point. The same goes for financial services. the DORA and NIS2 legislation in the EU, the CEA, FISMA, and GLBA in the US, and ESPA in Japan, to name a few, are legislations that require your company, if active in the relevant regulated sectors, to comply and ensure that your services continue to perform.

Most of these elements have one thing in common: we need to know what is important for our service delivery and what is not.

Business service

That brings us to the core subject of what needs to be resilient. The answer is very short and very complex at the same time. It is the service that you offer to your customers which must meet reliance levels.

Take the example of a hospital. When there is a power outage, the most critical systems must continue operating for a given period. That also means that sufficient capable staff must be present to operate said equipment; it even means that the paths leading to said hospital should remain available; if not by road, then, e.g., by helicopter. If these inroads are unavailable, an alternate hospital should be able to take on the workload. 

Not everything here in this example is the responsibility of the hospital administrators! This is why the management and governance parts of the resilience ecosystem are so important in the bigger picture. 

If we look at the financial sector, the EU DORA (Digital Operational Resilience Act) specifically states that you must start with your business services. Like many others, the financial sector can no longer function without its digital landscape. If a bank is unexpectedly disconnected from its payment network, especially SWIFT, it will not be long before there are existential issues. A trading department stands to lose millions if the trading system fails. 

Look in your own environment; you will see many such points. What if your internet connection goes down, and you rely on it for most of your business? How long can you afford to be out? How long before your clients notice and take action? Do you supply a small but critical service to an institution? Then, you may fall under the aforementioned laws (it's called third-party requirements, and your client may be liable to follow them.)

But also, outside of the technology, we see points in the supply chain that require resilience. Do you still rely on a single person or provider for a critical function? Do you have backup procedures if the tech stops working, yet your clients require you to continue to service them? 

In all these and other cases, you must know what your critical services are so that you can analyze the requirements and put the right measures in place.

Once you have defined your critical business services and have analyzed their operational requirements, you can start to look at what you need to implement the aforementioned areas of availability, monitoring, hardening, and others. Remember we're still at the level of business service. The tech comes later and will require a deeper analysis. 

In conclusion.

Resilient operations ensure that you continue to function, at the right price, in the face of adverse events. If you can, resilience starts at the business level from the moment of product conception. If the products have long been developed, look at how they are delivered to the client and upgrade operations, resources, and tech where needed.

In some cases, you are legally required to undertake this exercise. But in all cases, it is important that you understand your business services and the needs of your clients and put sufficient resources in the right places of your delivery chain. 

If you want to discuss this further, please contact me for a free talk.

 

Build a Security Compliance Program

  • Buy Link or Shortcode: {j2store}257|cart{/j2store}
  • member rating overall impact (scale of 10): 9.6/10 Overall Impact
  • member rating average dollars saved: $23,879 Average $ Saved
  • member rating average days saved: 15 Average Days Saved
  • Parent Category Name: Governance, Risk & Compliance
  • Parent Category Link: /governance-risk-compliance
  • Most organizations spend between 25 and 40 percent of their security budget on compliance-related activities.
  • Despite this growing investment in compliance, only 28% of organizations believe that government regulations help them improve cybersecurity.
  • The cost of complying with cybersecurity and data protection requirements has risen to the point where 58% of companies see compliance costs as barriers to entering new markets.
  • However, recent reports suggest that while the costs of complying are higher, the costs of non-compliance are almost three times greater.

Our Advice

Critical Insight

  • Test once, attest many. Having a control framework allows you to satisfy multiple compliance requirements by testing a single control.
  • Choose your own conformance adventure. Conformance levels allow your organization to make informed business decisions on how compliance resources will be allocated.
  • Put the horse before the cart. Take charge of your audit costs by preparing test scripts and evidence repositories in advance.

Impact and Result

  • Reduce complexity within the control environment by using a single framework to align multiple compliance regimes.
  • Provide senior management with a structured framework for making business decisions on allocating costs and efforts related to cybersecurity and data protection compliance obligations.
  • Reduces costs and efforts related to managing IT audits through planning and preparation.
  • This blueprint can help you comply with NIST, ISO, CMMC, SOC2, PCI, CIS, and other cybersecurity and data protection requirements.

Build a Security Compliance Program Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should manage your security compliance obligations, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

Infographic

Workshop: Build a Security Compliance Program

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Establish the Program

The Purpose

Establish the security compliance management program.

Key Benefits Achieved

Reviewing and adopting an information security control framework.

Understanding and establishing roles and responsibilities for security compliance management.

Identifying and scoping operational environments for applicable compliance obligations.

Activities

1.1 Review the business context.

1.2 Review the Info-Tech security control framework.

1.3 Establish roles and responsibilities.

1.4 Define operational environments.

Outputs

RACI matrix

Environments list and definitions

2 Identify Obligations

The Purpose

Identify security and data protection compliance obligations.

Key Benefits Achieved

Identifying the security compliance obligations that apply to your organization.

Documenting obligations and obtaining direction from management on conformance levels.

Mapping compliance obligation requirements into your control framework.

Activities

2.1 Identify relevant security and data protection compliance obligations.

2.2 Develop conformance level recommendations.

2.3 Map compliance obligations into control framework.

2.4 Develop process for operationalizing identification activities.

Outputs

List of compliance obligations

Completed Conformance Level Approval forms

(Optional) Mapped compliance obligation

(Optional) Identification process diagram

3 Implement Compliance Strategy

The Purpose

Understand how to build a compliance strategy.

Key Benefits Achieved

Updating security policies and other control design documents to reflect required controls.

Aligning your compliance obligations with your information security strategy.

Activities

3.1 Review state of information security policies.

3.2 Recommend updates to policies to address control requirements.

3.3 Review information security strategy.

3.4 Identify alignment points between compliance obligations and information security strategy.

3.5 Develop compliance exception process and forms.

Outputs

Recommendations and plan for updates to information security policies

Compliance exception forms

4 Track and Report

The Purpose

Track the status of your compliance program.

Key Benefits Achieved

Tracking the status of your compliance obligations.

Managing exceptions to compliance requirements.

Reporting on the compliance management program to senior stakeholders.

Activities

4.1 Define process and forms for self-attestation.

4.2 Develop audit test scripts for selected controls.

4.3 Review process and entity control types.

4.4 Develop self-assessment process.

4.5 Integrate compliance management with risk register.

4.6 Develop metrics and reporting process.

Outputs

Self-attestation forms

Completed test scripts for selected controls

Self-assessment process

Reporting process

Recommended metrics

Decide if You Are Ready for SAFe

  • Buy Link or Shortcode: {j2store}355|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Architecture & Strategy
  • Parent Category Link: /architecture-and-strategy
  • Complex application landscapes require delivery teams to work together and coordinate changes across multiple product lines and releases.
  • Leadership wants to balance strategic goals with localized prioritization of changes.
  • Traditional methodologies are not well suited to support enterprise agility: Scrum doesn’t scale easily, and Waterfall is too slow and risky.

Our Advice

Critical Insight

SAFe’s popularity is largely due to its structural resemblance to enterprise portfolio and project planning with top-down prioritization and decision making. This directly conflicts with Agile’s purpose and principles of empowerment and agility.

  • Poor culture, processes, governance, and leadership will disrupt any methodology. Many drivers for SAFe could be solved by improving and standardizing development and release management within current methodologies.
  • Few organizations are capable or should be applying a pure SAFe framework. Successful organizations have adopted and modified SAFe frameworks to best fit their needs, teams, value streams, and maturity.

Impact and Result

  • Start with a clear understanding of your needs, constraints, goals, and culture.
    • Start with an Agile readiness assessment. Agile is core to value realization.
    • Take the time to determine your drivers and goals.
    • If SAFe is right for you, selecting the right implementation partner is key.
  • Plan SAFe as a long-term enterprise cultural transformation requiring changes at all levels.

Decide if You Are Ready for SAFe Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Decide if You Are Ready for SAFe Storyboard – Research to help you understand where SAFe fits into delivery methodologies and determine if SAFe is right for your organization.

This deck will guide you to define your primary drivers for SAFe, assess your Agile readiness, define enablers and blockers, estimate implementation risk, and start your SAFe implementation plan.

  • Decide if You Are Ready for SAFe Storyboard

2. Scaled Agile Readiness Assessment – A tool to conduct an Agile readiness survey.

Start your journey with a clear understanding about the level of Agile and product maturity throughout the organization. Each area that lacks strength should be evaluated further and added to your journey map.

  • Scaled Agile Readiness Assessment

3. SAFe Transformation Playbook – A template to build a change management plan to guide your transition.

Define clear ownership for every critical step.

  • SAFe Transformation Playbook
[infographic]

Workshop: Decide if You Are Ready for SAFe

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Understand where SAFe fits into delivery methodologies and SDLCs

The Purpose

Understand what is driving your proposed SAFe transformation and if it is the right framework for your organization.

Key Benefits Achieved

Better understanding of your scaled agile needs and drivers

Activities

1.1 Define your primary drivers for SAFe.

1.2 Create your own list of pros and cons of SAFe.

Outputs

List of primary drivers for SAFe

List of pros and cons of SAFe

2 Determine if you are ready for SAFe

The Purpose

Identify factors influencing a SAFe implementation and ensure teams are aware and prepared.

Key Benefits Achieved

Starting understanding of your organization’s readiness to implement a SAFe framework

Activities

2.1 Assess your Agile readiness.

2.2 Define enablers and blockers of scaling Agile delivery.

2.3 Estimate your SAFe implementation risk.

2.4 Start your SAFe implementation plan.

Outputs

Agile readiness assessment results

List of enablers and blockers of scaling Agile delivery

Estimated SAFe implementation risk

High-level SAFe implementation plan template

Further reading

Decide if You Are Ready for SAFe

Approach the Scaled Agile Framework (SAFe) with open eyes and an open wallet.

Analyst Perspective

Ensure that SAFe is the right move before committing.

Waterfall is dead. Or obsolete at the very least.

Organizations cannot wait months or years for product, service, application, and process changes. They need to embrace business agility to respond to opportunities more quickly and deliver value sooner. Agile established values and principles that have promoted smaller cycle times, greater connections between teams, improved return on investment (ROI) prioritization, and improved team empowerment.

Where organizations continue to struggle is matching localized Scrum teams with enterprise initiatives. This struggle is compounded by legacy executive planning cycles, which undermine Agile team authority. SAFe has provided a series of frameworks to help organizations deal with these issues. It combines enterprise planning and alignment with cross-team collaboration.

Don't rely on popularity or marketing to make your scaled Agile decision. SAFe is a highly disruptive transformation, and it requires extensive training, coaching, process changes, and time to implement. Without the culture shift to an Agile mindset at all levels, SAFe becomes a mirror of Waterfall processes dressed in SAFe names. Furthermore, SAFe itself will not fix problems with communication, requirements, development, testing, release, support, or governance. You will still need to fix these problems within the SAFe framework to be successful.

Hans Eckman, Principal Research Director, Applications Delivery and Management

Hans Eckman
Principal Research Director, Applications Delivery and Management
Info-Tech Research Group

Executive Summary

Your Challenge Common Obstacles Info-Tech's Approach
  • Complex application landscapes require delivery teams to work together and coordinate changes across multiple product lines and releases.
  • Leadership wants to maintain executive strategic planning with faster delivery of changes.
  • Traditional methodologies are not well suited to support enterprise agility.
    • Waterfall is too slow, inefficient, and full of accumulated risk.
    • Scrum is not easy to scale and requires behavioral changes.
  • Enterprise transformations are never fast or easy, and SAFe is positioned as a complete replacement of your delivery practices.
  • Teams struggle with SAFe's rigid framework, interconnected methodologies, and new terms.
  • Few organizations are successful at implementing a pure SAFe framework.
  • Organizations without scaled product families have difficulties organizing SAFe teams into proper value streams.
  • Team staffing and stability are hard to resolve.
Start with a clear understanding of your needs, constraints, goals, and culture.
  • Developing an Agile mindset is core to value realization. Start with Info-Tech's Agile Readiness Assessment.
  • Take the time to identify your drivers and goals.
  • If SAFe is right for you, build a transformation plan and select the right implementation partner.
Plan SAFe as a long-term enterprise cultural transformation, requiring changes at all levels.

Info-Tech Insight
SAFe is a highly disruptive enterprise transformation, and it won't solve your organizational delivery challenges by itself. Start with an open mind, and understand what is needed to support a multi-year cultural transition. Decide how far and how fast you are willing to transform, and make sure that you have the right transformation and coaching partner in place. There is no right software development lifecycle (SDLC) or methodology. Find or create the methodology that best aligns to your needs and goals.

Agile's Four Core Values

"...while there is value in the items on the right, we value the items on the left more."
- The Agile Manifesto

STOP! If you're not Agile, don't start with SAFe.

Agile over SAFe

Successful SAFe requires an Agile mindset at all levels.

Be aware of common myths around Agile and SAFe

SAFe does not...

1...solve development and communication issues.

2...ensure that you will finish requirements faster.

3...mean that you do not need planning and documentation.

"Without proper planning, organizations can start throwing more resources at the work, which spirals into the classic Waterfall issues of managing by schedule."
– Kristen Morton, Associate Implementation Architect,
OneShield Inc. (Info-Tech Interview)

Info-Tech Insight
Poor culture, processes, governance, and leadership will disrupt any methodology. Many drivers for SAFe could be solved by improving and standardizing development and release management within current methodologies.

Review the drivers that are motivating your organization to adopt and scale Agile practices

Functional groups have their own drivers to adopt Agile development processes, practices, and techniques (e.g. to improve collaboration, decrease churn, or increase automation). Their buy-in to scaling Agile is just as important as the buy-in of stakeholders.

If a group's specific needs and drivers are not addressed, its members may develop negative sentiments toward Agile development. These negative sentiments can affect their ability to see the benefits of Agile, and they may return to their old habits once the opportunity arises.

It is important to find opportunities in which both business objectives and functional group drivers can be achieved by scaling Agile development. This can motivate teams to continuously improve and adhere to the new environment, and it will maintain business buy-in. It can also be used to justify activities that specifically address functional group drivers.

Examples of Motivating Drivers for Scaling Agile

  • Improve artifact handoffs between development and operations.
  • Increase collaboration among development teams.
  • Reveal architectural and system risks early.
  • Expedite the feedback loop from support.
  • Improve capacity management.
  • Support development process innovation.
  • Create a safe environment to discuss concerns.
  • Optimize value streams.
  • Increase team engagement and comradery.

Don't start with scaled Agile!

Scaling Agile is a way to optimize product management and product delivery in application lifecycle management practices. Do not try to start with SAFe when the components are not yet in place.

Scaled Agile


Thought model describing how Agile connects Product Management to Product Delivery to elevate the entire Solution Lifecycle.

Scale Agile delivery to improve cross-functional dependencies and releases

Top Business Concerns When Scaling Agile

1 Organizational Culture: The current culture may not support team empowerment, learning from failure, and other Agile principles. SAFe also allows top-down decisions to persist.

2 Executive Support: Executives may not dedicate resources, time, and effort into removing obstacles to scaling Agile because of lack of business buy-in.

3 Team Coordination: Current collaboration structures may not enable teams and stakeholders to share information freely and integrate workflows easily.

4 Business Misalignment: Business vision and objectives may be miscommunicated early in development, risking poorly planned and designed initiatives and low-quality products.

Extending collaboration is the key to success.

Uniting stakeholders and development into a single body is the key to success. Assess the internal and external communication flow and define processes for planning and tracking work so that everyone is aware of how to integrate, communicate, and collaborate.

The goal is to enable faster reaction to customer needs, shorter release cycles, and improved visibility of the project's progress with cross-functional and diverse conversations.

Advantages of successful SAFe implementations

Once SAFe is complete and operational, organizations have seen measurable benefits:

  • Multiple frameworks to support different levels of SAFe usage
  • Deliberate and consistent planning and coordination
  • Coordinating dependencies within value streams
  • Reduced time to delivery
  • Focus on customers and end users
  • Alignment to business goals and value streams
  • Increased employee engagement

Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023;
"Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

Advantages of successful SAFe implementations

Source: "Benefits," Scaled Agile, 2023

Recognize the difference between Scrum teams and the Scaled Agile Framework (SAFe)

SAFe provides a framework that aligns Scrum teams into coordinated release trains driven by top-down prioritization.

Scrum vs SAFe

Develop Your Agile Approach for a Successful Transformation

Source: Scaled Agile, Inc.

Info-Tech's IT Management & Governance Framework

Info-Tech's IT Management & Governance Framework

Info-Tech Insight
SAFe is an enterprise, culture, and process transformation that impacts all IT services. Some areas of Info-Tech's IT Management & Governance Framework have higher impacts and require special attention. Plan to include transformation support for each of these topics during your SAFe implementation. SAFe will not fix broken processes on its own.

Without adopting an Agile mindset, SAFe becomes Waterfall with SAFe terminology

Waterfall with SAFe terminology

Source: Scaled Agile, Inc.

Info-Tech Insight
When first implementing SAFe, organizations reproduce their organizational design and Waterfall delivery structures with SAFe terms:

  • Delivery Manager = Release Train Engineer
  • Stakeholder/Sponsor = Product Manager
  • Release = Release Train
  • Project/Program = Project or Portfolio

SAFe isn't without risks or challenges

Risks and Causes of Failed SAFe Transformations

  • SAFe conflicts with legacy cultures and delivery processes.
  • SAFe promotes continued top-down decisions, undermining team empowerment.
  • Scaled product families are required to define proper value streams.
  • Team empowerment and autonomy are reduced.
  • SAFe activities are poorly executed.
  • There are high training and coaching costs.
  • Implementation takes a long time.
  • End-to-end delivery management tools aligned to SAFe are required.
  • Legacy delivery challenges are not specifically solved with SAFe.
  • SAFe is designed to work for large-scale development teams.

Challenges

  • Adjusting to a new set of terms for common roles, processes, and activities
  • Executing planning cycles
  • Defining features and epics at the right level
  • Completing adequate requirements
  • Defining value streams
  • Coordinating releases and release trains
  • Providing consistent quality

Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023;
"Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

Focus on your core competencies instead

Before undertaking an enterprise transformation, consider improving the underlying processes that will need to be fixed anyway. Fixing these areas while implementing SAFe compounds the effort and disruption.

Product Delivery

Product Management

"But big-bang transitions are hard. They require total leadership commitment, a receptive culture, enough talented and experienced agile practitioners to staff hundreds of teams without depleting other capabilities, and highly prescriptive instruction manuals to align everyone's approach."
– "Agile at Scale," Harvard Business Review

Insight Summary

Overarching insight
SAFe is a highly disruptive enterprise transformation, and it will not solve your organizational delivery challenges by itself. Start with an open mind, and understand what is needed to support a multi-year cultural transition. Decide how far and fast you are willing to transform and make sure that you have the right transformation and coaching partner in place.

SAFe conflicts with core Agile principles.
The popularity of SAFe is largely due to its structural resemblance to enterprise portfolio and project planning with top-down prioritization and decision-making. This directly conflicts with Agile's purpose and principles of empowerment and agility.

SAFe and Agile will not solve enterprise delivery challenges.
Poor culture, processes, governance, and leadership will disrupt any methodology. Many issues with drivers for SAFe could be solved by improving development and release management within current methodologies.

Most organizations should not be using a pure SAFe framework
Few organizations are capable of, or should be, applying a pure SAFe framework. Successful organizations have adopted and modified SAFe frameworks to best fit their needs, teams, value streams, and maturity.

Without an Agile mindset, SAFe will be executed as Waterfall stages using SAFe terminology.
Groups that "Do Agile" are not likely to embrace the behavioral changes needed to make any scaled framework effective. SAFe becomes a series of Waterfall PIs using SAFe terminology.

Your transformation does not start with SAFe.
Start your transition to scaled Agile with a maturity assessment for current delivery practices. Fixing broken process, tools, and teams must be at the heart of your initiative.

Blueprint Deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key Deliverable

SAFe Transformation Playbook

Build a transformation and organizational change management plan to guide your transition. Define clear ownership for every critical step.

Scaled Agile Readiness Assessment

Conduct the Agile readiness survey. Without an Agile mindset, SAFe will follow Waterfall or WaterScrumFall practices.

Case Study

Spotify's approach to Agile at scale

INDUSTRY: Digital Media
SOURCE: Unified Communications and Collaborations

Spotify's Scaling Agile Initiative

With rapid user adoption growth (over 15 million active users in under six years), Spotify had to find a way to maintain an Agile mindset across 30+ teams in three different cities, while maintaining the benefits of cross-functional collaboration and flexibility for future growth.

Spotify's Approach

Spotify found a fit-for-purpose way for the organization to increase team autonomy without losing the benefits of cross-team communication from economics of scale. Spotify focused on identifying dependencies that block or slow down work through a mix of reprioritization, reorganization, architectural changes, and technical solutions. The organization embraced dependencies that led to cross-team communication and built in the necessary flexibility to allow Agile to grow with the organization.

Spotify's scaling Agile initiative used interview processes to identify what each team depended on and how those dependencies blocked or slowed the team.

Squad refers to an autonomous Agile release team in this case study.

Case Study

Suncorp instilled dedicated communication streams to ensure cross-role collaboration and culture.

INDUSTRY: Insurance
SOURCE: Agile India, International Conference on Agile and Lean Software Development, 2014

Challenge Solution Results
  • Suncorp Group wanted to improve delivery and minimize risk. Suncorp realized that it needed to change its project delivery process to optimize business value delivery.
  • With five core business units, over 15,000 employees, and US$96 billion in assets, Suncorp had to face a broad set of project coordination challenges.
  • Suncorp decided to deliver all IT projects using Agile.
  • Suncorp created a change program consisting of five main streams of work, three of which dealt with the challenges specific to Agile culture:
    • People: building culture, leadership, and support
    • Communication: ensuring regular employee collaboration
    • Capabilities: blending training and coaching
  • Sponsorship from management and champions to advocate Agile were key to ensure that everyone was unified in a common purpose.
  • Having a dedicated communication stream was vital to ensure regular sharing of success and failure to enable learning.
  • Having a structured, standard approach to execute the planned culture change was integral to success.

Case Study

Nationwide embraces DevOps and improves software quality.

INDUSTRY: Insurance
SOURCE: Agile India, International Conference on Agile and Lean Software Development, 2014

Challenge Solution Results
  • In the past, Nationwide primarily followed a Waterfall development process. However, this method created conflicts between IT and business needs.
  • The organization began transitioning from Waterfall to Agile development. It has seen early successes with Agile: decrease in defects per release and more success in meeting delivery times.
  • Nationwide needed to respond more efficiently to changing market requirements and regulations and to increase speed to market.
  • Nationwide decided to take a DevOps approach to application development and delivery.
  • IT wanted to perform continuous integration and deployment in its environments.
  • Cross-functional teams were organically created, made up of members from the business and multiple IT groups, including development and operations.
  • DevOps allowed Nationwide to be more Agile and more responsive to its customers.
  • Teams were able to perform acceptance testing with their customers in parallel with development. This allowed immediate feedback to help steer the project in the right direction.
  • DevOps improved code quality by 50% over a three-year period and reduced user downtime by 70%.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit Guided Implementation Workshop Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

Phase 1

Call #1:

Scope your requirements, objectives, and specific challenges.

Call #2:

1.1.1 Define your primary drivers for SAFe.

1.1.2 Create your own list of pros and cons of SAFe.

Call #3:

1.2.1 Assess your Agile readiness.

1.2.2 Define enablers and blockers for scaling Agile delivery.

1.2.3 Estimate your SAFe implementation risk.

Call #4:

1.2.4 Start your SAFe implementation plan.

Summarize your results and plan your next steps.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is one to four calls over the course of one to six weeks.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Pre-Planning Step 1.1 Step 1.2
Identify your stakeholders. Step 1.1 Understand where SAFe fits into your delivery methodologies and SDLCs. Step 1.2 Determine if you are ready for SAFe.
Activities 1. Determine stakeholders and subject matter experts.
2. Coordinate timing and participation.
3. Set goals and expectations for the workshop.
1.1.1 Define your primary drivers for SAFe.
1.1.2 Create your own list of pros and cons of SAFe
1.2.1 Assess your Agile readiness.
1.2.2 Define enablers and blockers for scaling Agile delivery.
1.2.3 Estimate your SAFe implementation risk.
1.2.4 Start your SAFe implementation plan.
Deliverables
  • Workshop schedule
  • Participant commitment
    • List of primary drivers for SAFe
    • List of pros and cons of SAFe
    • Agile Readiness Assessment results
    • List of enablers and blockers for scaling Agile delivery
    • Estimated SAFe implementation risk
    • Template for high-level SAFe implementation plan

    Supporting Your Agile Journey

    Enable Product Agile Delivery Executive Workshop Develop Your Agile Approach Spread Best Practices with an Agile Center of Excellence Implement DevOps Practices That Work Enable Organization-Wide Collaboration by Scaling Agile
    Number One Number two Number Three Number Four Number Five

    Align and prepare your IT leadership teams.

    Audience: Senior and IT delivery leadership

    Size: 8-16 people

    Time: 7 hours

    Tune Agile team practices to fit your organization culture.

    Audience: Agile pilot teams and subject matter experts (SMEs)

    Size: 10-20 people

    Time: 4 days

    Leverage Agile thought leadership to expand your best practices.

    Audience: Agile SMEs and thought leaders

    Size: 10-20 people

    Time: 4 days

    Build a continuous integration and continuous delivery pipeline.

    Audience: Product owners (POs) and delivery team leads

    Size: 10-20 people

    Time: 4 days

    Execute a disciplined approach to rolling out Agile methods.

    Audience: Agile steering team and SMEs

    Size: 3-8 people

    Time: 3 hours

    Repeat Legend

    Sample agendas are included in the following sections for each of these topics.

    Your Product Transformation Journey

    1. Make the Case for Product Delivery2. Enable Product Delivery - Executive Workshop3. Deliver on Your Digital Product Vision4. Deliver Digital Products at Scale5. Mature and Scale Product Ownership
    Align your organization with the practices to deliver what matters most.Participate in a one-day executive workshop to help you align and prepare your leadership.Enhance product backlogs, roadmapping, and strategic alignment.Scale product families to align with your organization's goals.Align and mature your product owners.

    Audience: Senior executives and IT leadership

    Size: 8-16 people

    Time: 6 hours

    Repeat Symbol

    Audience: Product owners/managers

    Size: 10-20 people

    Time: 3-4 days

    Repeat Symbol

    Audience: Product owners/managers

    Size: 10-20 people

    Time: 3-4 days

    Audience: Product owners/managers

    Size: 8-16 people

    Time: 2-4 days

    Repeat Symbol

    Repeat Legend

    Phase 1

    Determine if SAFe Is Right for Your Organization

    Phase 1
    1.1 Understand where SAFe fits into your delivery methodologies and SDLCs
    1.2 Determine if you are ready for SAFe (fit for purpose)

    This phase will walk you through the following activities:

    • 1.1.1 Define your primary drivers for SAFe.
    • 1.1.2 Create your own list of pros and cons of SAFe.
    • 1.2.1 Assess your Agile readiness.
    • 1.2.2 Define enablers and blockers for scaling Agile delivery.
    • 1.2.3 Estimate your SAFe implementation risk.
    • 1.2.4 Start your SAFe implementation plan.

    This phase involves the following participants:

    • Senior leadership
    • IT leadership
    • Project Management Office
    • Delivery managers
    • Product managers/owners
    • Agile thought leaders and coaches
    • Compliance teams leads

    Step 1.1

    Understand where SAFe fits into your delivery methodologies and SDLCs

    Activities
    1.1.1 Define your primary drivers for SAFe
    1.1.2 Create your own list of pros and cons of SAFe

    This step involves the following participants:

    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Outcomes of this step:

    • List of primary drivers for SAFe
    • List of pros and cons of SAFe

    Agile's Four Core Values

    "...while there is value in the items on the right, we value the items on the left more."
    – The Agile Manifesto

    STOP! If you're not Agile, don't start with SAFe.

    Agile's Four Core Values

    Successful SAFe requires an Agile mindset at all levels.

    Be aware of common myths around Agile and SAFe

    SAFe does not...

    1...solve development and communication issues.

    2...ensure that you will finish requirements faster.

    3...mean that you do not need planning and documentation.

    "Without proper planning, organizations can start throwing more resources at the work, which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc. (Info-Tech Interview)

    Info-Tech Insight
    SAFe only provides a framework and steps where these issues can be resolved.

    The importance of values and principles

    Modern development practices (such as Agile, Lean, and DevOps) are based on values and principles. This supports the move away from command-and-control management to self-organizing teams.

    Values

    • Values represent your team's core beliefs and capture what you want to instill in your team.

    Principles

    • Principles represent methods for solving a problem or deciding.
    • Given that principles are rooted in specifics, they can change more frequently because they are both fallible and conducive to learning.

    Consider the guiding principles of your application team

    Teams may have their own perspectives on how they deliver value and their own practices for how they do this. These perspectives can help you develop guiding principles for your own team to explain your core values and cement your team's culture. Guiding principles can help you:

    • Enable the appropriate environment to foster collaboration within current organizational, departmental, and cultural constraints
    • Foster the social needs that will engage and motivate your team in a culture that suits its members
    • Ensure that all teams are driven toward the same business and team goals, even if other teams are operating differently
    • Build organizational camaraderie aligned with corporate strategies

    Info-Tech Insight
    Following methodologies by the book can be detrimental if they do not fit your organization's needs, constraints, and culture. The ultimate goal of all teams is to deliver value. Any practices or activities that drive teams away from this goal should be removed or modified.

    Review the drivers that are motivating your organization to adopt and scale Agile practices

    Functional groups have their own drivers to adopt Agile development processes, practices, and techniques (e.g. to improve collaboration, decrease churn, or increase automation). Their buy-in to scaling Agile is just as important as the buy-in of stakeholders.

    By not addressing a group's specific needs and drivers, the resulting negative sentiments of its members toward Agile development can affect their ability to see the benefits of Agile and they may return to old habits once the opportunity arises.

    Find opportunities in which both business objectives and functional group drivers can be achieved with scaling Agile development. This alignment can motivate teams to continuously improve and adhere to the new environment, and it will maintain business buy-in. This assessment can also be used to justify activities that specifically address functional group drivers.

    Examples of Motivating Drivers for Scaling Agile

    • Improve artifact hand-offs between development and operations.
    • Increase collaboration among development teams.
    • Reveal architectural and system risks early.
    • Expedite the feedback loop from support.
    • Improve capacity management.
    • Support development process innovation.
    • Create a safe environment to discuss concerns.
    • Optimize value streams.
    • Increase team engagement and comradery.

    Exercise 1.1.1 Define your primary drivers for SAFe

    30 minutes

    • Brainstorm a list of drivers for scaling Agile.
    • Build a value canvas to help capture and align team expectations.
    • Identify jobs or functions that will be impacted by SAFe.
    • List your current pains and gains.
    • List the pain relievers and gain creators.
    • Identify the deliverable needed for a successful transformation.
    • Complete your SAFe value canvas in your SAFe Transformation Playbook.

    Enter the results in your SAFe Transformation Playbook.

    Input
    • Organizational understanding
    • Existing Agile delivery strategic plans
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    SAFe Value Canvas Template

    SAFe Value Canvas Template

    Case Study

    A public utilities organization steadily lost stakeholder engagement, diminishing product quality.

    INDUSTRY: Public Utilities
    SOURCE: Info-Tech Expert Interview

    Challenge

    • The goal of a public utilities organization was to adopt Agile so it could quickly respond to changes and trim costs.
    • The organization decided to scale Agile using a structured approach. It began implementation with IT teams that were familiar with Agile principles and leveraged IT seniors as Agile champions. To ensure that Agile principles were widespread, the organization decided to develop a training program with vendor assistance.
    • As Agile successes began to be seen, the organization decided to increase the involvement of business teams gradually so it could organically grow the concept within the business.

    Results

    • Teams saw significant success with many projects because they could easily demonstrate deliverables and clearly show the business value. Over time, the teams used Agile for large projects with complex processing needs.
    • Teams continued to deliver small projects successfully, but business engagement waned over time. Some of the large, complex applications they delivered using Agile lacked the necessary functionality and appropriate controls and, in some cases, did not have the ability to scale due to a poor architectural framework. These applications required additional investment, which far exceeded the original cost forecasts.

    While Agile and product development are intertwined, they are not the same!

    Delivering products does not necessarily require an Agile mindset. However, Agile methods help to facilitate the journey because product thinking is baked into them.

    Agile and product development are intertwined

    Recognize the difference between Scrum teams and the Scaled Agile Framework (SAFe)

    SAFe provides a framework that aligns Scrum teams into coordinated release trains driven by top-down prioritization.

    Difference between Scrum and SAFe

    Develop Your Agile Approach for a Successful Transformation

    Without adopting an Agile mindset, SAFe becomes Waterfall with SAFe terminology

    Waterfall with SAFe terminology

    Info-Tech Insight
    When first implementing SAFe, organizations reproduce their organizational design and Waterfall delivery structures with SAFe terms:

    • Delivery Manager = Release Train Engineer
    • Stakeholder/Sponsor = Product Manager
    • Release = Release Train
    • Project/Program = Project or Portfolio

    Advantages of successful SAFe implementations

    Once SAFe is complete and operational, organizations have seen measurable benefits:

    • Multiple frameworks to support different levels of SAFe usage
    • Deliberate and consistent planning and coordination
    • Coordinating dependencies within value streams
    • Reduced time to delivery
    • Focus on customers and end users
    • Alignment to business goals and value streams
    • Increased employee engagement

    Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023;
    "Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

    Advantages of successful SAFe implementations

    Source: "Benefits," Scaled Agile, 2023

    SAFe isn't without risks or challenges

    Risks and Causes of Failed SAFe Transformations

    • SAFe conflicts with legacy cultures and delivery processes.
    • SAFe promotes continued top-down decisions, undermining team empowerment.
    • Scaled product families are required to define proper value streams.
    • Team empowerment and autonomy are reduced.
    • SAFe activities are poorly executed.
    • There are high training and coaching costs.
    • Implementation takes a long time.
    • End-to-end delivery management tools aligned to SAFe are required.
    • Legacy delivery challenges are not specifically solved with SAFe.
    • SAFe is designed to work for large-scale development teams.

    Challenges

    • Adjusting to a new set of terms for common roles, processes, and activities
    • Executing planning cycles
    • Defining features and epics at the right level
    • Completing adequate requirements
    • Defining value streams
    • Coordinating releases and release trains
    • Providing consistent quality

    Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023; "Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

    Exercise 1.1.2 Create your own list of the pros and cons of SAFe

    1 hour

    Pros Cons

    Enter the results in your SAFe Transformation Playbook

    Input
    • Organizational drivers
    • Analysis of SAFe
    • Estimate of fit for purpose
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Focus on your core competencies instead

    Before undertaking an enterprise transformation, consider improving the underlying processes that will need to be fixed anyway. Fixing these areas while implementing SAFe compounds the effort and disruption.

    Product Delivery

    Product Management

    "But big-bang transitions are hard. They require total leadership commitment, a receptive culture, enough talented and experienced agile practitioners to staff hundreds of teams without depleting other capabilities, and highly prescriptive instruction manuals to align everyone's approach."
    - "Agile at Scale," Harvard Business Review

    Step 1.2

    Determine if you are ready for SAFe (fit for purpose)

    Activities
    1.2.1 Assess your Agile readiness
    1.2.2 Define enablers and blockers for scaling Agile delivery
    1.2.3 Estimate your SAFe implementation risk
    1.2.4 Start your SAFe implementation plan

    This step involves the following participants:

    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Outcomes of this step:

    • Agile Readiness Assessment results
    • Enablers and blockers for scaling Agile
    • SAFe implementation risk
    • SAFe implementation plan

    Use CLAIM to guide your Agile journey

    Use CLAIM to guide your Agile journey

    Conduct the Agile Readiness Assessment Survey

    Without an Agile mindset, SAFe will follow Waterfall or WaterScrumFall practices.

    • Start your journey with a clear understanding of the level of Agile and product maturity throughout your organization.
    • Each area that lacks strength should be evaluated further and added to your journey map.

    Chart of Agile Readiness

    Exercise 1.2.1 Assess your Agile readiness

    1 hour

    • Open and complete the Agile Readiness Assessment in your playbook or the Excel tool provided.
    • Discuss each area's high and low scores to reach a consensus.
    • Record your results in your SAFe Transformation Playbook.

    Chart of Agile Readiness

    Enter the results in Scaled Agile Readiness Assessment.

    Input
    • Organizational knowledge
    • Agile Readiness Assessment
    Output
    • IT leadership
    • Delivery managers
    • Project Management Office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Exercise 1.2.2 Define enablers and blockers for scaling Agile delivery

    1 hour

    • Identify and mitigate blockers for scaling Agile in your organization.
      • Identify enablers who will support successful SAFe transformation.
      • Identify blockers who will make the transition to SAFe more difficult.
      • For each blocker, define at least one mitigating step.
    Enablers Blockers Mitigation

    Enter the results in your SAFe Transformation Playbook

    Input
    • Agile Readiness Assessment
    • Organizational knowledge
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Estimate your SAFe implementation risk

    Poor Fit High Risk Scaling Potential
    Team size <50 >150 or non-dedicated 50-150 dedicated
    Agile maturity Waterfall and project delivery Individual Scrum DevOps teams Scrum DevOps teams coordinating dependencies
    Product management maturity Project-driver changes from stakeholders Proxy product owners within delivery teams Defined product families and products
    Strategic goals Localized decisions Enterprise goals implemented at the app level Translation and refinement of enterprise goals through product families
    Enterprise architecture Siloed architecture standards Common architectures Future enterprise architecture and employee review board (ERB) reviews
    Release management Independent release schedules Formal release calendar Continuous integration/development (CI/CD) with organizational change management (OCM) scheduled cross-functional releases
    Requirements management and quality assurance Project based Partial requirements and test case coverage Requirements as an asset and test automation

    Exercise 1.2.3 Estimate your SAFe implementation risk

    30 minutes

    • Determine which description best matches your overall organizational state.
    • Enter the results in your SAFe Transformation Playbook.
    • Change the text to bold in the cell you selected to describe your current state and/or add a border around the cell.

    Chart of SAFe implementation risk

    Enter the results in SAFe Transformation Playbook.

    Input
    • Agile Readiness Assessment
    • Organizational knowledge
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Interpret your SAFe implementation risks

    Analyze your highlighted selections and patterns in the rows and columns. Use these factors to inform your SAFe implementation steps and timing.

    Interpret your SAFe implementation risks

    Build your implementation plan

    Build a transformation and organizational change management plan to guide your transition. Define clear ownership for every critical step.

    Plan your transformation.

    • Align stakeholders and thought leaders.
    • Select an implementation partner.
    • Insert critical steps.

    Build your SAFe framework.

    • Define your target SAFe framework.
    • Customize your SAFe framework.
    • Establish SAFe governance and reporting.
    • Insert critical steps.

    Implement SAFe practices.

    • Define product families and value streams.
    • Conduct SAFe training for:
      • Executive leadership
      • Agile SAFe coaches
      • Practitioners
    • Insert critical steps.

    For additional help with OCM, please download Master Organizational Change Management Practices.

    Exercise 1.2.4 Start your SAFe implementation plan

    30 minutes

    • Using the high-level SAFE implementation framework, begin building out the critical steps.
    • Record the results in your SAFe Transformation Playbook.
    • Your playbook is an evergreen document to help guide your implementation. It should be reviewed often.

    SAFe implementation plan

    Enter the results in your SAFe Transformation Playbook

    Input
    • SAFe readiness assessment
    • Enablers and blockers
    • Drivers for SAFe
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Select an implementation partner

    Finding the right SAFe implementation partner is critical to your transformation success.

    • Using your previous assessment, align internal and external resources to support your transformation.
    • Select a partner who has experience in similar organizations and is aligned with your delivery goals.
    • Plan to transition support to internal teams when SAFe practices have stabilized and moved into continuous improvement.
    • Augment your transformation partner with internal coaches.
    • Plan for a multiyear engagement before SAFe benefits are realized.

    Summary of Accomplishments

    Your journey begins.

    Implementing SAFe is a long, expensive, and difficult process. For some organizations, SAFe provides the balance of leadership-driven prioritization and control with shorter release cycles and time to value. The key is making sure that SAFe is right for you and you are ready for SAFe. Few organizations fit perfectly into one of the SAFe frameworks. Instead, consider fine-tuning and customizing SAFe to meet your needs and gradual transformation.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    Below are sample activities that will be conducted by Info-Tech analysts with your team:

    Scaled Agile Delivery Readiness Assessment
    This assessment will help identify enablers and blockers in your organizational culture using our CLAIM+G organization transformation model.

    SAFE Value Canvas
    Use a value campus to define jobs, pains, gains, pain relievers, gain creators, and needed deliverables to help inform and guide your SAFe transformation.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Bibliography

    "6 Biggest SAFe Agile Implementation Mistakes to Avoid." Triumph Strategic Consulting, 27 July 2017.

    "The 7 Must-Haves for Achieving Scaling Agile Success." The 7 Must-Haves for Achieving Scaling Agile Success.

    Ageling, Willem-Jan. "11 Most Common Reasons to Use Scaled Agile Framework (SAFE) and How to Do This With Unscaled Scrum." Medium, Serious Scrum, 26 Jan. 2020.

    Agile India, International Conference on Agile and Lean Software Development, 2014.

    "Air France - KLM - Agile Adoption with SAFe." Scaled Agile, 28 Nov. 2022.

    "Application Development Trends 2019 - Global Survey Report." OutSystems.

    "Benefits of SAFe: How It Benefits Organizations." Scaled Agile, 13 Mar. 2023.

    Berkowitz, Emma. "The Cost of a SAFe(r) Implementation: CPRIME Blog." Cprime, 30 Jan. 2023.

    "Chevron - Adopting SAFe with Remote Workforce." Scaled Agile, 28 Nov. 2022.

    "Cisco It - Adopting Agile Development with SAFe." Scaled Agile, 13 Sept. 2022.

    "CMS - Business Agility Transformation Using SAFe." Scaled Agile, 13 Sept. 2022.

    Crain, Anthony. "4 Biggest Challenges in Moving to Scaled Agile Framework (SAFe)." TechBeacon, 25 Jan. 2019.

    "The Essential Role of Communications ." Project Management Institute .

    Gardiner, Phil. "SAFe Implementation: 4 Tips for Getting Started." Applied Frameworks, 20 Jan. 2022.

    "How Do I Start Implementing SAFe?" Agility in Mind, 29 July 2022.

    "How to Masterfully Screw Up Your SAFe Implementation." Wibas Artikel-Bibliothek, 6 Sept. 2022.

    "Implementation Roadmap." Scaled Agile Framework, 14 Mar. 2023.

    Islam, Ayvi. "SAFe Implementation 101 - The Complete Guide for Your Company." //Seibert/Media, 22 Dec. 2020.

    "Johnson Controls - SAFe Implementation Case Study." Scaled Agile, 28 Nov. 2022.

    "The New Rules and Opportunities of Business Transformation." KPMG.

    "Nokia Software - SAFe Agile Transformation." Scaled Agile, 28 Nov. 2022.

    Pichler, Roman. "What Is Product Management?" Romanpichler, 2014.

    "Product Documentation." ServiceNow.

    "Pros and Cons of Scaled Agile Framework." PremierAgile.

    "Pulse of the Profession Beyond Agility." Project Management Institute.

    R, Ramki. "Pros and Cons of Scaled Agile Framework (SAFe)." Medium, 3 Mar. 2019.

    R, Ramki. "When Should You Consider Implementing SAFe (Scaled Agile Framework)?" Medium, Medium, 3 Mar. 2019.

    Rigby, Darrell, Jeff Sutherland, and Andy Noble. "Agile at Scale: How to go from a few teams to hundreds." Harvard Business Review, 2018.

    "SAFe Implementation Roadmap." Scaled Agile Framework, Scaled Agile, Inc., 14 Mar. 2023.

    "SAFe Partner Cprime: SAFe Implementation Roadmap: Scaled Agile." Cprime, 5 Apr. 2023.

    "SAFe: The Good, the Bad, and the Ugly." Project Management Institute.

    "Scaled Agile Framework." Wikipedia, Wikimedia Foundation, 29 Mar. 2023.

    "Scaling Agile Challenges and How to Overcome Them." PremierAgile.

    "SproutLoud - a Case Study of SAFe Agile Planning." Scaled Agile, 29 Nov. 2022.

    "Story." Scaled Agile Framework, 13 Apr. 2023.

    Sutherland , Jeff. "Scrum: How to Do Twice as Much in Half the Time." Tedxaix, YouTube, 7 July 2014.

    Venema, Marjan. "6 Scaled Agile Frameworks - Which One Is Right for You?" NimbleWork, 23 Dec. 2022.

    Warner, Rick. "Scaled Agile: What It Is and Why You Need It." High-Performance Low-Code for App Development, OutSystems, 25 Oct. 2019.

    Watts, Stephen, and Kirstie Magowan. "The Scaled Agile Framework (SAFE): What to Know and How to Start." BMC Blogs, 9 Sept. 2020.

    "What Is SAFe? The Scaled Agile Framework Explained." CIO, 9 Feb. 2021.

    "Why Agile Transformations Fail: Four Common Culprits." Planview.

    "Why You Should Use SAFe (and How to Find SAFe Training to Help)." Easy Agile.

    Y., H. "Story Points vs. 'Ideal Days.'" Cargo Cultism, 19 Aug. 2010.

    Bibliography

    Enable Organization-Wide Collaboration by Scaling Agile

    Ambler, Scott W. "Agile Architecture: Strategies for Scaling Agile Development." Agile Modeling, 2012.

    - - -. "Comparing Approaches to Budgeting and Estimating Software Development Projects." AmbySoft.

    - - -. "Agile and Large Teams." Dr. Dobb's, 17 Jun 2008.

    Ambler, Scott W. and Mark Lines. Disciplined Agile Delivery: A Practitioner's Guide to Agile Software Delivery in the Enterprise. IBM Press, 2012.

    Ambler, Scott W., and Mark Lines. "Scaling Agile Software Development: Disciplined Agility at Scale." Disciplined Agile Consortium White Paper Series, 2014.

    AmbySoft. "2014 Agile Adoption Survey Results." Scott W. Ambler + Associates, 2014.

    Bersin, Josh. "Time to Scrap Performance Appraisals?" Forbes Magazine, 5 June 2013. Accessed 30 Oct. 2013..

    Cheese, Peter, et al. " Creating an Agile Organization." Accenture, Oct. 2009. Accessed Nov. 2013..

    Croxon, Bruce, et al. "Dinner Series: Performance Management with Bruce Croxon from CBC's 'Dragon's Den.'" HRPA Toronto Chapter. Sheraton Hotel, Toronto, ON, 12 Nov. 2013. Panel discussion.

    Culbert, Samuel. "10 Reasons to Get Rid of Performance Reviews." Huffington Post Business, 18 Dec. 2012. Accessed 28 Oct. 2013.

    Denning, Steve. "The Case Against Agile: Ten Perennial Management Objections." Forbes Magazine, 17 Apr. 2012. Accessed Nov. 2013.

    Estis, Ryan. "Blowing up the Performance Review: Interview with Adobe's Donna Morris." Ryan Estis & Associates, 17 June 2013. Accessed Oct. 2013.

    Heikkila et al. "A Revelatory Case Study on Scaling Agile Release Planning." EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), 2010.

    Holler, Robert, and Ian Culling. "From Agile Pilot Project to Enterprise-Wide Deployment: Five Sure-Fire Ways To Fail When You Scale." VersionOne, 2010.

    Kniberg, Henrik, and Anders Ivarsson, "Scaling Agile @ Spotify," Unified Communications and Collaborations, 2012.

    Narayan, Sriram. "Agile IT Organization Design: For Digital Transformation and Continuous Delivery." Addison-Wesley Professional, 2015.

    Shrivastava, NK, and Phillip George. "Scaling Agile." RefineM, 2015.

    Sirkia, Rami, and Maarit Laanti. "Lean and Agile Financial Planning." Scaled Agile Framework Blog, 2014.

    Scaled Agile Framework (SAFe). "Agile Architecture." Scaled Agile Inc., 2015.

    VersionOne. 9th Annual: State of Agile Survey. VersionOne, LLC, 2015.

    Appendix A: Supporting Info-Tech Research

    Transformation topics and supporting research to make your journey easier, with less rework

    Supporting research and services

    Improving IT Alignment

    Build a Business-Aligned IT Strategy
    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Make Your IT Governance Adaptable
    Governance isn't optional, so keep it simple and make it flexible.

    Create an IT View of the Service Catalog
    Unlock the full value of your service catalog with technical components.

    Application Portfolio Management Foundations
    Ensure your application portfolio delivers the best possible return on investment.

    Shifting Toward Agile DevOps

    Agile/DevOps Research Center
    Access the tools and advice you need to be successful with Agile.

    Develop Your Agile Approach for a Successful Transformation
    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work
    Streamline business value delivery through the strategic adoption of DevOps practices.

    Perform an Agile Skills Assessment
    Being Agile isn't about processes, it's about people.

    Define the Role of Project Management in Agile and Product-Centric Delivery
    Projects and products are not mutually exclusive.

    Shifting Toward Product Management

    Make the Case for Product Delivery
    Align your organization on the practices to deliver what matters most.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale
    Deliver value at the scale of your organization through defining enterprise product families.

    Mature and Scale Product Ownership
    Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Build a Value Measurement Framework
    Focus product delivery on business value- driven outcomes.

    Improving Value and Delivery Metrics

    Build a Value Measurement Framework
    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard
    Mature your IT department by measuring what matters.

    Select and Use SDLC Metrics Effectively
    Be careful what you ask for, because you will probably get it.

    Reduce Time to Consensus With an Accelerated Business Case
    Expand on the financial model to give your initiative momentum.

    Improving Governance, Prioritization, and Value

    Make Your IT Governance Adaptable
    Governance isn't optional, so keep it simple and make it flexible.

    Maximize Business Value From IT Through Benefits Realization
    Embed benefits realization into your governance process to prioritize IT spending and confirm the value of IT.

    Drive Digital Transformation With Platform Strategies
    Innovate and transform your business models with digital platforms.

    Succeed With Digital Strategy Execution
    Building a digital strategy is only half the battle: create a systematic roadmap of technology initiatives to execute the strategy and drive digital transformation.

    Build a Value Measurement Framework
    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard
    Mature your IT department by measuring what matters.

    Improving Requirements Management and Quality Assurance

    Requirements Gathering for Small Enterprises
    Right-size the guidelines of your requirements gathering process.

    Improve Requirements Gathering
    Back to basics: great products are built on great requirements.

    Build a Software Quality Assurance Program
    Build quality into every step of your SDLC.

    Automate Testing to Get More Done
    Drive software delivery throughput and quality confidence by extending your automation test coverage.

    Manage Your Technical Debt
    Make the case to manage technical debt in terms of business impact.

    Create a Business Process Management Strategy
    Avoid project failure by keeping the "B" in BPM.

    Build a Winning Business Process Automation Playbook
    Optimize and automate your business processes with a user-centric approach.

    Improving Release Management

    Optimize Applications Release Management
    Build trust by right-sizing your process using appropriate governance.

    Streamline Application Maintenance
    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management
    Move beyond maintenance to ensure exceptional value from your apps.

    Optimize IT Change Management
    Right-size IT change management to protect the live environment.

    Manage Your Technical Debt
    Make the case to manage technical debt in terms of business impact.

    Improve Application Development Throughput
    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Improving Business Relationship Management

    Embed Business Relationship Management in IT
    Show that IT is worthy of Trusted Partner status.

    Mature and Scale Product Ownership
    Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Improving Security

    Build an Information Security Strategy
    Create value by aligning your strategy to business goals and business risks.

    Develop and Deploy Security Policies
    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Simplify Identity and Access Management
    Leverage risk- and role-based access control to quantify and simplify the identity and access management (IAM) process.

    Improving and Supporting Business-Managed Applications

    Embrace Business-Managed Applications
    Empower the business to implement their own applications with a trusted business-IT relationship.

    Enhance Your Solution Architecture Practices
    Ensure your software systems solution is architected to reflect stakeholders' short- and long-term needs.

    Satisfy Digital End Users With Low- and No-Code
    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Build Your First RPA Bot
    Support RPA delivery with strong collaboration and management foundations.

    Automate Work Faster and More Easily With Robotic Process Automation
    Embrace the symbiotic relationship between the human and digital workforce.

    Improving Business Intelligence, Analytics, and Reporting

    Modernize Data Architecture for Measurable Business Results
    Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, agile, and fit-for-purpose data architecture practice.

    Build a Reporting and Analytics Strategy
    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Build Your Data Quality Program
    Quality data drives quality business decisions.

    Design Data-as-a-Service
    Journey to the data marketplace ecosystems.

    Build a Robust and Comprehensive Data Strategy
    Learn about the key to building and fostering a data-driven culture.

    Build an Application Integration Strategy
    Level the table before assembling the application integration puzzle or risk losing pieces.

    Appendix B: SDLC Transformation Steps

    Waterfall SDLC

    Valuable product delivered at the end of an extended project lifecycle, frequently in years

    Waterfall SDLC

    • Business is separated from the delivery of technology it needs. Only one-third of the product is actually valuable (ITRG, N=40,000).
    • In Waterfall, a team of experts in specific disciplines hand off different aspects of the lifecycle.
    • Document sign-offs are required to ensure integration between silos (Business, Development, and Operations) and individuals.
    • A separate change-request process lays over the entire lifecycle to prevent changes from disrupting delivery.
    • Tools are deployed to support a specific role (e.g. BA) and seldom integrated (usually requirements <-> test).

    Wagile/Agifall/WaterScrumFall SDLC

    Valuable product delivered in multiple releases

     Wagile/Agifall/WaterScrumFall SDLC

    • Business is more closely integrated by a business product owner, who is accountable for day-to-day delivery of value for users.
    • The team collaborates and develops cross-functional skills as they define, design, build, and test code over time.
    • Sign-offs are reduced but documentation is still focused on satisfying project delivery and operations policy requirements.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Tools start to be integrated to streamline delivery (usually requirements and Agile work management tools).

    Agile SDLC

    Valuable product delivered iteratively: frequency depends Ops' capacity

    Agile SDLC

    • Business users are closely integrated through regularly scheduled demos (e.g. every two weeks).
    • Team is fully cross-functional and collaborates to plan, define, design, build, and test the code, supported by specialists.
    • Documentation is focused on future development and operations needs.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Automation is explored for application development (e.g. automated regression testing).

    Agile With DevOps SDLC

    High frequency iterative delivery of valuable product (e.g. every two weeks)

     Agile With DevOps SDLC

    • Business users are closely integrated through regularly scheduled demos.
    • Development and operations teams collaborate to plan, define, design, build, test, and deploy code, supported by automation.
    • Documentation is focused on supporting users, future changes, and operational support.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Test, build, deploy process is fully automated. (Service desk is still separated.)

    DevOps SDLC

    Continuous integration and delivery

     DevOps SDLC

    • Business users are closely integrated through regularly scheduled demos.
    • Fully integrated DevOps team collaborates to plan, define, design, build, test, deploy, and maintain code.
    • Documentation is focused on future development and use adoption.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Development and operations toolchain are fully integrated.

    Fully integrated product SDLC

    Agile + DevOps + continuous delivery of valuable product on demand

     Fully integrated product SDLC

    • Business users are fully integrated with the teams through dedicated business product owner.
    • Cross-functional teams collaborate across the business and technical life of the product.
    • Documentation supports internal and external needs (business, users, operations).
    • Change is built into the process to allow the team to respond to change dynamically.
    • Toolchain is fully integrated (including service desk).

    Appendix C: Understanding Agile Scrum Practices and Ceremonies

    Cultural advantages of Agile

    Cultural advantages of Agile

    Agile* SDLC

    With shared ownership instead of silos, we are able to deliver value at the end of every iteration (aka sprint)

    Agile SDLC

    Key Elements of the Agile SDLC

    • You are not "one and done." There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice who represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time."
    • There is a cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • There is working, tested code at the end of each sprint: Value becomes more deterministic along sprint boundaries.
    • Stakeholders are allowed to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • There is continuous improvement through sprint retrospectives.
    • The virtuous cycle of sprint-demo-feedback is internally governed when done right.

    * There are many Agile methodologies to choose from, but Scrum is by far the most widely used (and is shown above).

    Understand the Scrum process

    The scrum process coordinates multiple stakeholders to deliver on business priorities.

    Understand the Scrum process

    Understand the ceremonies part of the scrum process

     Understand the ceremonies part of the scrum process

    Scrum vs. Kanban: Key differences

    Scrum vs. Kanban: Key differences

    Scrum vs. Kanban: When to use each

    Scrum

    Related or grouped changes are delivered in fixed time intervals.

    Use when:

    • Coordinating the development or release of related items
    • Maturing a product or service
    • Coordinating interdependencies between work items

    Kanban

    Independent items are delivered as soon as each is ready.

    Use when:

    • Completing work items from ticketing or individual requests
    • Completing independent changes
    • Releasing changes as soon as possible

    Appendix D: Improving Product Management

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product delivery realizes value for your product family

    Manage and communicate key milestones

    Successful product-delivery managers understand and define key milestones in their product-delivery lifecycles. These milestones need to be managed along with the product backlog and roadmap.

    Manage and communicate key milestones

    Info-Tech Best Practice
    Product management is not just about managing the product backlog and development cycles. Teams need to manage key milestones, such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints.

    A backlog stores and organizes product backlog items (PBIs) at various stages of readiness

    Organize product backlog at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort that a PBI requires is estimated at each tier.

    Prioritized: A PBI's value and priority are determined at each tier.

    Source: Perforce, 2018

    Backlog tiers facilitate product planning steps

    Ranging from the intake of an idea to a PBI ready for development; to enter the backlog, each PBI must pass through a given quality filter.

    Backlog tiers facilitate product planning steps

    Each activity is a variation of measuring value and estimating effort in order to validate and prioritize a PBI.

    A PBI successfully completes an activity and moves to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Use quality filters to ensure focus on the most important PBIs

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBI's journey through product planning.

    Use quality filters to ensure focus on the most important PBIs

    Info-Tech Best Practice
    A quality filter ensures that quality is met and the appropriate teams are armed with the correct information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Define product value by aligning backlog delivery with roadmap goals

    Product roadmaps guide delivery and communicate your strategy

    In "Deliver on Your Digital Product Vision," we demonstrate how a product roadmap is core to value realization. The product roadmap is your communicated path. As a product owner, you use it to align teams and changes to your defined goals, as well as your product to enterprise goals and strategy.

    Product roadmaps guide delivery and communicate your strategy

    Info-Tech Insight
    The quality of your product backlog - and your ability to realize business value from your delivery pipeline - is directly related to the input, content, and prioritization of items in your product roadmap.

    Info-Tech's approach

    Operationally align product delivery to enterprise goals

    Operationally align product delivery to enterprise goals

    The Info-Tech Difference

    Create a common definition of what a product is and identify the products in your inventory.

    Use scaling patterns to build operationally aligned product families.

    Develop a roadmap strategy to align families and products to enterprise goals and priorities.

    Use products and families to assess value realization.

    Develop and Implement a Security Incident Management Program

    • Buy Link or Shortcode: {j2store}316|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $105,346 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being re-victimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Our Advice

    Critical Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Impact and Result

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Develop and Implement a Security Incident Management Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Equip your organization for incident response with formal documentation of policies and processes.

    • Develop and Implement a Security Incident Management Program – Phase 1: Prepare
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Information Security Requirements Gathering Tool
    • Incident Response Maturity Assessment Tool
    • Security Incident Management Charter Template
    • Security Incident Management Policy Template
    • Security Incident Management RACI Tool

    2. Operate

    Act with efficiency and effectiveness as new incidents are handled.

    • Develop and Implement a Security Incident Management Program – Phase 2: Operate
    • Security Incident Management Plan
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management Runbook: Credential Compromise
    • Security Incident Management Workflow: Credential Compromise (Visio)
    • Security Incident Management Workflow: Credential Compromise (PDF)
    • Security Incident Management Runbook: Distributed Denial of Service
    • Security Incident Management Workflow: Distributed Denial of Service (Visio)
    • Security Incident Management Workflow: Distributed Denial of Service (PDF)
    • Security Incident Management Runbook: Malware
    • Security Incident Management Workflow: Malware (Visio)
    • Security Incident Management Workflow: Malware (PDF)
    • Security Incident Management Runbook: Malicious Email
    • Security Incident Management Workflow: Malicious Email (Visio)
    • Security Incident Management Workflow: Malicious Email (PDF)
    • Security Incident Management Runbook: Ransomware
    • Security Incident Management Workflow: Ransomware (Visio)
    • Security Incident Management Workflow: Ransomware (PDF)
    • Security Incident Management Runbook: Data Breach
    • Security Incident Management Workflow: Data Breach (Visio)
    • Security Incident Management Workflow: Data Breach (PDF)
    • Data Breach Reporting Requirements Summary
    • Security Incident Management Runbook: Third-Party Incident
    • Security Incident Management Workflow: Third-Party Incident (Visio)
    • Security Incident Management Workflow: Third-Party Incident (PDF)
    • Security Incident Management Runbook: Blank Template

    3. Maintain and optimize

    Manage and improve the incident management process by tracking metrics, testing capabilities, and leveraging best practices.

    • Develop and Implement a Security Incident Management Program – Phase 3: Maintain and Optimize
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Root-Cause Analysis Template
    • Security Incident Report Template
    [infographic]

    Workshop: Develop and Implement a Security Incident Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare Your Incident Response Program

    The Purpose

    Understand the purpose of incident response.

    Formalize the program.

    Identify key players and escalation points.

    Key Benefits Achieved

    Common understanding of the importance of incident response.

    Various business units becoming aware of their roles in the incident management program.

    Formalized documentation.

    Activities

    1.1 Assess the current process, obligations, scope, and boundaries of the incident management program.

    1.2 Identify key players for the response team and for escalation points.

    1.3 Formalize documentation.

    1.4 Prioritize incidents requiring preparation.

    Outputs

    Understanding of the incident landscape

    An identified incident response team

    A security incident management charter

    A security incident management policy

    A list of top-priority incidents

    A general security incident management plan

    A security incident response RACI chart

    2 Develop Incident-Specific Runbooks

    The Purpose

    Document the clear response procedures for top-priority incidents.

    Key Benefits Achieved

    As incidents occur, clear response procedures are documented for efficient and effective recovery.

    Activities

    2.1 For each top-priority incident, document the workflow from detection through analysis, containment, eradication, recovery, and post-incident analysis.

    Outputs

    Up to five incident-specific runbooks

    3 Maintain and Optimize the Program

    The Purpose

    Ensure the response procedures are realistic and effective.

    Identify key metrics to measure the success of the program.

    Key Benefits Achieved

    Real-time run-through of security incidents to ensure roles and responsibilities are known.

    Understanding of how to measure the success of the program.

    Activities

    3.1 Limited scope tabletop exercise.

    3.2 Discuss key metrics.

    Outputs

    Completed tabletop exercise

    Key success metrics identified

    Further reading

    Develop and Implement a Security Incident Management Program

    Create a scalable incident response program without breaking the bank.

    ANALYST PERSPECTIVE

    Security incidents are going to happen whether you’re prepared or not. Ransomware and data breaches are just a few top-of-mind threats that all organizations deal with. Taking time upfront to formalize response plans can save you significantly more time and effort down the road. When an incident strikes, don’t waste time deciding how to remediate. Rather, proactively identify your response team, optimize your response procedures, and track metrics so you can be prepared to jump to action.

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Picture of Céline Gravelines

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For

    • A CISO who is dealing with the following:
      • Inefficient use of time and money when retroactively responding to incidents, negatively affecting business revenue and workflow.
      • Resistance from management to adequately develop a formal incident response plan.
      • Lack of closure of incidents, resulting in being re-victimized by the same vector.

    This Research Will Help You

    • Develop a consistent, scalable, and usable incident response program that is not resource intensive.
    • Track and communicate incident response in a formal manner.
    • Reduce the overall impact of incidents over time.
    • Learn from past incidents to improve future response processes.

    This Research Will Also Assist

    • Business stakeholders who are responsible for the following:
    • Improving workflow and managing operations in the event of security incidents to reduce any adverse business impacts.
    • Ensuring that incident response compliance requirements are being adhered to.

    This Research Will Help Them

    • Efficiently allocate resources to improve incident response in terms of incident frequency, response time, and cost.
    • Effectively communicate expectations and responsibilities to users.

    Executive Summary

    Situation

    • Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
    • The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.

    Complication

    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being revictimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Resolution

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Info-Tech Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Data breaches are resulting in major costs across industries

    Per capita cost by industry classification of benchmarked companies (measured in USD)

    This is a bar graph showing the per capita cost by industry classification of benchmarked companies(measured in USD). the companies are, in decreasing order of cost: Health; Financial; Services; Pharmaceutical; Technology; Energy; Education; Industrial; Entertainment; Consumer; Media; Transportation; Hospitality; Retail; Research; Public

    Average data breach costs per compromised record hit an all-time high of $148 (in 2018).
    (Source: IBM, “2018 Cost of Data Breach Study)”

    % of systems impacted by a data breach
    1%
    No Impact
    19%
    1-10% impacted
    41%
    11-30% impacted
    24%
    31-50% impacted
    15%
    > 50% impacted
    % of customers lost from a data breach
    61% Lost
    < 20%
    21% Lost 20-40% 8% Lost
    40-60%
    6% Lost
    60-80%
    4% Lost
    80-100%
    % of customers lost from a data breach
    58% Lost
    <20%
    25% Lost
    20-40%
    9% Lost
    40-60%
    5% Lost
    60-80%
    4% Lost
    80-100%

    Source: Cisco, “Cisco 2017 Annual Cybersecurity Report”

    Defining what is security incident management

    IT Incident

    Any event not a part of the standard operation of a service which causes, or may cause, the interruption to, or a reduction in, the quality of that service.

    Security Event:

    A security event is anything that happens that could potentially have information security implications.

    • A spam email is a security event because it may contain links to malware.
    • Organizations may be hit with thousands or perhaps millions of identifiable security events each day.
    • These are typically handled by automated tools or are simply logged.

    Security Incident:

    A security incident is a security event that results in damage such as lost data.

    • Incidents can also include events that don't involve damage but are viable risks.
    • For example, an employee clicking on a link in a spam email that made it through filters may be viewed as an incident.

    It’s not a matter of if you have a security incident, but when

    The increasing complexity and prevalence of threats have finally caught the attention of corporate leaders. Prepare for the inevitable with an incident response program.

    1. A formalized incident response program reduced the average cost of a data breach (per capita) from $148 to $134, while third-party involvement increased costs by $13.40.
    2. US organizations lost an average of $7.91 million per data breach as a result of increased customer attrition and diminished goodwill. Canada and the UK follow suit at $1.57 and $1.39 million, respectively.
    3. 73% of breaches are perpetrated by outsiders, 50% are the work of criminal groups, and 28% involve internal actors.
    4. 55% of companies have to manage fallout, such as reputational damage after a data breach.
    5. The average cost of a data breach increases by $1 million if left undetected for > 100 days.

    (Sources: IBM, “2018 Cost of Data Breach Study”; Verizon, “2017 Data Breach Investigations Report”; Cisco, “Cisco 2018 Annual Cybersecurity Report”)

    Threat Actor Examples

    The proliferation of hacking techniques and commoditization of hacking tools has enabled more people to become threat actors. Examples include:
    • Organized Crime Groups
    • Lone Cyber Criminals
    • Competitors
    • Nation States
    • Hacktivists
    • Terrorists
    • Former Employees
    • Domestic Intelligence Services
    • Current Employees (malicious and accidental)

    Benefits of an incident management program

    Effective incident management will help you do the following:

    Improve efficacy
    Develop structured processes to increase process consistency across the incident response team and the program as a whole. Expose operational weak points and transition teams from firefighting to innovating.

    Improve threat detection, prevention, analysis, and response
    Enhance your pressure posture through a structured and intelligence-driven incident handling and remediation framework.

    Improve visibility and information sharing
    Promote both internal and external information sharing to enable good decision making.

    Create and clarify accountability and responsibility
    Establish a clear level of accountability throughout the incident response program, and ensure role responsibility for all tasks and processes involved in service delivery.

    Control security costs
    Effective incident management operations will provide visibility into your remediation processes, enabling cost savings from misdiagnosed issues and incident reduction.

    Identify opportunities for continuous improvement
    Increase visibility into current performance levels and accurately identify opportunities for continuous improvement with a holistic measurement program.

    Impact

    Short term:
    • Streamlined security incident management program.
    • Formalized and structured response process.
    • Comprehensive list of operational gaps and initiatives.
    • Detailed response runbooks that predefine necessary operational protocol.
    • Compliance and audit adherence.
    Long term:
    • Reduced incident costs and remediation time.
    • Increased operational collaboration between prevention, detection, analysis, and response efforts.
    • Enhanced security pressure posture.
    • Improved communication with executives about relevant security risks to the business.
    • Preserved reputation and brand equity.

    Incident management is essential for organizations of any size

    Your incidents may differ, but a standard response ensures practical security.

    Certain regulations and laws require incident response to be a mandatory process in organizations.

    Compliance Standard Examples Description
    Federal Information Security Modernization Act (FISMA)
    • Organizations must have “procedures for detecting, reporting, and responding to security incidents” (2002).
    • They must also “inform operators of agency information systems about current and potential information security threats and vulnerabilities.”
    Federal Information Processing Standards (FIPS)
    • “Organizations must: (i) establish an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.”
    Payment Card Industry Data Security Standard (PCI DSS v3)
    • 12.5.3: “Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations.”
    Health Insurance Portability and Accountability Act (HIPAA)
    • 164.308: Response and Reporting – “Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes.”

    Security incident management is applicable to all verticals

    Examples:
    • Finance
    • Insurance
    • Healthcare
    • Public administration
    • Education services
    • Professional services
    • Scientific and technical services

    Maintain a holistic security operations program

    Legacy security operations centers (SOCs) fail to address gaps between data sources, network controls, and human capital. There is limited visibility and collaboration between departments, resulting in siloed decisions that do not support the best interests of the organization.

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address cyberthreats affecting the organization’s brand, business operation, and technology infrastructure on a daily basis.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Diligent patching and vulnerability management, endpoint protection, and strong human-centric security (amongst other tactics) are essential. Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.
    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

    Info-Tech’s incident response blueprint is one of four security operations initiatives

    Design and Implement a Vulnerability Management Program Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Vulnerability Tracking Tool
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template
    • Vulnerability Mitigation Process Template
    Integrate Threat Intelligence Into Your Security Operations Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Threat Intelligence Maturity Assessment Tool
    • Threat Intelligence RACI Tool
    • Threat Intelligence Management Plan Template
    • Threat Intelligence Policy Template
    • Threat Intelligence Alert Template
    • Threat Intelligence Alert and Briefing Cadence Schedule Template
    Develop Foundational Security Operations Processes Operations
    Security operations include the real-time monitoring and analysis of events based on the correlation of internal and external data sources. This also includes incident escalation based on impact. These analysts are constantly tuning and tweaking rules and reporting thresholds to further help identify which indicators are most impactful during the analysis phase of operations.
    • Security Operations Maturity Assessment Tool
    • Security Operations Event Prioritization Tool
    • Security Operations Efficiency Calculator
    • Security Operations Policy
    • In-House vs. Outsourcing Decision-Making Tool
    • Seccrimewareurity Operations RACI Tool
    • Security Operations TCO & ROI Comparison Calculator
    Develop and Implement a Security Incident Management Program Incident Response (IR)
    Effective and efficient management of incidents involves a formal process of analysis, containment, eradication, recovery, and post-incident activities. Incident response teams coordinate root cause and incident gathering while facilitating post-incident lessons learned. Incident response can provide valuable threat data that ties specific indicators to threat actors or campaigns.
    Security Incident Management Policy
    • Security Incident Management Plan
    • Incident Response Maturity Assessment Tool
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management RACI Tool
    • Various Incident Management Runbooks

    Understand how incident response ties into related processes

    Info-Tech Resources:
    Business Continuity Plan Develop a Business Continuity Plan
    Disaster Recovery Plan Create a Right-Sized Disaster Recovery Plan
    Security Incident Management Develop and Implement a Security Incident Management Program
    Incident Management Incident and Problem Management
    Service Desk Standardize the Service Desk

    Develop and Implement a Security Incident Management Program – project overview

    1. Prepare 2. Operate 3. Maintain and Optimize
    Best-Practice Toolkit 1.1 Establish the Drivers, Challenges, and Benefits.

    1.2 Examine the Security Incident Landscape and Trends.

    1.3 Understand Your Security Obligations, Scope, and Boundaries.

    1.4 Gauge Your Current Process to Identify Gaps.

    1.5 Formalize the Security Incident Management Charter.

    1.6 Identify Key Players and Develop a Call Escalation Tree.

    1.7 Develop a Security Incident Management Policy.

    2.1 Understand the Incident Response Framework.

    2.2 Understand the Purpose of Runbooks.

    2.3 Prioritize the Development of Incident-Specific Runbooks.

    2.4 Develop Top-Priority Runbooks.

    2.5 Fill Out the Root-Cause Analysis Template.

    2.6 Customize the Post-Incident Review Questions Tracking Tool to Standardize Useful Questions for Lessons-Learned Meetings.

    2.7 Complete the Security Incident Report Template.

    3.1 Conduct Tabletop Exercises.

    3.2 Initialize a Security Incident Management Metrics Program.

    3.3 Leverage Best Practices for Continuous Improvement.

    Guided Implementations Understand the incident response process, and define your security obligations, scope, and boundaries.

    Formalize the incident management charter, RACI, and incident management policy.
    Use the framework to develop a general incident management plan.

    Prioritize and develop top-priority runbooks.
    Develop and facilitate tabletop exercises.

    Create an incident management metrics program, and assess the success of the incident management program.
    Onsite Workshop Module 1:
    Prepare for Incident Response
    Module 2:
    Handle Incidents
    Module 3:
    Review and Communicate Security Incidents
    Phase 1 Outcome:
  • Formalized stakeholder support
  • Security Incident Management Policy
  • Security Incident Management Charter
  • Call Escalation Tree
  • Phase 2 Outcome:
    • A generalized incident management plan
    • A prioritized list of incidents
    • Detailed runbooks for top-priority incidents
    Phase 3 Outcome:
    • A formalized tracking system for benchmarking security incident metrics.
    • Recommendations for optimizing your security incident management processes.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities
    • Kick off and introductions.
    • High-level overview of weekly activities and outcomes.
    • Understand the benefits of security incident response management.
    • Formalize stakeholder support.
    • Assess your current process, obligations, and scope.
    • Develop RACI chart.
    • Define impact and scope.
    • Identify key players for the threat escalation protocol.
    • Develop a security incident response policy.
    • Develop a general security incident response plan.
    • Prioritize incident-specific runbook development.
    • Understand the incident response process.
    • Develop general and incident-specific call escalation trees.
    • Develop specific runbooks for your top-priority incidents (e.g. ransomware).
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Develop specific runbooks for your next top-priority incidents:
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Determine key metrics to track and report.
    • Develop post-incident activity documentation.
    • Understand best practices for both internal and external communication.
    • Finalize key deliverables created during the workshop.
    • Present the security incident response program to key stakeholders.
    • Workshop executive presentation and debrief.
    • Finalize main deliverables.
    • Schedule subsequent Analyst Calls.
    • Schedule feedback call.
    Deliverables
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Security Incident Management RACI Tool
    • Security Incident Management Policy
    • General incident management plan
    • Security Incident Management Runbook
    • Development prioritization
    • Prioritized list of runbooks
    • Understanding of incident handling process
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Post-Incident Report Analysis Template
    • Root Cause Analysis Template
    • Post-Incident Review Questions Tracking Tool
    • Communication plans
    • Workshop summary documentation
  • All final deliverables
  • Measured value for Guided Implementations

    Engaging in GIs doesn’t just offer valuable project advice – it also results in significant cost savings.

    GI Purpose Measured Value
    Section 1: Prepare

    Understand the need for an incident response program.
    Develop your incident response policy and plan.
    Develop classifications around incidents.
    Establish your program implementation roadmap.

    Time, value, and resources saved using our classification guidance and templates: 2 FTEs*2 days*$80,000/year = $1,280
    Time, value, and resources saved using our classification guidance and templates:
    2 FTEs*5 days*$80,000/year = $3,200

    Section 2: Operate

    Prioritize runbooks and develop the processes to create your own incident response program:

  • Detect
  • Analyze
  • Contain
  • Eradicate
  • Recover
  • Post-Incident Activity
  • Time, value, and resources saved using our guidance:
    4 FTEs*10 days*$80,000/year = $12,800 (if done internally)

    Time, value, and resources saved using our guidance:
    1 consultant*15 days*$2,000/day = $30,000 (if done by third party)
    Section 3: Maintain and Optimize Develop methods of proper reporting and create templates for communicating incident response to key parties. Time, value, and resources saved using our guidance, templates, and tabletop exercises:
    2 FTEs*3 days*$80,000/year = $1,920
    Total Costs To just get an incident response program off the ground. $49,200

    Insurance company put incident response aside; executives were unhappy

    Organization implemented ITIL, but formal program design became less of a priority and turned more ad hoc.

    Situation

    • Ad hoc processes created management dissatisfaction around the organization’s ineffective responses to data breaches.
    • Because of the lack of formal process, an entirely new security team needed to be developed, costing people their positions.

    Challenges

    • Lack of criteria to categorize and classify security incidents.
    • Need to overhaul the long-standing but ineffective program means attempting to change mindsets, which can be time consuming.
    • Help desk is not very knowledgeable on security.
    • New incident response program needs to be in alignment with data classification policy and business continuity.
    • Lack of integration with MSSP’s ticketing system.

    Next steps:

    • Need to get stakeholder buy-in for a new program.
    • Begin to establish classification/reporting procedures.

    Follow this case study to Phase 1

    Phase 1

    Prepare

    Develop and Implement a Security Incident Management Program

    Phase 1: Prepare

    PHASE 1 PHASE 2 PHASE 3
    Prepare Operate Optimize

    This phase walks you through the following activities:

    1.1 Establish the drivers, challenges, and benefits.
    1.2 Examine the security incident landscape and trends.
    1.3 Understand your security obligations, scope, and boundaries.
    1.4 Gauge your current process to identify gaps.
    1.5 Formalize a security incident management charter.
    1.6 Identify key players and develop a call escalation tree.
    1.7 Develop a security incident management policy.

    This phase involves the following participants:

    • CISO
    • Security team
    • IT staff
    • Business leaders

    Outcomes of this phase

    • Formalized stakeholder support.
    • Security incident management policy.
    • Security incident management charter.
    • Call escalation tree.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prepare for Incident Response
    Proposed Time to Completion: 3 Weeks
    Step 1.1-1.3 Understand Incident Response Step 1.4-1.7 Begin Developing Your Program
    Start with an analyst kick-off call:
  • Discuss your current incident management status.
  • Review findings with analyst:
  • Review documents.
  • Then complete these activities…
    • Establish your security obligations, scope, and boundaries.
    • Identify the drivers, challenges, and benefits of formalized incident response.
    • Review any existing documentation.
    Then complete these activities…
    • Discuss further incident response requirements.
    • Identify key players for escalation and notifications.
    • Develop the policy.
    • Develop the plan.

    With these tools & templates:
    Security Incident Management Maturity Checklist ‒ Preliminary Information Security Requirements Gathering Tool

    With these tools & templates:
    Security Incident Management Policy
    Security Incident Management Plan
    Phase 1 Results & Insights:

    Ready-made incident response solutions often contain too much coverage: too many irrelevant cases that are not applicable to the organization are accounted for, making it difficult to sift through all the incidents to find the ones you care about. Develop specific incident use cases that correspond with relevant incidents to quickly identify the response process and eliminate ambiguity when handled by different individuals.

    Ice breaker: What is a security incident for your organization?

    1.1 Whiteboard Exercise – 60 minutes

    How do you classify various incident types between service desk, IT/infrastructure, and security?

    • Populate sticky notes with various incidents and assign them to the appropriate team.
      • Who owns the remediation? When are other groups involved? What is the triage/escalation process?
      • What other groups need to be notified (e.g. cyber insurance, Legal, HR, PR)?
      • Are there dependencies among incidents?
      • What are we covering in the scope of this project?

    Microsoft Teams Cookbook

    • Buy Link or Shortcode: {j2store}408|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $6,299 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices.

    Our Advice

    Critical Insight

    Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    Impact and Result

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and use Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Microsoft Teams Cookbook Research & Tools

    Start here – read the Executive Brief

    Learn critical insights for an effective Teams rollout.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Microsoft Teams Cookbook – Sections 1-2

    1. Teams for IT

    Understand best practices for governance of the Teams creation process and Teams rollout.

    • Microsoft Teams Cookbook – Section 1: Teams for IT

    2. Teams for end users

    Get end users on board with this series of how-tos and common use cases for Teams.

    • Microsoft Teams Cookbook – Section 2: Teams for End Users

    [infographic]

     

    Further reading

    Microsoft Teams Cookbook

    Recipes for best practices and use cases for Microsoft Teams.

    Table of contents

    Executive Brief

    Section 1: Teams for IT

    Section 2: Teams for End Users

    Executive Summary

    Situation

    Remote work calls for leveraging your Office 365 license to utilize Teams – but IT is unsure about best practices for governance and permissions.

    Without a framework or plan for governing the rollout of Teams, IT risks overlooking secure use of Teams, the phenomenon of “teams sprawl,” and not realizing how Teams integrates with Office 365 more broadly.

    Complication

    Teams needs to be rolled out quickly, but IT has few resources to help train end users with Teams best practices.

    With teams, channels, chats, meetings, and live events to choose from, end users may get frustrated with lack of guidance on how to use Teams’ many capabilities.

    Resolution

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and utilize Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Key Insights

    Teams is not a standalone app

    Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    IT should paint the first picture for team creation

    No initial governance for team creation can lead to “teams sprawl.” While Teams was built to allow end users’ creativity to flow in creating teams and channels, this can create problems with a cluttered interface and keeping track of information. To prevent end-user dissatisfaction here, IT’s initial Teams rollout should offer a basic structure for end users to work with first, limiting early teams sprawl.

    The Teams admin center can only take you so far with permissions

    Knowing how Teams integrates with other Office 365 apps will help with rolling out sensitivity labels to protect important information being accidentally shared in Teams. Of course, technology only does so much – proper processes to train and hold people accountable for their actions with data sharing must be implemented, too.

    Related Info-Tech Research

    Establish a Communication and Collaboration System Strategy

    Don’t waste your time deploying yet another collaboration tool that won’t get used.

    Modernize Communication and Collaboration Infrastructure

    Your legacy telephony infrastructure is dragging you down – modern communications and collaboration technology will dramatically improve productivity.

    Migrate to Office 365 Now

    One small step to cloud, one big leap to Office 365. The key is to look before you leap.

    Section 1: Teams for IT

    Governance best practices and use cases for IT

    Section 1

    Teams for IT

    Section 2

    Teams for end users

    From determining prerequisites to engaging end users.

    IT fundamentals
    • Creation process
    • Teams rollout
    Use cases
    • Retain and search for legal/regulatory compliance
    • Add an external user to a team
    • Delete/archive a team

    Overview: Creation process

    IT needs to be prepared to manage other dependent services when rolling out Teams. See the figure below for how Teams integrates with these other Office 365 applications.

    A flow chart outlining how Teams integrates with other Office 365 applications. Along the side are different applications, from the top: 'Teams client', 'OneDrive for Business', 'Sharepoint Online', 'Planner (Tasks for Teams)', 'Exchange Online', and 'Stream'. Along the top are services of 'Teams client', 'Files', 'Teams', 'Chat', 'Meeting', and 'Calls'.

    Which Microsoft 365 license do I need to access Teams?

    • Microsoft 365 Business Essentials
    • Microsoft 365 Business Premium
    • Office 365 Enterprise, E1, E3, or E5
    • Office 365 Enterprise E4 (if purchased prior to its retirement)

    Please note: To appeal to the majority of Info-Tech’s members, this blueprint refers to Teams in the context of Office 365 Enterprise licenses.

    Assign admin roles

    You will already have at least one global administrator from setting up Office 365.

    Global administrators have almost unlimited access to settings and most of the data within the software, so Microsoft recommends having only two to four IT and business owners responsible for data and security.

    Info-Tech Best Practice

    Configure multifactor authentication for your dedicated Office 365 global administrator accounts and set up two-step verification.

    Once you have organized your global administrators, you can designate your other administrators with “just-enough” access for managing Teams. There are four administrator roles:

    Teams Service Administrator Manage the Teams service; manage and create Microsoft 365 groups.
    Teams Communications Administrator Manage calling and meetings features with Teams.
    Teams Communications Support Engineer Troubleshoot communications issues within Teams using the advanced troubleshooting toolset.
    Teams Communications Support Specialist Troubleshoot communications issues using Call Analytics.

    Prepare the network

    There are three prerequisites before Teams can be rolled out:

    • UDP ports 3478 through 3481 are opened.
    • You have a verified domain for Office 365.
    • Office 365 has been rolled out, including Exchange Online and SharePoint Online.

    Microsoft then recommends the following checklist to optimize your Teams utilization:

    • Optimize calls and performance using the Call Quality Dashboard.
    • Assess network requirements in the Network Planner in the Teams admin center.
    • Ensure all computers running Teams client can resolve external DNS queries.
    • Check adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion.
    • Route to local or regional Microsoft data centers.
    • Whitelist all Office 365 URLs to move through security layers, especially IDS/IPS.
    • Split tunnel Teams traffic so it bypasses your organization’s VPN.

    Info-Tech Best Practice

    For online support and walkthroughs, utilize Advisor for Teams. This assistant can be found in the Teams admin center.

    Team Creation

    You can create and manage Teams through the Teams PowerShell module and the Teams admin center. Only the global administrator and Teams service administrator have full administrative capabilities in this center.

    Governance over team creation intends to prevent “teams sprawl” – the phenomenon whereby end users create team upon team without guidance. This creates a disorganized interface, with issues over finding the correct team and sharing the right information.

    Prevent teams sprawl by painting the first picture for end users:

    1. Decide what kind of team grouping would best fit your organization: by department or by project.
    2. Start with a small number of teams before letting end users’ creativity take over. This will prevent initial death by notifications and support adoption.
    3. Add people or groups to these teams. Assign multiple owners for each team in case people move around at the start of rollout or someone leaves the organization.
    4. Each team has a general channel that cannot be removed. Use it for sharing an overview of the team’s goals, onboarding, and announcements.

    Info-Tech Best Practice

    For smaller organizations that are project-driven, organize teams by projects. For larger organizations with established, siloed departments, organize by department; projects within departments can become channels.

    Integrations with SharePoint Online

    Teams does not integrate with SharePoint Server.

    Governance of Teams is important because of how tightly it integrates with other Office 365 apps, including SharePoint Online.

    A poor rollout of Teams will have ramifications in SharePoint. A good rollout will optimize these apps for the organization.

    Teams and SharePoint integrate in the following ways:

    • Each team created in Teams automatically generates a SharePoint team site behind it. All documents and chat shared through a team are stored in that team’s SharePoint document library.
    • As such, all files shared through Teams are subject to SharePoint permissions.
    • Existing SharePoint folders can be tied to a team without needing to create a new one.
    • If governance over resource sharing in Teams is poor, information can get lost, duplicated, or cluttered throughout both Teams and SharePoint.

    Info-Tech Best Practice

    End users should be encouraged to integrate their teams and channels with existing SharePoint folders and, where no folder exists, to create one in SharePoint first before then attaching a team to it.

    Permissions

    Within the Teams admin center, the global or Teams service administrator can manage Teams policies.

    Typical Teams policies requiring governance include:

    • The extent end users can discover or create private teams or channels
    • Messaging policies
    • Third-party app use

    Chosen policies can be either applied globally or assigned to specific users.

    Info-Tech Best Practice

    If organizations need to share sensitive information within the bounds of a certain group, private channels help protect this data. However, inviting users into that channel will enable them to see all shared history.

    External and guest access

    Within the security and compliance center, the global or Teams service administrator can set external and guest access.

    External access (federation) – turned on by default.

    • Lets you find, call, and chat with users in other domains. External users will have no access to the organization’s teams or team resources.

    Guest access – turned off by default.

    • Lets you add individual users with their own email address. You do this when you want external users to access teams and team resources. Approved guests will be added to the organization’s active directory.

    If guest access is enabled, it is subject to Azure AD and Office 365 licensing and service limits. Guests will have no access to the following, which cannot be changed:

    • OneDrive for Business
    • An organization’s calendar/meetings
    • PSTN
    • Organization’s hierarchical chart
    • The ability to create, revise, or browse a team
    • Upload files to one-on-one chat

    Info-Tech Best Practice

    Within the security and compliance center, you can allow users to add sensitivity labels to their teams that can prevent external and guest access.

    Expiration and archiving

    To reduce the number of unused teams and channels, or delete information permanently, the global or Teams service administrator can implement an Office 365 group expiration and archiving policy through the Teams admin center.

    If a team has an expiration policy applied to it, the team owner will receive a notification for team renewal 30 days, 15 days, and 1 day before the expiry date. They can renew their team at any point within this time.

    • To prevent accidental deletion, auto-renewal is enabled for a team. If the team owner is unable to manually respond, any team that has one channel visit from a team member before expiry is automatically renewed.
    • A deleted Office 365 group is retained for 30 days and can be restored at any point within this time.

    Alternatively, teams and their channels (including private) can be archived. This will mean that all activity for the team ceases. However, you can still add, remove, and update roles of the members.

    Retention and data loss prevention

    Retention policies can be created and managed in the Microsoft 365 Compliance Center or the security and compliance center PowerShell cmdlets. This can be applied globally or to specific users.

    By default, information shared through Teams is retained forever.

    However, setting up retention policies ensures data is retained for a specified time regardless of what happens to that data within Teams (e.g. user deletes).

    Info-Tech Best Practice

    To prevent external or guest users accessing and deleting sensitive data, Teams is able to block this content when shared by internal users. Ensure this is configured appropriately in your organization:

    • For guest access in teams and channels
    • For external access in meetings and chat

    Please note the following limitations of Teams’ retention and data loss prevention:

    • Organization-wide retention policies will need to be manually inputted into Teams. This is because Teams requires a retention policy that is independent of other workloads.
    • As of May 2020, retention policies apply to all information in Teams except private channel messages. Files shared in private channels, though, are subject to retention policies.
    • Teams does not support advanced retention settings, such as a policy that pertains to specific keywords or sensitive information.
    • It will take three to seven days to permanently delete expired messages.

    Teams telephony

    Teams has built-in functionality to call any team member within the organization through VoIP.

    However, Teams does not automatically connect to the PSTN, meaning that calling or receiving calls from external users is not immediately possible.

    Bridging VoIP calls with the PSTN through Teams is available as an add-on that can be attached to an E3 license or as part of an E5 license.

    There are two options to enable this capability:

    • Enable Phone System. This allows for call control and PBX capabilities in Office 365.
    • Use direct routing. You can use an existing PSTN connection via a Session Border Controller that links with Teams (Amaxra).

    Steps to implement Teams telephony:

    1. Ensure Phone System and required (non-Microsoft-related) services are available in your country or region.
    2. Purchase and assign Phone System and Calling Plan licenses. If Calling Plans are not available in your country or region, Microsoft recommends using Direct Routing.
    3. Get phone numbers and/or service numbers. There are three ways to do this:
      • Get new numbers through the Teams admin center.
      • If you cannot get new numbers through the Teams admin center, you can request new numbers from Microsoft directly.
      • Port or transfer existing numbers. To do this, you need to send Microsoft a letter of authorization, giving them permission to request and transfer existing numbers on your behalf.
    4. To enable service numbers, including toll-free numbers, Microsoft recommends setting up Communications Credits for your Calling Plans and Audio Conferencing.

    Overview: Teams rollout

    1. From Skype (and Slack) to Teams
    2. Gain stakeholder purchase
    3. Employ a phased deployment
    4. Engage end users

    Skype for Business is being retired; Microsoft offers a range of transitions to Teams.

    Combine the best transition mode with Info-Tech’s adoption best practices to successfully onboard and socialize Teams.

    From Skype to Teams

    Skype for Business Online will be retired on July 31, 2021. Choose from the options below to see which transition mode is right for your organization.

    Skype for Business On-Premises will be retired in 2024. To upgrade to Teams, first configure hybrid connectivity to Skype for Business Online.

    Islands mode (default)

    • Skype for Business and Teams coexist while Teams is rolled out.
    • Recommended for phased rollouts or when Teams is ready to use for chat, calling, and meetings.
    • Interoperability is limited. Teams and Skype for Business only transfer information if an internal Teams user sends communications to an external Skype for Business user.

    Teams only mode (final)

    • All capabilities are enabled in Teams and Skype for Business is disabled.
    • Recommended when end users are ready to switch fully to Teams.
    • End users may retain Skype for Business to join meetings with non-upgraded or external parties. However, this communication is only initiated from the Skype for Business external user.

    Collaboration first mode

    • Skype for Business and Teams coexist, but only Teams’ collaboration capabilities are enabled. Teams communications capabilities are turned off.
    • Recommended to leverage Skype for Business communications yet utilize Teams for collaboration.

    Meetings first mode

    • Skype for Business and Teams coexist, but only Teams’ meetings capabilities are enabled.
    • Recommended for organizations that want to leverage their Skype for Business On-Premises’ Enterprise Voice capability but want to benefit from Teams’ meetings through VoIP.

    From Slack to Teams

    The more that’s left behind in Slack, the easier the transition. As a prerequisite, pull together the following information:

    • Usage statistics of Slack workspaces and channels
    • What apps end users utilize in Slack
    • What message history you want to export
    • A list of users whose Slack accounts can map on to required Microsoft accounts
    Test content migration

    Your Slack service plan will determine what you can and can’t migrate. By default, public channels content can be exported. However, private channels may not be exportable, and a third-party app is needed to migrate Direct Messages.

    Files migration

    Once you have set up your teams and channels in Teams, you can programmatically copy files from Slack into the target Teams channel.

    Apps migration

    Once you have a list of apps and their configurations used in Slack’s workspaces, you can search in Teams’ app store to see if they’re available for Teams.

    User identity migration

    Slack user identities may not map onto a Microsoft account. This will cause migration issues, such as problems with exporting text content posted by that user.

    Follow the migration steps to the right.

    Importantly, determine which Slack workspaces and channels should become teams and channels within Teams.

    Usage statistics from Slack can help pinpoint which workspaces and channels are redundant.

    This will help IT paint an ordered first picture for new Teams end users.

    1. Create teams and channels in Teams
    2. Copy files into Teams
    3. Install apps, configure Office 365 Connecters
    4. Import Slack history
    5. Disable Slack user accounts

    Info-Tech Best Practice

    Avoid data-handling violations. Determine what privacy and compliance regulations (if any) apply to the handling, storage, and processing of data during this migration.

    Gain stakeholder purchase

    Change management is a challenging aspect of implementing a new collaboration tool. Creating a communication and adoption plan is crucial to achieving universal buy-in for Teams.

    To start, define SMART objectives and create a goals cascade.

    Specific Measurable Actionable Realistic Time Bound
    Make sure the objective is clear and detailed. Objectives are `measurable` if there are specific metrics assigned to measure success. Metrics should be objective. Objectives become actionable when specific initiatives designed to achieve the objective are identified. Objectives must be achievable given your current resources or known available resources. An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    Who, what, where, why? How will you measure the extent to which the goal is met? What is the action-oriented verb? Is this within my capabilities? By when: deadline, frequency?

    Sample list of stakeholder-specific benefits from improving collaboration

    Stakeholder Driver Benefits
    Senior Leadership Resource optimization Increased transparency into IT operational costs.
    Better ability to forecast hardware, resourcing costs.
    All employees Increasing productivity Apps deployed faster.
    Issues fixed faster.
    Easier access to files.
    Able to work more easily offsite.
    LBU-HR, legal, finance Mitigating risk Better able to verify compliance with external regulations.
    Better understanding of IT risks.
    Service desk Resource optimization Able to resolve issues faster.
    Fewer issues stemming from updates.
    Tier 2 Increasing productivity Less time spent on routine maintenance.

    Use these activities to define what pain points stakeholders face and how Teams can directly mitigate those pain points.

    (Source: Rationalize Your Collaboration Tools (coming soon), Activities: 3.1C – 3.1D)

    Employ a phased deployment

    Info-Tech Best Practice

    Deploy Teams over a series of phases. As such, if you are already using Skype for Business, choose one of the coexistence phases to start.

      1. Identify and pilot Teams with early adopters that will become your champions. These champions should be formally trained, be encouraged to help and train their colleagues, and be positively reinforced for their efforts.
      2. Iron out bugs identified with the pilot group and train middle management. Enterprise collaboration tool adoption is strongly correlated with leadership adoption.
        1. Top-level management
          Control and direct overall organization.
        2. Middle management
          Execute top-level management’s plans in accordance with organization’s norms.
        3. First-level management
          Execute day-to-day activities.
      3. Use Info-Tech’s one-pager marketing template to advertise the new tool to stakeholders. Highlight how the new tool addresses specific pain points. Address questions stemming from fear and uncertainty to avoid employees’ embarrassment or their rejection of the tool.
    A screenshot of Info-Tech's one-pager marketing template.
    1. Extend the pilot to other departments and continue this process for the whole organization.

    (Source: Rationalize Your Collaboration Tools (coming soon), Tools:GANTT Chart and Marketing Materials, Activities: 3.2A – 3.2B)

    Info-Tech Insight

    Be in control of setting and maintaining expectations. Aligning expectations with reality and the needs of employees will lower onboarding resistance.

    Engage end users

    Short-term best practices

    Launch day:
    • Hold a “lunch and learn” targeted training session to walk end users through common use cases.
    • Open a booth or virtual session (through Teams!) and have tool representatives available to answer questions.
    • Create a game to get users exploring the new tool – from scavenger hunts to bingo.
    Launch week:
    • Offer incentives for using the tool and helping others, including small gift cards.
    • Publicize achievements if departments hit adoption milestones.

    Long-term best practices

    • Make available additional training past launch week. End users should keep learning new features to improve familiarity.
    • Distribute frequent training clips, slowly exposing end users to more complex ways of utilizing Teams.
    • Continue to positively reinforce and recognize those who use Teams well. This could be celebrating those that help others use the tool, how active certain users are, and attendance at learning events.

    Info-Tech Best Practice

    Microsoft has a range of training support that can be utilized. From instructor-led training to “Coffee in the Cloud” sessions, leverage all the support you can.

    Use case #1: Retain and search data for legal/regulatory compliance

    Scenario:

    Your organization requires you to retain data and documents for a certain period of time; however, after this period, your organization wishes to delete or archive the data instead of maintaining it indefinitely. Within the timeframe of the retention policy, the admin may be asked to retrieve information that has been requested through a legal channel.

    Purpose:
    • Maintain compliance with the legal and regulatory standards to which the organization is subject.
    Jobs:
    • Ensure the data is retained for the approved time period.
    • Ensure the policy applies to all relevant data and users.
    Solution: Retention Policies
    • Ensure that your organization has an Office 365 E3 or higher license.
    • Set the desired retention policy through the Security & Compliance Center or PowerShell by deciding which teams, channels, chats, and users the policies will apply to and what will happen once the retention period ends.
    • Ensure that matching retention policies are applied to SharePoint and OneDrive, since this is where files shared in Teams are stored.
    • Be aware that Teams retention policies cannot be applied to messages in private channels.
    Solution: e-Discovery
    • If legally necessary, place users or Teams on legal hold in order to retain data that would be otherwise deleted by your organization’s retention policies.
    • Perform e-discovery on Teams messages, files, and summaries of meetings and calls through the Security & Compliance Center.
    • See Microsoft’s chart on the next slide for what is e-discoverable.

    Content subject to e-discovery

    Content type eDiscoverable Notes
    Teams chat messages Yes Chat messages from chats where guest users are the only participants in a 1:1 or 1:N chat are not e-discoverable.
    Audio recordings No  
    Private channel messages Yes  
    Emojis, GIFs, stickers Yes  
    Code snippets No  
    Chat links Yes  
    Reactions (likes, hearts, etc) No  
    Edited messages Yes If the user is on hold, previous versions of edited messages are preserved.
    Inline images Yes  
    Tables Yes  
    Subject Yes  
    Quotes Yes Quoted content is searchable. However, search results don’t indicate that the content was quoted.
    Name of channel No  

    E-discovery does not capture audio messages and read receipts in MS Teams.

    Since files shared in private channels are stored separately from the rest of a team, follow Microsoft’s directions for how to include private channels in e-discovery. (Source: “Conduct an eDiscovery investigation of content in Microsoft Teams,” Microsoft, 2020.)

    Use case #2: Add external person to a team

    Scenario:

    A team in your organization needs to work in an ongoing way with someone external to the company. This user needs access to the relevant team’s work environment, but they should not be privy to the goings-on in the other parts of the organization.

    Jobs:

    This external person needs to be able to:

    • Attend meetings
    • Join calls
    • Chat with individual team members
    • View and collaborate on the team’s files
    Solution:
    • If necessary, set a data loss prevention policy to prevent your users from sharing certain types of information or files with external users present in your organization’s Teams chats and public channels.
    • Ensure that your Microsoft license includes DLP protection. However:
      • DLP cannot be applied to private channel messages.
      • DLP cannot block messages from external Skype for Business users nor external users who are not in “Teams only” mode.
    • Ensure that you have a team set up for the project that you wish the external user to join. The external user will be able to see all the channels in this team, unless you create a private channel they are restricted from.
    • Complete Microsoft’s “Guest Access Checklist” to enable guest access in Teams, if it isn’t already enabled.
    • As admin, give the external user guest access through the Teams admin center or Azure AD B2B collaboration. (If given permission, team owners can also add guests through the Teams client).
    • Decide whether to set a policy to monitor and audit external user activity.

    Use case #3: Delete/archive a team

    Scenario:

    In order to avoid teams sprawl, organizations may want IT to periodically delete or archive unused teams within the Teams client in order to improve the user interface.

    Alternately, if you are using a project-based approach to organizing Teams, you may wish to formalize a process to archive a team once the project is complete.

    Delete:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Ensure that deletion does not contradict the organization’s retention policy.
    • If not, proceed with deletion. Find the team in the Teams admin center and delete.
    • Restore a deleted team within 30 days of its initial deletion through PowerShell.
    Archive:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Find the relevant team in the Teams admin center and change its status to “Archived.”
    • Restore the archived team if the workspace becomes relevant once again.

    Info-Tech Best Practice

    Remind end users that they can hide teams or channels they do not wish to see in their Teams interface. Knowing a team can be hidden may impact a team owner’s decision to delete it.

    Section 2: Teams for End Users

    Best practices for utilizing teams, channels, chat, meetings, and live events

    Section 1

    Teams for IT

    Section 2

    Teams for end users

    From Teams how-tos to common use cases for end users.

    End user basics
    • Teams, channels, and chat
    • Meetings and live events
    Common use cases: Workspaces
    • WS#1: Departments
    • WS#2: A cross-functional committee
    • WS#3: An innovation day event
    • WS#4: A non-work-related social event
    • WS#5: A project team with a defined end time
    Common use cases: Meetings
    • M#1: Job interview with an external candidate
    • M#2: Quarterly board meeting
    • M#3: Weekly recurring team meeting
    • M#4: Morning stand-up/scrum
    • M#5: Phone call between two people

    Overview: Teams, channels, and chat

    Teams

    • Team: A workspace for a group of collaborative individuals.
      • Public channel: A focused area where all members of a team can meet, communicate, and share ideas and content.
      • Private channel: Like a public channel but restricted to a subset of team members, defined by channel owner.

    Chat

    • Chat: Two or more users collected into a common conversation thread.
    (Source: “Overview of teams and channels in Microsoft Teams,” Microsoft, 2020.)

    For any Microsoft Teams newcomer, the differences between teams, channels, and chat can be confusing.

    Use Microsoft’s figure (left) to see how these three mediums differ in their role and function.

    Best practices: Workspaces 1/2

      Team
    A workspace for a group of collaborative individuals.
    Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.
    Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.
    Group Chat
    Two or more users collected into a common conversation thread.
    Limits and Administrative Control
    Who can create? Default setting: All users in an organization can create a team

    Maximum 500,000 teams per tenant

    Any member of a team can create a public channel within the team

    Maximum 200 public channels per team

    Any member of a team can create a private channel and define its members

    Maximum 30 private channels per team

    Anyone
    Who can add members? Team owner(s); max 5,000 members per team N/A Channel owner(s) can add up to 250 members Anyone can bring new members into the chat (and decide if they can see the previous history) up to 100 members
    Who can delete? Team owner/admin can delete Any team member Channel owner(s) Anyone can leave a chat but cannot delete chat, but they are never effectively deleted
    Social Context
    Who can see it? Public teams are indexed and searchable

    Private teams are not indexed and are visible only to joined members

    All members of the team can see all public channels. Channels may be hidden from view for the purposes of cleaning up the UI. Individuals will only see private channels for which they have membership Only participants in the group chat can see the group chat
    Who can see the content? Team members can see any content that is not otherwise part of a private channel All team members All members of the private channel Only members of the group chat

    When does a Group Chat become a Channel?

    • When it’s appropriate for the conversation to have a gallery – an audience of members who may not be actively participating in the discussion.
    • When control over who joins the conversation needs to be centrally governed and not left up to anyone in the discussion.
    • When the discussion will persist over a longer time period.
    • When the number of participants approaches 100.

    When does a Channel become a Team?

    • When a team approaches 30 private channels, many of those private channels are likely candidates to become their own team.
    • When the channel membership needs to extend beyond the boundary of the team membership.

    Best practices: Workspaces 2/2

      Team
    A workspace for a group of collaborative individuals.
    Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.
    Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.
    Group Chat
    Two or more users collected into a common conversation thread.
    Data and Applications
    Where does the content live? SharePoint: Every team resides in its own SharePoint site SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository OneDrive: Files that are shared in a chat are stored in the OneDrive folder of the original poster and shared to the other members
    How does the data persist or be retained? If a team expires/is deleted, its corresponding SharePoint site and those artifacts are also deleted Available for 21 days after deletion. Any member of the team can delete a public channel. The team owner and private channel owner can delete/restore a private channel Chats are never effectively deleted. They can be hidden to clean up the user interface.
    Video N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Phone calls N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Shared computer audio/screen N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    File-sharing Within channels Yes. Frequently used/collaborated files can be turned into discrete tab. Yes. Frequently used/collaborated files can be turned into discrete tab. Yes
    Wikis Within channels Yes Yes No
    Whiteboarding No No No No

    When does a Team become a Channel?

    • When a team’s purpose for existing can logically be subsumed by another team that has a larger scope.

    When does a Channel become a Group Chat?

    • When a conversation within a channel between select users does not pertain to that channel’s scope (or any other existing channel), they should move the conversation to a group chat.
    • However, this is until that group chat desires to form a channel of its own.

    Create a new team

    Team owner: The person who creates the team. It is possible for the team owner to then invite other members of the team to become co-owners to distribute administrative responsibilities.

    Team members: People who have accepted their invitation to be a part of the team.

    NB: Your organization can control who has permission to set up a team. If you can’t set a up a team, contact your IT department.

    Screenshots detailing how to create a new team in Microsoft Teams, steps 1 to 3. Step 1: 'Click the <Teams data-verified= tab on the left-hand side of the app'. Step 2: 'At the bottom of the app, click '. Step 3: 'Under the banner , click '.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Build a team from scratch' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.1. There are buttons for 'Private' and 'Public'.

    Decide if you want you new team from scratch to be private or public. If you set up a private team, any internal or external user you invite into the team will have access to all team history and files shared.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.2 and 4.3. 4.2 has a space to give your team a name and another for a description. 4.3 says 'Then click <Create data-verified='.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Create from...' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.4. It reads 'Create a new team from something you already own' with a button for 'Team'.

    Configure your new team settings, including privacy, apps, tabs, and members.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.5 and 4.6. 4.5 has a space to give your team a name, a description, choose privacy settings, and what you'd like to include from the original team. 4.6 says 'Then click <Create data-verified='.">

    Add team members

    Remove team members

    Screenshot detailing how to add team members in Microsoft Teams, step 1.

    To add a team member, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add member.”

    Screenshot detailing how to remove team members in Microsoft Teams, step 1.

    Only team owners can remove a team member. To do so, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Manage team.”

    Screenshot detailing how to add team members in Microsoft Teams, step 2.

    If you’re a team owner, you can then type a name or an email address to add another member to the team.

    If you’re a team member, typing a name or an email address will send a request to the team owner to consider adding the member.

    Screenshot detailing how to remove team members in Microsoft Teams, step 2.

    Under the “Members” tab, you’ll see a list of the members in the team. Click the “X” at the far right of the member’s name to remove them.

    Team owners can only be removed if they change their role to team member first.

    Create a new channel

    Screenshot detailing how to create a new channel in Microsoft Teams, step 1.

    On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add channel.”

    Screenshot detailing how to create a new channel in Microsoft Teams, step 2.

    Name your channel, give a description, and set your channel’s privacy.

    Screenshot detailing how to create a new channel in Microsoft Teams, step 3.

    To manage subsequent permissions, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Manage channel.”

    Adding and removing members from channels:

    Only members in a team can see that team’s channels. Setting channel privacy as “standard” means that the channel can be accessed by anyone in a team. Unless privacy settings for a channel are set as “private” (from which the channel creator can choose who can be in that channel), there is no current way to remove members from channels.

    It will be up to the end user to decide which channels they want to hide.

    Link team/channel to SharePoint folder

    Screenshot detailing how to link a team or channel to a SharePoint folder in Microsoft Teams, steps 1, 2, and 3. Step 1: 'Along the top of the team/channel tab bar, click the “+” symbol'. Step 2: 'Select “Document Library” to link the team/channel to a SharePoint folder'. Step 3: 'Copy and paste the SharePoint URL for the desired folder, or search in “Relevant sites” if the folder can be found there'.

    Need to find the SharePoint URL?

    Screenshot detailing how to find the SharePoint URL in Microsoft Teams. 'Locate the folder in SharePoint and click <Show actions data-verified=', 'Click to access the folder's SharePoint URL.'">

    Hide/unhide teams

    Hide/unhide channels

    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 1.

    To hide a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden teams are moved to the “hidden teams” menu at the bottom of your team list.

    Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 1.

    To hide a channel, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden channels are moved to the “hidden channels” menu at the bottom of your channel list in that team.

    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 2. Screenshot of a button that says 'Hidden teams'.

    To unhide a team, click on the “hidden teams” menu. On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Show.”

    Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 2.

    To unhide a channel, click on the “hidden channels” menu at the bottom of the team. This will produce a drop-down menu of all hidden channels in that team.

    Hover over the channel you want to unhide and click “Show.”

    Find/join teams

    Leave teams

    Screenshot detailing how to find and join teams in Microsoft Teams, step 1. Click the “Teams” tab on the left-hand side of the app. Screenshot detailing how to find and join teams in Microsoft Teams, step 2.

    At the bottom of the app, click “Join or create a team.” Teams will then suggest a range of teams that you might be looking for. You can join public teams immediately. You will have to request approval to join a private team.

    Screenshot detailing how to leave teams in Microsoft Teams.

    To leave a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Leave the team.”

    NB: If the owner of a private team has switched off discoverability, you will have to contact that owner to join that team. Screenshot detailing how to find and join teams in Microsoft Teams, step 3. If you can’t immediately see the team, you have two options: either search for the team or enter that team’s code under the banner “Join a team with a code.” Can I find a channel?

    No. To join a channel, you need to first join the team that channel belongs to.

    Can I leave a channel?

    No. The most you can do is hide the channel. By default, if you join a team you will have access to all the channels within that team (unless a channel is private, in which case you’ll have to request access to that channel).

    Create a chat

    Screenshots detailing how to create a chat in Microsoft Teams, steps 1 to 5. Step 1:'Click the “Chat” tab on the left hand side of the app (or keyboard shortcut Ctrl+N)'. Step 2: 'Search the name of the person you want to chat with'. Step 3: 'You’re now ready to start the chat! You can also send a chat message while working in a separate channel by typing/chat into the search bar and entering the recipient’s name'. Step 4: 'For group chat, click the “Add people” button in the top right hand corner of the app to add other persons into the existing chat'. Step 5: 'You can then rename the group chat (if there are 3+ people) by clicking the “Name group chat” option to the right of the group chat members’ names'.

    Hide a chat

    Unhide a chat

    Screenshots detailing how to hide a chat in Microsoft Teams, steps 1 to 3. Step 1:'Click the “Chat” tab on the left-hand side of the app'. Step 2: 'Search the name of the chat or group chat that you want to hide'. Step 3: In either 'Single person chat options' or 'Group chat options' Click “More options.” Then click “Hide.”' To unhide a chat, search for the hidden person or name of the group chat in the search bar. Click “More options.” Then click “Unhide.” Screenshot detailing how to unhide a chat in Microsoft Teams.

    Leave a chat

    You can only leave group chats. To do so, click “More options.” Then click “Leave.” Screenshot detailing how to leave a chat in Microsoft Teams.

    Overview: Meetings and live events

    Teams Meetings: Real-time communication and collaboration between a group, limited to 250 people.

    Teams Live Events: designed for presentations and webinars to a large audience of up to 10,000 people, in which attendees watch rather than interact.

     

    Office 365 and Microsoft 365 Licenses

    I want to: F1 F3 E1 E3 E5 Audio conferencing add-on
    Join a Teams meeting No license required. Any email address can participate in a Teams meeting.
    Attend a Teams meeting with a dial-in phone number No license required. Any phone number can dial into a Teams meeting. (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Attend a Teams live event No license required. Any phone number can dial into a Teams live event.
    Create a Teams meeting for up to 250 attendees   One of these licensing plans
    Create a Teams meeting for up to 250 attendees with a dial-in phone number   One of these licensing plans + Audio Conferencing (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Create a Teams live event for up to 10,000 attendees     One of these licensing plans
    Dial out from a Teams meeting to add someone at their Call me at number   One of these licensing plans + Audio Conferencing (Meeting dial out to a Call me at number requires organizers to have an E5 or Audio Conference add-in license. A dial plan may also be needed.)

    Depending on the use case, end users will have to determine whether they need to hold a meeting or a live event.

    Use Microsoft’s table (left) to see what license your organization needs to perform meetings and live events.

    (Source: “Admin quick start – Meetings and live events in Microsoft Teams,” Microsoft, 2020.)

    Best practices: Meetings

      Ad Hoc Call
    Direct audio/video call
    Scheduled Meeting Live Event
    Limits and Administrative Control
    Who can create? Anyone Anyone Anyone, unless altered by admin (permission to create MS Stream events also required if external production tools are used).
    Who can add members? Anyone in the session. The meeting organizer can add new attendees to the meeting. The event creator (the “organizer”) sets attendee permissions and assigns event group roles (“producer” and “presenter”).
    Can external stakeholders attend? Yes, through email invite. However, collaboration tools are restricted. Yes, through email invite. However, collaboration tools are restricted. Public events: yes, through shared invite link.
    Org-wide event: yes, if guest/external access granted.
    Who can delete? Anyone can leave the session. There is no artifact to delete. The meeting organizer Any attendee can leave the session.
    The organizer can cancel the event.
    Maximum attendees 100 250 10,000 attendees and 10 active presenters/producers (250 presenters and producers can be present at the event).
    Social Context
    How does the request come in? Unscheduled.
    Notification of an incoming audio or video call.
    Scheduled.
    Meeting invite, populated in the calendar, at a scheduled time.
    Meeting only auto-populated in event group’s calendars. Organizer must circulate event invite link to attendees – for instance, by pasting link into an Outlook meeting invite.
    Available Functionality
    Screen-sharing Yes Yes Producers and Presenters (through Teams, no third-party app).
    Whiteboard No Yes Yes
    OneNote (for minutes) Yes (from a member’s OneDrive) Yes, part of the meeting construct. No. A Meeting Notes tab is available instead.
    Dedicated chat space Yes. Derived from a group chat. Meeting has its own chat room. The organizer can set up a moderated Q&A (not chat) when creating the event. Only Presenters and Producers can chat.
    Recording Yes Yes Yes. Event can last up to 4 hours.

    When should an Ad Hoc Call become a Scheduled Meeting?

    • When the participants need time to prepare content for the call.
    • When an answer is not required immediately.
    • When bringing a group of people together requires logistical organizing.

    When should a Scheduled Meeting become an Ad Hoc Call?

    • When the participants can meet on short notice.
    • When a topic under discussion requires creating alignment quickly.

    When should a Live Event be created?

    • When the expected attendance exceeds 250 people.
    • If the event does not require collaboration and is mostly a presenter conveying information.

    Create a scheduled meeting

    Screenshots detailing how to create a scheduled meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top-right of the app, click the drop-down menu for “+ New meeting” and then “Schedule meeting.”' Step 3: 'Fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting'.

    Create an ad hoc meeting

    Screenshots detailing how to create an ad hoc meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'Along the top-right, click “Meet now.”' Step 3: 'Name your meeting, choose your audio and video settings, and click “Join now.”'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting. You’ll then be prompted to fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'.

    Tip: Use existing channels to host the chatrooms for your online meetings

    When you host a meeting online with Microsoft Teams, there will always be a chatroom associated with the meeting. While this is a great place for meeting participants to interact, there is one particular downside.

    Problem: The never-ending chat. Often the activity in these chatrooms can persist long after the meeting. The chatroom itself becomes, unofficially, a channel. When end users can’t keep up with the deluge of communication, the tools have failed them.

    Solution: Adding an existing channel to the meeting. This ensures that discussion activity is already hosted in the appropriate venue for the group, during and after the meeting. Furthermore, it provides non-attendees with a means to catch up on the discussion they have missed.

    In section two of this cookbook, we will often refer to this tactic.

    A screenshot detailing how to add an existing channel to a meeting in Microsoft Teams. 'Break the habit of online booking meetings in Outlook – use the Teams Calendar View instead! In order to make use of this function, the meeting must be setup in Microsoft Teams, not Microsoft Outlook. The option to assign a channel to the meeting will then be available to the meeting organizer.'

    Don’t have a channel for the chat session of your online meeting? Perhaps you should!

    If your meeting is with a group of individuals that will be collaborating frequently, they may need a workspace that persists beyond the meeting.

    Guests can still attend the meeting, but they can’t chat!

    If there are attendees in your meeting that do not have access to the channel you select to host the chat, they will not see the chat discussion nor have any ability to use this function.

    This may be appropriate in some cases – for example, a vendor providing a briefing as part of a regular team meeting.

    However, if there are attendees outside the channel membership that need to see the meeting chat, consider another channel or simply default to not assigning one.

    Meeting settings explained

    Show device settings. For settings concerning audio, video, and whether viewing is private.

    Show meeting notes. Use to take notes throughout the meeting. The notes will stay attached to this event.

    Show meeting details. Find meeting information for: a dial-in number, conference ID, and link to join.

    Enter full screen.

    Show background effects. Choose from a range of video backgrounds to hide/blur your location.

    Turn on the captions (preview). Turn on live speech-to-text captions.

    Keypad. For dialing a number within the meeting (when enabled as an add-on with E3 or as part of E5).

    Start recording. Recorded and saved using Microsoft Stream.

    End meeting.

    Turn off incoming video. To save network bandwidth, you can decline receiving attendee’s video.

    Click “More options” to access the meetings settings.

    Screen share. In the tool tray, select “Share” to share your screen. Select particular applications if you only want to share certain information; otherwise, you can share your whole desktop.

    System audio share. To share your device’s audio while screen sharing, checkbox the “Include system audio” option upon clicking “Share.”

    If you didn’t click that option at the start but now want to share audio during screen share, click the “Include systems audio” option in the tool tray along the top of the screen.

    Give/take control of screen share. To give control, click “Give control” in the tool tray along the top of the screen when sharing content. Choose from the drop-down who you would like to give control to. In the same spot, click “Take back control” when required.

    To request control, click “Request control” in the same space when viewing someone sharing their content. Click “Release control” once finished.

    Start whiteboarding

    1. You’ll first need to enable Microsoft Whiteboard in the Microsoft 365 admin center. Ask your relevant admin to do so if Whiteboard is not already enabled.
    2. Once enabled, click “Share” in a meeting. This feature only appears if you have 3+ participants in the meeting.
    3. Under the “Whiteboard” section in the bottom right, click “Microsoft Whiteboard.”
    4. Click the pen icons to the right of the screen to begin sketching.

    NB: Anonymous, federated, or guest users are currently not supported to start, view, or ink a whiteboard in a Teams meeting.

    Will the whiteboard session be recorded if the meeting is being recorded?

    No. However, the final whiteboard will be available to all meeting attendees after the meeting, under “Board Gallery” in the Microsoft Whiteboard app. Attendees can then continue to work on the whiteboard after the meeting has ended.

    Create a live event

    Screenshots detailing how to create a live event in Microsoft Teams, steps 1 to 3. Step 1: 'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top right of the app, click the drop-down menu for “+ New meeting” and then “Live event.”' Step 3: 'You will be labeled the “Event organizer.” First, fill in the live event details on the left'. Screenshot detailing how to create a live event in Microsoft Teams, step 4.

    As the organizer, you can invite other people to the event who will be the “producers” or “presenters.”

    Producers: Control the live event stream, including being able to start and stop the event, share their own and others’ video, share desktop or window, and select layout.

    Presenters: Present audio, video, or a screen.

    Screenshot detailing how to create a live event in Microsoft Teams, step 5.

    Select who your audience will be for your live event from three options: specified people and groups, the organization, or the public with no sign-in required.

    Edit the setting for whether you want recording to be available for attendees.

    Then click “Schedule” to finish.

    Live event settings explained

    When you join the live event as a producer/presenter, nothing will be immediately broadcast. You’ll be in a pre-live state. Decide what content to share and in what order. Along the bottom of the screen, you can share your video and audio, share your screen, and mute incoming attendees.

    Once your content is ready to share along the bottom of the screen, add it to the screen on the left, in order of viewing. This is your queue – your “Pre-live” state. Then, click “Send now.”

    This content will now move to the right-hand screen, ready for broadcasting. Once you’re ready to broadcast, click “Start.” Your state will change from “Pre-live” to “Live.”

    Along the top right of the app will be a tools bar.

    Screenshot listing live events settings icons in Microsoft Teams. Beside the heart monitor icon is 'Monitor health and performance of network, devices, and media sharing'. Beside the notepad icon is 'Take meeting notes'. Beside the chatbox icon is 'Chat function'. Beside the two little people with a plus sign icon is 'Invite and show participants'. Beside the gear icon is 'Device settings'. Beside the small 'i' in a circle is 'Meeting details, including schedule, meeting link, and dial-in number'.

    Workspace #1: Departments

    Scenario: Most of your organization’s communication and collaboration occurs within its pre-existing departmental divisions.

    Conventional communication channels:

    • Oral communication: Employees work in proximity to each other and communicate in person, by phone, in department meetings
    • Email: Department-wide announcements
    • Memos: Typically posted/circulated in mailboxes

    Solution: Determine the best way to organize your organization’s departments in Teams based on its size and your requirements to keep information private between departments.

    Option A:

    • Create a team for the organization/division.
    • Create channels for each department. Remember that all members of a team can view all public channels created in that team and the default General channel.
    • Create private channels if you wish to have a channel that only select members of that team can see. Remember that private channels have some limitations in functionality.

    Option B:

    • Create a new team for each department.
    • Create channels within this team for projects or topics that are recurring workflows for the department members. Only department members can view the content of these channels.

    Option C:

    • Post departmental memos and announcements in the General channel.
    • Use “Meet now” in channels for ad hoc meetings. For regular department meetings, create a recurring Teams calendar event for the specific department channel (Option A) or the General channel (Option B). Remember that all members of a team can join a public channel meeting.

    Workspace #2: A cross-functional committee

    Scenario: Your organization has struck a committee composed of members from different departments. The rest of the organization should not have access to the work done in the committee.

    Purpose: To analyze a particular organizational challenge and produce a plan or report; to confidentially develop or carry out a series of processes that affect the whole organization.

    Jobs: Committee members must be able to:

    • Attend private meetings.
    • Share files confidentially.

    Solution:

    Ingredients:

    • Private team

    Construction:

    • Create a new private team for the cross-functional committee.
    • Add only committee members to the team.
    • Create channels based on the topics likely to be the focal point of the committee work.
    • Decide how you will use the mandatory General channel. If the committee is small and the work limited in scope, this channel may be the main communication space. If the committee is larger or the work more complex, use the General channel for announcements and move discussions to new topic-related channels.
    • Schedule recurring committee meetings in the Teams calendar. Add the relevant channel to the meeting invite to keep the meeting chat attached to this team and channel (as meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite).
    • Remember that all members of this team will have access to these meetings and be able to view that they are occurring.

    Workspace #3: An innovation day event

    Scenario: The organization holds a yearly innovation day event in which employees form small groups and work on a defined, short-term problem or project.

    Purpose: To develop innovative solutions and ideas.

    Jobs:

    • Convene small groups.
    • Work toward time-sensitive goals.
    • Communicate synchronously.
    • Share files.

    Solution:

    Ingredients:

    • Public team
    • Channel tabs
    • Whiteboard
    • Planner

    Construction:

    • Create a team for the innovation day event.
    • Add channels for each project working group.
    • Communicate to participants the schedule for the day and their assigned channel.
    • Use the General channel for announcements and instructions throughout the day. Ensure someone moderates the General channel for participants’ questions.
    • Pre-populate the channel tabs with files the participants need to work with. To add a scrum board, refer to M#4 (Morning stand-up/Scrum) in this slide deck.
    • For breakouts, instruct participants to use the “meet now” feature in their channel and how to use the Whiteboard during these meetings.
    • Arrange to have your IT admin archive the team after a certain point so the material is still viewable but not editable.

    Workspace #4: A non-work-related social event

    Scenario: Employees within the organization wish to organize social events around shared interests: board game clubs, book clubs, TV show discussion groups, trivia nights, etc.

    Purpose: To encourage cohesion among coworkers and boost morale.

    Jobs:

    • Schedule the event.
    • Invite participants.
    • Prepare the activity.
    • Host and moderate the discussion.

    Solution:

    Ingredients:

    • Public team
    • Private channels
    • Screen-sharing

    Construction:

    • Create a public team for the social event so that interested people can find and join it.
    • Example: Trivia Night
      • Schedule the event in the Teams calendar.
      • Publish the link to the Trivia Night team where other employees will see it.
      • Create private channels for each trivia team so they cannot see the other competitors’ discussions. Add yourself to each private channel so you can see their answers.
      • As the host, begin a meeting in the General channel. Pose the trivia questions live or present the questions on PowerPoint via screen-sharing.
      • Ask each team to post its answers to its private channel.
    • To avoid teams sprawl, ask your IT admin to set a deletion policy for the team, as long as this request does not contradict your organization’s policies on data retention. If the team becomes moribund, it can be set to auto-delete after a certain period of time.

    Workspace #5: A project team with a defined end time

    Scenario: Within a department/workplace team, employees are assigned to projects with defined end times, after which they will be assigned to a new project.

    Purpose: To complete project-based work that fulfills business needs.

    Jobs:

    • Oral communication with team members.
    • Synchronous and asynchronous work on project files.
    • The ability to attend scheduled meetings and ad hoc meetings.
    • The ability to access shared resources related to the project.

    Solution:

    If your working group already has its own team within Teams:

    • Create a new public or private channel for the project. Remember that some functionality is not available in private channels (such as Microsoft Planner).
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now).
    • Add a tab that links to the team’s project folder in SharePoint.

    If your workplace team does not already have its own team in Teams:

    • Determine if there is a natural fit for this project as a new channel in an existing team. Remember that all team members will be able to see the channel if it is public and that all relevant project members need to belong to the Team to participate in the channel.
    • If necessary, create a new team for the project. Add the project members.
    • Create channels based on the type of work that comprises the project.
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now)
    • Add a tab to link to the team’s project folder in SharePoint.

    Info-tech Best Practice

    Hide the channel after the project concludes to de-clutter your Teams user interface.

    Meeting #1: Job interview with external candidate

    Scenario: The organization must interview a slate of candidates to fill an open position.

    Purpose:

    • Select the most qualified candidate for the job.

    Jobs:

    • Create a meeting, ensuring the candidate and other attendees know when and where the meeting will happen.
    • Ensure the meeting is secure to protect confidential information.
    • Ensure the meeting is accessible, allowing the candidate to present themselves through audio and/or visual means.
    • Create a professional environment for the meeting to take place.
    • Engender a space for the candidate to share their CV, research, or other relevant file.
    • The interview must be transcribed and recorded.

    Solution:

    Ingredients:

    • Private Teams meeting
    • Screen-sharing
    • Microsoft Stream

    Construction:

    • Create a Teams meeting, inviting the candidate with their email, alongside other internal attendees. The Teams meeting invite will auto-generate a link to the meeting itself.
    • The host can control who joins the meeting through settings for the “lobby.”
    • Through the Teams meeting, the attendees will be able to use the voice and video chat functionality.
    • All attendees can opt to blur their backgrounds to maintain a professional online presence.
    • The candidate can share their screen, either specific applications or their whole desktop, during the Teams meeting.
    • A Teams meeting can be recorded and transcribed through Stream. After the meeting, the transcript can be searched, edited, and shared

    NB: The external candidate does not need the Teams application. Through the meeting invite, the external candidate will join via a web browser.

    Meeting #2: Quarterly board meeting

    Scenario: Every quarter, the organization holds its regular board meeting.

    Purpose: To discuss agenda items and determine the company’s future direction.

    Jobs:

    During meeting:
      • Attendance and minutes must be taken.
      • Votes must be recorded.
      • In-camera sessions must occur.
      • External experts must be included.
    After meeting:
    • Follow-up items must be assigned.
    • Reports must be submitted.

    Solution:

    Ingredients:

    • Teams calendar invite
    • Planner; Forms
    • Private channel
    • Microsoft Stream

    Construction:

    • Guest Invite: Invites can be sent to any non-domain-joined email address to join a private, invitation-only channel within the team controlled by the board chair.
    • SharePoint & Flow: Documents are emailed to the Team addresses, which kicks off an MS Flow routine to collect review notes.
    • Planner: Any board member can assign tasks to any employee.
    • Forms/Add-On: Chair puts down the form of the question and individual votes are tracked.
    • Teams cloud meeting recording: Recording available through Stream. Manual edits can be made to VTT caption file. Greater than acceptable transcription error rate.
    • Meeting Log: Real-time attendance is viewable but a point-in-time record needs admin access.

    NB: The external guests do not need the Teams application. Through the meeting invite, the guests will join via a web browser.

    Meeting #3: Weekly team meeting

    Scenario: A team meets for a weekly recurring meeting. The meeting is facilitated by the team lead (or manager) who addresses through agenda items and invites participation from the attendees.

    Purpose: The purpose of the meeting is to:

    • Share information verbally
    • Present content visually
    • Achieve consensus
    • Build team morale

    Jobs: The facilitator must:

    • Determine participants
    • Book room
    • Book meeting in calendar

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Calendar Recurrence: A meeting is booked through Teams and appears in all participants’ Outlook calendar.
    • Collaboration Space: Participants join the meeting through video or audio and can share screens and contribute text, images, and links to the meeting chat.

    Construction:

    • Ensure your team already has a channel created for it. If not, create one in the appropriate team.
    • Create the meeting using the calendar view within Microsoft Teams:
      • Set the meeting’s name, attendees, time, and recurrence.
      • Add the team channel that serves as the most appropriate workplace for the meeting. (Any discussion in the meeting chat will be posted to this channel.)

    NB: Create the meeting in the Teams calendar, not Outlook, or you will not be able to add the Teams channel. As meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite.

    Meeting #4: Morning stand-up/scrum

    Scenario: Each morning, at 9am, members of the team meet online.

    Purpose: After some pleasantries, the team discusses what tasks they each plan to complete in the day.

    Jobs: The team leader (or scrum master) must:

    • Place all tasks on a scrum board, each represented by a sticky note denoting the task name and owner.
    • Move the sticky notes through the columns, adjusting assignments as needed.
    • Sort tasks into the following columns: “Not Started,” “In Progress,” and “Done.”

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Scrum Board: A tab within that channel where a persistent scrum board has been created and is visible to all team members.

    Meeting Place Construction:

    • Create the meeting using the calendar view in Teams.
    • Set the meeting’s name, attendees, time, and work-week daily recurrence (see left).
    • Add the channel that is the most appropriate workplace for the meeting. Any meeting chat will be posted to this channel rather than a separate chat.

    Scrum Board Construction:

    • Add a tab to the channel using Microsoft Planner as the app. (You can use other task management apps such as Trello, but the identity integration of first-party Office 365 tools may be less hassle.)
    • Create a new (or import an existing) Plan to the channel. This will be used as the focal point.

    Meeting #5: Weekly team meeting

    Scenario: An audio-only conversation that could be a regularly scheduled event but is more often conducted on an ad-hoc basis.

    Purpose: To quickly share information, achieve consensus, or clarify misunderstandings.

    Jobs:

    • Dial recipient
    • See missed calls
    • Leave/check voicemail
    • Create speed-dial list
    • Conference call

    Solution:

    Ingredients:

    • Audio call begun through Teams chat.

    Construction:

    • Voice over IP calls between users in the same MS Teams tenant can begin in multiple ways:
      • A call can be initiated through any appearance of a user’s profile picture: hover over user’s profile photo in the Chat list and select the phone icon.
      • Enter your last chat with a user and click phone icon in upper-right corner.
      • Go to the Calls section and type the name in the “Make a call” text entry form.
    • Voicemail: Voicemail, missed calls, and call history are available in the Calls section.
    • Speed dial: Speed dial lists can be created in the Calls section.
    • Conference call: Other users can be added to an ongoing call.

    NB: Microsoft Teams can be configured to provide an organization’s telephony for external calls, but this requires an E5 license. Additional audio-conferencing licenses are required to call in to a Teams meeting over a phone.

    Bibliography 1/4

    Section 1: Teams for IT › Creation Process

    Overview: Creation process
    Assign admin roles
    Prepare the network
    Team creation
    Integrations with SharePoint Online
    Permissions

    Bibliography 2/4

    Section 1: Teams for IT › Creation Process (cont'd.)

    External and guest access
    Expiration and archiving
    Retention and data loss prevention
    Teams telephony

    Bibliography 3/4

    Section 1: Teams for IT › Teams Rollout

    From Skype to Teams
    From Slack to Teams
    Teams adoption

    Section 1: Teams for IT › Use Cases

    Bibliography 4/4

    Section 2: Teams for End Users › Teams, Channels, Chat

    Section 2: Teams for End Users › Meetings and Live Events

    Section 2: Teams for End Users › Use Cases

    Cost and Budget Management

    • Buy Link or Shortcode: {j2store}8|cart{/j2store}
    • Related Products: {j2store}8|crosssells{/j2store}
    • Up-Sell: {j2store}8|upsells{/j2store}
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $2,000
    • member rating average days saved: 5
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management

    The challenge

    • IT is seen as a cost center in most organizations. Your IT spend is fuelled by negative sentiment instead of contributing to business value.

    • Budgetary approval is difficult, and in many cases, the starting point is lowering the cost-income ratio without looking at the benefits.
    • Provide the right amount of detail in your budgets to tell your investment and spending story. Align it with the business story. Too much detail only increases confusion, too little suspicion.

    Our advice

    Insight

    An effective IT budget complements the business story with how you will achieve the expected business targets.

    • Partner with the business to understand the strategic direction of the company and its future needs.
    • Know your costs and the value you will deliver.
    • Present your numbers and story clearly and credibly. Excellent delivery is part of good communication.
    • Guide your company by clearly explaining the implications of different choices they can make.

    Impact and results 

    • Get a head-start on your IT forecasting exercise by knowing the business strategy and what initiatives they will launch.
    • The coffee corner works! Pre-sell your ideas in quick chats.
    • Do not make innovation budgets bigger than they need to be. It undermines your credibility.
    • You must know your history to accurately forecast your IT operations cost and how it will evolve based on expected business changes.
    • Anticipate questions. IT discretionary proposals are often challenged. Think ahead of time about what areas your business partners will focus on and be ready with researched and credible responses.
    • When you have an optimized budget, tie further cost reductions to consequences in service delivery or deferred projects, or a changed operating model.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a budget based on value delivery. We'll show you our methodology and the ways we can help you in completing this.

    Plan for budget success

    • Build an IT Budget That Demonstrates Value Delivery – Phase 1: Plan (ppt)
    • IT Budget Interview Guide (doc)

    Build your budget.

    • Build an IT Budget That Demonstrates Value Delivery – Phase 2: Build (ppt)
    • IT Cost Forecasting Tool (xls)

    Sell your budget

    • Build an IT Budget That Demonstrates Value Delivery – Phase 3: Sell (ppt)
    • IT Budget Presentation (ppt)

     

    IT Metrics and Dashboards During a Pandemic

    • Buy Link or Shortcode: {j2store}118|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement

    The ways you measure success as a business are based on the typical business environment, but during a crisis like a pandemic, the business environment is rapidly changing or significantly different.

    • How do you assess the scope of the risk?
    • How do you quickly align your team to manage new risks?
    • How do you remain flexible enough to adapt to a rapidly changing situation?

    Our Advice

    Critical Insight

    Measure what you have the data for and focus on managing the impacts to your employees, customers, and suppliers. Be willing to make decisions based on imperfect data. Don’t forget to keep an eye on the long-term objectives and remember that how you act now can reflect on your business for years to come.

    Impact and Result

    Use Info-Tech’s approach to:

    • Quickly assess the risk and identify critical items to manage.
    • Communicate what your decisions are based on so teams can either quickly align or challenge conclusions made from the data.
    • Quickly adjust your measures based on new information or changing circumstances.
    • Use the tools you already have and keep it simple.

    IT Metrics and Dashboards During a Pandemic Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to develop your temporary crisis dashboard.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Consider your organizational goals

    Identify the short-term goals for your organization and reconsider your long-term objectives.

    • Crisis Temporary Measures Dashboard Tool

    2. Build a temporary data collection and dashboard method

    Determine your tool for data collection and your data requirements and collect initial data.

    3. Implement a cadence for review and action

    Determine the appropriate cadence for reviewing the dashboard and action planning.

    [infographic]

    Business Process Controls and Internal Audit

    • Buy Link or Shortcode: {j2store}37|cart{/j2store}
    • Related Products: {j2store}37|crosssells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: security-and-risk
    Establish an Effective System of Internal IT Controls to Mitigate Risks.

    Achieve Digital Resilience by Managing Digital Risk

    • Buy Link or Shortcode: {j2store}375|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $123,999 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    Businesses are expected to balance achieving innovation through initiatives that transform the organization with effective risk management. While this is nothing new, added challenges arise due to:

    • An increasingly large vendor ecosystem within which to manage risk.
    • A fragmented approach to risk management that separates cyber and IT risk from enterprise risk.
    • A rapidly growing number of threat actors and a larger attack surface.

    Our Advice

    Critical Insight

    • All risks are digital risks.
    • Manage digital risk with a collaborative approach that supports digital transformation, ensures digital resilience, and distributes responsibility for digital risk management across the organization.

    Impact and Result

    Address digital risk to build digital resilience. In the process, you will drive transformation and maintain digital trust among your employees, end users, and consumers by:

    • Defining digital risk, including primary risk categories and prevalent risk factors.
    • Leveraging industry examples to help identify external risk considerations.
    • Building a digital risk profile, addressing core risk categories, and creating a correlating plan for digital risk management.

    Achieve Digital Resilience by Managing Digital Risk Research & Tools

    Start here – read the Executive Brief

    Risk does not exist in isolation and must extend beyond your cyber and IT teams. Read our concise Executive Brief to find out how to manage digital risk to help drive digital transformation and build your organization's digital resilience.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Redefine digital risk and resilience

    Discover an overview of what digital risk is, learn how to assess risk factors for the five primary categories of digital risk, see several industry-specific scenarios, and explore how to plan for and mitigate identified risks.

    • Achieve Digital Resilience by Managing Digital Risk – Phases 1-2
    • Digital Risk Management Charter

    2. Build your digital risk profile

    Begin building the digital risk profile for your organization, identify where your key areas of risk exposure exist, and assign ownership and accountability among the organization’s business units.

    • Digital Risk Profile Tool
    • Digital Risk Management Executive Report
    [infographic]

    Workshop: Achieve Digital Resilience by Managing Digital Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope and Define Digital Risk

    The Purpose

    Develop an understanding and standard definition of what digital risk is, who it impacts, and its relevance to the organization.

    Key Benefits Achieved

    Understand what digital risk means and how it differs from traditional enterprise or cybersecurity risk.

    Develop a definition of digital risk that recognizes the unique external and internal considerations of your organization.

    Activities

    1.1 Review the business context

    1.2 Review the current roles of enterprise, IT, and cyber risk management within the organization

    1.3 Define digital transformation and list transformation initiatives

    1.4 Define digital risk in the context of the organization

    1.5 Define digital resilience in the context of the organization

    Outputs

    Digital risk drivers

    Applicable definition of digital risk

    Applicable definition of digital resilience

    2 Make the Case for Digital Risk Management

    The Purpose

    Understand the roles digital risk management and your digital risk profile have in helping your organization achieve safe, transformative growth.

    Key Benefits Achieved

    An overview and understanding of digital risk categories and subsequent individual digital risk factors for the organization

    Industry considerations that highlight the importance of managing digital risk

    A structured approach to managing the categories of digital risk

    Activities

    2.1 Review and discuss industry case studies and industry examples of digital transformation and digital risk

    2.2 Revise the organization's list of digital transformation initiatives (past, current, and future)

    2.3 Begin to build your organization's Digital Risk Management Charter (with inputs from Module 1)

    2.4 Revise, customize, and complete a Digital Risk Management Charter for the organization

    Outputs

    Digital Risk Management Charter

    Industry-specific digital risks, factors, considerations, and scenarios

    The organization's digital risks mapped to its digital transformation initiatives

    3 Build Your Digital Risk Profile

    The Purpose

    Develop an initial digital risk profile that identifies the organization’s core areas of focus in managing digital risk.

    Key Benefits Achieved

    A unique digital risk profile for the organization

    Digital risk management initiatives that are mapped against the organization's current strategic initiatives and aligned to meet your digital resilience objectives and benchmarks

    Activities

    3.1 Review category control questions within the Digital Risk Profile Tool

    3.2 Complete all sections (tabs) within the Digital Risk Profile Tool

    3.3 Assess the results of your Digital Risk Profile Tool

    3.4 Discuss and assign initial weightings for ownership of digital risk among the organization's stakeholders

    Outputs

    Completion of all category tabs within the Digital Risk Profile Tool

    Initial stakeholder ownership assignments of digital risk categories

    4 Manage Your Digital Risk

    The Purpose

    Refine the digital risk management plan for the organization.

    Key Benefits Achieved

    A targeted, organization-specific approach to managing digital risk as a part of the organization's projects and initiatives on an ongoing basis

    An executive presentation that outlines digital risk management for your senior leadership team

    Activities

    4.1 Conduct brief information sessions with the relevant digital risk stakeholders identified in Module 3.

    4.2 Review and revise the organization's Digital Risk Profile as necessary, including adjusting weightings for the digital risk categories

    4.3 Begin to build an actionable digital risk management plan

    4.4 Present your findings to the organization's relevant risk leaders and executive team

    Outputs

    A finalized and assessed Digital Risk Profile Tool

    Stakeholder ownership for digital risk management

    A draft Digital Risk Management plan and Digital Risk Management Executive Report

    Portfolio Management

    • Buy Link or Shortcode: {j2store}47|cart{/j2store}
    • Related Products: {j2store}47|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.6/10
    • member rating average dollars saved: $40,234
    • member rating average days saved: 30
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • Typically your business wants much more than your IT development organization can deliver with the available resources at the requested quality levels.
    • Over-damnd has a negative influence on delivery throughput. IT starts many projects (or features) but has trouble delivering most of them within the set parameters of scope, time, budget, and quality. Some requested deliverables may even be of questionable value to the business.
    • You may not have the right project portfolio management (PPM) strategy to bring order in IT's delivery activities and to maximize business value.

    Our advice

    Insight

    • Many in IT mix PPM and project management. Your project management playbook does not equate to the holistic view a real PPM practice gives you.
    • Some organizations also mistake PPM for a set of processes. Processes are needed, but a real strategy works towards tangible goals.
    • PPM works at the strategic level of the company; hence executive buy-in is critical. Without executive support, any effort to reconcile supply and demand will be tough to achieve.

    Impact and results 

    • PPM is a coherent business-aligned strategy that maximizes business value creation across the entire portfolio, rather than in each project.
    • Our methodology tackles the most pressing challenge upfront: get executive buy-in before you start defining your goals. With senior management behind the plan, implementation will become easier.
    • Create PPM processes that are a cultural fit for your company. Define your short and long-term goals for your strategy and support them with fully embedded portfolio management processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.

    Obtain executive buy-in for your strategy

    Ensure your strategy is a cultural fit or cultural-add for your company.

    • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy (ppt)
    • PPM High-Level Supply-Demand Calculator (xls)
    • PPM Strategic Plan Template (ppt)
    • PPM Strategy-Process Goals Translation Matrix Template (xls)

    Align the PPM processes to your company's strategic goals

    Use the advice and tools in this stage to align the PPM processes.

    • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals (ppt)
    • PPM Strategy Development Tool (xls)

    Refine and complete your plan

    Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan (ppt)
    • Project Portfolio Analyst / PMO Analyst (doc)

     

     

    Sprint Toward Data-Driven Culture Using DataOps

    • Buy Link or Shortcode: {j2store}199|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Data teams do not have a mechanism to integrate with operations teams and operate in a silo.
    • Significant delays in the operationalization of analytical/algorithms due to lack of standards and a clear path to production.
    • Raw data is shared with end users and data scientists due to poor management of data, resulting in more time spent on integration and less on insight generation and analytics.

    Our Advice

    Critical Insight

    • Data and analytics teams need a clear mechanism to separate data exploratory work and repetitive data insights generation. Lack of such separation is the main cause of significant delays, inefficiencies, and frustration for data initiatives.
    • Access to data and exploratory data analytics is critical. However, the organization must learn to share insights and reuse analytics.
    • Once analytics finds wider use in the organization, they need to adopt a disciplined approach to ensure its quality and continuous integration in the production environment.

    Impact and Result

    • Use a metrics-driven approach and common framework across silos to enable the rapid development of data initiatives using Agile principles.
    • Implement an approach that allows business, data, and operation teams to collaboratively work together to provide a better customer experience.
    • Align DataOps to an overall data management and governance program that promotes collaboration, transparency, and empathy across teams, establishes the appropriate roles and responsibilities, and ensures alignment to a common set of goals.
    • Assess the current maturity of the data operations teams and implement a roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the desired DataOps target state.

    Sprint Toward Data-Driven Culture Using DataOps Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the operational challenges associated with productizing the organization's data-related initiative. Review Info-Tech’s methodology for enabling the improved practice to operationalize data analytics and how we will support you in creating an agile data environment.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover benefits of DataOps

    Understand the benefits of DataOps and why organizations are looking to establish agile principles in their data practice, the challenges associated with doing so, and what the new DataOps strategy needs to be successful.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 1: Discover Benefits of DataOps

    2. Assess your data practice for DataOps

    Analyze DataOps using Info-Tech’s DataOps use case framework, to help you identify the gaps in your data practices that need to be matured to truly realize DataOps benefits including data integration, data security, data quality, data engineering, and data science.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 2: Assess Your Data Practice for DataOps
    • DataOps Roadmap Tool

    3. Mature your DataOps practice

    Mature your data practice by putting in the right people in the right roles and establishing DataOps metrics, communication plan, DataOps best practices, and data principles.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 3: Mature Your DataOps Practice
    [infographic]

    Workshop: Sprint Toward Data-Driven Culture Using DataOps

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for DataOps

    The Purpose

    Understand the DataOps approach and value proposition.

    Key Benefits Achieved

    A clear understanding of organization data priorities and metrics along with a simplified view of data using Info-Tech’s Onion framework.

    Activities

    1.1 Explain DataOps approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need for DataOps.

    1.3 Understand Info-Tech’s DataOps Framework.

    Outputs

    Organization's data priorities and metrics

    Data Onion framework

    2 Assess DataOps Maturity in Your Organization

    The Purpose

    Assess the DataOps maturity of the organization.

    Key Benefits Achieved

    Define clear understanding of organization’s DataOps capabilities.

    Activities

    2.1 Assess current state.

    2.2 Develop target state summary.

    2.3 Define DataOps improvement initiatives.

    Outputs

    Current state summary

    Target state summary

    3 Develop Action Items and Roadmap to Establish DataOps

    The Purpose

    Establish clear action items and roadmap.

    Key Benefits Achieved

    Define clear and measurable roadmap to mature DataOps within the organization.

    Activities

    3.1 Continue DataOps improvement initiatives.

    3.2 Document the improvement initiatives.

    3.3 Develop a roadmap for DataOps practice.

    Outputs

    DataOps initiatives roadmap

    4 Plan for Continuous Improvement

    The Purpose

    Define a plan for continuous improvements.

    Key Benefits Achieved

    Continue to improve DataOps practice.

    Activities

    4.1 Create target cross-functional team structures.

    4.2 Define DataOps metrics for continuous monitoring.

    4.3 Create a communication plan.

    Outputs

    DataOps cross-functional team structure

    DataOps metrics

    Evolve Your Business Through Innovation

    • Buy Link or Shortcode: {j2store}330|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.
    • CIOs have been expected to help the organization transition to remote work and collaboration instantaneously.
    • CEOs are under pressure to redesign, and in some cases reinvent, their business model to cope with and compete in a new normal.

    Our Advice

    Critical Insight

    It is easy to get swept up during a crisis and cling to past notions of normal. Unfortunately, there is no controlling the fact that things have changed fundamentally, and it is now incumbent upon you to help your organization adapt and evolve. Treat this as an opportunity because that is precisely what this is.

    Impact and Result

    There are some lessons we can learn from innovators who have succeeded through past crises and from those who are succeeding now.

    There are a number of tactics an innovation team can employ to help their business evolve during this time:

    1. Double down on digital transformation (DX)
    2. Establish a foresight capability
    3. Become a platform for good

    Evolve Your Business Through Innovation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evolve your business through innovation

    Download our guide to learn what you can do to evolve your business and innovate your way through uncertainty.

    • Evolve Your Business Through Innovation Storyboard
    [infographic]

    Beyond Survival

    • Buy Link or Shortcode: {j2store}204|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Consumer, customer, employee, and partner behavior has changed; new needs have arisen as a result of COVID-19. Entire business models had to be rethought and revised – in real time with no warning.
    • And worse, no one knows when (or even if) the pandemic will end. The world and the economy will continue to be highly uncertain, unpredictable, and vulnerable for some time.
    • Business leaders need to continue experimenting to stay in business, protect employees and supply chains, manage financial obligations, allay consumer and employee fears, rebuild confidence, and protect trust.
    • How do organizations know whether their new business tactics are working?

    Our Advice

    Critical Insight

    • We can learn many lessons from those who have survived and are succeeding.
    • They have one thing in common though – they rely on data and analytics to help people think and know how to respond, evaluate effectiveness of new business tactics, uncover emerging trends to feed innovation, and minimize uncertainty and risk.
    • This mini-blueprint highlights organizations and use cases where data, analytics, and AI deliver tangible business and human value now and in the future.

    Impact and Result

    • Learn from the pandemic survivors and super-achievers so that you too can hit the ground running in the new normal. Even better – go beyond survival, like many of them have done. Create your future by leveraging and scaling up your data and analytics investments. It is not (yet) too late, and Info-Tech can help.

    Beyond Survival Research & Tools

    Beyond Survival

    Use data, analytics, and AI to reimagine the future and thrive in the new normal.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Beyond Survival Storyboard
    [infographic]

    Info-Tech Quarterly Research Agenda Outcomes Q2-Q3 2023

    • Buy Link or Shortcode: {j2store}297|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    At Info-Tech, we take pride in our research and have established the most rigorous publication standards in the industry. However, we understand that engaging with all our analysts to gauge the future may not always be possible. Hence, we have curated some compelling recently published research along with forthcoming research insights to assist you in navigating the next quarter.

    Our Advice

    Critical Insight

    We offer a quarterly Research Agenda Outcomes deck that thoroughly summarizes our recently published research, supplying decision makers with valuable insights and best practices to make informed and effective decisions. Our research is supported by our team of seasoned analysts with decades of experience in the IT industry.

    By leveraging our research, you can stay updated with the latest trends and technologies, giving you an edge over the competition and ensuring the optimal performance of your IT department. This way, you can make confident decisions that lead to remarkable success and improved outcomes.

    Impact and Result

    • Enhance preparedness for future market trends and developments: Keep up to date with the newest trends and advancements in the IT sector to be better prepared for the future.
    • Enhance your decision making: Acquire valuable information and insights to make better-informed, confident decisions.
    • Promote innovation: Foster creativity, explore novel perspectives, drive innovation, and create new products or services.

    Info-Tech Quarterly Research Agenda Outcomes Q2/Q3 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Info-Tech Quarterly Research Agenda Q3 2023 Deck – An overview of our Research Agenda Outcome for Q2 and Q3 of 2023.

    A guide to our top research published to date for 2023 (Q2/Q3).

    • Info-Tech Quarterly Research Agenda Outcomes for Q2/Q3 2023
    [infographic]

    Further reading

    Featured Research Projects 2023 (Q2/Q3)

    “Here are my selections for the top research projects of the last quarter.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    CIO

    01
    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    02
    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    03
    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    04
    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    05
    Effective IT Communications

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    06
    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    07
    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    08
    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    Applications

    09
    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    10
    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    11
    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Security

    12
    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    13
    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Infrastructure & Operations

    14
    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Industry | Retail

    15
    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry | Education

    16
    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry | Wholesale

    17
    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry | Retail Banking

    18
    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry | Utilities

    19
    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    CIO
    Strategy & Governance

    Photo of Bill Wong, Principal Research Director, Info-Tech Research Group.

    Bill Wong
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Generative AI Roadmap' research.

    Sample of the 'Build Your Generative AI Roadmap' research.

    Logo for Info-Tech.

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    CIO
    Strategy & Governance

    Photo of Brian Jackson, Principal Research Director, Info-Tech Research Group.

    Brian Jackson
    Principal Research Director

    Download this report or book an analyst call on this topic

    Sample of the 'CIO Priorities 2023' report.

    Sample of the 'CIO Priorities 2023' report.

    Logo for Info-Tech.

    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    CIO
    Strategy & Governance

    Photo of Donna Bales, Principal Research Director, Info-Tech Research Group.

    Donna Bales
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build an IT Risk Taxonomy' research.

    Sample of the 'Build an IT Risk Taxonomy' research.

    Logo for Info-Tech.

    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    CIO
    Strategy & Governance

    Photo of Manish Jain, Principal Research Director, Info-Tech Research Group.

    Manish Jain
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Logo for Info-Tech.

    Effective IT Communications

    Empower IT employees to communicate well with any stakeholder across the organization.

    CIO
    People & Leadership

    Photo of Brittany Lutes, Research Director, Info-Tech Research Group.

    Brittany Lutes
    Research Director

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Effective IT Communications' research.

    Sample of the 'Effective IT Communications' research.

    Logo for Info-Tech.

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    CIO
    People & Leadership

    Photo of Jane Kouptsova, Research Director, Info-Tech Research Group.

    Jane Kouptsova
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Logo for Info-Tech.

    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    CIO
    Value & Performance

    Photo of Mike Tweedle, Practice Lead, Info-Tech Research Group.

    Mike Tweedle
    Practice Lead

    Download this research or book an analyst call on this topic

    Sample of the 'Effectively Manage CxO Relations' research.

    Sample of the 'Effectively Manage CxO Relations' research.

    Logo for Info-Tech.

    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    CIO
    Value & Performance

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Logo for Info-Tech.

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    Applications
    Business Processes

    Photo of Ricardo de Oliveira, Research Director, Info-Tech Research Group.

    Ricardo de Oliveira
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Logo for Info-Tech.

    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    Applications
    Business Processes

    Photo of Andrew Kum-Seun, Research Director, Info-Tech Research Group.

    Andrew Kum-Seun
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Logo for Info-Tech.

    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Applications
    Application Development

    Photo of Vincent Mirabelli, Principal Research Director, Info-Tech Research Group.

    Vincent Mirabelli
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Logo for Info-Tech.

    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    Security
    Security Risk, Strategy & Governance

    Photo of Logan Rohde, Senior Research Analyst, Info-Tech Research Group.

    Logan Rohde
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Logo for Info-Tech.

    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Security
    Security Risk, Strategy & Governance

    Photo of Michel Hébert, Research Director, Info-Tech Research Group.

    Michel Hébert
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Logo for Info-Tech.

    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Infrastructure & Operations
    I&O Process Management

    Photo of Andrew Sharp, Research Director, Info-Tech Research Group.

    Andrew Sharp
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Automate IT Asset Data Collection' research.

    Sample of the 'Automate IT Asset Data Collection' research.

    Logo for Info-Tech.

    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry Coverage
    Retail

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Logo for Info-Tech.

    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry Coverage
    Education

    Photo of Mark Maby, Research Director, Info-Tech Research Group.

    Mark Maby
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Logo for Info-Tech.

    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry Coverage
    Wholesale

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Logo for Info-Tech.

    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry Coverage
    Retail Banking

    Photo of David Tomljenovic, Principal Research Director, Info-Tech Research Group.

    David Tomljenovic
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Logo for Info-Tech.

    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Industry Coverage
    Utilities

    Photo of Jing Wu, Principal Research Director, Info-Tech Research Group.

    Jing Wu
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sneak Peaks: Research coming in next quarter!

    “Next quarter we have a big lineup of reports and some great new research!”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    1. Build MLOps and Engineering for AI and ML

      Enabling you to develop your Engineering and ML Operations to support your current & planned use cases for AI and ML.
    2. Leverage Gen AI to Improve Your Test Automation Strategy

      Enabling you to embed Gen AI to assist your team during testing broader than Gen AI compiling code.
    3. Make Your IT Financial Data Accessible, Reliable, and Usable

      This project will provide a recipe for bringing IT's financial data to a usable state through a series of discovery, standardization, and policy-setting actions.
    4. Implement Integrated AI Governance

      Enabling you to implement best-practice governance principles when implementing Gen AI.
    5. Develop Exponential IT Capabilities

      Enabling you to understand and develop your strategic Exponential IT capabilities.
    6. Build Your AI Strategy and Roadmap

      This project will provide step-by-step guidance in development of your AI strategy with an AI strategy exemplar.
    7. Priorities for Data Leaders in 2024 and Beyond

      This report will detail the top five challenges expected in the upcoming year and how you as the CDAO can tackle them.
    8. Deploy AIOps More Effectively

      This research is designed to assess the process maturity of your IT operations and help identify pain pains and opportunities for AI deployment within your IT operations.
    9. Design Your Edge Computing Architecture

      This research will provide deployment guidelines and roadmap to address your edge computing needs.
    10. Manage Change in the AI-Enabled Enterprise

      Managing change is complex with the disruptive nature of emerging tech like AI. This research will assist you from an organizational change perspective.
    11. Assess the Security and Privacy Impacts of Your AI Vendors

      This research will allow you to enhance transparency, improve risk management, and ensure the security and privacy of data when working with AI vendors.
    12. Prepare Your Board for AI Disruption

      This research will arm you with tools to educate your board on the impact of Gen AI, addressing the potential risks and the potential benefits.

    Info-Tech Research Leadership Team

    “We have a world-class team of experts focused on providing practical, cutting-edge IT research and advice.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    Photo of Jack Hakimian, Senior Vice President, Research Development, Info-Tech Research Group.

    Jack Hakimian
    Senior Vice President
    Research Development

    Photo of Aaron Shum, Vice President, Security & Privacy Research, Info-Tech Research Group.

    Aaron Shum
    Vice President
    Security & Privacy Research

    Photo of Larry Fretz, Vice President, Industry Research, Info-Tech Research Group.

    Larry Fretz
    Vice President
    Industry Research

    Photo of Mark Tauschek, Vice President, Research Fellowships, Info-Tech Research Group.

    Mark Tauschek
    Vice President
    Research Fellowships

    Photo of Tom Zehren, Chief Product Officer, Info-Tech Research Group.

    Tom Zehren
    Chief Product Officer

    Photo of Rick Pittman, Vice President, Advisory Quality & Delivery, Info-Tech Research Group.

    Rick Pittman
    Vice President
    Advisory Quality & Delivery

    Photo of Nora Fisher, Vice President, Shared Services, Info-Tech Research Group.

    Nora Fisher
    Vice President
    Shared Services

    Photo of Becca Mackey, Vice President, Workshops, Info-Tech Research Group.

    Becca Mackey
    Vice President
    Workshops

    Photo of Geoff Nielson, Senior Vice President, Global Services & Delivery, Info-Tech Research Group.

    Geoff Nielson
    Senior Vice President
    Global Services & Delivery

    Photo of Brett Rugroden, Senior Vice President, Global Market Programs, Info-Tech Research Group.

    Brett Rugroden
    Senior Vice President
    Global Market Programs

    Photo of Hannes Scheidegger, Senior Vice President, Global Public Sector, Info-Tech Research Group.

    Hannes Scheidegger
    Senior Vice President
    Global Public Sector

    About Info-Tech Research Group

    Info-Tech Research Group produces unbiased and highly relevant research to help leaders make strategic, timely, and well-informed decisions. We partner closely with your teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for the organization.

    Sample of the IT Management & Governance Framework.

    Drive Measurable Results

    Our world-class leadership team is continually focused on building disruptive research and products that drive measurable results and save money.

    Info-Tech logo.

    Better Research Than Anyone

    Our team of experts is composed of the optimal mix of former CIOs, CISOs, PMOs, and other IT leaders and IT and management consultants as well as academic researchers and statisticians.

    Dramatically Outperform Your Peers

    Leverage Industry Best Practices

    We enable over 30,000 members to share their insights and best practices that you can use by having direct access to over 100 analysts as an extension of your team.

    Become an Info-Tech influencer:

    • Help shape our research by talking with our analysts.
    • Discuss the challenges, insights, and opportunities in your chosen areas.
    • Suggest new topic ideas for upcoming research cycles.

    Contact
    Jack Hakimian
    jhakimian@infotech.com

    We interview hundreds of experts and practitioners to help ensure our research is practical and focused on key member challenges.

    Why participate in expert interviews?

    • Discuss market trends and stay up to date.
    • Influence Info-Tech's research direction with your practical experience.
    • Preview our analysts' perspectives and preliminary research.
    • Build on your reputation as a thought leader and research contributor.
    • See your topic idea transformed into practical research.

    Thank you!

    Join us at our webinars to discuss more topics.

    For information on Info-Tech's products and services and to participate in our research process, please contact:

    Jack Hakimian
    jhakimian@infotech.com

    Enterprise Architecture

    • Buy Link or Shortcode: {j2store}43|cart{/j2store}
    • Related Products: {j2store}43|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.2/10
    • member rating average dollars saved: $28,368
    • member rating average days saved: 24
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: service-planning-and-architecture
    Demystify enterprise architecture value with key metrics.

    Master Your Security Incident Response Communications Program

    • Buy Link or Shortcode: {j2store}321|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $2,339 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • When a significant security incident is discovered, usually very few details are known for certain. Nevertheless, the organization will need to say something to affected stakeholders.
    • Security incidents tend to be ongoing situations that last considerably longer than other types of crises, making communications a process rather than a one-time event.
    • Effective incident response communications require collaboration from: IT, Legal, PR, and HR – groups that often speak “different languages.”

    Our Advice

    Critical Insight

    • There’s no such thing as successful incident response communications; strive instead for effective communications. There will always be some fallout after a security incident, but it can be effectively mitigated through honesty, transparency, and accountability.
    • Effective external communications begin with effective internal communications. Security Incident Response Team members come from departments that don’t usually work closely with each other. This means they often have different ways of thinking and speaking about issues. Be sure they are familiar with each other before a crisis occurs.
    • You won’t save face by withholding embarrassing details. Lying only makes a bad situation worse, but coming clean and acknowledging shortcomings (and how you’ve fixed them) can go a long way towards restoring stakeholders’ trust.

    Impact and Result

    • Effective and efficient management of security incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities: communications must be integrated into each of these phases.
    • Understand that prior planning helps to take the guesswork out of incident response communications. By preparing for several different types of security incidents, the communications team will get used to working with each other, as well as learning what strategies are and are not effective. Remember, the communications team contains diverse members from various departments, and each may have different ideas about what information is important to release.

    Master Your Security Incident Response Communications Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a security incident response communications plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Dive into communications planning

    This phase addresses the benefits and challenges of incident response communications and offers advice on how to assemble a communications team and develop a threat escalation protocol.

    • Master Your Security Incident Response Communications Program – Phase 1: Dive Into Communications Planning
    • Security Incident Management Plan

    2. Develop your communications plan

    This phase focuses on creating an internal and external communications plan, managing incident fallout, and conducting a post-incident review.

    • Master Your Security Incident Response Communications Program – Phase 2: Develop Your Communications Plan
    • Security Incident Response Interdepartmental Communications Template
    • Security Incident Communications Policy Template
    • Security Incident Communications Guidelines and Templates
    • Security Incident Metrics Tool
    • Tabletop Exercises Package
    [infographic]

    IBM i Migration Considerations

    • Buy Link or Shortcode: {j2store}109|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    IBM i remains a vital platform and now many CIOs, CTOs, and IT leaders are faced with the same IBM i challenges regardless of industry focus: how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?

    Our Advice

    Critical Insight

    For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more pro-active in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.

    Impact and Result

    The most common tactic is for the organization to better understand their IBM i options and adopt some level of outsourcing for the non-commodity platform retaining the application support/development in-house. To make the evident, obvious; the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed and public cloud services.

    IBM i Migration Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IBM i Migration Considerations – A brief deck that outlines key migration options for the IBM i platforms.

    This project will help you evaluate the future viability of this platform; assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of this platform for your organization.

    • IBM i Migration Considerations Storyboard

    2. Infrastructure Outsourcing IBM i Scoring Tool – A tool to collect vendor responses and score each vendor.

    Use this scoring sheet to help you define and evaluate IBM i vendor responses.

    • Infrastructure Outsourcing IBM i Scoring Tool
    [infographic]

    Further reading

    IBM i Migration Considerations

    Don’t be overwhelmed by IBM i migration options.

    Executive Summary

    Your Challenge

    IBM i remains a vital platform and now many CIO, CTO, and IT leaders are faced with the same IBM i challenges regardless of industry focus; how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?

    Common Obstacles

    For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more proactive in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.

    Info-Tech Approach

    The most common tactic is for the organization to better understand its IBM i options and adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed hosting, and public cloud services.

    Info-Tech Insight

    “For over twenty years, IBM was ‘king,’ dominating the large computer market. By the 1980s, the world had woken up to the fact that the IBM mainframe was expensive and difficult, taking a long time and a lot of work to get anything done. Eager for a new solution, tech professionals turned to the brave new concept of distributed systems for a more efficient alternative. On June 21, 1988, IBM announced the launch of the AS/400, their answer to distributed computing.” (Dale Perkins)

    Review

    We help IT leaders make the most of their IBM i environment.

    Problem Statement:

    The IBM i remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.

    This research is designed for:

    • IT strategic direction decision makers
    • IT managers responsible for an existing iSeries or IBM i platform
    • Organizations evaluating platforms for mission-critical applications

    This research will help you:

    1. Evaluate the future viability of this platform.
    2. Assess the fit, purpose, and price.
    3. Develop strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “fit for purpose” plot

    Thought Model

    We will investigate the aspect of different IBM i scenarios as they impact business, what that means, and how that can guide the questions that you are asking as you move to an aligned IBM i IT strategy. Our model considers:

    • Importance to Business Outcomes
      • Important to strategic objectives
      • Provides competitive advantage
      • Non-commodity IT service or process
      • Specialized in-house knowledge required
    • Vendor’s Performance Advantage
      • Talent or access to skills
      • Economies of scale or lower cost at scale
      • Access to technology

    Info-Tech Insights

    With multiple control points to be addressed, care must be taken in simplifying your options while addressing all concerns to ease operational load.

    Map different 'IBM i' scenarios with axes 'Importance to Business Outcomes - Low to High' and 'Vendor’s Performance Advantage - Low to High'. Quadrant labels are '[LI/LA] Potentially Outsource: Service management, Help desk, desk-side support, Asset management', '[LI/HA] Outsource: Application & Infra Support, Web Hosting, SAP Support, Email Services, Infrastructure', '[HI/LA] Insource (For Now): Application development tech support', and '[HI/HA] Potentially Outsource: Onshore or offshore application maintenance'.

    IBM i environments are challenging

    “The IBM i Reality” – Darin Stahl

    Most members relying on business applications/workloads running on non-commodity platforms (zSeries, IBM i, Solaris, AIX, etc.) are first motivated to get out from under the perceived higher costs for the hardware platform.

    An additional challenge for non-commodity platforms is that from an IT Operations Management perspective they become an island with a diminishing number of integrated operations skills and solutions such as backup/restore and monitoring tools.

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support and development in-house.

    Key challenges with current IBM i environments:
    1. DR Requirements
      Understand what the business needs are and where users and resources are located.
    2. Market Lack of Expertise
      Skilled team members are hard to find.
    3. Cost Management
      There is a perceived cost disadvantage to managing on-prem solutions.
    4. Aging Support Teams
      Current support teams are aging with little backfill in skill and experience.

    Understand your options

    Co-Location

    A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.”

    Onsite Outsourcing

    A provider will support the hardware/system environment at the client’s site.

    Managed Hosting

    A customer transitions their legacy application environment to an off-prem hosted, multi-tenanted environment.

    Public Cloud

    A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.”

    Co-Location

    Provider manages the data center hardware environment.

    Abstract

    Here a provider manages the system data center environment and hardware; however, the client’s in-house IBM i team manages the IBM i hardware environment and the system applications. The client manages all of the licenses associated with the platform as well as the hardware asset management considerations. This is typically part of a larger services or application transformation. This effectively outsources the data center management while maintaining all IBM i technical operations in-house.

    Advantages

    • On-demand bandwidth
    • Cost effective
    • Secure and compliant environment
    • On-demand remote “hands and feet” services
    • Improved IT DR services
    • Data center compliance

    Considerations

    • Application transformation
    • CapEx cost
    • Fluctuating network bandwidth costs
    • Secure connectivity
    • Disaster recovery and availability of vendor
    • Company IT DR and BC planning
    • Remote system maintenance (HW)

    Info-Tech Insights

    This model is extremely attractive for organizations looking to reduce their data center management footprint. Idea for the SMB.

    Onsite Sourcing

    A provider will support the hardware/system environment at the client’s site.

    Abstract

    Here a provider will support and manage the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models.

    Advantages

    • Managed environment within company premises
    • Cost effective (OpEx expense)
    • Economies of scale
    • On-demand “as-a-service” model
    • Improved IT DR staffing services
    • 24x7 monitoring and support

    Considerations

    • Outsourced IT talent
    • Terms and contract conditions
    • IT staff attrition
    • Increased liability
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Internal problem and change management

    Info-Tech Insights

    Depending on the application lifecycle and viability, in-house skill and technical depth is a key consideration when developing your IBM i strategy.

    Managed Hosting

    Transition legacy application environment to an off-prem hosted multi-tenanted environment.

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, a client can “re-platform” the application into an off-premises-hosted provider platform. This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Advantages

    • Turns CapEx into OpEx
    • Reduces in-house need for diminishing or scarce human resources
    • Allows the enterprise to focus on the value of the IBM i platform through the reduction of system administrative toil
    • Improved IT DR services
    • Data center compliance

    Considerations

    • Application transformation
    • Network bandwidth
    • Contract terms and conditions
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Technical security and compliance
    • Limited providers; reduced options

    Info-Tech Insights

    There is a difference between a “re-host” and “re-platform” migration strategy. Determine which solution aligns to the application requirements.

    Public Cloud

    Leverage “public cloud” alternatives with AWS, Google, or Microsoft AZURE.

    Abstract

    This type of arrangement is typically part of a larger migration or application transformation. While low risk, it is not as cost-effective as other deployment models. In this model, client can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.” This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux).

    Advantages

    • Remote workforce accessibility
    • OpEx expense model
    • Improved IT DR services
    • Reduced infrastructure and system administration
    • Vendor management
    • 24x7 monitoring and support

    Considerations

    • Contract terms and conditions
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Technical security and compliance
    • Limited providers; reduced options
    • Vendor/cloud lock-in
    • Application migration/”re-platform”
    • Application and system performance

    Info-Tech Insights

    This model is extremely attractive for organizations that consume primarily cloud services and have a large remote workforce.

    Understand your vendors

    • To best understand your options, you need to understand what IBM i services are provided by the industry vendors.
    • Within the following slides, you will find a defined activity with a working template that will create “vendor profiles” for each vendor.
    • As a working example, you can review the following partners:
    • Connectria (United States)
    • Rowton IT Solutions Ltd (United Kingdom)
    • Mid-Range (Canada)

    Info-Tech Insights

    Creating vendor profiles will help quickly filter the solution providers that directly meet your IBM i needs.

    Vendor Profile #1

    Rowton IT

    Summary of Vendor

    “Rowton IT thrive on creating robust and simple solutions to today's complex IT problems. We have a highly skilled and motivated workforce that will guarantee the right solution.

    Working with select business partners, we can offer competitive and cost effective packages tailored to suit your budget and/or business requirements.

    Our knowledge and experience cover vast areas of IT including technical design, provision and installation of hardware (Wintel and IBM Midrange), technical engineering services, support services, IT project management, application testing, documentation and training.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✖ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    rowtonit.com

    Regional Coverage:
    United Kingdom

    Logo for RowtonIT.com.

    Vendor Profile #2

    Connectria

    Summary of Vendor

    “Every journey starts with a single step and for Connectria, that step happened to be with the world’s largest bank, Deutsche Bank. Followed quickly by our second client, IBM. Since then, we have added over 1,000 clients worldwide. For 25 years, each customer, large or small, has relied on Connectria to deliver on promises made to make it easy to do business with us through flexible terms, scalable solutions, and straightforward pricing. Join us on our journey.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    connectria.com

    Regional Coverage:
    United States

    Logo for Connectria.

    Vendor Profile #3

    Mid-Range

    Summary of Vendor

    “Founded in 1988 and profitable throughout all of those 31 years, we have a solid track record of success. At Mid-Range, we use our expertise to assess your unique needs, in order to proactively develop the most effective IT solution for your requirements. Our full-service approach to technology and our diverse and in-depth industry expertise keep our clients coming back year after year.

    Serving clients across North America in a variety of industries, from small and emerging organizations to large, established enterprises – we’ve seen it all. Whether you need hardware or software solutions, disaster recovery and high availability, managed services or hosting or full ERP services with our JD Edwards offerings – we have the methods and expertise to help.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    midrange.ca

    Regional Coverage:
    Canada

    Logo for Mid-Range.

    Activity

    Understand your vendor options

    Activities:
    1. Create your vendor profiles
    2. Score vendor responses
    3. Develop and manage your vendor agenda

    This activity involves the following participants:

    • IT strategic direction decision makers
    • IT managers responsible for an existing iSeries or IBM i platform

    Outcomes of this step:

    • Vendor Profile Template
    • Completed IT Infrastructure Outsourcing Scoring Tool

    Info-Tech Insights

    This check-point process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

    1. Create your vendor profiles

    Define what you are looking for:

    • Create a vendor profile for every vendor of interest.
    • Leverage our starting list and template to track and record the advantages of each vendor.

    Mindshift

    First National Technology Solutions

    Key Information Systems

    MainLine

    Direct Systems Support

    T-Systems

    Horizon Computer Solutions Inc.

    Vendor Profile Template

    [Vendor Name]

    Summary of Vendor

    [Vendor Summary]
    *Detail the Vendor Services as a Summary*

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)
    *Itemize the Vendor Services specific to your requirements*

    URL
    https://www.url.com/
    *Insert the Vendor URL*

    Regional Coverage:
    [Country\Region]
    *Insert the Vendor Coverage & Locations*

    *Insert the Vendor Logo*

    2. Score your vendor responses

    Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses.
    Use Info-Tech’s IT Infrastructure Outsourcing Scoring Tool to systematically score your vendor responses.

    The overall quality of the IBM i questions can help you understand what it might be like to work with the vendor.

    Consider the following questions:

    • Is the vendor clear about what it’s able to offer? Is its response transparent?
    • How much effort did the vendor put into answering the questions?
    • Does the vendor seem like someone you would want to work with?

    Once you have the vendor responses, you will select two or three vendors to continue assessing in more depth leading to an eventual final selection.

    Screenshot of the IT Infrastructure Outsourcing Scoring Tool's Scoring Sheet. There are three tables: 'Scoring Scale', 'Results', and one with 'RFP Questions'. Note on Results table says 'Top Scoring Vendors', and note on questions table says 'List your IBM i questions (requirements)'.

    Info-Tech Insights

    Watch out for misleading scores that result from poorly designed criteria weightings.

    3. Develop your vendor agenda

    Vendor Conference Call

    Develop an agenda for the conference call. Here is a sample agenda:
    • Review the vendor questions.
    • Go over answers to written vendor questions previously submitted.
    • Address new vendor questions.

    Commonly Debated Question:
    Should vendors be asked to remain anonymous on the call or should each vendor mention their organization when they join the call?

    Many organizations worry that if vendors can identify each other, they will price fix. However, price fixing is extremely rare due to its consequences and most vendors likely have a good idea which other vendors are participating in the bid. Another thought is that revealing vendors could either result in a higher level of competition or cause some vendors to give up:

    • A vendor that hears its rival is also bidding may increase the competitiveness of its bid and response.
    • A vendor that feels it doesn’t have a chance may put less effort into the process.
    • A vendor that feels it doesn’t have real competition may submit a less competitive or detailed response than it otherwise would have.

    Vendor Workshop

    A vendor workshop day is an interactive way to provide context to your vendors and to better understand the vendors’ offerings. The virtual or in-person interaction also offers a great way to understand what it’s like to work with each vendor and decide whether you could build a partnership with them in the long run.

    The main focus of the workshop is the vendors’ service solution presentation. Here is a sample agenda for a two-day workshop:

    Day 1
    • Meet and greet
    • Welcome presentation with objectives, acquisition strategy, and company overview
    • Overview of the current IT environment, technologies, and company expectations
    • Question and answer session
    • Site walk
    Day 2
    • Review Day 1 activities
    • Vendor presentations and solution framing
    Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses.

    Related Info-Tech Research

    Effectively Acquire Infrastructure Services
    Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery
    There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Build Your Infrastructure Roadmap
    Move beyond alignment: Put yourself in the driver’s seat for true business value.

    Define Your Cloud Vision
    Make the most of cloud for your organization.

    Document Your Cloud Strategy
    Drive consensus by outlining how your organization will use the cloud.

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Create a Better RFP Process
    Improve your RFPs to gain leverage and get better results.

    Research Authors

    Photo of Darin Stahl, Principal Research Advisor, Info-Tech Research Group.Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Principal Research Advisor within the Infrastructure Practice and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring (APM), Managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Photo of Troy Cheeseman, Practice Lead, Info-Tech Research Group.Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy has over 24 years of experience and has championed large, enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

    Research Contributors

    Photo of Dan Duffy, President & Owner, Mid-Range.Dan Duffy, President & Owner, Mid-Range

    Dan Duffy is the President and Founder of Mid-Range Computer Group Inc., an IBM Platinum Business Partner. Dan and his team have been providing the Canadian and American IBM Power market with IBM infrastructure solutions including private cloud, hosting and disaster recovery, high availability and data center services since 1988. He has served on numerous boards and associations including the Toronto Users Group for Mid-Range Systems (TUG), the IBM Business Partners of the Americas Advisory Council, the Cornell Club of Toronto, and the Notre Dame Club of Toronto. Dan holds a Bachelor of Science from Cornell University.

    Photo of George Goodall, Executive Advisor, Info-Tech Research Group.George Goodall, Executive Advisor, Info-Tech Research Group

    George Goodall is an Executive Advisor in the Research Executive Services practice at Info-Tech Research Group. George has over 20 years of experience in IT consulting, enterprise software sales, project management, and workshop delivery. His primary focus is the unique challenges and opportunities in organizations with small and constrained IT operations. In his long tenure at Info-Tech, George has covered diverse topics including voice communications, storage, and strategy and governance.

    Bibliography

    “Companies using IBM i (formerly known as i5/OS).” Enlyft, 21 July 2021. Web.

    Connor, Clare. “IBM i and Meeting the Challenges of Modernization.” Ensono, 22 Mar. 2022. Web.

    Huntington, Tom. “60+ IBM i User Groups and Communities to Join?” HelpSystems, 16 Dec. 2021. Web.

    Perkins, Dale. “The Road to Power Cloud: June 21st 1988 to now. The Journey Continues.” Mid-Range, 1 Nov. 2021. Web.

    Prickett Morgan, Timothy. “How IBM STACKS UP POWER8 AGAINST XEON SERVERS.” The Next Platform, 13 Oct. 2015. Web.

    “Why is AS/400 still used? Four reasons to stick with a classic.” NTT, 21 July 2016. Web.

    Appendix

    Public Cloud Provider Notes

    Appendix –
    Cloud
    Providers


    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    AWS

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    Google

    • Google Cloud console supports IBM Power Systems.
    • This offering provides cloud instances running on IBM Power Systems servers with PowerVM.
    • The service uses a per-day prorated monthly subscription model for cloud instance plans with different capacities of compute, memory, storage, and network. Standard plans are listed below and custom plans are possible.
    • There is no IBM i offering yet that we are aware of.
    • For AIX on Power, this would appear to be a better option than AWS (Converge Enterprise Cloud with IBM Power for Google Cloud).

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    Azure

    • Azure has partners using the Azure Dedicated Host offerings to deliver “native support for IBM POWER Systems to Azure data centres” (PowerWire).
    • Microsoft has installed Power servers in an couple Azure data centers and Skytap manages the IBM i, AIX, and Linux environments for clients.
    • As far as I am aware there is no ability to install IBM i or AIX within an Azure Dedicated Host via the retail interfaces – these must be worked through a partner like Skytap.
    • The cloud route for IBM i or AIX might be the easiest working with Skytap and Azure. This would appear to be a better option than AWS in my opinion.

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    IBM

    IT Strategy

    • Buy Link or Shortcode: {j2store}20|cart{/j2store}
    • Related Products: {j2store}20|crosssells{/j2store}
    • Up-Sell: {j2store}20|upsells{/j2store}
    • member rating overall impact (scale of 10): 9.3/10
    • member rating average dollars saved: $105,465
    • member rating average days saved: 35
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: strategy-and-governance
    Success depends on IT initiatives clearly aligned to business goals.

    Minimize the Damage of IT Cost Cuts

    • Buy Link or Shortcode: {j2store}53|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Average growth rates for Opex and Capex budgets are expected to continue to decline over the next fiscal year.
    • Common “quick-win” cost-cutting initiatives are not enough to satisfy the organization’s mandate.
    • Cost-cutting initiatives often take longer than expected, failing to provide cost savings before the organization’s deadline.
    • Cost-optimization projects often have unanticipated consequences that offset potential cost savings and result in business dissatisfaction.

    Our Advice

    Critical Insight

    • IT costs affect the entire business, not just IT. For this reason, IT must work with the business collaboratively to convey the full implications of IT cost cuts.
    • Avoid making all your cuts at once; phase your cuts by taking into account the magnitude and urgency of your cuts and avoid unintended consequences.
    • Don’t be afraid to completely cut a service if it should not be delivered in the first place.

    Impact and Result

    • Take a value-based approach to cost optimization.
    • Reduce IT spend while continuing to deliver the most important services.
    • Involve the business in the cost-cutting process.
    • Develop a plan for cost cutting that avoids unintended interruptions to the business.

    Minimize the Damage of IT Cost Cuts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take a value-based approach to cutting IT costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the mandate and take immediate action

    Determine your approach for cutting costs.

    • Minimize the Damage of IT Cost Cuts – Phase 1: Understand the Mandate and Take Immediate Action
    • Cost-Cutting Plan
    • Cost-Cutting Planning Tool

    2. Select cost-cutting initiatives

    Identify the cost-cutting initiatives and design your roadmap.

    • Minimize the Damage of IT Cost Cuts – Phase 2: Select Cost-Cutting Initiatives

    3. Get approval for your cost-cutting plan and adopt change management best practices

    Communicate your roadmap to the business and attain approval.

    • Minimize the Damage of IT Cost Cuts – Phase 3: Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices
    • IT Personnel Engagement Plan
    • Stakeholder Communication Planning Tool
    [infographic]

    Workshop: Minimize the Damage of IT Cost Cuts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Mandate and Take Immediate Action

    The Purpose

    Determine your cost-optimization stance.

    Build momentum with quick wins.

    Key Benefits Achieved

    Understand the internal and external drivers behind your cost-cutting mandate and the types of initiatives that align with it.

    Activities

    1.1 Develop SMART project metrics.

    1.2 Dissect the mandate.

    1.3 Identify your cost-cutting stance.

    1.4 Select and implement quick wins.

    1.5 Plan to report progress to Finance.

    Outputs

    Project metrics and mandate documentation

    List of quick-win initiatives

    2 Select Cost-Cutting Initiatives

    The Purpose

    Create the plan for your cost-cutting initiatives.

    Key Benefits Achieved

    Choose the correct initiatives for your roadmap.

    Create a sensible and intelligent roadmap for the cost-cutting initiatives.

    Activities

    2.1 Identify cost-cutting initiatives.

    2.2 Select initiatives.

    2.3 Build a roadmap.

    Outputs

    High-level cost-cutting initiatives

    Cost-cutting roadmap

    3 Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices

    The Purpose

    Finalize the cost-cutting plan and present it to the business.

    Key Benefits Achieved

    Attain engagement with key stakeholders.

    Activities

    3.1 Customize your cost-cutting plan.

    3.2 Create stakeholder engagement plans.

    3.3 Monitor cost savings.

    Outputs

    Cost-cutting plan

    Stakeholder engagement plan

    Cost-monitoring plan

    First 30 Days Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}418|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Given the speed and scope of the spread of the pandemic, governments are responding with changes almost daily as to what organizations and people can and can’t do. This volatility and uncertainty challenges organizations to respond, particularly in the absence of a business continuity or crisis management plan.

    Our Advice

    Critical Insight

    • Assess the risk to and viability of your organization in order to create appropriate action and communication plans quickly.

    Impact and Result

    • HR departments must be directly involved in developing the organization’s pandemic response plan. Use Info-Tech's Risk and Viability Matrix and uncover the crucial next steps to take during the first 30 days of the COVID-19 pandemic.

    First 30 Days Pandemic Response Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a response plan for the first 30 days of a pandemic

    Manage organizational risk and viability during the first 30 days of a crisis.

    • First 30 Days Pandemic Response Plan Storyboard
    • Crisis Matrix Communications Template: Business As Usual
    • Crisis Matrix Communications Template: Organization Closing
    • Crisis Matrix Communications Template: Manage Risk and Leverage Resilience
    • Crisis Matrix Communications Template: Reduce Labor and Mitigate Risk
    [infographic]

    Cookie Notice

    Gert Taeymans BV wants to inform you about our cookie notice on the Gert Taeymans BV websites via this document. Please also see the privacy policy which you can find here.

    This website is owned by Gert Taeymans BV

    Contact details:
    Gert Taeymans BV
    Koning Albertstraat 136
    2070 Burcht
    Belgium
    Company number: 0685974694
    Phone: +32 3 289 41 09
    email: gtbvba@gerttaeymans.com

    Site Scope

    The websites in scope of this notice are:

    • tymansgroup.com
    • gerttaeymans.consulting
    • gerttaeymans.site
    • gerttaeymans.audio

    Cookie Types

    We differentiate 4 types of cookies

    • Necessary cookies
      Necessary cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. While you can decline them, The website cannot function properly without these cookies.
    • Preferences cookies
      Preference cookies enable our website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They may include cookies from 3rd party providers whose content we show or reference on our site. Those cookies are outside of our control and these providers may change their terms and policies at any time.
    • Statistics cookies
      Statistic cookies help our company to understand how visitors interact with our website by collecting and reporting statistical information pseudonymously. That means that eg. your IP address is scrambled in such a way that it will always be the same upon each subsequent visit to our site, so that Google can process the visit as a return visit. This helps with basic statistics, but also is a factor in how well we rank in future searches. Many returning visitors means that you like our site and that is a ranking element.
      Due to the ECJ striking down the  EU-US Privacy Shield agreement, this leaves us with a open gap. The resulting implications and actions to take are not yet clear. However, when agreeing to statistics cookies, you agree that your data may be processed in the United States under less strict privacy laws and that your data will be exposed to all associated risks. Such risks include the US government being able to investigate you, simply for being a non-US citizen due to provision 702 of the FISA act, which they are able to do anyway, with or without the cookie. Also, the laws in the United States are less strict with regards to selling information to third parties.
    • Marketing cookies
      Marketing cookies are used to track you across websites. The intention is to display ads that are relevant and engaging for you and thereby more valuable for publishers and third party advertisers. At this point we do not allow ads to display on our site, so no third-party trackers are defined on our site. We may add a 1st party (us) tracker to our site at any time.

    Actual cookies used

    Necessary cookies (all sites in site scope)

    Name     Contents Expiration Reason for the cookie
    Session cookie (displayed as a long series of numbers and letters) The active session ID When you close your broser, clear your cookie's cache in your browser or after 60 minutes of inactivity on the site. The cookie may remain in your machine but is no longer valid after the mentioned tile of inactivity    

    The browser cookie is simply a random string of characters to identify the visitor. There are no personally identifable details in the cookie and no real data of use at all. The cookie is marked as a 'session' type of cookie, which means it will expire (be deleted automatically) when the browser is closed or cleaned by the browser after a set period of non-use; for instance, you haven't visited a page on the site that has used the cookie for 1 week. This latter case is useful for people that leave their computer running and never close their browser.

    The use of a cookie is what gives your website a short-term memory. By providing it with each request, Joomla can look up the history of the current viewing session in the database record below.

    cookieconsent_status allow 1 year This cookie stores that you have consented to the use of cookies on our site. It is there to avoid that you have to give your consent again at every page load.

    Preferences cookies

    Site Name     Contents Expiration Reason for the cookie
    gerttaeymans.consulting None at this stage N/A N/A   N/A
    tymansgroup.com None at this stage N/A N/A N/A
             
             

    Statistical cookies

    Site Name     Contents Expiration Reason for the cookie
    All Scope _ga Google Analytics type and account identifier 2 years This cookie identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gat_gtag_UA_140807308_3 Google Analytics type and account identifier 2 years This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gid Google Analytics type and account identifier 1 day This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
             
             

    Marketing cookies

    Name     Contents Expiration Reason for the cookie
    None at this stage N/A N/A N/A
           
           

     

    Managing cookies

    You are not required to accept any cookies . Our cookies toolbar allows you to fine tune which cookies you accespt or want to revoke consent for. The resulting experience may however be affected by your decision not to accept cookies.

    Eg. not accepting or revoking consent for the “Necessary” category cookies will result in your inability to log into the site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for “Preference” category cookies may impede on your ability to watch instructional videos on our site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for ‘Statistical” category cookies will result in us not seeing where visitors stay longer or shorter on our site. While the immediate experience will not degrade for you, it may impede us in better understanding where we need to improve our service, thereby denying you a potentially improved experience in the future.

    Not accepting or revoking consent for “Marketing” category cookies may result in you seeing irrelevant ads, if we make the decision to allow carefully selected partners to offer their services through our site.

    Removing cookies from your device

    You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited.

    Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).

    Managing site-specific cookies

    For more detailed control over site-specific cookies, check the privacy and cookie settings in your preferred browser

    Blocking cookies

    You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page. And some services and functionalities may not work properly at all (e.g. profile logging-in).

    Build a Roadmap for Service Management Agility

    • Buy Link or Shortcode: {j2store}280|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Business is moving faster than ever and IT is getting more demands at a faster pace.
    • Many IT organizations have traditional structures and approaches that have served them well in the past. However, these frameworks and approaches alone are no longer sufficient for today’s challenges and rapidly changing environment.
    • The inability to adaptively design and deliver services as requirements change has led to diminishing service quality and an increase in shadow IT.

    Our Advice

    Critical Insight

    • Being Agile is a mindset. It is not meant to be prescriptive, but to encourage you to leverage the best approaches, frameworks, and tools to meet your needs and get the job done now.
    • The goal of service management is to enable and drive value for the business. Service management practices have to be flexible and adaptable enough to manage and deliver the right service value at the right time at the right level of quality.

    Impact and Result

    • Understand Agile principles, how they align with service management principles, and what the optimal states for agility look like.
    • Use Info-Tech’s advice and tools to perform an assessment of your organization’s state of agility, identify the gaps, and create a custom roadmap to incorporate agility into your service management practice.
    • Increase business satisfaction. The ultimate outcome of having agility in your service delivery is satisfied customers.

    Build a Roadmap for Service Management Agility Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a roadmap for service management agility, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the optimal state for agility

    Understand the components of agility and what the optimal states are for service management agility.

    • Build a Roadmap for Service Management Agility – Phase 1: Understand the Optimal States for Agility

    2. Assess your current state of agility

    Determine the current state of agility in the service management practice.

    • Build a Roadmap for Service Management Agility – Phase 2: Assess Your Current State of Agility
    • Service Management Agility Assessment Tool

    3. Build the roadmap

    Create a roadmap for service management agility and present it to key stakeholders to obtain their support.

    • Build a Roadmap for Service Management Agility – Phase 3: Build the Roadmap for Service Management Agility
    • Service Management Agility Roadmap Template
    • Building Agility Into Our Service Management Practice Stakeholders Presentation Template
    [infographic]

    Workshop: Build a Roadmap for Service Management Agility

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Optimal States for Agility in Service Management

    The Purpose

    Understand agility and how it can complement service management.

    Understand how the components of culture, structure, processes, and resources enable agility in service management.

    Key Benefits Achieved

    Clear understanding of Agile principles.

    Identifying opportunities for agility.

    Understanding of how Agile principles align with service management.

    Activities

    1.1 Understand agility.

    1.2 Understand how Agile methodologies can complement service management through culture, structure, processes, and resources.

    Outputs

    Summary of Agile principles.

    Summary of optimal components in culture, structure, processes, and resources that enable agility.

    2 Assess Your Current State of Agility in Service Management

    The Purpose

    Assess your current organizational agility with respect to culture, structure, processes, and resources.

    Identify your agility strengths and weaknesses with the agility score.

    Key Benefits Achieved

    Understand your organization’s current enablers and constraints for agility.

    Have metrics to identify strengths or weaknesses in culture, structure, processes, and resources.

    Activities

    2.1 Complete an agility assessment.

    Outputs

    Assessment score of current state of agility.

    3 Build the Roadmap for Service Management Agility

    The Purpose

    Determine the gaps between the current and optimal states for agility.

    Create a roadmap for service management agility.

    Create a stakeholders presentation.

    Key Benefits Achieved

    Have a completed custom roadmap that will help build sustainable agility into your service management practice.

    Present the roadmap to key stakeholders to communicate your plans and get organizational buy-in.

    Activities

    3.1 Create a custom roadmap for service management agility.

    3.2 Create a stakeholders presentation on service management agility.

    Outputs

    Completed roadmap for service management agility.

    Completed stakeholders presentation on service management agility.

    Take Control of Cloud Costs on Microsoft Azure

    • Buy Link or Shortcode: {j2store}426|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Traditional IT budgeting and procurement processes don't work for public cloud services.
    • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
    • Without centralized control or oversight, organizations can quickly end up with massive Azure bills that exceed their IT salary cost.

    Our Advice

    Critical Insight

    • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
    • Often there are no consequences for overarchitecting or overspending on Azure.
    • Many organizations lack sufficient visibility into their Azure spend, making it impossible to establish accountability and controls.

    Impact and Result

    • Define roles and responsibilities.
    • Establish visibility.
    • Develop processes, procedures, and policies.

    Take Control of Cloud Costs on Microsoft Azure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a cost accountability framework

    Assess your current state, define your cost allocation model, and define roles and responsibilities.

    • Cloud Cost Management Worksheet
    • Cloud Cost Management Capability Assessment
    • Cloud Cost Management Policy
    • Cloud Cost Glossary of Terms

    2. Establish visibility

    Define dashboards and reports, and document account structure and tagging requirements.

    • Service Cost Cheat Sheet for Azure

    3. Define processes and procedures

    Establish governance for tagging and cost control, define process for right-sizing, and define process for purchasing commitment discounts.

    • Right-Sizing Workflow (Visio)
    • Right-Sizing Workflow (PDF)
    • Commitment Purchasing Workflow (Visio)
    • Commitment Purchasing Workflow (PDF)

    4. Build an implementation plan

    Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

    • Cloud Cost Management Task List
    [infographic]

    Workshop: Take Control of Cloud Costs on Microsoft Azure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build a Cost Accountability Framework

    The Purpose

    Establish clear lines of accountability and document roles & responsibilities to effectively manage cloud costs.

    Key Benefits Achieved

    Understanding of key areas to focus on to improve cloud cost management capabilities.

    Activities

    1.1 Assess current state

    1.2 Determine cloud cost model

    1.3 Define roles & responsibilities

    Outputs

    Cloud cost management capability assessment

    Cloud cost model

    Roles & responsibilities

    2 Establish Visibility

    The Purpose

    Establish visibility into cloud costs and drivers of those costs.

    Key Benefits Achieved

    Better understanding of what is driving costs and how to keep them in check.

    Activities

    2.1 Develop architectural patterns

    2.2 Define dashboards and reports

    2.3 Define account structure

    2.4 Document tagging requirements

    Outputs

    Architectural patterns; service cost cheat sheet

    Dashboards and reports

    Account structure

    Tagging scheme

    3 Define Processes & Procedures

    The Purpose

    Develop processes, procedures, and policies to control cloud costs.

    Key Benefits Achieved

    Improved capability of reducing costs.

    Documented processes & procedures for continuous improvement.

    Activities

    3.1 Establish governance for tagging

    3.2 Establish governance for costs

    3.3 Define right-sizing process

    3.4 Define purchasing process

    3.5 Define notification and alerts

    Outputs

    Tagging policy

    Cost control policy

    Right-sizing process

    Commitment purchasing process

    Notifications and alerts

    4 Build an Implementation Plan

    The Purpose

    Document next steps to implement & improve cloud cost management program.

    Key Benefits Achieved

    Concrete roadmap to stand up and/or improve the cloud cost management program.

    Activities

    4.1 Document process interaction changes

    4.2 Define cloud cost program KPIs

    4.3 Build implementation roadmap

    4.4 Build communication plan

    Outputs

    Changes to process interactions

    Cloud cost program KPIs

    Implementation roadmap

    Communication plan

    Do you believe in absolute efficiency?

    Weekend read. Hence I post this a bit later on Friday.
    Lately, I've been fascinated by infinity. And in infinity, some weird algebra pops up. Yet that weirdness is very much akin to what our business stakeholders want, driven by what our clients demand, and hence our KPIs drive us. Do more with less. And that is what absolute efficiency means.

    Register to read more …

    Make the Case for Product Delivery

    • Buy Link or Shortcode: {j2store}184|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $41,674 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery practices. This form of delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Our Advice

    Critical Insight

    • Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

    Impact and Result

    • We will help you build a proposal deck to make the case to your stakeholders for product-centric delivery.
    • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
      • A common definition of product.
      • How this form of delivery differs from traditional project-centric approaches.
      • Key challenges and benefits.
      • The capabilities needed to effectively own products and deliver value.
      • What you are asking of stakeholders.
      • A roadmap of how to get started.

    Make the Case for Product Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for Product Delivery Deck – A guide to help align your organization on the practices to deliver what matters most.

    This project will help you define “product” for your organization, define your drivers and goals for moving to product delivery, understand the role of product ownership, lay out the case to your stakeholders, and communicate what comes next for your transition to product.

    • Make the Case for Product Delivery Storyboard

    2. Make the Case for Product Delivery Presentation Template – A template to help you capture and detail your case for product delivery.

    Build a proposal deck to help make the case to your stakeholders for product-centric delivery.

    • Make the Case for Product Delivery Presentation Template

    3. Make the Case for Product Delivery Workbook – A tool to capture the results of exercises to build your case to change your product delivery method.

    This workbook is designed to capture the results of the exercises in the Make the Case for Product Delivery Storyboard. Each worksheet corresponds to an exercise in the storyboard. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

    • Make the Case for Product Delivery Workbook
    [infographic]

    Further reading

    Make the Case for Product Delivery

    Align your organization on the practices to deliver what matters most.

    Table of Contents

    Define product

    Define your drivers and goals

    Understand the role of product ownership

    Communicate what comes next

    Make the case to your stakeholders

    Appendix: Additional research

    Appendix: Product delivery strategy communication

    Appendix: Manage stakeholder influence

    Appendix: Product owner capability details

    Executive Summary

    Your Challenge
    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • Organizations are under pressure to align the value they provide with the organization’s goals and overall company vision.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.
    Common Obstacles
    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery.
    • Product delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.
    Info-Tech’s Approach
    • Info-Tech will enable you to build a proposal deck to make the case to your stakeholders for product-centric delivery.
    • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
      • A common definition of product.
      • How this form of delivery differs from traditional project-centric approaches.
      • Key challenges and benefits.
      • The capabilities needed to effectively own products and deliver value.
      • What you are asking of stakeholders.
      • A roadmap of how to get started.

    Info-Tech Insight

    Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

    Many executives perceive IT as being poorly aligned with business objectives

    Info-Tech’s CIO Business Vision Survey data highlights the importance of IT initiatives in supporting the business in achieving its strategic goals.

    However, Info-Tech’s CEO-CIO Alignment Survey (2021; N=58) data indicates that CEOs perceive IT to be poorly aligned to business’ strategic goals.

    Info-Tech CEO-CIO Alignment Diagnostics, 2021 (N=58)

    40% Of CEOs believe that business goals are going unsupported by IT.

    34% Of business stakeholders are supporters of their IT departments (n=334).

    40% Of CIOs/CEOs are misaligned on the target role for IT.

    Info-Tech Insight

    Great technical solutions are not the primary driver of IT success. Focusing on delivery of digital products that align with organizational goals will produce improved outcomes and will foster an improved relationship between business and IT.

    Increase product success by involving IT, business, and customers in your product roadmaps, planning, and delivery

    Product management and delivery seek to promote improved relationships among IT, business, and customers, a critical driver for business satisfaction.

    IT

    Stock image of an IT professional.

    1

    Collaboration

    IT, business, and customers work together through all stages of the product lifecycle, from market research through the roadmapping and delivery processes and into maintenance and retirement. The goal is to ensure the risks and dependencies are realized before work is committed.

    Stakeholders, Customers, and Business

    Stock image of a business professional.

    2

    Communication

    Prioritize high-value modes of communication to break down existing silos and create common understanding and alignment across functions. This approach increases transparency and visibility across the entire product lifecycle.

    3

    Integration

    Explore methods to integrate the workflows, decision making, and toolsets among the business, IT, and customers. The goal is to become more reactive to changes in business and customer expectations and more proactive about market trends.

    Product does not mean the same thing to everyone

    Do not expect a universal definition of products.
    Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

    Organizations need a common understanding of what a product is and how it pertains to the business.

    This understanding needs to be accepted across the organization.

    “There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.” (Chad Beier, “How Do You Define a Product?” Scrum.org)

    Products enable the long-term and continuous delivery of value

    Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum.

    Phase 1

    Build the case for product-centric delivery

    Phase 1
    1.1 Define product
    1.2 Define your drivers and goals
    1.3 Understand the role of product ownership
    1.4 Communicate what comes next
    1.5 Make the case to your stakeholders

    This phase will walk you through the following activities:

    • Define product in your context.
    • Define your drivers and goals for moving to product delivery.
    • Understand the role of product ownership.
    • Communicate what comes next for your transition to product.
    • Lay out the case to your stakeholders.

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Step 1.1

    Define product

    Activities
    • 1.1.1 Define “product” in your context
    • 1.1.2 Consider examples of what is (and is not) a product in your organization
    • 1.1.3 Identify the differences between project and product delivery

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A clear definition of product in your organization’s context.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Exercise 1.1.1 Define “product” in your context

    30-60 minutes

    Output: Your enterprise/organizational definition of products and services

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Discuss what “product” means in your organization.
    2. Create a common, enterprise-wide definition for “product.”
    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

    Record the results in the Make the Case for Product-Centric Delivery Workbook.

    Example: What is a product?

    Not all organizations will define products in the same way. Take this as a general example:

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

    Info-Tech Insight

    A proper definition of product recognizes three key facts:

    1. Products are long-term endeavors that don’t end after the project finishes.
    2. Products are not just “apps” but can be software or services that drive the delivery of value.
    3. There is more than one stakeholder group that derives value from the product or service.
    Stock image of an open human head with gears and a city for a brain.

    How do we know what is a product?

    What isn’t a product:
    • Features (on their own)
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams
    You have a product if the given item...
    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate

    Exercise 1.1.2 Consider examples of what is (and is not) a product in your organization

    15 minutes

    Output: Examples of what is and isn’t a product in your specific context.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Leverage the definition you created in exercise 1.1.1 and the explanation on the slide What is a product?
    2. Pick examples that effectively show the difference between products and non-products and facilitate a conversation on the ones that seem to be on the line. Specific server instances, or instances of providing a service, are worthwhile examples to consider.
    3. From the list you come up with, take the top three examples and put them into the Make the Case for Product Delivery Presentation Template.
    Example:
    What isn’t a product?
    • Month-end SQL scripts to close the books
    • Support Engineer doing a password reset
    • Latest research project in R&D
    What is a product?
    • Self-service password reset portal
    • Oracle ERP installation
    • Microsoft Office 365

    Record the results in the Make the Case for Product Delivery Workbook.

    Product delivery practices should consider everything required to support it, not just what users see.

    Cross-section of an iceberg above and below water with visible product delivery practices like 'Funding', 'External Relationships', and 'Stakeholder Management' above water and internal product delivery practices like 'Product Governance', 'Business Functionality', and 'R&D' under water. There are far more processes below the water.

    Products and services share the same foundation and best practices

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

    Product = Service

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:
    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Exercise 1.1.3 Identify the differences between project and product delivery

    30-60 minutes

    Output: List of differences between project and product delivery

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Consider project delivery and product delivery.
    2. Discuss what some differences are between the two.
      Note: This exercise is not about identifying the advantages and disadvantages of each style of delivery. This is to identify the variation between the two.
    Theme Project Delivery (Current) Product Delivery (Future)
    Timing Defined start and end Does not end until the product is no longer needed
    Funding Funding projects Funding products and teams
    Prioritization LoB sponsors Product owner
    Capacity Management Project management Managed by product team

    Record the results in the Make the Case for Product Delivery Workbook.

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects — Funding –› Fund products or teams
    Line of business sponsor — Prioritization –› Product owner
    Makes specific changes to a product —Product management –› Improves product maturity and support
    Assignment of people to work — Work allocation –› Assignment of work to product teams
    Project manager manages — Capacity management –› Team manages capacity

    Info-Tech Insights

    • Product ownership should be one of your first areas of focus when transitioning from project to product delivery.
    • Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum. Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

    Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Step 1.2

    Define your drivers and goals

    Activities
    • 1.2.1 Understand your drivers for product-centric delivery
    • 1.2.2 Define the goals for your product-centric organization

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A clear understanding of your motivations and desired outcomes for moving to product delivery.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Exercise 1.2.1 Understand your drivers for product-centric delivery

    30-60 minutes

    Output: Organizational drivers to move to product-centric delivery.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify your pain points in the current delivery model.
    2. What is the root cause of these pain points?
    3. How will a product-centric delivery model fix the root cause (drivers)?
    Pain Points
    • Lack of ownership
    Root Causes
    • Siloed departments
    Drivers
    • Accountability

    Record the results in the Make the Case for Product Delivery Workbook.

    Exercise 1.2.2 Define the goals for your product-centric organization

    30 minutes

    Output: Goals for product-centric delivery

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Review the differences between project and product delivery from exercise 1.1.3 and the list of drivers from exercise 1.2.1.
    2. Define your goals for achieving a product-centric organization.
      Note: Your drivers may have already covered the goals. If so, review if you would like to change the drivers based on your renewed understanding of the differences between project and product delivery.
    Pain Points
    • Lack of ownership
    Root Causes
    • Siloed departments
    Drivers
    • Accountability
    Goals
    • End-to-end ownership

    Record the results in the Make the Case for Product Delivery Workbook.

    Step 1.3

    Understand the role of product ownership

    Activities
    • 1.3.1 Identify product ownership capabilities

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Product owner capabilities that you agree are critical to start your product transformation.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Accountability for the delivery of value through product ownership is not optional

    Tree of 'Enterprise Goals and Priorities' leading to 'Product' through a 'Product Family'.

    Info-Tech Insight

    People treat the assignment of accountability for products (aka product ownership) as optional. Without assigning accountability up front, your transition to product delivery will stall. Accountable individuals will be focused on the core outcome for product delivery, which is the delivery of the right value, at the right time, to the right people.

    Description of the tree levels shown in the diagram on the left. First is 'Enterprise Goals and Priorities', led by 'Executive Leadership' using the 'Enterprise Strategic Roadmap'. Second is 'Product Family', led by 'Product Manager' using the 'Product Family Roadmap'. Last is 'Product', led by the 'Product Owner' using the 'Product Roadmap' and 'Backlog' on the strategic end, and 'Releases' on the Tactical end. In the holistic context, 'Product Family is considered 'Strategic' while 'Product' is 'Tactical'.

    Recognize the different product owner perspectives

    Business
    • Customer facing, revenue generating
    Technical
    • IT systems and tools
    Operations
    • Keep the lights on processes

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Info-Tech Insight

    Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.” (Robbin Schuurman, “Tips for Starting Product Owners”)

    Implement the Info-Tech product owner capability model

    As discussed in Build a Better Product Owner, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization. 'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.
    Vision
    • Market Analysis
    • Business Alignment
    • Product Roadmap
    Leadership
    • Soft Skills
    • Collaboration
    • Decision Making
    Product Lifecycle Management
    • Plan
    • Build
    • Run
    Value Realization
    • KPIs
    • Financial Management
    • Business Model

    Details on product ownership capabilities can be found in the appendix.

    Exercise 1.3.1 Identify product ownership capabilities

    60 minutes

    Output: Product owner capability mapping

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Write down the capabilities product owners need to perform their duties (one per sticky note) in order to describe product ownership in your organization. Consider people, processes, and tools.
    2. Mark each capability with a plus (current capability), circle (some proficiency), or dash (missing capability).
    3. Discuss each capability and place on the appropriate quadrant.

    'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.

    Record the results in the Make the Case for Product Delivery Workbook.

    Differentiate between product owners and product managers

    Product Owner (Tactical Focus)
    • Backlog management and prioritization
    • Epic/story definition, refinement in conjunction with business stakeholders
    • Sprint planning with Scrum Master
    • Working with Scrum Master to minimize disruption to team velocity
    • Ensuring alignment between business and Scrum teams during sprints
    • Profit and loss (P&L) product analysis and monitoring
    Product Manager (Strategic Focus)
    • Product strategy, positioning, and messaging
    • Product vision and product roadmap
    • Competitive analysis and positioning
    • New product innovation/definition
    • Release timing and focus (release themes)
    • Ongoing optimization of product-related marketing and sales activities
    • P&L product analysis and monitoring

    Info-Tech Insight

    “Product owner” and “product manager” are terms that should be adapted to fit your culture and product hierarchy. These are not management relationships but rather a way to structure related products and services that touch the same end users.

    Step 1.4

    Communicate what comes next

    Activities
    • 1.4.1 How do we get started?

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A now, next, later roadmap indicating your overall next steps.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Make a plan in order to make a plan!

    Consider some of the techniques you can use to validate your strategy.

    Cyclical diagram of the 'Continuous Delivery of Value' within 'Business Value'. Surrounding attributes are 'User Centric', 'Adaptable', 'Accessible', 'Private & Secured', 'Informative & Insightful', 'Seamless Application Connection', 'Relationship & Network Building', 'Fit for Purpose'.

    Go to your backlog and prioritize the elements that need to be answered sooner rather than later.

    Possible areas of focus:

    • Regulatory requirements or questions to answer around accessibility, security, privacy.
    • Stress testing any new processes against situations that may occur.
    Learning Milestones

    The completion of a set of artifacts dedicated to validating business opportunities and hypotheses.

    Possible areas of focus:

    • Align teams on product strategy prior to build
    • Market research and analysis
    • Dedicated feedback sessions
    • Provide information on feature requirements
    Stock image of people learning.
    Sprint Zero (AKA Project-before-the-project)

    The completion of a set of key planning activities, typically the first sprint.

    Possible areas of focus:

    • Focus on technical verification to enable product development alignment
    • Sign off on architectural questions or concerns
    Stock photo of a person writing on a board of sticky notes.

    The “Now, Next, Later” roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    • Now
      What are you going to do now?
    • Next
      What are you going to do very soon?
    • Later
      What are you going to do in the future?
    A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
    (Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

    Exercise 1.4.1 How do we get started?

    30-60 minutes

    Output: Product transformation critical steps and basic roadmap

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify what the critical steps are for the organization to embrace product-centric delivery.
    2. Group each critical step by how soon you need to address it:
      • Now: Let’s do this ASAP.
      • Next: Sometime very soon, let’s do these things.
      • Later: Much further off in the distance, let’s consider these things.
    A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
    (Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

    Record the results in the Make the Case for Product Delivery Workbook.

    Example

    Example table for listing tasks to complete Now, Next, or Later

    Step 1.5

    Make the case to your stakeholders

    Activities
    • 1.5.1 Identify what support you need from your stakeholders
    • 1.5.2 Build your pitch for product delivery

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A deliverable that helps make the case for product delivery.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Develop a stakeholder strategy to define your product owner landscape

    Stakeholder Influence

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

    Product teams operate within this network of stakeholders who represent different perspectives within the organization.

    See the appendix for activities and guidance on how to devise a strategy for managing stakeholders.

    Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

    Exercise 1.5.1 Identify what support you need from your stakeholders

    30 minutes

    Output: Clear understanding of stakeholders, what they need from you, and what you need from them.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. If you don’t yet know who your stakeholders are, consider completing one or more of the stakeholder management exercises in the appendix.
    2. Identify your key stakeholders who have an interest in solution delivery.
    3. Consider their perspective on product-centric delivery. (For example: For head of support, what does solution delivery mean to them?)
    4. Identify what role each stakeholder would play in the transformation.
      • This role represents what you need from them for this transformation to product-centric delivery.
    Stakeholder
    What does solution delivery mean to them?
    What do you need from them in order to be successful?

    Record the results in the Make the Case for Product Delivery Workbook.

    Exercise 1.5.2 Build your pitch deck

    30 minutes (and up)

    Output: A completed presentation to help you make the case for product delivery.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Take the results from the Make the Case for Product Delivery Workbook and transfer them into the presentation template.
    2. Follow the instructions on each page listed in the instruction bubbles to know what results to place where.
    3. This is meant to be a template; you are welcome to add and remove slides as needed to suit your audience!

    Sample of slides from the Make the Case for Product Delivery Workbook with instruction bubbles overlaid.

    Record the results in the Make the Case for Product Delivery Workbook.

    Appendix

    Additional research to start your journey

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Build Your Agile Acceleration Roadmap

    • Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    • Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    • Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Application Portfolio Management

    Application Portfolio Management (APM) Research Center

    • See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management for Small Enterprises

    • There is no one-size-fits-all rationalization. Tailor your framework to meet your goals.

    Streamline Application Maintenance

    • Effective maintenance ensures the long-term value of your applications.

    Build an Application Rationalization Framework

    • Manage your application portfolio to minimize risk and maximize value.

    Modernize Your Applications

    • Justify modernizing your application portfolio from both business and technical perspectives.

    Review Your Application Strategy

    • Ensure your applications enable your business strategy.

    Application Portfolio Management Foundations

    • Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Management

    • Move beyond maintenance to ensuring exceptional value from your apps.

    Optimize Applications Release Management

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Embrace Business-Managed Applications

    • Empower the business to implement their own applications with a trusted business-IT relationship.

    Related Info-Tech Research

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    • Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    • Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    • Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    • Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    • Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    • Commit to achievable software releases by grounding realistic expectations

    Reduce Time to Consensus With an Accelerated Business Case

    • Expand on the financial model to give your initiative momentum.

    Optimize IT Project Intake, Approval, and Prioritization

    • Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Org Design and Performance

    Redesign Your IT Organizational Structure

    • Focus product delivery on business value–driven outcomes.

    Build a Strategic IT Workforce Plan

    • Have the right people, in the right place, at the right time.

    Implement a New IT Organizational Structure

    • Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    • Measure employee sentiment to drive IT performance

    Set Meaningful Employee Performance Measures

    • Set holistic measures to inspire employee performance.

    Master Organizational Change Management Practices

    • PMOs, if you don't know who is responsible for org change, it's you.

    Appendix

    Product delivery strategy communication

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    Diagram on how to get from product owner capabilities to 'Business Value Realization' through 'Product Roadmap' with a 'Tiered Backlog', 'Delivery Capacity and Throughput' via a 'Product Delivery Pipeline'.
    (Adapted from: Pichler, “What Is Product Management?”)

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver.
    Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Two-part diagram showing the 'Product Backlog' segmented into '1. Current: Features/ Stories', '2. Near-term: Capabilities', and '3. Future: Epics', and then the 'Product Roadmap' with the same segments placed into a timeline.

    Multiple roadmap views can communicate differently, yet tell the same truth

    Product managers and product owners have many responsibilities, and a roadmap can be a useful tool to complete those objectives through communication or organization of tasks.

    However, not all roadmaps address the correct audience and achieve those objectives. Care must be taken to align the view to the given audience.

    Pie Chart showing the surveyed most important reason for using a product roadmap. From largest to smallest are 'Communicate a strategy', 'Plan and prioritize', 'Communicate milestones and releases', 'Get consensus on product direction', and 'Manage product backlog'.
    Surveyed most important reason for using a product roadmap (Source: ProductPlan, 2018)

    Audience
    Business/ IT leaders Users/Customers Delivery teams
    Roadmap View
    Portfolio Product Technology
    Objectives
    To provide a snapshot of the portfolio and priority apps To visualize and validate product strategy To coordinate and manage teams and show dev. progress
    Artifacts
    Line items or sections of the roadmap are made up of individual apps, and an artifact represents a disposition at its highest level. Artifacts are generally grouped by various product teams and consist of strategic goals and the features that realize those goals. Artifacts are grouped by the teams who deliver that work and consist of features and technical enablers that support those features.

    Appendix

    Managing stakeholder influence

    From Build a Better Product Owner

    Step 1.3 (from Build a Better Product Owner)

    Manage Stakeholder Influence

    Activities
    • 1.3.1 Visualize interrelationships to identify key influencers
    • 1.3.2 Group your product owners into categories
    • 1.3.3 Prioritize your stakeholders
    • 1.3.4 Delegation Poker: Reach better decisions

    This step will walk you through the following activities:

    To be successful, product owners need to identify and manage all stakeholders for their products. This step will build a stakeholder map and strategy.

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Relationships among stakeholders and influencers
    • Categorization of stakeholders and influencers
    • Stakeholder and influencer prioritization
    • Better understanding of decision-making approaches and delegation
    Product Owner Foundations
    Step 1.1 Step 1.2 Step 1.3

    Develop a product owner stakeholder strategy

    Stakeholder Influence

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

    Product owners operate within this network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without accomplishing these missing pieces, product owners will encounter obstacles, resistance, or unexpected changes.

    Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Legend
    Black arrow with a solid line and single direction. Black arrows indicate the direction of professional influence
    Green arrow with a dashed line and bi-directional. Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates in. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    1.3.1 Visualize interrelationships to identify key influencers

    60 minutes

    Input: List of product stakeholders

    Output: Relationships among stakeholders and influencers

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      1. Use black arrows to indicate the direction of professional influence.
      2. Use dashed green arrows to indicate bidirectional, informal influence relationships.
    5. Record the results in the Build a Better Product Owner Workbook.

    Record the results in the Build a Better Product Owner Workbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product owners categorize their stakeholders by their level or influence and ownership in the product and/or teams.

    Stakeholder prioritization map split into four quadrants along two axes, 'Influence', and 'Ownership/Interest': 'Players' (high influence, high interest); 'Mediators' (high influence, low interest); 'Noisemakers' (low influence, high interest); 'Spectators' (low influence, low interest). Source: Info-Tech Research Group

    There are four areas in the map, and the stakeholders within each area should be treated differently.
    • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.
    • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
    • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.3.2 Group your product owners into categories

    30 minutes

    Input: Stakeholder map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify your stakeholder’s interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    3. Record the results in the Build a Better Product Owner Workbook.
    Same stakeholder prioritization map as before but with example positions mapped onto it.
    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the Build a Better Product Owner Workbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Stakeholder prioritization table with 'Stakeholder Category' as row headers ('Player', 'Mediator', 'Noisemaker', 'Spectator') and 'Level of Support' as column headers ('Supporter', 'Evangelist', 'Neutral', 'Blocker'). Importance ratings are 'Critical', 'High', 'Medium', 'Low', and 'Irrelevant'.

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: how likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive the focus of your attention. The table to the right indicates how stakeholders are ranked.

    1.3.3 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix, Stakeholder prioritization

    Output: Stakeholder and influencer prioritization

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
    3. Record the results in the Build a Better Product Owner Workbook.
    Stakeholder Category Level of Support Prioritization
    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the Build a Better Product Owner Workbook.

    Define strategies for engaging stakeholders by type

    Stakeholder strategy map assigning stakeholder strategies to stakeholder categories, as described in the adjacent table.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers, while ensuring the needs of the Mediators and Players are met.

    Type Quadrant Actions
    Players High influence; high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence; low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence; high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence; low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Appendix

    Product owner capability details

    From Build a Better Product Owner

    Develop product owner capabilities

    Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

    Each capability has three components needed for successful product ownership.

    Definitions are on the following slides.

    Central diagram title 'Product Owner Capabilities'.

    Define the skills and activities in each component that are directly related to your product and culture.

    Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.
    Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'. Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

    Capabilities: Vision

    Market Analysis

    • Unique solution: Identify the target users and unique value your product provides that is not currently being met.
    • Market size: Define the size of your user base, segmentation, and potential growth.
    • Competitive analysis: Determine alternative solutions, products, or threats that affect adoption, usage, and retention.

    Business Alignment

    • SWOT analysis: Complete a SWOT analysis for your end-to-end product lifecycle. Use Info-Tech’s Business SWOT Analysis Template.
    • Enterprise alignment: Align product to enterprise goals, strategies, and constraints.
    • Delivery strategy: Develop a delivery strategy to achieve value quickly and adapt to internal and external changes.

    Product Roadmap

    • Roadmap strategy: Determine the duration, detail, and structure of your roadmap to accurately communicate your vision.
    • Value prioritization: Define criteria used to evaluate and sequence demand.
    • Go to market strategy: Create organizational change management, communications, and a user implementation approach.

    Info-Tech Insight

    Data comes from many places and may still not tell the complete story.

    Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

    “Customers are best heard through many ears.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Leadership

    Soft Skills

    • Communication: Maintain consistent, concise, and appropriate communication using SMART guidelines (specific, measurable, attainable, relevant, and timely).
    • Integrity: Stick to your values, principles, and decision criteria for the product to build and maintain trust with your users and teams.
    • Influence: Manage stakeholders using influence and collaboration over contract negotiation.

    Collaboration

    • Stakeholder management: Build a communications strategy for each stakeholder group, tailored to individual stakeholders.
    • Relationship management: Use every interaction point to strengthen relationships, build trust, and empower teams.
    • Team development: Promote development through stretch goals and controlled risks to build team capabilities and performance.

    Decision Making

    • Prioritized criteria: Remove personal bias by basing decisions off data analysis and criteria.
    • Continuous improvement: Balance new features with the need to ensure quality and create an environment of continuous improvement.
    • Team empowerment/negotiation: Push decisions to teams closest to the problem and solution, using Delegation Poker to guide you.

    Info-Tech Insight

    Product owners cannot be just a proxy for stakeholder decisions. The product owner owns product decisions and management of all stakeholders.

    Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.

    “Everything walks the walk. Everything talks the talk.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Product lifecycle management

    Plan

    • Product backlog: Follow a schedule for backlog intake, refinement, updates, and prioritization.
    • Journey map: Create an end-user journey map to guide adoption and loyalty.
    • Fit for purpose: Define expected value and intended use to ensure the product meets your end user’s needs.

    Build

    • Capacity management: Work with operations and delivery teams to ensure consistent and stable outcomes.
    • Release strategy: Build learning, release, and critical milestones into a repeatable release plan.
    • Compliance: Build policy compliance into delivery practices to ensure alignment and reduce avoidable risk (privacy, security).

    Run

    • Adoption: Focus attention on end-user adoption and proficiency to accelerate value and maximize retention.
    • Support: Build operational support and business continuity into every team.
    • Measure: Measure KPIs and validate expected value to ensure product alignment to goals and consistent product quality.

    Info-Tech Insight

    Product owners must actively manage the full lifecycle of the product.

    Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'.

    “Pay fantastic attention to detail. Reward, recognize, celebrate.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Value realization

    Key Performance Indicators (KPIs)

    • Usability and user satisfaction: Assess satisfaction through usage monitoring and end-user feedback.
    • Value validation: Directly measure performance against defined value proposition, goals, and predicted ROI.
    • Fit for purpose: Verify the product addresses the intended purpose better than other options.

    Financial Management

    • P&L: Manage each product as if it were its own business with profit and loss statements.
    • Acquisition cost/market growth: Define the cost of acquiring a new consumer, onboarding internal users, and increasing product usage.
    • User retention/market share: Verify product usage continues after adoption and solution reaches new user groups to increase value.

    Business Model

    • Defines value proposition: Dedicate your primary focus to understanding and defining the value your product will deliver.
    • Market strategy and goals: Define your acquisition, adoption, and retention plan for users.
    • Financial model: Build an end-to-end financial model and plan for the product and all related operational support.

    Info-Tech Insight

    Most organizations stop with on-time and on-budget. True financial alignment needs to define and manage the full lifecycle P&L.

    Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

    “The competition is anyone the customer compares you with.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog refining (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product Lifecycle Management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value Realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Bibliography – Product Ownership

    A, Karen. “20 Mental Models for Product Managers.” Medium, Product Management Insider, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Agile Alliance. “Product Owner.” Agile Alliance, n.d. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint, 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group, 2005. Web.

    Cohn, Mike “What is a product?” Mountain Goat Software, 16 Sept. 2016, Web

    Connellan, Thomas K. Inside the Magic Kingdom. Bard Press, 1997. Print.

    Curphey, Mark, “Product Definition.” slideshare.net, 25 Feb. 2007. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” Medium.com, 6 March 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile Alliance, Agile2016, 2016. Web.

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” Medium.com, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Medium.com, 23 July 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    Management 3.0. “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    Bibliography – Product Ownership

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web.

    Mironov, Rich. “Scaling Up Product Manager/Owner Teams: Rich Mironov's Product Bytes.” Rich Mironov's Product Bytes, Mironov Consulting, 12 April 2014 . Web.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 March 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    Radigan, Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Bibliography – Product Ownership

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin VOP #50, 2 Oct. 2018. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium.com, 19 Dec. 2017. Web.

    VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” Medium.com, 10 Feb. 2017. Web.

    “How do you define a product?” Scrum.org, 4 April 2017, Web.

    “Product Definition.” TechTarget, Sept. 2005. Web

    Bibliography – Product Roadmap

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012, Herzlia, Israel, 2012 IEEE International Conference on Software Science, Technology and Engineering, 12 June 2012. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, n.d. Accessed Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, Inc., 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP)?” LEANSTACK, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 Oct. 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018

    Research Contributors and Experts

    Photo of Emily Archer, Lead Business Analyst, Enterprise Consulting, authentic digital agency.

    Emily Archer
    Lead Business Analyst,
    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    Photo of David Berg, Founder & CTO, Strainprint Technologies Inc.

    David Berg
    Founder & CTO
    Strainprint Technologies Inc.

    David Berg is a product commercialization expert that has spent the last 20 years of his career delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world with the goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Research Contributors and Experts

    Blank photo template.

    Kathy Borneman
    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Photo of Charlie Campbell, Product Owner, Merchant e-Solutions.

    Charlie Campbell
    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Research Contributors and Experts

    Photo of Yarrow Diamond, Sr. Director, Business Architecture, Financial Services.

    Yarrow Diamond
    Sr. Director, Business Architecture
    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Photo of Cari J. Faanes-Blakey, CBAP, PMI-PBA, Enterprise Business Systems Analyst, Vertex, Inc.

    Cari J. Faanes-Blakey, CBAP, PMI-PBA
    Enterprise Business Systems Analyst,
    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Research Contributors and Experts

    Photo of Kieran Gobey, Senior Consultant Professional Services, Blueprint Software Systems.

    Kieran Gobey
    Senior Consultant Professional Services
    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations.

    Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Photo of Rupert Kainzbauer, VP Product, Digital Wallets, Paysafe Group.

    Rupert Kainzbauer
    VP Product, Digital Wallets
    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. Together with a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Research Contributors and Experts

    Photo of Saeed Khan, Founder, Transformation Labs.

    Saeed Khan
    Founder,
    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in both Canada and the US and has held a number of leadership roles in Product Management over that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005.

    Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders, the only global community of senior-level product executives.

    Photo of Hoi Kun Lo, Product Owner, Nielsen.

    Hoi Kun Lo
    Product Owner
    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL, and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Research Contributors and Experts

    Photo of Abhishek Mathur, Sr Director, Product Management, Kasisto, Inc.

    Abhishek Mathur
    Sr Director, Product Management
    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Photo of Jeff Meister, Technology Advisor and Product Leader.

    Jeff Meister
    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations.

    Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements.

    Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Research Contributors and Experts

    Photo of Vincent Mirabelli, Principal, Global Project Synergy Group.

    Vincent Mirabelli
    Principal,
    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Photo of Oz Nazili, VP, Product & Growth, TWG.

    Oz Nazili
    VP, Product & Growth
    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Research Contributors and Experts

    Photo of Mark Pearson, Principal IT Architect, First Data Corporation.

    Mark Pearson
    Principal IT Architect
    First Data Corporation

    Mark Pearson is an executive business leader grounded in the process, data, technology, and operations of software-driven business. He knows the enterprise software landscape and is skilled in product, technology, and operations design and delivery within information technology organizations, outsourcing firms, and software product companies.

    Photo of Brenda Peshak, Product Owner, Widget Industries, LLC.

    Brenda Peshak
    Product Owner,
    Widget Industries, LLC

    Brenda Peshak is skilled in business process, analytical skills, Microsoft Office Suite, communication, and customer relationship management (CRM). She is a strong product management professional with a Master’s focused in Business Leadership (MBL) from William Penn University.

    Research Contributors and Experts

    Photo of Mike Starkey, Director of Engineering, W.W. Grainger.

    Mike Starkey
    Director of Engineering
    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Photo of Anant Tailor, Cofounder & Head of Product, Dream Payments Corp.

    Anant Tailor
    Cofounder & Head of Product
    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes.

    Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries.

    Anant is a Professional Engineer with a Bachelor’s degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Research Contributors and Experts

    Photo of Angela Weller, Scrum Master, Businessolver.

    Angela Weller
    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Leading Through Uncertainty Workshop Overview

    • Buy Link or Shortcode: {j2store}474|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $123,999 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Leadership Development Programs
    • Parent Category Link: /leadership-development-programs

    As the world around us changes there is a higher risk that IT productivity and planned priorities will be derailed.

    Our Advice

    Critical Insight

    To meet the challenges of uncertainty head on IT leaders must adapt so their employees are supported and IT departments continue to operate successfully.

    Impact and Result

    • Clearly define and articulate the current and future priorities to provide direction and cultivate hope for the future.
    • Recognize and manage your own reactions to be conscious of how you are showing up and the perceptions others may have.
    • Incorporate the 4Cs of Leading Through Uncertainty into your leadership practice to make sense of the situation and lead others through it.
    • Build tactics to connect with your employees that will ensure employee engagement and productivity.

    Leading Through Uncertainty Workshop Overview Research & Tools

    Start here – read the Workshop Overview

    Read our concise Workshop Overview to find out how this program can support IT leaders when managing teams through uncertain times.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Leading Through Uncertainty (LTU) Workshop Overview
    [infographic]

    Get Started With IT Project Portfolio Management

    • Buy Link or Shortcode: {j2store}443|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $7,599 Average $ Saved
    • member rating average days saved: 46 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • Most companies are struggling to get their project work done. This is due in part to the fact that many prescribed remedies are confusing, disruptive, costly, or ineffective.
    • While struggling to find a solution, within the organization, project requests never stop and all projects continue to all be treated the same. Resources are requested for multiple projects without any visibility into their project capacity. Projects lack proper handoffs from closure to ongoing operational work. And the benefits are never tracked.
    • If you have too many projects, limited resources, ineffective communications, or low post-project adoption, keep reading. Perhaps you should spend a bit more on project, portfolio, and organizational change management.

    Our Advice

    Critical Insight

    • Successful project outcomes are not built by rigorous project processes: Projects may be the problem, but project management rigor is not the solution.
    • Don’t fall into the common trap of thinking high-rigor project management should be every organization’s end goal.
    • Instead, understand that it is better to spend time assessing the portfolio to determine what projects should be prioritized.

    Impact and Result

    Begin by establishing a few foundational practices that will work to drive project throughput.

    • Capacity Estimation: Understand what your capacity is to do projects by determining how much time is allocated to doing other things.
    • Book of Record: Establish a basic but sustainable book of record so there is an official list of projects in flight and those waiting in a backlog or funnel.
    • Simple Project Management Processes: Align the rigor of your project management process with what is required, not what is prescribed by the PMP designation.
    • Impact Assessment: Address the impact of change at the beginning of the project and prepare stakeholders with the right level of communication.

    Get Started With IT Project Portfolio Management Research & Tools

    Start here – read the Executive Brief

    Begin by establishing a few foundational practices that will work to drive project throughput. Most project management problems are resolved with portfolio level solutions. This blueprint will address the eco-system of project, portfolio, and organizational change management.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Project portfolio management

    Estimate project capacity, determine what needs to be tracked on an ongoing basis, and determine what criteria is necessary for prioritizing projects.

    • Project Portfolio Supply-Demand Analysis Tool
    • Project Value Scorecard Development Tool
    • Project Portfolio Book of Record

    2. Project management

    Develop a process to inform the portfolio of the project status, create a plan that can be maintained throughout the project lifecycle, and manage the scope through a change request process.

    • Light Project Change Request Form Template

    3. Organizational change management

    Perform a change impact assessment and identify the obvious and non-obvious stakeholders to develop a message canvas accordingly.

    • Organizational Change Management Triage Tool

    4. Develop an action plan

    Develop a roadmap for how to move from the current state to the target state.

    • PPM Wireframe
    • Project Portfolio Management Foundations Stakeholder Communication Deck
    [infographic]

    Workshop: Get Started With IT Project Portfolio Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Project Portfolio Management

    The Purpose

    Establish the current state of the portfolio.

    Organize the portfolio requirements.

    Determine how projects are prioritized.

    Key Benefits Achieved

    Understand project capacity supply-demand.

    Build a portfolio book of record.

    Create a project value scorecard.

    Activities

    1.1 Conduct capacity supply-demand estimation.

    1.2 Determine requirements for portfolio book of record.

    1.3 Develop project value criteria.

    Outputs

    Clear project capacity

    Draft portfolio book of record

    Project value scorecard

    2 Project Management

    The Purpose

    Feed the portfolio with the project status.

    Plan the project work with a sustainable level of granularity.

    Manage the project as conditions change.

    Key Benefits Achieved

    Develop a process to inform the portfolio of the project status.

    Create a plan that can be maintained throughout the project lifecycle and manage the scope through a change request process.

    Activities

    2.1 Determine necessary reporting metrics.

    2.2 Create a work structure breakdown.

    2.3 Document your project change request process.

    Outputs

    Feed the portfolio with the project status

    Plan the project work with a sustainable level of granularity

    Manage the project as conditions change

    3 Organizational Change Management

    The Purpose

    Discuss change accountability.

    Complete a change impact assessment.

    Create a communication plan for stakeholders.

    Key Benefits Achieved

    Complete a change impact assessment.

    Identify the obvious and non-obvious stakeholders and develop a message canvas accordingly.

    Activities

    3.1 Discuss change accountability.

    3.2 Complete a change impact assessment.

    3.3 Create a communication plan for stakeholders.

    Outputs

    Assign accountability for the change

    Assess the change impact

    Communicate the change

    4 Develop an Action Plan

    The Purpose

    Summarize current state.

    Determine target state.

    Create a roadmap.

    Key Benefits Achieved

    Develop a roadmap for how to move from the current state to the target state.

    Activities

    4.1 Summarize current state and target state.

    4.2 Create a roadmap.

    Outputs

    Stakeholder Communication Deck

    MS Project Wireframe

    2024 Tech Trends

    • Buy Link or Shortcode: {j2store}289|cart{/j2store}
    • member rating overall impact (scale of 10): 10
    • Parent Category Name: Innovation
    • Parent Category Link: /improve-your-core-processes/strategy-and-governance/innovation

    AI has revolutionized the landscape, placing the spotlight firmly on the generative enterprise.

    The far-reaching impact of generative AI across various sectors presents fresh prospects for organizations to capitalize on and novel challenges to address as they chart their path for the future. AI is more than just a fancy auto-complete. At this point it may look like that, but do not underestimate the evolutive power.

    In this year's Tech Trends report, we explore three key developments to capitalize on these opportunities and three strategies to minimize potential risks.

    Generative AI will take the lead.

    As AI transforms industries and business processes, IT and business leaders must adopt a deliberate and strategic approach across six key domains to ensure their success.

    Seize Opportunities:

    • Business models driven by AI
    • Automation of back-office functions
    • Advancements in spatial computing

    Mitigate Risks:

    • Ethical and responsible AI practices
    • Incorporating security from the outset
    • Ensuring digital sovereignty

    Determine the Future of Microsoft Project in Your Organization

    • Buy Link or Shortcode: {j2store}357|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • You use Microsoft tools to manage your work, projects, and/or project portfolio.
    • Its latest offering, Project for the web, is new and you’re not sure what to make of it. Microsoft says it will soon replace Microsoft Project and Project Online, but the new software doesn’t seem to do what the old software did.
    • The organization has adopted M365 for collaboration and work management. Meetings happen on Teams, projects are scoped a bit with Planner, and the operations group uses Azure Boards to keep track of what they need to get done.
    • Despite your reservations about the new project management software, Microsoft software has become even more ubiquitous.

    Our Advice

    Critical Insight

    • The various MS Project offerings (but most notably the latest, Project for the web) hold the promise of integrating with the rest of M365 into a unified work management solution. However, out of the box, Project for the web and the various platforms within M365 are all disparate utilities that need to be pieced together in a purpose-built manner to make use of them for holistic work management purposes. If you’re looking for a cohesive product out of the box, look elsewhere. If you’re looking to assemble a wide array of work, project, and portfolio management functions across different functions and departments, you may have found what you seek.
    • Rather than choosing tools based on your gaps, assess your current maturity level so that you optimize your investment in the Microsoft landscape.

    Impact and Result

    Follow Info-Tech’s path in this blueprint to:

    • Perform a tool audit to trim your work management tool landscape.
    • Navigate the MS Project and M365 licensing landscape.
    • Make sense of what to do with Project for the web and take the right approach to rolling it out (i.e. DIY or MS Gold Partner driven) based upon your needs.
    • Create an action plan to inform next steps.

    After following the program in this blueprint, you will be prepared to advise the organization on how to best leverage the rapidly shifting work management options within M365 and the place of MS Project within it.

    Determine the Future of Microsoft Project in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should make sense of the MS Project and M365 landscapes, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine your tool needs

    Assess your work management tool landscape, current state maturity, and licensing needs to inform a purpose-built work management action plan.

    • M365 Task Management Tool Guide
    • M365 Project Management Tool Guide
    • M365 Project Portfolio Management Tool Guide
    • Tool Audit Workbook
    • Force Field Analysis Tool
    • Microsoft Project & M365 Licensing Tool
    • Project Portfolio Management Maturity Assessment Workbook (With Tool Analysis)
    • Project Management Maturity Assessment Workbook (With Tool Analysis)

    2. Weigh your MS Project implementation options

    Get familiar with Project for the web’s extensibility as well as the MS Gold Partner ecosystem as you contemplate the best implementation approach(s) for your organization.

    • None
    • None

    3. Finalize your implementation approach

    Prepare a boardroom-ready presentation that will help you communicate your MS Project and M365 action plan to PMO and organizational stakeholders.

    • Microsoft Project & M365 Action Plan Template

    Infographic

    Workshop: Determine the Future of Microsoft Project in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Driving Forces and Risks

    The Purpose

    Assess the goals and needs as well as the risks and constraints of a work management optimization.

    Take stock of your organization’s current work management tool landscape.

    Key Benefits Achieved

    Clear goals and alignment across workshop participants as well as an understanding of the risks and constraints that will need to be mitigated to succeed.

    Current-state insight into the organization’s work management tool landscape.

    Activities

    1.1 Review the business context.

    1.2 Explore the M365 work management landscape.

    1.3 Identify driving forces for change.

    1.4 Analyze potential risks.

    1.5 Perform current-state analysis on work management tools.

    Outputs

    Business context

    Current-state understanding of the task, project, and portfolio management options in M365 and how they align with the organization’s ways of working

    Goals and needs analysis

    Risks and constraints analysis

    Work management tool overview

    2 Determine Tool Needs and Process Maturity

    The Purpose

    Determine your organization’s work management tool needs as well as its current level of project management and project portfolio management process maturity.

    Key Benefits Achieved

    An understanding of your tooling needs and your current levels of process maturity.

    Activities

    2.1 Review tool audit dashboard and conduct the final audit.

    2.2 Identify current Microsoft licensing.

    2.3 Assess current-state maturity for project management.

    2.4 Define target state for project management.

    2.5 Assess current-state maturity for project portfolio management.

    2.6 Define target state for project portfolio management.

    Outputs

    Tool audit

    An understanding of licensing options and what’s needed to optimize MS Project options

    Project management current-state analysis

    Project management gap analysis

    Project portfolio management current-state analysis

    Project portfolio management gap analysis

    3 Weigh Your Implementation Options

    The Purpose

    Take stock of your implementation options for Microsoft old project tech and new project tech.

    Key Benefits Achieved

    An optimized implementation approach based upon your organization’s current state and needs.

    Activities

    3.1 Prepare a needs assessment for Microsoft 365 and Project Plan licenses.

    3.2 Review the business case for Microsoft licensing.

    3.3 Get familiar with Project for the web.

    3.4 Assess the MS Gold Partner Community.

    3.5 Conduct a feasibility test for PFTW.

    Outputs

    M365 and Project Plan needs assessment

    Business case for additional M365 and MS Project licensing

    An understand of Project for the web and how to extend it

    MS Gold Partner outreach plan

    A go/no-go decision for extending Project for the web on your own

    4 Finalize Implementation Approach

    The Purpose

    Determine the best implementation approach for your organization and prepare an action plan.

    Key Benefits Achieved

    A purpose-built implementation approach to help communicate recommendations and needs to key stakeholders.

    Activities

    4.1 Decide on the implementation approach.

    4.2 Identify the audience for your proposal.

    4.3 Determine timeline and assign accountabilities.

    4.4 Develop executive summary presentation.

    Outputs

    An implementation plan

    Stakeholder analysis

    A communication plan

    Initial executive presentation

    5 Next Steps and Wrap-Up (offsite)

    The Purpose

    Finalize your M365 and MS Project work management recommendations and get ready to communicate them to key stakeholders.

    Key Benefits Achieved

    Time saved in developing and communicating an action plan.

    Stakeholder buy-in.

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Finalized executive presentation

    A gameplan to communicate your recommendations to key stakeholders as well as a roadmap for future optimization

    Further reading

    Determine the Future of Microsoft Project in Your Organization

    View your task management, project management, and project portfolio management options through the lens of M365.

    EXECUTIVE BRIEF

    Analyst Perspective

    Microsoft Project is an enigma

    Microsoft Project has dominated its market since being introduced in the 1980s, yet the level of adoption and usage per license is incredibly low.

    The software is ubiquitous, mostly considered to represent its category for “Project Management.” Yet, the software is conflated with its “Portfolio Management” offerings as organizations make platform decisions with Microsoft Project as the incorrectly identified incumbent.

    And incredibly, Microsoft has dominated the next era of productivity software with the “365” offerings. Yet, it froze the “Project” family of offerings and introduced the not-yet-functional “Project for the web.”

    Having a difficult time understanding what to do with, and about, Microsoft Project? You’re hardly alone. It’s not simply a question of tolerating, embracing, or rejecting the product: many who choose a competitor find they’re still paying for Microsoft Project-related licensing for years to come.

    If you’re in the Microsoft 365 ecosystem, use this research to understand your rapidly shifting landscape of options.

    (Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group)

    Executive Summary

    Your Challenge

    You use Microsoft (MS) tools to manage your work, projects, and/or project portfolio.

    Their latest offering, Project for the web, is new and you’re not sure what to make of it. Microsoft says it will soon replace Microsoft Project and Project Online, but the new software doesn’t seem to do what the old software did.

    The organization has adopted M365 for collaboration and work management. Meetings happen on Teams, projects are scoped a bit with Planner, and the operations group uses Azure Boards to keep track of what they need to get done.

    Despite your reservations about the new project management software, Microsoft software has become even more ubiquitous.

    Common Obstacles

    M365 provides the basic components for managing tasks, projects, and project portfolios, but there is no instruction manual for making those parts work together.

    M365 isn’t the only set of tools at play. Business units and teams across the organization have procured other non-Microsoft tools for work management without involving IT.

    Microsoft’s latest project offering, Project for the web, is still evolving and you’re never sure if it is stable or ready for prime time. The missing function seems to involve the more sophisticated project planning disciplines, which are still important to larger, longer, and costlier projects.

    Common Obstacles

    Follow Info-Tech’s path in this blueprint to:

    • Perform a tool audit to trim your work management tool landscape.
    • Navigate the MS Project and M365 licensing landscape.
    • Make sense of what to do with Project for the web and take the right approach to rolling it out (i.e. DIY or MS Gold Partner driven) for your needs.
    • Create an action plan to inform next steps.

    After following the program in this blueprint, you will be prepared to advise the organization on how to best leverage the rapidly shifting work management options within M365 and the place of MS Project within it.

    M365 and, within it, O365 are taking over

    Accelerated partly by the pandemic and the move to remote work, Microsoft’s market share in the work productivity space has grown exponentially in the last two years.

    70% of Fortune 500 companies purchased 365 from Sept. 2019 to Sept. 2020. (Thexyz blog, 2020)

    In its FY21 Q2 report, Microsoft reported 47.5 million M365 consumer subscribers – an 11.2% increase from its FY20 Q4 reporting. (Office 365 for IT Pros, 2021)

    As of September 2020, there were 258,000,000 licensed O365 users. (Thexyz blog, 2020)

    In this blueprint, we’ll look at what the what the phenomenal growth of M365 means for PMOs and project portfolio practitioners who identify as Microsoft shops

    The market share of M365 warrants a fresh look at Microsoft’s suite of project offerings

    For many PMO and project portfolio practitioners, the footprint of M365 in their organizations’ work management cultures is forcing a renewed look at Microsoft’s suite of project offerings.

    The complicating factor is this renewed look comes at a transitional time in Microsoft’s suite of project and portfolio offerings.

    • The market dominance of MS Project Server and Project Online are wanning, with Microsoft promising the end-of-life for Online sometime in the coming years.
    • Project Online’s replacement, Project for the web, is a viable task management and lightweight project management tool, but its viability as a replacement for the rigor of Project Online is at present largely a question mark.
    • Related to the uncertainty and promise around Project for the web, the Dataverse and the Power Platform offer a glimpse into a democratized future of work management tools but anything specific about that future has yet to solidify.

    Microsoft Project has 66% market share in the project management tool space. (Celoxis, 2018)

    A copy of MS project is sold or licensed every 20 seconds. (Integent, 2013)

    MS Project is evolving to meet new work management realities

    It also evolved to not meet the old project management realities.

    • The lines between traditional project management and operational task management solutions are blurring as organizations struggle to keep up with demands.
    • To make the software easier to use, modern work management doesn’t involve the complexities from days past. You won’t find anywhere to introduce complex predecessor-successor relationships, unbalanced assignments with front-loading or back-loading, early-start/late-finish, critical path, etc.
    • “Work management” is among the latest buzzwords in IT consulting. With Project for the web (PFTW), Azure Boards, and Planner, Microsoft is attempting to compete with lighter and better-adopted tools like Trello, Basecamp, Asana, Wrike, and Monday.com.
    • Buyers of project and work management software have struggled to understand how PFTW will still be usable if it gets the missing project management function from MS Project.

    Info-Tech Insight

    Beware of the Software Granularity Paradox.

    Common opinion 1: “Plans and estimates that are granular enough to be believable are too detailed to manage and maintain.”

    Common opinion 2: “Plans simple enough to publish aren’t detailed enough to produce believable estimates.”

    In other words, software simple enough to get widely adopted doesn’t produce believable plans. Software that can produce believable plans is too complex to use at scale.

    A viable task and project management option must walk the line between these dichotomies.

    M365 gives you the pieces, but it’s on PMO users to piece them together in a viable way

    With the new MS Project and M365, it’s on PMOs to avoid the granularity paradox and produce a functioning solution that fits with the organization’s ways of working.

    Common perception still sees Microsoft Project as a rich software tool. Thus, when we consider the next generation of Microsoft Project, it’s easy to expect a newer and friendlier version of what we knew before.

    In truth, the new solution is a collection of partially integrated but largely disparate tools that each satisfy a portion of the market’s needs. While it looks like a rich collection of function when viewed through high-level requirements, users will find:

    • Overlaps, where multiple tools satisfy the same functional requirement (e.g. “assign a task”)
    • Gaps, where a tool doesn’t quite do enough and you’re forced to incorporate another tool (e.g. reverting back to Microsoft Project for advanced resource planning)
    • Islands, where tools don’t fluently talk to each other (e.g. Planner data integrated in real-time with portfolio data, which requires clunky, unstable, decentralized end-user integrations with Microsoft Power Automate)
    A colourful arrangement of Microsoft programs arranged around a pile of puzzle pieces.

    Info-Tech's approach

    Use our framework to best leverage the right MS Project offerings and M365 components for your organization’s work management needs.

    The Info-Tech difference:

    1. A simple to follow framework to help you make sense of a chaotic landscape.
    2. Practical and tactical tools that will help you save time.
    3. Leverage industry best practices and practitioner-based insights.
    An Info-Tech framework titled 'Determine the Future of Microsoft Project in Your Organization, subtitle 'View your task, project, and portfolio management options through the lens of Microsoft 365'. There are four main sections titled 'Background', 'Approaches', 'Deployments', and 'Portfolio Outcomes'. In '1) Background' are 'Analyze Content', 'Assess Constraints', and 'Determine Goals and Needs'. In '2) Approaches' are 'DIY: Are you ready to do it yourself?' 'Info-Tech: Can our analysts help?', and 'MS Gold Partner: Are you better off with a third party?'. In '3) Deployments' are five sections: 'Personal Task Management', Barriers to Portfolio Outcomes: Isolated to One Person. 'Team Task Management', Barriers to Portfolio Outcomes: Isolated to One Team. 'Project Portfolio Management', Barriers to Portfolio Outcomes: Isolated to One Project. 'Project Management', Barriers to Portfolio Outcomes: Functionally Incomplete. 'Enterprise Project and Portfolio Management', Barriers to Portfolio Outcomes: Underadopted. In '4) Portfolio Outcomes' are 'Informed Steering Committee', 'Increased Project Throughput', 'Improved Portfolio Responsiveness', 'Optimized Resource Utilization', and 'Reduced Monetary Waste'.

    Determine the Future of Microsoft Project in Your Organization

    View your task, project, and portfolio management options through the lens of Microsoft 365.

    1. Background

    • Analyze Content
    • Assess Constraints
    • Determine Goals and Needs

    2. Approaches

    • DIY – Are you ready to do it yourself?
    • Info-Tech – Can our analysts help?
    • MS Gold Partner – Are you better off with a third party?

    3. Deployments

      Task Management

    • Personal Task Management
      • Who does it? Knowledge workers
      • What is it? To-do lists
      • Common Approaches
        • Paper list and sticky notes
        • Light task tools
      • Applications
        • Planner
        • To Do
      • Level of Rigor 1/5
      • Barriers to Portfolio Outcomes: Isolated to One Person
    • Team Task Management
      • Who does it? Groups of knowledge workers
      • What is it? Collaborative to-do lists
      • Common Approaches
        • Kanban boards
        • Spreadsheets
        • Light task tools
      • Applications
        • Planner
        • Azure Boards
        • Teams
      • Level of Rigor 2/5
      • Barriers to Portfolio Outcomes: Isolated to One Team
    • Project Management

    • Project Portfolio Management
      • Who does it? PMO Directors, Portfolio Managers
      • What is it?
        • Centralized list of projects
        • Request and intake handling
        • Aggregating reporting
      • Common Approaches
        • Spreadsheets
        • PPM software
        • Roadmaps
      • Applications
        • Project for the Web
        • Power Platform
      • Level of Rigor 3/5
      • Barriers to Portfolio Outcomes: Isolated to One Project
    • Project Management
      • Who does it? Project Managers
      • What is it? Deterministic scheduling of related tasks
      • Common Approaches
        • Spreadsheets
        • Lists
        • PM software
        • PPM software
      • Applications
        • Project Desktop Client
      • Level of Rigor 4/5
      • Barriers to Portfolio Outcomes: Functionally Incomplete
    • Enterprise Project and Portfolio Management

    • Enterprise Project and Portfolio Management
      • Who does it? PMO and ePMO Directors, Portfolio Managers, Project Managers
      • What is it?
        • Centralized request and intake handling
        • Resource capacity management
        • Deterministic scheduling of related tasks
      • Common Approaches
        • PPM software
      • Applications
        • Project Online
        • Project Desktop Client
        • Project Server
      • Level of Rigor 5/5
      • Barriers to Portfolio Outcomes: Underadopted

    4. Portfolio Outcomes

    • Informed Steering Committee
    • Increased Project Throughput
    • Improved Portfolio Responsiveness
    • Optimized Resource Utilization
    • Reduced Monetary Waste

    Info-Tech's methodology for Determine the Future of MS Project for Your Organization

    1. Determine Your Tool Needs

    2. Weigh Your MS Project Implementation Options

    3. Finalize Your Implementation Approach

    Phase Steps

    1. Survey the M365 Work Management Tools
    2. Perform a Process Maturity Assessment to Help Inform Your M365 Starting Point
    3. Consider the Right MS Project Licenses for Your Stakeholders
    1. Get Familiar With Extending Project for the Web Using Power Apps
    2. Assess the MS Gold Partner Community
    1. Prepare an Action Plan

    Phase Outcomes

    1. Work Management Tool Audit
    2. MS Project and Power Platform Licensing Needs
    3. Project Management and Project Portfolio Management Maturity Assessment
    1. Project for the Web Readiness Assessment
    2. MS Gold Partner Outreach Plan
    1. MS Project and M365 Action Plan Presentation

    Insight Summary

    Overarching blueprint insight: Microsoft Parts Sold Separately. Assembly required.

    The various MS Project offerings (but most notably the latest, Project for the web) hold the promise of integrating with the rest of M365 into a unified work management solution. However, out of the box, Project for the web and the various platforms within M365 are all disparate utilities that need to be pieced together in a purpose-built manner to make use of them for holistic work management purposes.

    If you’re looking for a cohesive product out of the box, look elsewhere. If you’re looking to assemble a wide array of work, project, and portfolio management functions across different functions and departments, you may have found what you seek

    Phase 1 insight: Align your tool choice to your process maturity level.

    Rather than choosing tools based on your gaps, make sure to assess your current maturity level so that you optimize your investment in the Microsoft landscape.

    Phase 2 insight: Weigh your options before jumping into Microsoft’s new tech.

    Microsoft’s new Project plans (P1, P3, and P5) suggest there is a meaningful connection out of the box between its old tech (Project desktop, Project Server, and Project Online) and its new tech (Project for the web).

    However, the offerings are not always interoperable.

    Phase 3 insight: Keep the iterations small as you move ahead with trials and implementations.

    Organizations are changing as fast as the software we use to run them.

    If you’re implementing parts of this platform, keep the changes small as you monitor the vendors for new software versions and integrations.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable: Microsoft Project & M365 Action Plan Template

    The Action Plan will help culminate and present:

    • Context and Constraints
    • DIY Implementation Approach
    Or
    • MS Partner Implementation Approach
    • Future-State Vision and Goals
    Samples of Info-Tech's key deliverable 'Microsoft Project and M365 Action Plan Template'.

    Tool Audit Workbook

    Sample of Info-Tech deliverable 'Tool Audit Workbook'.

    Assess your organization's current work management tool landscape and determine what tools drive value for individual users and teams and which ones can be rationalized.

    Force Field Analysis

    Sample of Info-Tech deliverable 'Force Field Analysis'.

    Document the driving and resisting forces for making a change to your work management tools.

    Maturity Assessments

    Sample of Info-Tech deliverable 'Maturity Assessments'.

    Use these assessments to identify gaps in project management and project portfolio management processes. The results will help guide process improvement efforts and measure success and progress.

    Microsoft Project & M365 Licensing Tool

    Sample of Info-Tech deliverable 'Microsoft Project and M365 Licensing Tool'.

    Determine the best licensing options and approaches for your implementation of Microsoft Project.

    Curate your work management tools to harness valuable portfolio outcomes

    • Increase Project Throughput

      Do more projects by ensuring the right projects and the right amount of projects are approved and executed.
    • Support an Informed Steering Committee

      Easily compare progress of projects across the portfolio and enable the leadership team to make decisions.
    • Improve portfolio responsiveness

      Make the portfolio responsive to executive steering when new projects and changing priorities need rapid action.
    • Optimize Resource Utilization

      Assign the right resources to approved projects and minimize the chronic over-allocation of resources that leads to burnout.
    • Reduce Monetary Waste

      Terminate low-value projects early and avoid sinking additional funds into unsuccessful ventures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 3 to 4 months.

      Introduction

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Phase 1

    • Call #2: Explore the M365 work management landscape.
    • Call #3: Discuss Microsoft Project Plans and their capabilities.
    • Call #4: Assess current-state maturity.
    • Phase 2

    • Call #5: Get familiar with extending Project for the web using Power Apps.
    • Call #6: Assess the MS Gold Partner Community.
    • Phase 3

    • Call #7: Determine approach and deployment.
    • Call #8: Discuss action plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1
    Assess Driving Forces and Risks

    Day 2
    Determine Tool Needs and Process Maturity

    Day 3
    Weigh Your Implementation Options

    Day 4
    Finalize Implementation Approach

    Day 5
    Next Steps and Wrap-Up (offsite)

    Activities

    • 1.1 Review the business context.
    • 1.2 Explore the M365 work management landscape.
    • 1.3 Identify driving forces for change.
    • 1.4 Analyze potential risks.
    • 1.5 Perform current-state analysis on work management tools.
    • 2.1 Review tool audit dashboard and conduct the final audit.
    • 2.2 Identify current Microsoft licensing.
    • 2.3 Assess current-state maturity for project management.
    • 2.4 Define target state for project management.
    • 2.5 Assess current-state maturity for project portfolio management.
    • 2.6 Define target state for project portfolio management.
    • 3.1 Prepare a needs assessment for Microsoft 365 and Project Plan licenses.
    • 3.2 Review the business case for Microsoft licensing.
    • 3.3 Get familiar with Project for the web.
    • 3.4 Assess the MS Gold Partner Community.
    • 3.5 Conduct a feasibility test for PFTW.
    • 4.1 Decide on the implementation approach.
    • 4.2 Identify the audience for your proposal.
    • 4.3 Determine timeline and assign accountabilities.
    • 4.4 Develop executive summary presentation.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Force Field Analysis
    2. Tool Audit Workbook
    1. Tool Audit Workbook
    2. Project Management Maturity Assessment
    3. Portfolio Management Maturity Assessment
    1. Microsoft Project and M365 Licensing Tool
    1. Microsoft Project & M365 Action Plan
    1. Microsoft Project & M365 Action Plan

    Determine the Future of Microsoft Project for Your Organization

    Phase 1: Determine Your Tool Needs

    Phase 1: Determine Your Tool Needs

    Phase 2: Weigh Your Implementation Options Phase 3: Finalize Your Implementation Approach
    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Explore the Microsoft Project Plans and their capabilities
    • Step 1.3: Assess the maturity of your current PM & PPM capabilities
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    • Tool Audit
    • Microsoft Project Licensing Analysis
    • Project Management Maturity Assessment
    • Project Portfolio Management Maturity Assessments

    Step 1.1

    Survey the M365 Work Management Landscape

    Activities

    • 1.1.1 Distinguish between task, project, and portfolio capabilities
    • 1.1.2 Review Microsoft’s offering for task, project, and portfolio management needs
    • 1.1.4 Assess your organizational context and constraints
    • 1.1.3 Explore typical deployment options

    This step will walk you through the following activities:

    • Assessing your organization’s context for project and project portfolio management
    • Documenting the organization’s constraints
    • Establishing the organization’s goals and needs

    This step involves the following participants:

    • PMO Director
    • Resource Managers
    • Project Managers
    • Knowledge Workers

    Outcomes of Step

    • Knowledge of the Microsoft ecosystem as it relates to task, project, and portfolio management
    • Current organizational context and constraints

    Don’t underestimate the value of interoperability

    The whole Microsoft suite is worth more than the sum of its parts … if you know how to put it together.

    38% of the worldwide office suite market belongs to Microsoft. (Source: Statistica, 2021)

    1 in 3 small to mid-sized organizations moving to Microsoft Project say they are doing so because it integrates well with Office 365. (Source: CBT Nuggets, 2018)

    There’s a gravity to the Microsoft ecosystem.

    And while there is no argument that there are standalone task management tools, project management tools, or portfolio management tools that are likely more robust, feature-rich, and easier to adopt, it’s rare that you find an ecosystem that can do it all, to an acceptable level.

    That is the value proposition of Microsoft: the ubiquity, familiarity, and versatility. It’s the Swiss army knife of software products.

    The work management landscape is evolving

    With M365, Microsoft is angling to become the industry leader, and your organization’s hub, for work management.

    Workers lose up to 40% of their time multi-tasking and switching between applications. (Bluescape, 2018)

    25 Context switches – On average, workers switch between 10 apps, 25 times a day. (Asana, 2021)

    “Work management” is among the latest buzzwords in IT consulting.

    What is work management? It was born of a blurring of the traditional lines between operational or day-to-day tasks and project management tasks, as organizations struggle to keep up with both operational and project demands.

    To make the software easier to use, modern work management doesn’t involve the complexities from days past. You won’t find anywhere to introduce complex predecessor-successor relationships, unbalanced assignments with front-loading or back-loading, early-start/late-finish, critical path, etc.

    Indeed, with Project for the web, Azure Boards, Planner, and other M365 utilities, Microsoft is attempting to compete with lighter and better-adopted tools (e.g. Trello, Wike, Monday.com).

    The Microsoft world of work management can be understood across three broad categories

    1. Task Management

      Task management is essentially the same as keeping track of a to-do list. While you can have a project-related task, you can also have a non-project-related task. The sum of project and non-project tasks make up the work that you need to complete.
    2. Project Management

      Project management (PM) is a methodical approach to planning and guiding project processes from start to finish. Implementing PM processes helps establish repeatable steps and controls that enable project success. Documentation of PM processes leads to consistent results and dependable delivery on expectations.
    3. Portfolio Management

      Project portfolio management (PPM) is a strategic approach to approving, prioritizing, resourcing, and reporting on project. In addition, effective PPM should nurture the completion of projects in the portfolio in the most efficient way and track the extent to which the organization is realizing the intended benefits from completed projects.

    The slides ahead explain each of these modes of working in the Microsoft ecosystem in turn. Further, Info-Tech’s Task, Project, and Project Portfolio Management Tool Guides explain these areas in more detail.

    Use Info-Tech’s Tool Guides assess your MS Project and M365 work management options

    Lean on Info-Tech’s Tool Guides as you navigate Microsoft’s tasks management, project management, and project portfolio management options.

    • The slides ahead take you through a bird’s-eye view of what your MS Project and M365 work management options look like across Info-Tech’s three broad categories
    • In addition to these slides, Info-Tech has three in-depth tool guides that take you through your operational task management, project management, and project portfolio management options in MS Project and M365.
    • These tool guides can be leveraged as you determine whether Microsoft has the required toolset for your organization’s task, project, and project portfolio management needs.

    Download Info-Tech’s Task Management, Project Management, and Project Portfolio Management Tool Guides

    Task Management Overview

    What is task management?

    • It is essentially the same as keeping track of a to-do list. While you can have a project-related task, you can also have a non-project-related task. The sum of project and non-project tasks make up the work that you need to complete.

    What are the benefits of task management using applications within the MS suite?

    • Many organizations already own the tools and don't have to go out and buy something separately.
    • There is easy integration with other MS applications.

    What is personal task management?

    • Tools that allow you to structure work that is visible only to you. This can include work from tasks you are going to be completing for yourself and tasks you are completing as part of a larger work effort.

    What is team task management?

    • Tools that allow users to structure work that is visible to a group. When something is moved or changed, it affects what the group is seeing because it is a shared platform.

    Get familiar with the Microsoft product offerings for task management

    A diagram of Microsoft products and what they can help accomplish. It starts on the right with 'Teams' and 'Outlook'. Both can flow through to 'Personal Task Management' with products 'Teams Tasks' and 'To-Do', but Teams also flows into 'Team Task Management' with products 'Planner' and 'Project for the web'. See the next two slides for more details on these modes of working.

    Download the M365 Task Management Tool Guide

    Personal Task Management

    The To-Do list

    • Who does it?
      • Knowledge workers
    • What is it?
      • How each knowledge worker organizes their individual work tasks in M365
    • When is it done?
      • As needed throughout the day
    • Where is it done?
      • Paper
      • Digital location
    • How is it done?
      • DIY and self-developed
      • Usually not repeatable and evolves depending on work location and tools available
      • Not governed

    Microsoft differentiator:

    Utilities like Planner and To-Do make it easier to turn what are often ad hoc approaches into a more repeatable process.

    Team Task Management

    The SharedTo-Do list

    • Who does it?
      • Groups of knowledge workers
    • What is it?
      • Temporary and permanent collections of knowledge workers
    • When is it done?
      • As needed or on a pre-determined cadence
    • Where is it done?
      • Paper
      • Digital location
    • How is it done?
      • User norms are established organically and adapted based upon the needs of the team.
      • To whatever extent processes are repeatable in the first place, they remain repeatable only if the team is a collective.
      • Usually governed within the team and not subject to wider visibility.

    Microsoft differentiator:

    Teams has opened personal task management tactics up to more collaborative approaches.

    Project Management Overview

    2003

    Project Server: This product serves many large enterprise clients, but Microsoft has stated that it is at end of life. It is appealing to industries and organizations where privacy is paramount. This is an on-premises system that combines servers like SharePoint, SQL, and BI to report on information from Project Desktop Client. To realize the value of this product, there must be adoption across the organization and engagement at the project-task level for all projects within the portfolio.

    2013

    Project Online: This product serves many medium enterprise clients. It is appealing for IT departments who want to get a rich set of features that can be used to intake projects, assign resources, and report on project portfolio health. It is a cloud solution built on the SharePoint platform, which provides many users a sense of familiarity. However, due to the bottom-up reporting nature of this product, again, adoption across the organization and engagement at the project task level for all projects within the portfolio is critical.

    2020

    Project for the web: This product is the newest on the market and is quickly being evolved. Many O365 enthusiasts have been early adopters of Project for the web despite its limited features when compared to Project Online. It is also a cloud solution that encourages citizen developers by being built on the MS Power Platform. This positions the product well to integrate with Power BI, Power Automate, and Power Apps. It is, so far, the only MS product that lends itself to abstracted portfolio management, which means it doesn’t rely on project task level engagement to produce portfolio reports. The portfolio can also run with a mixed methodology by funneling Project, Azure Boards, and Planner boards into its roadmap function.

    Get familiar with the Microsoft product offerings for project management

    A diagram of Microsoft products and what they can help accomplish in Personal and Team Project Management. Products listed include 'Project Desktop Client', 'Project Online', 'SharePoint', 'Power Platform', 'Azure DevOps', 'Project for the web', Project Roadmap', 'Project Home', and 'Project Server'. See the next slide for more details on personal and team project management as modes of working.

    Download the M365 Project Management Tool Guide

    Project Management

    Orchestrating the delivery of project work

    • Who does it?
      • Project managers
    • What is it?
      • Individual project managers developing project plans and schedules in the MS Project Desktop Client
    • When is it done?
      • Throughout the lifecycle of the project
    • Where is it done?
      • Digital location
    • How is it done?
      • Used by individual project managers to develop and manage project plans.
      • Common approaches may or may not involve reconciliation of resource capacity through integration with Active Directory.
      • Sometimes usage norms are established by organizational project management governance standards, though individual use of the desktop client is largely ungoverned.

    Microsoft differentiator:

    For better or worse, Microsoft’s core solution is veritably synonymous with project management itself and has formally contributed to the definition of the project management space.

    Project Portfolio Management Overview

    Optimize what you’re already using and get familiar with the Power Platform.

    What does PPM look like within M365?

    • The Office suite in the Microsoft 365 suite boasts the world’s most widely used application for the purposes of abstracted and strategic PPM: Excel. For the purposes of PPM, Excel is largely implemented in a suboptimal fashion, and as a result, organizations fail to gain PPM adoption and maturation through its use.
    • Until very recently, Microsoft toolset did not explicitly address abstracted PPM needs.
    • However, with the latest version of M365 and Project for the web, Microsoft is boasting of renewed PPM capabilities from its toolset. These capabilities are largely facilitated through what Microsoft is calling its Power Platform (i.e. a suite of products that includes Power, Power Apps, and Power Automate).

    Explore the Microsoft product offering for abstracted project portfolio management

    A diagram of Microsoft products for 'Adaptive or Abstracted Portfolio Management'. Products listed include 'Excel', 'MS Lists', 'Forms', 'Teams', and the 'Power Platform' products 'Power BI', 'Power Apps', and 'Power Automate'. See the next slide for more details on adaptive or abstracted portfolio management as a mode of working.

    Download the M365 Project Portfolio Management Tool Guide

    Project Portfolio Management

    Doing the right projects, at the right time, with the right resources

    • Who does it?
      • PMO directors; portfolio managers
    • What is it?
      A strategic approach to approving, prioritizing, resourcing, and reporting on projects using applications in M365 and Project for the web. In distinction to enterprise PPM, a top-down or abstracted approach is applied, meaning PPM data is not tied to project task details.
    • Where is it done?
      • Digital tool, either homegrown or commercial
    • How is it done?
      • Currently in M365, PPM approaches are largely self-developed, though Microsoft Gold Partners are commonly involved.
      • User norms are still evolving, along with the software’s (Project for the web) function.

    Microsoft differentiator:

    Integration between Project for the web and Power Apps allows for custom approaches.

    Project Portfolio Management Overview

    Microsoft’s legacy project management toolset has contributed to the definition of traditional or enterprise PPM space.

    A robust and intensive bottom-up approach that requires task level roll-ups from projects to inform portfolio level data. For this model to work, reconciliation of individual resource capacity must be universal and perpetually current.

    If your organization has low or no maturity with PPM, this approach will be tough to make successful.

    In fact, most organizations under adopt the tools required to effectively operate with the traditional project portfolio management. Once adopted and operationalized, this combination of tools gives the executives the most precise view of the current state of projects within the portfolio.

    Explore the Microsoft product offering for enterprise project portfolio management

    A diagram of Microsoft products for 'Enterprise or Traditional Portfolio Management'. Products listed include 'Project Desktop Client', 'SharePoint', 'Project Online', 'Azure DevOps', 'Project Roadmaps', and 'Project Home'. See the next slide for more details on this as a mode of working.

    Download the M365 Project Portfolio Management Tool Guide

    Enterprise Project and Portfolio Management

    Bottom-up approach to managing the project portfolio

    • Who does it?
      • PMO and ePMO directors; portfolio managers
      • Project managers
    • What is it?
      • A strategic approach to approving, prioritizing, resourcing, and reporting on projects using applications in M365 and Project for the web. In distinction to enterprise PPM, a top-down or abstracted approach is applied, meaning PPM data is not tied to project task details.
    • Where is it done?
      • Digital tool that is usually commercial.
    • How is it done?
      • Microsoft Gold Partner involvement is highly likely in successful implementations.
      • Usage norms are long established and customized solutions are prevalent.
      • To be successful, use must be highly governed.
      • Reconciliation of individual resource capacity must be universal and perpetually current.

    Microsoft differentiator:

    Microsoft’s established network of Gold Partners helps to make this deployment a viable option.

    Assess your current tool ecosystem across work management categories

    Use Info-Tech’s Tool Audit Workbook to assess the value and satisfaction for the work management tools currently in use.

    • With the modes of working in mind that have been addressed in the previous slides and in Info-Tech’s Tool Guides, the activity slides ahead encourage you to engage your wider organization to determine all of the ways of working across individuals and teams.
    • Depending on the scope of your work management optimization, these engagements may be limited to IT or may extend to the business.
    • Use Info-Tech’s Tool Audit Workbook to help you gather and make sense of the tool data you collect. The result of this activity is to gain insight into the tools that drive value and fail to drive value across your work management categories with a view to streamline the organization’s tool ecosystem.

    Download Info-Tech’s Tool Audit Workbook

    Sample of Info-Tech's Tool Audit Workbook.

    1.2.1 Compile list of tools

    1-3 hours

    Input: Information on tools used to complete task, project, and portfolio tasks

    Output: Analyzed list of tools

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, Business Stakeholders

    1. Identify the stakeholder groups that are in scope. For each group that you’ve identified, brainstorm the different tools and artifacts that are necessary to get the task, project, and project portfolio management functions done.
    2. Make sure to record the tool name and specify its category (standard document, artifact, homegrown solution, or commercial solution).
    3. Think about and discuss how often the tool is being used for each use case across the organization. Document whether its use is required. Then assess reporting functionality, data accuracy, and cost.
    4. Lastly, give a satisfaction rating for each use case.

    Excerpt from the Tool Audit Workbook

    Excerpt from Info-Tech's Tool Audit Workbook on compiling tools.

    1.2.1 Review dashboard

    1-3 hours

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Prioritized list of PPM decision-making support needs

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, CIO

    Discuss the outputs of the Dashboards tab to inform your decision maker on whether to pass or fail the tool for each use case.

    Sample of a BI dashboard used to evaluate the usefulness of tools. Written notes include: 'Slice the data based on stakeholder group, tool, use case, and category', and 'Review the results of the questionnaire by comparing cost and satisfaction'.

    1.2.1 Execute final audit

    1 hour

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Prioritized list of PPM decision-making support needs

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, CIO

    1. Using the information available, schedule time with the leadership team to present the results.
    2. Identify the accountable party to make the final decision on what current tools pass or fail the final audit.
    3. Mind the gap presented by the failed tools and look to possibilities within the M365 and Microsoft Project suite. For each tool that is deemed unsatisfactory for the future state, mark it as “Fail” in column O on tab 2 of the Tool Audit Workbook. This will ensure the item shows in the “Fail” column on tab 4 of the tool when you refresh the data.
    4. For each of the tools that “fail” your audit and that you’re going to make recommendations to rationalize in a future state, try to capture the annual total current-state spending on licenses, and the work modes the tool currently supports (i.e. task, project, and/or portfolio management).
    5. Additionally, start to think about future-state replacements for each tool within or outside of the M365/MS Project platforms. As we move forward to finalize your action plan in the last phase of this blueprint, we will capture and present this information to key stakeholders.

    Document your goals, needs, and constraints before proceeding

    Use Info-Tech’s Force Field Analysis Tool to help weigh goals and needs against risks and constraints associated with a work management change.

    • Now that you have discussed the organization’s ways of working and assessed its tool landscape – and made some initial decisions on some tool options that might need to change across that landscape – gather key stakeholders to define (a) why a change is needed at this time and (b) to document some of the risks and constraints associated with changing.
    • Info-Tech’s Force Field Analysis Tool can be used to capture these data points. It takes an organizational change management approach and asks you to consider the positive and negative forces associated with a work management tool change at this time.
    • The slides ahead walk you through a force field analysis activity and help you to navigate the relevant tabs in the Tool.

    Download Info-Tech's Force Field Analysis Tool

    Sample of Info-Tech's Force Field Analysis Tool.

    1.2.1 Identify goals and needs (1 of 2)

    Use tab 1 of the Force Field Analysis Workbook to assess goals and needs.

    30 minutes

    Input: Opportunities associated with determining the use case for Microsoft Project and M365 in your organization

    Output: Plotted opportunities based on probability and impact

    Materials: Whiteboard/Flip Charts, Force Field Analysis Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. Brainstorm opportunities associated with exploring and/or implementing Microsoft Project and the Microsoft 365 suite of products for task, project, and project portfolio management.
    2. Document relevant opportunities in tab 1 of the Force Field Analysis Tool. For each driving force for the change (note: a driving force can include goals and needs) that is identified, provide a category that explains why the driving force is a concern (i.e. with this force is the organization looking to mature, integrate, scape, or accelerate?).
    3. In addition, assess the ease of achieving or realizing each goal or need and the impact of realizing them on the PMO and/or the organization.
    4. See the next slide for a screenshot that helps you navigate tab 1 of the Tool.

    Download the Force Field Analysis Tool

    1.2.1 Identify goals and needs (2 of 2)

    Screenshot of tab 1 of the Force Field Analysis Workbook.

    Screenshot of tab 1 of the Force Field Analysis Workbook. There are five columns referred to as columns B through F with the headings 'Opportunities', 'Category', 'Source', 'Ease of Achieving', and 'Impact on PMO/Organization'.

    In column B on tab 1, note the specific opportunities the group would like to call out.

    In column C, categorize the goal or need being articulated by the list of drop-down options: will it accelerate the time to benefit? Will it help to integrate systems and data sources? Will it mature processes and the organization overall? Will it help to scale across the organization? Choose the option that best aligns with the opportunity.

    In column D, categorize the source of the goal or need as internal or external.

    In column E, use the drop-down menus to indicate the ease of realizing each goal or need for the organization. Will it be relatively easy to manifest or will there be complexities to implementing it?

    In column F, use the drop-down menus to indicate the positive impact of realizing or achieving each need on the PMO and/or the organization.

    On tab 3 of the Force Field Analysis Workbook, your inputs on tab 1 are summarized in graphical form from columns B to G. On tab 3, these goals and needs results are contrasted with your inputs on tab 2 (see next slide).

    1.2.2 Identify risk and constraints (1 of 2)

    Use tab 2 of the Force Field Analysis Workbook to assess opposing forces to change.

    30 minutes

    Input: Risks associated with determining the use case for Microsoft Project and M365 in your organization

    Output: Plotted risks based on probability and impact

    Materials: Whiteboard/Flip Charts, Force Field Analysis Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. With the same working group from 1.2.1, brainstorm risks, constraints, and other opposing forces pertaining to your potential future state.
    2. Document relevant opposing forces in tab 2 of the Force Field Analysis Tool. For each opposing force for the change (note: a driving force can include goals and needs) that is identified, provide a category that explains why the opposing force is a concern (i.e. will it impact or is it impacted by time, resources, maturity, budget, or culture?).
    3. In addition, assess the likelihood of the risk or constraint coming to light and the negative impact of it coming to light for your proposed change.
    4. See the next slide for a screenshot that helps you navigate tab 2 of the Force Field Analysis Tool.

    Download the Force Field Analysis Tool

    1.2.2 Identify risk and constraints (2 of 2)

    Screenshot of tab 2 of the Force Field Analysis Workbook.

    Screenshot of tab 2 of the Force Field Analysis Workbook. There are five columns referred to as columns B through F with the headings 'Risks and Constraints', 'Category', 'Source', 'Likelihood of Constraint/Risk/Resisting Force Being Felt', and 'Impact to Derailing Goals and Needs'.

    In column B on tab 2, note the specific risks and constraints the group would like to call out.

    In column C, categorize the risk or constraint being articulated by the list of drop-down options: will it impact or is it impacted by time, resources, budget, culture or maturity?

    In column D, categorize the source of the goal or need as internal or external.

    In column E, use the drop-down menus to indicate the likelihood of each risk or constraint materializing during your implementation. Will it definitely occur or is there just a small chance it could come to light?

    In column F, use the drop-down menus to indicate the negative impact of the risk or constraint to achieving your goals and needs.

    On tab 3 of the Force Field Analysis Workbook, your inputs on tab 2 are summarized in graphical form from columns I to N. On tab 3, your risk and constraint results are contrasted with your inputs on tab 1 to help you gauge the relative weight of driving vs. opposing forces.

    Step 1.2

    Explore the Microsoft Project Plans and their capabilities

    Activities

    • 1.1.1 Review the Microsoft 365 licensing features
    • 1.1.2 Explore the Microsoft Project Plan licenses
    • 1.1.3 Prepare a needs assessment for Microsoft 365 and Project Plan licenses

    This step will walk you through the following activities:

    • Review the suite of task management, project management, and project portfolio management options available in Microsoft 365.
    • Prepare a preliminary checklist of required M365 apps for your stakeholders.

    This step usually involves the following participants:

    • PMO/Portfolio Manager
    • Project Managers
    • CIO and other executive stakeholders
    • Other project portfolio stakeholders (project and IT workers)

    Outcomes of Step

    • Preliminary requirements for an M365 project management and project portfolio management tool implementation

    Microsoft recently revamped its project plans to balance its old and new tech

    Access to the new tech, Project for the web, comes with all license types, while Project Online Professional and Premium licenses have been revamped as P3 and P5.

    Navigating Microsoft licensing is never easy, and Project for the web has further complicated licensing needs for project professionals.

    As we’ll cover in step 2.1 of this blueprint, Project for the web can be extended beyond its base lightweight work management functionality using the Power Platform (Power Apps, Power Automate, and Power BI). Depending on the scope of your implementation, this can require additional Power Platform licensing.

    • In this step, we will help you understand the basics of what’s already included in your enterprise M365 licensing as well as what’s new in Microsoft’s recent Project licensing plans (P1, P3, and P5).
    • As we cover toward the end of this step, you can use Info-Tech’s MS Project and M365 Licensing Tool to help you understand your plan and licensing needs. Further assistance on licensing can be found in the Task, Project, and Portfolio Management Tool Guides that accompany this blueprint and Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era.

    Download Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era

    Licensing features for knowledge workers

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up-to-date information on licensing, visit the Microsoft website.

    Bundles are extremely common and can be more cost effective than à la carte options for the Microsoft products.

    The biggest differentiator between M365 and O365 is that the M365 product also includes Windows 10 and Enterprise Mobility and Security.

    The color coding in the diagram indicates that the same platform/application suite is available.

    Platform or Application M365 E3 M365 E5 O365 E1 O365 E3 O365 E5
    Microsoft Forms X X X X X
    Microsoft Lists X X X X X
    OneDrive X X X X X
    Planner X X X X X
    Power Apps for Office 365 X X X X X
    Power Automate for Office X X X X X
    Power BI Pro X X
    Power Virtual Agents for Teams X X X X X
    SharePoint X X X X X
    Stream X X X X X
    Sway X X X X X
    Teams X X X X X
    To Do X X X X X

    Get familiar with Microsoft Project Plan 1

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • New project managers
    • Zero-allocation project managers
    • Individuals and organizations who want to move out of Excel into something less fragile (easily breaking formulas)

    What does it include?

    • Access to Project Home, a landing page to access all project plans you’ve created or have been assigned to.
    • Access to Grid View, Board View, and Timeline (Gantt) View to plan and manage your projects with Project for the web
    • Sharing Project for the web plans across Microsoft Teams channels
    • Co-authoring on project plans

    When does it make sense?

    • Lightweight project management
    • No process to use bottom-up approach for resourcing data
    • Critical-path analysis is not required
    • Organization does not have an appetite for project management rigor

    Get familiar with Microsoft Project Plan 3

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • Experienced and dedicated project managers
    • Organizations with complex projects
    • Large project teams are required to complete project work
    • Organizations have experience using project management software

    What does it include?

    Everything in Project Plan 1 plus the following:

    • Reporting through Power BI Report template apps (note that there are no pre-built reports for Project for the web)
    • Access to build a Roadmap of projects from Project for the web and Azure DevOps with key milestones, statuses, and deadlines
    • Project Online to submit and track timesheets for project teams
    • MS Project Desktop Client to support resource management

    When does it make sense?

    • Project management is an established discipline at the organization
    • Critical-path analysis is commonly used
    • Organization has some appetite for project management rigor
    • Resources are expected to submit timesheets to allow for more precise resource management data

    Get familiar with Microsoft Project Plan 5

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • Experienced and dedicated project managers
    • Experienced and dedicated PMO directors
    • Dedicated portfolio managers
    • Organizations proficient at sustaining data in a standard tool

    What does it include?

    Everything in Project Plan 3 plus the following:

    • Portfolio selection and optimization
    • Demand management
    • Enterprise resource planning and management through deterministic task and resource scheduling
    • MS Project Desktop Client to support resource management

    When does it make sense?

    • Project management is a key success factor at the organization
    • Organization employs a bottom-up approach for resourcing data
    • Critical-path analysis is required
    • Formal project portfolio management processes are well established
    • The organization is willing to either put in the time, energy, and resources to learn to configure the system through DIY or is willing to leverage a Microsoft Partner to help them do so

    What’s included in each plan (1 of 2)

    Plan details are up to date as of September 2021. Plans and pricing can change often. Visit the Microsoft website to validate plan options and get pricing details.
    MS Project Capabilities Info-Tech's Editorial Description P1 P3 P5
    Project Home Essentially a landing page that allows you to access all the project plans you've created or that you're assigned to. It amalgamates plans created in Project for the web, the Project for the web app in Power Apps, and Project Online. X X X
    Grid view One of three options in which to create your project plans in Project for the web (board view and timeline view are the other options). You can switch back and forth between the options. X X X
    Board view One of three options in which to create your project plans in Project for the web (grid view and timeline view are the other options). You can switch back and forth between the options. X X X
    Timeline (Gantt) view One of three options in which to create your project plans in Project for the web (board view and grid view are the other options). You can switch back and forth between the options. X X X
    Collaboration and communication This references the ability to add Project for the web project plans to Teams channels. X X X
    Coauthoring Many people can have access to the same project plan and can update tasks. X X X
    Project planning and scheduling For this the marketing lingo says "includes familiar scheduling tools to assign project tasks to team members and use different views like Grid, Board, and Timeline (Gantt chart) to oversee the schedule." Unclear how this is different than the project plans in the three view options above. X X X

    X - Functionality Included in Plan

    O - Functionality Not Included in Plan

    What’s included in each plan (2 of 2)

    Plan details are up to date as of September 2021. Plans and pricing can change often. Visit the Microsoft website to validate plan options and get pricing details.
    MS Project Capabilities Info-Tech's Editorial Description P1 P3 P5
    Reporting This seems to reference Excel reports and the Power BI Report Template App, which can be used if you're using Project Online. There are no pre-built reports for Project for the web, but third-party Power Apps are available. O X X
    Roadmap Roadmap is a platform that allows you to take one or more projects from Project for the web and Azure DevOps and create an organizational roadmap. Once your projects are loaded into Roadmap you can perform additional customizations like color status reporting and adding key days and milestones. O X X
    Timesheet submission Project Online and Server 2013 and 2016 allow team members to submit timesheets if the functionality is required. O X X
    Resource management The rich MS Project client supports old school, deterministic project scheduling at the project level. O X X
    Desktop client The full desktop client comes with P3 and P5, where it acts as the rich editor for project plans. The software enjoys a multi-decade market dominance as a project management tool but was never paired with an enterprise collaboration server engine that enjoyed the same level of success. O X X
    Portfolio selection and optimization Portfolio selection and optimization has been offered as part of the enterprise project and portfolio suite for many years. Most people taking advantage of this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X
    Demand Management Enterprise demand management is targeted at the most rigorous of project portfolio management practices. Most people taking advantage of this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X
    Enterprise resource planning and management The legacy MS Project Online/Server platform supports enterprise-wide resource capacity management through an old-school, deterministic task and resource scheduling engine, assuming scaled-out deployment of Active Directory. Most people succeeding with this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X

    X - Functionality Included in Plan

    O - Functionality Not Included in Plan

    Use Info-Tech’s MS Project and M365 Licensing Tool

    Leverage the analysis in Info-Tech’s MS Project & M365 Licensing Tool to help inform your initial assumptions about what you need and how much to budget for it.

    • The Licensing Tool can help you determine what Project Plan licensing different user groups might need as well as additional Power Platform licensing that may be required.
    • It consists of four main tabs: two set-up tabs where you can validate the plan and pricing information for M365 and MS Project; an analysis tab where you set up your user groups and follow a survey to assess their Project Plan needs; and another analysis tab where you can document your Power Platform licensing needs across your user groups.
    • There is also a business case tab that breaks down your total licensing needs. The outputs of this tab can be used in your MS Project & M365 Action Plan Template, which we will help you develop in phase three of this blueprint.

    Download Info-Tech's Microsoft Project & M365 Licensing Tool

    Sample of Info-Tech's Microsoft Project and M365 Licensing Tool.

    1.2.1 Conduct a needs assessment

    1-2 hours

    Input: List of key user groups/profiles, Number of users and current licenses

    Output: List of Microsoft applications/capabilities included with each license, Analysis of user group needs for Microsoft Project Plan licenses

    Materials: Microsoft Project & 365 Licensing Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. As a group, analyze the applications included in your current or desired 365 license and calculate any additional Power Platform licensing needs.
    2. Screenshot of the 'Application/Capabilities' screen from the 'Microsoft Project and M365 Licensing Tool'.
    3. Within the same group, use the drop-down menus to analyze your high-level MS Project requirements by selecting whether each capability is necessary or not.
    4. Your inputs to the needs assessment will determine the figures in the Business Case tab. Consider exporting this information to PDF or other format to distribute to stakeholders.
    5. Screenshot of the 'Business Case' tab from the 'Microsoft Project and M365 Licensing Tool'.

    Download Info-Tech's Microsoft Project & M365 Licensing Tool

    Step 1.3

    Assess the maturity of your current PM & PPM capabilities

    Activities

    • Assess current state project and project portfolio management processes and tools
    • Determine target state project and project portfolio management processes and tools

    This step will walk you through the following activities:

    • Assess current state project and project portfolio management processes and tools
    • Determine target state project and project portfolio management processes and tools

    This step usually involves the following participants:

    • PMO/Portfolio Manager
    • Project Managers
    • CIO and other executive stakeholders
    • Other project portfolio stakeholders (project and IT workers)

    Outcomes of Step

    • Current and target state maturity for project management and project portfolio management processes

    Project portfolio management and project management are more than tools

    Implementing commercial tools without a matching level of process discipline is a futile exercise, leaving organizations frustrated at the wasted time and money.

    • The tool is only as good as the data that is input. There is often a misunderstanding that a tool will be “automatic.” While it is true that a tool can help make certain processes easier and more convenient by aggregating information, enhancing reporting, and coauthoring, it will not make up the data. If data becomes stale, the tool is no longer valid for accurate decision making.
    • Getting people onboard and establishing a clear process is often the hardest part. As IT folk, it can be easy to get wrapped up in the technology. All too often excitement around tools can drown out the important requisites around people and process. The reality is people and process are a necessary condition for a tool to be successful. Having a tool will not be sufficient to overcome obstacles like poor stakeholder buy-in, inadequate governance, and the absence of a standard operating procedure.

    • Slow is the way to go. When deciding what tools to purchase, start small and scale up rather than going all in and all too often ending up with many unused features and fees.

    "There's been a chicken-egg debate raging in the PPM world for decades: What comes first, the tool or the process? It seems reasonable to say, ‘We don't have a process now, so we'll just adopt the one in the tool.’ But you'll soon find out that the tool doesn't have a process, and you needed to do more planning and analysis before buying the tool." (Barry Cousins, Practice Lead, Project Portfolio Management)

    Assess your process maturity to determine the right tool approach

    Take the time to consider and reflect on the current and target state of the processes for project portfolio management and project management.

    Project Portfolio Management

    • Status and Progress Reporting
      1. Intake, Approval, and Prioritization

        PPM is the practice of selecting the right projects and ensuring the organization has the necessary resources to complete them. PPM should enable executive decision makers to make sense of the excess of demand and give IT the ability to prioritize those projects that are most valuable to the business.
      2. Resource Management

      3. Project Management

        1. Initiation
        2. Planning
        3. Execution
        4. Monitoring and Controlling
        5. Closing
        Tailor a project management framework to fit your organization. Formal methodologies aren’t always the best fit. Take what you can use from formal frameworks and define a right-sized approach to your project management processes.
      4. Project Closure

      5. Benefits Tracking

    Info-Tech’s maturity assessment tools can help you match your tools to your maturity level

    Use Info-Tech’s Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool.

    • The next few slides in this step take you through using our maturity assessment tools to help gauge your current-state and target-state maturity levels for project management (PM) and project portfolio management (PPM).
    • In addition to the process maturity assessments, these workbooks also help you document current-state support tools and desired target-state tools.
    • The outputs of these workbooks can be used in your MS Project & M365 Action Plan Template, which we will help you develop in phase three of this blueprint.

    Download Info-Tech’s Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool

    Samples of Info-Tech's Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool.

    Conduct a gap analysis survey for both project and project portfolio management.

    • Review the category and activity statements: For each gap analysis tab in the maturity assessments, use the comprehensive activity statements to identify gaps for the organization.
    • Assess the current state: To assess the current state, evaluate whether the statement should be labeled as:
      • Absent: There is no evidence of any activities supporting this process.
      • Initial: Activity is ad hoc and not well defined.
      • Defined: Activity is established and there is moderate adherence to its execution.
      • Repeatable: Activity is established, documented, repeatable, and integrated with other phases of the process.
      • Managed: Activity execution is tracked by gathering qualitative and quantitative feedback

    Once this is documented, take some time to describe the type of tool being used to do this (commercial, home-grown, standardized document) and provide additional details, where applicable.

    Define the target state: Repeat the assessment of activity statements for the target state. Then gauge the organizational impact and complexity of improving each capability on a scale of very low to very high.

    Excerpt from Info-Tech's Project Portfolio Management Maturity Assessment Tool, the 'PPM Current State Target State Maturity Assessment Survey'. It has five columns whose purpose is denoted in notes. Column 1 'Category within the respective discipline'; Column 2 'Statement to consider'; Column 3 'Select the appropriate answer for current and target state'; Column 4 'Define the tool type'; Column 5 'Provide addition detail about the tool'.

    Analyze survey results for project and project portfolio management maturity

    Take stock of the gap between current state and target state.

    • What process areas have the biggest gap between current and target state?
    • What areas are aligned across current and target state?

    Identify what areas are currently the least and most mature.

    • What process area causes the most pain in the organization?
    • What process area is the organization’s lowest priority?

    Note the overall current process maturity.

    • After having done this exercise, does the overall maturity come as a surprise?
    • If so, what are some of the areas that were previously overlooked?
    A table and bar graph documenting and analysis of maturity survey results. The table has four columns labelled 'Process Area', 'Current Process Completeness', 'Current Maturity Level', and 'Target State Maturity'. Rows headers in the 'Process Area' column are 'Intake, Approval, and Prioritization', 'Resource Management', 'Portfolio Reporting', 'Project Closure and Benefits Realization', 'Portfolio Administration', and finally 'Overall Maturity'. The 'Current Process Completeness' column's values are in percentages. The 'Current Maturity Level' and 'Target State Maturity' columns' values can be one of the following: 'Absent', 'Initial', 'Defined', 'Repeatable', or 'Managed'. The bar chart visualizes the levels of the 'Target State' and 'Current State' with 'Absent' from 0-20%, 'Initial' from 20-40%, 'Defined' from 40-60%, 'Repeatable' from 60-80%, and 'Managed' from 80-100%.
    • Identify process areas with low levels of maturity
    • Spot areas of inconsistency between current and target state.
    • Assess the overall gap to get a sense of the magnitude of the effort required to get to the target state.
    • 100% doesn’t need to be the goal. Set a goal that is sustainable and always consider the value to effort ratio.

    Screenshot your results and put them into the MS Project and M365 Action Plan Template.

    Review the tool overview and plan to address gaps (tabs 3 & 4)

    Tool Overview:

    Analyze the applications used to support your project management and project portfolio management processes.

    Look for:

    • Tools that help with processes across the entire PM or PPM lifecycle.
    • Tools that are only used for one specific process.

    Reflect on the overlap between process areas with pain points and the current tools being used to complete this process.

    Consider the sustainability of the target-state tool choice

    Screenshot of a 'Tool Overview' table. Chart titled 'Current-to-Target State Supporting Tools by PPM Activity' documenting the current and target states of different supporting tools by PPM Activity. Tools listed are 'N/A', 'Standardized Document', 'Homegrown Tool', and 'Commercial Tool'.

    You have the option to create an action plan for each of the areas of improvement coming out of your maturity assessment.

    This can include:

    • Tactical Optimization Action: What is the main action needed to improve capability?
    • Related Actions: Is there a cross-over with any actions for other capabilities?
    • Timeframe: Is this near-term, mid-term, or long-term?
    • Proposed Start Date
    • Proposed Go-Live Date
    • RACI: Who will be responsible, accountable, consulted, and informed?
    • Status: What is the status of this action item over time?

    Determine the Future of Microsoft Project for Your Organization

    Phase 2: Weigh Your Implementation Options

    Phase 1: Determine Your Tool Needs

    Phase 2: Weigh Your Implementation Options

    Phase 3: Finalize Your Implementation Approach
    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Perform a process maturity assessment to help inform your M365 starting point
    • Step 1.3: Consider the right MS Project licenses for your stakeholders
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    • A decision on how best to proceed (or not proceed) with Project for the web
    • A Partner outreach plan

    Step 2.1

    Get familiar with extending Project for the web using Power Apps

    Activities

    • Get familiar with Project for the web: how it differs from Microsoft’s traditional project offerings and where it is going
    • Understand the basics of how to extend Project for the web in Power Apps
    • Perform a feasibility test

    This step will walk you through the following activities:

    • Get familiar with Project for the web
    • Understand the basics of how to extend Project for the web in Power Apps
    • Perform a feasibility test to determine if taking a DIY approach to extending Project for the web is right for your organization currently

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • Project Managers
    • Other relevant PMO stakeholders

    Outcomes of Step

    • A decision on how best to proceed (or not proceed) with Project for the web

    Project for the web is the latest of Microsoft’s project management offerings

    What is Project for the web?

    • First introduced in 2019 as Project Service, Project for the web (PFTW) is Microsoft’s entry into the world of cloud-based work management and lightweight project management options.
    • Built on the Power Platform and leveraging the Dataverse for data storage, PFTW integrates with the many applications that M365 users are already employing in their day-to-day work management and collaboration activities.
    • It is available as a part of your M365 subscription with the minimum activation of P1 license – it comes with P3 and P5 licenses as well.
    • From a functionality and user experience perspective, PFTW is closer to applications like Planner or Azure Boards than it is to traditional MS Project options.

    What does it do?

    • PFTW allows for task and dependency tracking and basic timeline creation and scheduling and offers board and grid view options. It also allows real-time coauthoring of tasks among team members scheduled to the same project.
    • PFTW also comes with a product/functionality Microsoft calls Roadmap, which allows users to aggregate multiple project timelines into a single view for reporting purposes.

    What doesn't it do?

    • With PFTW, Microsoft is offering noticeably less traditional project management functionality than its existing solutions. Absent are table stakes project management capabilities like critical path, baselining, resource load balancing, etc.

    Who is it for?

    • Currently, in its base lightweight project management option, PFTW is targeted toward occasional or part-time project managers (not the PMP-certified set) tasked with overseeing and/or collaborating on small to mid-sized initiatives and projects.

    Put Project for the web in perspective

    Out of the box, PFTW occupies a liminal space when it comes to work management options

    • More than a task management tool, but not quite a full project management tool
    • Not exactly a portfolio management tool, yet some PPM reporting functionality is inherent in the PFTW through Roadmap

    The table to the right shows some of the functionality in PFTW in relation to the task management functionality of Planner and the enterprise project and portfolio management functionality of Project Online.

    Table 2.1a Planner Project for the web Project Online
    Coauthoring on Tasks X X
    Task Planning X X X
    Resource Assignments X X X
    Board Views X X X
    MS Teams Integration X X X
    Roadmap X X
    Table and Gantt Views X X
    Task Dependency Tracking X X
    Timesheets X
    Financial Planning X
    Risks and Issues Tracking X
    Program Management X
    Advanced Portfolio Management X

    Project for the web will eventually replace Project Online

    • As early as 2018 Microsoft has been foreshadowing a transition away from the SharePoint-backed Project environments of Server and Online toward something based in Common Data Service (CDS) – now rebranded as the Dataverse.
    • Indeed, as recently as the spring of 2021, at its Reimagine Project Management online event, Microsoft reiterated its plans to sunset Project Online and transition existing Online users to the new environment of Project for the web – though it provided no firm dates when this might occur.
      • The reason for this move away from Online appears to be an acknowledgment that the rigidity of the tool is awkward in our current dynamic, collaborative, and overhead-adverse work management paradigm.
      • To paraphrase a point made by George Bullock, Sr. Product Marketing Manager, for Microsoft at the Reimagine Project Management event, teams want to manage work as they see fit, but the rigidity of legacy solutions doesn’t allow for this, leading to a proliferation of tools and data sprawl. (This comment was made during the “Overview of Microsoft Project” session during the Reimagine event.)

    PFTW is Microsoft’s proposed future-state antidote to this challenge. Its success will depend on how well users are able to integrate the solution into a wider M365 work management setting.

    "We are committed to supporting our customers on Project Online and helping them transition to Project for the Web. No end-of-support has been set for Project Online, but when the time comes, we will communicate our plans on the transition path and give you plenty of advance notice." (Heather Heide, Program Manager, Microsoft Planner and Project. This comment was made during the “Overview of Microsoft Project” session during the Reimagine event.)

    Project for the web can be extended beyond its base lightweight functionality

    Project for the web can be extended to add more traditional and robust project and project portfolio management functionality using the Power Platform.

    Microsoft plans to sunset Project Online in favor of PFTW will at first be a head-scratcher for those familiar with the extensive PPM functionality in Project Online and underwhelmed by the project and portfolio management in PFTW.

    However, having built the solution upon the Power Platform, Microsoft has made it possible to take the base functionality in PFTW and extend it to create a more custom, organizationally specific user experience.

    • With a little taste of what can be done with PFTW by leveraging the Power Platform – and, in particular, Power Apps – it becomes more obvious how we, as users, can begin to evolve the base tool toward a more traditional PPM solution and how, in time, Microsoft’s developers may develop the next iteration of PFTW into something more closely resembling Project Online.

    Before users get too excited about using these tools to build a custom PPM approach, we should consider the time, effort, and skills required. The slides ahead will take you through a series of considerations to help you gauge whether your PMO is ready to go it alone in extending the solution.

    Extending the tool enhances functionality

    Table 2.1a in this step displayed the functionality in PFTW in relation to the task management tool Planner and the robust PPM functionality in Online.

    The table to the right shows how the functionality in PFTW can differ from the base solution and Project Online when it is extended using the model-driven app option in Power Apps.

    Caveat: The list of functionality and processes in this table is sample data.

    This functionality is not inherent in the solution as soon as you integrate with Power Apps. Rather it must be built – and your success in developing these functions will depend upon the time and skills you have available.

    Table 2.1b Project for the web PFTW extended with PowerApps Project Online
    Critical Path X
    Timesheets X
    Financial Planning X X
    Risks and Issues Tracking X X
    Program Management X
    Status Updates X
    Project Requests X
    Business Cases X
    Project Charters X
    Resource Planning and Capacity Management X X
    Project Change Requests X

    Get familiar with the basics of Power Apps before you decide to go it alone

    While the concept of being able to customize and grow a commercial PPM tool is enticing, the reality of low-code development and application maintenance may be too much for resource-constrained PMOs.

    Long story short: Extending PFTW in Power Apps is time consuming and can be frustrating for the novice to intermediate user.

    It can take days, even weeks, just to find your feet in Power Apps, let alone to determine requirements to start building out a custom model-driven app. The latter activity can entail creating custom columns and tables, determining relationships between tables to get required outputs, in addition to basic design activities.

    Time-strapped and resource-constrained practitioners should pause before committing to this deployment approach. To help better understand the commitment, the slides ahead cover the basics of extending PFTW in Power Apps:

    1. Dataverse environments.
    2. Navigating Power App Designer and Sitemap Designer
    3. Customizing tables and forms in the Dataverse

    See Info-Tech’s M365 Project Portfolio Management Tool Guide for more information on Power Apps in general.

    Get familiar with Power Apps licensing

    Power Apps for 365 comes with E1 through E5 M365 licenses (and F3 and F5 licenses), though additional functionality can be purchased if required.

    While extending Project for the web with Power Apps does not at this time, in normal deployments, require additional licensing from what is included in a E3 or E5 license, it is not out of the realm of possibility that a more complex deployment could incur costs not included in the Power Apps for 365 that comes with your enterprise agreement.

    The table to the right shows current additional licensing options.

    Power Apps, Per User, Per App Plan

    Per User Plan

    Cost: US$10 per user per app per month, with a daily Dataverse database capacity of 40 MB and a daily Power Platform request capacity of 1,000. Cost: US$40 per user per month, with a daily Dataverse database capacity of 250 MB and a daily Power Platform request capacity of 5,000.
    What's included? This option is marketed as the option that allows organizations to “get started with the platform at a lower entry point … [or those] that run only a few apps.” Users can run an application for a specific business case scenario with “the full capabilities of Power Apps” (meaning, we believe, that unlicensed users can still submit data via an app created by a licensed user). What's included? A per-user plan allows licensed users to run unlimited canvas apps and model-driven apps – portal apps, the licensing guide says, can be “provisioned by customers on demand.” Dataverse database limits (the 250 MB and 5,000 request capacity mentioned above) are pooled at the per tenant, not the per user plan license, capacity.

    For more on Power Apps licensing, refer to Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era for more information.

    What needs to be configured?

    Extending Project for the web requires working with your IT peers to get the right environments configured based upon your needs.

    • PFTW data is stored in the Microsoft Dataverse (formerly Common Data Service or CDS).
    • The organization’s Dataverse can be made up of one to many environments based upon its needs. Environments are individual databases with unique proprieties in terms of who can access them and what applications can store data in them.
    • Project for the web supports three different types of environments: default, production, and sandbox.
    • You can have multiple instances of a custom PFTW app deployed across these environments and across different users – and the environment you choose depends upon the use case of each instance.

    Types of Environments

    • Default Environment

      • It is the easiest to deploy and get started with the PFTW Power App in the default environment. However, it is also the most restricted environment with the least room for configuration.
      • Microsoft recommends this environment for simple deployments or for projects that span the organization. This is because everyone in the organization is by default a member of this environment – and, with the least room for configuration, the app is relatively straightforward.
      • At minimum, you need one project license to deploy PFTW in the default environment.
    • Production Environment

      • This environment affords more flexibility for how a custom app can be configured and deployed. Unlike the default environment, deploying a production environment is a manual process (through the Power Platform Admin Center) and security roles need to be set to limit users who can access the environment.
      • Because users can be limited, production environments can be used to support more advanced deployments and can support diverse processes for different teams.
      • At present, you need at least five Project licenses to deploy to production environments.
    • Sandbox Environment

      • This environment is for users who are responsible for the creation of custom apps. It offers the same functionality as a production environment but allows users to make changes without jeopardizing a production environment.

    Resources to provide your IT colleagues with to help in your PFTW deployment:

    1. Project for the web admin help (Product Documentation, Microsoft)
    2. Advanced deployment for Project for the web (Video, Microsoft)
    3. Get Started with Project Power App (Product Support Documentation, Microsoft)
    4. Project for the Web Security Roles (Product Support Documentation, Microsoft)

    Get started creating or customizing a model-driven app

    With the proper environments procured, you can now start extending Project for the web.

    • Navigate to the environment you would like to extend PFTW within. For the purposes of the slides ahead, we’ll be using a sandbox environment for an example. Ensure you have the right access set up for production and sandbox environments of your own (see links on previous slide for more assistance).
    • To begin extending PFTW, the two core features you need to be familiar with before you start in Power Apps are (1) Tables/Entities and (2) the Power Apps Designer – and in particular the Site Map.

    From the Power Apps main page in 365, you can change your environment by selecting from the options in the top right-hand corner of the screen.

    Screenshot of the Power Apps “Apps” page in a sandbox environment. The Project App will appear as “Project” when the application is installed, though it is also easy to create an app from scratch.

    Model-driven apps are built around tables

    In Power Apps, tables (formerly called entities and still referred to as entities in the Power Apps Designer) function much like tables in Excel: they are containers of columns of data for tracking purposes. Tables define the data for your app, and you build your app around them.

    In general, there are three types of tables:

    • Standard: These are out-of-the box tables included with a Dataverse environment. Most standard tables can be customized.
    • Managed: These are tables that get imported into an environment as part of a managed solution. Managed tables cannot be customized.
    • Custom: These types of tables can either be imported from another solution or created directly in the Dataverse environment. To create custom tables, users need to have System Administrator or System Customizer security roles within the Dataverse.

    Tables can be accessed under Data banner on the left-hand panel of your Power Apps screen.

    The below is a list of standard tables that can be used to customize your Project App.

    A screenshot of the 'Data' banner in 'Power Apps' and a list of table names.

    Table Name

    Display Name

    msdyn_project Project
    msdyn_projectchange Change
    msdyn_projectprogram Program
    msdyn_projectrequest Request
    msdyn_projectrisk Risk
    msdyn_projectissue Issue
    msdyn_projectstatusreport Status

    App layouts are designed in the Power App Designer

    You configure tables with a view to using them in the design of your app in the Power Apps Designer.

    • If you’re customizing a Project for the web app manually installed into your production or sandbox environment, you can access Designer by highlighting the app from your list of apps on the Apps page and clicking “Edit” in the ribbon above.
      • If you’re creating a model-driven app from scratch, Designer will open past the “Create a New App” intro screen.
      • If you need to create separate apps in your environment for different PMOs or business units, it is as easy to create an app from scratch as it is to customize the manual install.
    • The App Designer is where you can design the layout of your model-driven app and employ the right data tables.
    Screenshot of the 'App Designer' screen in 'Power Apps'.

    The Site Map determines the navigation for your app, i.e. it is where you establish the links and pages users will navigate. We will review the basics of the sitemap on the next few slides.

    The tables that come loaded into your Project Power App environment (at this time, 37) via the manual install will appear in the Power Apps Designer in the Entity View pane at the bottom of the page. You do not have to use all of them in your design.

    Navigate the Sitemap Designer

    With the components of the previous two slides in mind, let’s walk through how to use them together in the development of a Project app.

    As addressed in the previous slide, the sitemap determines the navigation for your app, i.e. it is where you establish the links and the pages that users will navigate.

    To get to the Sitemap Designer, highlight the Project App from your list of apps on the Apps page and click “Edit” in the ribbon above. If you’re creating a model-driven app from scratch, Designer will open past the “Create a New App” intro screen.

    • To start designing your app layout, click the pencil icon beside the Site Map logo on the App Designer screen.
    • This will take you into the Sitemap Designer (see screenshot to the right). This is where you determine the layout of your app and the relevant data points (and related tables from within the Dataverse) that will factor into your Project App.
    • In the Sitemap Designer, you simply drag and drop the areas, groups, and subareas you want to see in your app’s user interface (see next slide for more details).
    Screenshot of the 'Sitemap Designer' in 'Power Apps'.

    Use Areas, Groups, and Subareas as building blocks for your App

    Screenshots of the main window and the right-hand panel in the 'Sitemap Designer', and of the subarea pop-up panel where you connect components to data tables. The first two separate elements into 'Area', 'Group', and 'Subarea'.

    Drag and drop the relevant components from the panel on the right-hand side of the screen into the main window to design the core pieces that will be present within your user interface.

    For each subarea in your design, use the pop-up panel on the right-hand side of the screen to connect your component the relevant table from within your Dataverse environment.

    How do Areas, Groups, and Subareas translate into an app?

    Screenshots of the main window in the 'Sitemap Designer' and of a left-hand panel from a published 'Project App'. There are notes defining the terms 'Area', 'Group', and 'Subarea' in the context of the screenshot.

    The names or titles for your Areas and Groups can be customized within the Sitemap Designer.

    The names or titles for your Subareas is dependent upon your table name within the Dataverse.

    Area: App users can toggle the arrows to switch between Areas.

    Group: These will change to reflect the chosen Area.

    Subarea: The tables and forms associated with each subarea.

    How to properly save and publish your changes made in the Sitemap Designer and Power Apps Designer:

    1. When you are done making changes to your components within the Sitemap Designer, and want your changes to go live, hit the “Publish” button in the top right corner; when it has successfully published, select “Save and Close.”
    2. You will be taken back to the Power App Designer homepage. Hit “Save,” then “Publish,” and then finally “Play,” to go to your app or “Save and Close.”

    How to find the right tables in the Dataverse

    While you determine which tables will play into your app in the Sitemap Designer, you use the Tables link to customize tables and forms.

    Screenshots of the tables search screen and the 'Tables' page under the 'Data' banner in 'Power Apps'.

    The Tables page under the Data banner in Power Apps houses all of the tables available in your Dataverse environment. Do not be overwhelmed or get too excited. Only a small portion of the tables in the Tables folder in Power Apps will be relevant when it comes to extending PFTW.

    Find the table you would like to customize and/or employ in your app and select it. The next slides will look at customizing the table (if you need to) and designing an app based upon the table.

    To access all the tables in your environment, you’ll need to ensure your filter is set correctly on the top right-hand corner of the screen, otherwise you will only see a small portion of the tables in your Dataverse environment.

    If you’re a novice, it will take you some time to get familiar with the table structure in the Dataverse.

    We recommend you start with the list of tables listed on slide. You can likely find something there that you can use or build from for most PPM purposes.

    How to customize a table (1 of 3)

    You won’t necessarily need to customize a table, but if you do here are some steps to help you get familiar with the basics.

    Screenshot of the 'Columns' tab, open in the 'msdyn_project table' in 'Power Apps'.

    In this screenshot, we are clicked into the msdyn_project (display name: Project) table. As you can see, there are a series of tabs below the name of the table, and we are clicked into the Columns tab. This is where you can see all of the data points included in the table.

    You are not able to customize all columns. If a column that you are not able to customize does not meet your needs, you will need to create a custom column from the “+Add column” option.

    “Required” or “Optional” status pertains to when the column or field is used within your app. For customizable or custom columns this status can be set when you click into each column.

    How to customize a table (2 of 3)

    Create a custom “Status” column.

    By way of illustrating how you might need to customize a table, we’ll highlight the “msdyn_project_statecode” (display name: Project Status) column that comes preloaded in the Project (msdyn_project) table.

    • The Project Status column only gives you a binary choice. While you are able to customize what that binary choice is (it comes preloaded with “Active” and “Inactive” as the options) you cannot add additional choices – so you cannot set it to red/yellow/green, the most universally adopted options for status in the project portfolio management world.
    • Because of this, let’s look at the effort involved in creating a choice and adding a custom column to your table based upon that choice.
    Screenshots of the '+New choice' button in the 'Choices' tab and the 'New choice' pane that opens when you click it.

    From within the Choices tab, click “+New choice” option to create a custom choice.

    A pane will appear to the right of your screen. From there you can give your choice a name, and under the “Items” header, add your list of options.

    Click save. Your custom choice is now saved to the Choices tab in the Dataverse environment and can be used in your table. Further customizations can be made to your choice if need be.

    How to customize a table (3 of 3)

    Back in the Tables tab, you can put your new choice to work by adding a column to a table and selecting your custom choice.

    Screenshots of the pop-up window that appear when you click '+Add Column', and details of what happens when you select the data type 'Choice'.

    Start by selecting “+ Add Column” at the top left-hand side of your table. A window will appear on the right-hand side of the page, and you will have options to name your column and choose the data type.

    As you can see in this screenshot to the left, data type options include text, number and date types, and many more. Because we are looking to use our custom choice for this example, we are going to choose “Choice.”

    When you select “Choice” as your data type, all of the choice options available or created in your Dataverse environment will appear. Find your custom choice – in this example the one name “RYG Status” – and click done. When the window closes, be sure to select “Save Table.”

    How to develop a Form based upon your table (1 of 3 – open the form editor)

    A form is the interface users will engage with when using your Project app.

    When the Project app is first installed in your environment, the main user form will be lacking, with only a few basic data options.

    This form can be customized and additional tabs can be added to your user interface.

    1. To do this, go to the table you want to customize.
    2. In the horizontal series of tabs at the top of the screen, below the table title select the “Forms” option.
    3. Click on the main information option or select Edit Form for the form with “Main” under its form type. A new window will open where you can customize your form.
    Screenshot of the 'Forms' tab, open in the 'msdyn_project' table in 'Power Apps'.

    Select the Forms tab.

    Start with the form that has “Main” as its Format Type.

    How to develop a Form based upon your table (2 of 3 – add a component)

    Screenshot of the 'Components' window in 'Power Apps' with a list of layouts as a window to the right of the main screen where you can name and format the chosen layout.

    You can add element like columns or sections to your form by selecting the Components window.

    In this example, we are adding a 1-Column section. When you select that option from the menu options on the left of the screen, a window will open to the right of the screen where you can name and format the section.

    Choose the component you would like to add from the layout options. Depending on the table element you are looking to use, you can also add input options like number inputs and star ratings and pull in related data elements like a project timeline.

    How to develop a Form based upon your table (3 of 3 – add table columns)

    Screenshot of the 'Table Columns' window in 'Power Apps' and instructions for adding table columns.

    If you click on the “Table Columns” option on the left-hand pane, all of the column options from within your table will appear in alphabetical order.

    When clicked within the form section you would like to add the new column to, select the column from the list of option in the left-hand pane. The new data point will appear within the section. You can order and format section elements as you would like.

    When you are done editing the form, click the “Save” icon in the top right-hand corner. If you are ready for your changes to go live within your Project App, select the “Publish” icon in the top right-hand corner. Your updated form will go live within all of the apps that use it.

    The good and the bad of extending Project for the web

    The content in this step has not instructed users how to extend PFTW; rather, it has covered three basic core pieces of Power Apps that those interesting in PFTW need to be aware of: Dataverse environments, the Power Apps and Sitemaps Designers, and Tables and associated Forms.

    Because we have only covered the very tip of the iceberg, those interested in going further and taking a DIY approach to extending PFTW will need to build upon these basics to unlock further functionality. Indeed, it takes work to develop the product into something that begins to resemble a viable enterprise project and portfolio management solution. Here are some of the good and the bad elements associated with that work:

    The Good:

    • You can right-size and purpose build: add as much or as little project management rigor as your process requires. Related, you can customize the solution in multiple ways to suit the needs of specific business units or portfolios.
    • Speed to market: it is possible to get up and running quickly with a minimum-viable product.

    The Bad:

    • Work required: to build anything beyond MVP requires independent research and trial and error.
    • Time required: to build anything beyond MVP requires time and skills that many PMOs don’t have.
    • Shadow support costs: ungoverned app creation could have negative support and maintenance impacts across IT.

    "The move to Power Platform and low code development will […increase] maintenance overhead. Will low code solution hit problems at scale? [H]ow easy will it be to support hundreds or thousands of small applications?

    I can hear the IT support desks already complaining at the thought of this. This part of the puzzle is yet to hit real world realities of support because non developers are busy creating lots of low code applications." (Ben Hosking, Software Developer and Blogger, "Why low code software development is eating the world")

    Quick start your extension with the Accelerator

    For those starting out, there is a pre-built app you can import into your environment to extend the Project for the web app without any custom development.

    • If the DIY approach in the previous slides was overwhelming, and you don’t have the budget for a MS Partner route in the near-term, this doesn’t mean that evolving your Project for the web app is unattainable.
    • Thanks to a partnership between OnePlan (one of the MS Gold Partners we detail in the next step) and Microsoft, Project for the web users have access to a free resource to help them evolve the base Project app. It’s called the “Project for the web Accelerator” (commonly referred to as “the Accelerator” for short).
    • Users interested in learning more about, and accessing, this free resource should refer to the links below:
      1. The Future of Microsoft Project Online (source: OnePlan).
      2. Introducing the Project Accelerator (source: Microsoft).
      3. Project for the web Accelerator (source: GitHub)
    Screen shot from one of the dashboards that comes with the Accelerator (image source: GitHub).

    2.1.1 Perform a feasibility test (1 of 2)

    15 mins

    As we’ve suggested, and as the material in this step indicates, extending PFTW in a DIY fashion is not small task. You need a knowledge of the Dataverse and Power Apps, and access to the requisite skills, time, and resources to develop the solution.

    To determine whether your PMO and organization are ready to go it alone in extending PFTW, perform the following activity:

    1. Convene a collection of portfolio, project, and PMO staff.
    2. Using the six-question survey on tab 5 of the Microsoft Project & M365 Licensing Tool (see screenshot to the right) as a jumping off point for a discussion, consider the readiness of your PMO or project organization to undertake a DIY approach to extending and implementing PFTW at this time.
    3. You can use the recommendations on tab 5 of the Microsoft Project & 365 Licensing Tool to inform your next steps, and input the gauge graphic in section 4 of the Microsoft Project & M365 Action Plan Template.
    Screenshots from the 'Project for the Web Extensibility Feasibility Test'.

    Go to tab 5 of the Microsoft Project & M365 Licensing Tool

    See next slide for additional activity details

    2.1.1 Perform a feasibility test (2 of 2)

    Input: The contents of this step, The Project for the Web Extensibility Feasibility Test (tab 5 in the Microsoft Project & 365 Licensing Tool)

    Output: Initial recommendations on whether to proceed and how to proceed with a DIY approach to extending Project for the web

    Materials: The Project for the Web Extensibility Feasibility Test (tab 5 in the Microsoft Project & 365 Licensing Tool)

    Participants: Portfolio Manager (PMO Director), Project Managers, Other relevant PMO stakeholders

    Step 2.2

    Assess the Microsoft Gold Partner Community

    Activities

    • Review what to look for in a Microsoft Partner
    • Determine whether your needs would benefit from reaching out to a Microsoft Partner
    • Review three key Partners from the North American market
    • Create a Partner outreach plan

    This step will walk you through the following activities:

    • Review what to look for in a Microsoft Partner.
    • Determine whether your needs would benefit from reaching out to a Microsoft Partner.
    • Review three key Partners from the North American market.

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • Project Managers
    • Other relevant PMO stakeholders

    Outcomes of Step

    • A better understanding of MS Partners
    • A Partner outreach plan

    You don’t have to go it alone

    Microsoft has an established community of Partners who can help in your customizations and implementations of Project for the web and other MS Project offerings.

    If the content in the previous step seemed too technical or overly complex in a way that scared you away from a DIY approach to extending Microsoft’s latest project offering (and at some point in the near future, soon to be its only project offering), Project for the web, fear not.

    You do not have to wade into the waters of extending Project for the web alone, or for that matter, in implementing any other MS Project solution.

    Instead, Microsoft nurtures a community of Silver and Gold partners who offer hands-on technical assistance and tool implementation services. While the specific services provided vary from partner to partner, all can assist in the customization and implementation of any of Microsoft’s Project offerings.

    In this step we will cover what to look for in a Partner and how to assess whether you are a good candidate for the services of a Partner. We will also highlight three Partners from within the North American market.

    The basics of the Partner community

    What is a Microsoft Partner?

    Simply put, an MS Gold Partner is a software or professional services organization that provides sales and services related to Microsoft products.

    They’re resellers, implementors, integrators, software manufacturers, trainers, and virtually any other technology-related business service.

    • Microsoft has for decades opted out of being a professional services organization, outside of its very “leading edge” offerings from MCS (Microsoft Consulting Services) for only those technologies that are so new that they aren’t yet supported by MS Partners.
    • As you can see in the chart on the next slide, to become a silver or gold certified partner, firms must demonstrate expertise in specific areas of business and technology in 18 competency areas that are divided into four categories: applications and infrastructure, business applications, data and AI, and modern workplace and security.

    More information on what it takes to become a Microsoft Partner:

    1. Partner Center (Document Center, Microsoft)
    2. Differentiate your business by attaining Microsoft competencies (Document Center, Microsoft)
    3. Partner Network Homepage (Webpage, Microsoft)
    4. See which partner offer is right for you (Webpage, Microsoft)

    Types of partnerships and qualifications

    Microsoft Partner Network

    Microsoft Action Pack

    Silver Competency

    Gold Competency

    What is it?

    The Microsoft Partner Network (MPN) is a community that offers members tools, information, and training. Joining the MPN is an entry-level step for all partners. The Action Pack is an annual subscription offered to entry-level partners. It provides training and marketing materials and access to expensive products and licenses at a vastly reduced price. Approximately 5% of firms in the Microsoft Partner Network (MPN) are silver partners. These partners are subject to audits and annual competency exams to maintain silver status. Approximately 1% of firms in the Microsoft Partner Network (MPN) are gold partners. These partners are subject to audits and annual competency exams to maintain Gold status.

    Requirements

    Sign up for a membership Annual subscription fee While requirements can vary across competency area, broadly speaking, to become a silver partner firms must:
    • Pass regular exams and skills assessments, with at least two individuals on staff with Microsoft Certified Professional Status.
    • Hit annual customer, revenue, and licensing metrics.
    • Pay the annual subscription fee.
    While requirements can vary across competency area, broadly speaking, to become a gold partner firms must:
    • Pass regular exams and skills assessments, with at least two individuals on staff with Microsoft Certified Professional Status.
    • Hit annual customer, revenue, and licensing metrics.
    • Pay the annual subscription fee.

    Annual Fee

    No Cost $530 $1800 $5300

    When would a MS Partner be helpful?

    • Project management and portfolio management practitioners might look into procuring the services of a Microsoft Partner for a variety of reasons.
    • Because services vary from partner to partner (help to extend Project for the web, implement Project Server or Project Online, augment PMO staffing, etc.) we won’t comment on specific needs here.
    • Instead, the three most common conditions that trigger the need are listed to the right.

    Speed

    When you need to get results faster than your staff can grow the needed capabilities.

    Cost

    When the complexity of the purchase decision, implementation, communication, training, configuration, and/or customization cannot be cost-justified for internal staff, often because you’ll only do it once.

    Expertise & Skills

    When your needs cannot be met by the core Microsoft technology without significant extension or customization.

    Canadian Microsoft Partners Spotlight

    As part of our research process for this blueprint, Info-Tech asked Microsoft Canada for referrals and introductions to leading Microsoft Partners. We spent six months collaborating with them on fresh research into the underlying platform.

    These vendors are listed below and are highlighted in subsequent slides.

    Spotlighted Partners:

    Logo for One Plan. Logo for PMO Outsource Ltd. Logo for Western Principles.

    Please Note: While these vendors were referred to us by Microsoft Canada and have a footprint in the Canadian market, their footprints extend beyond this to the North American and global markets.

    A word about our approach

    Photo of Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group.
    Barry Cousins
    Project Portfolio Management Practice Lead
    Info-Tech Research Group

    Our researchers have been working with Microsoft Project Online and Microsoft Project Server clients for years, and it’s fair to say that most of these clients (at some point) used a Microsoft Partner in their deployment. They’re not really software products, per se; they’re platforms. As a Microsoft Partner in 2003 when Project Server got its first big push, I heard it loud and clear: “Some assembly required. You might only make 7% on the licensing, but the world’s your oyster for services.”

    In the past few years, Microsoft froze the market for major Microsoft Project decisions by making it clear that the existing offering is not getting updates while the new offering (Project for the web) doesn’t do what the old one did. And in a fascinating timing coincidence, the market substantially adopted Microsoft 365 during that period, which enables access to Project for the web.

    Many of Info-Tech’s clients are justifiably curious, confused, and concerned, while the Microsoft Partners have persisted in their knowledge and capability. So, we asked Microsoft Canada for referrals and introductions to leading Microsoft Partners and spent six months collaborating with them on fresh research into the underlying platform.

    Disclosure: Info-Tech conducted collaborative research with the partners listed on the previous slide to produce this publication. Market trends and reactions were studied, but the only clients identified were in case studies provided by the Microsoft Partners. Info-Tech’s customers have been, and remain, anonymous. (Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group)

    MS Gold Partner Spotlight:

    OnePlan

    Logo for One Plan.
    Headquarters: San Marcos, California, and Toronto, Ontario
    Number of Employees: ~80
    Active Since: 2007 (as EPMLive)
    Website: www.oneplan.ai

    Who are they?

    • While the OnePlan brand has only been the marketplace for a few years, the company has been a major player in MS Gold Partner space for well over a decade.
    • Born out of EPMLive in the mid-aughts, OnePlan Solutions has evolved through a series of acquisitions, including Upland, Tivitie, and most recently Wicresoft.

    What do they do?

    • Software: Its recent rebranding is largely because OnePlan Solutions is as much a software company as it is a professional services firm. The OnePlan software product is an impressive solution that can be used on its own to facilitate the portfolio approaches outlined on the next slide and that can also integrate with the tools your organization is already using to manage tasks (see here for a full rundown of the solutions within the Microsoft stack and beyond OnePlan can integrate with).
    • Beyond its ability to integrate with existing solutions, as a software product, OnePlan has modules for resource planning, strategic portfolio planning, financial planning, time tracking, and more.

    • PPM Consulting Services: The OnePlan team also offers portfolio management consulting services. See the next slide for a list of its approaches to project portfolio management.

    Markets served

    • US, Canada, Europe, and Australia

    Channel Differentiation

    • OnePlan scales to all the PPM needs of all industry types.
    • Additionally, OnePlan offers insights and functionality specific to the needs of BioTech-Pharma.

    What differentiates OnePlan?

    • OnePlan co-developed the Project Accelerator for Project for the web with Microsoft. The OnePlan team’s involvement in developing the Accelerator and making it free for users to access suggests it is aligned to and has expertise in the purpose-built and collaborative vision behind Microsoft’s move away from Project Online and toward the Power Platform and Teams collaboration.
    • 2021 MS Gold Partner of the Year. At Microsoft’s recent Microsoft Inspire event, OnePlan was recognized as the Gold Partner of the Year for Project and Portfolio Management as well as a finalist for Power Apps and Power Automate.
    • OnePlan Approaches: Below is a list of the services or approaches to project portfolio management that OnePlan provides. See its website for more details.
      • Strategic Portfolio Management: Align work to objectives and business outcomes. Track performance against the proposed objectives outcomes.
      • Agile Portfolio Management: Implement Agile practices across the organization, both at the team and executive level.
      • Adaptive Portfolio Management: Allow teams to use the project methodology and tools that best suit the work/team. Maintain visibility and decision making across the entire portfolio.
      • Professional Services Automation: Use automation to operate with greater efficiency.

    "OnePlan offers a strategic portfolio, financial and resource management solution that fits the needs of every PMO. Optimize your portfolio, financials and resources enterprise wide." (Paul Estabrooks, Vice President at OnePlan)

    OnePlan Case Study

    This case study was provided to Info-Tech by OnePlan.

    Brambles

    INDUSTRY: Supply Chain & Logistics
    SOURCE: OnePlan

    Overview: Brambles plays a key role in the delivery or return of products amongst global trading partners such as manufacturers, distributors and retailers.

    Challenge

    Brambles had a variety of Project Management tools with no easy way of consolidating project management data. The proliferation of project management solutions was hindering the execution of a long-term business transformation strategy. Brambles needed certain common and strategic project management processes and enterprise project reporting while still allowing individual project management solutions to be used as part of the PPM platform.

    Solution

    As part of the PMO-driven business transformation strategy, Brambles implemented a project management “operating system” acting as a foundation for core processes such as project intake, portfolio management, resource, and financial planning and reporting while providing integration capability for a variety of tools used for project execution.

    OnePlan’s new Adaptive PPM platform, combining the use of PowerApps and OnePlan, gives Brambles the desired PPM operating system while allowing for tool flexibility at the execution level.

    Results

    • Comprehensive picture of progress across the portfolio.
    • Greater adoption by allowing flexibility of work management tools.
    • Modern portfolio management solution that enables leadership to make confident decision.

    Solution Details

    • OnePlan
    • Project
    • Power Apps
    • Power Automate
    • Power BI
    • Teams

    Contacting OnePlan Solutions

    www.oneplan.ai

    Joe Larscheid: jlarscheid@oneplan.ai
    Paul Estabrooks: pestabrooks@oneplan.ai
    Contact Us: contact@oneplan.ai
    Partners: partner@oneplan.ai

    Partner Resources. OnePlan facilitates regular ongoing live webinars on PPM topics that anyone can sign up for on the OnePlan website.

    For more information on upcoming webinars, or to access recordings of past webinars, see here.

    Additional OnePlan Resources

    1. How to Extend Microsoft Teams into a Collaborative Project, Portfolio and Work Management Solution (on-demand webinar, OnePlan’s YouTube channel)
    2. What Does Agile PPM Mean To The Modern PMO (on-demand webinar, OnePlan’s YouTube channel)
    3. OnePlan is fused with the Microsoft User Experience (blog article, OnePlan)
    4. Adaptive Portfolio Management Demo – Bringing Order to the Tool Chaos with OnePlan (product demo, OnePlan’s YouTube channel)
    5. How OnePlan is aligning with Microsoft’s Project and Portfolio Management Vision (blog article, OnePlan)
    6. Accelerating Office 365 Value with a Hybrid Project Portfolio Management Solution (product demo, OnePlan’s YouTube channel)

    MS Gold Partner Spotlight:

    PMO Outsource Ltd.

    Logo for PMO Outsource Ltd.

    Headquarters: Calgary, Alberta, and Mississauga, Ontario
    Website: www.pmooutsource.com

    Who are they?

    • PMO Outsource Ltd. is a Microsoft Gold Partner and PMI certified professional services firm based in Alberta and Ontario, Canada.
    • It offers comprehensive project and portfolio management offerings with a specific focus on project lifecycle management, including demand management, resource management, and governance and communication practices.

    What do they do?

    • Project Online and Power Platform Expertise. The PMO Outsource Ltd. team has extensive knowledge in both Microsoft’s old tech (Project Server and Desktop) and in its newer, cloud-based technologies (Project Online, Project for the web, the Power Platform, and Dynamics 365). As the case study in two slides demonstrates, PMO Outsource Ltd. Uses its in-depth knowledge of the Microsoft suite to help organizations automate project and portfolio data collection process, create efficiencies, and encourage cloud adoption.
    • PPM Consulting Services: In addition to its Microsoft platform expertise, the PMO Outsource Ltd. team also offers project and portfolio management consulting services, helping organizations evolve their process and governance structures as well as their approaches to PPM tooling.

    Markets served

    • Global

    Channel Differentiation

    • PMO Outsource Ltd. scales to all the PPM needs of all industry types.

    What differentiates PMO Outsource Ltd.?

    • PMO Staff Augmentation. In addition to its technology and consulting services, PMO Outsource Ltd. offers PMO staff augmentation services. As advertised on its website, it offers “scalable PMO staffing solutions. Whether you require Project Managers, Business Analysts, Admins or Coordinators, [PMO Outsource Ltd.] can fulfill your talent search requirements from a skilled pool of resources.”
    • Multiple and easy-to-understand service contract packages. PMO Outsource Ltd. offers many prepackaged service offerings to suit PMOs’ needs. Those packages include “PMO Management, Admin, and Support,” “PPM Solution, Site and Workflow Configuration,” and “Add-Ons.” For full details of what’s included in these services packages, see the PMO Outsource Ltd. website.
    • PMO Outsource Ltd. Services: Below is a list of the services or approaches to project portfolio management that PMO Outsource Ltd. Provides. See its website for more details.
      • Process Automation, Workflows, and Tools. Facilitate line of sight by tailoring Microsoft’s technology to your organization’s needs and creating custom workflows.
      • PMO Management Framework. Receive a professionally managed PPM methodology as well as governance standardization of processes, tools, and templates.
      • Custom BI Reports. Leverage its expertise in reporting and dashboarding to create the visibility your organization needs.

    "While selecting an appropriate PPM tool, the PMO should not only evaluate the standard industry tools but also analyze which tool will best fit the organization’s strategy, budget, and culture in the long run." (Neeta Manghnani, PMO Strategist, PMO Outsource Ltd.)

    PMO Outsource Ltd. Case Study

    This case study was provided to Info-Tech by PMO Outsource Ltd.

    SAMUEL

    INDUSTRY: Manufacturing
    SOURCE: PMO Outsource Ltd.

    Challenge

    • MS Project 2013 Server (Legacy/OnPrem)
    • Out-of-support application and compliance with Office 365
    • Out-of-support third-party application for workflows
    • No capability for resource management
    • Too many manual processes for data maintenance and server administration

    Solution

    • Migrate project data to MS Project Online
    • Recreate workflows using Power Automate solution
    • Configure Power BI content packs for Portfolio reporting and resource management dashboards
    • Recreate OLAP reports from legacy environment using Power BI
    • Cut down nearly 50% of administrative time by automating PMO/PPM processes
    • Save costs on Server hardware/application maintenance by nearly 75%

    Full Case Study Link

    • For full details about how PMO Outsource Ltd. assisted Samuel in modernizing its solution and creating efficiencies, visit the Microsoft website where this case study is highlighted.

    Contacting PMO Outsource Ltd.

    www.pmooutsource.com

    700 8th Ave SW, #108
    Calgary, AB T2P 1H2
    Telephone : +1 (587) 355-3745
    6045 Creditview Road, #169
    Mississauga, ON L5V 0B1
    Telephone : +1 (289) 334-1228
    Information: info@pmooutsource.com
    LinkedIn: https://www.linkedin.com/company/pmo-outsource/

    Partner Resources. PMO Outsource Ltd.’s approach is rooted within a robust and comprehensive PPM framework that is focused on driving strategic outcomes and business success.

    For a full overview of its PPM framework, see here.

    Additional PMO Outsource Ltd. Resources

    1. 5 Benefits of PPM tools and PMO process automation (blog article, PMO Outsource Ltd.)
    2. Importance of PMO (blog article, PMO Outsource Ltd.)
    3. Meet the Powerful and Reimagined PPM tool for Everyone! (video, PMO Outsource Ltd. LinkedIn page)
    4. MS Project Tips: How to add #Sprints to an existing Project? (video, PMO Outsource Ltd. LinkedIn page)
    5. MS Project Tips: How to add a milestone to your project? (video, PMO Outsource Ltd. LinkedIn page)
    6. 5 Benefits of implementing Project Online Tools (video, PMO Outsource Ltd. LinkedIn page)

    MS Gold Partner Spotlight:

    Western Principles

    Logo for Western Principles.

    Headquarters: Vancouver, British Columbia
    Years Active: 16 Years
    Website: www.westernprinciples.com

    Who are they?

    • Western Principles is a Microsoft Gold Partner and UMT 360 PPM software provider based in British Columbia with a network of consultants across Canada.
    • In the last sixteen years, it has successfully conducted over 150 PPM implementations, helping in the implementation, training, and support of Microsoft Project offerings as well as UMT360 – a software solution provider that, much like OnePlan, enhances the PPM capabilities of the Microsoft platform.

    What do they do?

    • Technology expertise. The Western Principles team helps organizations maximize the value they are getting form the Microsoft Platform. Not only does it offer expertise in all the solutions in the MS Project ecosystem, it also helps organizations optimize their use and understanding of Teams, SharePoint, the Power Platform, and more. In addition to the Microsoft platform, Western Principles is partnered with many other technology providers, including UMT360 for strategic portfolio management, the Simplex Group for project document controls, HMS for time sheets, and FluentPro for integration, back-ups, and migrations.
    • PPM Consulting Services: In addition to its technical services and solutions, Western Principles offers PPM consulting and staff augmentation services.

    Markets served

    • Canada

    Channel Differentiation

    • Western Principles scales to all the PPM needs of all industry types, public and private sector.
    • In addition, its website offers persona-specific information based on the PPM needs of engineering and construction, new product development, marketing, and more.

    What differentiates Western Principles?

    • Gold-certified UMT 360 partner. In addition to being a Microsoft Gold Partner, Western Principles is a gold-certified UMT 360 partner. UMT 360 is a strategic portfolio management tool that integrates with many other work management solutions to offer holistic line of sight into the organization’s supply-demand pain points and strategic portfolio management needs. Some of the solutions UMT 360 integrates with include Project Online and Project for the web, Azure DevOps, Jira, and many more. See here for more information on the impressive functionality in UMT360.
    • Sustainment Services. Adoption can be the bane of most PPM tool implementations. Among the many services Western Principles offers, its “sustainment services” stand out. According to Western Principles’ website, these services are addressed to those who require “continual maintenance, change, and repair activities” to keep PPM systems in “good working order” to help maximize ROI.
    • Western Principles Services: In addition to the above, below is a list of some of the services that Western Principles offers. See its website for a full list of services.
      • Process Optimization: Determine your requirements and process needs.
      • Integration: Create a single source of truth.
      • Training: Ensure your team knows how to use the systems you implement.
      • Staff Augmentation: Provide experienced project team members based upon your needs.

    "One of our principles is to begin with the end in mind. This means that we will work with you to define a roadmap to help you advance your strategic portfolio … and project management capabilities. The roadmap for each customer is different and based on where you are today, and where you need to get to." (Western Principles, “Your Strategic Portfolio Management roadmap,” Whitepaper)

    Contacting Western Principles

    www.westernprinciples.com

    610 – 700 West Pender St.
    Vancouver, BC V6C 1G8
    +1 (800) 578-4155
    Information: info@westernprinciples.com
    LinkedIn: https://www.linkedin.com/company/western-principle...

    Partner Resources. Western Principles provides a multitude of current case studies on its home page. These case studies let you know what the firm is working on this year and the type of support it provides to its clientele.

    To access these case studies, see here.

    Additional Western Principles Resources

    1. Program and Portfolio Roll ups with Microsoft Project and Power BI (video, Western Principles YouTube Channel)
    2. Dump the Spreadsheets for Microsoft Project Online (video, Western Principles YouTube Channel)
    3. Power BI for Project for the web (video, Western Principles YouTube Channel)
    4. How to do Capacity Planning and Resource Management in Microsoft Project Online [Part 1 & Part 2] (video, Western Principles YouTube Channel)
    5. Extend & Integrate Microsoft Project (whitepaper, Western Principles)
    6. Your COVID-19 Return-to-Work Plan (whitepaper, Western Principles)

    Watch Info-Tech’s Analyst-Partner Briefing Videos to lean more

    Info-Tech was able to sit down with the partners spotlighted in this step to discuss the current state of the PPM market and Microsoft’s place within it.

    • All three partners spotlighted in this step contributed to Info-Tech’s research process for this publication.
    • For two of the partners, OnePlan and PMO Outsource Ltd., Info-Tech was able to record a conversation where our analysts and the partners discuss Microsoft’s current MS Project offerings, the current state of the PPM tool market, and the services and the approaches of each respective partner.
    • A third video briefing with Western Principles has not happened yet due to logistical reasons. We are hoping we can include a video chat with our peers at Western Principles in the near future.
    Screenshot form the Analyst-Partner Briefing Videos. In addition to the content covered in this step, you can use these videos for further information about the partners to inform your next steps.

    Download Info-Tech’s Analyst-Partner Briefing Videos (OnePlan & PMO Outsource Ltd.)

    2.2.1 Create a partner outreach plan

    1-3 hours

    Input: Contents of this step, List of additional MS Gold Partners

    Output: A completed partner outreach program

    Materials: MS Project & M365 Action Plan Template

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, CIO

    1. With an understanding of the partner ecosystem, compile a working group of PMO peers and stakeholders to produce a gameplan for engaging the MS Gold Partner ecosystem.
      • For additional partner options see Microsoft’s Partner Page.
    2. Using slide 20 in Info-Tech’s MS Project and M365 Action Plan Template, document the Partners you would want or have scheduled briefings with.
      • As you go through the briefings and research process, document the pros and cons and areas of specialized associated with each vendor for your particular work management implementation.

    Download the Microsoft Project & M365 Action Plan Template

    2.2.2 Document your PM and PPM requirements

    1-3 hours

    Input: Project Portfolio Management Maturity Assessment, Project Management Maturity Assessment

    Output: MS Project & M365 Action Plan Template

    Materials: Project Portfolio Management Maturity Assessment, Project Management Maturity Assessment, MS Project & M365 Action Plan Template

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, CIO

    1. As you prepare to engage the Partner Community, you should have a sense of where your project management and project portfolio management gaps are to better communicate your tooling needs.
    2. Leverage tab 4 from both your Project Portfolio Management Assessment and Project Management Assessment from step 1.3 of this blueprint to help document and communicate your requirements. Those tabs prioritize your project and portfolio management needs by highest impact for the organization.
    3. You can use the outputs of the tab to inform your inputs on slide 23 of the MS Project & M365 Action Plan Template to present to organizational stakeholders and share with the Partners you are briefing with.

    Download the Microsoft Project & M365 Action Plan Template

    Determine the Future of Microsoft Project for Your Organization

    Phase 3: Finalize Your Implementation Approach

    Phase 1: Determine Your Tool NeedsPhase 2: Weigh Your Implementation Options

    Phase 3: Finalize Your Implementation Approach

    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Perform a process maturity assessment to help inform your M365 starting point
    • Step 1.3: Consider the right MS Project licenses for your stakeholders
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    An action plan concerning what to do with MS Project and M365 for your PMO or project organization.

    Step 3.1

    Prepare an action plan

    Activities

    • Compile the current state results
    • Prepare an Implementation Roadmap
    • Complete your presentation deck

    This step will walk you through the following activities:

    • Assess the impact of organizational change for the project
    • Develop your vision for stakeholders
    • Compile the current state results and document the implementation approach
    • Create clarity through a RACI and proposed implementation timeline

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • PMO Admin Team
    • Business Analysts
    • Project Managers

    Outcomes of Step

    • Microsoft Project and M365 Action Plan

    Assess the impact of organizational change

    Be prepared to answer: “What’s in it for me?”

    Before jumping into licensing and third-party negotiations, ensure you’ve clearly assessed the impact of change.

    Tailor the work effort involved in each step, as necessary:

    1. Assess the impact
      • Use the impact assessment questions to identify change impacts.
    2. Plan for change
      • Document the impact on each stakeholder group.
      • Anticipate their response.
      • Curate a compelling message for each stakeholder group.
      • Develop a communication plan.
    3. Act according to plan
      • Identify your executive sponsor.
      • Enable the sponsor to drive change communication.
      • Coach managers on how they can drive change at the individual level.

    Impact Assessment Questions

    • Will the change impact how our clients/customers receive, consume, or engage with our products/services?
    • Will there be a price increase?
    • Will there be a change to compensation and/or rewards?
    • Will the vision or mission of the job change?
    • Will the change span multiple locations/time zones?
    • Are multiple products/services impacted by this change?
    • Will staffing levels change?
    • Will this change increase the workload?
    • Will the tools of the job be substantially different?
    • Will a new or different set of skills be needed?
    • Will there be a change in reporting relationships?
    • Will the workflow and approvals be changed?
    • Will there be a substantial change to scheduling and logistics?

    Master Organizational Change Management Practices blueprint

    Develop your vision for stakeholders

    After careful analysis and planning, it’s time to synthesize your findings to those most impacted by the change.

    Executive Brief

    • Prepare a compelling message about the current situation.
    • Outline the considerations the working group took into account when developing the action plan.
    • Succinctly describe the recommendations proposed by the working group.

    Goals

    • Identify the goals for the project.
    • Explain the details for each goal to develop the organizational rationale for the project.
    • These goals are the building blocks for the change communication that the executive sponsor will use to build a coalition of sponsors.

    Future State Vision

    • Quantify the high-level costs and benefits of moving forward with this project.
    • Articulate the future- state maturity level for both the project and project portfolio management process.
    • Reiterate the organizational rationale and drivers for change.

    "In failed transformations, you often find plenty of plans, directives, and programs, but no vision…A useful rule of thumb: If you can’t communicate the vision to someone in five minutes or less and get a reaction that signifies both understanding and interest, you are not yet done…" (John P. Kotter, Leading Change)

    Get ready to compile the analysis completed throughout this blueprint in the subsequent activities. The outputs will come together in your Microsoft Project and M365 Action Plan.

    Use the Microsoft Project & M365 Action Plan Template to help communicate your vision

    Our boardroom-ready presentation and communication template can be customized using the outputs of this blueprint.

    • Getting stakeholders to understand why you are recommending specific work management changes and then communicating exactly what those changes are and what they will cost is key to the success of your work management implementation.
    • To that end, the slides ahead walk you through how to customize the Microsoft Project & M365 Action Plan Template.
    • Many of the current-state analysis activities you completed during phase 1 of this blueprint can be directly made use of within the template as can the decisions you made and requirements you documented during phase 2.
    • By the end of this step, you will have a boardroom-ready presentation that will help you communicate your future-state vision.
    Screenshot of Info-Tech's Microsoft Project and M365 Action Plan Template with a note to 'Update the presentation or distribution date and insert your name, role, and organization'.

    Download Info-Tech’s Microsoft Project & M365 Action Plan Template

    3.1.1 Compile current state results

    1-3 hours

    Input: Force Field Analysis Tool, Tool Audit Workbook, Project Management Maturity Assessment Tool, Project Portfolio Management Maturity Assessment Tool

    Output: Section 1: Executive Brief, Section 2: Context and Constraints

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the tools introduced throughout this blueprint. Use this information along with organizational knowledge to document the business context and current state.
    2. Update the driving forces for change and risks and constraints slides using your outputs from the Force Field Analysis Tool.
    3. Update the current tool landscape, tool satisfaction, and tool audit results slides using your outputs from the Tool Audit Workbook.
    4. Update the gap analysis results slides using your outputs from the Project Management and Project Portfolio Management Maturity Assessment Tools.

    Screenshots of 'Business Context and Current State' screen from the 'Force Field Analysis Tool', the 'Tool Audit Results' screen from the 'Tool Audit Workbook', and the 'Project Portfolio Management Gap Analysis Results' screen from the 'PM and PPM Maturity Assessments Tool'.

    Download the Microsoft Project & M365 Action Plan Template

    3.2.1 Option A: Prepare a DIY roadmap

    1-3 hours; Note: This is only applicable if you have chosen the DIY route

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Section 3: DIY Implementation Approach

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the Microsoft Project and M365 Licensing Tool. Use this information along with organizational knowledge and discussion with the working group to complete Section 3: DIY Implementation Approach.
    2. Copy and paste your results from tab 5 of the Microsoft Project and M365 Licensing Tool. Update the Implementation Approach slide to detail the rationale for selecting this option.
    3. Update the Action Plan to articulate the details for total and annual costs of the proposed licensing solution.
    4. Facilitate a discussion to determine roles and responsibilities for the implementation. Based on the size, risk, and complexity of the implementation, create a reasonable timeline.
    Screenshots from the 'Microsoft Project and M365 Action Plan Template' outlining the 'DIY Implementation Approach'.

    Download the Microsoft Project and M365 Action Plan Template

    3.2.1 Option b: Prepare a Partner roadmap

    1-3 hours; Note: This is only applicable if you have chosen the Partner route

    Input: Microsoft Project and M365 Licensing Tool, Information on Microsoft Partners

    Output: Section 4: Microsoft Partner Implementation Route

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the Microsoft Project and M365 Licensing Tool. Use this information along with organizational knowledge and discussion with the working group to complete Section 4: Microsoft Partner Implementation Route.
    2. Copy and paste your results from tab 5 of the Microsoft Project and M365 Licensing Tool. Update the Implementation Approach slide to detail the rationale for selecting this option.
    3. Develop an outreach plan for the Microsoft Partners you are planning to survey. Set targets for briefing dates and assign an individual to own any back-and-forth communication. Document the pros and cons of each Partner and gauge interest in continuing to analyze the vendor as a possible solution.
    4. Facilitate a discussion to determine roles and responsibilities for the implementation. Based on the size, risk, and complexity of the implementation, create a reasonable timeline.

    Screenshots from the 'Microsoft Project and M365 Action Plan Template' outlining the 'Microsoft Partner Implementation Route'.

    Microsoft Project and M365 Action Plan Template

    3.1.2 Complete your presentation deck

    1-2 hours

    Input: Outputs from the exercises in this blueprint

    Output: Section 5: Future-State Vision and Goals

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. Put the finishing touches on your presentation deck by documenting your future- state vision and goals.
    2. Prepare to present to your stakeholders.
      • Understand your audience, their needs and priorities, and their degree of knowledge and experiences with technology. This informs what to include in your presentation and how to position the message and goal.
    3. Review the deck beginning to end and check for spelling, grammar, and vertical logic.
    4. Practice delivering the vision for the project through several practice sessions.

    Screenshots from the 'Microsoft Project and M365 Action Plan Template' regarding finishing touches.

    Microsoft Project and M365 Action Plan Template

    Pitch your vision to key stakeholders

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Business Executives

    • Section 1: Executive Brief
    • Section 2: Context and Constraints
    • Section 5: Future-State Vision and Goals
    • Identify executive sponsor

    IT Leadership

    • Sections 1-5 with a focus on Section 3 or 4 depending on implementation approach
    • Get buy-in on proposed project
    • Identify skills or resourcing constraints

    Business Managers

    • Section 1: Executive Brief
    • Section 2: Context and Constraints
    • Section 5: Future-State Vision and Goals
    • Get feedback on proposed plan
    • Identify any unassessed risks and organizational impacts

    Business Users

    • Section 1: Executive Brief
    • Support the organizational change management process

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained
    • How you work: Work management and the various ways of working (personal and team task management, strategic project portfolio management, formal project management, and enterprise project and portfolio management).
    • Where you need to go: Project portfolio management and project management current- and target-state maturity levels.
    • What you need: Microsoft Project Plans and requisite M365 licensing.
    • The skills you need: Extending Project for the web.
    • Who you need to work with: Get to know the Microsoft Gold Partner community.
    Deliverables Completed
    • M365 Tool Guides
    • Tool Audit Workbook
    • Force Field Analysis Tool
    • Project Portfolio Management Maturity Assessment Tool
    • Project Management Maturity Assessment Tool
    • Microsoft Project & M365 Action Plan Template

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Photo of Barry Cousins.
    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Perform a work management tool audit

    Gain insight into the tools that drive value or fail to drive value across your work management landscape with a view to streamline the organization’s tool ecosystem.

    Prepare an action plan for your tool needs

    Prepare the right work management tool recommendations for your IT teams and/or business units and develop a boardroom-ready presentation to communicate needs and next steps.

    Research Contributors and Experts

    Neeta Manghnani
    PMO Strategist
    PMO Outsource Ltd.

    Photo of Neeta Manghnani, PMO Strategist, PMO Outsource Ltd.
    • Innovative, performance-driven executive with significant experience managing Portfolios, Programs & Projects, and technical systems for international corporations with complex requirements. A hands-on, dynamic leader with over 20 years of experience guiding and motivating cross-functional teams. Highly creative and brings a blend of business acumen and expertise in multiple IT disciplines, to maximize the corporate benefit from capital investments.
    • Successfully deploys inventive solutions to automate processes and improve the functionality, scalability and security of critical business systems and applications. Leverages PMO/PPM management and leadership skills to meet the strategic goals and business initiatives.

    Robert Strickland
    Principal Consultant & Owner
    PMO Outsource Ltd.

    Photo of Robert Strickland, Principal Consultant and Owner, PMO Outsource Ltd.
    • Successful entrepreneur, leader, and technologist for over 15 years, is passionate about helping organizations leverage the value of SharePoint, O365, Project Online, Teams and the Power Platform. Expertise in implementing portals, workflows and collaboration experiences that create business value. Strategic manager with years of successful experience building businesses, developing custom solutions, delivering projects, and managing budgets. Strong transformational leader on large implementations with a technical pedigree.
    • A digital transformation leader helping clients move to the cloud, collaborate, automate their business processes and eliminate paper forms, spreadsheets and other manual practices.

    Related Info-Tech Research

    • Develop a Project Portfolio Management Strategy
      Time is money; spend it wisely.
    • Establish Realistic IT Resource Management Practices
      Holistically balance IT supply and demand to avoid overallocation.
    • Tailor Project Management Processes to Fit Your Projects
      Spend less time managing processes and more time delivering results

    Bibliography

    “13 Reasons not to use Microsoft Project.” Celoxis, 14 Sept. 2018. Accessed 17 Sept. 2021.

    Advisicon. “Project Online vs Project for the Web.” YouTube, 13 Nov. 2013. Accessed 17 Sept. 2021.

    Branscombe, Mary. “Is Project Online ready to replace Microsoft Project?” TechRepublic, 23 Jan. 2020. Accessed 17 Sept. 2021.

    Chemistruck, Dan. “The Complete Office 365 and Microsoft 365 Licensing Comparison.” Infused Innovations, 4 April 2019. Accessed 17 Sept. 2021.

    “Compare Project management solutions and costs.” Microsoft. Accessed 17 Sept. 2021.

    Day to Day Dynamics 365. “Microsoft Project for the web - Model-driven app.” YouTube, 29 Oct. 2019. Accessed 17 Sept. 2021.

    “Deploying Project for the web.” Microsoft, 24 Aug. 2021. Accessed 17 Sept. 2021.

    “Differentiate your business by attaining Microsoft competencies.” Microsoft, 26 Jan. 2021. Accessed 17 Sept. 2021.

    “Extend & Integrate Microsoft Project.” Western Principles. Accessed 17 Sept. 2021.

    “Get Started with Project Power App.” Microsoft. Accessed 17 Sept. 2021.

    Hosking, Ben. “Why low code software development is eating the world.” DevGenius, May 2021. Accessed 17 Sept. 2021.

    “How in the World is MS Project Still a Leading PM Software?” CBT Nuggets, 12 Nov. 2018. Accessed 17 Sept. 2021.

    Integent. “Project for the Web - Create a Program Entity and a model-driven app then expose in Microsoft Teams.” YouTube, 25 Mar. 2020. Accessed 17 Sept. 2021.

    “Introducing the Project Accelerator.” Microsoft, 10 Mar. 2021. Accessed 17 Sept. 2021.

    “Join the Microsoft Partner Network.” Microsoft. Accessed 17 Sept. 2021.

    Kaneko, Judy. “How Productivity Tools Can Lead to a Loss of Productivity.” Bluescape, 2 Mar. 2018 Accessed 17 Sept. 2021.

    Kotter, John. Leading Change. Harvard Business School Press, 1996.

    Leis, Merily. “What is Work Management.” Scoro. Accessed 17 Sept. 2021.

    Liu, Shanhong. “Number of Office 365 company users worldwide as of June 2021, by leading country.” Statistica, 2021. Web.

    Manghnani, Neeta. “5 Benefits of PPM tools and PMO process automation.” PMO Outsource Ltd., 11 Apr. 2021. Accessed 17 Sept. 2021.

    “Microsoft 365 and Office 365 plan options.” Microsoft, 31 Aug. 2021. Accessed 17 Sept. 2021.

    “Microsoft 365 for enterprise.” Microsoft. Accessed 17 Sept. 2021

    “Microsoft Office 365 Usage Statistics.” Thexyz blog, 18 Sept. 2020. Accessed 17 Sept. 2021.

    “Microsoft Power Apps, Microsoft Power Automate and Microsoft Power Virtual Agents Licensing Guide.” Microsoft, June 2021. Web.

    “Microsoft Project service description.” Microsoft, 31 Aug. 2021. Accessed 17 Sept. 2021.

    “Microsoft Project Statistics.” Integent Blog, 12 Dec. 2013. Accessed 17 Sept. 2021.

    Nanji, Aadil . Modernize Your Microsoft Licensing for the Cloud Era. Info-Tech Research Group, 12 Mar. 2020. Accessed 17 Sept. 2021.

    “Number of Office 365 company users worldwide as of June 2021, by leading country.” Statista, 8 June 2021. Accessed 17 Sept. 2021.

    “Overcoming disruption in a digital world.” Asana. Accessed 17 Sept. 2021.

    Pajunen, Antti. “Customizing and extending Project for the web.” Day to Day Dynamics 365, 20 Jan. 2020. Accessed 17 Sept. 2021.

    “Partner Center Documentation.” Microsoft. Accessed 17 Sept. 2021.

    Pragmatic Works. “Building First Power Apps Model Driven Application.” YouTube, 21 June 2019. Accessed 17 Sept. 2021.

    “Project architecture overview.” Microsoft, 27 Mar. 2020. Accessed 17 Sept. 2021.

    “Project for the web Accelerator.” GitHub. Accessed 17 Sept. 2021.

    “Project for the web admin help.” Microsoft, 28 Oct. 2019. Accessed 17 Sept. 2021.

    “Project for the Web – The New Microsoft Project.” TPG. Accessed 17 Sept. 2021.

    “Project for the Web Security Roles.” Microsoft, 1 July 2021. Accessed 17 Sept. 2021.

    “Project Online: Project For The Web vs Microsoft Project vs Planner vs Project Online.” PM Connection, 30 Nov. 2020. Accessed 17 Sept. 2021.

    Redmond, Tony. “Office 365 Insights from Microsoft’s FY21 Q2 Results.” Office 365 for IT Pros, 28 Jan. 2021. Accessed 17 Sept. 2021.

    Reimagine Project Management with Microsoft. “Advanced deployment for Project for the web.” YouTube, 4 Aug. 2021. Accessed 17 Sept. 2021.

    Reimagine Project Management with Microsoft. “Overview of Microsoft Project.” YouTube, 29 July 2021. Accessed 17 Sept. 2021.

    “See which partner offer is right for you.” Microsoft. Accessed 17 Sept. 2021.

    Shalomova, Anna. “Microsoft Project for Web 2019 vs. Project Online: What’s Best for Enterprise Project Management?” FluentPro, 23 July 2020. Accessed 17 Sept. 2021.

    Speed, Richard. “One Project to rule them all: Microsoft plots end to Project Online while nervous Server looks on.” The Register, 28 Sept. 2018. Accessed 17 Sept. 2021.

    Spataro, Jared. “A new vision for modern work management with Microsoft Project.” Microsoft, 25 Sept. 2018. Accessed 17 Sept. 2021.

    Stickel, Robert. “OnePlan Recognized as Winner of 2021 Microsoft Project & Portfolio Management Partner of the Year.” OnePlan, 8 July 2021. Accessed 17 Sept. 2021.

    Stickel, Robert. “The Future of Project Online.” OnePlan, 2 Mar. 2021. Accessed 17 Sept. 2021.

    Stickel, Robert. “What It Means to be Adaptive.” OnePlan, 24 May 2021. Accessed 17 Sept. 2021.

    “The Future of Microsoft Project Online.” OnePlan. Accessed 17 Sept. 2021.

    Weller, Joe. “Demystifying Microsoft Project Licensing.” Smartsheet, 10 Mar. 2016. Accessed 17 Sept. 2021.

    Western Principles Inc. “Dump the Spreadsheets for Microsoft Project Online.” YouTube, 2 July 2020. Accessed 17 Sept. 2021.

    Western Principles Inc. “Project Online or Project for the web? Which project management system should you use?” YouTube, 11 Aug. 2020. Accessed 17 Sept. 2021.

    “What is Power Query?” Microsoft, 22 July 2021. Web.

    Wicresoft. “The Power of the New Microsoft Project and Microsoft 365.” YouTube, 29 May 2020. Accessed 17 Sept. 2021.

    Wicresoft. “Why the Microsoft Power Platform is the Future of PPM.” YouTube, 11 June 2020. Accessed 17 Sept. 2021.

    Implement Risk-Based Vulnerability Management

    • Buy Link or Shortcode: {j2store}296|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $122,947 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.
    • Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option itself.

    Our Advice

    Critical Insight

    • Patches are often seen as the only answer to vulnerabilities, but these are not always the most suitable solution.
    • Vulnerability management does not equal patch management. It includes identifying and assessing the risk of the vulnerability, and then selecting a remediation option which goes beyond just patching alone.
    • There is more than one way to tackle the problem. Leverage your existing security controls in order to protect the organization.

    Impact and Result

    • At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.
    • Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.
    • The risk-based approach will allow you prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities, while allowing your standard remediation cycle to address the medium to low vulnerabilities.
    • With your program defined and developed, you now need to configure your vulnerability scanning tool, or acquire one if you don’t already have a tool in place.
    • Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    Implement Risk-Based Vulnerability Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify vulnerability sources

    Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.

    • Vulnerability Management SOP Template

    2. Triage vulnerabilities and assign priorities

    Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.

    • Vulnerability Tracking Tool
    • Vulnerability Management Risk Assessment Tool
    • Vulnerability Management Workflow (Visio)
    • Vulnerability Management Workflow (PDF)

    3. Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    4. Measure and formalize

    Evolve the program continually by developing metrics and formalizing a policy.

    • Vulnerability Management Policy Template
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template

    Infographic

    Workshop: Implement Risk-Based Vulnerability Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Vulnerability Sources

    The Purpose

    Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

    Key Benefits Achieved

    Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

    Activities

    1.1 Define the scope & boundary of your organization’s security program.

    1.2 Assign responsibility for vulnerability identification and remediation.

    1.3 Develop a monitoring and review process of third-party vulnerability sources.

    1.4 Review incident management and vulnerability management

    Outputs

    Defined scope and boundaries of the IT security program

    Roles and responsibilities defined for member groups

    Process for review of third-party vulnerability sources

    Alignment of vulnerability management program with existing incident management processes

    2 Triage and Prioritize

    The Purpose

    We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

    Key Benefits Achieved

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Activities

    2.1 Evaluate your identified vulnerabilities.

    2.2 Determine high-level business criticality.

    2.3 Determine your high-level data classifications.

    2.4 Document your defense-in-depth controls.

    2.5 Build a classification scheme to consistently assess impact.

    2.6 Build a classification scheme to consistently assess likelihood.

    Outputs

    Adjusted workflow to reflect your current processes

    List of business operations and their criticality and impact to the business

    Adjusted workflow to reflect your current processes

    List of defense-in-depth controls

    Vulnerability Management Risk Assessment tool formatted to your organization

    Vulnerability Management Risk Assessment tool formatted to your organization

    3 Remediate Vulnerabilities

    The Purpose

    Identifying potential remediation options.

    Developing criteria for each option in regard to when to use and when to avoid.

    Establishing exception procedure for testing and remediation.

    Documenting the implementation of remediation and verification.

    Key Benefits Achieved

    Identifying and selecting the remediation option to be used

    Determining what to do when a patch or update is not available

    Scheduling and executing the remediation activity

    Planning continuous improvement

    Activities

    3.1 Develop risk and remediation action.

    Outputs

    List of remediation options sorted into “when to use” and “when to avoid” lists

    4 Measure and Formalize

    The Purpose

    You will determine what ought to be measured to track the success of your vulnerability management program.

    If you lack a scanning tool this phase will help you determine tool selection.

    Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    Key Benefits Achieved

    Outline of metrics that you can then configure your vulnerability scanning tool to report on.

    Development of an inaugural policy covering vulnerability management.

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Activities

    4.1 Measure your program with metrics, KPIs, and CSFs.

    4.2 Update the vulnerability management policy.

    4.3 Create an RFP for vulnerability scanning tools.

    4.4 Create an RFP for penetration tests.

    Outputs

    List of relevant metrics to track, and the KPIs, CSFs, and business goals for.

    Completed Vulnerability Management Policy

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Further reading

    Implement Risk-Based Vulnerability Management

    Get off the patching merry-go-round and start mitigating risk!

    Table of Contents

    4 Analyst Perspective

    5 Executive Summary

    6 Common Obstacles

    8 Risk-based approach to vulnerability management

    16 Step 1.1: Vulnerability management defined

    24 Step 1.2: Defining scope and roles

    34 Step 1.3: Cloud considerations for vulnerability management

    33 Step 1.4: Vulnerability detection

    46 Step 2.1: Triage vulnerabilities

    51 Step 2.2: Determine high-level business criticality

    56 Step 2.3: Consider current security posture

    61 Step 2.4: Risk assessment of vulnerabilities

    71 Step 3.1: Assessing remediation options

    Table of Contents

    80 Step 3.2: Scheduling and executing remediation

    85 Step 3.3: Continuous improvement

    89 Step 4.1: Metrics, KPIs, and CSFs

    94 Step 4.2: Vulnerability management policy

    97 Step 4.3: Select & implement a scanning tool

    107 Step 4.4: Penetration testing

    118 Summary of accomplishment

    119 Additional Support

    120 Bibliography

    Analyst Perspective

    Vulnerabilities will always be present. Know the unknowns!

    In this age of discovery, technology changes at such a rapid pace. New things are discovered, both in new technology and in old. The pace of change can often be very confusing as to where to start and what to do.

    The ever-changing nature of technology means that vulnerabilities will always be present. Taking measures to address these completely will consume all your department’s time and resources. That, and your efforts will quickly become stale as new vulnerabilities are uncovered. Besides, what about the systems that simply can’t be patched? The key is to understand the vulnerabilities and the levels of risk they pose to your organization, to prioritize effectively and to look beyond patching.

    A risk-based approach to vulnerability management will ensure you are prioritizing appropriately and protecting the business. Reduce the risk surface!

    Vulnerability management is more than just systems and application patching. It is a full process that includes patching, compensating controls, segmentation, segregation, and heightened diligence in security monitoring.

    Jimmy Tom, Research Advisor – Security, Privacy, Risk, and Compliance, Info-Tech Research Group.Jimmy Tom
    Research Advisor – Security, Privacy, Risk, and Compliance
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.

    Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option.

    Common Obstacles

    Patches are often seen as the answer to vulnerabilities, but these are not always the most suitable solution.

    Some systems deemed vulnerable simply cannot be patched or easily replaced.

    Companies are unaware of the risk implications that come from leaving the vulnerability open and from the remediation option itself.

    Info-Tech’s Approach

    Design and implement a vulnerability management program that identifies, prioritizes, and remediates vulnerabilities.

    Understand what needs to be considered when implementing remediation options, including patches, configuration changes, and defense-in-depth controls.

    Build a process that is easy to understand and allows vulnerabilities to be remediated proactively, instead of in an ad hoc fashion.

    Info-Tech Insight

    Vulnerability management does not always equal patch management. There is more than one way to tackle the problem, particularly if a system cannot be easily patched or replaced. If a vulnerability cannot be completely remediated, steps to reduce the risk to a tolerable level must be taken.

    Common obstacles

    These barriers make vulnerability management difficult to address for many organizations:
    • The value of vulnerability management is not well articulated in many organizations. As a result, investment in vulnerability scanning technology is often insufficient.
    • Many organizations feel that a “patch everything” approach is the most effective path.
    • Vulnerability management is commonly misunderstood as being a process that only supports patch management.
    • There is often misalignment between SecOps and ITOps in remediation action and priority, affecting the timeliness of remediation.
    CVSS Score Distribution From the National Vulnerability Database: Pie Charts presenting the CVSS Core Distribution for the National Vulnerability Database. The left circle represents 'V3' and the right 'V2', where V3 has an extra option for 'Critical', above 'High', 'Medium', and 'Low', and V2 does not.
    (Source: NIST National Vulnerability Database Dashboard)

    Leverage risk to sort, triage, and prioritize vulnerabilities

    Reduce your risk surface to avoid cost to your business; everything else is table stakes.

    Reduce the critical and high vulnerabilities below the risk threshold and operationalize the remediation of medium/low vulnerabilities by following your effective vulnerability management program cycles.

    Identify vulnerability sources

    An inventory of your scanning tool and vulnerability threat intelligence data sources will help you determine a viable strategy for addressing vulnerabilities. Defining roles and responsibilities ahead of time will ensure you are not left scrambling when dealing with vulnerabilities.

    Triage and prioritize

    Bring the vulnerabilities into context by assessing vulnerabilities based on your security posture and mechanisms and not just what your data sources report. This will allow you to gauge the true urgency of the vulnerabilities based on risk and determine an effective mitigation plan.

    Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available.

    Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    Measure and formalize

    Upon implementation of the program, measure with metrics to ensure that the program is successful. Improve the program with each iteration of vulnerability mitigation to ensure continuous improvement.

    Tactical Insight 1

    All actions to address vulnerabilities should be based on risk and the organization’s established risk tolerance.

    Tactical Insight 2

    Reduce the risk surface down below the risk threshold.

    The industry has shifted to a risk-based approach

    Traditional vulnerability management is no longer viable.

    “For those of us in the vulnerability management space, ensuring that money, resources, and time are strategically spent is both imperative and difficult. Resources are dwindling fast, but the vulnerability problem sure isn’t.” (Kenna Security)

    “Using vulnerability scanners to identify unpatched software is no longer enough. Keeping devices, networks, and digital assets safe takes a much broader, risk-based vulnerability management strategy – one that includes vulnerability assessment and mitigation actions that touch the entire ecosystem.” (Balbix)

    “Unlike legacy vulnerability management, risk-based vulnerability management goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with threat context and insight into potential business impact.” (Tenable)

    “A common mistake when prioritizing patching is equating a vulnerability’s Common Vulnerability Scoring System (CVSS) score with risk. Although CVSS scores can provide useful insight into the anatomy of a vulnerability and how it might behave if weaponized, they are standardized and thus don’t reflect either of the highly situational variables — namely, weaponization likelihood and potential impact — that factor into the risk the vulnerability poses to an organization.” (SecurityWeek)

    Why a take risk-based approach?

    Vulnerabilities, by the numbers

    60% — In 2019, 60% of breaches were due to unpatched vulnerabilities.

    74% — In the same survey, 74% of survey responses said they cannot take down critical applications and systems to patch them quickly. (Source: SecurityBoulevard, 2019)

    Info-Tech Insight

    Taking a risk-based approach will allow you to focus on mitigating risk, rather than “just patching” your environment.

    The average cost of a breach in 2020 is $3.86 million, and “…the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.” (Dark Reading)

    Vulnerability Management

    A risk-based approach

    Reduce the risk surface to avoid cost to your business, everything else is table stakes

    Logo for Info-Tech.
    Logo for #iTRG.

    1

    Identify

    4

    Address

    Mitigate the risk surface by reducing the time across the phases ›Mitigate the risk by implementing:
    • patch systems & apps
    • compensating controls
    • systems and apps hardening
    • systems segregation
    Chart presenting an example of 'Risk Surface' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. The area between the line and your organization's risk tolerance is labelled 'Risk Surface'.

    Objective: reduce risk surface by reducing time to address

    Your organization's risk tolerance threshold

    Identify vulnerability management scanning tools & external threat intel sources (Mitre CVE, US-CERT, vendor alerts, etc.)Vulnerability information feeds:
    • scanning tool
    • external threat intel
    • internal threat intel

    2

    Analyze

    Assign actual risk (impact x urgency) to the organization based on current security posture

    Triage based on risk ›

    Your organization's risk tolerance threshold

    Risk tolerance threshold map with axes 'Impact' and 'Likelihood'. High levels of one and low levels of the other, or medium levels of both, is 'Medium', High level of one and Medium levels of the other is 'High', and High levels of both is 'Critical'.

    3

    Assess

    Plan risk mitigation strategy ›Consider:
    • risk tolerance
    • compensating controls
    • business impact

    Info-Tech’s vulnerability management methodology

    Focus on developing the most efficient processes.

    Vulnerability management isn’t “old school.”

    The vulnerability management market is relatively mature; however, vulnerability management remains a very relevant and challenging topic.

    Security practitioners are inundated with the advice they need to prioritize their vulnerabilities. Every vulnerability scanning vendor will proclaim their ability to prioritize the identified vulnerabilities.

    Third-party prioritization methodology can’t be effectively applied across all organizations. Each organization is too unique with different constraints. No tool or service can account for these variables.

    Equation to find 'Vulnerability Priority'.

    When patching is not possible, other options exist: configuration changes (hardening), defense-in-depth, compensating controls, and even elevated security monitoring are possible options.

    Info-Tech Insight

    Vulnerability management is not only patch management. Patching is only one aspect.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Vulnerability Management SOP

    The Standard operating procedure (SOP) will comprise the end-to-end description of the program: roles & responsibilities, data flow, and expected outcomes of the program.

    Sample of the key deliverable, Vulnerability Management SOP.
    Vulnerability Management Policy

    Template for your vulnerability management policy.

    Sample of the Vulnerability Management Policy blueprint.Vulnerability Tracking Tool

    This tool offers a template to track vulnerabilities and how they are remedied.

    Sample of the Vulnerability Tracking Tool blueprint.
    Vulnerability Scanning RFP Template

    Request for proposal template for the selection of a vulnerability scanning tool.

    Sample of the Vulnerability Scanning RFP Template blueprint.Vulnerability Risk Assessment Tool

    Methodology to assess vulnerability risk by determining impact and likelihood.

    Sample of the Vulnerability Risk Assessment Tool blueprint.

    Blueprint benefits

    IT Benefits

    • A standardized, consistent methodology to assess, prioritize, and remediate vulnerabilities.
    • A risk-based approach that aligns with what’s important to the business.
    • A way of dealing with the high volumes of vulnerabilities that your scanning tool is reporting.
    • Identification of “where to start” in terms of vulnerability management.
    • Ability to not lose yourself in the patch madness but rather take a sound approach to scheduling and prioritizing patches and updates.
    • Knowledge of what to do when patching is simply not possible or feasible.

    Business Benefits

    • Alignment with IT in ensuring that business processes are only interrupted when absolutely necessary while maintaining a regular cadence of vulnerability remediation.
    • A consistent program that the business can plan around and predict when interruptions will occur.
    • IT’s new approach being integrated with existing IT operations processes, offering the most efficient yet expedient method of dealing with vulnerabilities.

    Info-Tech’s process can save significant financial resources

    PhaseMeasured Value
    Phase 1: Identify vulnerability sources
      Define the process, scope, roles, vulnerability sources, and current state
      • Consultant at $100 an hour for 16 hours = $1,600
    Phase 2: Triage vulnerabilities and assign urgencies
      Establish triaging and vulnerability evaluation process
      • Consultant at $100 an hour for 16 hours = $1,600
      Determine high-level business criticality and data classifications
      • Consultant at $100 an hour for 40 hours = $4,000
      Assign urgencies to vulnerabilities
      • Consultant at $100 an hour for 8 hours = $800
    Phase 3: Remediate vulnerabilities
      Prepare documentation for the vulnerability process
      • Consultant at $100 an hour for 8 hours = $800
      Establish defense-in-depth modelling
      • Consultant at $100 an hour for 24 hours = $2,400
      Identify remediation options and establish criteria for use
      • Consultant at $100 an hour for 40 hours = $4,000
      Formalize backup and testing procedures, including exceptions
      • Consultant at $100 an hour for 8 hours = $800
      Remediate vulnerabilities and verify
      • Consultant at $100 an hour for 24 hours = $2,400
    Phase 4: Continually improve the vulnerability management process
      Establish a metrics program for vulnerability management
      • Consultant at $100 an hour for 16 hours = $1,600
      Update vulnerability management policy
      • Consultant at $100 an hour for 8 hours = $800
      Develop a vulnerability scanning tool RFP
      • Consultant at $100 an hour for 40 hours = $4,000
      Develop a penetration test RFP
      • Consultant at $100 an hour for 40 hours = $4,000
    Potential financial savings from using Info-Tech resourcesPhase 1 ($1,600) + Phase 2 ($6,400) + Phase 3 ($10,400) + Phase 4 ($10,400) = $28,800

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Discuss current state and vulnerability sources.

    Call #3: Identify triage methods and business criticality.

    Call #4:Review current defense-in-depth and discuss risk assessment.

    Call #5: Discuss remediation options and scheduling.

    Call #6: Review release and change management and continuous improvement.

    Call #7: Identify metrics, KPIs, and CSFs.

    Call #8: Review vulnerability management policy.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1Day 2Day 3Day 4Day 5
    Activities
    Identify vulnerability sources

    1.1 What is vulnerability management?

    1.2 Define scope and roles

    1.3 Cloud considerations for vulnerability management

    1.4 Vulnerability detection

    Triage and prioritize

    2.1 Triage vulnerabilities

    2.2 Determine high-level business criticality

    2.3 Consider current security posture

    2.4 Risk assessment of vulnerabilities

    Remediate vulnerabilities

    3.1 Assess remediation options

    3.2 Schedule and execute remediation

    3.3 Drive continuous improvement

    Measure and formalize

    4.1 Metrics, KPIs & CSFs

    4.2 Vulnerability Management Policy

    4.3 Select & implement a scanning tool

    4.4 Penetration testing

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Scope and boundary definition of vulnerability management program
    2. Responsibility assignment for vulnerability identification and remediation
    3. Monitoring and review process of third-party vulnerability sources
    4. Incident management and vulnerability convergence
    1. Methodology for evaluating identified vulnerabilities
    2. Identification of high-level business criticality
    3. Defined high-level data classifications
    4. Documented defense-in-depth controls
    5. Risk assessment criteria for impact and likelihood
    1. Documented risk assessment methodology and remediation options
    1. Defined metrics, key performance indicators (KPIs), and critical success factors (CSFs)
    2. Initial draft of vulnerability management policy
    3. Scanning tool selection criteria
    4. Introduction to penetration testing
    1. Completed vulnerability management standard operating procedure
    2. Defined vulnerability management risk assessment criteria
    3. Vulnerability management policy draft

    Implement Risk-Based Vulnerability Management

    Phase 1

    Identify Vulnerability Sources

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Establish a common understanding of vulnerability management, define the roles, scope, and information sources of vulnerability detection.

    This phase involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Step 1.1

    Vulnerability Management Defined

    Activities

    None for this section

    This step will walk you through the following activities:

    Establish a common understanding of vulnerability management and its place in the IT organization.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Foundational knowledge of vulnerability management in your organization.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    What is vulnerability management?

    It’s more than just patching.

    • Vulnerability management is the regular and ongoing practice of scanning an operating environment to uncover vulnerabilities. These vulnerabilities can be outdated applications, unpatched operating systems and software, open ports, obsolete hardware, or any combination of these.
    • The scanning and detection of vulnerabilities is the first step. Planning and executing of remediation is next, along with the approach, prioritized sequence of events, and timing.
    • A vendor-supplied software patch or firmware update is often the easy answer, however, this is not always a viable solution. What if you can’t patch in a timely fashion? What if patching is not possible as it will break the application and bring down operations? What if no patch exists due to the age of the application or operating platform?

    “Most organizations do not have a formal process for vulnerability management.” (Morey Haber, VP of Technology, BeyondTrust, 2016)

    Effective vulnerability management

    It’s not easy, but it’s much harder without a process in place.
    • Effective vulnerability management requires a formal process for organizations to follow; without one, vulnerabilities are dealt with in an ad hoc fashion.
    • Patching isn’t the only solution, but it’s the one that often draws focus.
    • Responsibilities for the different aspects of vulnerability management are often unclear, such as for testing, remediation, and implementation.
    • Identifying new threats without proper vulnerability scanning tools can be a near-impossible task.
    • Determining which vulnerabilities are most urgent can be an inconsistent process, increasing the organizational risk.
    • Measuring the effectiveness of your vulnerability remediation activities can help you better manage resources in SecOps and ITOps. Your staff will be spending the appropriate effort on vulnerabilities that warrant that level of attention.

    You’re not just doing this for yourself. It’s also for your auditors.

    Many compliance and regulatory obligations require organizations to have thorough documentation of their vulnerability management practices.

    Vulnerability management revolves around your asset security services

    Diagram with 'Asset Security Services' at the center. On either side are 'Network Security Services' and 'Identity Security Services', all three of which flow up into 'Security Analytics | Security Incident Response', and all four share a symbiotic flow with 'Management' below and contribute to 'Mega Trend Mapping' above. Management is supported by 'Governance'.Vulnerabilities can be found primarily within your assets but also connect to your information risk management. These must be effectively managed as part of a holistic security program.

    Without management, vulnerabilities left unattended can be easy for attackers to exploit. It becomes difficult to identify the correct remediation option to mitigate against the vulnerabilities.

    Vulnerability management works in tandem with SecOps and ITOps

    Vulnerability Management Process Inputs/Outputs:
    'Vulnerability Management (Process and Tool)' outputs are 'Incident Management', 'Release Management', 'Change Management', 'IT Asset Management', 'Application Security Testing', 'Threat Intelligence', and 'Security Risk Management'; inputs are 'Vulnerability Disclosure', 'Threat Intelligence', and 'Security Risk Management'.

    Arrows denote direction of information feed

    Vulnerability management serves as the input into a number of processes for remediation, including:
    • Incident management, to deal with issues
    • Release management, for patch management
    • Change management, for change control
    • IT asset management, to track version information, e.g. for patching
    • Application security testing, for the verification of vulnerabilities

    A two-way data flow exists between vulnerability management and:

    • Security risk management, for the overall risk posture of the organization
    • Threat intelligence, as vulnerability management reveals only one of several threat vectors

    For additional information please refer to Info-Tech’s research for each area:

    • Vulnerability management can leverage your existing processes to gain an operational element for the program.
    • As you strive to mature each of the processes on their own, vulnerability management will benefit accordingly.
    • Review our research for each of these areas and speak to one of our analysts if you wish to improve any of the listed processes.

    Info-Tech’s Information Security Program Framework

    Vulnerability management is a component of the Infrastructure Security section of Security Management

    Information Security Framework with Level 1 and Level 2 capabilities in two main sections, 'Management' and 'Governance'. Level 2 capabilities are grouped within Level 1 capabilities.For more information, review our Build an Information Security Strategy blueprint, or speak to one of our analysts.

    Info-Tech Insight

    Vulnerability management is but one piece of the information security puzzle. Ensure that you have all the pieces!

    Case Study

    Logo for Cimpress.
    INDUSTRY: Manufacturing
    SOURCE: Cimpress, 2016

    One organization is seeing immediate benefits by formalizing its vulnerability management program.

    Challenge

    Cimpress was dealing with many challenges in regards to vulnerability management. Vulnerability scanning tools were used, but the reports that were generated often gave multiple vulnerabilities that were seen as critical or high and required many resources to help address them. Scanning was done primarily in an attempt to adhere to PCI compliance rather than to effectively enable security. After re-running some scans, Cimpress saw that some vulnerabilities had existed for an extended time period but were deemed acceptable.

    Solution

    The Director of Information Security realized that there was a need to greatly improve this current process. Guidelines and policies were formalized that communicated when scans should occur and what the expectations for remediations should be. Cimpress also built a tiered approach to prioritize vulnerabilities for remediation that is specific to Cimpress instead of relying on scanning tool reports.

    Results

    Cimpress found better management of the vulnerabilities within its system. There was no pushback to the adoption of the policies, and across the worldwide offices, business units have been proactively trying to understand if there are vulnerabilities. Vulnerability management has been expanded to vendors and is taken into consideration when doing any mergers and acquisitions. Cimpress continues to expand its program for vulnerability management to include application development and vulnerabilities within any existing legacy systems.

    Step 1.2

    Defining the scope and roles

    Activities
    • 1.2.1 Define the scope and boundary of your organization’s security program
    • 1.2.2 Assign responsibility for vulnerability identification and remediation

    This step will walk you through the following activities:

    Define and understand the scope and boundary of the security program. For example, does it include OT? Define roles and responsibilities for vulnerability identification and remediation

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand how far vulnerability management extends and what role each person in IT plays in the remediation of vulnerabilities

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Determine the scope of your security program

    This will help you adjust the depth and breadth of your vulnerability management program.
    • Determining the scope will help you decide how much organizational risk the vulnerability management program will oversee.
    • Scope can be defined along four aspects:
      • Data Scope – What data elements in your organization does your security program cover? How is data classified?
      • Physical Scope – What physical scope, such as geographies, does the security program cover?
      • Organizational Scope – How are business units engaged with security initiatives? Does the scope cover all subsidiary organizations?
      • IT Scope – What parts of the organization does IT cover? Does their coverage include operational technology (OT) and industrial control systems (ICS)?
    Stock image of figures standing in connected circles.

    1.2.1 Define the scope and boundary of your organization’s security program

    60 minutes

    Input: List of Data Scope, Physical Scope, Organization Scope, and IT Scope

    Output: Defined scope and boundaries of the IT security program

    Materials: Whiteboard/Flip Charts, Sticky Notes, Markers, Vulnerability Management SOP Template

    Participants: Business stakeholders, IT leaders, Security team members

    1. On a whiteboard, write the headers: Data Scope, Physical Scope, Organizational Scope, and IT Scope.
    2. Give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the four scope buckets.
    3. In a group, discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.

    The goal is to identify what your vulnerability management program is responsible for and document it.

    Consider the following:

    How is data being categorized and classified? How are business units engaged with security initiatives? How are IT systems connected to each other? How are physical locations functioning in terms of information security management?

    Download the Vulnerability Management SOP Template

    Assets are part of the scope definition

    An inventory of IT assets is necessary if there is to be effective vulnerability management.

    • Organizations need an up-to-date and comprehensive asset inventory for vulnerability management. This is due to multiple reasons:
      • When vulnerabilities are announced, they will need to be compared to an inventory to determine if the organization has any relevant systems or versions.
      • It indicates where all IT assets can be found both physically and logically.
      • Asset inventories typically have owners assigned to the assets and systems whose responsibility it is to carry out remediations for vulnerabilities.
    • Furthermore, asset inventories can provide insight into where data can be found within the organization. This is extremely useful within a formal data classification program, which plays a large factor in vulnerability management.
    If you need assistance building your asset inventory, review Info-Tech’s Implement Hardware Asset Management and Implement Software Asset Management blueprints.

    Info-Tech Insight

    Create a formal IT asset inventory before continuing with the rest of this project. Otherwise, you risk being at the mercy of a weak vulnerability management program.

    Assign responsibility for vulnerability identification and remediation

    Determine who is critical to effectively detecting and managing vulnerabilities.
    • Some of the remediation steps will involve members of IT management to identify the true organizational risk of a vulnerability.
    • Vulnerability remediation comes in different shapes and sizes. In addition to patching, this can include implementing compensating controls, server and application hardening, or the segregating of vulnerable systems.
      • Who carries out each of these activities? Who coordinates the activities and tracks them to ensure completion?
    • The people involved may be members outside of the security team, such as members from IT operations, infrastructure, and applications. The specific roles that each of these groups play should be clearly identified.
    Stock image of many connected profile photos in a cloud network.

    1.2.2 Assign responsibility for vulnerability identification and remediation

    60 minutes

    Input: Sample list of vulnerabilities and requisite actions from each group, High-level organizational chart with area functions

    Output: Defined set of roles and responsibilities for member groups

    Materials: Vulnerability Management SOP Template

    Participants: CIO, CISO, IT Management representatives for each area of IT

    1. Display the table of responsibilities that need to be assigned.
    2. List all the positions within the IT security team.
    3. Map these to the positions that require IT security team members.
    4. List all positions that are part of the IT team.
    5. Map these to the positions that require IT team members.

    If your organization does not have a dedicated IT security team, you can perform this exercise by mapping the relevant IT staff to the different positions shown on the right.

    Download the Vulnerability Management SOP TemplateSample of the Roles and Responsibilities table from the Vulnerability Management SOP Template.

    Step 1.3

    Cloud considerations for vulnerability management

    Activities

    None for this section.

    This step will walk you through the following activities:

    Review cloud considerations for vulnerability management

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand the various types of cloud offerings and the implications (and limitations) of vulnerability management in a cloud environment.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Cloud considerations

    Cloud will change your approach to vulnerability management.
    • There will be a heavy dependence on the cloud service provider to ensure that vulnerabilities in their foundational technologies have been addressed.
    • Depending on the level of “as-a-Service,” customers will have varying degrees of control and visibility into the underlying operations.
    • With vendor acquiescence, you can set your tool to scan a given cloud environment, depending on how much visibility you have into their environment based on the service you have purchased.
    • Due to compliance obligations of their customers, there is a growing trend among cloud providers to allow more scanning of cloud environments.
    • In the absence of customer scanning capability, vendors may offer attestation of vulnerability management and remediation.
    Table outlining who has control, between the 'Organization' and the 'Vendor', of different cloud capabilities in different cloud strategies.

    For more information, see Info-Tech Research Group’s Document Your Cloud Strategy blueprint.

    Cloud environment scanning

    Cloud scanning is becoming a more common necessity but still requires special consideration.

    An organization’s cloud environment is just an extension of its own environment. As such, cloud environments need to be scanned for vulnerabilities.

    Private Cloud
    If your organization owns a private cloud, these environments can be tested normally.
    Public Cloud
    Performing vulnerability testing against public, third-party cloud environments is an area experiencing rapid growth and general acceptance, although customer visibility will still be limited.

    In many cases, a customer must rely on the vendor’s assurance that vulnerabilities are being addressed in a sufficient manner.

    Security standards’ compliance requirements are driving the need for cloud suppliers to validate and assure that they are appropriately scanning for and remediating vulnerabilities.

    Infrastructure- or Platform-as-a-Service (IaaS or PaaS) Environments
    • There is a general trend for PaaS and IaaS vendors to allow testing if given due notice.
    • Your contract with the cloud vendor or the vendor’s terms and conditions will outline the permissibility of customer vulnerability scanning. In some cases, a cloud vendor will deny the ability to do vulnerability scanning if they already provide a solution as part of their service.
    • Always ensure that the vendor is aware of your vulnerability scanning activity so that false positives aren’t triggering their security measures as possible denial-of-service (DoS) attacks.
    Software-as-a-Service (SaaS) Environments
    • SaaS offers very limited visibility to the services behind the software that the customer sees. You therefore cannot test for patch levels or vulnerabilities.
    • SaaS customers must rely exclusively on the provider for the regular scanning and remediation of vulnerabilities in the back-end technologies supporting the SaaS application.
    • You can only test the connection points to SaaS environments. This involves trying to figure out what you can see, e.g. looking for encrypted traffic.

    Certain testing (e.g. DoS or load testing) will be very limited by your cloud vendor. Cloud vendors won’t open themselves to testing that would possibly impact their operations.

    Step 1.4

    Vulnerability detection

    Activities
    • 1.4.1 Develop a monitoring and review process of third-party vulnerability sources
    • 1.4.2 Incident management and vulnerability management

    This step will walk you through the following activities:

    Create an inventory of your vulnerability monitoring capability and third-party vulnerability information sources.

    Determine how incident management and vulnerability management interoperate.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Catalog of vulnerability information data sources. Understanding of the intersection of incident management and vulnerability management.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Vulnerability detection

    Vulnerabilities can be identified through numerous mediums.

    Info-Tech has determined the following to be the four most common ways to identify vulnerabilities.

    Vulnerability Assessment and Scanning Tools
    • Computer programs that function to identify and assess security vulnerabilities and weaknesses within computers, computer systems, applications, or networks.
    • Using a known vulnerability database, the tool scans targeted hosts or systems to identify flaws and generate reports and recommendations based on the results.
    • There are four main types of tools under this category: network and operating system vulnerability scanners, application scanning and testing tools, web application scanners, and exploitation tools.
    Penetration Tests
    • The act of identifying vulnerabilities on computers, computer systems, applications, or networks followed by testing of the vulnerability to validate the findings.
    • Penetration tests are considered a service that is offered by third-parties in which a variety of products, tools, and methods are used to exploit systems and gain access to data.
    Open Source Monitoring
    • New vulnerabilities are detected daily with each vulnerability’s information being uploaded to an information-sharing platform to enable other organizations to be able to identify the same vulnerability on their systems.
    • Open source platforms are used to alert and distribute information on newly discovered vulnerabilities to security professionals.
    Security Incidents
    • Any time an incident response plan is called into action to mitigate an incident, there should be formal communication with the vulnerability management team.
    • Any IT incident an organization experiences should provide a feed for analysis into your vulnerability management program.

    Automate with a vulnerability scanning tool

    Vulnerabilities are too numerous for manual scanning and detection.
    • Vulnerability management is not only the awareness of the existence of vulnerabilities but that they are actively present in your environment.
    • A vulnerability scanner will usually report dozens, if not hundreds, of vulnerabilities on a regular and recurring basis. Typical IT environments have several dozen, if not hundreds, of servers. We haven’t even considered the amount of network equipment or the hundreds of user workstations in an environment.
    • This tool will give you information of the presence of a vulnerability in your environment and the host on which the vulnerability exists. This includes information on the version of software that contains a vulnerability and whether you are running that version. The tool will also report on the criticality of the vulnerability based on industry criticality ratings.
    • The tools are continually updated by the vendor with the latest definition updates for the latest vulnerabilities out there. This ensures you are always scanning for the greatest number of potential vulnerabilities.
    Automation requires oversight.
    1. Vulnerability scanners bring great automation to the task of scanning and detecting vulnerabilities in high numbers.
    2. Vulnerability scanners, however, do not have your level of intelligence. Any compensating controls, network segregation, or other risk mitigation features that you have in place will not be known by the tool.
    3. Determining the risk and urgency of a vulnerability within the context of your specific environment will still require internal review by you or your SecOps team.

    For guidance on tool selection

    Refer to section 4.3 Selecting and Implement a Scanning Tool in this blueprint.

    Vulnerability scanning tool considerations

    Select a vulnerability scanning tool with the features you need to be effective.
    • Vulnerability scanning tool selection can be an exciting and confusing process. You will need to consider what features you desire in a tool and whether you want the tool to go beyond just scanning and reporting.
    • In addition to vulnerability scanning, some tools will integrate with your IT service management (service desk ticketing system) tool and asset, configuration, and change management modules. This can facilitate the necessary workflow that the remediation process follows once a vulnerability is discovered.
    • A number of vulnerability scanning tool vendors have started offering remediation as part of their software features. This includes the automation and orchestration functionality and configuration and asset management to track its remediation activities.
    • A side benefit of the asset discovery feature in vulnerability scanning tools is that it can help enhance an organization’s asset inventory and license compliance, particularly in cases where end users are able to install software on their workstations.
    Stock photo of a smartphone scanning a barcode.

    For guidance on tool vendors

    Visit SoftwareReviews for information on vulnerability management tools and vendors.

    Vulnerability scanning tool best practices

    How often should scans be performed?

    One-off scans provide snapshots in time. Repeated scans over time provide tracking for how systems are changing and how well patches are being applied and software is being updated.

    The results of a scan (asset inventory, configuration data, and vulnerability data) are basic information needed to understand your security posture. This data needs to be as up to date as possible.

    ANALYST PERSPECTIVE: Organizations should look for continuous scanning

    Continuous scanning is the concept of providing continual scanning of your systems so any asset, configuration, or vulnerability information is up to date. Most vendors will advertise continuous scanning but you need to be skeptical of how this feature is met.

    Continuous Scanning Methods

    Continuous agent scanning

    Real-time scanning that is completed through agent-based scanning. Provides real-time understanding of system changes.

    On-demand scanning

    Cyclical scanning is the method where once you’re done scanning an area, you start it again. This is usually done because doing some scans on some areas of your network take time. How long the scan takes depends on the scan itself. How often you perform a scan depends on how long a scan takes. For example, if a scan takes a day, you perform a daily scan.

    Cloud-based scanning

    Cloud-scanning-as-a-Service can provide hands-free continuous monitoring of your systems. This is usually priced as a subscription model.

    Vulnerability scanning tool best practices

    Where to perform a scan.

    What should be scannedHow to point a scanner
    The general idea is that you want to scan pretty much everything. Here are considerations for three environments:
    Mobile Devices

    You need to scan mobile devices for vulnerabilities, but the problem is these can be hard to scan and often come and go on your network. There are always going to be some devices that aren’t on the network when scanning occurs.

    Several ways to scan mobile devices:

    • Intercept the device when it remotes into your network using a VPN. You catch the device with a remote scan. This can only be done if a VPN is required.
    • An agent-based approach can be used for mobile devices. Locally installed software gives the information needed to evaluate the security posture of a device. Discernibly, concerns around device processing, memory, and network bandwidth come into play. Ease of installation becomes key for agents.
    Virtualization
    • In a virtual environment, you will have servers being dynamically spun up. Ensure your tool is able to scan these new servers automatically.
    • Often, vulnerability scanning tool providers will restrict scanning to preapproved scanners. Look for tools that are preapproved by the VM vendors.
    Cloud Environments
    • You can set your tool to scan a given cloud environment. The main concern here is who owns the cloud. If it is a private cloud, there is little concern.
    • If it is a third-party cloud (AWS, Azure, etc.) you need to confirm with the cloud service provider that scanning of your cloud environment can occur.
    • There is a trend to allow more scanning of cloud environments.
    • You need to tell the scanner an IP address, a group of IP addresses, an asset group, or a combination of those.
    • You can categorize by functional classifications – internet-facing servers, workstations, network devices, etc., or by organizational structure – Finance, HR, Legal, etc.
    • If you have a strong change management system, you can better hone when and where to perform a scan based on actual changes.
    • You can set the number of concurrent outbound TCP connections that are being made. For example, set the tool so it sends out to 10 ports at a time, rather than pinging at 64k ports on a machine, which would flood the NIC.
    • Side Note: Flooding a host with pings from a scanning tool can be done to find out DoS thresholds on a machine. There are no bandwidth concerns for a network DoS, however, because the packets are so small.

    Vulnerability scanning tool best practices

    Communication and measurement

    Pre-Scan Communication With Users

    • It is always important to inform owners and users of systems that a scan will be happening.
    • Although it is unlikely any performance issues will arise, it is important to notify end users of potential impact.
    • Local admins or system owners may have controls in place that stop vulnerability scans and you need to inform the owners so that they can safelist the scanner you will be using.
    Vulnerability Scanning Tool Tracking Metrics
    • Vulnerability score by operating system, application, or organization division.
      • This provides a look at the widely accepted severity of the vulnerability as it relates across the organization’s systems.
    • Most vulnerable applications and application version.
      • This provides insight into how outdated applications are creating risk exposure for an organization.
      • This will also provide metrics on the effectiveness of your patching program.
    • Number of assets scanned within the last number of days.
      • This provides visibility into how often your assets are being scanned and thus protected.
    • Number of unowned devices or unapproved applications.
      • This metric will track how many unowned devices or unapproved applications may be on your network. Unowned devices may be rogue devices or just consultant/contractor devices.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Proactively identify new vulnerabilities as they are announced.

    By monitoring for vulnerabilities as they are announced through industry alerts and open-source mechanisms, it is possible to identify vulnerabilities beyond your scanning tool’s penetration tests.

    Common sources:
    • Vendor websites and mailing lists
      • Vendors are the trusted sources for vulnerability and patch information on their products, particularly with new industry vulnerability disclosure requirements. Vendors are the most familiar with their products, downloads are most likely malware free, and additional information is often included.
      • There are some issues: vendors won’t announce a vulnerability until a patch is created, which creates a potential unknown risk exposure; numerous vendor sites will have to be monitored continually.
    • Third-party websites
      • A non-vendor site providing information on vulnerabilities. They often will cover a specific technology or an industry section, becoming a potential “one-stop shop” for some. They will often provide vulnerability information that is augmented with different remediation recommendations faster than vendors.
      • However, it’s more likely that malicious code could be downloaded and it will often not be comprehensive information on patching.
    • Third-party mailing lists, newsgroups, live paid subscriptions, and live open-source feeds
      • These are alerting and notification services for the detection and dissemination of vulnerability information. They provide information on the latest and most critical vulnerabilities, e.g. US-CERT Cybersecurity Alerts.
    • Vulnerability databases
      • These usually consist of dedicated databases on vulnerabilities. They perform the hard work of identifying and aggregating vulnerability and patch information into a central repository for end-user consumption. The commentary features on these databases provide excellent insight for practitioners, e.g. National Vulnerability Database (NVD).
    Stock photo of a student checking a bulletin board.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Third-party sources for vulnerabilities

    • Open Source Vulnerability Database (OSVDB)
      • An open-source database that is run independently of any vendors.
    • Common Vulnerabilities and Exposures (CVE)
      • Free, international dictionary of publicly known information security vulnerabilities and exposures.
    • National Vulnerability Database (NVD)
      • Through NIST, the NVD is the US government’s repository of vulnerabilities and includes product names, flaws, and any impact metrics.
      • The National Checklist Repository Program (NCRP), also provided by NIST, provides security checklists for configurations of operating systems and applications.
      • The Center for Internet Security, a separate entity unrelated to NIST, provides configuration benchmarks that are often referenced by the NCRP.
    • Open Web Application Security Project (OWASP)
      • OWASP is another free project helping to expose vulnerabilities within software.
    • US-CERT National Cyber Alert System (US-CERT Alerts)
      • Cybersecurity Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.
      • Cybersecurity Tips – Provide advice about common security issues for the general public.
      • Cybersecurity Bulletins – Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
    • US-CERT Vulnerability Notes Database (US-CERT Vulnerability Notes)
      • Database of searchable security vulnerabilities that were deemed not critical enough to be covered under US-CERT Alerts. Note that the NVD covers both US-CERT Alerts and US-CERT Notes.
    • Open Vulnerability Assessment Language (OVAL)
      • Coding language for security professionals to discuss vulnerability checking and configuration issues. Vulnerabilities are identified using tests that are disseminated in OVAL definitions (XML executables that can be used by end users).

    1.4.1 Develop a monitoring and review process for third-party vulnerability sources

    60 minutes

    Input: Third-party resources list

    Output: Process for review of third-party vulnerability sources

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, CISO

    1. Identify what third-party resources are useful and relevant.
    2. Shortlist your third-party sources.
    3. Identify what is the best way to receive information from a third party.
    4. Document the method to receive or check information from the third-party source.
    5. Identify who is responsible for maintaining third-party vulnerability information sources
    6. Capture this information in the Vulnerability Management SOP Template.
    Download the Vulnerability Management SOP TemplateSample of the Third Party Vulnerability Monitoring tables from the Vulnerability Management SOP Template.

    Incidents and vulnerability management

    Incidents can also be a sources of vulnerabilities.

    When any incident occurs, for example:

    • A security incident, such as malware detected on a machine
    • An IT incident, such as an application becomes unresponsive
    • A crisis occurs, like a worker accident

    There can be underlying vulnerabilities that need to be processed.

    Three Types of IT Incidents exist:
    1. Information Security Incident
    2. IT Incident and/or Problem
    3. Crisis

    Note: You need to have developed your various incident response plans to develop information feeds to the vulnerability mitigation process.
    If you are missing an incident response plan, take a look at Info-Tech’s Related Resources.

    Info-Tech Related Resources:
    If you do not have a formalized information security incident management program, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have a formalized problem management process, take a look at Info-Tech’s blueprint Incident and Problem Management.

    If you do not have a formalized IT incident management process, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have formalized crisis management, take a look at Info-Tech’s blueprint Implement Crisis Management Best Practices.

    1.4.2 Incident management and vulnerability management

    60 minutes

    Input: Existing incident response processes, Existing crisis communications plans

    Output: Alignment of vulnerability management program with existing incident management processes

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    1. Inventory what incident response plans the organization has. These include:
      1. Information Security Incident Response Plan
      2. IT Incident Plan
      3. Problem Management Plan
      4. Crisis Management Plan
    2. Identify what part of those plans contains the post-response recap or final analysis.
    3. Formalize a communication process between the incident response plan and the vulnerability mitigation process.

    Note: Most incident processes will cover some sort of root cause analysis and investigation of the incident. If a vulnerability of any kind is detected within this analysis it needs to be reported on and treated as a detected vulnerability, thus warranting the full vulnerability mitigation process.

    Download the Vulnerability Management SOP Template

    Implement Risk-Based Vulnerability Management

    Phase 2

    Triage & prioritize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach, and prepare for remediation options.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Step 2.1

    Triage vulnerabilities

    Activities
    • 2.1.1 Evaluate your identified vulnerabilities

    This step will walk you through the following activities:

    Review your vulnerability information sources and determine a methodology that will be used to consistently evaluate vulnerabilities as your scanning tool alerts you to them.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Triaging vulnerabilities

    Use Info-Tech’s methodology to allocate urgencies to your vulnerabilities to assign the appropriate resources to each one.

    When evaluating numerous vulnerabilities, use the following three factors to help determine the urgency of vulnerabilities:

    • The intrinsic qualities of the vulnerability
    • The business criticality of the affected asset
    • The sensitivity of the data stored on the affected asset

    Intrinsic qualities of the vulnerability — Vulnerabilities need to be examined for the inherent risk they pose specifically to the organization, which includes if an exploit has been identified or if the industry views this as a serious and likely threat.

    Business criticality of the affected asset — Assets with vulnerabilities need to be assessed for their criticality to the business. Vulnerabilities on systems that are critical to business operations or customer interactions are usually top of mind.

    Sensitivity of the data of the affected asset — Beyond just the criticality of the business, there must be consideration of the sensitivity of the data that may be compromised or modified as a result of any vulnerabilities.

    Info-Tech Insight

    This methodology allows you to determine urgency of vulnerabilities, but your remediation approach needs to be risk-based, within the context of your organization.

    Triage your vulnerabilities, filter out the noise

    Triaging enables your vulnerability management program to focus on what it should focus on.

    Use the Info-Tech Vulnerability Mitigation Process Template to define how to triage vulnerabilities as they first appear.

    Triaging is an important step in vulnerability management, whether you are facing ten to tens of thousands of vulnerability notifications.
    Many scanning tools already provide the capability to compare known vulnerabilities against existing assets through integration with the asset inventory.

    There are two major use cases for this process:
    1. For organizations that have identified vulnerabilities but do not know their own systems well enough. This can be due to a lack of a formal asset inventory.
    2. For proactive organizations that are regularly staying up to date with industry announcements regarding vulnerabilities. Once an alert has been made publicly, this process can assist in confirming if the vulnerability is relevant to the organization.
    The Info-Tech methodology for initial triaging of vulnerabilities:
    Flowchart of the Info-Tech methodology for initial triaging of vulnerabilities, beginning with 'Vulnerability has been identified' and ending with either 'Vulnerability has been triaged' or 'No action needed'.

    Even if neither of these use cases apply to your organization, triaging still addresses the issues of false positives. Triaging provides a quick way to determine if vulnerabilities are relevant.

    After eliminating the noise, evaluate your vulnerabilities to determine urgency

    Consider the intrinsic risk to the organization.

    Is there an associated, verified exploit?
    • For a vulnerability to become a true threat to the organization, it must be exploited to cause damage. In today’s threat landscape, exploit kits are sold online that allow individuals with low technical knowledge to exploit a vulnerability.
    • Not all vulnerabilities have an associated exploit, but this does not mean that these vulnerabilities can be left alone. In many cases, it is just a matter of time before an exploit is created.
    • Another point to consider is that while exploits can exist theoretically, they may not be verified. Vulnerabilities always pose some level of risk, but if there are no known verified exploits, there is less risk attached.
    Is there a CVSS base score of 7.0 or higher?
    • Common Vulnerability Scoring System (CVSS) is an open-source industry scoring method to assess the potential severity of vulnerabilities.
    • CVSS takes into account: attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
    • Vulnerabilities that have a score of 4.0 or lower are classified as low vulnerabilities, while scores between 4.0 and 6.9 are put in the medium category. Scores of 7 or higher are in the high and critical categories. As we will review in the Risk Assessment section, you will want to immediately deal with high and critical vulnerabilities.
    Is there potential for significant lateral movement?
    • Even though a vulnerability may appear to be part of an inconsequential asset, it is important to consider whether it can be leveraged to gain access to other areas of the network or system by an attacker.
    • Another consideration should be whether the vulnerability can be exploited by remote or local access. Remote exploits pose a greater risk as this can mean that attackers can perform an exploit from any location. Local exploits carry less risk, although the risk of insider threats should be considered here as well.

    2.1.1 Evaluate your identified vulnerabilities

    60 minutes

    Input: Visio workflow of Info-Tech’s vulnerability management process

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    Using the criteria from the previous slide, Info-Tech has created a methodology to evaluate your vulnerabilities by examining their intrinsic qualities.

    The methodology categorizes the vulnerabilities into high, medium, and low risk importance categorizations, before assigning final urgency scores in the later steps.

    1. Review the evaluation process in the Vulnerability Management Workflow library.
    2. Determine if this process makes sense for the organization; otherwise, change the flow to include any other considerations of process flows.
    3. As this process is used to evaluate vulnerabilities, document vulnerabilities to an importance category. This can be done in the Vulnerability Tracking Tool or using a similar internal vulnerability tracking document, if one exists.

    Download the Vulnerability Management SOP Template

    Step 2.2

    Determine high-level business criticality

    Activities
    • 2.2.1 Determine high-level business criticality
    • 2.2.2 Determine your high-level data classifications

    This step will walk you through the following activities:

    Determining high-level business criticality and data classifications will help ensure that IT security is aligned with what is critical to the business. This will be very important when decisions are made around vulnerability risk and the urgency of remediation action.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    Understanding and consistency in how business criticality and business data is assessed by IT in the vulnerability management process.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Understanding business criticality is key to determining vulnerability urgency

    Prioritize operations that are truly critical to the operation of the business, and understand how they would be impacted by an exploited vulnerability.

    Use the questions below to help assess which operations are critical for the business to continue functioning.

    For example, email is often thought of as a business-critical operation when this is not always the case. It is important to the business, but as regular operations can continue for some time without it, it would not be considered extremely business critical.

    Questions to askDescription
    Is there a hard-dollar impact from downtime?This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it impacts sales, and therefore, revenue.
    Is there an impact on goodwill/ customer trust?If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems mission critical.
    Is regulatory compliance a factor?Depending on the circumstances of the vulnerabilities, it can be a violation of regulatory compliance and would cause significant fines.
    Is there a health or safety risk?Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure that individuals’ health and safety are maintained. An exploited vulnerability that prevents these operations can directly impact the lives of these individuals.
    Don’t start from scratch – your disaster recovery plan (DRP) may have a business impact analysis (BIA) that can provide insight into which applications and operations are considered business critical.

    Analyst Perspective

    When assessing the criticality of business operations, most core business applications may be deemed business critical over the long term.

    Consider instead what the impact is over the first 24 or 48 hours of downtime.

    2.2.1 Determine high-level business criticality

    120 minutes; less time if a Disaster recovery plan business impact analysis exists

    Input: List of business operations, Insight into business operations impacts to the business

    Output: List of business operations and their criticality and impact to the business

    Materials: Vulnerability Management SOP Template

    Participants: Participants from the business, IT Security Manager, CISO, CIO

    1. List your core business operations at a high level.
    2. Use a High, Medium, or Low ranking to prioritize the business operations based on mission-critical criteria and the impact of the vulnerability.
    3. When using the process flow, consider if the vulnerability directly affects any of these business operations and move through the process flow based on the corresponding High, Medium, or Low ranking.
    Example prioritization of business operations for a manufacturing company:Questions to ask:
    1. Is there a hard-dollar impact from downtime?
    2. Is there impact on goodwill or customer trust?
    3. Is regulatory compliance a factor?
    4. Is there a health or safety risk?

    Download the Vulnerability Management SOP Template

    Determine vulnerability urgency by its data classification

    Consider how to classify your data based on if the Confidentiality, Integrity, or Availability (CIA) is compromised.

    To properly classify your data, consider how the confidentiality, integrity, and availability of that data would be affected if it were to be exploited by a vulnerability. Review the table below for an explanation for each objective.
    Confidentiality

    Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

    Integrity

    Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.

    Availability

    Ensuring timely and reliable access to and use of information.

    Each piece of data should be ranked as High, medium, or low across confidentiality, integrity, and availability based on adverse effect.Arrow pointing right.Low — Limited adverse effect

    Moderate — Serious adverse effect

    High — Severe or catastrophic adverse effect

    If you wish to build a whole data classification methodology, refer to our Discover and Classify Your Data blueprint.

    How to determine data classification when CIA differs:

    The overall ranking of the data will be impacted by the highest objective’s ranking.

    For example, if confidentiality and availability are low, but integrity is high, the overall impact is high.

    This process was developed in part by Federal Information Processing Standards Publication 199.

    2.2.2 Determine your high-level data classifications

    120 minutes, less time if data classification already exists

    Input: Knowledge of data use and sensitivity

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, CISO, CIO

    If your organization has formal data classification in place, it should be leveraged to determine the high, medium, and low rankings necessary for the process flows. However, if there is no formal data classification in place, the process below can be followed:

    1. List common assets or applications that are prone to vulnerabilities.
    2. Consider the data that is on these devices and provide a high (severe or catastrophic adverse effect), medium (serious adverse effect), or low (limited adverse effect) ranking based on confidentiality, availability, and integrity.
      1. Use the table on the previous slide to assist in providing the ranking.
      2. Remember that it is the highest ranking that dictates the overall ranking of the data.
    3. Document which data belongs in each of the categories to provide contextual evidence.

    Download the Vulnerability Management SOP Template

    This process should be part of your larger data classification program. If you need assistance in building this out, review the Info-Tech research, Discover and Classify Your Data.

    Step 2.3

    Consider current security posture

    Activities
    • 2.3.1 Document your defense-in-depth controls

    This step will walk you through the following activities:

    Your defense-in-depth controls are the existing layers of security technology that protects your environment. These are relevant when considering the urgency and risk of vulnerabilities in your environment, as they will mitigate some of the risk.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Understanding and documentation of your current defense-in-depth controls.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Review your current security posture

    What you have today matters.
    • In most cases, your vulnerability scanning tool alone will not have the context of your security posture in the results of its scans. This can skew the true urgency of detected vulnerabilities in your environment.
    • What you have in place today is what comprises your organization’s overall security posture. This bears high relevance to the determination of the risk that a vulnerability poses to your environment.
    • Elements such as enterprise architecture and defense in depth mechanisms should be factored into determining the risk of a vulnerability and what kind of immediacy is warranted to address it.
    • Details of your current security posture will also contribute to the assessment and selection of remediation options.
    Stock image of toy soldiers split into two colours, facing eachother down.

    Enterprise architecture considerations

    What does your network look like?
    • Most organizations have a network topology that has been put in place with operational needs in mind. These includes specific vLANs or subnets, broadcast domains, or other methods of traffic segregation.
    • The firewall and network ACLs (access control lists) will manage traffic and the routes that data packets follow to traverse a network.
    • Organizations may physically separate data network types, for example, a network for IT services and one for operational technology (OT)(OT is often known as ICS (industrial control systems) or SCADA (supervisory control and data acquisition)) or other types of production technology.
    • The deployment of distribution and access switches across an enterprise can also be a factor, where a flatter network will have fewer network devices within the topology.
    • In a directory services environment such as Windows Active Directory, servers and applications can be segregated by domains and trust relationships, organizational units, and security groups.
    What’s the relevance to vulnerability management?

    For a vulnerability to be exploited, a malicious actor must find a way to access the vulnerable system to make use of the vulnerability in question.

    Any enterprise architecture characteristics that you have in place may lessen the probability of a successful vulnerability exploit.

    This may potentially “buy time” for SecOps to address and remediate the vulnerability.

    Defense-in-depth

    Defense-in-depth provides extra layers of protection to the organization.

    • Defense-in-depth refers to the coordination of security controls to add layers of security to the organization.
      • This means that even if attackers are able to get past one control or layer, they are hindered by additional security.
    • Defense-in-depth is distinct from the previous section on enterprise architecture as these are security controls put in place with the purpose of being lines of defense within your security posture.
    • This can be extremely useful in managing vulnerabilities; thus, it is important to establish the existing defense-in-depth controls. By establishing the base model for your defense-in-depth, it will allow you to leverage these controls to manage vulnerabilities.
    • Controls are typically distributed across endpoints, network infrastructure, servers, and physical security.

    Note: Defense-in-depth controls do not entirely mitigate vulnerability risk. They provide a way in which the vulnerability cannot be exploited, but it continues to exist on the application. This must be kept in mind as the controls or applications themselves change, as it can re-open the vulnerability and cause potential problems.

    Examples of defense-in-depth controls can consist of any of the following:
    • Antivirus software
    • Authentication security
    • Multi-factor authentication
    • Firewalls
    • Demilitarized zones (DMZ)
    • Sandboxing
    • Network zoning
    • Application whitelisting
    • Access control lists
    • Intrusion detection & prevention systems
    • Airgapping
    • User security awareness training

    2.3.1 Document your defense-in-depth controls

    2 hours, less time if a security services catalog exists

    Input: List of technologies within your environment, List of IT security controls that are in place

    Output: List of defense-in-depth controls

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, Infrastructure Manager, IT Director, CISO

    1. Document the existing defense-in-depth controls within your system.
    2. Review the initial list that has been provided and see if these are controls that currently exist.
    3. Indicate any other controls that are being used by the organization. This may already exist if you have a security services catalog.
    4. Indicate who the owners of the different controls are.
    5. Track the information in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Sample table of security controls within a Defense-in-depth model with column headers 'Defense-in-depth control', 'Description', 'Workflow', and 'Control Owner'.

    Step 2.4

    Risk assessment of vulnerabilities

    Activities
    • 2.4.1 Build a classification scheme to consistently assess impact
    • 2.4.2 Build a classification scheme to consistently assess likelihood

    This step will walk you through the following activities:

    Assessing risk will be the cornerstone of how you evaluate vulnerabilities and what priority you place on remediation. This is actual risk to the organization and not simply what the tool reports without the context of your defense-in-depth controls.

    This step involves the following participants:

    • IT Security Manager
    • IT Operations Management
    • CISO
    • CIO

    Outcomes of this step

    A risk matrix tailored to your organization, based on impact and likelihood. This will provide a consistent, unambiguous way to assess risk across the vulnerability types that is reported by your scanning tool.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Vulnerabilities and risk

    Vulnerabilities must be addressed to mitigate risk to the business.
    • Vulnerabilities are a concern because they are potential threats to the business. Vulnerabilities that are not addressed can turn from potential threats into actual threats; it is only a matter of time and opportunity.
    • Your organization will already be familiar with risk management, as every decision carries a business risk component. There may even be a senior manager assigned as corporate risk officer to manage organizational risk.
    • The organization likely has a risk tolerance level that defines the organization’s risk appetite. This may be measured in dollars, non-productivity time, or other units of inefficiency.
    • The risk of a vulnerability can be calculated using impact and likelihood. Impact is the effect that the vulnerability will have if it is exploited by a malicious actor. Likelihood is the degree to which a vulnerability exploit can possibly occur.
    Stock image of a cartoon character in a tie hanging on the needle of a 'RISK' meter as it sits at 'LOW'.

    Info-Tech Insight

    Risk to the organization is business language that everyone can understand. This is particularly true when the risk is to productivity or to the company’s bottom line.

    A risk-based approach to vulnerability management

    CVSS scores are just the starting point!

    Vulnerabilities are constant.
    • There will always be vulnerabilities in the environment, many of which won’t be reported as they are currently unknown.
    • Don’t focus on trying to resolve all vulnerabilities in your environment. You are neither resourced for it nor can the business tolerate the downtime needed to remediate every single vulnerability.
      • The constant follow of new vulnerabilities will quickly render your efforts useless and it will become a game of “whack-a-mole.”
    • Being able to prioritize which vulnerabilities require appropriate levels of response is crucial to ensuring that an organization stays ahead of the continual flow.
    • Your vulnerability scanning tool will report the severity of a vulnerability, often using an industry Common Vulnerability Scoring System (CVSS) system ranging from 0 to 10. It will then scan your environment for the presence of the vulnerability and report accordingly.
      • Your vulnerability scanning tool will not be aware of any mitigation components in your environment, such as compensating controls, network segregation, server/application hardening, or any other measures that can reduce the risk. That is why determining actual risk is a crucial step.

    Stock image of a whack-a-mole game.

    Info-Tech Insight

    Vulnerability scanning is a valuable function, but it does not tell the full picture. You must determine how urgent a vulnerability truly is, based on your specific environment.

    Prioritize remediation by levels of risk

    Address critical and high risk with high immediacy.

    • Addressing the critical and high-risk vulnerabilities with urgency will ensure that you are addressing a more manageable number of vulnerabilities.
    • An optimized vulnerability management process will address the medium and low risk vulnerabilities within the regular cycle.
    • This may be very similar to what you do today in an ad hoc fashion:
      • Zero-day vulnerabilities tend to warrant a stop in operations and are dealt with immediately (or as soon as a vendor has a fix).
      • The standard remediation process (patching/updating, change of configuration, etc.) happens within a regular controlled time cycle.
    • Formalizing this process will ensure that appropriate attention is given to vulnerabilities that warrant it and that the remaining vulnerabilities are dealt with as a regular, recurring activity.

    Mitigate the risk surface by reducing the time across the phases

    Chart titled 'Mitigate the risk surface by reducing the time across the phases' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. A note on the line reads 'Objective: Reduce risk surface by reducing time to address'. The area between the line and your organization's risk tolerance is labelled 'Risk Surface, to be addressed with high priority'. A bracket around Risk levels 'High' and 'Critical' reads 'Priority focus zone (risk surface)'. Risk lines within levels 'Low' and 'Medium' read 'Follow standard vulnerability management cycles'.

    Risk matrix

    Risk = Impact x Likelihood
    • Info-Tech’s Vulnerability Management Risk Assessment Tool provides a method of calculating the risk of a vulnerability. The risk rating is assigned using the impact of the risk and the likelihood or probability that the event may occur.
    • The tool puts the vulnerability into your organization’s context: How many people will be affected? What service types are vulnerable and how does that impact the business? Is there an anticipated update from the vendor of the system being affected?
    • Urgency of remediation should be based on the business consequences if the vulnerability were to be exploited, relative to the business’ risk tolerance.

    Info-Tech Insight

    Risk determination should be done within the context of your current environment and not simply based on what your vulnerability tool is reporting.

    A risk matrix is useful in calculating a risk rating for vulnerabilities. Risk matrix with axes 'Impact' and 'Time' and individual vulnerabilities mapped onto it via their risk rating. The example 'Organizational Risk Tolerance Threshold' line runs diagonally through the 'Medium' squares.

    2.4.1 Build a classification scheme to consistently assess impact

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Impact. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', 'Network vulnerability', and 'Vendor patch release'.

    2.4.2 Build a classification scheme to consistently assess likelihood

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability that your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Likelihood. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', and 'Network vulnerability'.

    Prioritize based on risk

    Select the best remediation option to minimize risk.

    Through the combination of the identified risk and remediation steps in this phase, the prioritization for vulnerabilities will become clear. Vulnerabilities will be assigned a priority once their intrinsic qualities and threat potential to business function and data have been identified.

    • Remediation options will be identified for the higher urgency vulnerabilities.
    • Options will be assessed for whether they are appropriate.
    • They will be further tested to determine if they can be used adequately prior to full implementation.
    • Based on the assessments, the remediation will be implemented or another option will be considered.
    Prioritization
    1. Assignment of risk
    2. Identification of remediation options
    3. Assessment of options
    4. Implementation

    Remediation plays an incredibly important role in the entire program. It plays a large part in wider risk management when you must consider the risk of the vulnerability, the risk of the remediation option, and the risk associated with the overall process.

    Implement Risk-Based Vulnerability Management

    Phase 3

    Remediate vulnerabilities

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • Identifying potential remediation options.
    • Developing criteria for each option with regards to when to use and when to avoid.
    • Establishing exception procedure for testing and remediation.
    • Documenting the implementation of remediations and verification.

    This phase involves the following participants:

    • CISO, or equivalent
    • Security Manager/Analyst
    • Network, Administrator, System, Database Manager
    • Other members of the vulnerability management team
    • Risk managers for the risk-related steps

    Determining how to remediate

    Patching is only one option.

    This phase will allow organizations to build out the specific processes for remediating vulnerabilities. The overall process will be the same but what will be critical is the identification of the correct material. This includes building the processes around:
    • Identifying and selecting the remediation option to be used.
    • Determining what to do when a patch or update is not available.
    • Scheduling and executing the remediation activity.
    • Continuous improvement.

    Each remediation option carries a different level of risk that the organization needs to consider and accept by building out this program.

    It is necessary to be prepared to do this in real time. Careful documentation is needed when dealing with vulnerabilities. Use the Vulnerability Tracking Tool to assist with documentation in real time. This is separate from using the process template but can assist in the documentation of vulnerabilities.

    Step 3.1

    Assessing remediation options

    Activities
    • 3.1.1 Develop risk and remediation action

    This step will walk you through the following activities:

    With the risk assessment from the previous activity, we can now examine remediation options and make a decision. This activity will guide us through that.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    List of remediation options and criteria on when to consider each.

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Identify remediation options

    There are four options when it comes to vulnerability remediation.

    Patches and Updates

    Patches are software or pieces of code that are meant to close vulnerabilities or provide fixes to any bugs within existing software. These are typically provided by the vendor to ensure that any deployed software is properly protected after vulnerabilities have been detected.

    Configuration Changes

    Configuration changes involve administrators making significant changes to the system or network to remediate against the vulnerability. This can include disabling the vulnerable application or specific element and can even extend to removing the application altogether.

    Remediation

    Compensating Controls

    By leveraging security controls, such as your IDS/IPS, firewalls, or access control, organizations can have an added layer of protection against vulnerabilities beyond the typical patches and configuration changes. This can be used as a measure while waiting to implement another option (if one exists) to reduce the risk of the vulnerability in the short or long term.

    Risk Acceptance

    Whenever a vulnerability is not remediated, either indefinitely or for a short period of time, the organization is accepting the associated risk. Segregation of the vulnerable system can occur in this instance. This can occur in cases where a system or application cannot be updated without detrimental effect to the business.

    Patches and updates

    Patches are often the easiest and most common method of remediation.

    Patches are usually the most desirable remediation solution when it comes to vulnerability management. They are typically provided by the vendor of the vulnerable application or system and are meant to eliminate the existing vulnerability.

    When to use

    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching for the affected systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.

    When to avoid

    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches, which is often the case for critical systems.
    When to consider other remediation options
    • For critical systems, it can be difficult to implement a patch as they often require the system to be rebooted or go through some downtime. There must be consideration towards whether there is a change window approaching if a patch is to be implemented on a business-critical system.
      • If there is no opportunity to implement the patch, or no approaching change window, it is wise to leverage another remediation option.
    • When patches are not currently available from the vendor or they are in production, other remediation options are needed.
    • Other remediation options can be used in tandem with the patch. For example, if a patch is being deferred until the change window, it would be wise to use alternate remediation options to close the vulnerability.

    Compensating controls

    Compensating controls can decrease the risk of vulnerabilities that cannot be (immediately) remediated.

    • Compensating controls are measures put in place when direct remediation measures are impractical or non-existent.
    • Similar to the payment card industry’s PCI DSS 1.0 provision of compensating controls, these are meant to meet the intent or rigor of the original requirement; unlike PCI DSS, these measures are to mitigate risk rather than meet compliance.
    • The compensating control should be viewed as only a temporary measure for dealing with a vulnerability, although circumstances may dictate a degree of permanence in the application of the compensating control.
    • Examples where compensating controls may be needed are:
      • The software vendor is developing an update or patch to address a vulnerability.
      • Through your testing process, a patch will adversely affect the performance or operation of the target system and be detrimental to the business.
      • A critical application will only run on a legacy operating system, the latter of which is no longer supported by the vendor.
      • A legacy application is no longer being supported but is critical to your operations. A replacement, if one exists, will take time to implement.
    Examples of compensating controls
    • Segregating a vulnerable server or application on the network, physically or logically.
    • Hardening the operating system or application.
    • Restricting user logins to the system or application.
    • Implementing access controls on the network route to the system.
    • Instituting application whitelisting.

    Configuration changes

    Configuration changes involve making changes directly to the application or system in which there is a vulnerability. This can vary from disabling or removing the vulnerable element or, in the case of applications built in-house, changing the coding of the application itself. These are commonly used in network vulnerabilities such as open ports.

    When to use

    • A patch is not available.
    • The vulnerable element can be significantly changed, or even disabled, without significantly disrupting the business.
    • The application is built in-house, as the vulnerability must be closed internally.
    • There is adequate testing to ensure that the configuration change does not affect the business.
    • A configuration change in your network or system can affect numerous endpoints or systems, reducing endpoint patching or use of defense-in-depth controls.

    When to avoid

    • When a suitable patch is available.
    • When the vulnerability is on a business-critical element with no nearby change window or it cannot be disabled.
    • When there is no opportunity in which to perform testing to ensure that there are no unintended consequences.
    When to consider other remediation options
    • Configuration changes require careful documentation as changes are occurring to the system and applications. If there is a need to perform a back-out process and return to the original configuration, this can be extremely difficult without clear documentation of what occurred.
    • If business systems are too critical or important to the regular business function to perform any changes, it is necessary to consider other options.

    Info-Tech Insight

    Remember your existing processes: configuration changes may need to be approved and orchestrated through your organization’s configuration and change management processes.

    Case Study

    Remediation options do not have to be used separately. Use the Shellshock 2014 case as an example.

    INDUSTRY: All
    SOURCE: Public Domain
    Challenge

    Bashdoor, more commonly known as Shellshock, was announced on September 24, 2014.

    This bug involved the Bash shell, which normally executes user commands, but this vulnerability meant that malicious attackers could exploit it.

    This was rated a 10/10 by CVSS – the highest possible score.

    Within hours of the announcement, hackers began to exploit this vulnerability across many organizations.

    Solution

    Organizations had to react quickly and multiple remediation options were identified:

    • Configuration changes – Companies were recommended to use other shells instead of the Bash shell.
    • Defense-in-depth controls – Using HTTP server logs, it could be possible to identify if the vulnerability had been exploited.
    • Patches – Many vendors released patches to close this vulnerability including Debian, Ubuntu, and Red Hat.
    Results

    Companies began to protect themselves against these vulnerabilities.

    While many organizations installed patches as quickly as possible, some also wished to test the patch and leveraged defense-in-depth controls in the interim.

    However, even today, many still have the Shellshock vulnerability and exploits continue to occur.

    Accept the risk and do nothing

    By choosing not to remediate vulnerabilities, you must accept the associated risk. This should be your very last option.

    Every time that a vulnerability is not remediated, it continues to pose a risk to the organization. While it may seem that every vulnerability needs to be remediated, this is simply not possible due to limited resources. Further, it can take away resources from other security initiatives as opposed to low-priority vulnerabilities that are extremely unlikely to be exploited.

    Common criteria for vulnerabilities that are not remediated:
    • Affected systems are of extremely low criticality.
    • Affected systems are deemed too critical to take offline to perform adequate remediation.
    • Low urgency is assigned to those vulnerabilities.
    • Cost and time required for the remediation are too high.
    • No adequate solutions exist – the vendor has not released a patch, there are weak defense-in-depth controls, and it is not possible to perform a configuration change.

    Risk acceptance is not uncommon…

    • With an ever-increasing number of vulnerabilities, organizations are struggling to keep up and often, intentionally or unintentionally, accept the risk associated.
    • In the end, non-remediation means full acceptance of the risk and any consequences.

    Enterprise risk management
    Arrow pointing up.
    Risk acceptance of vulnerabilities

    While these are common criteria, they must be aligned to the enterprise risk management framework and approved by management.

    Don’t forget the variables that were assessed in Phase 2. This includes the risk from potential lateral movement or if there is an existing exploit.

    Risk considerations

    When determining if risk acceptance is appropriate, consider the cost of not mitigating vulnerabilities.

    Don’t accept the risk because it seems easy. Consider the financial impact of leaving vulnerabilities open.

    With risk acceptance, it is important to review the financial impact of a security incident resulting from that vulnerability. There is always the possibility of exploitation for vulnerabilities. A simple metric taken from NIST SP800-40 to use for this is:

    Cost not to mitigate = W * T * R

    Where (W) is the number of work stations, (T) is the time spent fixing systems or lost in productivity, and (R) is the hourly rate of the time spent.

    As an example provided by NIST SP800-40 Version 2.0, Creating a Patch and Vulnerability Management Program:

    “For an organization where there are 1,000 computers to be fixed, each taking an average of 8 hours of down time (4 hours for one worker to rebuild a system, plus 4 hours the computer owner is without a computer to do work) at a rate of $70/hour for wages and benefits:

    1,000 computers * 8 hours * $70/hour = $560,000”

    Info-Tech Insight

    Always consider the financial impact that can occur from an exploited vulnerability that was not remediated.

    3.1.1 Develop risk and remediation action

    90 minutes

    Input: List of remediation options

    Output: List of remediation options sorted into “when to use” and “when to avoid” lists

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT Infrastructure Manager, IT Operations Manager, Corporate Risk Officer, CISO

    It is important to define and document your organization-specific criteria for when a remediation option is appropriate and inappropriate.

    1. List each remediation option on a flip chart and create two headings: “When to use” and “When to avoid.”
    2. Each person will list “when to use” criteria on a green sticky note and “when to avoid” criteria on a red one for each option; these will be placed on the appropriate flip chart.
    3. Discuss as a group which criteria are appropriate and which should be removed.
    4. Move on to the next remediation option when completed.
      • Ensure to include when there are remediation options that will be connected. For example, the risk may be accepted until the next available change window, or a defense-in-depth control is used before a patch can be fully installed.
    5. Once the criteria has been established, document this in the Vulnerability Management SOP Template.
    When to use:
    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching, especially for critical systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.
    When to avoid:
    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it has caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches.
    (Example from the Vulnerability Management SOP Template for Patches.)

    Download the Vulnerability Management SOP Template

    Step 3.2

    Scheduling and executing remediation

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although there are no specific activities for this section, it will walk you through your existing processes configuration and change management to ensure that you are leveraging those activities in your vulnerability remediation actions.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Gained understanding of how IT operations processes configuration and change management can be leveraged for the vulnerability remediation process. Don’t reinvent the wheel!

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Implementing the remediation

    Vulnerability management converges with your IT operations functions.
    • Once a remediation strategy has been formulated, you can leverage your release and change management processes to orchestrate the testing, version tracking, scheduling, approval, and implementation activities.
    • Each of these processes should exist in your environment in some form. Leveraging these will engage the IT operations team to carry out their tasks in the remediation process.
    • There can be a partial or full handoff to these processes, however, the owner of the vulnerability management program is responsible for verifying the application of the remediation measure and that the overall risk has been reduced.
    • Although full blueprints exist that cover each of these processes in great detail, the following slides provide an overview of each of these IT operations processes and how they intersect with vulnerability management.
    Stock image of a person on a laptop overlaid by an icon with gears indicating settings.

    Release Management

    Control the quality of deployments and releases of software updates.

    • The release management process exists to ensure that new software releases (such as patches and updates) are properly tested and documented with version control prior to their implementation into the production environment.
    • The process should map out the logistics of the deployment process to ensure that it is consistent and controlled.
    • Testing is an important part of release management and the urgency of a vulnerability remediation operation can expedite this process to ensure minimal delays. Once testing has been completed successfully, the update is then “promoted” to production-ready status and submitted into the change management process.
    • Often a separate release team may not exist, however, release management still occurs.

    For guidance on implementing or improving your release management process, refer to Info-Tech’s Stabilize Release and Deployment Management blueprint or speak to one of our experts.

    Info-Tech Insight

    Many organizations don’t have a separate release team. Rather, whomever is doing the deployment will submit a change request and the testing details are vetted through the organization’s change management process.

    For guidance on the change management process review our Optimize Change Management blueprint.

    Change Management

    Leverage change control, interruption management, approval, and scheduling.
    • Change management likely exists in some shape or form in your organization. There is usually someone or a committee, such as a change advisory board (CAB), that gives approval for a change.
    • Leveraging the change management process will ensure that your vulnerability remediation has undergone the proper review and approval before implementation. There will usually be business sign-off as part of a change management approval process.
    • Communication will also be integrated in the change management process, so the change manager will ensure that appropriate, timely communications are sent to the proper key stakeholders.
    • The change management process will link to release management and configuration management processes if they exist.

    For further guidance on implementing or improving your change management process, refer to Info-Tech’s Optimize Change Management blueprint or speak to one of our experts.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” (VP IT, Federal Credit Union)

    Post-implementation activities

    Vulnerability remediation isn’t a “set it and forget it” activity.
    • Once vulnerability remediation has occurred, it is imperative that the results are reported back to the vulnerability management program manager. This ensures that the loop is closed and the tracking of the remediation activity is done properly.
      • Organizations that are subject to audit by external entities will understand the importance of such documentation.
    • The results of post-implementation review from the change management process will be of great interest, particularly if there was any deviation from the planned activities.
    • Although change execution will usually undergo some form of testing during the maintenance window, there is always the possibility that something has broken as a result of the software update. Be quick to respond to these types of incidents!
      • One example of an issue that is near impossible to test during a maintenance window is one that manifests only when the system or software comes under load. This is what makes for busy Monday mornings after a weekend change window.
    A scan with your vulnerability management software after remediation can be a way to verify that the overall risk has been reduced, if remediation was done by way of patching/updates.

    Info-Tech Insight

    After every change completion, whether due to vulnerability remediation or not, it is a good idea to ensure that your infrastructure team increases its monitoring diligence and that your service desk is ready for any sudden influx of end-user calls.

    Step 3.3

    Continuous improvement

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although this section has no activities, it will review the process by which you may continually improve vulnerability management.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    An understanding of the importance of ongoing improvements to the vulnerability management program.

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Drive continuous improvement

    • Also known as “Continual Improvement” within the ITIL best practice framework.
    • Your vulnerability management program will not be perfect on first launch. In fact, due to the ever-changing nature of vulnerabilities and the technology designed to detect and combat vulnerabilities, the processes within your vulnerability management program will need to be tweaked from time to time.
    • Continuous improvement is a sustained, proactive approach to process improvement. The practice allows for all process participants to observe and suggest incremental improvements that can help improve the overall process.
    • In many cases, continuous improvement can be triggered by changes in the environment. This makes perfect sense for vulnerability management process improvement as a change in the environment will require vulnerability scanning to ensure that such changes have not introduced new vulnerabilities into the environment, increasing your risk surface.
    • One key method to tracking continuous improvement is through the effective use of metrics, covered in Section 4.1 of this blueprint.
    “The success rate for continual improvement efforts is less than 60 percent. A major – if not the biggest – factor affecting the deployment of long-term continual improvement initiatives today is the fundamental change taking place in the way companies manage and execute work.” (Industry analyst at a consulting firm, 2014)

    Continuous Improvement

    Continuously re-evaluate the vulnerability management process.

    As your systems and assets change, your vulnerability management program may need updates in two ways.

    When new assets and systems are introduced:

    • When new systems and assets are introduced, it is important for organizations to recognize how these can affect vulnerability management.
    • It will be necessary to identify the business criticality of the new assets and systems and the sensitivity of the data that can be found on them.
    • Without doing so, these will be considered rogue systems or assets – there is no clear process for assigning urgencies.
    • This will only cause problems as actions may be taken that are not aligned with the organization’s risk management framework.

    Effective systems and asset management are needed to track this. Review Info-Tech’s Implement Systems Management to Improve Availability and Visibility blueprint for more help.

    Document any changes to the vulnerability management program in the Vulnerability Management SOP Template.

    When defense-in-depth capabilities are modified:

    • As you build an effective security program, more controls will be added that can be used to protect the organization.
    • These should be documented and evaluated based on ability to mitigate against vulnerabilities.
    • The defense-in-depth model that was previously established should be updated to include the new capabilities that can be used.
    • Defense-in-depth models are continually evolving as the security landscape evolves, and organizations must be ready for this.

    To assist in building a defense-in-depth model, review Build an Information Security Strategy.

    Implement Risk-Based Vulnerability Management

    Phase 4

    Measure and formalize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • You will determine what ought to be measured to track the success of your vulnerability management program.
    • If you lack a scanning tool this phase will help you determine tool selection.
    • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • Procurement representatives
    • CISO
    • CIO

    Step 4.1

    Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Activities
    • 4.1.1 Measure your program with metrics, KPIs, and CSFs

    This step will walk you through the following activities:

    After a review of the differences between raw metrics, key performance indicators (KPI), and critical success factors (CSF), compile a list of what metrics you will be tracking, why, and the business goals for each.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    Outline of metrics you can configure your vulnerability scanning tool to report on.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    You can’t manage what you can’t measure

    Metrics provides visibility.

    • Management consultant Peter Drucker introduced the concept of metrics tied to key performance indicators (KPIs), and the concept holds true: without metrics, you lack the visibility to manage or improve a process.
    • Metrics aren’t just a collection of statistics, they have to be meaningful, they have to tell the story, and most importantly, they have to answer the “so what?” question. What is the significance of a metric – do they illustrate a trend or an anomaly? What actions should be carried out when a metric hits a certain threshold?
    • It would be prudent to track several metrics that can be combined to tell the full story. For example, tracking the number of critical vulnerabilities alone does not give a sense of the overall risk to the organization, nor does it offer any information on how quickly they have been remediated or what amount of effort was invested.
    Stock image of measuring tape.

    Metrics, KPIs, and CSFs

    Tracking the right information and making the information relevant.
    • There is often confusion between raw metrics, key performance indicators, and critical success factors.
    • Raw metrics are what is trackable from your systems and processes as a set of measurements without any context. Raw metrics in themselves are useful in telling the story of “what are we doing?”
    • KPIs are the specific metric or combination of metrics that help you track or gauge performance. KPIs tell the story of “how are we doing?” or “how well are we doing?”
    • CSFs are the specific KPIs that track the activities that are absolutely critical to accomplish for the business or business unit to be successful.
    The activity tracker on your wrist is a wealth of metrics, KPIs, and CSFs.

    If you wear an activity tracker, you are likely already familiar with the differences between metrics, key performance indicators, and critical success factors:

    • The raw metrics are your heart rate, step count, hours of sleep, caloric intake, etc.
    • KPIs are the individual goals that you have set: maintain a heart rate within the appropriate range for your age/activity level, achieve a step count goal per day, get x hours of sleep per night, consume a calorie range of y per day, etc.
    • CSFs are your overall goal: increase your cardiovascular capacity, lose weight, feel more energetic, etc.

    Your security systems can be similarly measured and tracked – transfer this skill!

    Tracking relevant information

    Tell the story in the numbers.

    Below are a number of suggested metrics to track, and why.

    Business Goal

    Critical Success Factor

    Key Performance Indicator

    Metric to track

    Minimize overall risk exposureReduction of overall risk due to vulnerabilitiesDecrease in vulnerabilitiesTrack the number of vulnerabilities year after year.
    Appropriate allocation of time and resourcesProper prioritization of vulnerability mitigation activitiesDecrease of critical and high vulnerabilitiesTrack the number of high-urgency vulnerabilities.
    Consistent timely remediation of threats to the businessMinimize risk when vulnerabilities are detectedRemediate vulnerabilities more quicklyMean time to detect: track the average time between the identification to remediation.
    Track effectiveness of scanning toolMinimize the ratio, indicating that the tool sees everythingRatio between known assets and what the scanner tracksScanner coverage compared to known assets in the organization.
    Having effective tools to track and addressAccuracy of the scanning toolDifference or ratio between reported vulnerabilities and verified onesNumber of critical or high vulnerabilities verified, between the scanning tool’s criticality rating and actual criticality.
    Reduction of exceptions to ensure minimal exposureVisibility into persistent vulnerabilities and risk mitigation measuresNumber of exceptions grantedNumber of vulnerabilities in which little or no remediation action was taken.

    4.1.1 Measure your program with metrics, KPIs, and CSFs

    60 minutes

    Input: List of metrics current being measured by the vulnerability management tool

    Output: List of relevant metrics to track, and the KPIs, CSFs, and business goals related to the metric

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT operations management, CISO

    Metrics can offer a way to view how the organization is dealing with vulnerabilities and if there is improvement.

    1. Determine the high-level vulnerability management goals for the organization.
    2. Even with a formal process in place, the organization should be considering ways it can improve.
    3. Determine metrics that can help quantify those goals and how they can be measured.
    4. Metrics should always be easy to measure. If it’s a complex process to find the information required, it means that it is not a metric that should be used.
    5. Document your list of metrics in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Step 4.2

    Vulnerability Management Policy

    Activities
    • 4.2.1 Update the vulnerability management program policy

    This step will walk you through the following activities:

    If you have a vulnerability management policy, this activity may help augment it. Otherwise, if you don’t have one, this would be a great starting point.

    This step involves the following participants:

    • IT Security Manager
    • CISO
    • CIO
    • Human resources representative

    Outcomes of this step

    An inaugural policy covering vulnerability management

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Vulnerability Management Program Policy

    Policies provide governance and enforcement of processes.
    • Policies offer formal guidance on the “rules” of a program, describing its purpose, scope, detailed program description, and consequences of non-compliance. Often they will have a employee sign-off acknowledging understanding.
    • In many organizations, policies are endorsed by senior executives, which gives the policy its “teeth” across the company. The human resources department will always have input due to the implications of the non-compliance aspect.
    • Policies are written to ensure an outcome of consistent expected behavior and are often written to protect the company from liability.
    • Policies should be easy to understand and unambiguous, reflect the current state, and be enforceable. Enforceability can come in the form of audit, technology, or any other means of determining compliance and enforcing behavior.
    Stock image of a judge's gavel.

    4.2.1 Update the vulnerability management policy

    60 minutes

    Input: Vulnerability Management SOP, HR guidance on policy creation and approval

    Output: Completed Vulnerability Management Policy

    Materials: Vulnerability Management SOP, Vulnerability Management Policy Template

    Participants: IT Security Manager, IT operations management, CISO, Human resources representative

    After having built your entire process in this project, formalize it into a vulnerability management policy. This will set the standards and expectations for vulnerability management in the organization, while the process will be around the specific actions that need to be taken around vulnerability management.

    This is separate and distinct from the Vulnerability Management SOP Template, which is a process and procedure document.
    1. Review Info-Tech’s Vulnerability Management Policy and customize it to your organization’s specifications.
    2. Use your Vulnerability Management SOP as a resource when specifying some of the details within the policy.
    Sample of Info-Tech's Vulnerability Management Policy Template

    Download the Vulnerability Management Policy Template

    Step 4.3

    Select and implement a scanning tool

    Activities
    • 4.3.1 Create an RFP for vulnerability scanning tools

    This step will walk you through the following activities:

    If you need to select a new vulnerability scanning tool, or replace your existing one, this activity will help set up a request for proposal (RFP).

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Vulnerability management and penetration testing

    Similar in nature, yet provide different security functions.

    Vulnerability Scanning Tools

    Scanning tools focus on the network and operating systems. These tools look for items such as missing patches or open ports. They won’t detect specific application vulnerabilities.

    Exploitation Tools

    These tools will look to exploit a detected vulnerability to validate it.

    Penetration Tests

    A penetration test simulates the actions of an external or internal cyber attacker that aims to breach the information security of the organization. (Formal definition of penetration test)

    ‹————— What’s the difference again? —————›
    Vulnerability scanning tools are just one type of tool.When you add an exploitation tool to the mix, you move down the spectrum.Penetration tests will use scanning tools, exploitation tools, and people.

    What is the value of each?

    • For vulnerability scans, the person performing the scan provides the value – value comes from the organization itself.
    • For exploitation tools on their own, the value comes from the tool itself being used in a safe environment.
    • For penetration tests, the tester is providing the value. They are the value add.

    What’s the implication for me?

    Info-Tech Recommends:
    • A combination of vulnerability scanning and penetration testing. This will improve your security posture through systematic risk reduction and improve your security program through the testing of prevention, detection, and response capabilities with unique recommendations being generated.
    • Start with as much vulnerability scanning as possible to identify gaps to fix and then move onto a penetration test to do a more robust and validated assessment.
    • For penetration tests, start with a transparent box test first, then move to an opaque box. Ideally, this is done with different third parties.

    Vulnerability scanning software

    All organizations can benefit from having one.

    Scanning tools will benefit areas beyond just vulnerability management

    • Network security: It improves the accuracy and granularity of your network security technologies such as WAFs, NGFWs, IDPS, and SIEM.
    • Asset management: Vulnerability scanning can identify new or unknown assets and provide current status information on assets.
    • System management: Information from a vulnerability scan supports baselining activities and determination of high-value and high-risk assets.

    Vulnerability Detection Use Case

    Most organizations use scanners to identify and assess system vulnerabilities and prioritize efforts.

    Compliance Use Case

    Others will use scanners just for compliance, auditing, or larger GRC reasons.

    Asset Discovery Use Case

    Many organizations will use scanners to perform active host and application identification.

    Scanning Tool Market Trends

    Vulnerability scanning tools have expanded value from conventional checking for vulnerabilities to supporting configuration checking, asset discovery, inventory management, patch management, SSL certificate validation, and malware detection.

    Expect to see network and system vulnerability scanners develop larger vulnerability management functions and develop exploitation tool functionality. This will become a table stakes option enabling organizations to provide higher levels of validation of detected vulnerabilities. Some tools already possess these capabilities:

    • Core Impact is an exploitation tool with vulnerability scanning aspects.
    • Metasploit is an exploitation tool with some new vulnerability scanning aspects.
    • Nessus is mainly a vulnerability scanning tool but has some exploitation aspects.

    Device proliferation (BYOD, IoT, etc.) is increasing the need for stronger vulnerability management and scanners. This is driving the need for numerous device types and platform support and the development of baseline and configuration norms to support system management.

    Increased regulatory or compliance controls are also stipulating the need for vulnerability scanning, especially by a trusted third party.

    Organizations are outsourcing security functions or moving to cloud-based deployment options for any security technology they can. Expect to see massive growth of vulnerability scanning as a service.

    Vulnerability scanning market

    There are several technology types or functional differentiators that divide the market up.

    Vulnerability Exploitation Tools

    • These will actually test defences and better emulate real life than just scanning. These tools include packet manipulation tools (such as hping) and password cracking tools (such as John the Ripper or Cain and Abel).
    • These tools will provide much more granular information on your network, operations systems, and applications.
    • The main limitation of these tools is how to use them. If you do not have development or test environments that mimic your real production environments to run the exploit tools, these tools may not be appropriate. It may work if you can find some downtime on production systems, but only in very specific and careful instances.
    • Lower maturity security programs usually just do network and application vulnerability scanning. Higher maturity programs will also use penetration testing, application testing, and vulnerability exploitation tools.
    • Network vulnerability scanning tools should always be used. Once you identify any servers or ports running web applications, then you run a web application vulnerability scanner.
    • Exploitation tools and application testing tools are used in more specific use cases that are often related to more-demanding security programs.

    Scanning Tool Market Trends

    • These are considered baseline tools and are near commoditization.
    • Vulnerability scanning tools are not granular enough to detect application-level vulnerabilities (thus the need for application scanners and testing tools) and they don’t validate the exploitability of the vulnerability (thus the need for exploit tools).

    Web Application Scanning Tools

    These tools perform dynamic application security testing (DAST) and static application security testing (SAST).

    Application Scanning and Testing Tools

    • These perform a detailed scan against an application to detect any problematic or malicious code and try to break the application using known vulnerabilities.
    • These tools will identify if something is vulnerable to an exploit but won’t actually run the exploit.
    • These tools are evaluated based on their ability to detect application-specific issues and validate them.

    Vulnerability scanning tool features

    Evaluate vulnerability scanning tools on specific features or functions that are the best differentiators.

    Differentiator

    Description

    Deployment OptionsDo you want a traditional on-premises, cloud-based, or managed service?
    Vulnerability Database CoverageScanners use a library of known vulnerabilities to test for. Evaluate based on the amount of exploits/vulnerabilities the tool can scan for.
    Scanning MethodEvaluate if you want agent-based, authenticated active, unauthenticated active, passive, or some combination of those scanning methods.
    IntegrationWhat is the breadth of other security and non-security technologies the tool can integrate with?
    RemediationHow detailed are the recommended remediation actions? The more granular, the better.

    Differentiator

    Description

    PrioritizationDoes the tool evaluate vulnerabilities based on commonly accepted methods or through a custom-designed prioritization methodology?
    Platform SupportWhat is the breadth of environment, application, and device support in the tool? Consider your need for virtual support, cloud support, device support, and application-specific support. Also consider how often new scanning modules are supported (e.g. how quickly Windows 10 was supported).
    PricingAs with many security controls that have been around for a long time and are commonly used, pricing becomes a main consideration, especially when there are so many open-source options available.

    Common areas people mistake as tool differentiators:

    • Accuracy – Scanning tools are evaluated more on efficiency than effectiveness. Evaluate on the ability to detect, remediate, and manage vulnerabilities rather than real vulnerability detection and the number of false positives. To reduce false positives, you need to use exploitation tools.
    • Performance – Scanning tools have such a small footprint in an environment and the actual scanning itself is such a small impact that evaluation on performance doesn’t matter.

    For more information on vulnerability scanning tools and how they rate, review the Vulnerability Management category on SoftwareReviews.

    Vulnerability scanning deployment options

    Understand the different deployment options to identify which is best for your security program.

    Option

    Description

    Pros

    Cons

    Use Cases

    On-PremisesEither an on-premises appliance or an on-premises virtualized machine that performs external and internal scanning.
    • Small resource need, so limited network impact.
    • Strong internal scanning.
    • Easier integration with other technologies.
    • Network footprint and resource usage.
    • Maintenance and support costs.
    • Most common deployment option.
    • Appropriate if you have cloud concerns or strong internal network scanning, or if you require strong integration with other systems.
    CloudEither hosted on a public cloud infrastructure or hosted by a third party and offered “as a service.”
    • Small network footprint.
    • On-demand scanning as needed.
    • Optimal external scanning capabilities.
    • Can only do edge-related scanning unless authenticated or agent based.
    • No internal network scanning with passive or unauthenticated active scanning methods.
    • Very limited network resources.
    • Compliance obligations that dictate external vulnerability scanning.
    ManagedA third party is contracted to manage and maintain your vulnerability scanner so you can dedicate resources elsewhere.
    • Expert management of environment scanning, optimizing tool usage.
    • Most scanning work time is report customization and tuning and remediation efforts; thus, managed doesn’t provide sizable resource alleviation.
    • Third party has and owns the vulnerability information.
    • Limited staff resources or expertise to maintain and manage scanner.

    Vulnerability scanning methods

    Understand the different scanning methods to identify which tool best supports your needs.

    Method

    Description

    Pros

    Cons

    Use Cases

    Agent-Based ScanningLocally installed software gives the information needed to evaluate the security posture of a device.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Device processing, memory, and network bandwidth impact.
    • Asset without an agent is not scanned.
    • Need for continuous scanning.
    • Organization has strong asset management
    Authenticated Active ScanningTool uses authenticated credentials to log in to a device or application to perform scanning.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Best accuracy for vulnerability detection across a network.
    • Aggregation and centralization of authenticated credentials creates a major risk.
    • All use cases.
    Unauthenticated Active ScanningScanning of devices without any authentication.
    • Emulates realistic scan by an attacker.
    • Provides limited scope of scanning.
    • Some compliance use cases.
    • Perform after either agent or authenticated scanning.
    Passive ScanningScanning of network traffic.
    • Lowest resource impact.
    • Not enough information can be provided for true prioritization and remediation.
    • Augmenting scanning technique to agent or authenticated scanning.

    IP Management and IPv6

    IP management and the ability to manage IPv6 is a new area for scanning tool evaluation.

    Scanning on IPv4

    Scanning tools create databases of systems and devices with IP addresses.
    Info-Tech Recommends:

    • It is easier to do discovery by directing the scanner at a set IP address or range of IP addresses; thus, it’s useful to organize your database by IPs.
    • Do discovery by phases: Start with internet-facing systems. Your perimeter usually is well-defined by IP addresses and system owners and is most open to attack.
    • Stipulate a list of your known IP addresses through the DHCP registration and perform a scan on that.
    • Depending on your IP address space, another option is to scan your entire IP address space.

    Current Problem With IP Addresses

    IP addresses are becoming no longer manageable or even owned by organizations. They are often provided by ISPs or other third parties.

    Even if it is your range, chances are you don't do static IP ranges today.

    Info-Tech Recommends:

    • Agent-based scanning or MAC address-based scanning
    • Use your DHCP for scanning

    Scanning on IPv6

    First, you need to know if your organization is moving to IPv6. IPv6 is not strategically routed yet for most organizations.

    If you are moving to IPv6, Info-Tech recommends the following:

    • Because you cannot point a scanner at an IPv6 IP range, any scanning tool needs to have a strategy around how to handle IPv6 and properly scan based on IP ranges.
    • You need to know IPv4 to IPv6 translations.
    • Evaluate vulnerability scanning tools on whether any IPv6 features are on par with IPv4 features.

    If you are already on IPv6, Info-Tech recommends the following:

    • If you are on an IPv6 native network, it is nearly impossible to scan the network. You have to always scan your known addresses from your DHCP.

    4.3.1 Create an RFP for vulnerability scanning tools

    2 hours

    Input: List of key feature requirements for the new tool, List of intersect points with current software, Network topology and layout of servers and applications

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Vulnerability Scanning Tool RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use a request for proposal (RFP) template to convey your desired scanning tool requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your scanning tool RFP, based on people, process, and technology requirements.
    2. Consider items such as the desired capabilities and the scope of the scanning.
    3. Conduct interviews with relevant stakeholders to determine the exact requirements needed.
    4. Use Info-Tech’s Vulnerability Scanning Tool RFP Template. It lists many requirements but can be customized to your organization’s specific needs.

    Download the Vulnerability Scanning Tool RFP Template

    4.3.1 Create an RFP for vulnerability scanning tools (continued)

    Things to Consider:
    • Ensure there is adequate resource dedication to support and maintenance for vulnerability scanning.
    • Consider if you will benefit from an RFP. If there is a more appropriate option for your need and your organization, consider that instead.
    • If you don’t know the product you want, then perform an RFI.
    • In the RFP, you need to express your driving needs for the tool so the vendor can best understand your use case.
    • Identify who should participate in the RFP creation and evaluation. Make sure they have time available and it does not conflict with other items.
    • Determine if you want to send it to a select few or if you want to send it to a lot of vendors.
    • Determine a response date so you can know who is soliciting your business.
    • You need to have a process to handle questions from vendors.
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Vulnerability Scanning Tool RFP Template

    Step 4.4

    Penetration testing

    Activities
    • 4.1.1 Create an RFP for penetration tests

    This step will walk you through the following activities:

    We will review penetration testing, its distinction from vulnerability management, and why you may want to engage a penetration testing service.

    We provide a request for proposal (RFP) template that we can review if this is an area of interest.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Penetration testing

    Penetration tests are critical parts of any strong security program.

    Penetration testing will emulate the methods an attacker would use in the real world to circumvent your security controls and gain access to systems and data.

    Penetration testing is much more than just running a scanner or other automated tools and then generating a report. Penetration testing performs critical exploit validation to create certainty around your vulnerability.

    The primary objective of a penetration test is to identify and validate security weaknesses in an organization’s security systems.

    Reasons to Test:

    • Assess current security control effectiveness
    • Develop an action plan of items
    • Build a business case for a better security program
    • Increased security budget through vulnerability validation
    • Third-party, unbiased validation
    • Adhere to compliance or regulatory requirements
    • Raise security awareness
    • Demonstrate how an attacker can escalate privileges
    • Effective way to test incident response

    Regulatory Considerations:

    • There is a lot of regulatory wording saying that organizations can’t get a system that is managed, integrated, and supported by one vendor and then have it tested by the same vendor.
    • There is the need for separate third-party testing.
    • Penetration testing is required for PCI, cloud providers, and federal entities.

    How and where is the value being generated?

    Penetration testing is a service provided by trained and tested professionals with years of experience. The person behind the test is the most important part of the test. The person is able to emulate a real-life attacker better than any computer. It is just a vulnerability scan if you use tools or executables alone.

    “A penetration test is an audit with validation.” (Joel Shapiro, Vice President Sales, Digital Boundary Group)

    Start by considering the spectrum of penetration tests

    Network Penetration Tests

    Conventional testing of network defences.

    Testing vectors include:

    • Perimeter infrastructure
    • Wireless, WEP/WPA cracking
    • Cloud penetration testing
    • Telephony systems or VoIP
    Types of tests:
    • Denial-of-service testing
    • Out-of-band attacks
    • War dialing
    • Wireless network testing/war driving
    • Spoofing
    • Trojan attacks
    • Brute force attacks
    • Watering hole attacks
    • Honeypots
    • Cloud-penetration testing
    Application Penetration Tests

    Core business functions are now being provided through web applications, either to external customers or to internal end users.

    Types: Web apps, non-web apps, mobile apps

    Application penetration and security testing encompasses:

    • Code review – analyzing the application code for sensitive information of vulnerabilities in the code.
    • Authorization testing – testing systems responsible for user session management to see if unauthorized access can be permitted.
    • Authentication process for user testing.
    • Functionality testing – test the application functionality itself.
    • Website pen testing – active analysis of weaknesses or vulnerabilities.
    • Encryption testing – testing things like randomness or key strength.
    • User-session integrity testing.
    Human-Centric Testing
    • Penetration testing is developing a people aspect as opposed to just being technology focused.
    • End users and their susceptibility to social engineering attacks (spear phishing, phone calls, physical site testing, etc.) is now a common area to test.
    • Social engineering penetration testing is not only about identifying your human vulnerabilities, but also about proactively training your end users. As well as discovering and fixing potential vulnerabilities, social engineering penetration testing will help to raise security awareness within an organization.

    Info-Tech Insight

    Your pen test should use multiple methods. Demonstrating weakness in one area is good but easy to identify. When you blend techniques, you get better success at breaching and it becomes more life-like. Think about prevention, detection, and response testing to provide full insight into your security defenses.

    Penetration testing types

    Evaluate four variables to determine which type of penetration test is most appropriate for your organization.

    Evaluate these dimensions to determine relevant penetration testing.

    Network, Application, or Human

    Evaluate your need to perform different types of penetration testing.

    Some level of network and application testing is most likely appropriate.

    The more common decision point is to consider to what degree your organization requires human-centric penetration testing.

    External or Internal

    External: Attacking an organization’s perimeter and internet-facing systems. For these, you generally provide some level of information to the tester. The test will begin with publicly available information gathering followed by some kind of network scanning or probing against externally visible servers or devices (DNS server, email server, web server, firewall, etc.)

    Internal: Carried out within the organization’s network. This emulates an attack originating from an internal point (disgruntled employee, authorized user, etc.). The idea is to see what could happen if the perimeter is breached.

    Transparent, Semi-Transparent, or Opaque Box

    Opaque Box: The penetration tester is not provided any information. This emulates a real-life attack. Test team uses publicly available information (corporate website, DNS, USENET, etc.) to start the test. These tests are more time consuming and expensive. They often result in exploitation of the easiest vulnerability.
    Use cases: emulating a real-life attack; testing detection and response capabilities; limited network segmentation.

    Transparent Box: Tester is provided full disclosure of information. The tester will have access to everything they need: building floor plans, data flow designs, network topology, etc. This represents what a credentialed and knowledgeable insider would do.
    Use cases: full assessment of security controls; testing of attacker traversal capabilities.

    Aggressiveness of the Test

    Not Aggressive: Very slow and careful penetration testing. Usually spread out in terms of packets being sent and number of calls to individuals. It attempts to not set off any alarm bells.

    Aggressive: A full DoS attack or something similar. These would be DoS attacks that take down systems or full SQL injection attacks all at once versus small injections over time. Testing options cover anything including physical tests, network tests, social engineering, and data extraction and exfiltration. This is more costly and time consuming.

    Assessing Aggressiveness: How aggressive the test should be is based on the threats you are concerned with. Assess who you are concerned with: random individuals on the internet, state-sponsored attacks, criminals, hacktivists, etc. Who you are concerned with will determine the appropriate aggressiveness of the test.

    Penetration testing scope

    Establish the scope of your penetration test before engaging vendors.

    Determining the scope of what is being tested is the most important part of a penetration test. Organizations need to be as specific as possible so the vendor can actually respond or ask questions.

    Organizations need to define boundaries, objectives, and key success factors.

    For scope:
    • If you go too narrow, the realism of the test suffers.
    • If you go too broad, it is more costly and there’s a possible increase in false positives.
    • Balance scope vs. budget.
    Boundaries to scope before a test:
    • IP addresses
    • URLs
    • Applications
    • Who is in scope for social engineering
    • Physical access from roof to dumpsters defined
    • Scope prioritized for high-value assets
    Objectives and key success factors to scope:
    • When is the test complete? Is it at the point of validated exploitation?
    • Are you looking for as many holes as possible, or are you looking for how many ways each hole can be exploited?

    What would be out of scope?

    • Are there systems, IP addresses, or other things you want out of scope? These are things you don’t explicitly want any penetration tester to touch.
    • Are there third-party connections to your environment that you don’t want to be tested? These are instances such as cloud providers, supply chain connections, and various services.
    • Are there things that would be awkward to test? For example, determine if you include high-level people in a social engineering test. Do you conduct social engineering for the CEO? If you get their credentials, it could be an awkward moment.

    Ways to break up a penetration test:

    • Location – This is the most common way to break up a penetration test.
    • Division – Self-contained business units are often done as separate tests so you can see how each unit does.
    • IT systems – For example, you put certain security controls in a firewall and want to test its effectiveness.
    • Applications – For example, you are launching a new website or a new portal and you want to test it.

    Penetration testing appropriateness

    Determine your penetration testing appropriateness.

    Usual instances to conduct a penetration test:
    • Setting up a new physical office. Penetration testing will not only test security capabilities but also resource availability and map out network flows.
    • New infrastructure hardware implemented. All new infrastructure needs to be tested.
    • Changes or upgrades to existing infrastructure. Need for testing varies depending on the size of the change.
    • New application deployment. Need to test before being pushed to production environments.
    • Changes or upgrades to existing applications. When fundamental functional changes occur, perform testing:
      • Before upgrades or patching
      • After upgrades or patching
    • Periodic testing. It is a best practice to periodically test your security control effectiveness. Consider at least an annual test.

    Specific timing considerations: Testing should be completed during non-production times of day. Testing should be completed after a backup has been performed.

    Assess your threats to determine your appropriate test type:

    Penetration testing is about what threats you are concerned about. Understand your risk profile, risk tolerance level, and specific threats to see how relevant penetration tests are.

    • Are external attackers concerning to you? Are you distressed about how an attacker can use brute force to enter your network? If so, focus on ingress points, such as FWs, routers, and DMZ.
    • Is social engineering a concern for you (i.e. phone-based or email-based)? Then you are concerned about a credentialed hacker.
    • Is it an insider threat, a disgruntled employee, etc.? This also includes an internal system that is under command and control (C&C).

    ANALYST PERSPECTIVE: Do a test only after you take a first pass.
    If you have not done some level of vulnerability assessment on your own (performing a scan, checking third-party sources, etc.) don’t waste your money on a penetration test. Only perform a penetration test after you have done a first pass and identified and remediated all the low-hanging fruit.

    4.4.1 Create an RFP for penetration tests

    2 hours

    Input: List of criteria and scope for the penetration test, Systems and application information if white box

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Penetration Test RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use an RFP template to convey your desired penetration test requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your penetration test RFP based on people, process, and technology requirements.
      • Consider items such as your technology environment and the scope of the penetration tests.
    2. Conduct an interview with relevant stakeholders to determine the exact requirements needed.
    3. Use Info-Tech’s Penetration Test RFP Template, which lists many requirements but can be customized to your organization’s specific needs.

    Download the Penetration Test RFP Template

    4.4.1 Create an RFP for penetration tests (continued)

    Steps of a penetration test:
    1. Determine scope
    2. Gather targeted intelligence
    3. Review exploit attempts, such as access and escalation
    4. Test the collection of sensitive data
    5. Run reporting
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Penetration Test RFP Template

    Penetration testing considerations – service providers

    Consider what type of penetration testing service provider is best for your organization

    Professional Service Providers

    Professional Services Firms. These firms will often provide a myriad of professional services across auditing, financial, and consulting services. If they offer security-related consulting services, they will most likely offer some level of penetration testing.

    Security Service Firms. These are dedicated security consulting or advisory firms that will offer a wide spectrum of security-related services. Penetration testing may be one aspect of larger security assessments and strategy development services.

    Dedicated Penetration Testing Firms. These are service providers that will often offer the full gamut of penetration testing services.

    Integrators

    Managed Security Service Providers. These providers will offer penetration testing. For example, Dell SecureWorks offers numerous services including penetration testing. For organizations like this, you need to be skeptical of ulterior motives. For example, expect recommendations around outsourcing from Dell SecureWorks.

    Regional or Small Integrators. These are service providers that provide security services of some kind. For example, they would help in the implementation of a firewall and offer penetration testing services as well.

    Info-Tech Recommends:

    • Always be conscientious of who is conducting the testing and what else they offer. Even if you get another party to test rather than your technology provider, they will try to obtain you as a client. Remember that for larger technology vendors, security testing is a small revenue stream for them and it’s a way to find technology clients. They may offer penetration testing for free to obtain other business.
    • Most of the penetration testers were systems administrators (for network testing) or application developers (for application testing) at some point before becoming penetration testers. Remember this when evaluating providers and evaluating remediation recommendations.
    • Evaluate what kind of open-source tools, commercial tools, and proprietary tools are being used. In general, you don’t want to rely on an open-source scanner. For open source, they will have more outdated vulnerability databases, system identification can also be limited compared to commercial, and reporting is often lacking.
    • Above all else, ensure your testers are legally capable, experienced, and abide by non-disclosure agreements.

    Penetration testing best practices – communications

    Communication With Service Provider

    • During testing there should be designated points of contact between the service provider and the client.
    • There needs to be secure channels for communication of information between the tester and the client both during the test and for any results.
    • Results should always be explained to the client by the tester, regardless of the content or audience.
    • There should be a formal debrief with the results report.
    Immediate reporting of issues
    • Before any testing commences, immediate reporting conditions need to be defined. These are instances when you would want immediate notification of something occurring.
    • Stipulate certain systems or data types that if broken into or compromised, you would want to be notified right away.
    • Example:
      • If you are conducting social engineering, require notification for all account credentials that are compromised. Once credentials are compromised, it destroys all accountability for those credentials and the actions associated with those credentials by any user.
      • Require immediate reporting of specific high-critical systems that are compromised or if access is even found.
      • Require immediate reporting when regulated data is discovered or compromised in any way.

    Communication With Internal Staff

    Do you tell your internal staff that this is happening?

    This is sometimes called a “double blind test” when you don’t let your IT team know of the test occurring.

    Pros to notifying:
    • This tests the organization’s security monitoring, incident detection, and response capabilities.
    • Letting the team know they are going to see some activity will make sure they don’t get too worried about it.
    • There may be systems you can’t jeopardize but still need to test so notification beforehand is essential (e.g. you wouldn’t allow ERP testing with notification).
    Cons:
    • It does not give you a real-life example of how you respond if something happens.
    • Potential element of disrespect to IT people.

    Penetration testing best practices – results and remediation

    What to expect from penetration test results report:

    A final results report will state all findings including what was done by the testers, what vulnerabilities or exploitations were detected, how they were compromised, the related risk, and related remediation recommendations.

    Expect four major sections:
    • Introduction. An overview of the penetration test methodology including rating methodology of vulnerabilities.
    • Executive Summary. A management-level description of the test, often including a summary of any recommendations.
    • Technical Review. An overview of each item that was looked at and touched. This area breaks down what was done, how it was done, what was found, and any related remediation recommendations. Expect graphs and visuals in this section.
    • Detailed Findings. An in-depth breakdown of all testing methods used and results. Each vulnerability will be explained regarding how it was detected, what the risk is, and what the remediation recommendation is.
    Two areas that will vary by service provider:

    Prioritization

    • Most providers will boast their unique prioritization methodology.
    • A high, medium, and low rating scale based on some combination of variables (e.g. ease of exploitation, breadth of hole, information accessed resulting in further exploitation).
    • The prioritization won’t take into account asset value or criticality.
    • Keep in mind the penetration test is not an input into ultimate vulnerability prioritization, but it can help determine your urgency.

    Remediation

    • Remediation recommendations will vary across providers.
    • Generally, fairly generic recommendations are provided (e.g. remove your old telnet and input up-to-date SSH).
    • Most of the time, it is along the lines of “we found a hole; close the hole.”

    Summary of Accomplishment

    Problem Solved

    At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.

    Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.

    The risk-based approach will allow you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities while allowing your standard remediation cycle to address the medium to low vulnerabilities.

    With your program defined and developed, you now need to configure your vulnerability scanning tool or acquire one if you don’t already have a tool in place.

    Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Jimmy Tom.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Implement Vulnerability Management storyboard.
    Review of the Implement Vulnerability Management storyboard
    Sample of the Vulnerability Mitigation SOP template.
    Build your vulnerability management SOP

    Contributors

    Contributors from 2016 version of this project:

    • Morey Haber, Vice President of Technology, BeyondTrust
    • Richard Barretto, Manager, Information Privacy and Security, Cimpress
    • Joel Shapiro, Vice President Sales, Digital Boundary Group

    Contributors from current version of this project:

    • 2 anonymous contributors from the manufacturing sector
    • 1 anonymous contributor from a US government agency
    • 2 anonymous contributors from the financial sector
    • 1 anonymous contributor from the medical technology industry
    • 2 anonymous contributors from higher education
    • 1 anonymous contributor from a Canadian government agency
    • 7 anonymous others; information gathered from advisory calls

    Bibliography

    Arya. “COVID-19 Impact: Vulnerability Management Solution Market | Strategic Industry Evolutionary Analysis Focus on Leading Key Players and Revenue Growth Analysis by Forecast To 2028 – FireMon, Digital Shadows, AlienVault.” Bulletin Line, 6 Aug. 2020. Accessed 6 Aug. 2020.

    Campagna, Rich. “The Lean, Mean Vulnerability Management Machine.” Security Boulevard, 31 Mar. 2020. Accessed 15 Aug. 2020.

    Constantin, Lucian. “What are vulnerability scanners and how do they work?” CSO Online, 10 Apr. 2020. Accessed 1 Sept. 2020.

    “CVE security vulnerabilities published in 2019.” CVE Details. Accessed 22 Sept. 2020.

    Garden, Paul, et al. “2019 Year End Report – Vulnerability QuickView.” Risk Based Security, 2020. Accessed 22 Sept. 2020.

    Keary, Eoin. “2019 Vulnerability Statistics Report.” Edgescan, Feb. 2019. Accessed 22 Sept. 2020.

    Lefkowitz, Josh. ““Risk-Based Vulnerability Management is a Must for Security & Compliance.” SecurityWeek, 1 July 2019. Accessed 1 Nov. 2020.

    Mell, Peter, Tiffany Bergeron, and David Henning. “Creating a Patch and Vulnerability Management Program.” Creating a Patch and Vulnerability Management Program. NIST, Nov. 2005. Web.

    “National Vulnerability Database.” NIST. Accessed 18 Oct. 2020.

    “OpenVAS – Open Vulnerability Assessment Scanner.” OpenVAS. Accessed 14 Sept. 2020.

    “OVAL.” OVAL. Accessed 21 Oct. 2020.

    Paganini, Pierluigi. “Exploiting and Verifying Shellshock: CVE-2014-6271.” INFOSEC, 27 Sept. 2014. Web.

    Pritha. “Top 10 Metrics for your Vulnerability Management Program.” CISO Platform, 28 Nov. 2019. Accessed 25 Oct. 2020.

    “Risk-Based Vulnerability Management: Understanding Vulnerability Risk With Threat Context And Business Impact.” Tenable. Accessed 21 Oct. 2020.

    Stone, Mark. “Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away.” SecurityIntelligence, 6 Aug. 2020. Web.

    “The Role of Threat Intelligence in Vulnerability Management.” NOPSEC, 18 Sept. 2014. Accessed 18 Aug. 2020.

    “Top 15 Paid and Free Vulnerability Scanner Tools in 2020.” DNSstuff, 6 Jan. 2020. Accessed 15 Sept. 2020.

    Truta, Filip. “60% of Breaches in 2019 Involved Unpatched Vulnerabilities.” Security Boulevard, 31 Oct. 2019. Accessed 2 Nov. 2020.

    “Vulnerability Management Program.” Core Security. Accessed 15 Sept. 2020.

    “What is Risk-Based Vulnerability Management?” Balbix. Accessed 15 Sept. 2020.

    White, Monica. “The Cost Savings of Effective Vulnerability Management (Part 1).” Kenna Security, 23 April 2020. Accessed 20 Sept. 2020.

    Wilczek, Marc. “Average Cost of a Data Breach in 2020: $3.86M.” Dark Reading, 24 Aug. 2020. Accessed 5 Nov 2020.

    Security Priorities 2023

    • Buy Link or Shortcode: {j2store}254|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $909 Average $ Saved
    • member rating average days saved: 1 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Most people still want a hybrid work model but there is a shortage in security workforce to maintain secure remote work, which impacts confidence in the security practice.
    • Pressure of operational excellence drives organizational modernization with the consequence of higher risks of security attacks that impact not only cyber but also physical systems.
    • The number of regulations with stricter requirements and reporting is increasing, along with high sanctions for violations.
    • Accurate assessment of readiness and benefits to adopt next-gen cybersecurity technologies can be difficult. Additionally, regulation often faces challenges to keep up with next-gen cybersecurity technologies implications and risks of adoption, which may not always be explicit.
    • Software is usually produced as part of a supply chain instead in a silo. Thus, a vulnerability in any part of the supply chain can become a threat surface.

    Our Advice

    Critical Insight

    • Secure remote work still needs to be maintained to facilitate the hybrid work model post pandemic.
    • Despite all the cybersecurity risks, organizations continue modernization plans due to the long-term overall benefits. Hence, we need to secure organization modernization.
    • Organizations should use regulatory changes to improve security practices, instead of treating them as a compliance burden.
    • Next-gen cybersecurity technologies alone are not the silver bullet. A combination of technologies with skilled talent, useful data, and best practices will give a competitive advantage.

    Impact and Result

    • Use this report to help decide your 2023 security priorities by:
      • Collecting and analyzing your own related data, such as your organization 2022 incident reports. Use Info-Tech’s Security Priorities 2023 material for guidance.
      • Identifying your needs and analyzing your capabilities. Use Info-Tech's template to explain the priorities you need to your stakeholders.
      • Determining the next steps. Refer to Info-Tech's recommendations and related research.

    Security Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Security Priorities 2023 Report – A report to help decide your 2023 security priorities.

    Each organization is different, so a generic list of security priorities will not be applicable to every organization. Thus, you need to:

  • Collect and analyze your own related data such as your organization 2022 incident reports. Use Info-Tech’s Security Priorities 2023 material for guidance.
  • Identify your needs and analyze your capabilities. Use Info-Tech's template to explain the priorities you need to your stakeholders.
  • Refer to Info-Tech's recommendations and related research for guidance on the next steps.
    • Security Priorities 2023 Report

    Infographic

    Further reading

    Security Priorities 2023

    How we live post pandemic

    Each organization is different, so a generic list of priorities will not be applicable to every organization.

    During 2022, ransomware campaigns declined from quarter to quarter due to the collapse of experienced groups. Several smaller groups are developing to recapture the lost ransomware market. However, ransomware is still the most worrying cyber threat.

    Also in 2022, people returned to normal activities such as traveling and attending sports or music events but not yet to the office. The reasons behind this trend can be many fold, such as employees perceive that work from home (WFH) has positive productivity effects and time flexibility for employees, especially for those with families with younger children. On the other side of the spectrum, some employers perceive that WFH has negative productivity effects and thus are urging employees to return to the office. However, employers also understand the competition to retain skilled workers is harder. Thus, the trend is to have hybrid work where eligible employees can WFH for a certain portion of their work week.

    Besides ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023, which can impact how we prioritize cybersecurity this year. Furthermore, organizations are still facing the ongoing issues of insufficient cybersecurity resources and organization modernization.

    This report will explore important security trends, the security priorities that stem from these trends, and how to customize these priorities for your organization.

    In Q2 2022, the median ransom payment was $36,360 (-51% from Q1 2022), a continuation of a downward trend since Q4 2021 when the ransom payment median was $117,116.
    Source: Coveware, 2022

    From January until October 2022, hybrid work grew in almost all industries in Canada especially finance, insurance, real estate, rental and leasing (+14.7%), public administration and professional services (+11.8%), and scientific and technical services (+10.8%).
    Source: Statistics Canada, Labour Force Survey, October 2022; N=3,701

    Hybrid work changes processes and infrastructure

    Investment on remote work due to changes in processes and infrastructure

    As part of our research process for the 2023 Security Priorities Report, we used the results from our State of Hybrid Work in IT Survey, which collected responses between July 10 and July 29, 2022 (total N=745, with n=518 completed surveys). This survey details what changes in processes and IT infrastructure are likely due to hybrid work.

    Process changes to support hybrid work

    A bar graph is depicted with the following dataset: None of the above - 12%; Change management - 29%; Asset management - 34%; Service request support - 41%; Incident management - 42%

    Survey respondents (n=518) were asked what processes had the highest degree of change in response to supporting hybrid work. Incident management is the #1 result and service request support is #2. This is unsurprising considering that remote work changed how people communicate, how they access company assets, and how they connect to the company network and infrastructure.

    Infrastructure changes to support hybrid work

    A bar graph is depicted with the following dataset: Changed queue management and ticketing system(s) - 11%; Changed incident and service request processes - 23%; Addition of chatbots as part of the Service Desk intake process - 29%; Reduced the need for recovery office spaces and alternative work mitigations - 40%; Structure & day-to-day operation of Service Desk - 41%; Updated network architecture - 44%

    For 2023, we believe that hybrid work will remain. The first driver is that employees still prefer to work remotely for certain days of the week. The second driver is the investment from employers on enabling WFH during the pandemic, such as updated network architecture (44%) and the infrastructure and day-to-day operations (41%) as shown on our survey.

    Top cybersecurity concerns and organizational preparedness for them

    Concerns may correspond to readiness.

    In the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, we asked about cybersecurity concerns and the perception about readiness to meet current and future government legislation regarding cybersecurity requirements.

    Cybersecurity issues

    A bar graph is depicted with the following dataset: Cyber risks are not on the radar of the executive leaders or board of directors - 3.19; Organization is not prepared to respond to a cyber attack - 3.08; Supply chain risks related to cyber threats - 3.18; Talent shortages leading to capacity constraints in cyber security - 3.51; New government or industry-imposed regulations - 3.15

    Survey respondents were asked how concerned they are about certain cybersecurity issues from 1 (not concerned at all) to 5 (very concerned). The #1 concern was talent shortages. Other issues with similar concerns included cyber risks not on leadership's radar, supply chain risks, and new regulations (n=507).

    Cybersecurity legislation readiness

    A bar graph is depicted with the following dataset: 1 (Not confident at all) - 2.4%; 2 - 11.2%; 3 - 39.7%; 4 - 33.3%; 5 (Very confident) - 13.4%

    When asked about how confident organizations are about being prepared to meet current and future government legislation regarding cybersecurity requirements, from 1 (not confident at all) to 5 (very confident), the #1 response was 3 (n=499).

    Unsurprisingly, the ever-changing government legislation environment in a world emerging from a pandemic and ongoing wars may not give us the highest confidence.

    We know the concerns and readiness…

    But what is the overall security maturity?

    As part of our research process for the 2023 Security Priorities Report, we reviewed results of completed Info-Tech Research Group Security Governance and Management Benchmark diagnostics (N=912). This report details what we see in our clients' security governance maturity. Setting aside the perception on readiness – what are their actual security maturity levels?

    A bar graph is depicted with the following dataset: Security Culture - 47%; Policy and Process Governance - 47%; Event and Incident Management - 58%; Vulnerability - 57%; Auditing - 52%; Compliance Management - 58%; Risk Analysis - 52%

    Overall, assessed organizations are still scoring low (47%) on Security Culture and Policy and Process Governance. This justifies why most security incidents are still due to gaps in foundational security and security awareness, not lack of advanced controls such as event and incident management (58%).

    And how will the potential recession impact security?

    Organizations are preparing for recession, but opportunities for growth during recession should be well planned too.

    As part of our research process for the 2023 Security Priorities Report, we reviewed the results of the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, which collected responses between August 9 and September 9, 2022 (total N=813 with n=521 completed surveys).

    Expected organizational spending on cybersecurity compared to the previous fiscal year

    A bar graph is depicted with the following dataset: A decrease of more than 10% - 2.2%; A decrease of between 1-10% - 2.6%; About the same - 41.4%; An increase of between 1-10% - 39.6%; An increase of more than 10% - 14.3%

    Keeping the same spending is the #1 result and #2 is increasing spending up to 10%. This is a surprising finding considering the survey was conducted after the middle of 2022 and a recession has been predicted since early 2022 (n=489).

    An infographic titled Cloudy with a Chance of Recession

    Source: Statista, 2022, CC BY-ND

    US recession forecast

    Contingency planning for recessions normally includes tight budgeting; however, it can also include opportunities for growth such as hiring talent who have been laid off by competitors and are difficult to acquire in normal conditions. This can support our previous findings on increasing cybersecurity spending.

    Five Security Priorities for 2023

    This image describes the Five Security Priorities for 2023.

    Maintain Secure Hybrid Work

    PRIORITY 01

    • HOW TO STRATEGICALLY ACQUIRE, RETAIN, OR UPSKILL TALENT TO MAINTAIN SECURE SYSTEMS.

    Executive summary

    Background

    If anything can be learned from COVID-19 pandemic, it is that humans are resilient. We swiftly changed to remote workplaces and adjusted people, processes, and technologies accordingly. We had some hiccups along the way, but overall, we demonstrated that our ability to adjust is amazing.

    The pandemic changed how people work and how and where they choose to work, and most people still want a hybrid work model. However, the number of days for hybrid work itself varies. For example, from our survey in July 2022 (n=516), 55.8% of employees have the option of 2-3 days per week to work offsite, 21.0% for 1 day per week, and 17.8% for 4 days per week.

    Furthermore, the investment (e.g. on infrastructure and networks) to initiate remote work was huge, and the cost doesn't end there, as we need to maintain the secure remote work infrastructure to facilitate the hybrid work model.

    Current situation

    Remote work: A 2022 survey by WFH Research (N=16,451) reports that ~14% of full-time employees are fully remote and ~29% are in a hybrid arrangement as of Summer-Fall 2022.

    Security workforce shortage: A 2022 survey by Bridewell (N=521) reports that 68% of leaders say it has become harder to recruit the right people, impacting organizational ability to secure and monitor systems.

    Confidence in the security practice: A 2022 diagnostic survey by Info-Tech Research Group (N=55) reports that importance may not correspond to confidence; for example, the most important selected cybersecurity area, namely Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice (80.5%).

    "WFH doubled every 15 years pre-pandemic. The increase in WFH during the pandemic was equal to 30 years of pre-pandemic growth."

    Source: National Bureau of Economic Research, 2021

    Leaders must do more to increase confidence in the security practice

    Importance may not correspond to confidence

    As part of our research process for the 2023 Security Priorities Report, we analyzed results from the Info-Tech Research Group diagnostics. This report details what we see in our clients' perceived importance of security and their confidence in existing security practices.

    Cybersecurity importance

    A bar graph is depicted with the following dataset: Importance to the Organization - 94.3%; Importance to My Department	92.2%

    Cybersecurity importance areas

    A bar graph is depicted with the following dataset: Mobility (Remote & Mobile Access) - 90.2%; Regulatory Compliance - 90.1%; Desktop Computing - 90.9%; Data Access / Integrity - 93.7%

    Confidence in cybersecurity practice

    A bar graph is depicted with the following dataset: Confidence in the Organization's Overall Security - 79.4%; Confidence in Security for My Department - 79.8%

    Confidence in cybersecurity practice areas

    A bar graph is depicted with the following dataset: Mobility (Remote & Mobile Access) - 75.8%; Regulatory Compliance - 81.5%; Desktop Computing - 80.9%; Data Access / Integrity - 80.5%

    Diagnostics respondents (N=55) were asked about how important security is to their organization or department. Importance to the overall organization is 2.1 percentage points (pp) higher, but confidence in the organization's overall security is slightly lower (-0.4 pp).

    If we break down to security areas, we can see that the most important area, Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice: 80.5%. From this data we can conclude that leaders must build a strong cybersecurity workforce to increase confidence in the security practice.

    Use this template to explain the priorities you need your stakeholders to know about.

    Maintain secure hybrid work plan

    Provide a brief value statement for the initiative.

    Build a strong cybersecurity workforce to increase confidence in the security practice to facilitate hybrid work.

    Initiative Description:

    • Description must include what organization will undertake to complete the initiative.
    • Review your security strategy for hybrid work.
    • Identify skills gaps that hinder the successful execution of the hybrid work security strategy.
    • Use the identified skill gaps to define the technical skill requirements for current and future work roles.
    • Conduct a skills assessment on your current workforce to identify employee skill gaps.
    • Decide whether to train, hire, contract, or outsource each skill gap.

    Drivers:

    List initiative drivers.

    • Employees still prefer to WFH for certain days of the week.
    • The investment on WFH during pandemic such as updated network architecture and infrastructure and day-to-day operations.
    • Tech companies' huge layoffs, e.g. Meta laid off more than 11,000 employees.

    Risks:

    List initiative risks and impacts.

    • Unskilled workers lacking certificates or years of experience who are trained and become skilled workers then quit or are hijacked by competitors.
    • Organizational and cultural changes cause friction with work-life balance.
    • Increased attack surface of remote/hybrid workforce.

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Increase perceived productivity by employees and increase retention.
    • Increase job satisfaction and work-life balance.
    • Hiring talent that has been laid off who are difficult to acquire in normal conditions.

    Related Info-Tech Research:

    Recommended Actions

    1. Identify skill requirements to maintain secure hybrid work

    Review your security strategy for hybrid work.

    Determine the skill needs of your security strategy.

    2. Identify skill gaps

    Identify skills gaps that hinder the successful execution of the hybrid work security strategy.

    Use the identified skill gaps to define the technical skill requirements for work roles.

    3. Decide whether to build or buy skills

    Conduct a skills assessment on your current workforce to identify employee skill gaps.

    Decide whether to train, hire, contract, or outsource each skill gap.

    Source: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan, Info-Tech

    Secure Organization Modernization

    PRIORITY 02

    • TRENDS SUGGEST MODERNIZATION SUCH AS DIGITAL
      TRANSFORMATION TO THE CLOUD, OPERATIONAL TECHNOLOGY (OT),
      AND THE INTERNET OF THINGS (IOT) IS RISING; ADDRESSING THE RISK
      OF CONVERGING ENVIRONMENTS CAN NO LONGER BE DEFERRED.

    Executive summary

    From computerized milk-handling systems in Wisconsin farms, to automated railway systems in Europe, to Ausgrid's Distribution Network Management System (DNMS) in Australia, to smart cities and beyond; system modernization poses unique challenges to cybersecurity.

    The threats can be safety, such as the trains stopped in Denmark during the last weekend of October 2022 for several hours due to an attack on a third-party IT service provider; economics, such as a cream cheese production shutdown that occurred at the peak of cream cheese demand in October 2021 due to hackers compromising a large cheese manufacturer's plants and distribution centers; and reliability, such as the significant loss of communication for the Ukrainian military, which relied on Viasat's services.

    Despite all the cybersecurity risks, organizations continue modernization plans due to the long-term overall benefits.

    Current situation

    • Pressure of operational excellence: Competitive markets cannot keep pace with demand without modernization. For example, in automated milking systems, the labor time saved from milking can be used to focus on other essential tasks such as the decision-making process.
    • Technology offerings: Technologies are available and affordable such as automated equipment, versatile communication systems, high-performance human machine interaction (HMI), IIoT/Edge integration, and big data analytics.
    • Higher risks of cyberattacks: Modernization enlarges attack surfaces, which are not only cyber but also physical systems. Most incidents indicate that attackers gained access through the IT network, which was followed by infiltration into OT networks.

    IIoT market size is USD 323.62 billion in 2022 and projected to be around USD 1 trillion in 2028.

    Source: Statista,
    March 2022

    Modernization brings new opportunities and new threats

    Higher risks of cyberattacks on Industrial Control System (ICS)

    Target: Australian sewage plant.

    Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.

    Target: Middle East energy companies.

    Method: Shamoon.

    Impact: Overwritten Windows-based systems files.

    Target: German Steel Mill

    Method: Spear-phishing

    Impact: Blast furnace control shutdown failure.

    Target: Middle East Safety Instrumented System (SIS).

    Method: TRISIS/TRITON.

    Impact: Modified safety system ladder logic.

    Target: Viasat's KA-SAT Network.

    Method: AcidRain.

    Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat's services.

    A timeline displaying the years 1903; 2000; 2010; 2012; 2013; 2014; 2018; 2019; 2021; 2022 is displayed.

    Target: Marconi wireless telegraphs presentation. Method: Morse code.

    Impact: Fake message sent "Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily."

    Target: Iranian uranium enrichment plant.

    Method: Stuxnet.

    Impact: Compromised programmable logic controllers (PLCs).

    Target: ICS supply chain.

    Method: Havex.

    Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers.

    Target: Ukraine power grid.

    Method: BlackEnergy.

    Impact: Manipulation of HMI View causing 1-6 hour power outages for 230,000 consumers.

    Target: Colonial Pipeline.

    Method: DarkSide ransomware.

    Impact: Compromised billing infrastructure halted the pipeline operation.

    Sources:

    • DOE, 2018
    • CSIS, 2022
    • MIT Technology Review, 2022

    Info-Tech Insight

    Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

    Use this template to explain the priorities you need your stakeholders to know about.

    Secure organization modernization

    Provide a brief value statement for the initiative.

    The systems (OT, IT, IIoT) are evolving now – ensure your security plan has you covered.

    Initiative Description:

    • Description must include what organization will undertake to complete the initiative.
    • Identify the drivers to align with your organization's business objectives.
    • Build your case by leveraging a cost-benefit analysis and update your security strategy.
    • Identify people, process, and technology gaps that hinder the modernization security strategy.
    • Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.
    • Evaluate and enable modernization technology top focus areas and refine security processes.
    • Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

    Drivers:

    List initiative drivers.

    • Pressure of operational excellence
    • Technology offerings
    • Higher risks of cyberattacks

    Risks:

    List initiative risks and impacts.

    • Complex systems with many components to implement and manage require diligent change management.
    • Organizational and cultural changes cause friction between humans and machines.
    • Increased attack surface of cyber and physical systems.

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Improve service reliability through continuous and real-time operation.
    • Enhance efficiency through operations visibility and transparency.
    • Gain cost savings and efficiency to automate operations of complex and large equipment and instrumentations.

    Related Info-Tech Research:

    Recommended Actions

    1. Identify modernization business cases to secure

    Identify the drivers to align with your organization's business objectives.

    Build your case by leveraging a cost-benefit analysis, and update your security strategy.

    2. Identify gaps

    Identify people, process, and technology gaps that hinder the modernization
    security strategy.

    Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.

    3. Decide whether to build or buy capabilities

    Evaluate and enable modernization technology top focus areas and refine
    security processes.

    Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

    Sources:

    Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

    Secure IT-OT Convergence, Info-Tech

    Develop a cost-benefit analysis

    Identify a modernization business case for security.

    Benefits

    Metrics

    Operational Efficiency and Cost Savings

    • Reduction in truck rolls and staff time of manual operations of equipment or instrumentation.
    • Cost reduction in energy usage such as substation power voltage level or water treatment chemical level.

    Improve Reliability and Resilience

    • Reduction in field crew time to identify the outage locations by remotely accessing field equipment to narrow down the
      fault areas.
    • Reduction in outage time impacting customers and avoiding financial penalty in service quality metrics.
    • Improve operating reliability through continuous and real-time trend analysis of equipment performance.

    Energy & Capacity Savings

    • Optimize energy usage of operation to reduce overall operating cost and contribution to organizational net-zero targets.

    Customers & Society Benefits

    • Improve customer safety for essential services such as drinkable water consumption.
    • Improve reliability of services and address service equity issues based on data.

    Cost

    Metrics

    Equipment and Infrastructure

    Upgrade existing security equipment or instrumentation or deploy new, e.g. IPS on Enterprise DMZ and Operations DMZ.

    Implement communication network equipment and labor to install and configure.

    Upgrade or construct server room including cooling/heating, power backup, and server and rack hardware.

    Software and Commission

    The SCADA/HMI software and maintenance fee as well as lifecycle upgrade implementation project cost.

    Labor cost of field commissioning and troubleshooting.

    Integration with security systems, e.g. log management and continuous monitoring.

    Support and Resources

    Cost to hire/outsource security FTEs for ongoing managing and operating security devices, e.g. SOC.

    Cost to hire/outsource IT/OT FTEs to support and troubleshoot systems and its integrations with security systems, e.g. MSSP.

    An example of a cost-benefit analysis for ICS modernization

    Sources:

    Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

    Lawrence Berkeley National Laboratory, 2021

    IT-OT convergence demands new security approach and solutions

    Identify gaps

    Attack Vectors

    IT

    • User's compromised credentials
    • User's access device, e.g. laptop, smartphone
    • Access method, e.g. denial-of-service to modem, session hijacking, bad data injection

    OT

    • Site operations, e.g. SCADA server, engineering workstation, historian
    • Controls, e.g. SCADA Client, HMI, PLCs, RTUs
    • Process devices, e.g. sensors, actuators, field devices

    Defense Strategies

    • Limit exposure of system information
    • Identify and secure remote access points
    • Restrict tools and scripts
    • Conduct regular security audits
    • Implement a dynamic network environment

    (Control System Defense: Know the Opponent, CISA)

    An example of a high-level architecture of an electric utility's control system and its interaction with IT systems.

    An example of a high-level architecture of an electric utility's control system and its interaction with IT systems.

    Source: ISA-99, 2007

    RESPOND TO REGULATORY CHANGES

    PRIORITY 03

    • GOVERNMENT-ENACTED POLICY CHANGES AND INDUSTRY REGULATORY CHANGES COULD BE A COMPLIANCE BURDEN … OR PREVENT YOUR NEXT SECURITY INCIDENT.

    Executive summary

    Background

    Government-enacted regulatory changes are occurring at an ever-increasing rate these days. As one example, on November 10, 2022, the EU Parliament introduced two EU cybersecurity laws: the Network and Information Security (NIS2) Directive (applicable to organizations located within the EU and organizations outside the EU that are essential within an EU country) and the Digital Operational Resilience Act (DORA). There are also industry regulatory changes such as PCI DSS v4.0 for the payment sector and the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) for Bulk Electric Systems (BES).

    Organizations should use regulatory changes as a means to improve security practices, instead of treating them as a compliance burden. As said by lead member of EU Parliament Bart Groothuis on NIS2, "This European directive is going to help around 160,000 entities tighten their grip on security […] It will also enable information sharing with the private sector and partners around the world. If we are being attacked on an industrial scale, we need to respond on an industrial scale."

    Current situation

    Stricter requirements and reporting: Regulations such as NIS2 include provisions for incident response, supply chain security, and encryption and vulnerability disclosure and set tighter cybersecurity obligations for risk management reporting obligations.

    Broader sectors: For example, the original NIS directive covers 19 sectors such as Healthcare, Digital Infrastructure, Transport, and Energy. Meanwhile, the new NIS2 directive increases to 35 sectors by adding other sectors such as providers of public electronic communications networks or services, manufacturing of certain critical products (e.g. pharmaceuticals), food, and digital services.

    High sanctions for violations: For example, Digital Services Act (DSA) includes fines of up to 6% of global turnover and a ban on operating in the EU single market in case of repeated serious breaches.

    Approximately 100 cross-border data flow regulations exist in 2022.

    Source: McKinsey, 2022

    Stricter requirements for payments

    Obligation changes to keep up with emerging threats and technologies

    64 New requirements were added
    A total of 64 requirements have been added to version 4.0 of the PCI DSS.

    13 New requirements become effective March 31, 2024
    The other 51 new requirements are considered best practice until March 31, 2025, at which point they will become effective.

    11 New requirements only for service providers
    11 of the new requirements are applicable only to entities that provide third-party services to merchants.

    Defined roles must be assigned for requirements.

    Focus on periodically assessing and documenting scope.

    Entities may choose a defined approach or a customized approach to requirements.

    An example of new requirements for PCI DSS v4.0

    Source: Prepare for PCI DSS v4.0, Info-Tech

    Use this template to explain the priorities you need your stakeholders to know about.

    Respond to regulatory changes

    Provide a brief value statement for the initiative.

    The compliance obligations are evolving – ensure your security plan has you covered.

    Initiative Description:

    Description must include what organization will undertake to complete the initiative.

    • Identify relevant security and privacy compliance and conformance levels.
    • Identify gaps for updated obligations, and map obligations into control framework.
    • Review, update, and implement policies and strategy.
    • Develop compliance exception process and forms.
    • Develop test scripts.
    • Track status and exceptions

    Drivers:

    List initiative drivers.

    • Pressure of new regulations
    • Governance, risk & compliance (GRC) tool offerings
    • High administrative or criminal penalties of non-compliance

    Risks:

    List initiative risks and impacts.

    • Complex structures and a great number of compliance requirements
    • Restricted budget and lack of skilled workforce for organizations such as local municipalities and small or medium organizations compared to private counterparts
    • Personal liability for some regulations for non-compliance

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Reduces compliance risk.
    • Reduces complexity within the control environment by using a single framework to align multiple compliance regimes.
    • Reduces costs and efforts related to managing IT audits through planning and preparation.

    Related Info-Tech Research:

    Recommended Actions

    1. Identify compliance obligations

    Identify relevant security and privacy obligations and conformance levels.

    Identify gaps for updated obligations, and map obligations into control framework.

    2. Implement compliance strategy

    Review, update, and implement policies and strategy.

    Develop compliance exception process.

    3. Track and report

    Develop test scripts to check your remediations to ensure they are effective.

    Track and report status and exceptions.

    Sources: Build a Security Compliance Program and Prepare for PCI DSS v4.0, Info-Tech

    Identify relevant security and privacy compliance obligations

    Identify obligations

    # Security Jurisdiction
    1 Network and Information Security (NIS2) Directive European Union (EU) and organizations outside the EU that are essential within an EU country
    2 North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) North American electrical utilities
    3 Executive Order (EO) 14028: Improving the Nation's Cybersecurity, The White House, 2021 United States

    #

    Privacy Jurisdiction
    1 General Data Protection Regulation (GDPR) EU and EU citizens
    2 Personal Information Protection and Electronic Documents Act (PIPEDA) Canada
    3 California Consumer Privacy Act (CCPA) California, USA
    4 Personal Information Protection Law of the People’s Republic of China (PIPL) China

    An example of security and privacy compliance obligations

    How much does it cost to become compliant?

    • It is important to understand the various frameworks and to adhere to the appropriate compliance obligations.
    • Many factors influence the cost of compliance, such as the size of organization, the size of network, and current security readiness.
    • To manage compliance obligations, it is important to use a platform that not only performs internal and external monitoring but also provides third-party vendors (if applicable) with visibility into potential threats in their organization.

    Adopt Next-Generation Cybersecurity Technologies

    PRIORITY 04

    • GOVERNMENTS AND HACKERS ARE RECOGNIZING THE IMPORTANCE OF EMERGING TECHNOLOGIES, SUCH AS ZERO TRUST ARCHITECTURE AND AI-BASED CYBERSECURITY. SO SHOULD YOUR ORGANIZATION.

    Executive summary

    Background

    The cat and mouse game between threat actors and defenders is continuing. The looming question "can defenders do better?" has been answered with rapid development of technology. This includes the automation of threat analysis (signature-based, specification-based, anomaly-based, flow-based, content-based, sandboxing) not only on IT but also on other relevant environments, e.g. IoT, IIoT, and OT based on AI/ML.

    More fundamental approaches such as post-quantum cryptography and zero trust (ZT) are also emerging.
    ZT is a principle, a model, and also an architecture focused on resource protection by always verifying transactions using the least privilege principle. Hopefully in 2023, ZT will be more practical and not just a vendor marketing buzzword.

    Next-gen cybersecurity technologies alone are not a silver bullet. A combination of skilled talent, useful data, and best practices will give a competitive advantage. The key concepts are explainable, transparent, and trustworthy. Furthermore, regulation often faces challenges to keep up with next-gen cybersecurity technologies, especially with the implications and risks of adoption, which may not always be explicit.

    Current situation

    ZT: Performing an accurate assessment of readiness and benefits to adopt ZT can be difficult due to ZT's many components. Thus, an organization needs to develop a ZT roadmap that aligns with organizational goals and focuses on access to data, assets, applications, and services; don't select solutions or vendors too early.

    Post-quantum cryptography: Current cryptographic applications, such as RSA for PKI, rely on factorization. However, algorithms such as Shor's show quantum speedup for factorization, which can break current crypto when sufficient quantum computing devices are available. Thus, threat actors can intercept current encrypted information and store it to decrypt in the future.

    AI-based threat management: AI helps in analyzing and correlating data extremely fast compared to humans. Millions of telemetries, malware samples, raw events, and vulnerability data feed into the AI system, which humans cannot process manually. Furthermore, AI does not get tired in processing this big data, thus avoiding human error and negligence.

    Data breach mitigation cost without AI: USD 6.20 million; and with AI: USD 3.15 million

    Source: IBM, 2022

    Traditional security is not working

    Alert Fatigue

    Too many false alarms and too many events to process. Evolving threat landscapes waste your analysts' valuable time on mundane tasks, such as evidence collection. Meanwhile, only limited time is spared for decisions and conclusions, which results in the fear of missing an incident and alert fatigue.

    Lack of Insight

    To report progress, clear metrics are needed. However, cybersecurity still lacks in this area as the system itself is complex and some systems work in silos. Furthermore, lessons learned are not yet distilled into insights for improving future accuracy.

    Lack of Visibility

    System integration is required to create consistent workflows across the organization and to ensure complete visibility of the threat landscape, risks, and assets. Also, the convergence of OT, IoT, and IT enhances this challenge.

    Source: IBM Security Intelligence, 2020

    A business case for AI-based cybersecurity

    Threat management

    Prevention

    Risk scores are generated by machine learning based on variables such as behavioral patterns and geolocation. Zero trust architecture is combined with machine learning. Asset management leverages visibility using machine learning. Comply with regulations by improving discovery, classification, and protection of data using machine learning. Data security and data privacy services use machine learning for data discovery.

    Detection

    AI, advanced machine learning, and static approaches, such as code file analysis, combine to automatically detect and analyze threats and prevent threats from spreading, assisted by threat intelligence.

    Response

    AI helps in orchestrating security technologies for organizations to reduce the number of security agents installed, which may not talk to each other or, worse, may conflict with each other.

    Recovery

    AI continuously tunes based on lessons learned, such as creating security policies for improving future accuracy. AI also does not get fatigue, and it assists humans in a faster recovery.

    Prevention; Detection; Response; Recovery

    AI has been around since the 1940s, but why is it only gaining traction now? Because supporting technologies are only now available, including faster GPUs for complex computations and cheaper storage for massive volumes of data.

    Use this template to explain the priorities you need your stakeholders to know about.

    Adopt next-gen cybersecurity technologies

    Use this template to explain the priorities you need your stakeholders to know about.

    Develop a practical roadmap that shows the business value of next-gen cybersecurity technologies investment.

    Initiative Description:

    Description must include what organization will undertake to complete the initiative.

    • Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.
    • Adopt well-established data governance practices for cross-functional teams.
    • Conduct a maturity assessment of key processes and highlight interdependencies.
    • Develop a baseline and periodically review risks, policies and procedures, and business plan.
    • Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.
    • Monitor metrics on effectiveness and efficiency.

    Drivers:

    List initiative drivers.

    • Pressure of attacks by sophisticated threat actors
    • Next-gen cybersecurity technologies tool offerings
    • High cost of traditional security, e.g. longer breach lifecycle

    Risks:

    List initiative risks and impacts.

    • Lack of transparency of the model or bias, leading to non-compliance with policies/regulations
    • Risks related with data quality and inadequate data for model training
    • Adversarial attacks, including, but not limited to, adversarial input and model extraction

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Reduces the number of alerts, thus reduces alert fatigue.
    • Increases the identification of unknown threats.
    • Leads to faster detection and response.
    • Closes skills gap and increases productivity.

    Related Info-Tech Research:

    Recommended Actions

    1. People

    Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.

    Adopt well-established data governance practices for cross-functional teams.

    2. Process

    Conduct a maturity assessment of key processes and highlight interdependencies.

    Develop a baseline and periodically review risks, policies and procedures, and business plan.

    3. Technology

    Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.

    Monitor metrics on effectiveness and efficiency.

    Source: Leverage AI in Threat Management (keynote presentation), Info-Tech

    Secure Services and Applications

    PRIORITY 05

    • APIS ARE STILL THE #1 THREAT TO APPLICATION SECURITY.

    Executive summary

    Background

    Software is usually produced as part of a supply chain instead of in silos. A vulnerability in any part of the supply chain can become a threat surface. We have learned this from recent incidents such as Log4j, SolarWinds, and Kaseya where attackers compromised a Virtual System Administrator tool used by managed service providers to attack around 1,500 organizations.

    DevSecOps is a culture and philosophy that unifies development, security, and operations to answer this challenge. DevSecOps shifts security left by automating, as much as possible, development and testing. DevSecOps provides many benefits such as rapid development of secure software and assurance that, prior to formal release and delivery, tests are reliably performed and passed.

    DevSecOps practices can apply to IT, OT, IoT, and other technology environments, for example, by integrating a Secure Software Development Framework (SSDF).

    Current situation

    Secure Software Supply Chain: Logging is a fundamental feature of most software, and recently the use of software components, especially open source, are based on trust. From the Log4j incident we learned that more could be done to improve the supply chain by adopting ZT to identify related components and data flows between systems and to apply the least privilege principle.

    DevSecOps: A software error wiped out wireless services for thousands of Rogers customers across Canada in 2021. Emergency services were also impacted, even though outgoing 911 calls were always accessible. Losing such services could have been avoided, if tests were reliably performed and passed prior to release.

    OT insecure-by-design: In OT, insecurity-by-design is still a norm, which causes many vulnerabilities such as insecure protocols implementation, weak authentication schemes, or insecure firmware updates. Additional challenges are the lack of CVEs or CVE duplication, the lack of Software Bill of Materials (SBOM), and product supply chains issues such as vulnerable products that are certified because of the scoping limitation and emphasis on functional testing.

    Technical causes of cybersecurity incidents in EU critical service providers in 2019-2021 shows: software bug (12%) and faulty software changes/update (9%).

    Source: CIRAS Incident reporting, ENISA (N=1,239)

    Software development keeps evolving

    DOD Maturation of Software Development Best Practices

    Best Practices 30 Years Ago 15 Years Ago Present Day
    Lifecycle Years or Months Months or Weeks Weeks or Days
    Development Process Waterfall Agile DevSecOps
    Architecture Monolithic N-Tier Microservices
    Deployment & Packaging Physical Virtual Container
    Hosting Infrastructure Server Data Center Cloud
    Cybersecurity Posture Firewall + SIEM + Zero Trust

    Best practices in software development are evolving as shown on the diagram to the left. For example, 30 years ago the lifecycle was "Years or Months," while in the present day it is "Weeks or Days."

    These changes also impact security such as the software architecture, which is no longer "Monolithic" but "Microservices" normally built within the supply chain.

    The software supply chain has known integrity attacks that can happen on each part of it. Starting from bad code submitted by a developer, to compromised source control platform (e.g. PHP git server compromised), to compromised build platform (e.g. malicious behavior injected on SolarWinds build), to a compromised package repository where users are deceived into using the bad package by the similarity between the malicious and the original package name.

    Therefore, we must secure each part of the link to avoid attacks on the weakest link.

    Software supply chain guidance

    Secure each part of the link to avoid attacks on the weakest link.

    Guide for Developers

    Guide for Suppliers

    Guide for Customers

    Secure product criteria and management, develop secure code, verify third-party components, harden build environment, and deliver code.

    Define criteria for software security checks, protect software, produce well-secured software, and respond to vulnerabilities.

    Secure procurement and acquisition, secure deployment, and secure software operations.

    Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

    "Most software today relies on one or more third-party components, yet organizations often have little or no visibility into and understanding of how these software components are developed, integrated, and deployed, as well as the practices used to ensure the components' security."

    Source: NIST – NCCoE, 2022

    Use this template to explain the priorities you need your stakeholders to know about.

    Secure services and applications

    Provide a brief value statement for the initiative.

    Adopt recommended practices for securing the software supply chain.

    Initiative Description:

    Description must include what organization will undertake to complete the initiative.

    • Define and keep security requirements and risk assessments up to date.
    • Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene.
    • Verify distribution infrastructure, product and individual components integrity, and SBOM.
    • Use multi-layered defenses, e.g. ZT for integration and control configuration.
    • Train users on how to detect and report anomalies and when to apply updates to a system.
    • Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

    Drivers:

    List initiative drivers.

    • Cyberattacks exploit the vulnerabilities of weak software supply chain
    • Increased need to enhance software supply chain security, e.g. under the White House Executive Order (EO) 14028
    • OT insecure-by-design hinders OT modernization

    Risks:

    List initiative risks and impacts.

    Only a few developers and suppliers explicitly address software security in detail.

    Time pressure to deliver functionality over security.

    Lack of security awareness and lack of trained workforce.

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    Customers (acquiring organizations) achieve secure acquisition, deployment, and operation of software.

    Developers and suppliers provide software security with minimal vulnerabilities in its releases.

    Automated processes such as automated testing avoid error-prone and labor-intensive manual test cases.

    Related Info-Tech Research:

    Recommended Actions

    1. Procurement and Acquisition

    Define and keep security requirements and risk assessments up to date.

    Perform analysis on current market and supplier solutions and acquire security evaluation.

    Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene

    2. Deployment

    Verify distribution infrastructure, product and individual components integrity, and SBOM.

    Save and store the tests and test environment and review and verify the
    self-attestation mechanism.

    Use multi-layered defenses, e.g. ZT for integration and control configuration.

    3. Software Operations

    Train users on how to detect and report anomalies and when to apply updates to a system.

    Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

    Apply supply chain risk management (SCRM) operations.

    Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

    Bibliography

    Aksoy, Cevat Giray, Jose Maria Barrero, Nicholas Bloom, Steven J. Davis, Mathias Dolls, and Pablo Zarate. "Working from Home Around the World." Brookings Papers on Economic Activity, 2022.
    Barrero, Jose Maria, Nicholas Bloom, and Steven J. Davis. "Why working from home will stick." WFH Research, National Bureau of Economic Research, Working Paper 28731, 2021.
    Boehm, Jim, Dennis Dias, Charlie Lewis, Kathleen Li, and Daniel Wallance. "Cybersecurity trends: Looking over the horizon." McKinsey & Company, March 2022. Accessed
    31 Oct. 2022.
    "China: TC260 issues list of national standards supporting implementation of PIPL." OneTrust, 8 Nov. 2022. Accessed 17 Nov. 2022.
    Chmielewski, Stéphane. "What is the potential of artificial intelligence to improve cybersecurity posture?" before.ai blog, 7 Aug. 2022. Accessed 15 Aug. 2022.
    Conerly, Bill. "The Recession Will Begin Late 2023 Or Early 2024." Forbes, 1 Nov. 2022. Accessed 8 Nov. 2022.
    "Control System Defense: Know the Opponent." CISA, 22 Sep. 2022. Accessed 17 Nov. 2022.
    "Cost of a Data Breach Report 2022." IBM, 2022.
    "Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience." European Parliament News, 10 Nov. 2022. Press Release.
    "Cyber Security in Critical National Infrastructure Organisations: 2022." Bridewell, 2022. Accessed 7 Nov. 2022.
    Davis, Steven. "The Big Shift to Working from Home." NBER Macro Annual Session On
    "The Future of Work," 1 April 2022.
    "Digital Services Act: EU's landmark rules for online platforms enter into force."
    EU Commission, 16 Nov. 2022. Accessed 16 Nov. 2022.
    "DoD Enterprise DevSecOps Fundamentals." DoD CIO, 12 May 2022. Accessed 21 Nov. 2022.
    Elkin, Elizabeth, and Deena Shanker. "That Cream Cheese Shortage You Heard About? Cyberattacks Played a Part." Bloomberg, 09 Dec. 2021. Accessed 27 Oct. 2022.
    Evan, Pete. "What happened at Rogers? Day-long outage is over, but questions remain." CBC News, 21 April 2022. Accessed 15 Nov. 2022.
    "Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022." Coveware,
    28 July 2022. Accessed 18 Nov. 2022.
    "Fighting cybercrime: new EU cybersecurity laws explained." EU Commission, 10 Nov. 2022. Accessed 16 Nov. 2022.
    "Guide to PCI compliance cost." Vanta. Accessed 18 Nov. 2022.
    Hammond, Susannah, and Mike Cowan. "Cost of Compliance 2022: Competing priorities." Thomson Reuters, 2022. Accessed 18 Nov. 2022.
    Hemsley, Kevin, and Ronald Fisher. "History of Industrial Control System Cyber Incidents." Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.
    Hofmann, Sarah. "What Is The NIS2 And How Will It Impact Your Organisation?" CyberPilot,
    5 Aug. 2022. Accessed 16 Nov. 2022.
    "Incident reporting." CIRAS Incident Reporting, ENISA. Accessed 21 Nov. 2022.
    "Introducing SLSA, an End-to-End Framework for Supply Chain Integrity." Google,
    16 June 2021. Accessed 25 Nov. 2022.
    Kovacs, Eduard. "Trains Vulnerable to Hacker Attacks: Researchers." SecurityWeek, 29 Dec. 2015. Accessed 15 Nov. 2022.
    "Labour Force Survey, October 2022." Statistics Canada, 4 Nov. 2022. Accessed 7 Nov. 2022.
    Malacco, Victor. "Promises and potential of automated milking systems." Michigan State University Extension, 28 Feb. 2022. Accessed 15 Nov. 2022.
    Maxim, Merritt, et al. "Planning Guide 2023: Security & Risk." Forrester, 23 Aug. 2022. Accessed 31 Oct. 2022.
    "National Cyber Threat Assessment 2023-2024." Canadian Centre for Cyber Security, 2022. Accessed 18 Nov. 2022.
    Nicaise, Vincent. "EU NIS2 Directive: what's changing?" Stormshield, 20 Oct. 2022. Accessed
    17 Nov. 2022.
    O'Neill, Patrick. "Russia hacked an American satellite company one hour before the Ukraine invasion." MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.
    "OT ICEFALL: The legacy of 'insecure by design' and its implications for certifications and risk management." Forescout, 2022. Accessed 21 Nov. 2022.
    Palmer, Danny. "Your cybersecurity staff are burned out - and many have thought about quitting." ZDNet, 8 Aug. 2022. Accessed 19 Aug. 2022.
    Placek, Martin. "Industrial Internet of Things (IIoT) market size worldwide from 2020 to 2028 (in billion U.S. dollars)." Statista, 14 March 2022. Accessed 15 Nov. 2022.
    "Revised Proposal Attachment 5.13.N.1 ADMS Business Case PUBLIC." Ausgrid, Jan. 2019. Accessed 15 Nov. 2022.
    Richter, Felix. "Cloudy With a Chance of Recession." Statista, 6 April 2022. Web.
    "Securing the Software Supply Chain: Recommended Practices Guide for Developers." Enduring Security Framework (ESF), Aug. 2022. Accessed 22 Sep. 2022.
    "Securing the Software Supply Chain: Recommended Practices Guide for Suppliers." Enduring Security Framework (ESF), Sep. 2022. Accessed 21 Nov. 2022.
    "Securing the Software Supply Chain: Recommended Practices Guide for Customers." Enduring Security Framework (ESF), Oct. 2022. Accessed 21 Nov. 2022.
    "Security Guidelines for the Electricity Sector: Control System Electronic Connectivity."
    North American Electric Reliability Corporation (NERC), 28 Oct. 2013. Accessed 25 Nov. 2022.
    Shepel, Jan. "Schreiber Foods hit with cyberattack; plants closed." Wisconsin State Farmer,
    26 Oct. 2022. Accessed 15 Nov. 2022.
    "Significant Cyber Incidents." Center for Strategic and International Studies (CSIS). Accessed
    1 Sep. 2022.
    Souppaya, Murugiah, Michael Ogata, Paul Watrobski, and Karen Scarfone. "Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps." NIST - National Cybersecurity Center of Excellence (NCCoE), Nov. 2022. Accessed
    22 Nov. 2022.
    "Ten Things Will Change Cybersecurity in 2023." SOCRadar, 23 Sep. 2022. Accessed
    31 Oct. 2022.
    "The Nature of Cybersecurity Defense: Pentagon To Reveal Updated Zero-Trust Cybersecurity Strategy & Guidelines." Cybersecurity Insiders. Accessed 21 Nov. 2022.
    What Is Threat Management? Common Challenges and Best Practices." IBM Security Intelligence, 2020.
    Woolf, Tim, et al. "Benefit-Cost Analysis for Utility-Facing Grid Modernization Investments: Trends, Challenges, and Considerations." Lawrence Berkeley National Laboratory, Feb. 2021. Accessed 15 Nov. 2022.
    Violino, Bob. "5 key considerations for your 2023 cybersecurity budget planning." CSO Online,
    14 July 2022. Accessed 27 Oct. 2022

    Research Contributors and Experts

    Andrew Reese
    Cybersecurity Practice Lead
    Zones

    Ashok Rutthan
    Chief Information Security Officer (CISO)
    Massmart

    Chris Weedall
    Chief Information Security Officer (CISO)
    Cheshire East Council

    Jeff Kramer
    EVP Digital Transformation and Cybersecurity
    Aprio

    Kris Arthur
    Chief Information Security Officer (CISO)
    SEKO Logistics

    Mike Toland
    Chief Information Security Officer (CISO)
    Mutual Benefit Group

    Optimize the Service Desk With a Shift-Left Strategy

    • Buy Link or Shortcode: {j2store}478|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $21,171 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Tier 2 and 3 specialists lose time and resources working on tickets instead of more complex projects.
    • The service desk finds themselves resolving the same incidents over and over, wasting manual work on tasks that could be automated.
    • Employees expect modern, consumer-like experiences when they need help; they want to access information and resources from wherever they are and have the tools to solve their problems themselves without waiting for help.

    Our Advice

    Critical Insight

    • It can be difficult to overcome the mindset that difficult functions need to be escalated. Shift left involves a cultural change to the way the service desk works, and overcoming objections and getting buy-in up front is critical.
    • Many organizations have built a great knowledgebase but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledgebase useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Impact and Result

    • Embrace a shift-left strategy by moving repeatable service desk tasks and requests into lower-cost delivery channels such as self-help tools and automation.
    • Shift work from Tier 2 and 3 support to Tier 1 through good knowledge management practices that empower the first level of support with documented solutions to recurring issues and free up more specialized resources for project work and higher value tasks.
    • Shift knowledge from the service desk to the end user by enabling them to find their own solutions. A well-designed and implemented self-service portal will result in fewer logged tickets to the service desk and empowered, satisfied end users.
    • Shift away manual repetitive work through the use of AI and automation.
    • Successfully shifting this work left can reduce time to resolve, decrease support costs, and increase end-user satisfaction.

    Optimize the Service Desk With a Shift-Left Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why a shift-left strategy can help to optimize your service desk, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare to shift left

    Assess whether you’re ready to optimize the service desk with a shift-left strategy, get buy-in for the initiative, and define metrics to measure success.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 1: Prepare to Shift Left
    • Shift-Left Prerequisites Assessment
    • Shift-Left Strategy
    • Shift-Left Stakeholder Buy-In Presentation

    2. Design shift-left model

    Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods, to the end-user through self-service, and to automation and AI.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 2: Design Shift Left Model
    • Shift-Left Action Plan
    • Knowledge Management Workflows (Visio)
    • Knowledge Management Workflows (PDF)
    • Self-Service Portal Checklist
    • Self-Service Resolution Workflow (Visio)
    • Self-Service Resolution Workflow (PDF)

    3. Implement and communicate

    Identify, track, and implement specific shift-left opportunities and document a communications plan to increase adoption.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 3: Implement & Communicate
    • Incident Management Workflow (Visio)
    • Incident Management Workflow (PDF)
    [infographic]

    Workshop: Optimize the Service Desk With a Shift-Left Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare to Shift Left

    The Purpose

    Define how shift left would apply in your organization, get buy-in for the initiative, and define metrics to measure success.

    Key Benefits Achieved

    Defined scope and objectives for the shift-left initiative

    Buy-in for the program

    Metrics to keep the project on track and evaluate success

    Activities

    1.1 Review current service desk structure

    1.2 Discuss challenges

    1.3 Review shift-left model and discuss how it would apply in your organization

    1.4 Complete the Shift-Left Prerequisites Assessment

    1.5 Complete a RACI chart for the project

    1.6 Define and document objectives

    1.7 Review the stakeholder buy-in presentation

    1.8 Document critical success factors

    1.9 Define KPIs and metrics

    Outputs

    Shift-left scope

    Completed shift-left prerequisites assessment

    RACI chart

    Defined objectives

    Stakeholder buy-in presentation

    Critical success factors

    Metrics to measure success

    2 Plan to Shift to Level 1

    The Purpose

    Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods.

    Key Benefits Achieved

    Identified initiatives to shift work to Level 1

    Documented knowledge management process workflows and strategy

    Activities

    2.1 Identify barriers to Level 1 resolution

    2.2 Discuss knowledgebase challenges and areas for improvement

    2.3 Optimize KB input process

    2.4 Optimize KB usage process

    2.5 Optimize KB review process

    2.6 Discuss and document KCS strategy and roles

    2.7 Document knowledge success metrics

    2.8 Brainstorm additional methods of increasing FLR

    Outputs

    KB input workflow

    KB usage workflow

    KB review workflow

    KCS strategy and roles

    Knowledge management metrics

    Identified opportunities to shift to Level 1

    3 Plan to Shift to End User and Automation

    The Purpose

    Build strategy and identify specific opportunities to shift service support left to the end user through self-service and to automation and AI.

    Key Benefits Achieved

    Identified initiatives to shift work to self-service and automation

    Evaluation of self-service portal and identified opportunities for improvement

    Activities

    3.1 Review existing self-service portal and discuss vision

    3.2 Identify opportunities to improve portal accessibility, UI, and features

    3.3 Evaluate the user-facing knowledgebase

    3.4 Optimize the ticket intake form

    3.5 Document plan to improve, communicate, and evaluate portal

    3.6 Map the user experience with a workflow

    3.7 Document your AI strategy

    3.8 Identify candidates for automation

    Outputs

    Identified opportunities to improve portal

    Improvements to knowledgebase

    Improved ticket intake form

    Strategy to communicate and measure success of portal

    Self-service resolution workflow

    Strategy to apply AI and automation

    Identified opportunities to shift tasks to automation

    4 Build Implementation and Communication Plan

    The Purpose

    Build an action plan to implement shift left, including a communications strategy.

    Key Benefits Achieved

    Action plan to track and implement shift-left opportunities

    Communications plan to increase adoption

    Activities

    4.1 Examine process workflows for shift-left opportunities

    4.2 Document shift-left-specific responsibilities for each role

    4.3 Identify and track shift-left opportunities in the action plan

    4.4 Brainstorm objections and responses

    4.5 Document communications plan

    Outputs

    Incident management workflow with shift-left opportunities

    Shift left responsibilities for key roles

    Shift-left action plan

    Objection handling responses

    Communications plan

    Review and Improve Your IT Policy Library

    • Buy Link or Shortcode: {j2store}193|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $34,724 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Your policies are out of date, disorganized, and complicated. They don’t reflect current regulations and don’t actually mitigate your organization’s current IT risks.
    • Your policies are difficult to understand, aren’t easy to find, or aren’t well monitored and enforced for compliance. As a result, your employees don’t care about your policies.
    • Policy issues are taking up too much of your time and distracting you from the real issues you need to address.

    Our Advice

    Critical Insight

    A dynamic and streamlined policy approach will:

    1. Right-size policies to address the most critical IT risks.
    2. Clearly lay out a step-by-step process to complete daily tasks in compliance.
    3. Obtain policy adherence without having to be “the police.”

    To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.

    Impact and Result

    • Develop more effective IT policies. Clearly express your policy goals and objectives, standardize the approach to employee problem solving, and write policies your employees will actually read.
    • Improve risk coverage. Ensure full coverage on the risk landscape, including legal regulations, and establish a method for reporting, documenting, and communicating risks.
    • Improve employee compliance. Empathize with your employees and use policy to educate, train, and enable them instead of restricting them.

    Review and Improve Your IT Policy Library Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to write better policies that mitigate the risks you care about and get the business to follow them, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess

    Assess your risk landscape and design a plan to update your policy network based on your most critical risks.

    • Review and Improve Your IT Policy Library – Phase 1: Assess
    • Policy Management RACI Chart Template
    • Policy Management Tool
    • Policy Action Plan

    2. Draft and implement

    Use input from key stakeholders to write clear, consistent, and concise policies that people will actually read and understand. Then publish them and start generating policy awareness.

    • Review and Improve Your IT Policy Library – Phase 2: Draft and Implement
    • Policy Template
    • Policy Communication Plan Template

    3. Monitor, enforce, revise

    Use your policies to create a compliance culture in your organization, set KPIs, and track policy effectiveness.

    • Review and Improve Your IT Policy Library – Phase 3: Monitor, Enforce, Revise
    [infographic]

    Workshop: Review and Improve Your IT Policy Library

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish & Assess

    The Purpose

    Identify the pain points associated with IT policies.

    Establish the policy development process.

    Begin formulating a plan to re-design the policy network.

    Key Benefits Achieved

    Establish the policy process.

    Highlight key issues and pain points regarding policy.

    Assign roles and responsibilities.

    Activities

    1.1 Introduce workshop.

    1.2 Identify the current pain points with policy management.

    1.3 Establish high-level goals around policy management.

    1.4 Select metrics to measure achievement of goals.

    1.5 Create an IT policy working group (ITPWG).

    1.6 Define the scope and purpose of the ITPWG.

    Outputs

    List of issues and pain points for policy management

    Set of six to ten goals for policy management

    Baseline and target measured value

    Amended steering committee or ITPWG charter

    Completed RACI chart

    Documented policy development process

    2 Assess Your Risk Landscape & Map Policies to Risks; Create a Policy Action Plan

    The Purpose

    Identify key risks.

    Develop an understanding of which risks are most critical.

    Design a policy network that best mitigates those risks.

    Key Benefits Achieved

    Use a risk-driven approach to decide which policies need to be written or updated first.

    Activities

    2.1 Identify risks at a high level.

    2.2 Assess each identified risk scenario on impact and likelihood.

    2.3 Map current and required policies to risks.

    2.4 Assess policy effectiveness.

    2.5 Create a policy action plan.

    2.6 Select policies to be developed during workshop.

    Outputs

    Ranked list of IT’s risk scenarios

    Prioritized list of IT risks (simplified risk register)

    Policy action plan

    3 Develop Policies

    The Purpose

    Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.

    Key Benefits Achieved

    Write policies that work and get them approved.

    Activities

    3.1 Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.

    3.2 Draft two to four policies

    Outputs

    Drafted policies

    4 Create a Policy Communication and Implementation Plan and Monitor & Reassess the Portfolio

    The Purpose

    Build an understanding of how well the organization’s value creation activities are being supported.

    Key Benefits Achieved

    Identify an area or capability that requires improvement.

    Activities

    4.1 Review draft policies and update if necessary.

    4.2 Create a policy communication plan.

    4.3 Select KPIs.

    4.4 Review root-cause analysis techniques.

    Outputs

    Final draft policies

    Policy communications plan

    KPI tracking log

    Applications Priorities 2023

    • Buy Link or Shortcode: {j2store}186|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.
    • These tools and technologies must meet the top business goals of CXOs: ensure service continuity, improve customer experience, and make data-driven decisions.
    • While today’s business applications are good and well received, there is still room for improvement. The average business application satisfaction score among IT leadership was 72% (n=1582, CIO Business Vision).

    Our Advice

    Critical Insight

    • Applications are critical components in any business strategic plan. They can directly influence an organization’s internal and external brand and reputation, such as their uniqueness, competitiveness and innovativeness in the industry
    • Business leaders are continuously looking for innovative ways to better position their application portfolio to satisfy their goals and objectives, i.e., application priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfies the different needs very different customers, stakeholders, and users.
    • Unfortunately, expectations on your applications team have increased while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    Impact and Result

    Learn and explore the technology and practice initiatives in this report to determine which initiatives should be prioritized in your application strategy and align to your business organizational objectives:

    • Optimize the effectiveness of the IT organization.
    • Boost the productivity of the enterprise.
    • Enable business growth through technology.

    Applications Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Applications Priorities Report 2023 – A report that introduces and describes five opportunities to prioritize in your 2023 application strategy.

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the ambitions of your organization.

    • Applications Priorities 2023 Report

    Infographic

    Further reading

    Applications Priorities 2023

    Applications are the engine of the business: keep them relevant and modern

    What we are facing today is transforming the ways in which we work, live, and relate to one another. Applications teams and portfolios MUST change to meet this reality.

    Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.

    As organizations continue to strengthen business continuity, disaster recovery, and system resilience, activities to simply "keep the lights on" are not enough. Be pragmatic in the prioritization and planning of your applications initiatives, and use your technologies as a foundation for your growth.

    Your applications must meet the top business goals of your CXOs

    • Ensure service continuity
    • Improve customer experience
    • Make data-driven decisions
    • Maximize stakeholder value
    • Manage risk

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Select and align your applications priorities to your business goals and objectives

    Applications are critical components in any business strategic plan. They can directly influence an organization's internal and external brand and reputation, such as their:

    • Uniqueness, competitiveness, and innovativeness in the industry.
    • Ability to be dynamic, flexible, and responsive to changing expectations, business conditions, and technologies.

    Therefore, business leaders are continuously looking for innovative ways to better position their application portfolios to satisfy their goals and objectives, i.e. applications priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfy
    the different needs of very different customers, stakeholders, and users.

    Today's business applications are good but leave room for improvement

    72%
    Average business application satisfaction score among IT leadership in 1582 organizations.

    Source: CIO Business Vision, August 2021 to July 2022, N=190.

    Five Applications Priorities for 2023

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the Ambitions of your organization.

    this is an image of the Five Applications Priorities for which will be addressed in this blueprint.

    Strengthen your foundations to better support your applications priorities

    These key capabilities are imperative to the success of your applications strategy.

    KPI and Metrics

    Easily attainable and insightful measurements to gauge the progress of meeting strategic objectives and goals (KPIs), and the performance of individual teams, practices and processes (metrics).

    BUSINESS ALIGNMENT

    Gain an accurate understanding and interpretation of stakeholder, end-user, and customer expectations and priorities. These define the success of business products and services considering the priorities of individual business units and teams.

    EFFICIENT DELIVERY & SUPPORT PRACTICE

    Software delivery and support roles, processes, and tools are collaborative, well equipped and resourced, and optimized to meet changing stakeholder expectations.

    Data Management & Governance

    Ensuring data is continuously reliable and trustworthy. Data structure and integrations are defined, governed, and monitored.

    Product & Service Ownership

    Complete inventory and rationalization of the product and service portfolio, prioritized backlogs, roadmaps, and clear product and service ownership with good governance. This helps ensure this portfolio is optimized to meet its goals and objectives.

    Strengthen your foundations to better support your applications priorities (cont'd)

    These key capabilities are imperative to the success of your applications strategy.

    Organizational Change Management

    Manage the adoption of new and modified processes and technologies considering reputational, human, and operational concerns.

    IT Operational Management

    Continuous monitoring and upkeep of products and services to assure business continuity, and system reliability, robustness and disaster recovery.

    Architectural Framework

    A set of principles and standards that guides the consistent, sustainable and scalable growth of enterprise technologies. Changes to the architecture are made in collaboration with affected parties, such as security and infrastructure.

    Application Security

    The measures, controls, and tactics at the application layer that prevent vulnerabilities against external and internal threats and ensure compliance to industry and regulatory security frameworks and standards.

    There are many factors that can stand in your team's way

    Expectations on your applications team have increased, while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    1. Attracting and retaining talent
    2. Maximizing the return on technology
    3. Confidently shifting to digital
    4. Addressing competing priorities
    5. Fostering a collaborative culture
    6. Creating high-throughput teams

    CIOs agree that at least some improvement is needed across key IT activities

    A bar graph is depicted which shows the proportion of CIOs who believe that some, or significant improvement is necessary for the following categories: Measure IT Project Success; Align IT Budget; Align IT Project Approval Process; Measure Stakeholder Satisfaction With IT; Define and Align IT Strategy; Understand Business Goals

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Pressure Point 1:
    Attracting and Retaining Talent

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Lack of employee empowerment and few opportunities for learning and development.
    • Poor coworker and manager relationships.
    • Compensation and benefits are inadequate to maintain desired quality of life.
    • Unproductive work environment and conflicting balance of work and life.
    • Unsatisfactory employee experience, including lack of employee recognition
      and transparency of organizational change.

    While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing.
    62% of organizations reported increased working hours, while 80% reported an increase in flexibility.
    Source: McLean & Company, 2022; n=394.

    Be strategic in how you fill and train key IT skills and capabilities

    • Cybersecurity
    • Big Data/Analytics
    • Technical Architecture
    • DevOps
    • Development
    • Cloud

    Source: Harvey Nash Group, 2021; n=2120.

    Pressure Point 2:
    Maximizing the Return of Technology

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Inability to analyze, propose, justify, and communicate modernization solutions in language the stakeholders understand and in a way that shows they clearly support business priorities and KPIs and mitigate risks.
    • Little interest in documenting and rationalizing products and services through business-IT collaboration.
    • Lack of internal knowledge of the system and loss of vendor support.
    • Undefined, siloed product and service ownership and governance, preventing solutions from working together to collectively deliver more value.
    • Little stakeholder appetite to invest in activities beyond "keeping the lights on."

    Only 64% of applications were identified as effective by end users.
    Effective applications are identified as at least highly important and have high feature and usability satisfaction.
    Source: Application Portfolio Assessment, August 2021 to July 2022; N=315.

    "Regardless of the many definitions of modernization floating around, the one characteristic that we should be striving for is to ensure our applications do an outstanding job of supporting the users and the business in the most effective and efficient manner possible."
    Source: looksoftware.

    Pressure Point 3:
    Confidently Shifting to Digital

    "Going digital" reshapes how the business operates and drives value by optimizing how digital and traditional technologies and tactics work together. This shift often presents significant business and technical risks to business processes, enterprise data, applications, and systems which stakeholders and teams are not aware of or prepared to accommodate.

    Address the underlying challenges

    • Differing perspectives on digital can lead to disjointed transformation initiatives, oversold benefits, and a lack of synergy among digital technologies and processes.
    • Organizations have difficulty adapting to new technologies or rethinking current business models, processes, and ways of working because of the potential human, ethical, and reputational impacts and restrictions from legacy systems.
    • Management lacks a framework to evaluate how their organization manages and governs business value delivery.
    • IT is not equipped or resourced to address these rapidly changing business, customer, and technology needs.
    • The wrong tools and technologies were chosen to support the shift to digital.

    The shift to digital processes is starting, but slowly.
    62% of respondents indicated that 1-20% of their processes were digitized during the past year.
    Source: Tech Trends and Priorities 2023; N=500

    Resistance to change and time/budget constraints are top barriers preventing companies from modernizing their applications.
    Source: Konveyor, 2022; n=600.

    Pressure Point 4:
    Addressing Competing Priorities

    Enterprise products and services are not used, operated, or branded in isolation. The various parties involved may have competing priorities, which often leads to disagreements on when certain business and technology changes should be made and how resources, budget, and other assets should be allocated. Without a broader product vision, portfolio vision, and roadmap, the various dependent or related products and services will not deliver the same level of value as if they were managed collectively.

    Address the underlying challenges

    • Undefined product and service ownership and governance, including escalation procedures when consensus cannot be reached.
    • Lack of a unified and grounded set of value and quality definitions, guiding principles, prioritization standards, and broad visibility across portfolios, business capabilities, and business functions.
    • Distrust between business units and IT teams, which leads to the scaling of unmanaged applications and fragmented changes and projects.
    • Decisions are based on opinions and experiences without supporting data.

    55% of CXOs stated some improvement is necessary in activities to understand business goals.
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    CXOs are moderately satisfied with IT's performance as a business partner (average score of 69% among all CXOs). This sentiment is similarly felt among CIOs (64%).
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    Pressure Point 5:
    Fostering a Collaborative Culture

    Culture impacts business results, including bottom-line revenue and productivity metrics. Leaders appreciate the impact culture can have on applications initiatives and wish to leverage this. How culture translates from an abstract concept to something that is measurable and actionable is not straightforward. Executives need to clarify how the desired culture will help achieve their applications strategy and need to focus on the items that will have the most impact.

    Address the underlying challenges

    • Broad changes do not consider the unique subcultures, personalities, and behaviors of the various teams and individuals in the organization.
    • Leaders mandate cultural changes without alleviating critical barriers and do not embody the principles of the target state.
    • Bureaucracy and politics restrict changes and encourage the status quo.
    • Industry standards, technologies, and frameworks do not support or cannot be tailored to fit the desired culture.
    • Some teams are deliberately excluded from the scoping, planning, and execution of key product and service delivery and management activities.

    Agile does not solve team culture challenges.
    43% of organizations cited organizational culture as a significant barrier to adopting and scaling Agile practices.
    Source: Digital.ai, 2021.

    "Providing a great employee experience" as the second priority (after recruiting) highlights the emphasis organizations are placing on helping employees adjust after having been forced to change the way work gets done.
    Source: McLean & Company, 2022; N=826.

    Use your applications priorities to help address your pressure points

    Success can be dependent on your ability to navigate around or alleviate your pressure points. Design and market your applications priorities to bring attention to your pressure points and position them as key risk factors to their success.

    Applications Priorities
    Digital Experience (DX) Intelligent Automation Proactive Application Management Multisource Systems Digital Organization as a Platform
    Attracting and Retaining Talent Enhance the employee experience Be transparent and support role changes Shift focus from maintenance to innovation Enable business-managed applications Promote and showcase achievements and successes
    Maximizing the Return on Technology Modernize or extend the use of existing investments Automate applications across multiple business functions Improve the reliability of mission-critical applications Enhance the functionality of existing applications Increase visibility of underused applications
    Confidently Shifting to Digital Prioritize DX in your shift to digital Select the capabilities that will benefit most from automation Prepare applications to support digital tools and technologies Use best-of-breed tools to meet specific digital needs Bring all applications up to a common digital standard
    Addressing Competing Priorities Ground your digital vision, goals, and objectives Recognize and evaluate the architectural impact Rationalize the health of the applications Agree on a common philosophy on system composition Map to a holistic platform vision, goals, and objectives
    Fostering a Collaborative Culture Involve all perspectives in defining and delivering DX Involve the end user in the delivery and testing of the automated process Include the technical perspective in the viability of future applications plans Discuss how applications can work together better in an ecosystem Ensure the platform is configured to meet the individual needs of the users
    Creating High-Throughput Teams Establish delivery principles centered on DX Remove manual, error-prone, and mundane tasks Simplify applications to ease delivery and maintenance Alleviate delivery bottlenecks and issues Abstract the enterprise system to expedite delivery

    Digital Experience (DX)

    PRIORITY 1

    • Deliver Valuable User, Customer, Employee, and Brand Experiences

    Delivering valuable digital experiences requires the adoption of good management, governance, and operational practices to accommodate stakeholder, employee, customer, and end-user expectations of digital experiences (e.g. product management, automation, and iterative delivery). Technologies are chosen based on what best enables, delivers, and supports these expectations.

    Introduction

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    What is digital experience (DX)?

    Digital experience (DX) refers to the interaction between a user and an organization through digital products and services. Digital products and services are tools, systems, devices, and resources that gather, store, and process data; are continuously modernized; and embody eight key attributes that are described on the following slide. DX is broken down into four distinct perspectives*:

    • Customer Experience – The immediate perceptions of transactions and interactions experienced through a customer's journey in the use of the organization's digital
      products and services.
    • End-User Experience – Users' emotions, beliefs, and physical and psychological responses
      that occur before, during, or after interacting with a digital product or service.
    • Brand Experience – The broader perceptions, emotions, thoughts, feelings and actions the public associate with the organization's brand and reputation or its products and services. Brand experience evolves over time as customers continuously engage with the brand.
    • Employee Experience – The satisfaction and experience of an employee through their journey with the organization, from recruitment and hiring to their departure. How an employee embodies and promotes the organization brand and culture can affect their performance, trust, respect, and drive to innovate and optimize.
    Digital Products and Services
    Customer Experience Brand Experience Employee Experience End-User Experience

    Digital products and services have a common set of attributes

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    • Digital products and services must keep pace with changing business and end-user needs as well as tightly supporting your maturing business model with continuous modernization. Focus your continuous modernization on the key characteristics that drive business value.
    • Fit for purpose: Functionalities are designed and implemented for the purpose of satisfying the end user's needs and solving their problems.
    • User-centric: End users see the product as rewarding, engaging, intuitive, and emotionally satisfying. They want to come back to it.
    • Adaptable: The product can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components.
    • Accessible: The product is available on demand and on the end user's preferred interface.
      End users have a seamless experience across all devices.
    • Private and secured: The end user's activity and data are protected from unauthorized access.
    • Informative and insightful: The product delivers consumable, accurate, and trustworthy real-time data that is important to the end user.
    • Seamless application connection: The product facilitates direct interactions with one or more other products through an uninterrupted user experience.
    • Relationship and network building: The product enables and promotes the connection and interaction of people.

    The Business Value cycle of continuous modernization.

    Signals

    DX is critical for business growth and maturity, but the organization may not be ready

    A good DX has become a key differentiator that gives organizations an advantage over their competition and peers. Shifts in working environments; employee, customer, and stakeholder expectations; and the advancements in modern technologies have raised the importance of adopting and transitioning to digital processes and tools to stay relevant and responsive to changing business and technology conditions.

    Applications teams are critical to ensuring the successful delivery and operation of these digital processes and tools. However, they are often under-resourced and challenged to meet their DX goals.

    • 7% of both business and IT respondents think IT has the resources needed to keep up with digital transformation initiatives and meet deadlines (Cyara, 2021).
    • 43% of respondents said that the core barrier to digital transformation is a lack of skilled resources (Creatio, 2021).
    A circle graph is shown with 91% of the circle coloured in dark blue, with the number 91% in the centre.

    of organizations stated that at least 1% of processes were shifted from being manually completed to digitally completed in the last year. 29% of organizations stated at least 21% were shifted.

    Source: Tech Trends and Priorities 2023; N=500.

    A circle graph is shown with 98% of the circle coloured in dark blue, with the number 98% in the centre.

    of organizations recognized digital transformation is important for competitive advantage. 94% stated it is important to enhance customer experience, and 91% stated it will have a positive impact on revenue.

    Source: Cyara, 2021.

    Drivers

    Brand and reputation

    Customers are swayed by the innovations and advancements in digital technologies and expect your applications team to deliver and support them. Your leaders recognize the importance of these expectations and are integrating them into their business strategy and brand (how the organization presents itself to its customers, employees and the public). They hope that their actions will improve and shape the company's reputation (public perception of the company) as effective, customer-focused, and forward-thinking.

    Worker productivity

    As you evolve and adopt more complex tools and technology, your stakeholders will expect more from business units and IT teams. Unfortunately, teams employing manual processes and legacy systems will struggle to meet these expectations. Digital products and services promote the simplification of complex operations and applications and help the business and your teams better align operational practices with strategic goals and deliver valuable DX.

    Organization modernization

    Legacy processes, systems, and ways of working are no longer suitable for meeting the strategic digital objectives and DX needs stakeholders expect. They drive up operational costs without increased benefits, impede business growth and innovation, and consume scarce budgets that could be used for other priorities. Shifting to digital tools and technologies will bring these challenges to light and demonstrate how modernization is an integral part of DX success.

    Benefits & Risks

    Benefits

    • Flexibility & Satisfaction
    • Adoption
    • Reliability

    Employees and customers can choose how they want to access, modify, and consume digital products and services. They can be tailored to meet the specific functional needs, behaviors, and habits of the end user.

    The customer, end user, brand, and employee drive selection, design, and delivery of digital products and services. Even the most advanced technologies will fail if key roles do not see the value in their use.

    Digital products and services are delivered with technical quality built into them, ensuring they meet the industry, regulatory, and company standards throughout their lifespan and in various conditions.

    Risks

    • Legacy & Lore
    • Bureaucracy & Politics
    • Process Inefficiencies
    • No Quality Standards

    Some stakeholders may not be willing to change due to their familiarity and comfort of business practices.

    Competing and conflicting priorities of strategic products and services undermine digital transformation and broader modernization efforts.

    Business processes are often burdened by wasteful activities. Digital products and services are only as valuable as the processes they support.

    The performance and support of your digital products and services are hampered due to unmanageable technical debt because of a deliberate decision to bypass or omit quality good practices.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enhance the employee experience.

    Design the digital processes, tools, and technologies to meet the individual needs of the employee.

    Maximizing the Return on Technology

    Modernize or extend the use of existing investments.

    Drive higher adoption of applications and higher user value and productivity by implementing digital capabilities to the applications that will gain the most.

    Confidently Shifting to Digital

    Prioritize DX in your shift to digital. Include DX as part of your definition of success.

    Your products and services are not valuable if users, customers, and employees do not use them.

    Addressing Competing Priorities

    Ground your digital vision, goals, and objectives

    Establish clear ownership of DX and digital products and services with a cross-functional prioritization framework.

    Fostering a Collaborative Culture

    Involve all perspectives in defining and delivering DX.

    Maintain a committee of owners, stakeholders, and delivery teams to ensure consensus and discuss how to address cross-functional opportunities and risks.

    Creating High-Throughput Teams

    Establish delivery principles centered on DX.

    Enforce guiding principles to streamline and simplify DX delivery, such as plug-and-play architecture and quality standards.

    Recommendations

    Build a digital business strategy

    A digital business strategy clearly articulates the goals and ambitions of the business to adopt digital practices, tools, and technologies. This document:

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Establishes accountability with the executive leadership.
    • States the importance of cross-functional participation from senior management across the organization.

    Related Research:

    Learn, understand, and empathize with your users, employees, and customers

    • To create a better product, solution, or service, understanding those who use it, their needs, and their context is critical.
    • A great experience design practice can help you balance those goals so that they are in harmony with those of your users.
    • IT leaders must find ways to understand the needs of the business and develop empathy on a much deeper level. This empathy is the foundation for a thriving business partnership.

    Related Research:

    Recommendations

    Center product and service delivery decisions and activities on DX and quality

    User, customer, employee, and brand are integral perspectives on the software development lifecycle (SDLC) and the management and governance practices supporting digital products and services. It ensures quality standards and controls are consistently upheld while maintaining alignment with various needs and priorities. The goal is to come to a consensus on a universal definition and approach to embed quality and DX-thinking throughout the delivery process.

    Related Research:

    Instill collaborative delivery practices

    Today's rapidly scaling and increasingly complex digital products and services create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality. This pressure is further compounded by the competing priorities of individual stakeholders and the nuances among different personas of digital products and services.

    A collaborative delivery practice sets the activities, channels, and relationships needed to deliver a valuable and quality product or service with cross-functional awareness, accountability, and agreement.

    Related Research:

    Recommendations

    Continuously monitor and modernize your digital products and services

    Today's modern digital products and services are tomorrow's shelfware. They gradually lose their value, and the supporting technologies will become obsolete. Modernization is a continuous need.

    Data-driven insights help decision makers decide which products and services to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Enhancements focusing on critical business capabilities strengthen the case for investment and build trust with all stakeholders.

    Related Research:

    CASE STUDY
    Mastercard in Asia

    Focus on the customer journey

    Chief Marketing Officer M.V. Rajamannar (Raja) wanted to change Mastercard's iconic "Priceless" ad campaign (with the slogan "There are some things money can't buy. For everything else there's Mastercard."). The main reasons were that the campaign relied on one-way communication and targeted end customers, even though Mastercard doesn't issue cards directly to customers; partner banks do. To drive the change in campaign, Raja and his team created a digital engine that leveraged digital and social media. Digital engine is a seven-step process based on insights gleaned from data and real-time optimization.

    1. Emotional spark: Using data to understand customers' passion points, Mastercard builds videos and creatives to ignite an emotional spark and give customers a reason to engage. For example, weeks before New Year's Eve, Mastercard produced a video with Hugh Jackman to encourage customers to submit a story about someone who deeply mattered to them. The authors of the winning story would be flown to reunite with those both distant and dear.
    2. Engagement: Mastercard targets the right audience with a spark video through social media to encourage customers to share their stories.
    3. Offers: To help its partner banks and merchants in driving their business, the company identifies the best offers to match consumers' interests. In the above campaign, Mastercard's Asia-Pacific team found that Singapore was a favorite destination for Indian customers, so they partnered with Singapore's Resorts World Sentosa with an attractive offer.
    4. Real-time optimization: Mastercard optimizes, in real time, a portfolio of several offers through A/B testing and other analysis.
    5. Amplification: Real-time testing provides confidence to Mastercard about the potential success of these offers and encourages its bank and merchant partners to co-market and co-fund these campaigns.
    6. Network effects: A few weeks after consumers submitted their stories about distant loved ones, Mastercard selected winners, produced videos of them surprising their friends and families, and used these videos in social media to encourage sharing.
    7. Incremental transactions: These programs translate into incremental business for banks who issue cards, for merchants where customers spend money, and for Mastercard, which gets a portion of every transaction.

    Source: Harvard Business Review Press

    CASE STUDY
    Mastercard in Asia (cont'd)

    Focus on the customer journey

    1. Emotional Spark
      Drives genuine personal stories
    2. Engagement
      Through Facebook
      and social media
    3. Offers
      From merchants
      and Mastercard assets
    4. Optimization
      Real-time testing of offers and themes
    5. Amplification
      Paid and organic programmatic buying
    6. Network Effects
      Sharing and
      mass engagement
    7. Incremental Transactions
      Win-win for all parties

    CASE STUDY
    Mastercard in Asia (cont'd)

    The Mastercard case highlights important lessons on how to engage customers:

    • Have a broad message. Brands need to connect with consumers over how they live and spend their time. Organizations need to go beyond the brand or product message to become more relevant to consumers' lives. Dove soap was very successful in creating a conversation among consumers with its "Real Beauty" campaign, which focused not on the brand or even the product category, but on how women and society view beauty.
    • Shift from storytelling to story making. To break through the clutter of advertising, companies need to move from storytelling to story making. A broader message that is emotionally engaging allows for a two-way conversation.
    • Be consistent with the brand value. The brand needs to stand for something, and the content should be relevant to and consistent with the image of the brand. Pepsi announced an award of $20 million in grants to individuals, businesses, and nonprofits that promote a new idea to make a positive impact on community. A large number of submissions were about social causes that had nothing to do with Pepsi, and some, like reducing obesity, were in conflict with Pepsi's product.
    • Create engagement that drives business. Too much entertainment in ads may engage customers but detract from both communicating the brand message and increasing sales. Simply measuring the number of video views provides only a partial picture of a program's success.

    Intelligent Automation

    PRIORITY 2

    • Extend Automation Practices with AI and ML

    AI and ML are rapidly growing. Organizations see the value of machines intelligently executing high-performance and dynamic tasks such as driving cars and detecting fraud. Senior leaders see AI and ML as opportunities to extend their business process automation investments.

    Introduction

    Intelligent automation is the next step in your business process automation journey

    What is intelligent automation (IA)?

    Intelligent automation (IA) is the combination of traditional automation technologies, such as business process management (BPM) and robotic process automation (RPA), with AI and ML. The goal is to further streamline and scale decision making across various business processes by:

    • Removing human interactions.
    • Addressing decisions that involve complex variables.
    • Automatically adapting processes to changing conditions.
    • Bridging disparate automation technologies into an integrated end-to-end value delivery pipeline.

    "For IA to succeed, employees must be involved in the transformation journey so they can experience firsthand the benefits of a new way of working and creating business value," (Cognizant).

    What is the difference between IA and hyperautomation?

    "Hyperautomation is the act of automating everything in an organization that can be automated. The intent is to streamline processes across an organization using intelligent automation, which includes AI, RPA and other technologies, to run without human intervention. … Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible" (IBM, 2021).

    Note that hyperautomation often enables IA, but teams solely adopting IA do not need to abide to its automation-first principles.

    IA is a combination of various tools and technologies

    What tools and technologies are involved in IA?

    • Artificial intelligence (AI) & Machine Learning (ML) – AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. AI is making its own decisions without human intervention. Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned. AI is a combination of technologies and can include machine learning.
    • Intelligent Business Process Management System (iBPMS) – Combination of BPM tools with AI and other intelligence capabilities.
    • Robotic Process Automation (RPA) – Robots leveraging an application's UI rather than programmatic access. Automate rules-based, repetitive tasks performed by human workers with AI/ML.
    • Process Mining & Discovery – Process mining involves reading system event logs and application transactions and applying algorithmic analysis to automatically identify and map inferred business processes. Process discovery involves unintrusive virtual agents that sit on a user's desktop and record and monitor how they interact with applications to perform tasks and processes. Algorithms are then used to map and analyze the processes.
    • Intelligent Document Processing – The conversion of physical or unstructured documents into a structured, digital format that can be used in automation solutions. Optical character recognition (OCR) and natural language processing (NPL) are common tools used to enable this capability.
    • Advanced Analytics – The gathering, synthesis, transformation, and delivery of insightful and consumable information that supports data-driven decision making. Data is queried from various disparate sources and can take on a variety of structured and unstructured formats.

    The cycle of IA technologies

    Signals

    Process automation is an executive priority and requires organizational buy-in

    Stakeholders recognize the importance of business process automation and AI and are looking for ways to deliver more value using these technologies.

    • 90% of executives stated automating business workflows post-COVID-19 will ensure business continuity (Kofax, 2022).
    • 88% of executives stated they need to fast-track their end-to-end digital transformation (Kofax, 2022).

    However, the advertised benefits to vendors of enabling these desired automations may not be easily achievable because of:

    • Manual and undocumented business processes.
    • Fragmented and inaccessible systems.
    • Poor data quality, insights, and security.
    • The lack of process governance and management practice.
    A circle graph is shown with 49% of the circle coloured in dark blue, with the number 49% in the centre.

    of CXOs stated staff sufficiency, skill and engagement issues as a minor IT pain point compared to 51% of CIOs stated this issue as a major pain point.

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    A circle graph is shown with 36% of the circle coloured in dark blue, with the number 36% in the centre.

    of organizations have already invested in AI or machine learning.

    Source: Tech Trends and Priorities 2023; N=662

    Drivers

    Quality & throughput

    Products and services delivered through an undefined and manual process risk the creation of preventable and catchable defects, security flaws and holes, missing information, and other quality issues. IA solutions consistently reinforce quality standards the same way across all products and services while tailoring outputs to meet an individual's specific needs. Success is dependent on the accurate interpretation and application of quality standards and the user's expectations.

    Worker productivity

    IA removes the tedious, routine, and mundane tasks that distract and restrict employees from doing more valuable, impactful, and cognitively focused activities. Practical insights can also be generated through IA tools that help employees make data-driven decisions, evaluate problems from different angles, and improve the usability and value of the products and services they produce.

    Good process management practices

    Automation magnifies existing inefficiencies of a business process management practice, such as unclear and outdated process documentation and incorrect assumptions. IA reinforces the importance of good business process optimization practices, such as removing waste and inefficiencies in a thoughtful way, choosing the most appropriate automation solution, and configuring the process in the right way to maximize the solution's value.

    Benefits & Risks

    Benefits

    • Documentation
    • Hands-Off
    • Reusability

    All business processes must be mapped and documented to be automated, including business rules, data entities, applications, and control points.

    IA can be configured and orchestrated to automatically execute when certain business, process, or technology conditions are met in an unattended or attended manner.

    IA is applicable in use cases beyond traditional business processes, such as automated testing, quality control, audit, website scraping, integration platform, customer service, and data transfer.

    Risks

    • Data Quality & Bias
    • Ethics
    • Recovery & Security
    • Management

    The accuracy and relevance of the decisions IA makes are dependent on the overall quality of the data
    used to train it.

    Some decisions can have significant reputational, moral, and ethical impacts if made incorrectly.
    The question is whether it is appropriate for a non-human to make that decision.

    IA is composed of technologies that can be compromised or fail. Without the proper monitoring, controls,
    and recovery protocols, impacted IA will generate significant business and IT costs and can potentially harm customers, employees, and the organization.

    Low- and no-code capabilities ease and streamline IA development, which makes it susceptible to becoming unmanageable. Discipline is needed to ensure IA owners are aware of the size and health of the IA portfolio.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Be transparent and support role changes.

    Plan to address the human sentiment with automation (e.g. job security) and the transition of the role to other activities.

    Maximizing the Return on Technology

    Automate applications across multiple business functions.

    Recognize the value opportunities of improving and automating the integration of cross-functional processes.

    Confidently Shifting to Digital

    Maximize the learning of automation fit.

    Select the right capabilities to demonstrate the value of IA while using lessons learned to establish the appropriate support.

    Addressing Competing Priorities

    Recognize automation opportunities with capability maps.

    Use a capability diagram to align strategic IA objectives with tactical and technical IA initiatives.

    Fostering a Collaborative Culture

    Involve the user in the delivery process.

    Maximize automation adoption by ensuring the user finds value in its use before deployment.

    Creating High-Throughput Teams

    Remove manual, error-prone, and mundane tasks.

    Look for ways to improve team throughput by removing wasteful activities, enforcing quality, and automating away tasks driving down productivity.

    Recommendations

    Build your business process automation playbook and practice

    Formalize your business process automation practice with a good toolkit and a repeatable set of tactics and techniques.

    • Clarify the problem being solved with IA.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases.

    Related Research:

    Explore the various IA tooling options

    Each IA tool will address a different problem. Which tool to choose is dependent on a variety of factors, such as functional suitability, technology suitability, delivery and support capabilities, alignment to strategic business goals, and the value it is designed to deliver.

    Related Research:

    Recommendations

    Introduce AI and ML thoughtfully and with a plan

    Despite the many promises of AI, organizations are struggling to fully realize its potential. The reasons boil down to a lack of understanding of when these technologies should and shouldn't be used, as well as a fear of the unknown. The plan to adopt AI should include:

    • Understanding of what AI really means in practice.
    • Identifying specific applications of AI in the business.
    • Understanding the type of AI applicable for the situation.

    Related Research:

    Mitigate AI and ML bias

    Biases can be introduced into an IA system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used and what assumptions were made. In most cases, AI and ML bias is a is a social, political, and business problem.

    While bias may not be intentional nor completely prevented or eliminated, early detection, good design, and other proactive preventative steps can be taken to minimize its scope and impact.

    Related Research:

    CASE STUDY
    University Hospitals

    Challenge

    University Hospitals Cleveland (UH) faces the same challenge that every major hospital confronts regarding how to deliver increasingly complex, high-quality healthcare to a diverse population efficiently and economically. In 2017, UH embarked on a value improvement program aiming to improve quality while saving $400 million over a five-year period.

    In emergency department (ED) and inpatient units, leaders found anticipating demand difficult, and consequently units were often over-staffed when demand was low and under-staffed when demand was high. Hospital leaders were uncertain about how to reallocate resources based on capacity needs.

    Solution

    UH turned to Hospital IQ's Census Solution to proactively manage capacity, staff, and flow in the ED and inpatient areas.

    By applying AI, ML, and external data (e.g. weather forecasts) to the hospital's own data (including EMR data and hospital policies), the solution helped UH make two-day census forecasts that managers used to determine whether to open or close in-patient beds and, when necessary, divert low-acuity patients to other hospitals in the system to handle predicted patient volume.

    Source: University Hospitals

    Results

    ED boarding hours have declined by 10% and the hospital has seen a 50% reduction in the number of patients who leave the hospital without
    being seen.

    UH also predicts in advance patients ready for discharge and identifies roadblocks, reducing the average length of stay by 15%. UH is able to better manage staff, reducing overtime and cutting overall labor costs.

    The hospital has also increased staff satisfaction and improved patient safety by closing specific units on weekends and increasing the number of rooms that can be sterilized.

    Proactive Application Management

    PRIORITY 3

    • Strengthen Applications to Prevent and Minimize the Impact of Future Issues

    Application management is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on application management when it becomes a problem. The lack of governance and practice accountability leaves this practice in a chaotic state: politics take over, resources are not strategically allocated, and customers are frustrated. As a result, application management is often reactive and brushed aside for new development.

    Introduction

    What is application management?

    Application management ensures valuable software is successfully delivered and is maintained for continuous and sustainable business operations. It contains a repeatable set of activities needed to rationalize and roadmap products and services while balancing priorities of new features and maintenance tasks.

    Unfortunately, application management is commonly perceived as a practice that solely addresses issues, updates, and incidents. However, application management teams are also tasked with new value delivery that was not part of the original release.

    Why is an effective application maintenance (reactive) practice not good enough?

    Application maintenance is the "process of modifying a software system or its components after delivery to correct faults, improve performance or other attributes, or adapt to a changed environment or business process," (IEEE, 1998). While it is critical to quickly fix defects and issues when they occur, reactively addressing them is more expensive than discovering them early and employing the practices to prevent them.

    Even if an application is working well, its framework, architecture, and technology may not be compatible with the possible upcoming changes stakeholders and vendors may want to undertake. Applications may not be problems now, but they soon can be.

    What motivates proactive application changes?

    This image shows the motivations for proactive application changes, sorted by external and internal sources.

    Proactive application management must be disciplined and applied strategically

    Proactive application management practices are critical to maintaining business continuity. They require continuous review and modification so that applications are resilient and can address current and future scenarios. Depending on the value of the application, its criticality to business operations, and its susceptibility to technology change, a more proactive management approach may be warranted. Stakeholders can then better manage resources and budget according to the needs of specific products.

    Reactive Management

    Run-to-Failure

    Fix and enhance the product when it breaks. In most cases, a plan is in place ahead of a failure, so that the problem can be addressed without significant disruption and costs.

    Preventive

    Regularly inspect and optimize the product to reduce the likelihood that it will fail in the future. Schedule inspections based on a specific timeframe or usage threshold.

    Predictive

    Predict failures before they happen using performance and usage data to alert teams when products are at risk of failure according to specified conditions.

    Reliability and Risk Based

    Analyze all possible failure scenarios for each component of the product and create tailored delivery plans to improve the stability, reliability, and value of each product.

    Proactive Management

    Signals

    Applications begin to degrade as soon as they are used

    Today's applications are tomorrow's shelfware. They gradually lose their value, stability, robustness, and compatibility with other enterprise technologies. The longer these applications are left unattended or simply "keeping the lights on," the more risks they will bring to the application portfolio, such as:

    • Discovery and exploitation of security flaws and gaps.
    • Increasing the lock-in to specific vendor technologies.
    • Inconsistent application performance across various workloads.

    These impacts are further compounded by the continuous work done on a system burdened with technical debt. Technical debt describes the result of avoided costs that, over time, cause ongoing business impacts. Left unaddressed, technical debt can become an existential threat that risks your organization's ability to effectively compete and serve its customers. Unfortunately, most organizations have a significant, growing, unmanageable technical debt portfolio.

    A circle graph is shown with 60% of the circle coloured in dark green, with the number 60% in the centre.

    of respondents stated they saw an increase in perceived change in technical debt during the past three years. A quarter of respondents indicated that it stayed the same.

    Source: McKinsey Digital, 2020.

    US
    $4.35
    Million

    is the average cost of a data breach in 2022. This figure represents a 2.6% increase from last year. The average cost has climbed 12.7% since 2020.

    Source: IBM, 2022; N=537.

    Drivers

    Technical debt

    Historical decisions to meet business demands by deferring key quality, architectural, or other software delivery activities often lead to inefficient and incomplete code, fragile legacy systems, broken processes, data quality problems, and the other contributors to technical debt. The impacts for this challenge is further heightened if organizations are not actively refactoring and updating their applications behind the scenes. Proactive application management is intended to raise awareness of application fragility and prioritize comprehensive refactoring activities alongside new feature development.

    Long-term application value

    Applications are designed, developed, and tested against a specific set of parameters which may become less relevant over time as the business matures, technology changes, and user behaviors and interactions shift. Continuous monitoring of the application system, regular stakeholder and user feedback, and active technology trend research and vendor engagement will reveal tasks to prepare an application for future value opportunities or stability and resilience concerns.

    Security and resiliency

    Innovative approaches to infiltrating and compromising applications are becoming prevailing stakeholder concerns. The loopholes and gaps in existing application security protocols, control points, and end-user training are exploited to gain the trust of unsuspecting users and systems. Proactive application management enforces continuous security reviews to determine whether applications are at risk. The goal is to prevent an incident from happening by hardening or complementing measures already in place.

    Benefits & Risks

    Benefits

    • Consistent Performance
    • Robustness
    • Operating Costs

    Users expect the same level of performance and experience from their applications in all scenarios. A proactive approach ensures the configurations meet the current needs of users and dependent technologies.

    Proactively managed applications are resilient to the latest security concerns and upcoming trends.

    Continuous improvements to the underlying architecture, codebase, and interfaces can minimize the cost to maintain and operate the application, such as the transition to a loosely coupled architecture and the standardization of REST APIs.

    Risks

    • Stakeholder Buy-In
    • Delayed Feature Releases
    • Team Capacity
    • Discipline

    Stakeholders may not see the association between the application's value and its technical quality.

    Updates and enhancements are system changes much like any application function. Depending
    on the priority of these changes, new functions may be pushed off to a future release cycle.

    Applications teams require dedicated capacity to proactively manage applications, but they are often occupied meeting other stakeholder demands.

    Overinvesting in certain application management activities (such as refactoring, re-architecture, and redesign) can create more challenges. Knowing how much to do is important.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Shift focus from maintenance to innovation.

    Work on the most pressing and critical requests first, with a prioritization framework reflecting cross-functional priorities.

    Maximizing the Return on Technology

    Improve the reliability of mission-critical applications.

    Regularly verify and validate applications are up to date with the latest patches and fixes and comply with industry good practices and regulations.

    Confidently Shifting to Digital

    Prepare applications to support digital tools and technologies.

    Focus enhancements on the key components required to support the integration, performance, and security needs of digital.

    Addressing Competing Priorities

    Rationalize the health of the applications.

    Use data-driven, compelling insights to justify the direction and prioritization of applications initiatives.

    Fostering a Collaborative Culture

    Include the technical perspective in the viability of future applications plans.

    Demonstrate how poorly maintained applications impede the team's ability to deliver confidently and quickly.

    Creating High-Throughput Teams

    Simplify applications to ease delivery and maintenance.

    Refactor away application complexities and align the application portfolio to a common quality standard to reduce the effort to deliver and test changes.

    Recommendations

    Reinforce your application maintenance practice

    Maintenance is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on maintenance when it becomes a problem.

    • Justify the necessity of streamlined maintenance.
    • Strengthen triaging and prioritization practices.
    • Establish and govern a repeatable process.

    Ensure product issues, incidents, defects, and change requests are promptly handled to minimize business and IT risks.

    Related Research:

    Build an application management practice

    Apply the appropriate management approaches to maintain business continuity and balance priorities and commitments among maintenance and new development requests.

    This practice serves as the foundation for creating exceptional customer experience by emphasizing cross-functional accountability for business value and product and service quality.

    Related Research:

    Recommendations

    Manage your technical debt

    Technical debt is a type of technical risk, which in turn is business risk. It's up to the business to decide whether to accept technical debt or mitigate it. Create a compelling argument to stakeholders as to why technical debt should be a business priority rather than just an IT one.

    • Define and identify your technical debt.
    • Conduct a business impact analysis.
    • Identify opportunities to better manage technical debt.

    Related Research:

    Gauge your application's health

    Application portfolio management is nearly impossible to perform without an honest and thorough understanding of your portfolio's alignment to business capabilities, business value, total cost of ownership, end-user reception and satisfaction, and technical health.

    Develop data-driven insights to help you decide which applications to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Related Research:

    Recommendations

    Adopt site reliability engineering (SRE) and DevOps practices

    Site reliability engineering (SRE) is an operational model for running online services more reliably by a team of dedicated reliability-focused engineers.

    DevOps, an operational philosophy promoting development and operations collaboration, can bring the critical insights to make application management practices through SRE more valuable.

    Related Research:

    CASE STUDY
    Government Agency

    Goal

    A government agency needed to implement a disciplined, sustainable application delivery, planning, and management process so their product delivery team could deliver features and changes faster with higher quality. The goal was to ensure change requests, fixes, and new features would relieve requester frustrations, reduce regression issues, and allow work to be done on agreeable and achievable priorities organization-wide. The new model needed to increase practice efficiency and visibility in order to better manage technical debt and focus on value-added solutions.

    Solution

    This organization recognized a number of key challenges that were inhibiting its team's ability to meet its goals:

    • The product backlog had become too long and unmanageable.
    • Delivery resources were not properly allocated to meet the skills and capabilities needed to successfully meet commitments.
    • Quality wasn't defined or enforced, which generated mounting technical debt.
    • There was a lack of clear metrics and defined roles and responsibilities.
    • The business had unrealistic and unachievable expectations.

    Source: Info-Tech Workshop

    Key practices implemented

    • Schedule quarterly business satisfaction surveys.
    • Structure and facilitate regular change advisory board meetings.
    • Define and enforce product quality standards.
    • Standardize a streamlined process with defined roles.
    • Configure management tools to better handle requests.

    Multisource Systems

    PRIORITY 4

    • Manage an Ecosystem Composed of In-House and Outsourced Systems

    Various market and company factors are motivating a review on resource and system sourcing strategies. The right sourcing model provides key skills, resources, and capabilities to meet innovation, time to market, financial, and quality goals of the business. However, organizations struggle with how best to support sourcing partners and to allocate the right number of resources to maximize success.

    Introduction

    A multisource system is an ecosystem of integrated internally and externally developed applications, data, and infrastructure. These technologies can be custom developed, heavily configured vendor solutions, or they may be commercial off-the-shelf (COTS) solutions. These systems can also be developed, supported, and managed by internal staff, in partnership with outsourced contractors, or be completely outsourced. Multisource systems should be configured and orchestrated in a way that maximizes the delivery of specific value drivers for the targeted audience.

    Successfully selecting a sourcing approach is not a simple RFP exercise to choose the lowest cost

    Defining and executing a sourcing approach can be a significant investment and risk because of the close interactions third-party services and partners will have with internal staff, enterprise applications and business capabilities. A careful selection and design is necessary.

    The selection of a sourcing partner is not simple. It involves the detailed inspection and examination of different candidates and matching their fit to the broader vision of the multisource system. In cases where control is critical, technology stack and resource sourcing consolidation to a few vendors and partners is preferred. In other cases, where worker productivity and system flexibility are highly prioritized, a plug-and-play best-of-breed approach is preferred.

    Typical factors involved in sourcing decisions.

    Sourcing needs to be driven by your department and system strategies

    How does the department want to be perceived?

    The image that your applications department and teams want to reflect is frequently dependent on the applications they deliver and support, the resources they are composed of, and the capabilities they provide.

    Therefore, choosing the right sourcing approach should be driven by understanding who the teams are and want to be (e.g. internal builder, an integrator, a plug-in player), what they can or want to do (e.g. custom-develop or implement), and what they can deliver or support (e.g. cloud or on-premises) must be established.

    What value is the system delivering?

    Well-integrated systems are the lifeblood of your organization. They provide the capabilities needed to deliver value to customers, employees, and stakeholders. However, underlying system components may not be sourced under a unified strategy, which can lead to duplicate vendor services and high operational costs.

    The right sourcing approach ensures your partners address key capabilities in your system's delivery and support, and that they are positioned to maximize the value of critical and high-impact components.

    Signals

    Business demand may outpace what vendors can support or offer

    Outsourcing and shifting to a buy-over-build applications strategy are common quick fixes to dealing with capacity and skills gaps. However, these quick fixes often become long-term implementations that are not accounted for in the sourcing selection process. Current application and resource sourcing strategies must be reviewed to ensure that vendor arrangements meet the current and upcoming demands and challenges of the business, customers, and enterprise technologies, such as:

    • Pressure from stakeholders to lower operating costs while maintaining or increasing quality and throughput.
    • Technology lock-in that addresses short-term needs but inhibits long-term growth and maturity.
    • Team capacity and talent acquisition not meeting the needs of the business.
    A circle graph is shown with 42% of the circle coloured in dark brown, with the number 42% in the centre.

    of respondents stated they outsourced software development fully or partly in the last 12 months (2021).

    Source: Coding Sans, 2021.

    A circle graph is shown with 65% of the circle coloured in dark brown, with the number 65% in the centre.

    of respondents stated they were at least somewhat satisfied with the result of outsourcing software development.

    Source: Coding Sans, 2021.

    Drivers

    Business-managed applications

    Employees are implementing and building applications without consulting, notifying, or heeding the advice of IT. IT is often ill-equipped and under-resourced to fight against shadow IT. Instead, organizations are shifting the mindset of "fight shadow IT" to "embrace business-managed applications," using good practices in managing multisource systems. A multisource approach strikes the right balance between user empowerment and centralized control with the solutions and architecture that can best enable it.

    Unique problems to solve

    Point solutions offer features to address unique use cases in uncommon technology environments. However, point solutions are often deployed in siloes with limited integration or overlap with other solutions. The right sourcing strategy accommodates the fragmented nature of point solutions into a broader enterprise system strategy, whether that be:

    • Multisource best of breed – integrate various technologies that provide subsets of the features needed for supporting business functions.
    • Multisource custom – integrate systems built in-house with technologies developed by external organizations.
    • Vendor add-ons and integrations – enhance an existing vendor's offering by using their system add-ons as upgrades, new add-ons, or integrations.

    Vendor services

    Some vendor services in a multisource environment may be redundant, conflicting, or incompatible. Given that multisource systems are regularly changing, it is difficult to identify what services are affected, what would be needed to fill the gap of the removed solution, or which redundant services should be removed.

    A multisource approach motivates the continuous rationalization of your vendor services and partners to determine the right mixture of in-house and outsourced resources, capabilities, and technologies.

    Benefits & Risks

    Benefits

    • Business-Focused Solution
    • Flexibility
    • Cost Optimization

    Multisource systems can be designed to support an employee's ability to select the tools they want and need.

    The environment is architected in a loosely coupled approach to allow applications to be easily added, removed, and modified with minimized impact to other integrated applications.

    Rather than investing in large solutions upfront, applications are adopted when they are needed and are removed when little value is gained. Disciplined application portfolio management is necessary to see the full value of this benefit.

    Risks

    • Manageable Sprawl
    • Policy Adherence
    • Integration & Compatibility

    The increased number and diversity of applications in multisource system environments can overwhelm system managers who do not have an effective application portfolio management practice.

    Fragmented application implementations risk inconsistent adherence to security and other quality policies, especially in situations where IT is not involved.

    Application integration can quickly become tangled, untraceable, and unmanageable because of varying team and vendor preferences for specific integration technologies and techniques.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enable business-managed applications.

    Create the integrations to enable the easy connection of desired tools to enterprise systems with the appropriate guardrails.

    Maximizing the Return on Technology

    Enhance the functionality of existing applications.

    Complement current application capability gaps with data, features, and services from third-party applications.

    Confidently Shifting to Digital

    Use best-of-breed tools to meet specific digital needs.

    Select the best tools to meet the unique and special functional needs of the digital vision.

    Addressing Competing Priorities

    Agree on a common philosophy on system composition.

    Establish an owner of the multisource system to guide how the system should mature as the organization grows.

    Fostering a Collaborative Culture

    Discuss how applications can work together better in an ecosystem.

    Build committees to discuss how applications can better support each other and drive more value.

    Creating High-Throughput Teams

    Alleviate delivery bottlenecks and issues.

    Leverage third-party sources to fill skills and capacity gaps until a long-term solution can be implemented.

    Recommendations

    Define the goals of your applications department and product vision

    Understanding the applications team's purpose and image is critical in determining how the system they are managing and the skills and capacities they need should be sourced.

    Changing and conflicting definitions of value and goals make it challenging to convey an agreeable strategy of the multisource system. An achievable vision and practical tactics ensure all parties in the multisource system are moving in the same direction.

    Related Research:

    Develop a sourcing partner strategy

    Almost half of all sourcing initiatives do not realize projected savings, and the biggest reason is the choice of partner (Zhang et al., 2018). Making the wrong choice means inferior products, higher costs and the loss of both clients and reputation.

    Choosing the right sourcing partner involves understanding current skills and capacities, finding the right matching partner based on a desired profile, and managing a good working relationship that sees short-term gains and supports long-term goals.

    Related Research:

    Recommendations

    Strengthen enterprise integration practices

    Integration strategies that are focused solely on technology are likely to complicate rather than simplify because little consideration is given on how other systems and processes will be impacted. Enterprise integration needs to bring together business process, applications, and data – in that order.

    Kick-start the process of identifying opportunities for improvement by mapping how applications and data are coordinated to support business activities.

    Related Research:

    Manage your solution architecture and application portfolio

    Haphazardly implementing and integrating applications can generate significant security, performance, and data risks. A well-thought-through solution architecture is essential in laying the architecture quality principles and roadmap on how the multisource system can grow and evolve in a sustainable and maintainable way.

    Good application portfolio management complements the solution architecture as it indicates when low-value and unused applications should be removed to reduce system complexity.

    Related Research:

    Recommendations

    Embrace business-managed applications

    Multisource systems bring a unique opportunity to support the business and end users' desire to implement and develop their own applications. However, traditional models of managing applications may not accommodate the specific IT governance and management practices required to operate business-managed applications:

    • A collaborative and trusting business-IT relationship is key.
    • The role of IT must be reimagined.
    • Business must be accountable for its decisions.

    Related Research:

    CASE STUDY
    Cognizant

    Situation

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Cognizant seeks to carefully consider client culture to create a one-team environment.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs. the more traditional order-taker development partner.
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Today's clients don't typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Clients do want to know where the work is being delivered from, how it's being done.

    Source: interview with Jay MacIsaac, Cognizant.

    Approach

    • Best relationship comes where teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Want to build a one-team culture with shared goals and deliver business value.
    • Seek a partner that will add to their thinking not echo it.

    Results

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Digital Organization as a Platform

    PRIORITY 5

    • Create a Common Digital Interface to Access All Products and Services

    A digital platform enables organizations to leverage a flexible, reliable, and scalable foundation to create a valuable DX, ease delivery and management efforts, maximize existing investments, and motivate the broader shift to digital. This approach provides a standard to architect, integrate, configure, and modernize the applications that compose the platform.

    Introduction

    What is digital organization as a platform (DOaaP)?

    Digital organization as a platform (DOaaP) is a collection of integrated digital services, products, applications, and infrastructure that is used as a vehicle to meet and exceed an organization's digital strategies. It often serves as an accessible "place for exchanges of information, goods, or services to occur between producers and consumers as well as the community that interacts
    with said platform" (Watts, 2020).

    DOaaP involves a strategy that paves the way for organizations to be digital. It helps organizations use their assets (e.g. data, processes, products, services) in the most effective ways and become more open to cooperative delivery, usage, and management. This opens opportunities for innovation and cross-department collaborations.

    How is DOaaP described?

    1. Open and Collaborative
      • Open organization: open data, open APIs, transparency, and user participation.
      • Collaboration, co-creation, crowdsourcing, and innovation
    2. Accessible and Connected
      • Digital inclusion
      • Channel ubiquity
      • Integrity and interoperability
      • Digital marketplace
    3. Digital and Programmable
      • Digital identity
      • Policies and processes as code
      • Digital products and services
      • Enabling digital platforms

    Digital organizations follow a common set of principles and practices

    Customer-centricity

    Digital organizations are driven by customer focus, meeting and exceeding customer expectations. It must design its services with a "digital first" principle, providing access through every expected channel and including seamless integration and interoperability with various departments, partners, and third-party services. It also means creating trust in its ability to provide secure services and to keep privacy and ethics as core pillars.

    Leadership, management, and strategies

    Digital leadership brings customer focus to the enterprise and its structures and organizes efficient networks and ecosystems. Accomplishing this means getting rid of silos and a siloed mentality and aligning on a digital vision to design policies and services that are efficient, cost-effective, and provide maximum benefit to the user. Asset sharing, co-creation, and being open and transparent become cornerstones of a digital organization.

    Infrastructure

    Providing digital services across demographics and geographies requires infrastructure, and that in turn requires long-term vision, smart investments, and partnerships with various source partners to create the necessary foundational infrastructure upon which to build digital services.

    Digitization and automation

    Automation and digitization of processes and services, as well as creating digital-first products, lead to increased efficiency and reach of the organization across demographics and geographies. Moreover, by taking a digital-first approach, digital organizations future-proof their services and demonstrate their commitment to stakeholders.

    Enabling platforms

    DOaaP embraces open standards, designing and developing organizational platforms and ecosystems with a cloud-first mindset and sound API strategies. Developer experience must also take center stage, providing the necessary tools and embracing Agile and DevOps practices and culture become prerequisites. Cybersecurity and privacy are central to the digital platform; hence they must be part of the design and development principles and practices.

    Signals

    The business expects support for digital products and services

    Digital transformation continues to be a high-priority initiative for many organizations, and they see DOaaP as an effective way to enable and exploit digital capabilities. However, DOaaP unleashes new strategies, opportunities, and challenges that are elusive or unfamiliar to business leaders. Barriers in current business operating models may limit DOaaP success, such as:

    • Department and functional silos
    • Dispersed, fragmented and poor-quality data
    • Ill-equipped and under-skilled resources to support DOaaP adoption
    • System fragmentation and redundancies
    • Inconsistent integration tactics employed across systems
    • Disjointed user experience leading to low engagement and adoption

    DOaaP is not just about technology, and it is not the sole responsibility of either IT or business. It is the collective responsibility of the organization.

    A circle graph is shown with 47% of the circle coloured in dark blue, with the number 47% in the centre.

    of organizations plan to unlock new value through digital. 50% of organizations are planning major transformation over the next three years.

    Source: Nash Squared, 2022.

    A circle graph is shown with 70% of the circle coloured in dark blue, with the number 70% in the centre.

    of organizations are undertaking digital expansion projects focused on scaling their business with technology. This result is up from 57% in 2021.

    Source: F5 Inc, 2022.

    Drivers

    Unified brand and experience

    Users should have the same experience and perception of a brand no matter what product or service they use. However, fragmented implementation of digital technologies and inconsistent application of design standards makes it difficult to meet this expectation. DOaaP embraces a single design and DX standard for all digital products and services, which creates a consistent perception of your organization's brand and reputation irrespective of what products and services are being used and how they are accessed.

    Accessibility

    Rapid advancement of end-user devices and changes to end-user behaviors and expectations often outpace an organization's ability to meet these requirements. This can make certain organization products and services difficult to find, access and leverage. DOaaP creates an intuitive and searchable interface to all products and services and enables the strategic combination of technologies to collectively deliver more value.

    Justification for modernization

    Many opportunities are left off the table when legacy systems are abstracted away rather than modernized. However, legacy systems may not justify the investment in modernization because their individual value is outweighed by the cost. A DOaaP initiative motivates decision makers to look at the entire system (i.e. modern and legacy) to determine which components need to be brought up to a minimum digital state. The conversation has now changed. Legacy systems should be modernized to increase the collective benefit of the entire DOaaP.

    Benefits & Risks

    Benefits

    • Look & Feel
    • User Adoption
    • Shift to Digital

    A single, modern, customizable interface enables a common look and feel no matter what and how the platform is being accessed.

    Organizations can motivate and encourage the adoption and use of all products and services through the platform and increase the adoption of underused technologies.

    DOaaP motivates and supports the modernization of data, processes, and systems to meet the goals and objectives outlined in the broader digital transformation strategy.

    Risks

    • Data Quality
    • System Stability
    • Ability to Modernize
    • Business Model Change

    Each system may have a different definition of commonly used entities (e.g. customer), which can cause data quality issues when information is shared among these systems.

    DOaaP can stress the performance of underlying systems due to the limitations of some systems to handle increased traffic.

    Some systems cannot be modernized due to cost constraints, business continuity risks, vendor lock-in, legacy and lore, or other blocking factors.

    Limited appetite to make the necessary changes to business operations in order to maximize the value of DOaaP technologies.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent Promote and showcase achievements and successes. Share the valuable and innovative work of your teams across the organization and with the public.
    Maximizing the Return on Technology Increase visibility of underused applications. Promote the adoption and use of all products and services through the platform and use the lessons learned to justify removal, updates or modernizations.
    Confidently Shifting to Digital Bring all applications up to a common digital standard. Define the baseline digital state all applications, data, and processes must be in to maximize the value of the platform.
    Addressing Competing Priorities Map to a holistic platform vision, goals and objectives. Work with relevant stakeholders, teams and end users to agree on a common directive considering all impacted perspectives.
    Fostering a Collaborative Culture Ensure the platform is configured to meet the individual needs of the users. Tailor the interface and capabilities of the platform to address users' functional and personal concerns.
    Creating High-Throughput Teams Abstract the enterprise system to expedite delivery. Use the platform to standardize application system access to simplify platform changes and quicken development and testing.

    Recommendations

    Define your platform vision

    Organizations realize that a digital model is the way to provide more effective services to their customers and end users in a cost-effective, innovative, and engaging fashion. DOaaP is a way to help support this transition.

    However, various platform stakeholders will have different interpretations of and preferences for what this platform is intended to solve, what benefits it is supposed to deliver, and what capabilities it will deliver. A grounded vision is imperative to steer the roadmap and initiatives.

    Related Research:

    Assess and modernize your applications

    Certain applications may not sufficiently support the compatibility, flexibility, and efficiency requirements of DOaaP. While workaround technologies and tactics can be employed to overcome these application challenges, the full value of the DOaaP may not be realized.

    Reviewing the current state of the application portfolio will indicate the functional and value limitations of what DOaaP can provide and an indication of the scope of investment needed to bring applications up to a minimum state.

    Related Research:

    Recommendations

    Understand and evaluate end-user needs

    Technology has reached a point where it's no longer difficult for teams to build functional and valuable digital platforms. Rather, the difficulty lies in creating an interface and platform that people want to use and use frequently.

    While it is important to increase the access and promotion of all products and services, orchestrating and configuring them in a way to deliver a satisfying experience is even more important. Applications teams must first learn about and empathize with the needs of end users.

    Related Research:

    Architect your platform

    Formalizing and constructing DOaaP just for the sake of doing so often results in an initiative that is lengthy and costly and ends up being considered a failure.

    The build and optimization of the platform must be predicated on a thorough understanding of the DOaaP's goals, objectives, and priorities and the business capabilities and process they are meant to support and enable. The appropriate architecture and delivery practices can then be defined and employed.

    Related Research:

    CASE STUDY
    e-Estonia

    Situation

    The digital strategy of Estonia resulted in e-Estonia, with the vision of "creating a society with more transparency, trust, and efficiency." Estonia has addressed the challenge by creating structures, organizations, and a culture of innovation, and then using the speed and efficiency of digital infrastructure, apps, and services. This strategy can reduce or eliminate bureaucracy through transparency and automation.

    Estonia embarked on its journey to making digital a priority in 1994-1996, focusing on a committed investment in infrastructure and digital literacy. With that infrastructure in place, they started providing digital services like an e-banking service (1996), e-tax and mobile parking (2002), and then went full steam ahead with a digital information interoperability platform in 2001, digital identity in 2002, e-health in 2008, and e-prescription in 2010. The government is now strategizing for AI.

    Results

    This image contains the results of the e-Estonia case study results

    Source: e-Estonia

    Practices employed

    The e-Estonia digital government model serves as a reference for governments across the world; this is acknowledged by the various awards it has received, like #2 in "internet freedom," awarded by Freedom House in 2019; #1 on the "digital health index," awarded by the Bertelsmann Foundation in 2019; and #1 on "start-up friendliness," awarded by Index Venture in 2018.

    References

    "15th State of Agile Report." Digital.ai, 2021. Web.
    "2022 HR Trends Report." McLean & Company, 2022.
    "2022: State of Application Strategy Report." F5 Inc, 2022.
    "Are Executives Wearing Rose-Colored Glasses Around Digital Transformation?" Cyara, 2021. Web.
    "Cost of a Data Breach Report 2022." IBM, 2022. Web.
    Dalal, Vishal, et al. "Tech Debt: Reclaiming Tech Equity." McKinsey Digital, Oct. 2020. Web.
    "Differentiating Between Intelligent Automation and Hyperautomation." IBM, 15 October 2021. Web.
    "Digital Leadership Report 2021." Harvey Nash Group, 2021.
    "Digital Leadership Report 2022: The State of Digital." Nash Squared, 2022. Web.
    Gupta, Sunil. "Driving Digital Strategy: A Guide to Reimagining Your Business." Harvard Business Review Press, 2018. Web.
    Haff, Gordon. "State of Application Modernization Report 2022." Konveyor, 2022. Web.
    "IEEE Standard for Software Maintenance: IEEE Std 1219-1998." IEEE Standard for Software Maintenance, 1998. Accessed Dec. 2015.
    "Intelligent Automation." Cognizant, n.d. Web.
    "Kofax 2022: Intelligent Automation Benchmark Study". Kofax, 2021. Web.
    McCann, Leah. "Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?" rAVe, 2 July 2020, Web.
    "Proactive Staffing and Patient Prioritization to Decompress ED and Reduce Length of Stay." University Hospitals, 2018. Web.
    "Secrets of Successful Modernization." looksoftware, 2013. Web.
    "State of Software Development." Coding Sans, 2021. Web.
    "The State of Low-Code/No-Code." Creatio, 2021. Web.
    "We Have Built a Digital Society and We Can Show You How." e-Estonia. n.d. Web.
    Zanna. "The 5 Types of Experience Series (1): Brand Experience Is Your Compass." Accelerate in Experience, 9 February 2020. Web.
    Zhang, Y. et al. "Effects of Risks on the Performance of Business Process Outsourcing Projects: The Moderating Roles of Knowledge Management Capabilities." International Journal of Project Management, 2018, vol. 36 no. 4, 627-639.

    Research Contributors and Experts

    This is a picture of Chris Harrington

    Chris Harrington
    Chief Technology Officer
    Carolinas Telco Federal Credit Union

    Chris Harrington is Chief Technology Officer (CTO) of Carolinas Telco Federal Credit Union. Harrington is a proven leader with over 20 years of experience developing and leading information technology and cybersecurity strategies and teams in the financial industry space.

    This is a picture of Benjamin Palacio

    Benjamin Palacio
    Senior Information Technology Analyst County of Placer

    Benjamin Palacio has been working in the application development space since 2007 with a strong focus on system integrations. He has seamlessly integrated applications data across multiple states into a single reporting solution for management teams to evaluate, and he has codeveloped applications to manage billions in federal funding. He is also a CSAC-credentialed IT Executive (CA, USA).

    This is a picture of Scott Rutherford

    Scott Rutherford
    Executive Vice President, Technology
    LGM Financial Services Inc.

    Scott heads the Technology division of LGM Financial Services Inc., a leading provider of warranty and financing products to automotive OEMs and dealerships in Canada. His responsibilities include strategy and execution of data and analytics, applications, and technology operations.

    This is a picture of Robert Willatts

    Robert Willatts
    IT Manager, Enterprise Business Solutions and Project Services
    Town of Newmarket

    Robert is passionate about technology, innovation, and Smart City Initiatives. He makes customer satisfaction as the top priority in every one of his responsibilities and accountabilities as an IT manager, such as developing business applications, implementing and maintaining enterprise applications, and implementing technical solutions. Robert encourages communication, collaboration, and engagement as he leads and guides IT in the Town of Newmarket.

    This is a picture of Randeep Grewal

    Randeep Grewal
    Vice President, Enterprise Applications
    Red Hat

    Randeep has over 25 years of experience in enterprise applications, advanced analytics, enterprise data management, and consulting services, having worked at numerous blue-chip companies. In his most recent role, he is the Vice President of Enterprise Applications at Red Hat. Reporting to the CIO, he is responsible for Red Hat's core business applications with a focus on enterprise transformation, application architecture, engineering, and operational excellence. He previously led the evolution of Red Hat into a data-led company by maturing the enterprise data and analytics function to include data lake, streaming data, data governance, and operationalization of analytics for decision support.

    Prior to Red Hat, Randeep was the director of global services strategy at Lenovo, where he led the strategy using market data to grow Lenovo's services business by over $400 million in three years. Prior to Lenovo, Randeep was the director of advanced analytics at Alliance One and helped build an enterprise data and analytics function. His earlier work includes seven years at SAS, helping SAS become a leader in business analytics, and at KPMG consulting, where he managed services engagements at Fortune 100 companies.

    Standardize the Service Desk

    • Buy Link or Shortcode: {j2store}477|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $24,155 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
    • The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

    Our Advice

    Critical Insight

    • Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture.
    • Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology.

    Impact and Result

    • Create a consistent customer service experience for service desk patrons, and increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
    • Decrease time and cost to resolve service desk tickets.
    • Understand and address reporting needs to address root causes and measure success and build a solid foundation for future IT service improvements.

    Standardize the Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Standardize the Service Desk Research – A step-by-step document that helps you improve customer service by driving consistency in your support approach and meet SLAs.

    Use this blueprint to standardize your service desk by assessing your current capability and laying the foundations for your service desk, design an effective incident management workflow, design a request fulfillment process, and apply the discussions and activities to make an actionable plan for improving your service desk.

    • Standardize the Service Desk – Phases 1-4

    2. Service Desk Maturity Assessment – An assessment tool to help guide process improvement efforts and track progress.

    This tool is designed to assess your service desk process maturity, identify gaps, guide improvement efforts, and measure your progress.

    • Service Desk Maturity Assessment

    3. Service Desk Project Summary – A template to help you organize process improvement initiatives using examples.

    Use this template to organize information about the service desk challenges that the organization is facing, make the case to build a right-sized service desk to address those challenges, and outline the recommended process changes.

    • Service Desk Project Summary

    4. Service Desk Roles and Responsibilities Guide – An analysis tool to determine the right roles and build ownership.

    Use the RACI template to determine roles for your service desk initiatives and to build ownership around them. Use the template and replace it with your organization's information.

    • Service Desk Roles and Responsibilities Guide

    5. Incident Management and Service Desk Standard Operating Procedure – A template designed to help service managers kick-start the standardization of service desk processes.

    The template will help you identify service desk roles and responsibilities, build ticket management processes, put in place sustainable knowledgebase practices, document ticket prioritization scheme and SLO, and document ticket workflows.

    • Incident Management and Service Desk SOP

    6. Ticket and Call Quality Assessment Tool – An assessment tool to check in on ticket and call quality quarterly and improve the quality of service desk data.

    Use this tool to help review the quality of tickets handled by agents and discuss each technician's technical capabilities to handle tickets.

    • Ticket and Call Quality Assessment Tool

    7. Workflow Library – A repository of typical workflows.

    The Workflow Library provides examples of typical workflows that make up the bulk of the incident management and request fulfillment processes at the service desk.

    • Incident Management and Service Desk Workflows (Visio)
    • Incident Management and Service Desk Workflows (PDF)

    8. Service Desk Ticket Categorization Schemes – A repository of ticket categories.

    The Ticket Categorization Schemes provide examples of ticket categories to organize the data in the service desk tool and produce reports that help managers manage the service desk and meet business requirements.

    • Service Desk Ticket Categorization Schemes

    9. Knowledge Manager – A job description template that includes a detailed explication of the responsibilities and expectations of a Knowledge Manager role.

    The Knowledge Manager's role is to collect, synthesize, organize, and manage corporate information in support of business units across the enterprise.

    • Knowledge Manager

    10. Knowledgebase Article Template – A comprehensive record of the incident management process.

    An accurate and comprehensive record of the incident management process, including a description of the incident, any workarounds identified, the root cause (if available), and the profile of the incident's source, will improve incident resolution time.

    • Knowledgebase Article Template

    11. Sample Communication Plan – A sample template to guide your communications around the integration and implementation of your overall service desk improvement initiatives.

    Use this template to develop a communication plan that outlines what stakeholders can expect as the process improvements recommended in the Standardize the Service Desk blueprint are implemented.

    • Sample Communication Plan

    12. Service Desk Roadmap – A structured roadmap tool to help build your service desk initiatives timeline.

    The Service Desk Roadmap helps track outstanding implementation activities from your service desk standardization project. Use the roadmap tool to define service desk project tasks, their owners, priorities, and timeline.

    • Service Desk Roadmap
    [infographic]

    Workshop: Standardize the Service Desk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Service Desk Foundations

    The Purpose

    Discover your challenges and understand what roles, metrics, and ticket handling procedures are needed to tackle the challenges.

    Key Benefits Achieved

    Set a clear understanding about the importance of service desk to your organization and service desk best practices.

    Activities

    1.1 Assess current state of the service desk.

    1.2 Review service desk and shift-left strategy.

    1.3 Identify service desk metrics and reports.

    1.4 Identify ticket handling procedures

    Outputs

    Current state assessment

    Shift-left strategy and implications

    Service desk metrics and reports

    Ticket handling procedures

    2 Design Incident Management

    The Purpose

    Build workflows for incident and critical incident tickets.

    Key Benefits Achieved

    Distinguish incidents from service requests.

    Ticket categorization facilitates ticket. routing and reporting.

    Develop an SLA for your service desk team for a consistent service delivery.

    Activities

    2.1 Build incident and critical incident management workflows.

    2.2 Design ticket categorization scheme and proper ticket handling guidelines.

    2.3 Design incident escalation and prioritization guidelines.

    Outputs

    Incident and critical incident management workflows

    Ticket categorization scheme

    Ticket escalation and prioritization guidelines

    3 Design Request Fulfilment

    The Purpose

    Build service request workflows and prepare self-service portal.

    Key Benefits Achieved

    Standardize request fulfilment processes.

    Prepare for better knowledge management and leverage self-service portal to facilitate shift-left strategy.

    Activities

    3.1 Build service request workflows.

    3.2 Build a targeted knowledgebase.

    3.3 Prepare for a self-serve portal project.

    Outputs

    Distinguishing criteria for requests and projects

    Service request workflows and SLAs

    Knowledgebase article template, processes, and workflows

    4 Build Project Implementation Plan

    The Purpose

    Now that you have laid the foundation of your service desk, put all the initiatives into an action plan.

    Key Benefits Achieved

    Discuss priorities, set timeline, and identify effort for your service desk.

    Identify the benefits and impacts of communicating service desk initiatives to stakeholders and define channels to communicate service desk changes.

    Activities

    4.1 Build an implementation roadmap.

    4.2 Build a communication plan

    Outputs

    Project implementation and task list with associated owners

    Project communication plan and workshop summary presentation

    Further reading

    Analyst Perspective

    "Customer service issues are rarely based on personality but are almost always a symptom of poor and inconsistent process. When service desk managers are looking to hire to resolve customer service issues and executives are pushing back, it’s time to look at improving process and the support strategy to make the best use of technicians’ time, tools, and knowledge sharing. Once improvements have been made, it’s easier to make the case to add people or introduce automation.

    Replacing service desk solutions will also highlight issues around poor process. Without fixing the baseline services, the new solution will simply wrap your issues in a prettier package.

    Ultimately, the service desk needs to be the entry point for users to get help and the rest of IT needs to provide the appropriate support to ensure the first line of interaction has the knowledge and tools they need to resolve quickly and preferably on first contact. If your plans include optimization to self-serve or automation, you’ll have a hard time getting there without standardizing first."

    Sandi Conrad

    Principal Research Director, Infrastructure & Operations Practice

    Info-Tech Research Group

    A method for getting your service desk out of firefighter mode

    This Research Is Designed For:

    • The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
    • The service desk manager who wants to lead the team from firefighting mode to providing consistent and proactive support.

    This Research Will Also Assist:

    • Service desk teams who want to increase their own effectiveness and move from a help desk to a service desk.
    • Infrastructure and applications managers who want to decrease reactive support activities and increase strategic project productivity by shifting repetitive and low-value work left.

    This Research Will Help You:

    • Create a consistent customer service experience for service desk patrons.
    • Increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
    • Decrease time and cost to resolve service desk tickets.
    • Understand and address reporting needs to address root causes and measure success.
    • Build a solid foundation for future IT service improvements.

    Executive Summary

    Situation

    • The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
    • If only the phone could stop ringing, the Service Desk could become proactive, address service levels, and improve end-user IT satisfaction.

    Complication

    • Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
    • The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

    Resolution

    • Go beyond the blind adoption of best-practice frameworks. No simple formula exists for improving service desk maturity. Use diagnostic tools to assess the current state of the Service Desk. Identify service support challenges and draw on best-practice frameworks intelligently to build a structured response to those challenges.
    • An effective service desk must be built on the right foundations. Understand how:
      • Service desk structure affects cost and ticket volume capacity.
      • Incident management workflows can improve ticket handling, prioritization, and escalation.
      • Request fulfillment processes create opportunities for streamlining and automating services.
      • Knowledge sharing supports the processes and workflows essential to effective service support.

    Info-Tech Insight

    Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture. Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology

    Directors and executives understand the importance of the service desk and believe IT can do better

    A double bar graph is depicted. The blue bars represent Effectiveness and the green bars represent Importance in terms of service desk at different seniority levels, which include frontline, manager, director, and executive.

    Source: Info-Tech, 2019 Responses (N=189 organizations)

    Service Desk Importance Scores

      No Importance: 1.0-6.9
      Limited Importance: 7.0-7.9
      Significant Importance: 8.0-8.9
      Critical Importance: 9.0-10.0

    Service Desk Effectiveness Scores

      Not in Place: N/A
      Not Effective: 0.0-4.9
      Somewhat Ineffective: 5.0-5.9
      Somewhat Effective: 6.0-6.9
      Very Effective: 7.0-10.0

    Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

    Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

    Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

    Business stakeholders ranked the following 12 core IT services in terms of importance:

    Learn more about the CIO Business Vision Program.
    *Note: IT Security was added to CIO Business Vision 2.0 in 2019

    Top IT Services for Business Stakeholders

    1. Network Infrastructure
    2. IT Security*
    3. Data Quality
    4. Service Desk
    5. Business Applications
    6. Devices
    7. Client-Facing Technology
    8. Analytical Capability
    9. IT Innovation Leadership
    10. Projects
    11. Work Orders
    12. IT Policies
    13. Requirements Gathering
    Source: Info-Tech Research Group, 2019 (N=224 organizations)

    Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

    A double bar graph is depicted. The blue bar represents dissatisfied ender user, and the green bar represents satisfied end user. The bars show the average of dissatisfied and satisfied end users for service desk effectiveness and service desk timeliness.

    On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

    Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.
    “Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

    Standardize the service desk the Info-Tech way to get measurable results

    More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

    Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

    "The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

    - Rod Gula, IT Director

    American Realty Advisors

    Three circles are depicted. The top circle shows the sum of measured value dollar impact which is US$1,659,493.37. The middle circle shows the average measured value dollar impact which is US$19,755.87. The bottom circle shows the average measured value time saved which is 27 days.

    Info-Tech’s approach to service desk standardization focuses on building service management essentials

    This image depicts all of the phases and steps in this blueprint.

    Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

    This image depicts research that can be used to improve IT processes. Service Desk is circled to demonstrate which research is being used.

    The service desk is the foundation of all other service management processes.

    The image shows how the service desk is a foundation for other service management processes.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Standardize the Service Desk – project overview

    This image shows the project overview of this blueprint.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    Project Summary

    Image of template.

    Service Desk Standard Operating Procedures

    Image of tool.

    Service Desk Maturity Assessment Tool

    Image of tool.

    Service Desk Implementation Roadmap

    Image of tool Incident, knowledge, and request management workflows

    Incident, knowledge, and request management workflows

    The project’s key deliverable is a service desk standard operating procedure

    Benefits of documented SOPs:

    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

    Compliance: Compliance audits are more manageable because the documentation is already in place.

    Transparency: Visually documented processes answer the common business question of “why does that take so long?”

    Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

    Impact of undocumented/undefined SOPs:

    Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

    IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

    Documenting SOPs to prepare for an audit becomes a major time-intensive project.

    Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

    Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

    Workshop Overview

    Image depicts workshop overview occurring over four days.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Phase 1

    Lay Service Desk Foundations

    Step 1.1:Assess current state

    Image shows the steps in phase 1. Highlight is on step 1.1

    This step will walk you through the following activities:

    • 1.1.1 Outline service desk challenges
    • 1.1.2 Assess the service desk maturity

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

    Deliverables

    • Service Desk Maturity Assessment

    Standardizing the service desk benefits the whole business

    The image depicts 3 circles to represent the service desk foundations.

    Embrace standardization

    • Standardization prevents wasted energy on reinventing solutions to recurring issues.
    • Standardized processes are scalable so that process maturity increases with the size of your organization.

    Increase business satisfaction

    • Improve confidence that the service desk can meet service levels.
    • Create a single point of contact for incidents and requests and escalate quickly.
    • Analyze trends to forecast and meet shifting business requirements.

    Reduce recurring issues

    • Create tickets for every task and categorize them accurately.
    • Generate reliable data to support root-cause analysis.

    Increase efficiency and lower operating costs

    • Empower end users and technicians with a targeted knowledgebase (KB).
    • Cross-train to improve service consistency.

    Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

    Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

    When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

    • An unreliable network
    • Aging server replacements and no replacement plan
    • IT was the “department of no”
    • A help desk known as the “helpless desk”
    • A lack of wireless connectivity
    • Internet connection speed that was much too slow

    As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

    The project load of IT staff increased, with new projects coming in every day.

    With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

    Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

    He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

    Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

    They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

    Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

    Common challenges experienced by service desk teams

    Unresolved issues

    • Tickets are not created for all incidents.
    • Tickets are lost or escalated to the wrong technicians.
    • Poor data impedes root-cause analysis of incidents.

    Lost resources/accountability

    • Lack of cross-training and knowledge sharing.
    • Lack of skills coverage for critical applications and services.
    • Time is wasted troubleshooting recurring issues.
    • Reports unavailable due to lack of data and poor categorization.

    High cost to resolve

    • Tier 2/3 resolve issues that should be resolved at tier 1.
    • Tier 2/3 often interrupt projects to focus on service support.

    Poor planning

    • Lack of data for effective trend analysis leads to poor demand planning.
    • Lack of data leads to lost opportunities for templating and automation.

    Low business satisfaction

    • Users are unable to get assistance with IT services quickly.
    • Users go to their favorite technician instead of using the service desk.

    Outline the organization’s service desk challenges

    1.1.1 Brainstorm service desk challenges

    Estimated Time: 45 minutes

    A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

    B. Think about the following:

    • What have you heard from users? (e.g. slow response time)
    • What have you heard from executives? (e.g. poor communication)
    • What should you start doing? (e.g. documenting processes)
    • What should you stop doing? (e.g. work that is not being entered as tickets)

    C. Document challenges in the Service Desk Project Summary.

    Participants:

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

    A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

    1. Determine the current state of the service desk.
    2. Determine the desired state of the service desk.
    3. Build a practical path from current to desired state.
    Image depicts 2 circles and a box. The circle on the 1. left has assess current state. The circle on the right has 2. assess target state. The box has 3. build a roadmap.

    Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

    1. Identify service desk pain points.
    2. Map each pain point to business services.
    3. Assign a broad business value to the resolution of each pain point.
    4. Map each pain point to a process.

    Expert Insight

    Image of expert.

    “How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

    Rob England

    IT Consultant & Commentator

    Owner Two Hills

    Also known as The IT Skeptic

    Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

    1.1.2 Measure which activity will have the greatest impact

    The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Project Summary.

    The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

    Where do I find the data?

    Consult:

    • Service Manager
    • Service Desk Tools
    Image is the service desk tools.

    Step 1.2:Review service support best practices

    Image shows the steps in phase 1. Highlight is on step 1.2.

    This step will walk you through the following activities:

    1. 1.2.1 Identify roles and responsibilities in your organization
    2. 1.2.2 Map out the current and target structure of the service desk

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

    Deliverables

    • Roles & responsibilities guide
    • Service desk structure

    Everyone in IT contributes to the success of service support

    Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

    If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

    Service Support Engagement Plan

    • Identify who is accountable for different service support processes.
    • Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
    • Draft operational-level agreements between specialty groups and the service desk to improve accountability.
    • Configure the service desk tool to ensure ticket visibility and ownership across queues.
    • Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
    • Emphasize the benefits of cooperation across IT silos:
      • Better customer service and end-user satisfaction.
      • Shorter time to resolve incidents and implement requests.
      • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

    Info-Tech Insight

    Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

    However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

    Clear project complications by leveraging roles and responsibilities

    R

    Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

    A

    Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

    C

    Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

    I

    Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

    A RACI analysis is helpful with the following:

    • Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
    • Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
    • Onboarding: New employees can identify their own roles and responsibilities.

    A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

    Image shows example of RACI chart

    Create a list of roles and responsibilities in your organization

    1.2.1 Create RACI matrix to define responsibilities

    1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
    2. In the RACI chart, replace the top row with specific roles in your organization.
    3. Modify or expand the process tasks, as needed, in the left column.
    4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
    5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
    6. Distribute the chart between all teams in your organization.

    Notes:

    • Assign one Accountable for each task.
    • Have at least one Responsible for each task.
    • Avoid generic responsibilities, such as “team meetings.”
    • Keep your RACI definitions in your documents, as they are sometimes tough to remember.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Roles and Responsibilities Guide
    • Flip Chart
    • Whiteboard

    Build a single point of contact for the service desk

    Regardless of the service desk structure chosen to meet your service support requirements, end users should be in no doubt about how to access the service.

    Provide end users with:

    • A single phone number.
    • A single email address.
    • A single web portal for all incidents and requests.

    A single point of contact will ensure:

    • An agent is available to field incidents and requests.
    • Incidents and requests are prioritized according to impact and urgency.
    • Work is tracked to completion.

    This prevents ad hoc ticket channels such as shoulder grabs or direct emails, chats, or calls to a technician from interrupting work.

    A single point of contact does not mean the service desk is only accessible through one intake channel, but rather all tickets are directed to the service desk (i.e. tier 1) to be resolved or redirected appropriately.

    Image depicts 2 boxes. The smaller box labelled users and the larger box labelled Service Desk Tier 1. There are four double-sided arrows. The top is labelled email, the second is walk-in, the third is phone, the fourth is web portal.

    Directors and executives understand the importance of the service desk and believe IT can do better

    A double bar graph is depicted. The blue bars represent Effectiveness and the green bars represent Importance in terms of service desk at different seniority levels, which include frontline, manager, director, and executive.

    Source: Info-Tech, 2019 Responses (N=189 organizations)

    Service Desk Importance Scores

      No Importance: 1.0-6.9
      Limited Importance: 7.0-7.9
      Significant Importance: 8.0-8.9
      Critical Importance: 9.0-10.0

    Service Desk Effectiveness Scores

      Not in Place: N/A
      Not Effective: 0.0-4.9
      Somewhat Ineffective: 5.0-5.9
      Somewhat Effective: 6.0-6.9
      Very Effective: 7.0-10.0

    Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

    Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

    Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

    Business stakeholders ranked the following 12 core IT services in terms of importance:

    Learn more about the CIO Business Vision Program.
    *Note: IT Security was added to CIO Business Vision 2.0 in 2019

    Top IT Services for Business Stakeholders

    1. Network Infrastructure
    2. IT Security*
    3. Data Quality
    4. Service Desk
    5. Business Applications
    6. Devices
    7. Client-Facing Technology
    8. Analytical Capability
    9. IT Innovation Leadership
    10. Projects
    11. Work Orders
    12. IT Policies
    13. Requirements Gathering
    Source: Info-Tech Research Group, 2019 (N=224 organizations)

    Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

    A double bar graph is depicted. The blue bar represents dissatisfied ender user, and the green bar represents satisfied end user. The bars show the average of dissatisfied and satisfied end users for service desk effectiveness and service desk timeliness.

    On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

    Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.
    “Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

    Standardize the service desk the Info-Tech way to get measurable results

    More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

    Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

    "The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

    - Rod Gula, IT Director

    American Realty Advisors

    Three circles are depicted. The top circle shows the sum of measured value dollar impact which is US$1,659,493.37. The middle circle shows the average measured value dollar impact which is US$19,755.87. The bottom circle shows the average measured value time saved which is 27 days.

    Info-Tech’s approach to service desk standardization focuses on building service management essentials

    This image depicts all of the phases and steps in this blueprint.

    Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

    This image depicts research that can be used to improve IT processes. Service Desk is circled to demonstrate which research is being used.

    The service desk is the foundation of all other service management processes.

    The image shows how the service desk is a foundation for other service management processes.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Standardize the Service Desk – project overview

    This image shows the project overview of this blueprint.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    Project Summary

    Image of template.

    Service Desk Standard Operating Procedures

    Image of tool.

    Service Desk Maturity Assessment Tool

    Image of tool.

    Service Desk Implementation Roadmap

    Image of tool Incident, knowledge, and request management workflows

    Incident, knowledge, and request management workflows

    The project’s key deliverable is a service desk standard operating procedure

    Benefits of documented SOPs:

    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

    Compliance: Compliance audits are more manageable because the documentation is already in place.

    Transparency: Visually documented processes answer the common business question of “why does that take so long?”

    Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

    Impact of undocumented/undefined SOPs:

    Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

    IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

    Documenting SOPs to prepare for an audit becomes a major time-intensive project.

    Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

    Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

    Workshop Overview

    Image depicts workshop overview occurring over four days.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Phase 1

    Lay Service Desk Foundations

    Step 1.1:Assess current state

    Image shows the steps in phase 1. Highlight is on step 1.1

    This step will walk you through the following activities:

    • 1.1.1 Outline service desk challenges
    • 1.1.2 Assess the service desk maturity

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

    Deliverables

    • Service Desk Maturity Assessment

    Standardizing the service desk benefits the whole business

    The image depicts 3 circles to represent the service desk foundations.

    Embrace standardization

    • Standardization prevents wasted energy on reinventing solutions to recurring issues.
    • Standardized processes are scalable so that process maturity increases with the size of your organization.

    Increase business satisfaction

    • Improve confidence that the service desk can meet service levels.
    • Create a single point of contact for incidents and requests and escalate quickly.
    • Analyze trends to forecast and meet shifting business requirements.

    Reduce recurring issues

    • Create tickets for every task and categorize them accurately.
    • Generate reliable data to support root-cause analysis.

    Increase efficiency and lower operating costs

    • Empower end users and technicians with a targeted knowledgebase (KB).
    • Cross-train to improve service consistency.

    Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

    Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

    When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

    • An unreliable network
    • Aging server replacements and no replacement plan
    • IT was the “department of no”
    • A help desk known as the “helpless desk”
    • A lack of wireless connectivity
    • Internet connection speed that was much too slow

    As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

    The project load of IT staff increased, with new projects coming in every day.

    With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

    Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

    He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

    Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

    They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

    Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

    Common challenges experienced by service desk teams

    Unresolved issues

    • Tickets are not created for all incidents.
    • Tickets are lost or escalated to the wrong technicians.
    • Poor data impedes root-cause analysis of incidents.

    Lost resources/accountability

    • Lack of cross-training and knowledge sharing.
    • Lack of skills coverage for critical applications and services.
    • Time is wasted troubleshooting recurring issues.
    • Reports unavailable due to lack of data and poor categorization.

    High cost to resolve

    • Tier 2/3 resolve issues that should be resolved at tier 1.
    • Tier 2/3 often interrupt projects to focus on service support.

    Poor planning

    • Lack of data for effective trend analysis leads to poor demand planning.
    • Lack of data leads to lost opportunities for templating and automation.

    Low business satisfaction

    • Users are unable to get assistance with IT services quickly.
    • Users go to their favorite technician instead of using the service desk.

    Outline the organization’s service desk challenges

    1.1.1 Brainstorm service desk challenges

    Estimated Time: 45 minutes

    A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

    B. Think about the following:

    • What have you heard from users? (e.g. slow response time)
    • What have you heard from executives? (e.g. poor communication)
    • What should you start doing? (e.g. documenting processes)
    • What should you stop doing? (e.g. work that is not being entered as tickets)

    C. Document challenges in the Service Desk Project Summary.

    Participants:

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

    A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

    1. Determine the current state of the service desk.
    2. Determine the desired state of the service desk.
    3. Build a practical path from current to desired state.
    Image depicts 2 circles and a box. The circle on the 1. left has assess current state. The circle on the right has 2. assess target state. The box has 3. build a roadmap.

    Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

    1. Identify service desk pain points.
    2. Map each pain point to business services.
    3. Assign a broad business value to the resolution of each pain point.
    4. Map each pain point to a process.

    Expert Insight

    Image of expert.

    “How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

    Rob England

    IT Consultant & Commentator

    Owner Two Hills

    Also known as The IT Skeptic

    Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

    1.1.2 Measure which activity will have the greatest impact

    The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Project Summary.

    The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

    Where do I find the data?

    Consult:

    • Service Manager
    • Service Desk Tools
    Image is the service desk tools.

    Step 1.2:Review service support best practices

    Image shows the steps in phase 1. Highlight is on step 1.2.

    This step will walk you through the following activities:

    1. 1.2.1 Identify roles and responsibilities in your organization
    2. 1.2.2 Map out the current and target structure of the service desk

    This step involves the following participants:

    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

    Deliverables

    • Roles & responsibilities guide
    • Service desk structure

    Everyone in IT contributes to the success of service support

    Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

    If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

    Service Support Engagement Plan

    • Identify who is accountable for different service support processes.
    • Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
    • Draft operational-level agreements between specialty groups and the service desk to improve accountability.
    • Configure the service desk tool to ensure ticket visibility and ownership across queues.
    • Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
    • Emphasize the benefits of cooperation across IT silos:
      • Better customer service and end-user satisfaction.
      • Shorter time to resolve incidents and implement requests.
      • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

    Info-Tech Insight

    Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

    However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

    Clear project complications by leveraging roles and responsibilities

    R

    Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

    A

    Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

    C

    Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

    I

    Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

    A RACI analysis is helpful with the following:

    • Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
    • Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
    • Onboarding: New employees can identify their own roles and responsibilities.

    A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

    Image shows example of RACI chart

    Create a list of roles and responsibilities in your organization

    1.2.1 Create RACI matrix to define responsibilities

    1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
    2. In the RACI chart, replace the top row with specific roles in your organization.
    3. Modify or expand the process tasks, as needed, in the left column.
    4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
    5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
    6. Distribute the chart between all teams in your organization.

    Notes:

    • Assign one Accountable for each task.
    • Have at least one Responsible for each task.
    • Avoid generic responsibilities, such as “team meetings.”
    • Keep your RACI definitions in your documents, as they are sometimes tough to remember.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Roles and Responsibilities Guide
    • Flip Chart
    • Whiteboard

    Build a tiered generalist service desk to optimize costs

    A tiered generalist service desk with a first-tier resolution rate greater than 60% has the best operating cost and customer satisfaction of all competing service desk structural models.

    Image depicts a tiered generalist service desk example. It shows a flow from users to tier 1 and to tiers 2 and 3.

    The success of a tiered generalist model depends on standardized, defined processes

    Image lists the processes and benefits of a successful tiered generalist service desk.

    Define the structure of the service desk

    1.2.2 Map out the current and target structure of the service desk

    Estimated Time: 45 minutes

    Instructions:

    1. Using the model from the previous slides as a guide, discuss how closely it matches the current service desk structure.
    2. Map out a similar diagram of your existing service desk structure, intake channels, and escalation paths.
    3. Review the structure and discuss any changes that could be made to improve efficiency. Revise as needed.
    4. Document the outcome in the Service Desk Project Summary.

    Image depicts a tiered generalist service desk example. It shows a flow from users to tier 1 and to tiers 2 and 3.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Use a shift-left strategy to lower service support costs, reduce time to resolve, and improve end-user satisfaction

    Shift-left strategy:

    • Shift service support tasks from specialists to generalists.
    • Implement self-service.
    • Automate incident resolution.
    Image shows the incident and service request resolution in a graph. It includes metrics of cost per ticket, average time to resolve, and end-user satisfaction.

    Work through the implications of adopting a shift-left strategy

    Overview:

    Identify process gaps that you need to fill to support the shift-left strategy and discuss how you could adopt or improve the shift-left strategy, using the discussion questions below as a guide.

    Which process gaps do you need to fill to identify ticket trends?

    • What are your most common incidents and service requests?
    • Which tickets could be resolved at tier 1?
    • Which tickets could be resolved as self-service tickets?
    • Which tickets could be automated?

    Which processes do you most need to improve to support a shift-left strategy?

    • Which incident and request processes are well documented?
    • Do you have recurring tickets that could be automated?
    • What is the state of your knowledgebase maintenance process?
    • Which articles do you most need to support tier 1 resolution?
    • What is the state of your web portal? How could it be improved to support self-service?

    Document in the Project Summary

    Step 1.3: Identify service desk metrics and reports

    Image shows the steps in phase 1. Highlight is on step 1.3.

    This step will walk you through the following activities:

    • 1.3 Create a list of required reports to identify relevant metrics

    This step involves the following participants:

    • Project Sponsor
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Managers and analysts will have service desk metrics and reports that help set expectations and communicate service desk performance.

    Deliverables

    • A list of service desk performance metrics and reports

    Engage business unit leaders with data to appreciate needs

    Service desk reports are an opportunity to communicate the story of IT and collect stakeholder feedback. Interview business unit leaders and look for opportunities to improve IT services.

    Start with the following questions:

    • What are you hearing from your team about working with IT?
    • What are the issues that are contributing to productivity losses?
    • What are the workarounds your team does because something isn’t working?
    • Are you able to access the information you need?

    Work with business unit leaders to develop an action plan.

    Remember to communicate what you do to address stakeholder grievances.

    The service recovery paradox is a situation in which end users think more highly of IT after the organization has corrected a problem with their service compared to how they would regard the company if the service had not been faulty in the first place.

    The point is that addressing issues (and being seen to address issues) will significantly improve end-user satisfaction. Communicate that you’re listening and acting, and you should see satisfaction improve.

    Info-Tech Insight

    Presentation is everything:

    If you are presenting outside of IT, or using operational metrics to create strategic information, be prepared to:

    • Discuss trends.
    • Identify organizational and departmental impacts.
    • Assess IT costs and productivity.

    For example, “Number of incidents with ERP system has decreased by 5% after our last patch release. We are working on the next set of changes and expect the issues to continue to decrease.”

    Engage technicians to ensure they input quality data in the service desk tool

    You need better data to address problems. Communicate to the technical team what you need from them and how their efforts contribute to the usefulness of reports.

    Tickets MUST:

    • Be created for all incidents and service requests.
    • Be categorized correctly, and categories updated when the ticket is resolved.
    • Be closed after the incidents and service requests are resolved or implemented.

    Emphasize that reports are analyzed regularly and used to manage costs, improve services, and request more resources.

    Info-Tech Insight

    Service Desk Manager: Technical staff can help themselves analyze the backlog and improve service metrics if they’re looking at the right information. Ensure their service desk dashboards are helping them identify high-priority and quick-win tickets and anticipate potential SLA breaches.

    Produce service desk reports targeted to improve IT services

    Use metrics and reports to tell the story of IT.

    Metrics should be tied to business requirements and show how well IT is meeting those requirements and where obstacles exist.

    Tailor metrics and reports to specific stakeholders.

    Technicians require mostly real-time information in the form of a dashboard, providing visibility into a prioritized list of tickets for which they are responsible.

    Supervisors need tactical information to manage the team and set client expectations as well as track and meet strategic goals.

    Managers and executives need summary information that supports strategic goals. Start by looking at executive goals for the support team and then working through some of the more tactical data that will help support those goals.

    One metric doesn’t give you the whole picture

    • Don’t put too much emphasis on a single metric. At best, it will give you a distorted picture of your service desk performance. At worst, it will distort the behavior of your agents as they may adopt poor practices to meet the metric.
    • The solution is to use tension metrics: metrics that work together to give you a better sense of the state of operations.
    • Tension metrics ensure a balanced focus toward shared goals.

    Example:

    First-call resolution (FCR), end-user satisfaction, and number of tickets reopened all work together to give you a complete picture. As FCR goes up, so should end-user satisfaction, as number of tickets re-opened stays steady or declines. If the three metrics are heading in different directions, then you know you have a problem.

    Rely on internal metrics to measure and improve performance

    External metrics provide useful context, but they represent broad generalizations across different industries and organizations of different sizes. Internal metrics measured annually are more reliable.

    Internal metrics provide you with information about your actual performance. With the right continual improvement process, you can improve those metrics year over year, which is a better measure of the performance of your service desk.

    Whether a given metric is the right one for your service desk will depend on several different factors, not the least of which include:

    • The maturity of your service desk processes.
    • Your ticket volume.
    • The complexity of your tickets.
    • The degree to which your end users are comfortable with self-service.

    Info-Tech Insight

    Take external metrics with a grain of salt. Most benchmarks represent what service desks do across different industries, not what they should do. There also might be significant differences between different industries in terms of the kinds of tickets they deal with, differences which the overall average obscures.

    Use key service desk metrics to build a business case for service support improvements

    The right metrics can tell the business how hard IT works and how many resources it needs to perform:

    1. End-User Satisfactions:
      • The most important metric for measuring the perceived value of the service desk. Determine this based on a robust annual satisfaction survey of end users and transactional satisfaction surveys sent with a percentage of tickets.
    2. Ticket Volume and Cost per Ticket:
      • A key indicator of service desk efficiency, computed as the monthly operating expense divided by the average ticket volume per month.
    3. First-Contact Resolution Rate:
      • The biggest driver of end-user satisfaction. Depending on the kind of tickets you deal with, you can measure first-contact, first-tier, or first-day resolution.
    4. Average Time to Resolve (Incident) or Fulfill (Service Requests):
      • An assessment of the service desk's ability to resolve tickets effectively, measuring the time elapsed between the moment the ticket status is set to “open” and the moment it is set to “resolved.”

    Info-Tech Insight

    Metrics should be tied to business requirements. They tell the story of how well IT is meeting those requirements and help identify when obstacles get in the way. The latter can be done by pointing to discrepancies between the internal metrics you expected to reach but didn’t and external metrics you trust.

    Use service desk metrics to track progress toward strategic, operational, and tactical goals

    Image depicts a chart to show the various metrics in terms of strategic goals, tactical goals, and operational goals.

    Cost per ticket and customer satisfaction are the foundation metrics of service support

    Ultimately, everything boils down to cost containment (measured by cost per ticket) and quality of service (measured by customer satisfaction).

    Cost per ticket is a measure of the efficiency of service support:

    • A higher than average cost per ticket is not necessarily a bad thing, particularly if accompanied by higher-than-average quality levels.
    • Conversely, a low cost per ticket is not necessarily good, particularly if the low cost is achieved by sacrificing quality of service.

    Cost per ticket is the total monthly operating expense of the service desk divided by the monthly ticket volume. Operating expense includes the following components:

    • Salaries and benefits for desktop support technicians
    • Salaries and benefits for indirect personnel (team leads, supervisors, workforce schedulers, dispatchers, QA/QC personnel, trainers, and managers)
    • Technology expense (e.g. computers, software licensing fees)
    • Telecommunications expenses
    • Facilities expenses (e.g. office space, utilities, insurance)
    • Travel, training, and office supplies
    Image displays a pie chart that shows the various service desk costs.

    Create a list of required reports to identify metrics to track

    1.3.1 Start by identifying the reports you need, then identify the metrics that produce them

    1. Answer the following questions to determine the data your reports require:
      • What strategic initiatives do you need to track?
        • Example: reducing mean time to resolve, meeting SLAs
      • What operational areas need attention?
        • Example: recurring issues that need a permanent resolution
      • What kind of issues do you want to solve?
        • Example: automate tasks such as password reset or software distribution
      • What decisions or processes are held up due to lack of information?
        • Example: need to build a business case to justify infrastructure upgrades
      • How can the data be used to improve services to the business?
        • Example: recurring issues by department
    2. Document report and metrics requirements in Service Desk SOP.
    3. Provide the list to your tool administrator to create reports with auto-distribution.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Step 1.4: Review ticket handling procedures

    Image shows the steps in phase 1. Highlight is on step 1.4.

    This step will walk you through the following activities:

    • 1.4.1 Review ticket handling practices
    • 1.4.2 Identify opportunities to automate ticket creation and reduce recurring tickets

    This step involves the following participants:

    • Project Sponsor
    • IT Managers and Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Managers and analysts will have best practices for ticket handling and troubleshooting to support ITSM data quality and improve first-tier resolution.

    DELIVERABLES

    • List of ticket templates and recurring tickets
    • Ticket and Call QA Template and ticket handling best practices

    Start by reviewing the incident intake process to find opportunities for improvement

    If end users are avoiding your service desk, you may have an intake problem. Create alternative ways for users to seek help to manage the volume; keep in mind not every request is an emergency.

    Image shows the various intake channels and the recommendation.

    Identify opportunities for improvement in your ticket channels

    The two most efficient intake channels should be encouraged for the majority of tickets.

    • Build a self-service portal.
      • Do users know where to find the portal?
      • How many tickets are created through the portal?
      • Is the interface easy to use?
    • Deal efficiently with email.
      • How quickly are messages picked up?
      • Are they manually transferred to a ticket or does the service desk tool automatically create a ticket?

    The two most traditional and fastest methods to get help must deal with emergencies and escalation effectively.

    • Phone should be the fastest way to get help for emergencies.
      • Are enough agents answering calls?
      • Are voicemails picked up on time?
      • Are the automated call routing prompts clear and concise?
    • Are walk-ins permitted and formalized?
      • Do you always have someone at the desk?
      • Is your equipment secure?
      • Are walk-ins common because no one picks up the phone or is the traffic as you’d expect?

    Ensure technicians create tickets for all incidents and requests

    Why Collect Ticket Data?

    If many tickets are missing, help service support staff understand the need to collect the data. Reports will be inaccurate and meaningless if quality data isn’t entered into the ticketing system.

    Image shows example of ticket data

    Set ticket handling expectations to drive a consistent process

    Set expectations:

    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Ticket templates for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledgebase article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client; automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.

    Use the Ticket and Call Quality Assessment Tool to improve the quality of service desk data

    Build a process to check-in on ticket and call quality monthly

    Better data leads to better decisions. Use the Ticket and Call Quality Assessment Toolto check-in on the ticket and call quality monthly for each technician and improve service desk data quality.

    1. Fill tab 1 with technician’s name.
    2. Use either tab 2 (auto-scoring) or tab 3 (manual scoring) to score the agent. The assessment includes ticket evaluation, call evaluation, and overall metric.
    3. Record the results of each review in the score summary of tab 1.
    Image shows tool.

    Use ticket templates to make ticket creation, updating, and resolution more efficient

    A screenshot of the Ticket and Call Quality Assessment Tool

    Implement measures to improve ticket handling and identify ticket template candidates

    1.4.1 Identify opportunities to automate ticket creation

    1. Poll the team and discuss.
      • How many members of the team are not creating tickets? Why?
      • How can we address those barriers?
      • What are the expectations of management?
    2. Brainstorm five to ten good candidates for ticket templates.
      • What data can auto-fill?
      • What will help process the ticket faster?
      • What automations can we build to ensure a fast, consistent service?
      • Note:
        • Ticket template name
        • Information that will auto-fill from AD and other applications
        • Categories and resolution codes
        • Automated routing and email responses
    3. Document ticket template candidates in the Service Desk Roadmap to capture the actions.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You'll Needs

    • Flip Chart
    • Whiteboard

    Phase 2

    Design Incident Management Processes

    Step 2.1: Build incident management workflows

    Image shows the steps in phase 2. Highlight is on step 2.1.

    This step will walk you through the following activities:

    • 2.1.1 Review incident management challenges
    • 2.1.2 Define the incident management workflow
    • 2.1.3 Define the critical incident management workflow
    • 2.1.4 Design critical incident communication plan

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Workflows for incident management and critical incident management will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

    DELIVERABLES

    • Incident management workflows
    • Critical incident management workflows
    • Critical incident communication plan

    Communicate the great incident resolution work that you do to improve end-user satisfaction

    End users think more highly of IT after the organization has corrected a problem with their service than they would have had the service not been faulty in the first place.

    Image displays a graph to show the service recovery paradox

    Info-Tech Insight

    Use the service recovery paradox to your advantage. Address service desk challenges explicitly, develop incident management processes that get services back online quickly, and communicate the changes.

    If you show that the service desk recovered well from the challenges end users raised, you will get greater loyalty from them.

    Assign incident roles and responsibilities to promote accountability

    The role of an incident coordinator or manager can be assigned to anyone inside the service desk that has a strong knowledge of incident resolution, attention to detail, and knows how to herd cats.

    In organizations with high ticket volumes, a separate role may be necessary.

    Everyone must recognize that incident management is a cross-IT organization process and it does not have to be a unique service desk process.

    An incident coordinator is responsible for:

    • Improving incident management processes.
    • Tracking metrics and producing reports.
    • Developing and maintaining the incident management system.
    • Developing and maintaining critical incident processes.
    • Ensuring the service support team follows the incident management process.
    • Gathering post-mortem information from the various technical resources on root cause for critical or severity 1 incidents.

    The Director of IT Services invested in incident management to improve responsiveness and set end-user expectations

    Practitioner Insight

    Ben Rodrigues developed a progressive plan to create a responsive, service-oriented culture for the service support organization.

    "When I joined the organization, there wasn’t a service desk. People just phoned, emailed, maybe left [sticky] notes for who they thought in IT would resolve it. There wasn’t a lot of investment in developing clear processes. It was ‘Let’s call somebody in IT.’

    I set up the service desk to clarify what we would do for end users and to establish some SLAs.

    I didn’t commit to service levels right away. I needed to see how many resources and what skill sets I would need. I started by drafting some SLA targets and plugging them into our tracking application. I then monitored how we did on certain things and established if we needed other skill sets. Then I communicated those SOPs to the business, so that ‘if you have an issue, this is where you go, and this is how you do it,’ and then shared those KPIs with them.

    I had monthly meetings with different function heads to say, ‘this is what I see your guys calling me about,’ and we worked on something together to make some of the pain disappear."

    -Ben Rodrigues

    Director, IT Services

    Gamma Dynacare

    Sketch out incident management challenges to focus improvements

    Common Incident Management Challenges

    End Users

    • No faith in the service desk beyond speaking with their favorite technician.
    • No expectations for response or resolution time.
    • Non-IT staff are disrupted as people ask their colleagues for IT advice.

    Technicians

    • No one manages and escalates incidents.
    • Incidents are unnecessarily urgent and more likely to have a greater impact.
    • Agents are flooded with requests to do routine tasks during desk visits.
    • Specialist support staff are subject to constant interruptions.
    • Tickets are lost, incomplete, or escalated incorrectly.
    • Incidents are resolved from scratch rather than referring to existing solutions.

    Managers

    • Tickets are incomplete or lack historical information to address complaints.
    • Tickets in system don’t match the perceived workload.
    • Unable to gather data for budgeting or business analysis.

    Info-Tech Insight

    Consistent incident management processes will improve end-user satisfaction with all other IT services.

    However, be prepared to overcome these common obstacles as you put the process in place, including:

    • Absence of management or staff commitment.
    • Lack of clarity on organizational needs.
    • Outdated work practices.
    • Poorly defined service desk goals and responsibilities.
    • Lack of a reliable knowledgebase.
    • Inadequate training.
    • Resistance to change.

    Prepare to implement or improve incident management

    2.1.1 Review incident management challenges and metrics

    1. Review your incident management challenges and the benefits of addressing them.
    2. Review the level of service you are providing with the current resources. Define clear goals and deliverables for the improvement initiative.
    3. Decide how the incident management process will interface with the service desk. Who will take on the responsibility for resolving incidents? Specifically, who will:
      • Log incidents.
      • Perform initial incident troubleshooting.
      • Own and monitor tickets.
      • Communicate with end users.
      • Update records with the resolution.
      • Close incidents.
      • Implement next steps (e.g. initiate problem management).
    4. Document recommendations and the incident management process requirements in the Service Desk SOP.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Distinguish between different kinds of tickets for better SLAs

    Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.

    If you fail to distinguish between ticket types, your metrics will obscure service desk performance.

    Common Service Desk Tickets

    • Incidents
      • An unanticipated interruption of a service.
        • The goal of incident management is to restore the service as soon as possible, even if the resolution involves a workaround.
    • Problems
      • The root cause of several incidents.
        • The goal of problem management is to detect the root cause and provide long-term resolution and prevention.
    • Requests
      • A generic description for small changes or service access
        • Requests are small, frequent, and low risk. They are best handled by a process distinct from incident, change, and project management.
    • Changes
      • Modification or removal of anything that could influence IT services.
        • The scope includes significant changes to architectures, processes, tools, metrics, and documentation.

    Info-Tech Insight

    Organizations sometimes mistakenly classify small projects as service requests, which can compromise your data, resulting in a negative impact to the perceived value of the service desk.

    Separate incidents and service requests for increased customer service and better-defined SLAs

    Defining the differences between service requests and incidents is not just for reporting purposes. It also has a major impact on how service is delivered.

    Incidents are unexpected disruptions to normal business processes and require attempts to restore services as soon as possible (e.g. the printer is not working).

    Service requests are tasks that don’t involve something that is broken or has an immediate impact on services. They do not require immediate resolution and can typically be scheduled (e.g. new software).

    Image shows a chart on incidents and service requests.

    Focus on the big picture first to capture and streamline how your organization resolves incidents

    Image displays a flow chart to show how to organize resolving incidents.

    Document your incident management workflow to identify opportunities for improvement

    Image shows a flow cart on how to organize incident management.

    Workflow should include:

    • Ticket creation and closure
    • Triage
    • Troubleshooting
    • Escalations
    • Communications
    • Change management
    • Documentation
    • Vendor escalations

    Notes:

    • Notification and alerts should be used to set or reset expectations on delivery or resolution
    • Identify all the steps where a customer is informed and ensure we are not over or under communicating

    Collaborate to define each step of the incident management workflow

    2.1.2 Define the incident management workflow

    Estimated Time: 60 minutes

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Engage the team in refining the process workflow.
    4. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the Service Desk SOP.

    Participants

    • Service Manager
    • Service Desk Support
    • Applications or Infrastructure Support

    What You’ll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP
    • Project Summary

    Formalize the process for critical incident management to reduce organizational impact

    Discuss these elements to see how the organization will handle them.

    • Communication plan:
      • Who communicates with end users?
      • Who communicates with the executive team?
    • It’s important to separate the role of the technician trying to solve a problem with the need to communicate progress.
    • Change management:
    • Define a separate process for regular and emergency change management to ensure changes are timely and appropriate.
    • Business continuity plan:
    • Identify criteria to decide when a business continuity plan (BCP) must be implemented during a critical incident to minimize the business impact of the incident.
    • Post-mortems:
    • Formalize the process of discussing and documenting lessons learned, understanding outstanding issues, and addressing the root cause of incidents.
    • Source of incident notification:
    • Does the process change if users notify the service desk of an issue or if the systems management tools alert technicians?

    Critical incidents are high-impact, high-urgency events that put the effectiveness and timeliness of the service desk center stage.

    Build a workflow that focuses on quickly bringing together the right people to resolve the incident and reduces the chances of recurrence.

    Document your critical incident management workflow to identify opportunities for improvement

    Image shows a flow cart on how to organize critical incident management.

    Workflow should include:

    • Ticket creation and closure
    • Triage
    • Troubleshooting
    • Escalations
    • Communications plan
    • Change management
    • Disaster recovery or business continuity plan
    • Documentation
    • Vendor escalations
    • Post-mortem

    Collaborate to define each step of the critical incident management workflow

    2.1.3 Define the critical incident management workflow

    Estimated Time: 60 minutes

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Engage the team in refining the process workflow.
    4. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the Service Desk SOP.

    Participants

    • Service Manager
    • Service Desk Support
    • Applications or Infrastructure Support

    What You’ll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP

    Establish a critical incident management communication plan

    When it comes to communicating during major incidents, it’s important to get the information just right. Users don’t want too little, they don’t want too much, they just want what’s relevant to them, and they want that information at the right time.

    As an IT professional, you may not have a background in communications, but it becomes an important part of your job. Broad guidelines for good communication during a critical incident are:

    1. Communicate as broadly as the impact of your incident requires.
    2. Communicate as much detail as a specific audience requires, but no more than necessary.
    3. Communicate as far ahead of impact as possible.

    Why does communication matter?

    Sending the wrong message, at the wrong time, to the wrong stakeholders, can result in:

    • Drop in customer satisfaction.
    • Wasted time and resources from multiple customers contacting you with the same issue.
    • Dissatisfied executives kept in the dark.
    • Increased resolution time if the relevant providers and IT staff are not informed soon enough to help.

    Info-Tech Insight

    End users understand that sometimes things break. What’s important to them is that (1) you don’t repeatedly have the same problem, (2) you keep them informed, and (3) you give them enough notice when their systems will be impacted and when service will be returned.

    Automate communication to save time and deliver consistent messaging to the right stakeholders

    In the middle of resolving a critical incident, the last thing you have time for is worrying about crafting a good message. Create a series of templates to save time by providing automated, tailored messages for each stage of the process that can be quickly altered and sent out to the right stakeholders.

    Once templates are in place, when the incident occurs, it’s simply a matter of:

    1. Choosing the relevant template.
    2. Updating recipients and messaging if necessary.
    3. Adding specific, relevant data and fields.
    4. Sending the message.

    When to communicate?

    Tell users the information they need to know when they need to know it. If a user is directly impacted, tell them that. If the incident does not directly affect the user, the communication may lead to decreased customer satisfaction or failure to pay attention to future relevant messaging.

    What to say?

    • Keep messaging short and to the point.
    • Only say what you know for sure.
    • Provide only the details the audience needs to know to take any necessary action or steps on their side and no more. There’s no need to provide details on the reason for the failure before it’s resolved, though this can be done after resolution and restoration of service.

    You’ll need distinct messages for distinct audiences. For example:

    • To incident resolvers: “Servers X through Y in ABC Location are failing intermittently. Please test the servers and all the connections to determine the exact cause so we can take corrective action ASAP.”
    • To the IT department head: “Servers X through Y in ABC Location are failing intermittently. We are beginning tests. We will let you know when we have determined the exact cause and can give you an estimated completion time.”
    • To executives: “We’re having an issue with some servers at ABC Location. We are testing to determine the cause and will let you know the estimated completion time as soon as possible.”
    • To end users: “We are experience some service issues. We are working on a resolution diligently and will restore service as soon as possible.”

    Map out who will need to be contacted in the event of a critical incident

    2.1.4 Design the critical incident communication plan

    • Identify critical incidents that require communication.
    • Identify stakeholders who will need to be informed about each incident.
    • For each audience, determine:
      1. Frequency of communication
      2. Content of communication
    Use the sample template to the right as an example.

    Some questions to assist you:

    • Whose work will be interrupted, either by their services going down or by their workers having to drop everything to solve the incident?
    • What would happen if we didn’t notify this person?
    • What level of detail do they need?
    • How often would they want to be updated?
    Document outcomes in the Service Desk SOP. Image shows template of unplanned service outage.

    Measure and improve customer satisfaction with the use of relationship and transactional surveys

    Customer experience programs with a combination of relationship and transactional surveys tend to be more effective. Merging the two will give a wholistic picture of the customer experience.

    Relationship Surveys

    Relationship surveys focus on obtaining feedback on the overall customer experience.

    • Inform how well you are doing or where you need improvement in the broad services provided.
    • Provide a high-level perspective on the relationship between the business and IT.
    • Help with strategic improvement decisions.
    • Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done as frequently as per quarter or on a yearly basis.
    • E.g. An annual satisfaction survey such as Info-Tech’s End User Satisfaction Diagnostic.

    Transactional Surveys

    Transactional surveys are tied to a specific interaction or transaction your end users have with a specific product or service.

    • Help with tactical improvement decisions.
    • Questions should point to a specific interaction.
    • Usually only a few questions that are quick and easy to complete following the transaction.
    • Since transactional surveys allow you to improve individual relationships, they should be sent shortly after the interaction with the service desk has occurred.
    • E.g. How satisfied are you with the way your ticket was resolved?

    Add transactional end-user surveys at ticket close to escalate unsatisfactory results

    A simple quantitative survey at the closing of a ticket can inform the service desk manager of any issues that were not resolved to the end user’s satisfaction. Take advantage of workflows to escalate poor results immediately for quick follow-up.

    Image shows example of survey question with rating.

    If a more complex survey is required, you may wish to include some of these questions:

    Please rate your overall satisfaction with the way your issue was handled (1=unsatisfactory, 5=fantastic)

    • The professionalism of the analyst.
    • The technical skills or knowledge of the analyst.
    • The timeliness of the service provided.
    • The overall service experience.

    Add an open-ended, qualitative question to put the number in context, and solicit critical feedback:

    What could the service desk have done to improve your experience?

    Define a process to respond to both negative and positive feedback

    Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference. If customers are taking the time to fill out the survey, good or bad, they should be followed up with

    Take these steps to handle survey feedback:

    1. Assign resources to receive, read, and track responses. The entire team doesn’t need to receive every response, while a single resource may not have capacity to respond in a timely manner. Decide what makes the most sense in your environment.
    2. Respond to negative feedback: It may not be possible to respond to every customer that fills out a survey. Set guidelines for responding to negative surveys with no details on the issue; don’t spend time guessing why they were upset, simply ask the user why they were unsatisfied. The critical piece of taking advantage of the service recovery paradox is in the follow-up to the customer.
    3. Investigate and improve: Make sure you investigate the issue to ensure that it is a justified complaint or whether the issue is a symptom of another issue’s root cause. Identify remediation steps to ensure the issue does not repeat itself, and then communicate to the customer the action you have taken to improve.
    4. Act on positive feedback as well: If it’s easy for customers to provide feedback, then make room in your process for handling the positive results. Appreciate the time and effort your customers take to give kudos and use it as a tool to build a long-term relationship with that user. Saying thank you goes a long way and when customers know their time matters, they will be encouraged to fill out those surveys. This is also a good way to show what a great job the service desk team did with the interaction.

    Analyze survey feedback month over month to complement and justify metric results already in place

    When you combine the tracking and analysis of relationship and transactional survey data you will be able to dive into specific issues, identify trends and patterns, assess impact to users, and build a plan to make improvements.

    Once the survey data is centralized, categorized, and available you can start to focus on metrics. At a minimum, for transactional surveys, consider tracking:

    • Breakdown of satisfaction scores with trends over time
    • Unsatisfactory surveys that are related to incidents and service requests
    • Total surveys that have been actioned vs pending

    For relationship surveys, consider tracking:

    • Satisfaction scores by department and seniority level
    • Satisfaction with IT services, applications, and communication
    • Satisfaction with IT’s business enablement

    Scores of overall satisfaction with IT

    Image Source: Info-Tech End User Satisfaction Report

    Prioritize company-wide improvement initiatives by those that have the biggest impact to the entire customer base first and then communicate the plan to the organization using a variety of communication channels that will draw your customers in, e.g. dashboards, newsletters, email alerts.

    Info-Tech Insight

    Consider automating or using your ITSM notification system as a direct communication method to inform the service desk manager of negative survey results.

    Step 2.2: Design ticket categorization

    Image shows the steps in phase 2. Highlight is on step 2.2

    This step will walk you through the following activities:

    • 2.2.1 Assess ticket categorization
    • 2.2.2 Enhance ticket categories with resolution and status codes

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The reviewed ticket categorization scheme will be easier to use and deploy more consistently, which will improve the categorization of data and the reliability of reports.

    DELIVERABLES

    • Optimized ticket categorization

    Design a ticket classification scheme to produce useful reports

    Reliable reports depend on an effective categorization scheme.

    Too many options cause confusion; too few options provide little value. As you build the classification scheme over the next few slides, let call routing and reporting requirements be your guide.

    Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Image shows example of a ticket classification scheme.

    Keep these guidelines in mind:

    • A good categorization scheme is exhaustive and mutually exclusive: there’s a place for every ticket and every ticket fits in only one place.
    • As you build your classification scheme, ensure the categories describe the actual asset or service involved based on final resolution, not how it was reported initially.
    • Pre-populate ticket templates with relevant categories to dramatically improve reporting and routing accuracy.
    • Use a tiered system to make the categories easier to navigate. Three tiers with 6-8 categories per tier provides up to 512 sub-categories, which should be enough for the most ambitious team.
    • Track only what you will use for reporting purposes. If you don’t need a report on individual kinds of laptops, don’t create a category beyond “laptops.”
    • Avoid “miscellaneous” categories. A large portion of your tickets will eventually end up there.

    Info-Tech Insight

    Don’t do it alone! Collaborate with managers in the specialized IT groups responsible for root-cause analysis to develop a categorization scheme that makes sense for them.

    The first approach to categorization breaks down the IT portfolio into asset types

    WHY SHOULD I START WITH ASSETS?

    Start with asset types if asset management and configuration management processes figure prominently in your practice or on your service management implementation roadmap.

    Image displays example of asset types and how to categorize them.

    Building the Categories

    Ask these questions:

    • Type: What kind of asset am I working on?
    • Category: What general asset group am I working on?
    • Subcategory: What particular asset am I working on?

    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    The second approach to categorization breaks down the IT portfolio into types of services

    WHY SHOULD I START WITH SERVICES?

    Start with asset services if service management generally figures prominently in your practice, especially service catalog management.

    Image displays example of service types and how to categorize them.

    Building the Categories

    Ask these questions:

    • Type: What kind of service am I working on?
    • Category: What general service group am I working on?
    • Subcategory: What particular service am I working on?

    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

    Info-Tech Insight

    Remember, ticket categories are not your only source of reports. Enhance the classification scheme with resolution and status codes for more granular reporting.

    Improve the categorization scheme to enhance routing and reporting

    2.2.1 Assess whether the service desk can improve its ticket categorization

    1. As a group, review existing categories, looking for duplicates and designations that won’t affect ticket routing. Reconcile duplicates and remove non-essential categories.
    2. As a group, re-do the categories, ensuring that the new categorization scheme will meet the reporting requirements outlined earlier.
      • Are categories exhaustive and mutually exclusive?
      • Is the tier simple and easy to use (i.e. 3 tiers x 8 categories)?
    3. Test against recent tickets to ensure you have the right categories.
    4. Record the ticket categorization scheme in the Service Desk Ticket Categorization Schemes template.

    A screenshot of the Service Desk Ticket Categorization Schemes template.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Flip Chart
    • Whiteboard
    • Service Desk Ticket Categorization Scheme

    Enhance the classification scheme with resolution and status codes for more granular reporting

    Resolution codes differ from detailed resolution notes.

    • A resolution code is a field within the ticketing system that should be updated at ticket close to categorize the primary way the ticket was resolved.
    • This is important for reporting purposes as it adds another level to the categorization scheme and can help you identify knowledgebase article candidates, training needs, or problems.

    Ticket statuses are a helpful field for both IT and end users to identify the current status of the ticket and to initiate workflows.

    • The most common statuses are open, pending/in progress, resolved, and closed (note the difference between resolved and closed).
    • Waiting on user or waiting on vendor are also helpful statuses to stop the clock when awaiting further information or input.

    Common Examples:

    Resolution Codes

    • How to/training
    • Configuration change
    • Upgrade
    • Installation
    • Data import/export/change
    • Information/research
    • Reboot

    Status Fields

    • Declined
    • Open
    • Closed
    • Waiting on user
    • Waiting on vendor
    • Reopened by user

    Identify and document resolution and status codes

    2.2.2 Enhance ticket categories with resolution codes

    Discuss:

    • How can we use resolution information to enhance reporting?
    • Are current status fields telling the right story?
    • Are there other requirements like project linking?

    Draft:

    1. Write out proposed resolution codes and status fields and critically assess their value.
    2. Resolutions can be further broken down by incident and service request if desired.
    3. Test resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Service Desk SOP.

    Participants

    • CIO
    • Service Desk Manager
    • Service Desk Technician(s)

    What You’ll Need

    • Whiteboard or Flip Chart
    • Markers

    Step 2.3: Design incident escalation and prioritization

    Image shows the steps in phase 2. Highlight is on step 2.3.

    This step will walk you through the following activities:

    • 2.3.1 Build a small number of rules to facilitate prioritization
    • 2.3.2 Define escalation rules
    • 2.3.3 Define automated escalations
    • 2.3.4 Provide guidance to each tier around escalation steps and times

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The reviewed ticket escalation and prioritization will streamline queue management, improve the quality of escalations, and ensure agents work on the right tickets at the right time.

    DELIVERABLES

    • Optimized ticket prioritization scheme
    • Guidelines for ticket escalations
    • List of automatic escalations

    Build a ticket prioritization matrix to make escalation assessment less subjective

    Most IT leaders agree that prioritization is one of the most difficult aspects of IT in general. Set priorities based on business needs first.

    Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).

    The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).

    Some questions to consider when deciding on problem severity include:

    • How is productivity affected?
    • How many users are affected?
    • How many systems are affected?
    • How critical are the affected systems to the organization?

    Decide how many severity levels the organization needs the service desk to have. Four levels of severity are ideal for most organizations.

    Image shows example ticket prioritization matrix

    Collect the ticket prioritization scheme in one diagram to ensure service support aligns to business requirements

    Image shows example ticket prioritization matrix

    Prioritize incidents based on severity and urgency to foreground critical issues

    2.3.1 Build a clearly defined priority scheme

    Estimated Time: 60 minutes

    1. Decide how many levels of severity are appropriate for your organization.
    2. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    3. Build out the definitions of impact and urgency to complete the prioritization matrix.
    4. Run through examples of each priority level to make sure everyone is on the same page.

    Image shows example ticket prioritization matrix

    Document in the SOP

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens
    • Service Desk SOP

    Example of outcome from 2.3.1

    Define response and resolution targets for each priority level to establish service-level objectives for service support

    Image shows example of response and resolution targets.

    Build clear rules to help agents determine when to escalate

    2.3.2 Assign response, resolution, and escalation times to each priority level

    Estimated Time: 60 minutes

    Instructions:

    For each incident priority level, define the associated:

    1. Response time – time from when incident record is created to the time the service desk acknowledges to the customer that their ticket has been received and assigned.
    2. Resolution time – time from when the incident record is created to the time that the customer has been advised that their problem has been resolved.
    3. Escalation time – maximum amount of time that a ticket should be worked on without progress before being escalated to someone else.

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens

    Image shows example of response and resolution targets

    Use the table on the previous slide as a guide.

    Discuss the possible root causes for escalation issues

    WHY IS ESCALATION IMPORTANT?

    Escalation is not about admitting defeat, but about using your resources properly.

    Defining procedures for escalation reduces the amount of time the service desk spends troubleshooting before allocating the incident to a higher service tier. This reduces the mean time to resolve and increases end-user satisfaction.

    You can correlate escalation paths to ticket categories devised in step 2.2.

    Image shows example on potential root causes for escalation issues.

    Build decision rights to help agents determine when to escalate

    2.3.3 Provide guidance to each tier around escalation steps and times

    Estimated Time: 60 minutes

    Instructions

    1. For each support tier, define escalation rules for troubleshooting (steps that each tier should take before escalation).
    2. For each support tier, define maximum escalation times (maximum amount of time to work on a ticket without progress before escalating).
    Example of outcome from step 2.3.3 to determine when to escalate issues.

    Create a list of application specialists to get the escalation right the first time

    2.3.4 Define automated escalations

    Estimated Time: 60 minutes

    1. Identify applications that will require specialists for troubleshooting or access rights.
    2. Identify primary and secondary specialists for each application.
    3. Identify vendors that will receive escalations either immediately or after troubleshooting.
    4. Set up application groups in the service desk tool.
    5. Set up workflows in the service desk tool where appropriate.
    6. Document the automated escalations in the categorization scheme developed in step 2.2 and in the Service Desk Roles and Responsibilities Guide.

    A screenshot of the Service Desk Roles and Responsibilities Guide

    Participants

    • Service Managers
    • Service Desk Support
    • Applications or Infrastructure Support

    What You'll Need

    • Flip Chart Paper
    • Sticky Notes
    • Pens

    Phase 3

    Design Request Fulfilment Processes

    Step 3.1: Build request workflows

    Image shows the steps in phase 3. Highlight is on step 3.1.

    This step will walk you through the following activities:

    • 3.1.1 Distinguish between requests and small projects
    • 3.1.2 Define service requests with SLAs
    • 3.1.3 Build and critique request workflows

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    Workflows for service requests will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

    DELIVERABLES

    • Workflows for the most common service requests
    • An estimated service level for each service request
    • Request vs. project criteria

    Standardize service requests for more efficient delivery

    Definitions:

    • An incident is an unexpected disruption to normal business processes and requires attempts to restore service as soon as possible (e.g. printer not working).
    • A service request is a request where nothing is broken or impacting a service and typically can be scheduled rather than requiring immediate resolution (e.g. new software application).
    • Service requests are repeatable, predictable, and easier to commit to SLAs.
    • By committing to SLAs, expectations can be set for users and business units for service fulfillment.
    • Workflows for service requests should be documented and reviewed to ensure consistency of fulfillment.
    • Documentation should be created for service request procedures that are complex.
    • Efficiencies can be created through automation such as with software deployment.
    • All service requests can be communicated through a self-service portal or service catalog.

    PREPARE A FUTURE SERVICE CATALOG

    Standardize requests to develop a consistent offering and prepare for a future service catalog.

    Document service requests to identify time to fulfill and approvals.

    Identify which service requests can be auto-approved and which will require a workflow to gain approval.

    Document workflows and analyze them to identify ways to improve SLAs. If any approvals are interrupting technical processes, rearrange them so that approvals happen before the technical team is involved.

    Determine support levels for each service offering and ensure your team can sustain them.

    Where it makes sense, automate delivery of services such as software deployment.

    Distinguish between service requests and small projects to ensure agents and end users follow the right process

    The distinction between service requests and small projects has two use cases, which are two sides of the same resourcing issue.

    • Service desk managers need to understand the difference to ensure the right approval process is followed. Typically, projects have more stringent intake requirements than requests do.
    • PMOs need to understand the difference to ensure the right people are doing the work and that small, frequent changes are standardized, automated, and taken out of the project list.

    What’s the difference between a service request and a small project?

    • The key differences involve resource scope, frequency, and risk.
    • Requests are likely to require fewer resources than projects, be fulfilled more often, and involve less risk.
    • Requests are typically done by tier 1 and 2 employees throughout the IT organization.
    • A request can turn into a small project if the scope of the request grows beyond the bounds of a normal request.

    Example: A mid-sized organization goes on a hiring blitz and needs to onboard 150 new employees in one quarter. Submitting and scheduling 150 requests for onboarding new employees would require much more time and resources.

    Projects are different from service requests and have different criteria

    A project, by terminology, is a temporary endeavor planned around producing a specific organizational or business outcome.

    Common Characteristics of Projects:

    • Time sensitive, temporary, one-off.
    • Uncertainty around how to create the unique thing, product, or service that is the project’s goal.
    • Non-repetitive work and sizeable enough to introduce heightened risk and complexity.
    • Strategic focus, business case-informed capital funding, and execution activities driven by a charter.
    • Introduces change to the organization.
    • Multiple stakeholders involved and cross-functional resourcing.

    Info-Tech Insight

    Projects require greater risk, effort, and resources than a service request and should be redirected to the PMO.

    Standard service requests vs. non-standard service requests: criteria to make them distinct

    • If there is no differentiation between standard and non-standard requests, those tickets can easily move into the backlog, growing it very quickly.
    • Create a process to easily identify non-standard requests when they enter the ticket queue to ensure customers are made aware of any delay of service, especially if it is a product or service currently not offered. This will give time for any approvals or technical solutioning that may need to occur.
    • Take recurring non-standard requests and make them standard. This is a good way to determine if there are any gaps in services offered and another vehicle to understand what your customers want.

    Standard Requests

    • Very common requests, delivered on an on-going basis
    • Defined process
    • Measured in hours or days
    • Uses service catalog, if it exists
    • Formalized and should already be documented
    • The time to deal with the request is defined

    Non-Standard Requests

    • Higher level complexity than standard requests
    • Cannot be fulfilled via service catalog
    • No defined process
    • Not supplied by questions that Service Request Definition (SRD) offers
    • Product or service is not currently offered, and it may need time for technical review, additional approvals, and procurement processes

    The right questions can help you distinguish between standard requests, non-standard requests, and projects

    Where do we draw the line between a standard and non-standard request and a project?

    The service desk can’t and shouldn’t distinguish between requests and projects on its own. Instead, engage stakeholders to determine where to draw the line.

    Whatever criteria you choose, define them carefully.

    Be pragmatic: there is no single best set of criteria and no single best definition for each criterion. The best criteria and definitions will be the ones that work in your organizational context.

    Common distinguishing factors and thresholds:

    Image shows table of the common distinguishing factors and thresholds.

    Distinguish between standard and non-standard service requests and projects

    3.1.1 Distinguish between service requests and projects

    1. Divide the group into two small teams.
    2. Each team will brainstorm examples of service requests and small projects.
    3. Identify factors and thresholds that distinguish between the two groups of items.
    4. Bring the two groups together and discuss the two sets of criteria.
    5. Consolidate one set of criteria that will help make the distinction between projects and service requests.
    6. Capture the table in the Service Desk SOP.

    Image shows blank template of the common distinguishing factors and thresholds.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Distinguishing factors and thresholds

    Don’t standardize request fulfilment processes alone

    Everyone in IT contributes to the fulfilment of requests, but do they know it?

    New service desk managers sometimes try to standardize request fulfilment processes on their own only to encounter either apathy or significant resistance to change.

    Moving to a tiered generalist service desk with a service-oriented culture, a high first-tier generalist resolution rate, and collaborative T2 and T3 specialists can be a big change. It is critical to get the request workflows right.

    Don’t go it alone. Engage a core team of process champions from all service support. With executive support, the right process building exercises can help you overcome resistance to change.

    Consider running the process building activities in this project phase in a working session or a workshop setting.

    Info-Tech Insight

    If they build it, they will come. Service desk improvement is an exercise in organizational change that crosses IT disciplines. Organizations that fail to engage IT specialists from other silos often encounter resistance to change that jeopardizes the process improvements they are trying to make. Overcome resistance by highlighting how process changes will benefit different groups in IT and solicit the feedback of specialists who can affect or be affected by the changes.

    Define standard service requests with SLAs and workflows

    WHY DO I NEED WORKFLOWS?

    Move approvals out of technical IT processes to make them more efficient. Evaluate all service requests to see where auto-approvals make sense. Where approvals are required, use tools and workflows to manage the process.

    Example:

    Image is an example of SLAs and workflows.

    Approvals can be the main roadblock to fulfilling service requests

    Image is example of workflow approvals.

    Review the general standard service request and inquiry fulfillment processes

    As standard service requests should follow standard, repeatable, and predictable steps to fulfill, they can be documented with workflows.

    Image is a flow chart of service and inquiry request processes.

    Review the general standard service request and inquiry fulfillment processes

    Ensure there is a standard and predictable methodology for assessing non-standard requests; inevitably those requests may still cause delay in fulfillment.

    Create a process to ensure reasonable expectations of delivery can be set with the end user and then identify what technology requests should become part of the existing standard offerings.

    Image is a flowchart of non-standard request processes

    Document service requests to ensure consistent delivery and communicate requirements to users

    3.1.2 Define service requests with SLAs

    1. On a flip chart, list standard service requests.
    2. Identify time required to fulfill, including time to schedule resources.
    3. Identify approvals required; determine if approvals can be automated through defining roles.
    4. Discuss opportunities to reduce SLAs or automate, but recognize that this may not happen right away.
    5. Discuss plans to communicate SLAs to the business units, recognizing that some users may take a bit of time to adapt to the new SLAs.
    6. Work toward improving SLAs as new opportunities for process change occur.
    7. Document SLAs in the Service Desk SOP and update as SLAs change.
    8. Build templates in the service desk tool that encapsulate workflows and routing, SLAs, categorization, and resolution.

    Participants

    • Service Desk Managers
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Info-Tech Insight

    These should all be scheduled services. Anything that is requested as a rush needs to be marked as a higher urgency or priority to track end users who need training on the process.

    Analyze service request workflows to improve service delivery

    3.1.3 Build and critique request workflows

    1. Divide the group into small teams.
    2. Each team will choose one service request from the list created in the previous module and then draw the workflow. Include decision points and approvals.
    3. Discuss availability and technical support:
      • Can the service be fulfilled during regular business hours or 24x7?
      • Is technical support and application access available during regular business hours or 24x7?
    4. Reconvene and present workflows to the group.
    5. Document workflows in Visio and add to the Service Desk SOP. Where appropriate, enter workflows in the service desk tool.

    Critique workflows for efficiencies and effectiveness:

    • Do the workflows support the SLAs identified in the previous exercise?
    • Are the workflows efficient?
    • Is the IT staff consistently following the same workflow?
    • Are approvals appropriate? Is there too much bureaucracy or can some approvals be removed? Can they be preapproved?
    • Are approvals interrupting technical processes? If so, can they be moved?

    Participants

    • Service Desk Managers
    • Service Desk Agents

    What You'll Need

    • Service Desk SOP
    • Project Summary
    • Flip Chart
    • Whiteboard

    Step 3.2: Build a targeted knowledgebase

    Image shows the steps in phase 3. Highlight is on step 3.2.

    This step will walk you through the following activities:

    • 3.2.1 Design knowledge management processes
    • 3.2.2 Create actionable knowledgebase articles

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The section will introduce service catalogs and get the organization to envision what self-service tools it might include.

    DELIVERABLES

    • Knowledgebase policy and process

    A knowledgebase is an essential tool in the service management toolbox

    Knowledge Management

    Gathering, analyzing, storing & sharing knowledge to reduce the need to rediscover known solutions.

    Knowledgebase

    Organized repository of IT best practices and knowledge gained from practical experiences.

    • End-User KB
    • Give end users a chance to resolve simple issues themselves without submitting a ticket.

    • Internal KB
    • Shared resource for service desk staff and managers to share and use knowledge.

    Use the knowledgebase to document:

    • Steps for pre-escalation troubleshooting.
    • Known errors.
    • Workarounds or solutions to recurring issues.
    • Solutions that require research or complex troubleshooting.
    • Incidents that have many root causes. Start with the most frequent solution and work toward less likely issues.

    Draw on organizational goals to define the knowledge transfer target state

    Image is Info-Tech’s Knowledge Transfer Maturity Model
    *Source: McLean & Company, 2013; N=120

    It’s better to start small than to have nothing at all

    Service desk teams are often overwhelmed by the idea of building and maintaining a comprehensive integrated knowledgebase that covers an extensive amount of information.

    Don’t let this idea stop you from building a knowledgebase! It takes time to build a comprehensive knowledgebase and you must start somewhere.

    Start with existing documentation or knowledge that depends on the expertise of only a few people and is easy to document and you will already see the benefits.

    Then continue to build and improve from there. Eventually, knowledge management will be a part of the culture.

    Engage the team to build a knowledgebase targeted on your most important incidents and requests

    WHERE DO I START?

    Inventory and consolidate existing documentation, then evaluate it for audience relevancy, accuracy, and usability. Use the exercise and the next slides to develop a knowledgebase template.

    Produce a plan to improve the knowledgebase.

    • Identify the current top five or ten incidents from the service desk reports and create related knowledgebase articles.
    • Evaluate for end-user self-service or technician resolution.
    • Note any resolutions that require access rights to servers.
    • Assign documentation creation tasks for the knowledgebase to individual team members each week.
    • Apply only one incident per article.
    • Set goals for each technician to submit one or two meaningful articles per month.
    • Assign a knowledge manager to monitor creation and edit and maintain the database.
    • Set policy to drive currency of the knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

    Use a phased approach to build a knowledgebase

    Image is an example of a phased approach to build a knowledge base

    Use a quarterly, phased approach to continue to build and maintain your knowledgebase

    Continual Knowledgebase Maintenance:

    • Once a knowledgebase is in place, future articles should be written using established templates.
    • Articles should be regularly reviewed and monitored for usage. Outdated information will be retired and archived.
    • Ticket trend analysis should be done on an ongoing basis to identify new articles.
    • A proactive approach will anticipate upcoming issues based on planned upgrades and maintenance or other changes, and document resolution steps in knowledgebase articles ahead of time.

    Every Quarter:

    1. Conduct a ticket trend analysis. Identify the most important and common tickets.
    2. Review the knowledgebase to identify relevant articles that need to be revised or written.
    3. Use data from knowledge management tool to track expiring content and lesser used articles.
    4. Assign the task of writing articles to all IT staff members.
    5. Build and revise ticket templates for incident and service requests.

    Assign a knowledge manager role to ensure accountability for knowledgebase maintenance

    Assign a knowledge manager to monitor creation and edit and maintain database.

    Knowledge Manager/Owner Role:

    • Has overall responsibility for the knowledgebase.
    • Ensures content is consistent and maintains standards.
    • Regularly monitors and updates the list of issues that should be added to the knowledgebase.
    • Regularly reviews existing knowledgebase articles to ensure KB is up to date and flags content to retire or review.
    • Assigns content creation tasks.
    • Optimizes knowledgebase structure and organization.
    • See Info-Tech’s knowledge manager role description if you need a hand defining this position.

    The knowledge manager role will likely be a role assigned to an existing resource rather than a dedicated position.

    Develop a template to ensure knowledgebase articles are easy to read and write

    A screenshot of the Knowledgebase Article Template

    QUICK TIPS

    • Use non-technical language whenever possible to help less-technical readers.
    • Identify error messages and use screenshots where it makes sense.
    • Take advantage of social features like voting buttons to increase use.
    • Use Info-Tech’s Knowledge Base Article Template to get you started.

    Analyze the necessary features for your knowledgebase and compare them against existing tools

    Service desk knowledgebases range in complexity from simple FAQs to fully integrated software suites.

    Options include:

    • Article search with negative and positive filters.
    • Tagging, with the option to have keywords generate top matches.
    • Role-based permissions (to prevent unauthorized deletions).
    • Ability to turn a ticket resolution into a knowledgebase article (typically only available if knowledgebase tool is part of the service desk tool).
    • Natural language search.
    • Partitioning so relevant articles only appear for specific audiences.
    • Editorial workflow management.
    • Ability to set alerts for scheduled article review.
    • Article reporting (most viewed, was it useful?).
    • Rich text fields for attaching screenshots.

    Determine which features your organization needs and check to see if your tools have them.

    For more information on knowledgebase improvement, refer to Info-Tech’s Optimize the Service Desk With a Shift-Left Strategy.

    Document your knowledge management maintenance workflow to identify opportunities for improvement

    Workflow should include:

    • How you will identify top articles that need to be written
    • How you will ensure articles remain relevant
    • How you will assign new articles to be written, inclusive of peer review
    Image of flowchart of knowledgebase maintenance process.

    Design knowledgebase management processes

    3.2.1 Design knowledgebase management processes

    1. Assign a knowledge manager to monitor creation and edit and maintain the database. See Info-Tech’s knowledge manager role description if you need a hand defining this position.
    2. Discuss how you can use the service desk tool to integrate the knowledgebase with incident management, request fulfilment, and self-service processes.
    3. Discuss the suitability of a quarterly process to build and edit articles for a target knowledgebase that covers your most important incidents and requests.
    4. Set knowledgebase creation targets for tier 1, 2, and 3 analysts.
    5. Identify relevant performance metrics.
    6. Brainstorm elements that might be used as an incentive program to encourage the creation of knowledgebase articles and knowledge sharing more generally.
    7. Set policy to drive currency of knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Create actionable knowledgebase articles

    3.2.2 Run a knowledgebase working group

    Write and critique knowledgebase articles.

    1. On a whiteboard, build a list of potential knowledgebase articles divided by audience: Technician or End User.
    2. Each team member chooses one topic and spends 20 minutes writing.
    3. Each team member either reads the article and has the team critique or passes to the technician to the right for peer review. If there are many participants, break into smaller groups.
    4. Set a goal with the team for how, when, and how often knowledgebase articles will be created.
    5. Capture knowledgebase processes in the Service Desk SOP.

    Audience: Technician

    • Password update
    • VPN printing
    • Active directory – policy, procedures, naming conventions
    • Cell phones
    • VPN client and creation set-up

    Audience: End users

    • Set up email account
    • Password creation policy
    • Voicemail – access, change greeting, activities
    • Best practices for virus, malware, phishing attempts
    • Windows 10 tips and tricks

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Service Desk SOP
    • Flip Chart
    • Whiteboard

    Step 3.3: Prepare for a self-service portal project

    Image shows the steps in phase 3. Highlight is on step 3.3.

    This step will walk you through the following activities:

    • 3.3.1 Develop self-service tools for the end user
    • 3.3.2 Make a plan for creating or improving the self-service portal

    This step involves the following participants:

    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The section prepares you to tackle a self-service portal project once the service desk standardization is complete.

    DELIVERABLES

    • High-level activities to create a self-service portal

    Design the self-service portal with the users’ computer skills in mind

    A study by the OECD offers a useful reminder of one of usability’s most hard-earned lessons: you are not the user.

    • There is an important difference between IT professionals and the average user that’s even more damaging to your ability to predict what will be a good self-service tool: skills in using computers, the internet, and technology in general.
    • An international research study explored the computer skills of 215,942 people aged 16-65 in 33 countries.
    • The results show that across 33 rich countries, only 5% of the population has strong computer-related abilities and only 33% of people can complete medium-complexity computer tasks.
    • End users are skilled, they just don’t have the same level of comfort with computers as the average IT professional. Design your self-service tools with that fact in mind.
    Image is of a graph showing the ability of computer skills from age 16-65 among various countries.

    Take an incremental and iterative approach to developing your self-service portal

    Use a web portal to offer self-serve functionality or provide FAQ information to your customers to start.

    • Don’t build from scratch. Ideally, use the functionality included with your ITSM tool.
    • If your ITSM tool doesn’t have an adequate self-service portal functionality, then harness other tools that IT already uses. Common examples include Microsoft SharePoint and Google Forms.
    • Make it as easy as possible to access the portal:
      • Deploy an app to managed devices or put the app in your app store.
      • Create a shortcut on people’s start menus or home screens.
      • Print the URL on swag such as mousepads.
    • Follow Info-Tech’s approach to developing your user facing service catalog.

    Some companies use vending machines as a form of self serve. Users can enter their purchase code and “buy” a thin client, mouse, keyboard, software, USB keys, tablet, headphones, or loaners.

    Info-Tech Insight

    Building the basics first will provide your users with immediate value. Incrementally add new features to your portal.

    Optimize the portal: self-service should be faster and more convenient than the alternative

    Design the portal by demand, not supply

    Don’t build a portal framed around current offerings and capabilities just for the sake of it. Build the portal based on what your users want and need if you want them to use it.

    Make user experience a top priority

    The portal should be designed for users to self-serve, and thus self-service must be seamless, clear, and attractive to users.

    Speak your users’ language

    Keep in mind that users may not have high technical literacy or be familiar with terminology that you find commonplace. Use terms that are easy to understand.

    Appeal to both clickers and searchers

    Ensure that users can find what they’re looking for both by browsing the site and by using search functionality.

    Use one central portal for all departments

    If multiple departments (i.e. HR, Finance) use or will use a portal, set up a shared portal so that users won’t have to guess where to go to ask for help.

    You won’t know unless you test

    You will know how to navigate the portal better than anyone, but that doesn’t mean it’s intuitive for a new user. Test the portal with users to collect and incorporate feedback.

    Self-service portal examples (1/2)

    Image is of an example of the self-service portal

    Image source: Cherwell Service Management

    Self-service examples (2/2)

    Image is of an example of the self-service portal

    Image source: Team Dynamix

    Keep the end-user facing knowledgebase relevant with workflows, multi-device access, and social features

    Workflows:

    • Easily manage peer reviews and editorial and relevance review.
    • Enable links and importing between tickets and knowledgebase articles.
    • Enable articles to appear based on ticket content.

    Multi-device access:

    • Encourage users to access self-service.
    • Enable technicians to solve problems from anywhere.

    Social features:

    • Display most popular articles first to solve trending issues.
    • Enable voting to improve usability of articles.
    • Allow collaboration on self-service.

    For more information on building self-service portal, refer to Info-Tech’s Optimize the Service Desk with a Shift-Left Strategy

    Draft a high-level project plan for a self-service portal project

    3.3.1 Draft a high-level project plan for a self-service portal project

    1. Identify stakeholders who can contribute to the project.
      • Who will help with FAQ creation?
      • Who can design the self-service portal?
      • Who needs to sign off on the project?
    2. Identify the high-level tasks that need to be done.
      • How many FAQs need to be created?
      • How will we design the service catalog’s web portal?
      • What might a phased approach look like?
      • How can we break down the project into design, build, and implementation tasks?
      • What is the rough timeline for these tasks?
    3. Capture the high-level activities in the Service Desk Roadmap.

    Participants

    • Service Desk Manager
    • Service Desk Agents

    What You’ll Need

    • Flip Chart
    • Whiteboard
    • Implementation Roadmap

    Once you have a service portal, you can review the business requirements for a service catalog

    A service catalog is a communications device that lists the IT services offered by an organization. The service catalog is designed to enable the creation of a self-service portal for the end user. The portal augments the service desk so analysts can spend time managing incidents and providing technical support.

    The big value comes from workflows:

    • Improved economics and a means to measure the costs to serve over time.
    • Incentive for adoption because things work better.
    • Abstracts delivery from offer to serve so you can outsource, insource, crowdsource, slow, speed, reassign, and cover absences without involving the end user.

    There are three types of catalogs:

    • Static:Informational only, so can be a basic website.
    • Routing and workflow: Attached to service desk tool.
    • Workflow and e-commerce: Integrated with service desk tool and ERP system.
    Image is an example of service catalog

    Image courtesy of University of Victoria

    Understand the time and effort involved in building a service catalog

    A service catalog will streamline IT service delivery, but putting one together requires a significant investment. Service desk standardization comes first.

    • Workflows and back-end services must be in place before setting up a service catalog.
    • Think of the catalog as just the delivery mechanism for service you currently provide. If they aren’t running well and delivery is not consistent, you don’t want to advertise SLAs and options.
    • Service catalogs require maintenance.
    • It’s not a one-time investment – service catalogs must be kept up to date to be useful.
    • Service catalog building requires input from VIPs.
    • Architects and wordsmiths are not the only ones that spend effort on the service catalog. Leadership from IT and the business also provide input on policy and content.

    Sample Service Catalog Efforts

    • A college with 17 IT staff spent one week on a simple service catalog.
    • A law firm with 110 IT staff spent two months on a service catalog project.
    • A municipal government with 300 IT people spent over seven months and has yet to complete the project.
    • A financial organization with 2,000 IT people has spent seven months on service catalog automation alone! The whole project has taken multiple years.

    “I would say a client with 2,000 users and an IT department with a couple of hundred, then you're looking at six months before you have the catalog there.”

    – Service Catalog Implementation Specialist,

    Health Services

    Draft a high-level project plan for a self-service portal project

    3.2.2 Make a plan for creating or improving the self-service portal

    Identify stakeholders who can contribute to the project.

    • Who will help with FAQs creation?
    • Who can design the self-service portal?
    • Who needs to sign off on the project?

    Evaluate tool options.

    • Will you stick with your existing tool or invest in a new tool?

    Identify the high-level tasks that need to be done.

    • How will we design the web portal?
    • What might a phased approach look like?
    • What is the rough timeline for these tasks?
    • How many FAQs need to be created?
    • Will we have a service catalog, and what type?

    Document the plan and tasks in the Service Desk Roadmap.

    Examples of publicly posted service catalogs:

    University of Victoria is an example of a catalog that started simple and now includes multiple divisions, notifications, systems status, communications, e-commerce, incident registration, and more.

    Indiana University is a student, faculty, and staff service catalog and self-service portal that goes beyond IT services.

    If you are ready to start building a service catalog, use Info-Tech’s Design and Build a User-Facing Service Catalog blueprint to get started.

    Phase 4

    Plan the Implementation of the Service Desk

    Step 4.1: Build communication plan

    Image shows the steps in phase 4. Highlight is on step 4.1.

    This step will walk you through the following activities:

    • 4.1.1 Create the communication plan

    This step involves the following participants:

    • CIO
    • IT Director
    • IT Managers
    • Service Desk Manager(s)
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The communication plan and project summary will help project managers outline recommendations and communicate their benefits.

    DELIVERABLES

    • Communication plan
    • Project summary

    Effectively communicate the game plan to IT to ensure the success of service desk improvements

    Communication is crucial to the integration and overall implementation of your service desk improvement.

    An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintainthe presence of the program throughout the business.
    • Instill ownership throughout the business, from top-level management to new hires.

    Build a communication plan to:

    1. Communicate benefits to IT:
      • Share the standard operating procedures for training and feedback.
      • Train staff on policies as they relate to end users and ensure awareness of all policy changes.
      • As changes are implemented, continue to solicit feedback on what is and is not working and communicate adjustments as appropriate.
    2. Train technicians:
      • Make sure everyone is comfortable communicating changes to customers.
    3. Measure success:
      • Review SLAs and reports. Are you consistently meeting SLAs?
      • Is it safe to communicate with end users?

    Create your communication plan to anticipate challenges, remove obstacles, and secure buy-in

    Why:

    • What problems are you trying to solve?

    What:

    • What processes will it affect (that will affect me)?

    Who:

    • Who will be affected?
    • Who do I go to if I have issues with the new process?
    3 gears are depicted. The top gear is labelled managers with an arrow going clockwise. The middle gear is labelled technical staff with an arrow going counterclockwise. The bottom gear is labelled end users with an arrow going clockwise

    When:

    • When will this be happening?
    • When will it affect me?

    How:

    • How will these changes manifest themselves?

    Goal:

    • What is the final goal?
    • How will it benefit me?

    Create a communication plan to outline the project benefits

    Improved business satisfaction:

    • Improve confidence that the service desk can solve issues within the service-level agreement.
    • Channel incidents and requests through the service desk.
    • Escalate incidents quickly and accurately.

    Fewer recurring issues:

    • Tickets are created for every incident and categorized correctly.
    • Reports can be used for root-cause analysis.

    Increased efficiency or lower cost to serve:

    • Use FAQs to enable end users to self-solve.
    • Use knowledgebase to troubleshoot once, solve many times.
    • Cross-train to improve service consistency.

    Enhanced demand planning:

    • Trend analysis and reporting improve IT’s ability to forecast and address the demands of the business.

    Organize the information to manage the deployment of key messages

    Example of how to organize and manage key messages

    Create the communication plan

    4.1.1 Create the communication plan

    Estimated Time: 45 minutes

    Develop a stakeholder analysis.

    1. Identify everyone affected by the project.
    2. Assess their level of interest, value, and influence.
    3. Develop a communication strategy tailored to their level of engagement.

    Craft key messages tailored to each stakeholder group.

    Finalize the communication plan.

    1. Examine your roadmap and determine the most appropriate timing for communications.
    2. Assess when communications must happen with executives, business unit leaders, end users, and technicians.
    3. Identify any additional communication challenges that have come up.
    4. Identify who will send out the communications.
    5. Identify multiple methods for getting the messages out (newsletters, emails, posters, company meetings).
    6. For inspiration, you can refer to the Sample Communication Plan for the project.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    Step 4.2: Build implementation roadmap

    Image shows the steps in phase 4. Highlight is on step 4.2.

    This step will walk you through the following activities:

    • 4.2.1 Build implementation roadmap

    This step involves the following participants:

    • CIO
    • IT Director
    • IT Managers
    • Service Desk Manager
    • Representation from tier 2 and tier 3 specialists

    Outcomes

    The implementation plan will help track and categorize the next steps and finalize the project.

    DELIVERABLES

    • Implementation roadmap

    Collaborate to create an implementation plan

    4.2.1 Create the implementation plan

    Estimated Time: 45 minutes

    Determine the sequence of improvement initiatives that have been identified throughout the project.

    The purpose of this exercise is to define a timeline and commit to initiatives to reach your goals.

    Instructions:

    1. Review the initiatives that will be taken to improve the service desk and revise tasks, as necessary.
    2. Input each of the tasks in the data entry tab and provide a description and rationale behind the task.
    3. Assign an effort, priority, and cost level to each task (high, medium, low).
    4. Assign ownership to each task.
    5. Identify the timeline for each task based on the priority, effort, and cost (short, medium, and long term).
    6. Highlight risk for each task if it will be deferred.
    7. Track the progress of each task with the status column.

    Participants

    • CIO
    • IT Managers
    • Service Desk Manager
    • Service Desk Agents

    A screenshot of the Roadmap tool.

    Document using the Roadmap tool.

    Related Info-Tech Research

    Standardize the Service Desk

    ImplementHardware and Software Asset Management

    Optimize Change Management Incident and Problem Management Build a Continual Improvement Plan for the Service Desk

    The Standardize blueprint reviews service desk structures and metrics and builds essential processes and workflows for incident management, service request fulfillment, and knowledge management practices.

    Once the service desk is operational, there are three paths to basic ITSM maturity:

    • Having the incident management processes and workflows built allows you to:
      • Introduce Change Management to reduce change-related incidents.
      • Introduce Problem Management to reduce incident recurrence.
      • Introduce Asset Management to augment service management processes with reliable data.

    Solicit targeted department feedback on core IT service capabilities, IT communications, and business enablement. Use the results to assess the satisfaction of end users, with each service broken down by department and seniority level.

    Works cited

    “Help Desk Staffing Models: Simple Analysis Can Save You Money.” Giva, Inc., 2 Sept. 2009. Web.

    Marrone et al. “IT Service Management: A Cross-national Study of ITIL Adoption.” Communications of the Association for Information Systems: Vol. 34, Article 49. 2014. PDF.

    Rumburg, Jeff. “Metric of the Month: First Level Resolution Rate.” MetricNet, 2011. Web.

    “Service Recovery Paradox.” Wikipedia, n.d. Web.

    Tang, Xiaojun, and Yuki Todo. “A Study of Service Desk Setup in Implementing IT Service Management in Enterprises.” Technology and Investment: Vol. 4, pp. 190-196. 2013. PDF.

    “The Survey of Adult Skills (PIAAC).” Organisation for Economic Co-operation and Development (OECD), 2016. Web.

    Contributors

    • Jason Aqui, IT Director, Bellevue College
    • Kevin Sigil, IT Director, Southwest Care Centre
    • Lucas Gutierrez, Service Desk Manager, City of Santa Fe
    • Rama Dhuwaraha, CIO, University of North Texas System
    • Annelie Rugg, CIO, UCLA Humanities
    • Owen McKeith, Manager IT Infrastructure, Canpotex
    • Rod Gula, IT Director, American Realty Association
    • Rosalba Trujillo, Service Desk Manager, Northgate Markets
    • Jason Metcalfe, IT Manager, Mesalabs
    • Bradley Rodgers, IT Manager, SecureTek
    • Daun Costa, IT Manager, Pita Pit
    • Kari Petty, Service Desk Manager, Mansfield Oil
    • Denis Borka, Service Desk Manager, PennTex Midstream
    • Lateef Ashekun, IT Manager, City of Atlanta
    • Ted Zeisner, IT Manager, University of Ottawa Institut de Cardiologie

    CIO Priorities 2022

    • Buy Link or Shortcode: {j2store}328|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $31,499 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Understand how to respond to trends affecting your organization.
    • Determine your priorities based on current state and relevant internal factors.
    • Assign the right amount of resources to accomplish your vision.
    • Consider what new challenges outside of your control will demand a response.

    Our Advice

    Critical Insight

    A priority is created when external factors hold strong synergy with internal goals and an organization responds by committing resources to either avert risk or seize opportunity. These are the priorities identified in the report:

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Impact and Result

    Update your strategic roadmap to include priorities that are critical and relevant for your organization based on a balance of external and internal factors.

    CIO Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2022 – A report on the key priorities for competing in the digital economy.

    Discover Info-Tech’s five priorities for CIOs in 2022.

    • CIO Priorities Report for 2022

    2. Listen to the podcast series

    Hear directly from our contributing experts as they discuss their case studies with Brian Jackson.

    • Frictionless hybrid working: How the Harvard Business School did it
    • Close call with ransomware: A CIO recounts a near security nightmare
    • How a financial services company dodged "The Great Resignation"
    • How Allianz took a blockchain platform from pilot to 1 million transactions
    • CVS Health chairman David Dorman on healthcare's hybrid future

    Infographic

    Further reading

    CIO Priorities 2022

    A jumble of business-related words. Info-Tech’s 2022 Tech Trends survey asked CIOs for their top three priorities. Cluster analysis of their open-ended responses shows four key themes:
    1. Business process improvements
    2. Digital transformation or modernization
    3. Security
    4. Supporting revenue growth or recovery

    Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

    2022 Tech Trends Survey CIO Demographic N=123

    Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

    2022 IT Talent Trends Survey CIO Demographic N=44

    Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

    Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

    Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

    CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

    Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

    Build IT alignment

    IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

    Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

    Assess your IT processes

    The CIO priorities are informed by Info-Tech’s trends research reports and surveys

    Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

    Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

    A sequence of processes beginning with 'Sensing', 'Hypothesis', 'Validation', and ending with 'Trends, 'Priorities'. Under Sensing is Technology Research, Interviews & Insights, Gathering, and PESTLE. Under Hypothesis is Near-Future Probabilities, Identify Patterns, Identify Uncertainties, and Identify Human Benefits. Under Validation is Test Hypothesis, Case Studies, and Data-Driven Insights. Under Trends is Technology, Talent, and Industry. Under Priorities is CIO, Applications, Infrastructure, and Security.

    Visit Info-Tech’s Trends & Priorities Research Center

    Image called 'Defining the CIO Priorities for 2022'. Image shows 4 columns, Implications, Resource Investment, Amplifiers, and Actions and Outcomes, with 2 dotted lines, labeled External Context and Internal Context, running through all 4 columns and leading to bottom-right label called CIO Priorities Formed

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Reduce friction in the hybrid operating model

    Priority 01 | APO07 Human Resources Management

    Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

    Hybrid work is here to stay

    CIOs must deal with new pain points related to friction of collaboration

    In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

    Most popular technologies already invested in to facilitate better collaboration

    • 24% Web Conferencing
    • 23% Instant Messaging
    • 20% Document Collaboration

    In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

    • Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
    • Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
    • Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

    Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

    In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

    Elizabeth Clark

    CIO, Harvard Business School

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Listen to the Tech Insights podcast:
    Frictionless hybrid working: How the Harvard Business School did it

    Internal interpretation: Harvard Business School

    • March 2020
      The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.
    • May 2020
      A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.
    • October 2020
      Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.
    • September 2021
      Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.
    • November 2021
      HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

    Photo of a renovated classroom with Zoom participants integrated with the in-person students.
    The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

    Implications: Organization, Process, Technology

    External

    • Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
    • Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
    • Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

    Internal

    • Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
    • Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
    • Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

    Resources Applied

    Appetite for Technology

    CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

    Intent to Invest

    Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

    “We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

    Harvard Business School

    • IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
    • The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
    • Employees were hired to the media services team at a time when other areas of the organization were frozen.

    Outcomes at Harvard Business School

    The new normal at Harvard Business School

    New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

    Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

    Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

    Photo of a custom Zoom room bringing together multiple view of the classroom as well as all remote students.
    A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

    From Priorities to Action

    Make hybrid collaboration a joy

    Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

    Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

    “We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

    Take the next step

    Run Better Meetings
    Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

    Prepare People Leaders for the Hybrid Work Environment
    Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

    Hoteling and Hot-Desking: A Primer
    What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

    “Human Resources Management” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the Human Resources Management gap between importance and effectiveness. The difference is marked as Delta 2.3.

    Improve your ransomware readiness

    Priority 02 | APO13 Security Strategy

    Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

    The ransomware crisis threatens every organization

    Prevention alone won’t be enough against the forces behind ransomware.

    Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

    Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

    CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

    Most popular ways for organizations to prepare for the event of a successful ransomware attack:

    • 25% Created offline backups
    • 18% Purchased cyberinsurance
    • 19% New tech to eradicate ransomware

    Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

    CIOs can plan to mitigate ransomware attacks in several constructive ways:

    • Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
    • Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
    • Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

    50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

    John Doe

    CIO, mid-sized manufacturing firm in the US

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Blank photo.

    Listen to the Tech Insights podcast:
    Close call with ransomware: a CIO recounts a near security nightmare

    Internal interpretation: US-based, mid-sized manufacturing firm

    • May 1, 2021
      A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.
    • May 2, 2021
      The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.
    • May 4, 2021
      The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.
    • May 10, 2021
      The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.
    • November 2021
      The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

    “Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

    Implications: Organization, Process, Technology

    External

    • Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
    • Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
    • Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

    Internal

    • Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
    • Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
    • Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

    Resources Applied

    Consider the Alternative

    Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

    Ask for ID

    Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

    “You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

    “The Firm” (Mid-Sized Manufacturer)

    • During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
    • New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
    • One more full-time employee on the security team.
    • Doubled investment in security in 2021 and will spend more in 2022.

    Outcomes at “The Firm” (Mid-Sized Manufacturer)

    The new cost of doing business

    Real-time security: While The Firm is still investing in prevention-based security, it is also developing its real-time detection and response capabilities. When ransomware makes it through the cracks, it wants to know as soon as possible and stop it.

    Leadership commitment: The C-suite is taking the experience as a wake-up call that more investment is required in today’s threat landscape. The Firm rates security more highly as an overall organizational goal, not just something for IT to worry about.

    Stock photo of someone using their phone while sitting at a computer, implying multi-factor authentication.
    The Firm now uses multi-factor authentication as part of its employee sign-on process. For employees, authenticating is commonly achieved by using a mobile app that receives a secret code from the issuer.

    From Priorities to Action

    Cybersecurity is everyone’s responsibility

    In Info-Tech’s CEO-CIO Alignment Benchmark for 2021, the business goal of “Manage Risk” was the single biggest point of disagreement between CIOs and their direct supervisors. CIOs rank it as the second-most important business goal, while CEOs rank it as sixth-most important.

    Organizations should align on managing risk as a top priority given the severity of the ransomware threat. The threat actors and nature of the attacks are such that top leadership must prepare for when ransomware hits. This includes halting operations quickly to contain damage, engaging third-party security forensics experts, and coordinating with government regulators.

    Cybersecurity strategies may be challenged to be effective without creating some friction for users. Organizations should look beyond multi-layer prevention strategies and lean toward quick detection and response, spending evenly across prevention, detection, and response solutions.

    Take the next step

    Create a Ransomware Incident Response Plan
    Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

    Simplify Identity and Access Management
    Select and implement IAM and produce vendor RFPs that will contain the capabilities you need, including multi-factor authentication.

    Cybersecurity Series Featuring Sandy Silk
    More from Info-Tech’s Senior Workshop Director Sandy Silk in this video series created while she was still at Harvard University.

    Gap between CIOs and CEOs in points allocated to “Manage risk” as a top business goal

    A bar chart illustrating the gap between CIOs and CEOs in points allocated to 'Manage risk' as a top business goal. The difference is marked as Delta 1.5.

    Support an employee-centric retention strategy

    Priority 03 | ITRG02 Leadership, Culture & Values

    Avoid being a victim of “The Great Resignation” by putting employees at the center of an experience that will engage them with clear career path development, purposeful work, and transparent feedback.

    Defining an employee-first culture that improves retention

    The Great resignation isn’t good for firms

    In 2021, many workers decided to leave their jobs. Working contexts were disrupted by the pandemic and that saw non-essential workers sent home to work, while essential workers were asked to continue to come into work despite the risks of COVID-19. These disruptions may have contributed to many workers reevaluating their professional goals and weighing their values differently. At the same time, 2021 saw a surging economy and many new job opportunities to create a talent-hungry market. Many workers could have been motivated to take a new opportunity to increase their salary or receive other benefits such as more flexibility.

    Annual turnover rate for all us employees on the rise

    • 20% – Jan.-Aug. 2020, Dipped from 22% in 2019
    • 25% Jan.-Aug. 2021, New record high
    • Data from Visier Inc.

    When you can’t pay them, develop them

    IT may be less affected than other departments by this trend. Info-Tech’s 2022 IT Talent Trends Report shows that on average, estimated turnover rate in IT is lower than the rest of the organization. Almost half of respondents estimated their organization’s voluntary turnover rate was 10% or higher. Only 30% of respondents estimate that IT’s voluntary turnover rate is in the same range. However, CIOs working in industries with the highest turnover rates will have to work to keep their workers engaged and satisfied, as IT skills are easily transferred to other industries.

    49% ranked “enabling learning & development within IT” as high priority, more than any other single challenge. (IT Talent Trends 2022 Survey, N=227)

    A bar chart of 'Industries with highest turnover rates (%)' with 'Leisure and Hospitality' at 6.4%, 'Trade, Transportation & Utilities' at 3.6%, 'Professional and Business' at 3.3%, and 'Other Services' at 3.1%. U.S. Bureau of Labor Statistics, 2022.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage

    “We have to get to know the individual at a personal level … Not just talking about the business, but getting to know the person."

    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Listen to the Tech Insights podcast:
    How a financial services company dodged ‘The Great Resignation’

    Internal interpretation: CrossCountry Mortgage

    • May 2019
      Jeff Previte joins Cleveland, Ohio-based CrossCountry Mortgage in the CIO role. The company faces a challenge with employee turnover, particularly in IT. The firm is a sales-focused organization and saw its turnover rate reach as high as 60%. Yet Previte recognized that IT had some meaningful goals to achieve and would need to attract – and retain – some higher caliber talent. His first objective in his new role was to meet with IT employees and business leadership to set priorities.
    • July 2019
      Previte takes a “people-first” approach to leadership and meets his staff face-to-face to understand their personal situations. He sets to work on defining roles and responsibilities in the organization, spending about a fifth of his time on defining the strategy.
    • June 2020
      Previte assigned his leadership team to McLean & Company’s Design an Impactful Employee Development Program. From there, the team developed a Salesforce tool called the Career Development Workbook. “We had some very passionate developers and admins that wanted to build a home-grown tool,” he says. It turns McLean & Company’s process into a digital tool employees can use to reflect on their careers and explore their next steps. It helps facilitate development conversations with managers.
    • January 2021
      CrossCountry Mortgage changes its approach to career development activities. Going to external conferences and training courses is reduced to just 30% of that effort. The rest is by doing hands-on work at the company. Previte aligned with his executives and road-mapped IT projects annually. Based on employee’s interests, opportunities are found to carve out time from usual day-to-day activities to spend time on a project in a new area. When there’s a business need, someone internally can be ready to transition roles.
    • June 2021
      In the two years since joining the company, Previte has reduced the turnover rate to just 12%. The IT department has grown to more adequately meet the needs of the business and employees are engaged with more opportunities to develop their careers. Instead of focusing on compensation, Previte focused more on engaging employees with a developmentally dedicated environment and continuous hands-on learning.

    “It’s come down to a culture shift. Folks have an idea of where we’re headed as an organization, where we’re headed as an IT team, and how their role contributes to that.” (Jeff Previte, EVP of IT, CrossCountry Mortgage)

    Implications: Organization, Process, Technology

    External

    • Organization – A high priority is being placed on improving IT’s maturity through its talent. Enabling learning and development in IT, enabling departmental innovation, and recruiting are the top three highest priorities according to IT Talent Trends 2022 survey responses.
    • Process – Recruiting is more challenging for industries that operate primarily onsite, according to McLean & Company's 2022 HR Trends Report. They face more challenges attracting applications, more rejected offers, and more candidate ghosting compared to remote-capable industries.
    • Technology – Providing a great employee experience through digital tools is more important as many organizations see a mix of workers in the office and at home. These tools can help connect colleagues, foster professional development, and improve the candidate experience.

    Internal

    • Organization – CrossCountry Mortgage faced a situation where IT employees did not have clarity on their roles and responsibilities. In terms of salary, it wasn’t offering at the high end compared to other employers in Cleveland.
    • Process – To foster a culture of growth and development, CrossCountry Mortgage put in place a performance assessment system that encouraged reflection and goal setting, aided by collaboration with a manager.
    • Technology – The high turnover rate was limiting CrossCountry Mortgage from achieving the level of maturity it needed to support the company’s goals. It ingrained its new PA process with a custom build of a Salesforce tool.

    Resources Applied

    Show me the money

    Almost six in ten Talent Trends survey respondents identified salary and compensation as the reason that employees resigned in the past year. Organizations looking to engage employees must first pay a fair salary according to market and industry conditions.

    Build me up

    Professional development and opportunity for innovative work are the next two most common reasons for resignations. Organizations must ensure they create enough capacity to allow workers time to spend on development.

    “Building our own solution created an element of engagement. There was a sense of ownership that the team had in thinking through this.” (Jeff Previte, CrossCountry Mortgage)

    CrossCountry Mortgage

    • Executive time: CIO spends 10-20% of his time on activities related to designing the approach.
    • Leveraged memberships with Info-Tech Research Group and McLean & Company to define professional development process.
    • Internal IT develops automated workflow in Salesforce.
    • Hired additional IT staff to build out overall capacity and create time for development activities.

    Outcomes at CrossCountry Mortgage

    Engaged IT workforce

    The Great Maturation: IT staff turnover rate dropped to 10-12% and IT talent is developing on the job to improve the department’s overall skill level. More IT staff on hand and more engaged workers mean IT can deliver higher maturity level results.

    Alignment achieved: Connecting IT’s initiatives to the vision of the C-suite creates a clear purpose for IT in its initiatives. Staff understand what they need to achieve to progress their careers and can grow while they work.

    Photo of employees from CrossCountry Mortgage assisting with a distribution event.
    Employees from CrossCountry Mortgage headquarters assist with a drive-thru distribution event for the Cleveland Food Bank on Dec. 17, 2021. (Image courtesy of CrossCountry Mortgage.)

    From Priorities to Action

    Staff retention is a leadership priority

    The Great Resignation trend is bringing attention to employee engagement and staff retention. IT departments are busier than ever during the pandemic as they work overtime to keep up with a remote workforce and new security threats. At the same time, IT talent is among the most coveted on the market.

    CIOs need to develop a people-first approach to improve the employee experience. Beyond compensation, IT workers need clarity in terms of their career paths, a direct connection between their work and the goals of the organization, and time set aside for professional development.

    Info-Tech’s 2021 benchmark for “Leadership, Culture & Values” shows that most organizations rate this capability very highly (9) but see room to improve on their effectiveness (6.9).

    Take the next step

    IT Talent Trends 2022
    See how IT talent trends are shifting through the pandemic and understand how themes like The Great Resignation has impacted IT.

    McLean & Company’s Modernize Performance Management
    Customize the building blocks of performance management to best fit organizational needs to impact individual and organizational performance, productivity, and engagement.

    Redesign Your IT Organizational Structure
    Define future-state work units, roles, and responsibilities that will enable the IT organization to complete the work that needs to be done.

    “Leadership, Culture & Values” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Leadership, Culture & Values' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Design an automation platform

    Priority 04 | APO04 Innovation

    Position yourself to buy or build a platform that will enable new automation opportunities through seamless integration.

    Build it or buy it, but platform integration can yield great benefits

    Necessity is the mother of innovation

    When it’s said that digital transformation accelerated during the pandemic, what’s really meant is that processes that were formerly done manually became automated through software. In responses to the Tech Trends survey, CIOs say digital transformation was more of a focus during the pandemic, and eight in ten CIOs also say they shifted more than 20% of their organization’s processes to digital during the pandemic. Automating tasks through software can be called digitalization.

    Most organizations became more digitalized during the pandemic. But how they pursued it depends on their IT maturity. For digital laggards, partnering with a technology services platform is the path of least resistance. For sophisticated innovators, they can consider building a platform to address the specific needs of their business process. Doing so requires the foundation of an existing “digital factory” or innovation arm where new technologies can be tested, proofs of concept developed, and external partnerships formed. Patience is key with these efforts, as not every investment will yield immediate returns and some will fail outright.

    Build it or buy it, platform participants integrate with their existing systems through application programming interfaces (APIs). Organizations should determine their platform strategies based on maturity, then look to integrate the business processes that will yield the most gains.

    What role should you play in the platform ecosystem?

    A table with levels on the maturity ladder laid out as a sprint. Column headers are maturity levels 'Struggle', 'Support', 'Optimize', 'Expand', and 'Transform', row headers are 'Maturity' and 'Role'. Roles are assigned to one or many levels. 'Improve' is solely under Struggle. 'Integrate' spans from Support to Transform. 'Buy' spans Support to Expand. 'Build' begins midway through Expand and all of Transform. 'Partner' spans from Optimize to halfway through Transform.

    68% of CIOs say digital transformation became much more of a focus for their organization during the pandemic (Info-Tech Tech Trends 2022 Survey)

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE

    "Smart contracts are really just workflows between counterparties."

    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    Listen to the Tech Insights podcast:
    How Allianz took a blockchain platform from pilot to 1 million transactions

    Internal interpretation: Allianz Technology

    • 2015
      After smart contracts are demonstrated on the Ethereum blockchain, Allianz and other insurers recognize the business value. There is potential to use the capability to administer a complex, multi-party contract where the presence of the reinsurer in the risk transfer ecosystem is required. Manual contracts could be turned into code and automated. Allianz organized an early proof of concept around a theoretical pandemic excessive loss contract.
    • 2018
      Allianz Chief Architect Bob Crozier is leading the Global Blockchain Center of Competence for Allianz. They educate Allianz on the value of blockchain for business. They also partner with a joint venture between the Technology University of Munich and the state of Bavaria. A cohort of Masters students is looking for real business problems to solve with open-source distributed ledger technology. Allianz puts its problem statement in front of the group. A student team presents a proof of concept for an international motor insurance claims settlement and it comes in second place at a pitch day competition.
    • 2019
      Allianz brings the concept back in-house, and its business leaders return to the concept. Startup Luther Systems is engaged to build a minimum-viable product for the solution, with the goal being a pilot involving three or four subsidiaries in different countries. The Blockchain Center begins communicating with 25 Allianz subsidiaries that will eventually deploy the platform.
    • 2020
      Allianz is in build mode on its international motor insurance claims platform. It leverages its internal Dev/SecOps teams based in Munich and in India.
    • May 2021
      Allianz goes live with its new platform on May 17, decommissioning its old system and migrating all live claims data onto the new blockchain platform. It sees 400 concurrent users go live across Europe.
    • January 2022
      Allianz mines its one-millionth block to its ledger on Jan. 19, with each block representing a peer-to-peer transaction across its 25 subsidiaries in different countries. The platform has settled hundreds of millions of dollars.

    Stock photo of two people arguing over a car crash.

    Implications: Organization, Process, Technology

    External

    • Organization – To explore emerging technologies like blockchain, organizations need staff that are accountable for innovation and have leeway to develop proofs of concept. External partners are often required to bring in fresh ideas and move quickly towards an MVP.
    • Process – According to the Tech Trends 2022 survey, 84% of CIOs consider automation a high-value digital capability, and 77% say identity verification is a high-value capability. A blockchain platform using smart contracts can deliver those.
    • Technology – The Linux Foundation’s Hyperledger Fabric is an open-source blockchain technology that’s become popular in the financial industry for its method of forming consensus and its modular architecture. It’s been adopted by USAA, MasterCard, and PayPal. It also underpins the IBM Blockchain Platform and is supported by Azure Blockchain.

    Internal

    • Organization – Allianz is a holding company that owns Allianz Technology and 25 operating entities across Europe. It uses the technology arm to innovate on the business process and creates shared platforms that its entities can integrate with to automate across the value chain.
    • Process – Initial interest in smart contracts on blockchain were funneled into a student competition, where a proof of concept was developed. Allianz partnered with a startup to develop an MVP, then developed the platform while aligning with its business units ahead of launch.
    • Technology – Allianz built its blockchain platform on Hyperledger Fabric because it was a permissioned system, unlike other public permissionless blockchains such as Ethereum, and because its mining mechanism was much more energy efficient compared to other blockchains using Proof of Work consensus models.

    Resources Applied

    Time to innovate

    Exploring emerging technology for potential use cases is difficult for staff tasked with running day-to-day operations. Organizations serious about innovation create a separate team that can focus on “moonshot” projects and connect with external partners.

    Long-term ROI

    Automation of new business processes often requires a high upfront initial investment for a long-term efficiency gain. A proof of concept should demonstrate clear business value that can be repeated often and for a long period.

    “My next project has to deliver in the tens of millions of value in return. The bar is high and that’s what it should be for a business of our size.” (Bob Crozier, Allianz)

    Allianz

    • Several operating entities from different countries supplied subject matter expertise and helped with the testing process.
    • Allianz Technology team has eight staff members. It is augmented by Luther Systems and the team at industry group B3i.
    • Funding of less than $5 million to develop. Dev team continues to add improvements.
    • Operating requires just one full-time employee plus infrastructure costs, mostly for public cloud hosting.

    Outcomes at Allianz

    From insurer to platform provider

    Deliver your own SaaS: Allianz Technology built its blockchain-based claims settlement platform and its subsidiaries consume it as software as a service. The platform runs on a distributed architecture across Europe, with each node running the same version of the software. Operating entities can also integrate their own systems to the platform via APIs and further automate business processes such as billing.

    Ready to scale: After processing one million transactions, the international claims settlement platform is proven and ready to add more participants. Crozier sees auto repair shops and auto manufacturers as the next logical users.

    Stock photo of Blockchain.
    Allianz is a shareholder of the Blockchain Insurance Industry Initiative (B3i). It is providing a platform used by a group of insurance companies in the commercial and reinsurance space.

    When should we use blockchain? THREE key criteria:

    • Redundant processes
      Different entities follow the same process to achieve the desired outcome.
    • Audit trail
      Accountability in the decision making must be documented.
    • Reconciliation
      Parties need to be able to resolve disputes by tracing back to the truth.

    From Priorities to Action

    It’s a build vs. buy question for platforms

    Allianz was able to build a platform for its group of European subsidiaries because of its established digital factory and commitment to innovation. Allianz Technology is at the “innovate” level of IT maturity, allowing it to create a platform that subsidiaries can integrate with via APIs. For firms that are lower on the IT maturity scale, buying a platform solution is the better path to automation. These firms will be concerned with integrating their legacy systems to platforms that can reduce the friction of their operating environments and introduce modern new capabilities.

    From Info-Tech’s Build a Winning Business Process Automation Playbook

    An infographic comparing pros and cons of Build versus Buy. On the 'Build: High Delivery Capacity & Capability' side is 'Custom Development', 'Data Integration', 'AI/ML', 'Configuration', 'Native Workflow', and 'Low & No Code'. On the 'Buy: Low Delivery Capacity & Capability' side is 'Outsource Development', 'iPaaS', 'Chatbots', 'iBPMS & Rules Engines', 'RPA', and 'Point Solutions'.

    Take the next step

    Accelerate Your Automation Processes
    Integrate automation solutions and take the first steps to building an automation suite.

    Build Effective Enterprise Integration on the Back of Business Process
    From the backend to the frontlines – let enterprise integration help your business processes fly.

    Evolve Your Business Through Innovation
    Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.

    “Innovation” gap between importance and effectiveness Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Innovation' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Prepare to report on new environmental, social, and governance (ESG) metrics

    Priority 05 | ITRG06 Business Intelligence and Reporting

    Be ready to either lead or support initiatives to meet the criteria of new ESG reporting mandates and work toward disclosure reporting solutions.

    Time to get serious about ESG

    What does CSR or ESG mean to a CIO?

    Humans are putting increasing pressure on the planet’s natural environment and creating catastrophic risks as a result. Efforts to mitigate these risks have been underway for the past 30 years, but in the decade ahead regulators are likely to impose more strict requirements that will be linked to the financial value of an organization. Various voluntary frameworks exist for reporting on environmental, social, and governance (ESG) or corporate social responsibility (CSR) metrics. But now there are efforts underway to unify and clarify those standards.

    The most advanced effort toward a global set of standards is in the environmental area. At the United Nations’ COP26 summit in Scotland last November, the International Sustainability Standards Board (ISSB) announced its headquarters (Frankfurt) and three other international office locations (Montreal, San Francisco, and London) and its roadmap for public consultations. It is working with an array of voluntary standards groups toward a consensus.

    In Info-Tech’s 2022 Tech Trends survey, two-thirds of CIOs say their organization is committed to reducing greenhouse gas emissions, yet only 40% say their organizational leadership is very concerned with reducing those emissions. CIOs will need to consider how to align organizational concern with internal commitments and new regulatory pressures. They may investigate new real-time reporting solutions that could serve as a competitive differentiator on ESG.

    Standards informing the ISSB’s global set of climate standards

    A row of logos of organizations that inform ISSB's global set of climate standards.

    67% of CIOs say their organization is committed to reducing greenhouse gases, with one-third saying that commitment is public. (Info-Tech Tech Trends 2022 Survey)

    40% of CIOs say their organizational leadership is very concerned with reducing greenhouse gas emissions.

    David W. Dorman

    Chairman of the board, CVS Health

    “ESG is a question of what you do in the microcosm of your company to make sure there is a clear, level playing field – that there is a color-blind, gender-blind meritocracy available – that you are aware that not in every case can you achieve that without really focusing on it. It’s not going to happen on its own. That’s why our commitments have real dollars behind them and real focus behind them because we want to be the very best at doing them.”

    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Listen to the Tech Insights podcast:
    CVS Health chairman David Dorman on healthcare's hybrid future

    Internal interpretation: CVS Health

    CVS Health established a new steering committee of senior leaders in 2020 to oversee ESG commitments. It designs its corporate social responsibility strategy, Transform Health 2030, by aligning company activities in four key areas: healthy people, healthy business, healthy planet, and healthy community. The strategy aligns with the United Nations’ Sustainable Development Goals. In alignment with these goals, CVS identifies material topics where the company has the most ability to make an impact. In 2020, its top three topics were:

    1. Access to quality health care
    2. Patient and customer safety
    3. Data protection and privacy
    Material Topic
    Access to quality health care
    Material Topic
    Patient and customer safety
    Material Topic
    Data protection and privacy
    Technology Initiative
    MinuteClinic’s Virtual Collaboration for Nurses

    CVS provided Apple iPads compliant with the Health Insurance Portability and Accountability Act (HIPAA) to clinics in a phased approach, providing training to more than 700 providers in 26 states by February 2021. Nurses could use the iPads to attend virtual morning huddles and access clinical education. Nurses could connect virtually with other healthcare experts to collaborate on delivering patient care in real-time. The project was able to scale across the country through a $50,000 American Nurses Credentialing Center Pathway Award. (Wolters Kluwer Health, Inc.)

    Technology Initiative
    MinuteClinic’s E-Clinic

    MinuteClinics launched this telehealth solution in response to the pandemic, rolling it out in three weeks. The solution complemented video visits delivered in partnership with the Teladoc platform. Visits cost $59 and are covered by Aetna insurance plans, a subsidiary of CVS Health. It hosted more than 20,000 E-Clinic visits through the end of 2020. CVS connected its HealthHUBs to the solution to increase capacity in place of walk-in appointments and managed patients via phone for medication adherence and care plans. CVS also helped behavioral health providers transition patients to virtual visits. (CVS Health)

    Technology Initiative
    Next Generation Authentication Platform

    CVS patented this solution to authenticate customers accessing digital channels. It makes use of the available biometrics data and contextual information to validate identity without the need for a password. CVS planned to extend the platform to voice channels as well, using voiceprint technology. The solution prevents unauthorized access to sensitive health data while providing seamless access for customers. (LinkedIn)

    Implications: Organization, Process, Technology

    External

    • Organization – Since the mid-2010s, younger investors have demonstrated reliance on ESG data when making investment decisions, resulting in the creation of voluntary standards that offered varied approaches. Organizations in ESG exchange-traded funds are outperforming the overall S&P 500 (S&P Global Market Intelligence).
    • Process – Organizations are issuing ESG reports today despite the absence of clear rules to follow for reporting results. With regulators expected to step in to establish more rigid guidelines, many organizations will need to revisit their approach to ESG reports.
    • Technology – Real-time reporting of ESG metrics will become a competitive advantage before 2030. Engineering a solution that can alert organizations to poor performance on ESG measures and allow them to respond could avert losing market value.

    Internal

    • Organization – CVS Health established an ESG Steering Committee in 2020 composed of senior leaders including its chief governance officers, chief sustainability officer, chief risk officer, and controller and SVP of investor relations. It is supported by the ESG Operating Committee.
    • Process – CVS conducts a materiality assessment in accordance with Global Reporting Initiative standards to determine the most significant ESG impacts it can make and what topics most influence the decisions of stakeholders. It engages with various stakeholder groups on CSR topics.
    • Technology – CVS technology initiatives during the pandemic focused on supporting patients and employees in collaborating on health care delivery using virtual solutions, providing rich digital experiences that are easily accessible while upholding high security and privacy standards.

    Resources Applied

    Lack of commitment

    While 83% of businesses state support for the Sustainable Development Goals outlined by the Global Reporting Initiative (GRI), only 40% make measurable commitments to their goals.

    Show your work

    The GRI recommends organizations not only align their activities with sustainable development goals but also demonstrate contributions to specific targets in reporting on the positive actions they carry out. (GRI, “State of Progress: Business Contributions to the SDGS.”)

    “We end up with a longstanding commitment to diversity because that’s what our customer base looks like.” (David Dorman, CVS Health)

    CVS Health

    • The MinuteClinic Virtual Collaboration solution was piloted in Houston, demonstrated success, and won additional $50,000 funding from the Pathway to Excellence Award to scale the program across the country (Wolters Kluwer Health, Inc.).
    • The Next-Gen Authentication solution is provided by the vendor HYPR. It is deployed to ten million users and looking to scale to 30 million more. Pricing for enterprises is quoted at $1 per user, but volume pricing would apply to CVS (HYPR).

    Outcomes at CVS Health

    Delivering on hybrid healthcare solutions

    iPads for collaboration: Healthcare practitioners in the MinuteClinic Virtual Collaboration initiative agreed that it improved the use of interprofessional teams, working well virtually with others, and improved access to professional resources (Wolters Kluwer Health, Inc.)

    Remote healthcare: Saw a 400% increase in MinuteClinic virtual visits in 2020 (CVS Health).

    Verified ID: The Next Generation Authentication platform allowed customers to register for a COVID-19 vaccination appointment. CVS has delivered more than 50 million vaccines (LinkedIn).

    Stock photo of a doctor with an iPad.
    CVS Health is making use of digital channels to connect its customers and health practitioners to a services platform that can supplement visits to a retail or clinic location to receive diagnostics and first-hand care.

    From Priorities to Action

    Become your organization’s ESG Expert

    The risks posed to organizations and wider society are becoming more severe, driving a transition from voluntary frameworks for ESG goals to a mandatory one that’s enforced by investors and governments. Organizations will be expected to tie their core activities to a defined set of ESG goals and maintain a balance sheet of their positive and negative impacts. CIOs should become experts in ESG disclosure requirements and recommend the steps needed to meet or exceed competitors’ efforts. If a leadership vacuum for ESG accountability exists, CIOs can either seek to support their peers that are likely to become accountable or take a leadership role in overseeing the area. CIOs should start working toward solutions that deliver real-time reporting on ESG goals to make reporting frictionless.

    “If you don’t have ESG oversight at the highest levels of the company, it won’t wind up getting the focus. That’s why we review it at the Board multiple times per year. We have an annual report, we compare how we did, what we intended to do, where did we fall short, where did we exceed, and where we can run for daylight to do more.” (David Dorman, CVS Health)

    Take the next step

    ESG Disclosures: How Will We Record Status Updates on the World We Are Creating?
    Prepare for the era of mandated environmental, social, and governance disclosures.

    Private Equity and Venture Capital Growing Impact of ESG Report
    Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

    “Business Intelligence and Reporting” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'BI and Reporting' gap between importance and effectiveness. The difference is marked as Delta 2.4.

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Contributing Experts

    Elizabeth Clark

    CIO, Harvard Business School
    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage
    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE
    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    David W. Dorman

    Chairman of the Board, CVS Health
    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Info-Tech’s internal CIO panel contributors

    • Bryan Tutor
    • John Kemp
    • Mike Schembri
    • Janice Clatterbuck
    • Sandy Silk
    • Sallie Wright
    • David Wallace
    • Ken McGee
    • Mike Tweedie
    • Cole Cioran
    • Kevin Tucker
    • Angelina Atkins
    • Yakov Kofner
    Photo of an internal CIO panel contributor. Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.

    Thank you for your support

    Logo for the Blockchain Research Institute.
    Blockchain Research Institute

    Bibliography – CIO Priorities 2022

    “2020 Corporate Social Responsibility Report.” CVS Health, 2020, p. 127. Web.

    “Adversary: Doppel Spider - Threat Actor.” Crowdstrike Adversary Universe, 2021. Accessed 29 Dec. 2021.

    “Aetna CVS Health Success Story.” HYPR, n.d. Accessed 6 Feb. 2022.

    Baig, Aamer. “The CIO agenda for the next 12 months: Six make-or-break priorities.” McKinsey Digital, 1 Nov. 2021. Web.

    Ball, Sarah, Kristene Diggins, Nairobi Martindale, Angela Patterson, Anne M. Pohnert, Jacinta Thomas, Tammy Todd, and Melissa Bates. “2020 ANCC Pathway Award® winner.” Wolters Kluwer Health, Inc., 2021. Accessed 6 Feb. 2022.

    “Canadian Universities Propose Designs for a Central Bank Digital Currency.” Bank of Canada, 11 Feb. 2021. Accessed 14 Dec. 2021.

    “Carbon Sequestration in Wetlands.” MN Board of Water and Soil Resources, n.d. Accessed 15 Nov. 2021.

    “CCM Honored as a NorthCoast 99 Award Winner.” CrossCountry Mortgage, 1 Dec. 2021. Web.

    Cheek, Catherine. “Four Things We Learned About the Resignation Wave–and What to Do Next.” Visier Inc. (blog), 5 Oct. 2021. Web.

    “Companies Using Hyperledger Fabric, Market Share, Customers and Competitors.” HG Insights, 2022. Accessed 25 Jan. 2022.

    “IFRS Foundation Announces International Sustainability Standards Board, Consolidation with CDSB and VRF, and Publication of Prototype Disclosure Requirements.” IFRS, 3 Nov. 2021. Web.

    “IT Priorities for 2022: A CIO Report.” Mindsight, 28 Oct. 2021. Web.

    “Job Openings and Labor Turnover Survey.” Databases, Tables & Calculators by Subject, U.S. Bureau of Labor Statistics, 2022. Accessed 9 Feb. 2022.

    Kumar, Rashmi, and Michael Krigsman. “CIO Planning and Investment Strategy 2022.” CXOTalk, 13 Sept. 2021. Web.

    Leonhardt, Megan. “The Great Resignation Is Hitting These Industries Hardest.” Fortune, 16 Nov. 2021. Accessed 7 Jan. 2022.

    “Most companies align with SDGs – but more to do on assessing progress.” Global Reporting Initiative (GRI), 17 Jan. 2022. Web.

    Navagamuwa, Roshan. “Beyond Passwords: Enhancing Data Protection and Consumer Experience.” LinkedIn, 15 Dec. 2020.

    Ojo, Oluwaseyi. “Achieving Digital Business Transformation Using COBIT 2019.” ISACA, 19 Aug. 2019. Web.

    “Priority.” Lexico.com, Oxford University Press, 2021. Web.

    Riebold, Jan, and Yannick Bartens. “Reinventing the Digital IT Operating Model for the ‘New Normal.’” Capgemini Worldwide, 3 Nov. 2020. Web.

    Samuels, Mark. “The CIO’s next priority: Using the tech budget for growth.” ZDNet, 1 Sept. 2021. Accessed 1 Nov. 2021.

    Sayer, Peter. “Exclusive Survey: CIOs Outline Tech Priorities for 2021-22.” CIO, 5 Oct. 2021. Web.

    Shacklett, Mary E. “Where IT Leaders Are Likely to Spend Budget in 2022.” InformationWeek, 10 Aug. 2021. Web.

    “Table 4. Quits Levels and Rates by Industry and Region, Seasonally Adjusted - 2021 M11 Results.” U.S. Bureau of Labor Statistics, Economic News Release, 1 Jan. 2022. Accessed 7 Jan. 2022.

    “Technology Priorities CIOs Must Address in 2022.” Gartner, 19 Oct. 2021. Accessed 1 Nov. 2021.

    Thomson, Joel. Technology, Talent, and the Future Workplace: Canadian CIO Outlook 2021. The Conference Board of Canada, 7 Dec. 2021. Web.

    “Trend.” Lexico.com, Oxford University Press, 2021. Web.

    Vellante, Dave. “CIOs signal hybrid work will power tech spending through 2022.” SiliconANGLE, 25 Sept. 2021. Web.

    Whieldon, Esther, and Robert Clark. “ESG funds beat out S&P 500 in 1st year of COVID-19; how 1 fund shot to the top.” S&P Global Market Intelligence, April 2021. Accessed Dec. 2021.

    Achieve IT Spend & Staffing Transparency

    • IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace.
    • In most organizations, technology has evolved faster than the business’ understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied to IT expenditure don’t align well to modern IT realities.
    • IT is often directed to make cuts when cost optimization and targeted investment are what’s really needed to sustain and grow the organization in the long term.

    Our Advice

    Critical Insight

    • Meaningful conversations about IT spend don’t happen nearly as frequently as they should. When they do happen, they are often inhibited by a lack of IT financial management (ITFM) maturity combined with the absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Supporting data about actual technology spend taking place that would inform decision making is often scattered and incomplete.
    • Creating transparency in your IT financial data is essential to powering collaborative and informed technology spend decisions.

    Impact and Result

    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization’s total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain vocabulary and facts that will help you tell the true story of IT spend.

    Members may also be interested in Info-Tech's IT Spend & Staffing Benchmarking Service.

    Achieve IT Spend & Staffing Transparency Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Achieve IT Spend & Staffing Transparency Deck – A detailed, do-it-yourself framework and process for clearly mapping your organization’s total technology spend.

    This deck mirrors Info-Tech’s own internal methods for delivering its IT Spend & Staffing Benchmarking Service in a do-it-yourself format. Based on Info-Tech’s proven ITFM Cost Model, it includes an IT spend mapping readiness assessment, expert advice for sourcing and organizing your financial data, a methodology for mapping IT staff and vendor spend according to four key stakeholder views (CFO, CIO, CXO, and CEO), and guidance on how to analyze and share your results.

    • Achieve IT Spend & Staffing Transparency Storyboard

    2. IT Spend & Staffing Transparency Workbook – A structured Excel tool that allows you to allocate your IT spend across four key stakeholder views and generate high-impact visualizations.

    This workbook offers a step-by-step approach for mapping and visualizing your organization’s true IT spend.

    • IT Spend & Staffing Transparency Workbook

    3. IT Spend & Staffing Transparency Executive Presentation Template – A PowerPoint template that helps you summarize and showcase key results from your IT spend transparency exercise.

    This presentation template offers a recommended structure for introducing key executive stakeholders to your organization’s true IT spending behavior and IT financial management as a whole.

    • IT Spend & Staffing Transparency Executive Presentation Template

    Infographic

    Further reading

    Achieve IT Spend & Staffing Transparency

    Lay a foundation for meaningful conversations with the business.

    Analyst Perspective

    Take the first step in your IT spend journey.

    Talking about money is hard. Talking to the CEO, CFO, and other business leaders about money is even harder, especially if IT is seen as just a cost center, is not understood by stakeholders, or is simply taken for granted. In times of economic hardship, already lean IT operations are tasked with becoming even leaner.

    When there's little fat to trim, making IT spend decisions without understanding the spend's origin, location, extent, and purpose can lead to mistakes that weaken, not strengthen, the organization.

    The first step in optimizing IT spend decisions is setting a baseline. This means having a comprehensive and transparent view of all technology spend, organization-wide. This baseline is the only way to have meaningful, data-driven conversations with stakeholders and approvers around what IT delivers to the business and the implications of making changes to IT funding.

    Before stepping forward in your IT financial management journey, know exactly where you're standing today.

    Jennifer Perrier, Principal Research Director, ITFM Practice

    Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace:
    • Technology has evolved faster than the business' understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied doesn't align well to modern IT realities.
    • IT is directed to make cuts when cost optimization and targeted investment are what's really needed to sustain and grow the organization in the long-term.
    Meaningful conversations about IT spend don't happen nearly as much as they should. This is often due to:
    • A lack of maturity in how ITFM (IT financial management) is executed within IT and across the organization as a whole.
    • The absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Scattered and incomplete data about the actual technology spend taking place in the organization.
    Lay a foundation for meaningful conversations and informed decision-making around IT spend.
    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization's total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain both vocabulary and facts that will help you tell the true story of IT spend.

    Info-Tech Insight
    Create transparency in your IT financial data to power both collaborative and informed technology spend decisions.

    IT spend has grown alongside IT complexity

    IT spend has grown alongside IT complexity

    Growth creates change ... and challenges

    IT has become more integral to business operations and achievement of strategic goals, driving complexity in how IT funds are allocated and managed.

    How IT funds are spent has changed
    Value demonstration is two-pronged. The first is return on performance investment, focused on formal and objective goals, metrics, and KPIs. The second is stakeholder satisfaction, a more subjective measure driven by IT-business alignment and relationship. IT leaders must do both well to prove and promote IT's value.
    Funding decision cadence has sped up
    Many organizations have moved from three- to five-year strategic planning cycles to one-year planning horizons or less, most noticeably since the 2008/2009 recession. Not only has the pace of technological change accelerated, but so too has volatility in the broader business and economic environments, forcing rapid response.
    Justification rigor around IT spend has increased
    The need for formal business cases, proposals, and participation in formal governance processes has increased, as has demand for financial transparency. With many IT departments still reporting into the CFO, there's no getting around it - today's IT leaders need to possess financial management savvy.
    Clearly showing business value has become priority
    IT spend has moved from the purchase of discrete hardware and software tools traditionally associated with IT to the need to address larger-scale issues around interoperability, integration, and virtualized cloud solutions. Today's focus is more on big-picture architecture than on day-to-day operations.

    ITFM capabilities haven't grown with IT spend

    IT still needs to prove itself.

    Increased integration with the core business has made it a priority for the head of IT to be well-versed in business language and practice, specifically in the areas of measurement and financial management.

    However, IT staff across all industries aren't very confident in how well IT is doing in managing its finances via three core processes:

    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.
    • Demonstrating IT's value to the business.

    Recent data from 4,137 respondents to Info-Tech's IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing them.

    IT leadership's capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and showing how IT contributes to business value.

    Graph of Cost and Budget Management

    Graph of Cost Optimization

    Questions for support transition

    Source: IT Management & Governance Diagnostic, Info-Tech Research Group, 2022.

    Take the perspective of key IT stakeholders as a first step in ITFM capability improvement

    Other business unit leaders need to deliver on their own specific and unique accountabilities. Create true IT spend transparency by accounting for these multiple perspectives.

    Exactly how is IT spending all that money we give them?
    Many IT costs, like back-end infrastructure and apps maintenance, can be invisible to the business.

    Why doesn't my department get more support from IT?
    Some business needs won't align with spend priorities, while others seem to take more than their fair share.

    Does the amount we spend on each IT service make sense?
    IT will get little done or fall short of meeting service level requirements without appropriate funding.

    I know what IT costs us, but what is it really worth?
    Questions about value arise as IT investment and spend increase. How to answer these questions is critical.

    At the end of the day, telling IT's spend story to the business is a significant challenge if you don't understand your audience, have a shared vocabulary, or use a repeatable framework.

    Mapping your IT spend against a reusable framework helps generate transparency

    A framework makes transparency possible by simplifying methods, creating common language, and reducing noise.

    However, the best methodological framework won't work if the materials and information plugged into it are weak. With IT spend, the materials and information are your staff and your vendor financial data. To achieve true transparency, inputs must have the following three characteristics:

    Availability Reliability Usability
    The data and information are up-to-date and accessible when needed. The data and information are accurate, complete, and verifiable. The data and information are clearly defined, consistently and predictably organized, consumable, and meaningful for decision-making.

    A framework is an organizing principle. When it comes to better understanding your IT spend, the things being organized by a framework are your method and your data.

    If your IT spend information is transparent, you have an excellent foundation for having the right conversations with the right people in order to make strategically impactful decisions.

    Info-Tech's approach enables meaningful dialogue with stakeholders about IT spend

    View of meaningful dialogue with stakeholders about IT spend

    Investing time in preparing and mapping your IT spend data enables better IT governance

    While other IT spend transparency methods exist, Info-Tech's is designed to be straightforward and tactical.

    Info-Tech method for IT spend transparency

    Put your data to work instead of being put to work by your data.

    Introducing Info-Tech's methodology for creating transparency on technology spend

    1. Know your objectives 2. Gather required data 3. Map your IT staff spend 4. Map your IT vendor spend 5. Identify implications for IT
    Phase Steps
    1. Review your business context
    2. Set IT staff and vendor spend transparency objectives
    3. Assess effort and readiness
    1. Collect IT staff spend data
    2. Collect IT vendor spend data
    3. Define industry-specific CXO Business View categories
    1. Categorize IT staff spend in each of the four views
    2. Validate
    1. Categorize IT vendor spend in each of the four views
    2. Validate
    1. Analyze your findings
    2. Craft your key messages
    3. Create an executive presentation
    Phase Outcomes Goals and scope for your IT spend and staffing transparency effort. Information and data required to perform the IT staff and vendor spend transparency initiative. A mapping of the allocation of IT staff spend across the four views of the Info-Tech ITFM Cost Model. A mapping of the allocation of IT vendor spend across the four views of the Info-Tech ITFM Cost Model. An analysis of your results and a presentation to aid your communication of findings with stakeholders.

    Insight Summary

    Overarching insight
    Take the perspective of key stakeholders and lay out your organization's complete IT spend footprint in terms they understand to enable meaningful conversations and start evolving your IT financial management capability.

    Phase 1 insight
    Your IT spend transparency efforts are only useful if you actually do something with the outcomes of those efforts. Be clear about where you want your IT transparency journey to take you.

    Phase 2 insight
    Your IT spend transparency efforts are only as good as the quality of your inputs. Take the time to properly source, clean, and organize your data.

    Phase 3 insight
    Map your IT staff spend data first. It involves work but is relatively straightforward. Practice your mapping approach here and carry forward your lessons learned.

    Phase 4 insight
    The importance of good, usable data will become apparent when mapping your IT vendor spend. Apply consistent and meaningful vendor labels to enable true aggregation and insight.

    Phase 5 insight
    Communicating your final IT spend transparency mapping with executive stakeholders is your opportunity to debut IT financial management as not just an IT issue but an organization-wide concern.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Use this tool in Phases 1-4

    IT Spend & Staffing Transparency Workbook

    Input your IT staff and vendor spend data to generate visual outputs for analysis and presentation in your communications.

    Key deliverable:

    IT Spend & Staffing Transparency Executive Presentation

    Create a showcase for your newly-transparent IT staff and vendor spend data and present it to key business stakeholders.

    Use this tool in Phase 5

    IT and business blueprint benefits

    IT Benefits Business Benefits
    • Gain insight into exactly where you're spending IT funds on hardware, software, service providers, and the workforce.
    • Understand how much it's costing IT to deliver specific IT services.
    • Illustrate differences in business consumption of IT spend.
    • Learn the ratio of spend allocated to innovation vs. growth vs. keeping the lights on (KTLO).
    • Develop a series of core IT spend metrics including IT spend as a percent of revenue, IT spend per organization employee, and IT spend per IT staff member.
    • Create a complete IT spend baseline to serve as a foundation for future benchmarking, cost optimization, and other forms of IT financial analysis.
    • Understand the relative allocation of IT spend across capital vs. operational expenditure.
    • See the degree to which IT differentially supports and enables organizational goals, strategies, and functions.
    • Have better data for informing the organization's IT spend allocation and prioritization decisions.
    • Gain better visibility into real-life IT spending behaviors, cadences, and patterns.
    • Identify potential areas of spend waste as well as underinvestment.
    • Understand the true value that IT brings to the business.

    Measure the value of this blueprint

    You will know that your IT spend and staffing transparency effort is succeeding when:

    • Your understanding of where technology funds are really being allocated is comprehensive.
    • You're having active and meaningful dialogue with key stakeholders about IT spend issues.
    • IT spend transparency is a permanent part of your IT financial management toolkit.

    In phase 1 of this blueprint, we will help you identify initiatives where you can leverage the outcomes of your IT spend and staffing transparency effort.

    In phases 2, 3, and 4, we will guide you through the process of mapping your IT staff and vendor spend data so you can generate your own IT spend metrics based on reliable sources and verifiable facts.

    Win #1: Knowing how to reliably source the financial data you need to make decisions.

    Win #2: Getting your IT spend data in an organized format that you can actually analyze.

    Win #3: Having a framework that puts IT spend in a language stakeholders understand.

    Win #4: Gaining a practical starting point to mature ITFM practices like cost optimization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    Info-Tech recommends the following calls in your Guided Implementation.

    Phase 1: Know your objectives Phase 2: Gather required data Phase 3: Map your IT staff spend Phase 4: Map your IT vendor spend Phase 5: Identify implications for IT
    Call #1: Discuss your IT spend and staffing transparency objectives and readiness. Call #2: Review spend and staffing data sources and identify data organization and cleanup needs. Call #3: Review your mapped IT staff spend and resolve lingering challenges. Call #4: Review your mapped IT vendor spend and resolve lingering challenges. Call #5: Analyze your mapping outputs for opportunities and devise next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between four to six calls over the course of two to three months.

    Want even more help with your IT spend transparency effort?

    Let us fast-track your IT spend journey.

    The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

    This unique service features:

    • A client-proven approach to meet your IT spend transparency goals.
    • Vendor and staff spend mapping that reveals business consumption of IT.
    • Industry benchmarking to compare your spending and staffing to that of your peers.
    • Results in a fraction of the time with much less effort than going it alone.
    • Expert review of results and ongoing discussions with Info-Tech analysts.

    If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

    Phase 1

    Know Your Objectives

    This phase will walk you through the following activities:

    • Establish IT spend and staffing transparency uses and objectives
    • Assess your readiness to tackle IT spend and staffing transparency

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 1: Know your objectives

    Envision what transparency can do.

    You're at the very beginning of your IT spend transparency journey. In this phase you will:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assess your readiness to tackle the exercise and gauge how much work you'll need to do in order to do it well.

    "I've heard this a lot lately from clients: 'I've got my hands on this data, but it's not structured in a way that will allow me to make any decisions about it. I have these journal entries and they have some accounting codes, GL descriptors, cost objects, and some vendors, but it's not enough detail to make any decisions about my services, my applications, my asset spend.'"
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Transparency positively enables both business outcomes and the practice of business ethics

    However, transparency's real superpower is in how it provides fact-based context.

    • More accurate and relevant data for decision-making.
    • Better managed and more impactful financial outcomes.
    • Increased inclusion of people in the decisions that affect them.
    • Clearer accountabilities for organizational efficiency and effectiveness goals.
    • Concrete proof that business priorities and decisions are being acted on and implemented.
    • Greater trust and respect between IT and the business.
    • Demonstration of integrity in how funds are being used.

    IT spend transparency efforts are only useful if you actually do something with the outputs

    Identify in advance how you plan to leverage IT spend transparency outcomes.

    CFO expense view

    • Demonstrate actual IT costs at the right level of granularity.
    • Update/change the categories finance uses to track IT spend.
    • Adjust the expected CapEx/OpEx ratio.

    CXO business view

    • Calculate consumption of IT resources by department.
    • Implement a showback/chargeback mechanism.
    • Change the funding conversation about proposed IT projects.

    CIO service view

    • Calculate the total cost to deliver a specific IT service.
    • Adjust the IT service spend-to-value ratio as per business priorities.
    • Rightsize IT service levels to reflect true value to the business.

    CEO innovation view

    • Formalize the organization's position on use of cloud/outsourcing.
    • Reduce the portion of spend dedicated to "keeping the lights on."
    • Develop a plan for boosting commitment to innovation investment.

    When determining your end objectives, think about the real questions IT is being asked by the business and how IT spend transparency will help you answer them.

    CFO: Financial accounting perspective

    IT spend used to be looked at from a strictly financial accounting perspective - this is the view of the CFO and the finance department. Their question, "exactly how is IT spending all that money we give them," is really about how money is distributed across different asset classes. This question breaks down into other questions that IT leaders needs to ask themselves in order to provide answers:

    • How should I classify my IT costs? What are the standard categories you need to have that are meaningful to folks crunching the corporate numbers? If you're too detailed, it won't make sense to them. If you pick outmoded categories, you'll have to adjust in the future as IT evolves, which makes tracking year-over-year spend patterns harder.
    • What information should I include in my plans and reports? This is about two things. One is about communicating with the finance department in language that reduces back-and-forth and eliminates misinterpretation. The other is about aligning with the categories the finance department uses to track financial data in the general ledger.
    • How do I justify current spend? This is about clarity and transparency. Specifically itemizing spend into categories that are meaningful for your audience does a lot of justification work for you since you don't have to re-explain what everything means.
    • How do I justify a budget increase? In a declining economy, this question may not be appropriate. However, establishing a baseline puts you in a better position to discuss spend requirements based on past performance and to focus the conversation.

    Exactly how is IT spending all that money we give them?

    Example
    Asset Class % IT Spend
    Workforce 42.72%
    Software - Cloud 9.26%
    Software - On Prem 13.61%
    Hardware - Cloud 0.59%
    Hardware - On Prem 15.68%
    Contract Services 18.14%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CIO: IT operations management perspective

    As the CIO role was adopted, IT spend was viewed from the IT operations management perspective. Optimizing the IT delivery model is a critical step to reducing time to provision services. For the IT leader, the questions they need to ask themselves are:

    • What's the impact of cloud adoption on speed of delivery? Leveraging a SaaS solution can reduce time to deployment as well as increase your ability to scale; however, integration with other functionality will still be a challenge that will incur costs.
    • Where can I improve spend efficiency? This is about optimizing spend in your IT delivery model. What service levels does the business require and what's the most cost-effective way to meet those levels without incurring significant technical debt?
    • Is my support model optimized? By reviewing where support staff are focused and which services are using most of your resources, you can investigate underlying drivers of your staffing requirements. If staff costs in support of a business function are high, perhaps the portfolio of applications needs to be reviewed.
    • How does our spend compare to others? Benchmarking against peers is a useful input, but reflects common practice, not best practice. For example, if you need to invest in IT security, your entire industry is lagging on this front, and you happen to be doing slightly better than most, then bringing forth this benchmark won't help you make the case. Starting with year-over-year internal benchmarking is essential - establish your categories, establish your baseline, and track it consistently.

    Does the amount we spend on each IT service make sense?

    Example
    Service Area % IT Spend
    App Development 9.06%
    App Maintenance 30.36%
    Hosting/Network 25.39%
    End User 18.59%
    Data & BI 3.58%
    Security & Risk 5.21%
    IT Management 7.82%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CXO: Business unit perspective

    As business requests have increased, so too has the importance of the business unit perspective. Each business function has a unique mandate to fulfill in the organization and also competes with other business functions for IT resources. By understanding business consumption of IT, organizations can bring transparency and drive a different dialog with their business partners. Every IT leader should find out the answers to these questions:

    • Which business units consume the most IT resources? By understanding consumption of IT by business function, IT organizations can clearly articulate which business units are getting the highest share of IT resources. This will bring much needed clarity when it comes to IT spend prioritization and investment.
    • Which business units are underserved by IT? By providing full transparency into where all IT spend is consumed, organizations can determine if certain business functions may need increased attention in an upcoming budget cycle. Knowing which levers to pull is critical in aligning IT activities with delivering business value.
    • How do I best communicate spend data internally? Different audiences need information presented to them differently. This is not just about the language - it's also about the frequency, format, and channel you use. Ask your audiences directly what methods of communication stand the best chance of you being seen and heard.
    • Where do I need better business sponsorship for IT projects? If a lot of IT spend is going toward one or two business units, the leaders of those units need to be active sponsors of IT projects and associated spend that will benefit all users.

    Why doesn't my business unit get more support from IT?

    Example
    Business Function % IT Spend
    HR Department 6.16%
    Finance Department 15.15%
    IT Department 10.69%
    Business Function 1 23.80%
    Business Function 2 10.20%
    Business Function 3 6.80%
    Business Function 4 27.20%
    Source: Info-Tech IT Spend & Staffing Studies, 2022.

    CEO: Strategic vs. operations perspective

    With a business view now available, evaluating IT spend from a strategic standpoint is critical. Simply put, how much is being spent keeping the lights on (KTLO) in the organization versus supporting business or organizational growth versus net-new business innovations? This view is not about what IT costs but rather how it is being prioritized to drive revenue, operating margin, or market share. Here are the questions IT leaders should be asking themselves along with the organization's executive leadership and the CEO:

    • Why is KTLO spend so high? This question is a good gauge of where the line is drawn between operations and strategy. Many IT departments want to reduce time spent on maintenance and redeploy resource investment toward strategic projects. This reallocation must include retiring or eliminating technologies to free up funds.
    • What should our operational spend priorities be? Maintenance and basic operations aren't going anywhere. The issue is what is necessary and what could be done more wisely. Are you throwing good money after bad on a high-maintenance legacy system?
    • Which projects and investments should we prioritize? The answer to this question should tightly align with business strategic goals and account for the lion's share of growth and innovation spend.
    • Are we spending enough on innovative initiatives? This is the ultimate dialogue between business partners, the CEO, and IT that needs to take place, yet often doesn't.

    I know what IT costs us, but what is it really worth?

    Example
    Focus Area % IT Spend
    KTLO 89.16%
    Grow 7.18%
    Innovate 3.66%
    Info-Tech IT Spend Studies, 2022.

    Be clear about where you want your IT spend transparency journey to take you in real life

    Transparent IT spend data will allow you to have conversations you couldn't have before. Consider this example of how telling an IT spend story could evolve.

    I want to ...
    Analyze the impact of the cloud on IT operating expenditure to update finance's expectations of a realistic IT CapEx/OpEx ratio now and into the future.

    To address the problem of ...

    • Many of our key software vendors have eliminated on-premises products and only offer software as an OpEx service.
    • Assumptions that modern IT solutions are largely on-premises and can be treated as capitalizable assets are out-of-date and don't reflect IT financial realities.

    And will use transparency to ...

    • Provide the CFO with specific, accurate, and annotated OpEx by product/service and vendor for all cloud-based and on-premises solutions.
    • Facilitate a realistic calculation of CapEx/OpEx distribution based on actuals, as well as let us develop defendable projections of OpEx into the future based on typical annual service fee increases and anticipated growth in the number of users/licenses.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Duration: One hour

    1. Consider the problems or issues commonly voiced by the business about IT, as well as your own ongoing challenges in communicating with stakeholders. Document these problems/issues as questions or statements as spoken by a person. To help structure your brainstorming, consider these general process domains and examples:
      1. Spend tracking and reporting. E.g. Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx.
      2. Service levels and business continuity. E.g. Why do we need to hire more service desk staff? There are more of them in IT than any other role.
      3. Project and operations resourcing. E.g. Why can't IT just buy this new app we want? It's not very expensive.
      4. Strategy and innovation. E.g. Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us.
    2. For each problem/issue noted, identify:
      1. The source(s) of the question/concern (e.g. CEO, CFO, CXO, CIO).
      2. The financial process involved (e.g. accurate costing, verification of costs, building a business case to invest).
    3. For each problem/issue, identify a broader project-style initiative where having transparent IT spend data is a valuable input. One initiative may apply to multiple problems/issues. For each initiative:
      1. Give it a working title.
      2. State the goal for the initiative with reference to ITFM aspirations.
      3. Identify key stakeholders (these will likely overlap with the problem/issue source).
      4. Set general time frames for resolution.

    Document your outputs on the slide immediately following the instruction slides for this exercise. Examples are included.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Input Output
    • Organizational knowledge
    • List of the potential uses and objectives of transparent IT spend and staffing data
    Materials Participants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    ITFM initiatives that leverage transparency

    Problem/Issue Statement Source/ Stakeholder Associated ITFM Process Potential Initiative Initiative Goal Time Frame
    "Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx." CFO IT spend categorization and reporting. Analyze the impact of the cloud on IT operating expenditure. To update finance's expectations of a realistic IT CapEx/OpEx ratio. <12 months
    "Why do we need to hire more service desk staff? There are more of them in IT than any other role." CFO, VP of HR Business case for hiring IT staff. Document ongoing IT support requirements for proposed ERP platform migration project. To ensure sufficient resources for an anticipated increase in service desk tickets due to implementation of a new ERP system. 1-3 months
    "Why can't IT just buy this new app we want? It's not very expensive." CEO, all CXOs/VPs Total cost of technology ownership. Develop a mechanism to review the lifecycle impact on IT of proposed technology purchases. To determine if functionality of new tool already exists in the org. and the total cost of ownership of a new app. <6 months
    "Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us." CEO, CFO, VP of Production IT service costing. Develop an organizational business intelligence strategy. To create a comprehensive plan for evolving BI capability in the organization and transferring report development to users. Select a department for pilot. <12 months

    Your organization's governance culture will affect how you approach transparency

    Know your governance culture Lower Governance
    • Few regulations.
    • Financial reporting is largely internal.
    • Change is frequent and rapid.
    • Informal or nonexistent mechanisms and structures.
    • Data sharing behavior driven by competitive concerns.
    Higher Governance
    • Many regulations.
    • Stringent and regular external reporting requirements.
    • Change is limited and/or slow.
    • Defined and established mechanisms and structures.
    • Data sharing behavior driven by regulatory concerns.
    Determine impact on opportunities How does your governance culture impact IT spend transparency opportunities?
    Resistance to formality and bureaucracy Resistance to change and uncertainty
    Set expectations and approach You have plenty of room to implement transparency rigor within the confines of IT, but getting others to give you the time and attention you want will be a challenge. One-on-one, informal relationship building to create goodwill and dialogue is needed before putting forth recommendations or numbers. Many existing procedures must be accommodated and respected. While you can benefit by working with preexisting mechanisms and touchpoints, expect any changes you want to make to things like IT cost categories or CapEx/OpEx ratios to require a lot of time, meetings, and case-making.

    IT's current maturity around ITFM practice will also affect your approach to transparency

    Know your ITFM maturity level Lower ITFM Maturity
    • No/few formal policies, standards, or procedures exist.
    • There is little/no formal education or experience within IT around budget, costing, charging, or accounting practices.
    • Financial reporting is sporadic and inconsistent in its contents.
    • Business cases are rarely used in decision-making.
    • Financial data is neither reliable nor readily available.
    Higher ITFM Maturity
    • Formal policies, standards, and procedures are enforced organization-wide for all financial management activities.
    • Formally-trained accountants are embedded within IT.
    • Financial reporting is regular, scheduled, and defined.
    • Business cases are leveraged in most decision-making activities.
    • Financial data is governed, centralized, and current.
    Determine stakeholders' financial literacy How does your degree of ITFM maturity impact IT spend transparency opportunities?
    Improve your own financial literacy first Determine stakeholders' financial literacy
    Set expectations and approach Brush up on core financial management and accounting concepts before taking the discussion beyond IT's walls. Do start mapping your costs, but just know how to communicate what the data is saying before sharing it. Not everyone will be at your level, familiar with ITFM language and concepts, or focused on the same things you are. Gauge where your audience is at so you can prepare for meaningful dialogue.

    1.2 Assess your readiness to tackle IT spend transparency

    Duration: One hour

    Note: This assessment is general in nature. It's intended to help you identify and prepare for potential challenges in your IT spend and staffing transparency effort.

    1. Rate your agreement with the "Data & Information" and "Experience, Expertise, & Support" statements listed on the slide immediately following the two instruction slides for this exercise. For each statement, indicate the extent to which you agree or disagree, where:
      1. 1 = Strongly disagree
      2. 2 = Disagree
      3. 3 = Neither agree nor disagree
      4. 4 = Agree
      5. 5 = Strongly agree
    2. Add up your numerical scores for all statements, where the highest possible score is 65.
    3. Assess your general readiness against the following guidelines:
      1. 50-65: Ready. The transparency exercise will involve work, but should be straightforward since you have the data, skills, tools, processes, and support to do it.
      2. 40-49: Ready, with caveats. The transparency exercise is doable but will require some preparatory legwork and investigation on your part around data sourcing, organization, and interpretation.
      3. 30-39: Challenged. The transparency exercise will present some obstacles. Expect to encounter data gaps, inconsistencies, errors, roadblocks, and frustrations that will need to be resolved.
      4. Less than 30: Not ready. You don't have the data, skills, tools, processes, and/or support to do the data transparency exercise. Take time to develop a stronger foundation of financial literacy and governance before tackling it.

    Document your outputs on the slide immediately following the two instruction slides for this exercise.

    1.2 Assess your readiness to tackle IT spend transparency

    InputOutput
    • Organizational knowledge
    • Estimation of IT spend and staffing transparency effort
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    IT spend transparency readiness assessment

    Data & Information
    Statement Rating
    We know how to access all IT department spend records.
    We know how to access all non-IT-department technology spend records.
    We know how to access all IT vendor/contractor agreements.
    We know how to access data about our IT staff costs and allocation, such as organizational charts and salaries/benefits.
    Our financial and staffing data is up-to-date.
    Our financial and staffing data are labeled, described, and organized so that we know what they're referring to.
    Our financial and staffing data are in a format that we can easily manipulate (e.g. export, copy and paste, perform calculations).
    Experience, Expertise, & Support
    Statement Rating
    We have sufficient expertise within the IT department to navigate and accurately interpret financial records.
    We have reasonable access to expertise/resources in our finance department to support us in an IT spend transparency exercise.
    We can allocate sufficient time (about 40 hours) and resources in the near term to do an IT spend transparency exercise.
    We have current accountabilities to track and internally report financial information to others on at least a monthly basis.
    There are existing financial policies, procedures, and standards in the organization with which we must closely adhere and comply.
    We have had the experience of participating in, or responding to the results of, an internal or external audit.

    Rating scale:
    1 = Strongly Disagree; 2 = Disagree; 3 = Neither agree nor disagree; 4 = Agree; 5 = Strongly agree
    Assessment scale:
    Less than 30 = Not ready; 30-39 = Challenged; 40-49 = Ready with caveats; 50-65 = Ready

    Take a closer look at the statements you rated 1, 2, or 3. These will be areas of challenge no matter what your total score on the assessment scale.

    Phase 1: Know your objectives

    Achievement summary

    You've now completed the first two steps on your IT spend transparency journey. You have:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assessed your readiness to tackle the exercise and know how much work you'll need to do in order to do it well.

    "Mapping to a transparency model is labor intensive. You can do it once and never revisit it again, but we would never advise that. What it does is play well into an IT financial management maturity roadmap."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Phase 2

    Gather Required Data

    This phase will walk you through the following activities:

    • Gather, clean, and organize your data
    • Build your industry-specific business views

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 2: Gather required data

    Finish your preparation.

    You're now ready to do the final preparation for your IT spend and staffing transparency journey. In this phase you will:

    • Gather your IT spend and staffing data and information.
    • Clean and organize your data to streamline mapping.
    • Identify your baseline data points.

    "Some feel like they don't have all the data, so they give up. Don't. Every data point counts."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Your IT spend transparency efforts are only as good as the quality of your inputs

    Aim for a comprehensive, complete, and accurate set of data and information.

    Diagram of comprehensive, complete, and accurate set of data and information

    Start by understanding what's included in technology spend

    Info-Tech's ITFM Technology Inventory

    In scope:

    • All network, telecom, and data center equipment.
    • All end-user productivity software and devices (e.g. laptops, peripheral devices, cell phones).
    • Information security.
    • All acquisition, development, maintenance, and management of business and operations software.
    • All systems used for the storage and management of business assets, data, records, and information.
    • All managed IT services.
    • Third-party consulting services.
    • All identifiable spend from the business for the above.

    Expand your thinking: Total tech spend goes beyond what's under IT's operational umbrella

    "Technology" means all technology in the organization regardless of where it lives, who bought it, who owns it, who runs it, or who uses it.

    IT may have low or no visibility into technologies that exist in the broader business environment beyond IT. Accept that you won't gain 100% visibility right now. However, do get started and be persistent.

    Where to look for non-IT technology ...

    • Highly specialized business functions - niche tools that are probably used by only a few people.
    • Power users and the "underserved" - cloud-based workflow, communication, and productivity tools they got on their own.
    • Operational technology - network-connected industrial, building, or physical security sensors and control systems.
    • Recently acquired/merged entities - inherited software.

    Who might get you what you need ...

    • Business unit and team leaders - identification of what they use and copies of their spend records and/or contracts.
    • Finance - a report of the "software" expenditure category to spot unrecognized technologies and their owners.
    • Vendors - copies of contracts if not forthcoming internally.
    • Your service desk - informal knowledge gained about unknown technologies at play in the course of doing their job.

    The IT spend and staffing transparency exercise is an opportunity to kick-start a technology discovery process that will give you and the business a true picture of your technology profile, use, and spend.

    Seek out data at the right level of granularity with the right supporting information

    Key data and information to seek out:

    • Credits applied to appropriate debits that show net expense, or detailed descriptions of credits with no matching debit.
    • Cash-based accounting (not accrual accounting). If accrual, will need to determine how to simplify the data for your uses.
    • Vendor names, asset classes, descriptors, and departments.
    • A total spend amount (CapEx + OpEx) that:
      • Aligns with the spend period.
      • Passes your gut check for total IT spend.
      • Includes annual amounts for multi-year contracts (e.g. one year of a three-year Microsoft enterprise agreement).
      • Includes technology spend from the business (e.g. OT that IT supports).
    • Insights on large projects.
    • Consolidated recurring payments, salaries and benefits, and other small expenses.

    Look for these data descriptors in your files:

    • Cost center/accounting unit
    • Cost center/department description
    • GL ACCT
    • CL account description
    • Activity description
    • Status
    • Program/business function/project description
    • Accounting period
    • Transaction amount
    • Vendor/vendor name
    • Product/product name

    Avoid data that's hard to use or problematic as it will slow you down and bring limited benefits

    Spend data that's out of scope:

    • Depreciation/amortization.
    • Gain or loss of asset write-off.
    • Physical security (e.g. key cards, cameras, motion sensors, floodlights).
    • Printer consumables costs.
    • Heating and cooling costs (for data centers).

    Challenging data formats:

    • Large raw data files with limited or no descriptors.
    • Major accounts (hardware and software) combined in the same line item.
    • Line items (especially software) with no vendor reference information.
    • PDF files or screenshots that you can't extract data from readily. Use Excel or CSV files whenever possible.

    Getting at the data you need can be easy or hard – it all depends

    This is where your governance culture and ITFM maturity start to come into play.

    Data source Potential data and information What to expect
    IT Current/past budget, vendor agreements, IT project records, discretionary spend, number of IT employees. The rigor of your ITFM practice and centralization of data and documents will affect how straightforward this is.
    Finance General ledger, cash and income statements, contractor payments and other accounts payable, general revenue. Secure their expertise early. Let them know what you're trying to do and what you need. They may be willing to prepare data for you in the format you need and help you decipher records.
    Purchasing List of vendors/suppliers, vendor agreements, purchase invoices. Purchasing often has more descriptive information about vendors than finance. They can also point you to tech spend in other departments that you didn't know about.
    Human Resources Organizational chart, staff salaries and benefits, number of employees overall and by department. Data about benefits costs is something you're not likely to have, and there's only one place you can reliably get it.
    Other Business Units Non-IT technology spend vendor agreements and purchase invoices, number of department employees. Other departments may be tracking spend in an entirely different way than you. Be prepared to dig and reconcile.

    There may be some data or information you can't get without a Herculean effort. Don't worry about it too much - these items are usually relatively minor and won't significantly affect the overall picture.

    Commit to finding out what you don't know

    Many IT leaders don't have visibility into other departments' technology spend. In some cases, the fact that spend is even happening may be a complete surprise.

    Near-term visibility fix ...

    • Ask your finance department for a report on all technology-related spend categories. "Software" is a broad category that finance departments tend to track. Scan the report for items that don't look familiar and confirm the originating department or approver.
    • Check in with the procurement office. See what technology-related contracts they have on record and which departments "own" them. Get copies of those contracts if possible.
    • Contact individual department heads or technology spend approvers. Devise your contact shortlist based on what you already know or learned from finance and procurement. Position your outreach as a discovery process that supports your transparency effort. Avoid coming across as though you're judging their spend or planning to take over their technologies.

    Long-term visibility fix ...

    • Develop your relationships with other business unit leaders. This will help open the lines of communication permanently.
    • Establish a cross-functional central technology office or group. The main task of this unit is to set and manage technology standards organization-wide, including standards for tracking and documenting technology costs and asset lifecycle factors.
    • Ensure IT is formally involved in all technology spend proposals and plans. This gives IT the opportunity to assess them for security compliance, IT network/system interoperability, manageability, and IT support requirements prior to purchase.
    • Ensure IT is notified of all technology financial transactions. This includes contracts, invoices, and payments for all one-time purchases, subscription fees, and maintenance costs.

    Finally, note any potential anomalies in the IT spend period you're looking at

    No two years have the exact same spend patterns. One-time spend for a big capital project, for example, can dramatically alter your overall spend landscape.

    Look for the following anomalies:

    • New or ongoing capital implementations or projects that span more than one fiscal year.
    • Completed projects that have recently transitioned, or are transitioning, from CapEx (decreasing) to OpEx (increasing).
    • A major internal reorganization or merger, acquisition, or divestiture event.
    • Crises, disasters, or other rare emergencies.
    • Changes in IT funding sources (e.g. new or expiring grants).

    These anomalies often explain why IT spend is unusually high in certain areas. There's often a good business reason.

    In many cases, doing a separate spend transparency exercise for these anomalous projects or events can isolate their costs from other spend so their true nature and impact can be better understood.

    2.1 Gather your input data and information

    Duration: Variable

    1. Develop a complete list of the spending and staffing data and information you need to complete the transparency mapping exercise. For each required item, note the following:
      1. Description of data needed (i.e. type, timeframe, and format).
      2. Ideal timeframe or deadline for receipt.
      3. Probable source(s) and contact(s).
      4. Additional facilitation/support required.
      5. Person on your transparency team responsible for obtaining it.
    2. Set up a data and information repository to store all files as soon as they're received. Ideally, you'll want all data/information files to be in an electronic format so that everything can be stored in one place. Avoid paper documents if possible.
    3. Conduct your outreach to obtain the input data and information on your list. This could include delegating it to a subordinate, sending emails, making phone calls, booking meetings, and so on.
    4. Review the data and information received to confirm that it's the right type of data, at the correct level of granularity, for the right timeframe, in a usable format, and is generally accurate.
    5. Enter documentation about your data and information sources in tab "1. Data & Information Sources" in the IT Spend & Staffing Transparency Workbook to reflect what you needed and where you got it in order to make the discovery process easier in the future.
    6. In the same tab in the IT Spend & Staffing Transparency Workbook, document any significant events that occurred that directly or indirectly impacted the selected year's spend values. These could include mergers/acquisitions/divestitures, major reorganizations or changes in leadership, significant shifts in product offerings or strategic direction, large capital projects, legal/regulatory changes, natural disasters, or changes in the economy.

    Download the IT Spend & Staffing Transparency Workbook

    2.1 Gather your input data and information

    InputOutput
    • Knowledge of potential data and information sources
    • List of data and information required to complete the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Tidy up your data before beginning any spend mapping

    Most organizations aren't immaculate in their tech spend documentation and tracking practices. This creates data rife with gaps that lives in hard-to-use formats.

    The more preparation you do to approach the "good data" intersection point in the diagram below, the easier your mapping effort will be and the more useful and insightful your final findings.

    Venn diagram of good data

    Make your data "un-unique" to reduce the number of line items and make it manageable

    There's a good chance that the IT spend data you've received is in the form of tens of thousands of unique line items. Use the checklist below to help you roll it up.

    Warning: Never overwrite your original data. Insert new columns/rows and put your alternate information in these instead.

    Step 1: Standardize vendor names

    • Start with known large vendors.
    • Select a standard name for the vendor.
    • Brainstorm possible variations on the vendor name, including abbreviations and shortforms.
    • Search for the vendor in your data and document the new standardized vendor name in the appropriate row.
    • Repeat the above for all vendors.
    • Sort the new vendor name column from A-Z. Look for instances where names remain unique or are missing entirely. Reconcile if needed and fill in missing data.

    Step 2: Consolidate vendor spend

    • Sort the new vendor name column from A-Z. Start with vendors that have the most line items.
    • Add together related spend items from a given vendor. Create a new row for the consolidated spend item and flag it as consolidated. Keep the following item types in separate rows:
      • Hardware vs. software spend for the same vendor.
      • Cloud vs. on-premises spend for the same vendor.
    • Repeat the above for all vendors.
    • Consider breaking out separate rows for overly consolidated line items that contain too many different types of IT spend.

    2.2 Clean and organize your data

    Duration: Variable

    1. Check to ensure that you have all data and information required to conduct the IT spend transparency exercise.
    2. Conduct an initial scan to assess the data's current state of hygiene and overall usability. Flag anything of concern and follow up with the data/information provider to fix or reconcile any issues.
    3. Normalize your data to make it easier to work with. This includes selecting data format standards and changing anything that doesn't conform to those standards. This includes items such as date conventions, currencies, and so on.
    4. Standardize product and vendor naming/references throughout to enable searching, sorting, and grouping. For example, Microsoft Office may be variably referred to as "Microsoft", "Office", "Office 365", and "Office365" throughout your data. Pick one descriptor for the product/vendor and replace all related references with that descriptor.
    5. Consolidate and aggregate your data. Ideally, the data you received from your sources has already been simplified; however, you may need to further organize it to reduce the number of individual line items to a more manageable number. The transparency exercise uses relatively high-level categories, so combine data sets and aggregate where feasible without losing appropriate granularity.
    6. Archive any original copies of files that have been modified or replaced with consolidated/aggregated versions for future reference if needed.

    2.2 Clean and organize your data

    InputOutput
    • Data and information files
    • A normalized set of data and information for completing the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Select IT spend "buckets" for the CXO Business View as your final preparatory step

    Every organization has both industry-agnostic and industry-specific lines of business that are the direct beneficiaries of IT spend.

    Common shared business functions:

    • Human resources.
    • Finance and accounting.
    • Sales/customer service.
    • Marketing and advertising.
    • Legal services and regulatory compliance.
    • Information technology.

    It may seem odd to see IT on the business functions list since the purpose of this exercise is to map IT spend. For business view purposes, IT spend refers to what IT spends on itself to support its own internal operations.

    Examples of industry-specific functions:

    • Manufacturing: Product research and development; production operations; supply chain management.
    • Retail banking: Core banking services; loan, mortgage and credit services; investment and wealth management services.
    • Hospitals: Patient intake and admissions; patient diagnosis; patient treatment; patient recovery and ongoing care.
    • Insurance: Actuarial analysis; policy creation; underwriting; claims processing.

    See the Appendix of this blueprint for definitions of shared business functions plus sample industry-specific business view categories.

    Define your CXO Business View categories to set yourself up well for future ITFM analyses

    The CXO Business View buckets you set up today are tools you can and should reuse in your overall approach to ITFM governance. Spend some time to get them right.

    Stay high-level

    Getting too granular invites administrative headaches and overhead. Keep things high-level and general:

    • Limit the number of direct stakeholders represented: This will reduce communication overhead and ensure you're dealing only with people who have real decision-making authority.
    • Look to your org. chart: Note the departments or business units listed across the top of the chart that have one executive or top-ranking senior manager accountable for them. These business units often translate as-is into a tidy CXO Business View category.

    Limit your number of buckets

    Tracking IT spend across more than 8-10 shared and industry-specific business categories is impractical.

    • Simplify your options: Too many buckets gets confusing and invites time-wasting doubt.
    • Reduce future rework: Business structures will change, which means recategorizing spend data. Using a forklift is a lot easier than using tweezers.
    • Stick to major business units: Create separate "Business Other" and "Industry Other" catch-all categories to track IT spend for smaller functions that fall outside of major business unit structures.

    Stay high-level with the CXO Business View

    Be clear on what's in and what's out of your categories to keep everyone on the same page

    Clear lines of demarcation between CXO Business View categories reduce confusion, doubt, and wheel-reinvention when deciding where to allocate IT spend.

    Ensure clear boundaries

    Mutual exclusivity is key when defining categories in any taxonomical structure.

    • Avoid overlaps: Each high-level business function category should have few or no core function or process overlaps with another business function category. Aim for clear vertical separation.
    • Be encompassing: When defining a category, list all the business capabilities and sub-functions included in that category. For example, if defining the finance and accounting function, remember to specify its less obvious accountabilities, like enterprise asset management if appropriate.

    Identify exclusions

    Listing what's out can be just as informative and clarifying as listing what's in.

    • Beware odd bedfellows: Minor business groups are often tucked under a bigger organizational entity even though the two use different processes and technologies. Separate them if appropriate and state this exclusion in the bigger entity's definition.
    • Draw a line: If a process crosses business function categories, state which sub-steps are out of scope.
    • Document your decisions: This helps ensure you allocate IT spend the same way every time.

    Clear lines of demarcation between CXO Business View categories

    2.3 Build your industry-specific business views

    Duration: Two hours

    1. Confirm your list of high-level shared business services (human resources, finance and accounting, etc.) as provided in Info-Tech's IT Spend & Staffing Transparency Workbook. Rename them if needed to match the nomenclature used in your organization.
    2. Set and define your additional list of high-level, industry-specific business categories that are unique to or define your industry. See the slides immediately following this exercise for tips on developing these categories, as well as the appendix of this blueprint for some examples of industry-specific categories and definitions.
    3. Create "Business Other" and "Industry Other" categories to capture minor groups and activities supported by IT that fall beyond the major shared and industry-specific business functions you've shortlisted. Briefly note the business groups/activities that fall under these categories.
    4. Edit/enter your shared and industry-specific business function categories and their definitions on tab "2. Business View Definitions" in the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    2.3 Build your industry-specific business views

    InputOutput
    • Knowledge about your organization's structure and business functions/units
    • A list of major shared business functions and industry-specific business functions/capabilities that are defining of your industry
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Lock in key pieces of baseline data

    Calculating core IT spend metrics relies on a few key numbers. Settle these first based on known data before diving into detailed mapping.

    These baseline data will allow you to calculate high-level metrics like IT spend as a percent of revenue and year-over-year percent change in IT spend, as well as more granular metrics like IT staff spend per employee for a specific IT service.

    Baseline data checklist

    • IT spend analysis period (date range).
    • Currency used.
    • Organizational revenue.
    • Organizational OpEx.
    • Total current year IT spend.
    • Total current year IT CapEx and IT OpEx.
    • Total previous-year IT spend.
    • Total projected next-year IT spend.
    • Number of organizational employees.
    • Number of IT employees.

    You may have discovered some things you didn't know about during the mapping process. Revisit your baseline data when your mapping is complete and make adjustments where needed.

    2.4 Enter your baseline data

    Duration: One hour

    1. Navigate to tab "3. Baseline Data" in the IT Spend & Staffing Transparency Workbook. Using the data you've gathered, enter the following information to set your baseline data for future calculations:
      1. Your IT spend analysis date range. This can be concrete dates, a fiscal year abbreviation, etc.
      2. The currency you will be using throughout the workbook. It's important that all monetary values entered are in the same currency.
      3. Your organization's total revenue and total operating expenditure (OpEx) for the spend analysis data range you've specified. Revenue includes all sources of funding/income.
      4. Your total IT OpEx and total IT capital expenditure (CapEx). The workbook will add your OpEx and CapEx values for you to arrive at a total IT spend value.
      5. Total IT spend for the year prior to the current IT spend analysis date range, as well as anticipated total IT spend for the year following.
      6. Total IT staff spend (salaries, benefits, training, travel, and fees for employees and contractors in a staff augmentation role) for the spend analysis date range.
      7. The total number of organizational employees and total number of IT employees. These are typically full-time equivalent (FTE) values and include contractors in a staff augmentation role.
    2. Make note of any issues that have influenced the values you entered.

    Download the IT Spend & Staffing Transparency Workbook

    2.4 Enter your baseline data

    InputOutput
    • Cleaned and organized spend and staffing data and information
    • Finalized baseline data for deriving spend metrics
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead

    Phase 2: Gather required data

    Achievement summary

    You've now completed all preparation steps for your IT spend transparency journey. You have:

    • Gathered your IT spend and staffing data and information.
    • Cleaned and organized your data to streamline mapping.
    • Identified your baseline data points.

    "As an IT person, you're not speaking the same language at all as the accounting department. There's almost always a session of education that's required first."
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Phase 3

    Map Your IT Staff Spend

    This phase will walk you through the following activities:

    • Mapping your IT staff spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 3: Map your IT staff spend

    Allocate your workforce costs across the four views.

    Now it's time to tackle the first part of your hands-on spend mapping effort, namely IT staff spend. In this phase you will:

    • Allocate your IT staff spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure that it's accurate and complete.

    "We're working towards the truth. We know the answer, but it's how to get it. Take Data & BI. For some organizations, four FTEs is too many. Are these people really doing Data & BI? Look at the big picture and see if something's missing."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Staffing costs comprise a significant percent of OpEx

    Staffing is the first thing that comes to mind when it comes to spend. Intentionally bring it out of the shadows to promote constructive conversations.

    • Total staffing costs stand out from other IT spend line items. This is because they're comparatively large, often comprising 30-50% of total IT costs.
    • Standing out comes at a price. Staff costs are where business leadership looks first if they want cuts. If IT leadership doesn't bring forward ways to cut staffing costs as part of a broader cost-cutting mandate, it will be seen as ignorant of business priorities at best and outright insubordinate at worst.
    • Staffing costs as a percentage of total costs vary between IT functions. On the business side, there's a lack of understanding about what functions IT staff serve and support and the real-world costs of obtaining (and keeping) needed IT skills. For example, IT security staffing costs as a percentage of that service's total OpEx will likely be higher than service desk staff given the scarcity and higher market value of the former. Trimming 20% of IT staffing costs from the IT security function has much different implications than cutting 20% of service desk staffing costs.

    Staffing spend transparency can do a lot to change the conversation from one where the business thinks that IT management is just being self-protecting to one where they know that IT management is actually protecting the business.

    Demonstrating the legitimate reasons behind IT staff spend is critical in both rationalizing past and current spend decisions as well as informing future decisions.

    Info-Tech recommends that you map your IT staffing costs before all other IT costs

    Mapping your IT staffing spend first is a good idea because:

    • Staffing costs are usually documented more clearly, simply, and accurately than other IT costs.
    • Gathering all your IT staffing data is usually a one-stop shop (i.e. the HR department).
    • The comparative straightforwardness of mapping staff costs compared to other IT costs gives you the opportunity to:
      • Get familiar with the ITFM Cost Model views and categories.
      • Get the hang of the hands-on mapping process.
      • Determine the kinds of speed bumps and questions you'll encounter down the road when you tackle the more complicated mappings.

    "Some companies will say software developer. Others say application development specialist or engineer. What are these things? You have to have conversations ..."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: "Workforce" categories defined

    For the staffing spend mapping exercise, we're defining the Workforce category here and will offer Vendor category definitions in the vendor spend mapping exercise later.

    Workforce: The total costs of employing labor in the IT organization. This includes all salary/wages, benefits, travel/training, dues and memberships, and contractor pay. Managed services expenses associated with an external service provider should be excluded from Workforce and included in Contract Services.

    Employee: A person employed by the IT organization on a permanent full-time or part-time basis. Costs include salary, benefits, training, travel and expenses, and professional dues and memberships. These relationships are managed under human resources and the bulk of spend transactions via payroll processes.

    Contractor: A person serving in a non-permanent staff augmentation role. These relationships are typically managed under procurement or finance and spend transactions handled via invoicing and accounts payable processes. Labor costs associated with an external service provider are excluded.

    CFO Expense View

    Mapping your IT staff across the CFO Expense View is relatively cut-and-dried

    The CFO Expense View is the most straightforward in terms of mapping IT staffing costs as it's made up of only two main categories: Workforce and Vendor.

    In the CFO Expense View, all IT spend on staffing is allocated to the Workforce bucket under either Employee or Contractor.

    What constitutes a Contractor can be confusing given increased use of long-term labor augmentation strategies, so being absolutely clear about this is imperative. For spend mapping purposes:

    • Any staff members under independent contract where individuals are paid directly by your organization as opposed to indirectly via a service provider (e.g. staffing firm) are considered Workforce > Contractor.
    • Any circumstances where you pay a third-party organization for labor is slotted under Vendor > Contract Services.

    CFO Expense View

    Understand the CIO Service View: Categories defined

    We've provided definitions for the major categories that require clarification.

    Applications Development: Purchase/development, testing, and deployment of application projects. Includes internally developed or packaged solutions.

    Applications Maintenance: Software maintenance fees or maintaining current application functionality along with minor enhancements.

    Hosting & Networks: Compute, storage, and network functionality for running/hosting applications and providing communications/connectivity for the organization.

    End User: Procurement, provision, management, and maintenance (break/fix) of end-user devices (desktop, laptops, tablets, peripherals, and phones) as well as purchase/support and use of productivity software on these devices. The IT service desk is included here as well.

    PPM & Projects: People, processes, and technologies dedicated to the management of IT projects and the IT project portfolio as a whole.

    Data & BI: Strategy and oversight of the technology used to support data warehousing, business intelligence, and analytics.

    IT Management: Senior IT leadership, IT finance, IT strategy and governance, enterprise architecture, process management, vendor management, talent management, and program and portfolio management oversight.

    Security: Information security strategy and oversight, practices, procedures, compliance, and risk mitigation to protect and prevent unauthorized access to organizational data and technology assets.

    CIO Service View

    Mapping your IT staff across the CIO Service View is a slightly harder exercise

    The complexity of mapping staff across this view depends on how your IT department is organized and the degree of role specialization vs. generalization.

    The CIO Service View mirrors how many IT departments are organized into teams or work groups. However, some partial percentage-based allocations are probably required, especially for smaller IT units with more generalized, cross-functional roles. For example:

    • A systems administrator's costs may need to be allocated 80% to Hosting & Networks and 20% to Security.
    • An app development team lead may spend about 40% of their time doing hands-on Development work and the other 60% on project management (i.e. PPM & Projects).

    Info-Tech has found that allocating staffing costs for Data & BI raises the most doubts as it can be very entangled with Applications and other spend. Do the best you can.

    Understand the CXO Expense View: Categories defined

    Expand shared services and industry function categories as suits your organization.

    Industry Functions: As listed and defined by you for your specific industry.

    Human Resources: IT staff and specific application functionality in support of organizational human resource management.

    Finance & Accounting: IT staff and specific application functionality in support of corporate finance and accounting.

    Shared Services Other: IT staff and specific application functionality in support of all other shared enterprise functions.

    Information Technology: IT staff and specific application functionality in support of IT performing its own internal IT operations functions.

    Industry Other: IT staff and specific application functionality in support of all other industry-specific functions.

    CXO Expense View

    Mapping your IT staff across the CXO Business View warrants the most time

    This view is probably the most difficult as many IT department roles are set up according to lines of IT service, not lines of business. Prepare to do a little math.

    The CXO Expense View also requires percentage-based splitting of role spend, but to a greater extent.

    • Start by mapping staff cost allocations for those roles that are at, or close to, 100% dedicated to a specific business function (if any).
    • For IT roles that support organization-wide or multi-department functions, knowing the percent of employees that work in each relevant business unit and parceling IT staff spend by those same percentages may be easiest. For example, a general systems administrator's costs could be allocated as 4% to HR, 2% to finance, 25% to sales, 20% to production operations, and so on based on the percentage of employees in each of the supported business units.

    Take a minute to figure out how you plan to map IT's indirect CXO Business View costs

    Direct IT costs are those that are dedicated to a specific business unit or user group, such a marketing campaign management app, specialized devices used by a specific subset of workers in the field, or a business analyst embedded full-time in a sales organization.

    VS

    Indirect IT costs are pretty much everything else that's shared broadly across the organization and can't be tied to just one stakeholder or user group, such as network infrastructure, the service desk, and office productivity apps. These costs must be fairly and evenly distributed.

    No indirect mapping method is perfect, but here's a suggestion:

    • Take the respective headcount of all business functions sharing the IT resource/service in question.
    • Calculate each business function's staff as a percentage of all organizational staff.
    • Use this same percent of staff to calculate and allocate a business function's indirect staff and indirect vendor costs.

    "There is always a conversation about indirect allocations. There's never been an organization I've heard of or worked for which has been able to allocate every technology cost directly to a business consumption or business unit."
    Monica Braun, ITFM Research Director, Info-Tech Research Group

    Example:

    • A company of 560 employees has six HR staff (about 1.1% of total staff).
    • Network admin staffing costs $143,000, so $1,573 (1.1%) would be allocated to HR.
    • Internet services cost $40,000, so $440 (1.1%) would be allocated to HR.

    Some indirect costs are shared by multiple business functions, but not all. In these cases, exclude non-participating business functions from the total number of organizational employees and re-calculate a new percent of staff for each participating business function.

    Know where you're most likely to encounter direct vs. indirect IT staffing costs

    Info-Tech has found that direct vs. indirect staffing spend is more commonly found in some areas than others. Use this insight to focus your work.

    Direct IT staffing spend

    Definition: Individuals or teams whose total time is formally dedicated to the support of one business unit/function.

    • Data & BI (direct to one non-IT unit)
    • IT Management (direct to IT)
      • Service planning & Architecture
      • Strategy & Governance
      • Financial Management
      • People & Resources

    Hybrid IT staffing spend

    Definition: Teams with a percent of time or entire FTEs formally dedicated to one business unit/function while the remainder of the time or team is generalized.

    • Applications
      • Applications Development
      • Applications Maintenance
    • IT Management
      • PPM & Projects

    Indirect IT staffing spend

    Definition: Individuals or teams whose total time is generalized to the support of multiple or all business units or functions.

    • Infrastructure
      • Hosting & Networks
      • End Users
    • Security

    Indirect staff spend only comes into play in the CXO Business View. Thoroughly map the CIO Service View first and leverage its outcomes to inform your allocations to individual business and industry functions.

    Understand the CEO Innovation View: Categories defined

    Be particularly clear on your understanding of the difference between business growth and business innovation.

    Business Innovation: IT spend/ activities focused on the development of new business capability, new products and services, and/or introduction of existing products/ services into new markets. It does not include expansion or update of existing capabilities.

    Business Growth: IT spend/activities focused on the expansion, scaling, or modernization of an existing business capability, product/service, or market. This is specifically related to growth within a current market.

    Keep the Lights On: IT spend/activities focused on keeping the organization running on a day-to-day basis. This includes all activities used to ensure the smooth operation of business functions and overall business continuity.

    CEO Innovation View

    Important Note

    Info-Tech analysts often skip mapping staff for the CEO Innovation View when delivering the IT Spend & Staffing Benchmarking Service.

    This is because, for many organizations, either most IT staff spend is allocated to Keep the Lights On or any IT staff allocation to Business Growth and Business Innovation activities is untracked, undocumented, and difficult to parse out.

    Mapping your IT staff across the CEO Innovation View is largely straightforward

    Clear divisions between CapEx and OpEx can be your friend when it comes to mapping this view. Focus your efforts on parsing growth vs. innovation.

    • The majority of IT staff costs are OpEx: And the majority of OpEx will land in the Keep the Lights On category. This is a comparatively simple mapping exercise. Know in advance that this will be the largest of the three buckets in the CEO Innovation View by a very wide margin, so don't be surprised if over 90% of IT staffing costs end up here.
    • Most of the remaining IT staff costs will be tied to capital projects and investments: This means that they will land in either Business Growth or Business Innovation, with the majority typically sitting under Business Growth. Again, don't be surprised if the Business Innovation category holds less than 3% of total IT staffing spend.

    Take your IT staff spend mapping to the next level with detailed time and headcount data

    Overlay a broader assessment of your IT staff

    Info-Tech's IT Staffing Assessment diagnostic can expand your view of what's really happening on the staffing front.

    • Learn your true distribution of IT staff across the same IT services listed in the ITFM Cost Model's CIO Service View.
    • Get other metrics such as degrees of seniority, manager span of control, and IT staff perception of their effectiveness.

    Take action

    1. Set it up: Contact your Info-Tech Account Manager and sign your team up to take the diagnostic.
    2. Assess the findings: Review the output report, specifically how your staff says they spend their time versus what your organization chart's been telling you.
    3. Apply the percentages: Use the FTE allocation percentages in the output report to guide how you distribute your staff spend across the CIO Service View.
    4. Expand your analysis: Use your staff's feedback around perceived aids and obstacles to effectiveness in order to inform and defend your recommendations and decisions on how IT funds should be spent.

    Consider these final tips for mapping your IT staffing costs before diving in

    Mapping your IT staffing costs definitely requires some work. However, knowing the common stumbling blocks and being systematic will yield the best results.

    Approach: Be efficient to be effective

    Start with what you know best: Map the CFO Expense View first to plug in information you already have. Next, map the CIO Service View since it's most aligned to your organization chart.

    Keep a list of questions: You'll need to seek clarifications. Note your questions, but don't reach out until you've done a first pass at the mapping - don't annoy people with a barrage of questions.

    Delegate: Your managers and leads have a more accurate view of exactly what their staff do. Consider delegating the CIO Service View and CXO Business View to them or turn the mapping exercise into a series of collaborative leadership team activities.

    Biggest challenge: Role/title ambiguity

    • The Business Analyst role is often vague. These staffers are often jacks-of-all-trades in IT. You probably can't rely on a generic job description to figure out exactly which services and business functions BAs are spending their time on. Plan to ask a lot of questions.
    • Other role titles may be completely inaccurate. Is the word "system" referring to apps, infrastructure, or both? Is the user experience specialist actually a programmer? Is a manager really managing anything? Know your organization's tendencies around meaningful job titling and set your workload expectations accordingly.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. Someone's doing that work - take the time to figure out who.

    3.1 Map your IT staffing costs

    Duration: Variable

    1. Navigate to tab "4. Staff Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter the name of an individual or group to be mapped, their role/title (if an individual), and their total known cost as per your collected data.
    2. Under the CFO Expense View (columns F-G), enter the number of FTEs represented by the individual or group named and their status (i.e. Employee or Contractor).
    3. Under the CIO Service View (columns L-AF), allocate the individual or group's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AI-BA), allocate the individual or group's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BD-BH), allocate the individual or group's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2 to 5 for all other IT staff (as individuals or groups).
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Identifying spend categories that have zero staff spend allocation. Additional percentage allocation splits for certain roles are probably required.
      2. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.
      3. Ensuring your amounts add up to your previously calculated total IT staff spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    3.1 Map your staffing costs

    Input Output
    • Cleaned and organized IT staffing data and information
    • Finalized mapping of IT staff spend across the four views of the ITFM Cost Model
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 3: Map your IT staff spend

    Achievement summary

    You've now completed your IT staff spend mapping. You have:

    • Allocated your IT staff spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "Some want to allocate everybody to IT, but that's not how we do it. [In one CXO Business View mapping], a client allocated all their sand network people to the IT department. At the end of the process, the IT department itself accounted for 20% of total IT spend. We went back and reallocated those indirect staff costs across the business."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Phase 4

    Map Your IT Vendor Spend

    This phase will walk you through the following activities:

    • Mapping your IT vendor spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 4: Map your IT vendor spend

    Allocate your vendor costs across the four views.

    Now you're ready to take on the second part of your spend mapping, namely IT vendor spend. In this phase you will:

    • Allocate your IT vendor spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure it's accurate and complete.

    "[One CIO] said that all technology spend runs through their IT group. But they didn't have hardware in their financial data file - no cellphones or laptops, no network or server expenses. They thought they had everything, but they didn't know what they didn't have. Assume it's out there somewhere."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Tackle the non-staff side of IT spend

    Info-Tech analysts find that mapping the IT vendor spend data is harder because the source data is often scattered and not meaningfully labeled.

    • Be patient and systematic. As with mapping your IT staff spend data, the more organized you are from the outset and the more thoroughly you've prepared your data, the more straightforward the exercise will be.
      • Did you "un-unique" your data? If not, do that now before attempting mapping.
    • Get comfortable with making some assumptions. You need to get through the exercise, so sometimes making a best guess and entering a value is better than diving down a rabbit hole. Your gut is probably right anyway. But only make assumptions around smaller line items that don't have a massive impact on your final numbers. Never assume anything when it comes to big-ticket items.
    • Curb your urge to fix. Some of your buckets will start to get big, while others will barely budge. This is normal ... and interesting! Resist the urge to "balance" staffing spend in a bucket by loading it with apps and hardware for fear that the staffing spend looks too high and will be questioned. This exercise is about how things are, not how they look.

    "A common financial data problem is no vendor names. I've noticed that, even if the vendor name is there, there are no descriptors. You cannot actually tell what type of service it is. Data security? Infrastructure? Networking? Ask yourself 'What did we purchase and what does it do?'"
    - Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: Vendor categories defined

    These are the final definitions for this view. See the previous section for CFO Expense View > Workforce definitions used in the IT staffing cost mapping exercise.

    Vendor: Provider of a good or service in exchange for payment.

    Hardware: Costs of procuring, maintaining, and managing all IT hardware, including end-user devices, data center and networking equipment, cabling, and hybrid appliances for both on-premises and cloud-based providers.

    Software: Costs for all software (applications, database, middleware, utilities, tools) used across the organization. This includes purchase, maintenance, and licensing costs.

    Contract Services: Costs for all third-party services including managed service providers, consultants, and advisory services.

    Cloud: Offsite hosting and delivery of an on-demand software or hardware computing function by a third-party provider, often on a subscription-type basis.

    On-Prem: On-site hosting and delivery of a software or hardware computing function, often requiring upfront purchase cost and subsequent maintenance costs.

    Managed Services: Costs for outsourcing the provision and maintenance of a technical process or function.

    Consulting & Advisory: Costs for the third-party provision of professional or technical advice and expertise.

    CFO Expense View

    Know if a technology is cloud-based or on-premises before mapping

    A technology may be one, the other, or both if multiple versions are in play. Financial records rarely indicate which, but on-premises vs. cloud matters in your planning.

    On-Premises

    • Check your CapEx. Any net-new purchases of software or hardware for the IT spend analysis year in question should appear on the CapEx side of the equation. After the first year of implementation/rollout, all ongoing maintenance and management costs should be found under OpEx.
    • Focus on real in-year costs.
      • Don't try to map depreciation or amortization associated with CapEX. Instead, map any upfront purchase costs that occurred in the relevant IT spend analysis year.
      • Map any OpEX costs incurred from maintenance and management. For multi-year maintenance contracts, apply the percentage of fees paid for the relevant year.

    Cloud

    • Check your OpEx. Cloud services are typically fee-based, which means the costs often come in the form of regularly timed bills akin to a subscription.
    • Differentiate new services from older ones. If the cloud service was initiated during the IT spend analysis year in question, there may be some one-time service setup and initiation fees that were legitimately slotted under CapEx. If the cloud service isn't new, then all costs should be OpEx.

    Vendors are increasingly "retiring" on-premises software products. This means an older version may be on-prem, a newer one cloud, and you may have both in play.

    Mapping built-in data, analytics, and security functions can raise doubts

    With so many apps focused on capturing, manipulating, and protecting data, built-in analytics, reporting, and security functions blur CIO Service View bucket boundaries.

    Applications vs. Data & BI

    • In recent years, much more powerful analysis and report-generation features have been added to core enterprise applications. If analytics and reporting functionality is an extended feature of a database-driven application, such as ERP or CRM, then map it to one of the Applications buckets.
    • If the sole purpose of the application is to store, manipulate, query, analyze, and/or visualize data, then log its costs under Data & BI. These would include technologies such as data warehouses, marts, cubes, and lakes; desktop data visualization tools; enterprise business intelligence platforms; and specialized reporting tools.

    Applications vs. Security

    • A similar conundrum exists for Security. So many tools today have built-in security functionality that cannot be unintegrated from the app they support. Don't even try to isolate native security functionality for spend mapping purposes - map it to Applications.
    • If the tool is a special-purpose, standalone security tool or security platform, then map it to Security. These tools usually sit within, and are used/managed by, IT. They include firewalls; antivirus/anti-malware; intrusion prevention, detection and response; access control and authentication; encryption; and penetration testing and vulnerability assessment.

    Putting spend in the right bucket does matter. However, if uncertainty persists, err on the side of consistency. For most organizations Applications Maintenance does end up being the biggest bucket.

    When mapping the CXO Business View, do the biggest vendors first

    Below is a suggested order of operations to clear through the majority of vendor spend as early as possible in the process.

    1 Sort high to low Sort your list of vendor spend from highest to lowest. Your top 20 vendors should constitute most of the spend.
    2 Map multi-department enterprise apps Flag your top apps vendors that have presence in most or all of your business units. Map these first. These tend to be enterprise-level business apps "owned" by core business functions but used broadly across the organization such as enterprise resource planning (ERP), customer relationship management (CRM), and people management systems.
    3 Map end-user spend Identify top vendors of general end-user technologies like office productivity apps, desktop hardware, and IT service desk tools. Allocate percentages according to your selected indirect spend mapping method.
    4 Map core infrastructure spend Map the behind-the-scenes network, telecom, and data center technologies that underpin IT, plus any infrastructure managed services. Again, apply your selected indirect spend mapping method.
    5 Map business-unit specific technologies This is the spend that's often incurred by just one department. This may also be technology spend that's out in the business, not in IT proper. Map it to the right business function or put it in Business Other or Industry Other if the business function doesn't have its own bucket.
    6 Map the miscellaneous Only smaller spend items likely remain at this point. When in doubt, map them to either Business Other or Industry Other.

    After mapping the CXO Business View, your Other buckets might be getting a bit big

    It's common for the Business Other and Industry Other categories to be quite large, and even the largest. This is okay, but plan to dig deeper and understand why.

    Remember "when in doubt, map to either the Business Other or Industry Other category"? Know what large Other buckets might really be telling you. After your first pass at mapping the CXO Business View, review Business Other and Industry Other if either is more than about 10% of your total spend.
    Diversification: Your organization has a wide array of business functions and/or associated staff that exist outside the core business and industry-specific categories selected. Are there minor business functions that can reasonably be included with the core categories identified? If not, don't force it. Better to keep your core buckets clean and uncomplicated.
    Non-core monolith: There's a significant technology installation outside the core that's associated with a comparatively minor business function. Is there a business function incurring substantial technology spend that should probably be broken out on its own and added to the core? If so, do it. Spend is unlikely to get smaller as the organization grows, so best to shine a light on it now.
    Shadow IT: There's significant technology spend in several areas of the organization that is unowned, unmanaged, or serving an unknown purpose as far as IT is concerned. Is a lot of the spend non-IT technology in the business? If yes, flag it and plan to learn more. It's likely that technologies living elsewhere in the organization will become IT concerns eventually. Better to be ready than to be surprised.

    As with staffing, CapEx vs. OpEx helps map the CEO Innovation View

    Mapping to this view was optional for IT staffing. For hard technology vendor spend, mapping this view is key. Use the guidance below to determine what goes where.

    Keep the Lights On
    Spend usually triggered by a service deck ticket or work order, not a formal project. Includes:

    • Daily maintenance and management.
    • Repair or upgrade of existing technology to preserve business function/continuity.
    • Purchase of "commodity" technology, such as standard-issue laptops and licenses for office productivity software.

    Business Growth
    Spend usually in the context of a formal project under a CapEx umbrella. Includes:

    • Technology spend that directly supports business expansion of an existing product or service and/or market.
    • Modernizing existing technology.
    • Extension of, or investment in, existing infrastructure to ensure reliability and availability in response to growth-driven scaling of headcount and utilization.

    Business Innovation
    Spend is always in the context of a formal project and should be 100% CapEx in the first year after purchase. Includes:

    • Technology spend that directly supports development and rollout of new products or service and/or entry into new markets.
    • Use of existing technology or investment in net-new technology in direct support of a new business initiative, direction, or requirement.

    In many organizations, most technology spend will be allocated to Keep the Lights On. This is normal but should generate conversations with the business about redirecting funds to growth and innovation.

    Remember these top tips when mapping your technology vendor spend

    The benefits of having tidy and organized data can't be overstated, as your source data will be in a more varied state for this phase of the mapping than with IT staffing data.

    Approach: Move from macro to micro

    • Start with the big enterprise apps: These will probably be in the top five of your vendor spend list and will likely have good info about how and by whom they're used. Get them out of the way.
    • Clear out shared technologies. This will feature infrastructure and operations plus office productivity and communications spend. Portioning spend by department headcount for the CXO Business View is the hardest part. Get this forklift task out of the way too.
    • Don't sweat the small stuff. Wasting hours chasing the details of a $500 line item isn't worth it when you have five-, six-, or even seven-figure line items to map.

    Biggest challenge: Poor vendor labeling

    • Vendor labels are often an inconsistent mess or missing entirely. Standardize and apply consistent vendor labels throughout your data so that you can aggregate your data into a workable form.
    • Spend transactions with the same vendor can be scattered all over the place in your general ledger. Take the time to "un-unique" your data to save yourself tremendous grief later on.
    • Start new go-forward labeling habits. Talk to finance about your new list of vendor naming standards and tagging spend as on-prem or cloud. Getting their cooperation with these are major wins.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. There's probably a technology out there in the business doing that work.

    4.1 Map your IT vendor spend

    Duration: Variable

    1. Navigate to tab "5. Vendor Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter a spend line item (vendor, product, etc.), a brief description, and the known amount of spend.
    2. Under the CFO Expense View (columns F-P), allocate the line item's spend as a percentage across all asset-class categories. If the allocation for a line item is 0%, leave the cell blank.
    3. Under the CIO Service View (columns S-AM), allocate the line item's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AP-BH), allocate the line item's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BK-BO), allocate the line item's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2-5 for all spend line items.
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Ensuring your amounts add up to your previously calculated total IT vendor spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.
      2. Identifying spend categories that have zero spend allocation. Additional percentage allocation splits for certain line items are probably required.
      3. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.

    Download the IT Spend & Staffing Transparency Workbook

    4.1 Map your IT vendor spend

    InputOutput
    • Cleaned and organized IT vendor spend data and information
    • Finalized mapping of IT vendor spend across the four views of the IT Cost Model
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 4: Map your IT vendor spend

    Achievement summary

    You've now completed your IT vendor spend mapping. You have:

    • Allocated your IT vendor spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "A lot of organizations log their spending by vendor name with no description of the goods or services they actually purchased from the vendor. It could be hardware, software, consulting services ... anything. Having a clear understanding of what's really in there is an essential aspect of the spend conversation."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Phase 5

    Identify Implications for IT

    This phase will walk you through the following activities:

    • Analyzing the results of your IT staff and vendor spend mapping across the four views of the ITFM Cost Model
    • Preparing an executive presentation of your transparent IT spend

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 5: Identify implications for IT

    Analyze and communicate.

    You're now nearing the end of the first leg in your IT spend transparency journey. In this phase you will:

    • Analyze the results of your IT spend mapping process.
    • Revisit your transparency objectives.
    • Prepare an executive presentation so you can share findings with other leaders in your organization.

    "Don't plug in numbers just to make yourself look good or please someone else. The only way to improve is to look at real life."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    You've mapped your IT spend data. Now what?

    With mapped data in hand, now you can start to tell IT's spend story with stakeholders in the business.

    Mapping your IT spend is a lot of work, but what you've achieved is impressive (applause!) as well as essential for growing your ITFM maturity. Now put your hard work to work.

    • Consider benchmarking. While not covered in-depth here, benchmarking against yourself in a year-over-year approach as well as against external industry peers are very useful exercises in your technology spend analysis.
    • Review your numbers and graphs. Your IT Spend & Staffing Transparency Workbook contains a series of data visualizations that will help you see the big picture as well as relationships between spend categories.
    • Note the very big numbers, the very small numbers, and the things that just look odd. You'll want to investigate and understand these further.
    • Prepare to communicate. Facilitating conversations with stakeholders in the business is the immediate objective of the IT spend and staffing transparency exercise. Decide where and with whom you want to start dialogue.

    The slides that follow show sample data summaries and visualizations generated in the IT Spend & Staffing Transparency Workbook. We'll take a look at the metrics, tables, and graphs you now have available to you post-mapping and how you can potentially use them in conversations with different IT stakeholders.

    Evaluate how you might use benchmarks before diving into your analysis

    Benchmarking can be a useful input for contextualizing and interpreting your IT spend data. It's not essential at this point but should be part of your ITFM toolkit.

    There are two basic types of benchmarking ...

    Internal: Capturing a current-state set of data about an in-house operation to serve as a baseline. Over time, snapshots of the same data are taken and compared to the baseline to track and assess changes. Common uses for internal benchmarking include:

    • Assessing the impact of a project or initiative.
    • Measuring year-over-year performance.

    External: Seeking out aggregated, current-state data about a peer-group operation to assess your own relative status or performance on the same operation. Common uses for external benchmarking include:

    • Understanding common practices in the industry.
    • Strategic and operational visioning, planning, and goal-setting.
    • Putting together a business case for change or investment.

    Both types of benchmarking benefit from some formality and rigor. Info-Tech can help you stand up an ITFM benchmarking approach as well as connect you with actual IT spend peer benchmarks via our IT Spend & Staffing Benchmarking service.

    5.1 Analyze the results of your IT spend mapping

    Duration: Variable

    1. Review the guidance slides that follow the two instruction slides for this exercise to provide yourself with a grounding on how to interpret and analyze your mapped IT staff and vendor spend data.
    2. Systematically review the data tables and graphs on the "Outputs" tabs 6 through 10 in the IT Spend & Staffing Transparency Workbook. There are several approaches you can take - use the one that works best for you. For example:
      1. Review each view in its entirety, one at a time.
      2. Review all workforce spend collectively across all four views, followed by all vendor spend across all four views (or vice versa).
    3. Make note of any spend values that are comparatively high or low or strike you as odd or worth further investigation.
    4. Craft a series of spend-related questions you want to answer for yourself and your stakeholders using the data.
      1. For example, you need to cut costs and apps maintenance is high. Your question could be, "Can we cut costs on applications maintenance staffing?"
      2. Alternatively, you can develop a series of statements (research hypotheses) that you seek to prove true or false with the data. This approach is useful for testing assumptions you've been making. For example, "We can cut spending on applications maintenance staff. True or false?"
    5. Use the template provided on tab "11. Data Analysis" in the IT Spend & Staffing Transparency Workbook to document your findings and conclusions, along with the data that supports them.

    Download the IT Spend & Staffing Transparency Workbook

    5.1 Analyze the results of your IT spend mapping

    InputOutput
    • Tabular and graphical data outputs
    • Conclusions and potential actions about IT staff and vendor spend
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    High-level findings: Use these IT spend metrics to review and set big picture goals

    Think of these metrics as key anchors in your long-term strategic planning efforts.

    Use IT spend metrics to review and set big goals

    It's common for the business to want a sacrifice in IT OpEx in favor of CapEx

    CapEx and OpEx approval mechanisms are often entirely separate. Different tax treatment for CapEx means that it's usually preferred by the business over OpEx.

    OpEx is often seen as a sunk cost (i.e. an IT problem).

    • Barring a major decision or event, OpEx on an individual item will generally trend upward over time, often by a few percent every year, in lockstep with inflation and growth in organizational headcount.
    • A good portion of OpEx, however, is necessary for basic business continuity.

    CapEx is usually seen as investment (i.e. a business growth opportunity).

    • CapEx behaves quite differently than OpEx. On-the-books capitalized spend on an individual asset tends to trend downward over time due to depreciation or amortization.
    • CapEx only tends to go up when a net-new capital project is initiated, and organizations often have more control over if, when, and how this spend happens.

    Break down the OpEx/CapEx wall. Reference OpEx whenever you talk about CapEx. The best way to do this is via Total Cost of Ownership (TCO).

    • Present data on long-term OpEx projections whenever a new capital project is proposed and ensure ongoing maintenance funds are secured.
    • Educate your CFO about the impact of the cloud on OpEx. See if internal OpEx/CapEx ratio expectations can be adjusted to reflect this reality.

    Spend by asset class offers the CFO a visual illustration of where the money's really gone

    The major spend categories should look very familiar to your CFO. It's the minor sub-categories that sit underneath where you ultimately want to drive the conversation.

    Traditional categories don't reflect IT reality anymore.

    • Most finance departments have "software" accounts that contain apples and oranges, plus other dissimilar fruit.
    • Software isn't just software anymore. Now it's on-premises (CapEx) or cloud (OpEx). The same distinction applies to traditional hardware due to the advent of managed services.
    • The basic categories traditionally used to tag IT spend are out of date. This makes it hard for IT to have meaningful conversations with the CFO since they're not working from the same glossary.

    "Software (on-premises)" and "hardware (cloud)" are more meaningful descriptors than "software" and "hardware." Shift the dialogue.

    Start the migration from major categories to minor categories.

    • Still give the CFO the traditional major categories they're looking for but start including minor category breakdowns into your communications. Most importantly, have a meeting to explain what these minor categories are and why they're important to managing IT effectively.
    • Next, see if the CFO can formally split on-premises vs. cloud software on the books as a first step in making IT spend tracking more meaningful.

    Employees vs. contractors warrants a specific conversation, plus a change in mindset

    IT leaders often find it easier to get approval for contracted labor than to hire a permanent employee. However, the true value proposition for contractors does vary.

    The decision to go with permanent employees or contractors depends on your ultimate goals.

    • Contractors tend to be less expensive and provide more flexibility when adjusting to changing business needs. However, contractors may be less dedicated and take their skills and knowledge with them when they leave.
    • Permanent employees bring additional costs like benefits and training. Plus, letting them go is a lot more complicated. However, they can also bring real value in a way a contractor can't when it comes to sustaining long-term strategic growth. They're assets in themselves.

    Far too often, labor-sourcing decisions are driven by controlling near-term costs instead of generating and sustaining long-term value.

    Introduce the cost-to-value ratio to your workforce spend conversations.

    • Your mapped data will allow you to talk about comparative headcount and spend. This is a financial conversation devoid of context.
    • Go beyond. Show how workforce spend has allowed stated goals to be achieved while controlling for costs. This is the true definition of value.

    CFO Expense View: Shift the ITFM conversation

    Now that you've mapped your IT spend data to the CFO Expense View, there are some questions you're better equipped to answer, namely:

    • How should I classify my IT costs?
    • What information should I include in my plans and reports?
    • How do I justify current spend?
    • How do I justify a budget increase?

    You now have:

    • A starting point for educating the CFO about IT spend realities.
    • A foundation for creating a shared glossary of terms that works for both IT and the finance department and facilitates more meaningful conversations.
    • Proof that there are major areas of IT spend, such as cloud software, that are distinctive and probably warrant their own financial category in the general ledger.
    • A transparent record of IT spend that shows that you understand and care about financial issues, fostering the goodwill and trust that facilitates investment in IT.
    • A starting point to change the ITFM conversation with the CFO from one focused on cost to one focused on value.

    Exactly how is IT spending all that money we give them?

    Exactly like this ...

    Chart of the CFO Expense View

    The CIO Service View aligns with how IT organizes and manages itself – this is your view

    The data mapped here is a critical input for IT's service planning and management program and should be integrated into your IT performance measurement activities.

    Major service categories: These values give a high-level snapshot of your general IT service spend priorities. In most organizations, Applications dominates, making it a focus for cost optimization.

    Minor service categories: The level of granularity for these values prove more practical when measuring performance and making service management decisions - not too big, not too small. While not reflected in this example, application maintenance is usually the largest relative consumer of IT spend in most organizations.

    Data & BI and security: Isolating the exact spend for these services is challenging given that they're often entangled in applications and infrastructure spend respectively, and separate spend tracking for both is a comparatively recent practice.

    Table of CIO Service View

    Check the alignment of individual service spend against known business objectives

    Some IT services are taken for granted by the business, while others are virtually invisible. This lack of visibility often translates into funding misalignments.

    Is the amount of spend on a given service in parallel with the service's overall importance?

    • Though often unstated, ensuring continuity of basic business operations is always the top priority. This means business apps, core infrastructure, end users, and security need to be appropriately funded - these should collectively comprise the majority of IT service spend.
    • Strategy-supporting IT services, like data & BI, see high investment variability between organizations. If its strategic role/importance doesn't align with spend, flag it as an issue you'll need to reconcile with the business by increasing funding (important) or reducing service levels (unimportant).
    • The strategic importance of IT as a whole is often reflected in the spend on IT management services. If spend is low, IT's probably seen as a support function, not a strategic one.

    Identify the hot spots and pick your battles.

    • Spend levels are just approximate gauges of where and how the business is willing to spend its money. Start with this simple gut check.
    • Noting the areas of importance vs. spend misalignment will help you identify where negotiations with the business should probably happen.

    A mature IT cost optimization practice is often approached from the service perspective

    When optimizing IT costs, you have two OpEx levers to pull - vendor spend and staff spend. Isolating these two sources of IT service spend will help shortlist your options.

    It's all about how much room you have to move.

    • Any decision made about how a service is provisioned will push vendor and staff spend in clear, predictable, and often opposite directions (e.g. in-house and people-intensive services tend to see higher staff spend, while outsourced and tech-intensive services higher vendor spend).
    • Service levels required by the business should be the driving factor behind service design and spend decisions. High service spend may reflect priority but may also indicate it's over-built and is ripe for a cost-optimization treatment.
    • Service spend is a useful barometer for tracking the financial impact of any changes made to IT. Add simple unit-cost metrics like "service spend per organizational employee" and "service spend per FTE assigned to the service" to see if and how the dial has moved over time.

    Grow your IT service management practice.

    • The real power of the CIO Service View is laying the groundwork for next-level IT service management initiatives like developing a service catalog, negotiating service-level agreements, rolling out chargeback and showback mechanisms, and calculating IT's value to the business.
    • Use service spend as a common denominator for both your IT service management and IT performance management programs. Better yet, integrate the two programs to ensure a single version of the truth.

    CIO Service View: Optimize your cost-to-value ratio

    Now that you've mapped your IT spend data to the CIO Service View, there are some questions you're better equipped to answer, namely:

    • What's the impact of cloud adoption on speed of delivery?
    • Where can I improve spend efficiency?
    • Is my support model optimized?
    • How does our spend compare to others?

    You now have:

    • Data that shows the financial impact of change decisions on service costs.
    • Insight into the relationship between vendor spend and staff spend within a given IT service.
    • The information you need to start developing service unit costing mechanisms.
    • A tool for setting and right-sizing service-level agreements with the business.
    • A more focused starting point for investigating IT cost-optimization opportunities.
    • A baseline for benchmarking common IT services against your peers.

    Does the amount we spend on each IT service make sense?

    We have some good opportunities for optimization ...

    Chart of CIO Service View

    The CXO Business View will spur conversations that may have never happened before

    This view is a potential game changer as previously unknown technology spend is often revealed, triggering change in IT's relationship with business unit leaders.

    Table of CXO Business View

    The big beneficiaries of IT spend will leap out

    The CXO Business View mapping does have a "shock and awe" quality to it given large spend disparities. They may be totally legitimate, but they're still eye-catching.

    Share information, don't push recommendations.

    • Have a series of one-on-one meetings with business unit leaders to present these numbers.
      • Approach initial meetings as information-sharing sessions only. The data is probably new to them, and they'll need time to reflect and ask questions.
      • Bring a list of the big-ticket spend items for that business unit to focus the conversation.
    • Present these numbers at a broader leadership meeting.
      • It's critical for everyone to hear the same truth and learn about each other's technology needs and uses.
      • This is where recommendations for better aligning IT spend with business goals and cost-optimization strategies should surface. A group approach will bring technology haves and have-nots into the open, as well as provide a forum for collaborative solutioning.

    If possible, slice the numbers by business unit headcount.

    • IT spend per business unit employee is an attention-getting metric that can help gain entry to important conversations.
    • Comparing per-employee spend across different business functions is not necessarily an apples-to-apples comparison, as units like HR may have few employees but serve the entire organization. Bring up these kinds of differences to provide context and avoid misinterpretations.

    Questions will arise in how you calculated and allocated indirect IT spend

    IT spend for things like core infrastructure and end-user services must be distributed fairly across multiple or all business units. Be prepared to explain your methods.

    Be transparent in your transparency.

    • Distributing indirect spend is imprecise by nature. You can't account for every unique circumstance. However, you can devise a logic-driven, general approach that's defensible, fair, and works for most people most of the time.
    • Lay out your assumptions from the start. This is an important part of communicating transparently and can prevent unwanted descent into weedy rabbit holes.
      • List what you classified as indirect spend. Use the CFO Expense View and/or CIO Service View categories to aid your presentation of this information.
      • Point out known circumstances that didn't fit your general allocation method and how you handled them. Opting to ignore minor anomalies is reasonable but be sure to tell business unit leaders you did this and why.

    Use questions about indirect IT staff spend distribution to engage stakeholders.

    • As a percentage, the indirect IT staff spend allocation to a specific business unit may be higher than that for IT vendor spend since IT staff tend to operate more generally than the technologies they support.
    • Leverage any pushback about indirect spend as an opportunity to engage the broader business leadership group. Let them arrive at a consensus of how they want it done and confirm buy-in.

    CXO Business View: Bring the truth to light

    Now that you've mapped your IT spend data to the CXO Business View, there are some questions you're better equipped to answer, namely:

    • Which business units consume the most IT resources?
    • Which business units are underserved by IT?
    • How do I best communicate spend data internally?
    • Where do I need better business sponsorship for IT projects?

    You now have:

    • A reason-based accounting of direct and indirect amounts spent on IT vendors and staff in support of each major business unit.
    • Insight into the technology haves and have-nots in your organization and where opportunities to optimize costs may exist.
    • Attention-getting numbers that will help you engage business-unit leaders in meaningful conversations about their use of IT resources and the value they receive.
    • A mechanism to assess if a business unit's consumption of IT is appropriate and aligned with its purpose and mandate in the organization.
    • A list of previously unknown business-side technologies that IT will investigate further.

    Why doesn't my business unit get more support from IT?

    Let's look at how you compare to the other departments ...

    Chart of the CXO Business View

    From the CEO's high-level perspective, IT spend is a collection of distinct financial islands

    From IT's perspective, these islands are intimately connected, with events on one affecting what happens (or doesn't) on another. Focus on the bridges.

    Table of CEO High-level Perspective

    Focus more on unifying the view of technology spend than on the numbers

    When talking to the CEO, seek to build mutual understanding and encourage a holistic approach to the organization's technology spend.

    Use the numbers to get to the real issues.

    • Clarify with the CEO what business innovation, business growth, and KTLO means to them and the role each plays in the organization's strategic and operational plans.
    • Find out the role they think IT, and technology as a whole, has in realizing business plans. Only then can you look at the relative allocation of IT spend with them to see if the aspiration aligns with reality.
    • Eventually, you'll need to discuss expectations around who pays the bills for operationally supporting capital technology investments over the long-term (i.e. IT or the business units that actually want and use it). You'll have concrete examples of business projects that consumed IT operations resources without a corresponding increase in IT's OpEx budget.

    Focus your KTLO spend conversation on risk and trade-off.

    • Every strategic conversation needs to look at the impact on ongoing operations. Every discussion about CapEx needs to investigate the long-term repercussions for OpEx. Look at the whole tech spend picture.
    • Use risk to get KTLO/OpEx into the conversation. Be straightforward (i.e. "If we do/don't do this, then we can/can't do that"). Simply put, mitigating the risks that get in the way of having it all usually requires spending.

    CEO Innovation View: Learn what's really expected of IT

    Now that you've mapped your IT spend data to the CEO Innovation View, there are some questions you're better equipped to answer, namely:

    • Why is KTLO spend so high?
    • What should our operational spend priorities be?
    • Which projects and investments should we prioritize?
    • Are we spending enough on innovative initiatives?

    You now have:

    • A holistic, organization-wide view of total technology spend in support of different investment types, namely business innovation, business growth, and keeping things up and running.
    • Data-driven examples that prove the impact of near-term capital spend on long-term operational expenses and the intimate relationship between the two types of spend.
    • A way to measure the degree of alignment between the innovation and growth goals the organization has and how money is actually being spent to realize those goals.
    • A platform to discuss how technology investment decision-making and governance can work better to realize organizational mandates and goals.

    I know what IT costs us, but what is it really worth?

    Here's how tech spend directly supports business objectives ...

    Chart of CEO Innovation View

    Revisit your IT spend transparency objectives before crafting your executive presentation

    Go back to exercise 1.1 to remind yourself why you undertook this effort in the first place, clear your head of all that data, and refocus on the big picture.

    Review the real problems and issues you need to address and the key stakeholders.
    This will guide what data you focus on or showcase with other business leaders. For example, if IT OpEx is perceived as high, be prepared to examine the CapEx/OpEx ratio as well as cloud-related spend's impact on OpEx.

    Flag ITFM processes you'll develop as part of your ITFM maturity improvement plan.
    You won't become a TCO math expert overnight, but being able to communicate your awareness of and commitment to developing and applying ITFM capabilities helps build confidence in you and the information you're presenting.

    Use your first big presentation to debut ITFM.
    ITFM as a formal practice and the changes you hope to make may be a novel concept for your business peers. Use your newfound IT spend and staffing transparency to gently wade into the topic instead of going for the deep dive.

    Now it's time to present your transparent IT spend and staffing data to your executive

    Pull out of analysis mode. You're starting to tell the IT spend story, and this is just the first chapter. Introduce your cast of characters and pique your audience's interest.

    The goal of this first presentation is to showcase IT spend in general and make sure that everyone's getting the same information as everyone else.

    Go broad, not deep
    Defer any in-depth examinations until after you're sure you have everyone's attention. Only dive deep when you're ready to talk about specific plans via follow-up sessions.

    Focus on the CXO
    Given your audience, the CXO Business View may be the most interesting for them and will trigger the most questions and discussion. Plan to spend the largest chunk of your time here.

    Avoid judgment
    Let the numbers speak for themselves. Do point out what's high and what's low, but don't offer your opinion about whether it's good or bad. Let your audience draw their own conclusions.

    Ask for impressions
    Education and awareness are primary objectives. What comes up will give a good indication of what's known, what's news, who's interested, and where there's work to do.

    Pick a starting point
    Ask what they see as high-priority areas for both optimizing IT costs as well as improving the organization's approach to making IT spend decisions in general.

    What to include in your presentation ...

    • Purpose: Why you did the IT spend and staffing transparency exercise.
    • Method: The models and processes you used to map the data.
    • Data: Charts from the IT Spend & Staffing Transparency Workbook.
    • Feedback: Space for your audience to voice their thoughts.
    • Next steps: Discussion and summary of actions to come.

    5.2 Develop an executive presentation

    Duration: Two hours

    1. Download the IT Staff & Spend Executive Presentation Template.
    2. Copy and paste the IT spend output tables and graphs into the template. (Note: Pasting as an image will preserve formatting.)
    3. Incorporate observations and insights about your analysis of your IT spend metrics.
    4. Conduct an internal review of the final presentation to ensure it includes all the elements you need and is error free.
    5. Book time to make your presentation to the executive team. Plan time after the presentation to field questions, engage in follow-up information sessions, and act on feedback.

    Note: Refer to your organization's standards and norms for executive-level presentations and either adapt the Info-Tech template accordingly or use your own.

    Input Output
    • Tabular and graphical data outputs in the IT Spend & Staffing Transparency Workbook
    • Executive presentation summarizing your organization's actual IT spend
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • IT Staff & Spend Executive Presentation Template
    • CIO/IT directors
    • IT financial lead
    • Other IT management

    Download the IT Spend & Staffing Transparency Executive Presentation TemplateTemplate

    Phase 5: Identify implications for IT

    Achievement summary

    You've done the hard part in starting your IT spend transparency journey. You have:

    • Analyzed the results of your IT spend mapping process.
    • Revisited your transparency objectives.
    • Prepared an executive presentation so you can share findings with other leaders in your organization.

    "Having internal conversations, especially if there is doubt, allows for accuracy and confidence in your model. I was showing someone the cost of a service he managed. He didn't believe the service was so expensive. We went through it: here are the people we allocated, the assets we allocated, and the software we allocated. It was right - that was the total cost. He was like, 'No way. Wow.' The costs were high, and the transparency is what allowed for a conversation on cost optimization."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Next Steps

    Achieve IT Spend & Staffing Transparency

    This final section will provide you with:

    • An overall summary of accomplishment
    • Recommended next steps
    • A list of contributors to this research
    • Some related Info-Tech resources to help you grow your ITFM practice

    Summary of Accomplishment

    Congratulations! You now have a fully transparent view of your IT spend.

    You've now mapped the entirety of technology spend in your organization. You've:

    1. Learned the key sources of spend data and information in your organization.
    2. Set some standards for data organization and labeling.
    3. Have a methodology for continuing to track and document spend in a transparent way.
    4. Crafted an executive presentation that's a first step in having more meaningful and constructive conversations about IT spend with your key stakeholders.

    What's next?

    With a reliable baseline, you can look forward to more informed and defensible IT budgeting and cost optimization. Use your newly-transparent IT spend as a foundation for improving your financial data hygiene in the near term and evolving your overall ITFM governance maturity in the long-term.

    If you would like additional support, have our analysts guide you through an Info-Tech full-service engagement or Guided Implementation.

    Contact your account representative for more information.

    1-888-670-8889

    Research Contributors and Experts

    Monica Braun, Research Director, ITFM Practice

    Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group

    Dave Kish, Practice Lead, ITFM Practice

    Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group

    Kennedy Confurius, Research Analyst, ITFM Practice

    Kennedy Confurius
    Research Analyst, ITFM Practice
    Info-Tech Research Group

    Aman Kumari, Research Specialist, ITFM Practice

    Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Rex Ding, Research Specialist, ITFM Practice

    Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Angie Reynolds, Principal Research Director, ITFM Practice

    Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Related Info-Tech Research

    Build Your IT Cost Optimization Roadmap

    • Cost optimization often doesn't go beyond the cutting part, but cutting costs isn't strategic - it's reactive and can easily result in mistakes.
    • True cost optimization is much more than this. Re-focus your efforts on optimizing your cost-to-value ratio and implementing a sustainable cost-optimization practice.

    Build an IT Budget

    • Budgetary approval is difficult because finance executives have a limited understanding of IT and use a different vocabulary.
    • Detailed budgets must be constructed in a way that is transparent but at a level of appropriate detail in order to limit complexity and confusion.

    Manage an IT Budget

    • No one likes to be over budget, but being under budget isn't necessarily good either.
    • Implement a budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track.
    • Control for under- or overspending using Info Tech's budget management tool and tactics.

    APPENDIX

    Sample shared business services

    Sample industry-specific business services

    Sample shared business functions

    Business function Definition
    Human Resources The management of the recruitment, training, development, appraisal, compensation/reward, retention, and departure of employees in an organization. Does not include management of subcontractor or outsourced relationships.
    Finance and Accounting The management and analysis of an organization's revenue, funds, spend, investments, financial transactions, accounts, and financial statements. Often includes enterprise asset management.
    Procurement and Supplier Management Acquiring materials, goods, and services from an external party, including identifying potential suppliers/providers, managing tendering or bidding processes, negotiating terms and agreements, and managing the relationship with the vendor/provider.
    Information Technology The development, management, and optimization of information technology resources and systems over their lifecycle in support of an organization's work priorities and goals. Includes computer-based information and communication systems, but typically excludes industrial operational technologies.
    Legal Expertise in interpretation, implication, and application of legislation and regulation that affects the enterprise, including guidance and support in the areas of risk, contracting, compliance, ownership, and litigation.
    Regulatory Affairs and Compliance Management Identification, operationalization, monitoring, reporting, and enforcement of the standards, rules, codes, and laws that apply to an organization's operating environment and the products and services it offers.
    Sales Transactional provision of a product or service to a buyer at an agreed-upon price. Includes identifying and developing prospective buyers, presenting and explaining the product/service, overcoming prospect objections and concerns to purchase, negotiating terms, developing contracts, and billing or invoicing.
    Customer Service and Support A range of activities designed to optimize the customer experience with an organization and its products and services throughout the customer lifecycle with the goals of retaining the customer; encouraging additional spend or consumption; the customer positively influencing other potential customers; and minimizing financial and reputational business risks.
    Marketing and Advertising Understanding customer/prospect needs, developing strategies to meet those needs, and promotion of the organization's products/services to a target market via a range of channels to maximize revenue, membership, donations, and/or develop the organization's brand or reputation. Includes market research and analysis and promotion, campaign, and brand management.

    Sample industry-specific functions

    Supply chain and capital-intensive industries.

    Industry function Definition
    Product Innovation Research, design, development, and launch of new products, including the engineering of their underlying production processes.
    Product and Service Portfolio Management The management of an organization's collection of products and services, including management of the product/service roadmap; product/service portfolio and catalog; product/service quality and performance; and product/service pricing, bundling and markdown.
    Logistics and Supply Chain Management Sourcing raw materials or component parts needed and shipping of a finished product. Includes demand planning; procurement/supplier management; inventory management; yard management; allocation management; fulfillment and replenishment; and product distribution and delivery.
    Production Operations Manufacture, storage, and tracking of a product and ensuring product and production process quality. Includes operations management, materials management, quality/safety control, packaging management, and management of the tools, equipment, and technologies that support it.
    Architecture & Engineering The design and planning of structures or critical infrastructure systems according to scientific, functional, and aesthetic principles.
    Construction New construction, assembly, or alteration of buildings and critical infrastructure (e.g. transportation systems; telecommunications systems; utilities generation/transmission/distribution facilities and systems). Includes management of all construction project plans and the people, materials, and equipment required to execute.
    Real Estate Management Management of any residential, commercial, or industrial real estate holdings (land and buildings), including any financial dealings such as its purchase, sale, transfer, and rental as well as ongoing maintenance and repair of associated infrastructure and capital assets.

    Sample industry-specific functions

    Financial services and insurance industries.

    Industry function Definition
    Core Banking Services Includes ATM management; account management (opening, deposit/withdrawal, interest calculation, overdraft management, closing); payments processing; funds transfers; foreign currency exchange; cash management.
    Loan, Mortgage, and Credit Services Includes application, adjudication, and approval; facility; disbursement/card issuance; authorization management; merchant services; interest calculation; billing/payment; debt/collections management.
    Investment and Wealth Management Processes for the investment of premiums/monies received from policy holders/customers to generate wealth. Often two-pronged: internal investment to fund claim payout in the case of insurance, and customer-facing investment as a financial service (e.g. retirement planning/annuities). Includes product development and management, investment management, safety deposit box services, trust management services.
    Actuarial Analysis & Policy Creation Development of new policy products based on analysis of past losses and patterns, forecasts of financial risks, and assessment of potential profitability (i.e. actuarial science). These processes also include development of rate schedules (pricing) and the reserves that the insurer needs to have available for potential claim payouts.
    Underwriting & Policy Administration Processes for assessing risk of a potential policy holder; determining whether to insure them or not; setting the premiums the policy holder must pay; and administering the policy over the course of its lifecycle (including updates and billing).
    Claims Processing & Claims Management Processes for receiving, investigating, evaluating, approving/denying, and disbursing a claim payout. This process is unique to the insurance industry. In health insurance, ongoing case management processes need to be considered here whereby the insurer monitors and approves patient treatments over a long-term basis to ensure that the treatments are both necessary and beneficial.

    Sample industry-specific functions

    Healthcare industry

    Industry function Definition
    Patient Intake & Admissions Processes whereby key pieces of information about a patient are registered, updated, or confirmed with the healthcare provider in order to access healthcare services. Includes patient triage, intake management, and admissions management. These processes are generally administrative in nature.
    Patient Diagnosis A range of methods for determining the medical condition a patient has in order to provide appropriate care or treatment. Includes examination, consultation, testing, and diagnostic imaging.
    Patient Treatment The range of medical procedures, methods, and interventions to mitigate, relieve, or cure a patient's symptom, injury, disease, or other medical condition. Includes consultation and referral; treatment and care planning; medical procedure management; nursing and personal support; medicine management; trauma management; diet and nutrition management; and patient transportation.
    Patient Recovery & Ongoing Care Processes and methods for tracking the progress of a patient post-treatment; improving their health outcomes; restoring, maintaining, or improving their quality of life; and discharging or transferring them to other providers. Includes remote monitoring of vital parameters, physical therapy, post-trauma care, and a range of restorative and lifestyle modification programs.

    Sample industry-specific functions

    Gaming and hospitality industries

    Industry function Definition
    Accommodation Short-term lodging in hotel facilities. Includes management and maintenance of guest rooms and common spaces, amenities (e.g. swimming pool), and other related services (e.g. valet parking).
    Gaming Includes table wagering games and gambling activities such as slot machines or any other activity that includes on premises mobile casino gaming.
    Food & Beverage Services Food and beverages prepared, served, or available for sale by the hotel on the hotel premises via restaurants and bars and room service. Excludes catering (see Events Management) and management or operation of independent leased food and beverage establishments located on the hotel premises.
    Entertainment & Events Planning, coordination, and on-premises hosting of events including conferences, conventions, trade shows, parties, ceremonies and live entertainment, and other forms of recreation on the hotel premises. Includes all aspects of entertainment operations, facility management and catering for the event.

    Create an IT View of the Service Catalog

    • Buy Link or Shortcode: {j2store}396|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $59,399 Average $ Saved
    • member rating average days saved: 66 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Organizations often don’t understand which technical services affect user-facing services.
    • Organizations lack clarity around ownership of responsibilities for service delivery.
    • Organizations are vulnerable to change-related incidents when they don’t have insight into service dependencies and their business impact.

    Our Advice

    Critical Insight

    • Even IT professionals underestimate the effort and the complexity of technical components required to deliver a service.
    • Info-Tech’s methodology promotes service orientation among technical teams by highlighting how their work affects the value of user-facing services.
    • CIOs can use the technical part of the catalog as a tool to articulate the value, dependencies, and constraints of services to business leaders.

    Impact and Result

    • Extend the user-facing service catalog to document the people, processes, and technology required to deliver user-facing services.
    • Bring transparency to how services are delivered to better articulate IT’s capabilities and strengthen IT-business alignment.
    • Increase IT’s ability to assess the impact of changes, make informed decisions, and mitigate change-related risks.
    • Respond to incidents and problems in the IT environment with more agility due to reduced diagnosis time for issues.

    Create an IT View of the Service Catalog Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build the technical components of your service catalog, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Build a strong foundation for the project to increase the chances of success.

    • Create an IT View of the Service Catalog – Phase 1: Launch the Project
    • Service Catalog Extension Project Charter
    • Service Catalog Extension Training Deck

    2. Identify service-specific technologies

    Identify which technologies are specific to certain services.

    • Create an IT View of the Service Catalog – Phase 2: Identify Service-Specific Technology
    • IT Service Catalog

    3. Identify underpinning technologies

    Determine which technologies underpin the existence of user-facing services.

    • Create an IT View of the Service Catalog – Phase 3: Identify Underpinning Services

    4. Map the people and processes to the technologies they support

    Document the roles and responsibilities required to deliver each user-facing service.

    • Create an IT View of the Service Catalog – Phase 4: Determine People & Process
    • Service Definitions: Visual Representations
    [infographic]

    Workshop: Create an IT View of the Service Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    Build a foundation to kick off the project.

    Key Benefits Achieved

    A carefully selected team of project participants.

    Identified stakeholders and metrics.

    Activities

    1.1 Create a communication plan

    1.2 Complete the training deck

    Outputs

    Project charter

    Understanding of the process used to complete the definitions

    2 Identify Service-Specific Technologies and Underpinning Technologies

    The Purpose

    Determine the technologies that support the user-facing services.

    Key Benefits Achieved

    Understanding of what is required to run a service.

    Activities

    2.1 Determine service-specific technology categories

    2.2 Identify service-specific technologies

    2.3 Determine underpinning technologies

    Outputs

    Logical buckets of service-specific technologies makes it easier to identify them

    Identified technologies

    Identified underpinning services and technologies

    3 Identify People and Processes

    The Purpose

    Discover the roles and responsibilities required to deliver each user-facing service.

    Key Benefits Achieved

    Understanding of what is required to deliver each user-facing service.

    Activities

    3.1 Determine roles required to deliver services based on organizational structure

    3.2 Document the services

    Outputs

    Mapped responsibilities to each user-facing service

    Completed service definition visuals

    4 Complete the Service Definition Chart and Visual Diagrams

    The Purpose

    Create a central hub (database) of all the technical components required to deliver a service.

    Key Benefits Achieved

    Single source of information where IT can see what is required to deliver each service.

    Ability to leverage the extended catalog to benefit the organization.

    Activities

    4.1 Document all the previous steps in the service definition chart and visual diagrams

    4.2 Review service definition with team and subject matter experts

    Outputs

    Completed service definition visual diagrams and completed catalog

    Review Your Application Strategy

    • Buy Link or Shortcode: {j2store}82|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Over 80% of CXOs experience frustration with IT’s failure to deliver business value.
    • Sixty percent of CEOs believe that improvement is required around IT’s understanding of business goals.
    • Sixty percent of IT professionals know there is an opportunity to run applications more efficiently, eliminating wasteful or low-value activities.

    Our Advice

    Critical Insight

    • Organizations need to better align their application strategy with their business strategy as they proceed through tactical initiatives.
    • Application strategies provide guidance on how they will help the organization survive and thrive.

    Impact and Result

    Aligning your business with applications through your strategy will not only increase business satisfaction but also help to ensure you’re delivering applications that enable the organization’s goals.

    Review Your Application Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have an application strategy and why you should use Info-Tech’s approach to review it. Learn how we can support you in completing this strategy and review.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your strategy

    This review guide provides organizations with a detailed assessment of their application strategy, ensuring that the applications enable the business strategy so that the organization can be more effective.The assessment provides criteria and exercises to provide actionable outcomes.

    • Application Strategy Assessment Tool
    • Application Strategy Action Plan Report Template
    • Application Strategy Sample Action Plan Report
    [infographic]

    Automate Work Faster and More Easily With Robotic Process Automation

    • Buy Link or Shortcode: {j2store}237|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Your organization has many business processes that rely on repetitive, routine manual data collection and processing work, and there is high stakeholder interest in automating them.
    • You’re investigating whether robotic process automation (RPA) is a suitable technological enabler for automating such processes.
    • Being a trending technology, especially with its association with artificial intelligence (AI), there is much marketing fluff, hype, and misunderstanding about RPA.
    • Estimating the potential impact of RPA on business is difficult, as the relevant industry statistics often conflict each other and you aren’t sure how applicable it is to your business.

    Our Advice

    Critical Insight

    • There are no physical robots in RPA. RPA is about software “bots” that interact with applications as if they were human users to perform routine, repetitive work in your place. It’s for any business in any industry, not just for manufacturing.
    • RPA is lightweight IT; it reduces the cost of entry, maintenance, and teardown of automation as well as the technological requirement of resources that maintain it, as it complements existing automation solutions in your toolkit.
    • RPA is rules-based. While AI promises to relax the rigidity of rules, it adds business risks that are poorly understood by both businesses and subject-matter experts. Rules-based “RPA 1.0” is mature and may pose a stronger business case than AI-enabled RPA.
    • RPA’s sweet spot is “swivel chair automation”: processes that require human workers to act as a conduit between several systems, moving between applications, manually keying, re-keying, copying, and pasting information. A bot can take their place.

    Impact and Result

    • Discover RPA and how it differentiates from other automation solutions.
    • Understand the benefits and risks of complementing RPA with AI.
    • Identify existing business processes best suited for automation with RPA.
    • Communicate RPA’s potential business benefits to stakeholders.

    Automate Work Faster and More Easily With Robotic Process Automation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should use RPA to automate routine, repetitive data collection and processing work, review Info-Tech’s methodology, and understand the ways we can support you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover robotic process automation

    Learn about RPA, including how it compares to IT-led automation rooted in business process management practices and the role of AI.

    • Automate Work Faster and More Easily With Robotic Process Automation – Phase 1: Discover Robotic Process Automation
    • Robotic Process Automation Communication Template

    2. Identify processes best suited for robotic process automation

    Identify and prioritize candidate processes for RPA.

    • Automate Work Faster and More Easily With Robotic Process Automation – Phase 2: Identify Processes Best Suited for Robotic Process Automation
    • Process Evaluation Tool for Robotic Process Automation
    • Minimum Viable Business Case Document
    [infographic]

    Manage Requirements in an Agile Environment

    • Buy Link or Shortcode: {j2store}522|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design

    The process of navigating from waterfall to Agile can be incredibly challenging. Even more problematic; how do you operate your requirements management practices once there? There traditionally isn’t a role for a business analyst, the traditional keeper of requirements. It isn’t like switching on a light.

    You likely find yourself struggling to deliver high quality solutions and requirements in Agile. This is a challenge for many organizations, regardless of how long they’ve leveraged Agile.

    But you aren’t here for assurances. You’re here for answers and help.

    Our Advice

    Critical Insight

    Agile and requirements management are complementary, not competitors.

    Impact and Result

    Info-Tech’s advice? Why choose? Why have to pick between traditional waterfall and Agile delivery? If Agile without analysis is a recipe for disaster, Agile with analysis is the solution. How can you leverage the Info-Tech approach to align your Agile and requirements management efforts into a powerful combination?

    Manage Requirements in an Agile Environment is your guide.

    Use the contents and exercises of this blueprint to gain a shared understanding of the two disciplines, to find your balance in your approach, to define your thresholds, and ultimately, to prepare for new ways of working.

    Manage Requirements in an Agile Environment Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Requirements in an Agile Environment Blueprint – Agile and Requirements Management are complementary, not competitors

    Provides support and guidance for organizations struggling with their requirements management practices in Agile environments.

    • Manage Requirements in an Agile Environment Storyboard

    2. Agile Requirements Playbook – A practical playbook for aligning your teams, and articulating the guidelines for managing your requirements in Agile.

    The Agile Requirements Playbook becomes THE artifact for your Agile requirements practices. Great for onboarding, reviewing progress, and ensuring a shared understanding of your ways of working.

    • Agile Requirements Playbook

    3. Documentation Calculator – A tool for determining the right level of documentation for your organization, and whether you’re spending too much, or even not enough, on Agile Requirements documentation.

    The Documentation Calculator can inform your documentation decison making, ensuring you're investing just the right amount of time, money, and effort.

    • Documentation Calculator

    4. Agile Requirements Workbook – Supporting tools and templates in advancing your Agile Requirements practice, to be used in conjunction with the Agile Requirements Blueprint, and the Playbook.

    This workbook is designed to capture the results of your exercises in the Manage Requirements in an Agile Environment Storyboard. Each worksheet corresponds to an exercise in the storyboard. This is a tool for you, so customize the content and layout to best suit your product. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

    • Agile Requirements Workbook

    5. Agile Requirements Assessment – Establishes your current Agile requirements maturity, defines your target maturity, and supports planning to get there.

    The Agile Requirements Assessment is a great tool for determining your current capabilities and maturity in Agile and Business Analysis. You can also articulate your target state, which enables the identification of capability gaps, the creation of improvement goals, and a roadmap for maturing your Agile Requirements practice.

    • Agile Requirements Assessment

    Infographic

    Workshop: Manage Requirements in an Agile Environment

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Framing Agile and Business Analysis

    The Purpose

    Sets the context for the organization, to ensure a shared understanding of the benefits of both Agile and business analysis/requirements management.

    Key Benefits Achieved

    Have a shared definition of Agile and business analysis / requirements.

    Understand the current state of Agile and business analysis in your organization.

    Activities

    1.1 Define what Agile and business analysis mean in your organization.

    1.2 Agile requirements assessment.

    Outputs

    Alignment on Agile and business analysis / requirements in your organization.

    A current and target state assessment of Agile and business analysis in your organization.

    2 Tailoring Your Approach

    The Purpose

    Confirm you’re going the right way for effective solution delivery.

    Key Benefits Achieved

    Confirm the appropriate delivery methodology.

    Activities

    2.1 Confirm your selected methodology.

    Outputs

    Confidence in your selected project delivery methodology.

    3 Defining Your Requirements Thresholds

    The Purpose

    Provides the guardrails for your Agile requirements practice, to define a high-level process, roles and responsibilities, governance and decision-making, and how to deal with change.

    Key Benefits Achieved

    Clearly defined interactions between the BA and their partners

    Define a plan for management and governance at the project team level

    Activities

    3.1 Define your agile requirements process.

    3.2 Define your agile requirements RACI.

    3.3 Define your governance.

    3.4 Define your change and backlog refinement plan.

    Outputs

    Agile requirements process.

    Agile requirements RACI.

    A governance and documentation plan.

    A change and backlog refinement approach.

    4 Planning Your Next Steps

    The Purpose

    Provides the action plan to achieve your target state maturity

    Key Benefits Achieved

    Recognize and prepare for the new ways of working for communication, stakeholder engagement, within the team, and across the organization.

    Establish a roadmap for next steps to mature your Agile requirements practice.

    Activities

    4.1 Define your stakeholder communication plan.

    4.2 Identify your capability gaps.

    4.3 Plan your agile requirements roadmap.

    Outputs

    A stakeholder communication plan.

    A list of capability gaps to achieve your desired target state.

    A prioritized roadmap to achieve the target state.

    5 Agile Requirements Techniques (Optional)

    The Purpose

    To provide practical guidance on technique usage, which can enable an improved experience with technical elements of the blueprint.

    Key Benefits Achieved

    An opportunity to learn new tools to support your Agile requirements practice.

    Activities

    5.1 Managing requirements' traceability.

    5.2 Creating and managing user stories.

    5.3 Managing your requirements backlog.

    5.4 Maintaining a requirements library.

    Outputs

    Support and advice for leveraging a given tool or technique.

    Support and advice for leveraging a given tool or technique.

    Support and advice for leveraging a given tool or technique.

    Support and advice for leveraging a given tool or technique.

    Further reading

    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors

    Analyst's Perspective

    The temptation when moving to Agile is to deemphasize good requirements practices in favor of perceived speed. If you're not delivering on the needs of the business then you have failed, regardless of how fast you've gone.

    Delivery in Agile doesn't mean you stop needing solid business analysis. In fact, it's even more critical, to ensure your products and projects are adding value. With the rise of Agile, the role of the business analyst has been misunderstood.

    As a result, we often throw out the analysis with the bathwater, thinking we'll be just fine without analysis, documentation, and deliberate action, as the speed and dexterity of Agile is enough.

    Consequently, what we get is wasted time, money, and effort, with solutions that fail to deliver value, or need to be re-worked to get it right.

    The best organizations find balance between these two forces, to align, and gain the benefits of both Agile and business analysis, working in tandem to manage requirements that bring solutions that are "just right".

    This is a picture of Vincent Mirabelli

    Vincent Mirabelli
    Principal Research Director, Applications Delivery and Management
    Info-Tech Research Group

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    The process of navigating from waterfall to Agile can be incredibly challenging. And even more problematic; how do you operate your requirements management practices once there? Since there traditionally isn't a role for a business analyst; the traditional keeper of requirements. it isn't like switching on a light.

    You likely find yourself struggling to deliver high quality solutions and requirements in Agile. This is a challenge for many organizations, regardless of how long they've leveraged Agile.

    But you aren't here for assurances. You're here for answers and help.

    Common Obstacles

    many organizations and teams face is that there are so busy doing Agile that they fail to be Agile.

    Agile was supposed to be the saving grace of project delivery but is misguided in taking the short-term view of "going quickly" at the expense of important elements, such as team formation and interaction, stakeholder engagement and communication, the timing and sequencing of analysis work, decision-making, documentation, and dealing with change.

    The idea that good requirements just happen because you have user stories is wrong. So, requirements remain superficial, as you "can iterate later"…but sometimes later never comes, or doesn't come fast enough.

    Organizations need to be very deliberate when aligning their Agile and requirements management practices. The work is the same. How the work is done is what changes.

    Info-Tech's Approach

    Infotech's advice? Why choose? Why have to pick between traditional waterfall and Agile delivery? If Agile without analysis is a recipe for disaster, Agile with analysis is the solution. And how can you leverage the Info-Tech approach to align your Agile and requirements management efforts into a powerful combination?

    Manage Requirements in an Agile Environment is your guide.

    Use the contents and exercises of this blueprint to gain a shared understanding of the two disciplines, to find your balance in your approach, to define your thresholds, and ultimately, to prepare for new ways of working.

    Info-Tech Insight

    Agile and requirements management are complementary, not competitors.

    The temptation when moving to Agile is to deemphasize good requirements practices in favor of perceived speed. If you're not delivering on the needs of the business, then you have failed, regardless of how fast you've gone.

    Insight summary

    Overarching insight

    Agile and requirements management are complementary, not competitors.

    The temptation when moving to Agile is to deemphasize good requirements practices in favor of perceived speed. If you're not delivering on the needs of the business, then you have failed, regardless of how fast you've gone

    Phase 1 insight

    • The purpose of requirements in waterfall is for approval. The purpose in Agile is for knowledge management, as Agile has no memory.
    • When it comes to the Agile manifesto, "over" does not mean "instead of".
    • In Agile, the what of business analysis does doesn't change. What does change is the how and when that work happens.

    Phase 2 insight

    • Understand your uncertainties; it's a great way to decide what level of Agile (if any) is needed.
    • Finding your "Goldilocks" zone will take time. Be patient.

    Phase 3 insight

    • Right-size your governance, based on team dynamics and project complexity. A good referee knows when to step in, and when to let the game flow.
    • Agile creates a social contract amongst the team, and with their leaders and organization.
    • Documentation needs to be valuable. Do what is acceptable and necessary to move work to future steps. Not documenting also comes with a cost, but one you pay in the future. And that bill will come due, with interest (aka, technical debt, operational inefficiencies, etc.).
    • A lack of acceptable documentation makes it more difficult to have agility. You're constantly revalidating your current state (processes, practices and structure) and re-arguing decisions already made. This slows you down more than maintaining documentation ever would.

    Phase 4 insight

    • Making Agile predictable is hard, because people are not predictable; people are prone to chaos.

    There have been many challenges with waterfall delivery

    It turns out waterfall is not that great at reducing risk and ensuring value delivery after all

    • Lack of flexibility
    • Difficulty in measuring progress
    • Difficulties with scope creep
    • Limited stakeholder involvement
    • Long feedback loops

    48%
    Had project deadlines more than double

    85%
    Exceeded their original budget by at least 20%

    25%
    At least doubled their original budget

    This is an image of the waterfall project results

    Source: PPM Express.

    Agile was meant to address the shortcomings of waterfall

    The wait for solutions was too long for our business partners. The idea of investing significant time, money, and resources upfront, building an exhaustive and complete vision of the desired state, and then waiting months or even years to get that solution, became unpalatable for them. And rightfully so. Once we cast a light on the pains, it became difficult to stay with the status quo. Given that organizations evolve at a rapid pace, what was a pain at the beginning of an initiative may not be so even 6 months later.

    Agile became the answer.

    Since its' first appearance nearly 20 years ago, Agile has become the methodology of choice for a many of organizations. According to the 15th Annual State of Agile report, Agile adoption within software development teams increased from 37% in 2020 to 86% in 2021.

    Adopting Agile led to challenges with requirements

    Requirements analysis, design maturity, and management are critical for a successful Agile transformation.

    "One of the largest sources of failure we have seen on large projects is an immature Agile implementation in the context of poorly defined requirements."
    – "Large Scale IT Projects – From Nightmare to Value Creation"

    "Requirements maturity is more important to project outcomes than methodology."
    – "Business Analysis Benchmark: Full Report"

    "Mature Agile practices spend 28% of their time on analysis and design."
    – "Quantitative Analysis of Agile Methods Study (2017): Twelve Major Findings"

    "There exists a Requirements Premium… organizations using poor practices spent 62% more on similarly sized projects than organizations using the best requirements practices."
    – "The Business Case for Agile Business Analysis" - Requirements Engineering Magazine

    Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

    This is an image of a bar graph comparing the percentage of respondents with high stakeholder satisfaction, to the percentage of respondents with low stakeholder satisfaction for four different categories.  these include: Availability of IT Capacity to Complete Projects; Overall IT Projects; IT Projects Meet Business Needs; Overall IT Satisfaction

    N= 324 small organizations from Info-Tech Research Group's CIO Business Vision diagnostic.

    Note: High satisfaction was classified as organizations with a score greater or equal to eight and low satisfaction was every organization that scored below eight on the same questions.

    Info-Tech's Agile requirements framework

    This is an image of Info-Tech's Agile requirements framework.  The three main categories are: Sprint N(-1); Sprint N; Sprint N(+1)

    Agile requirements are a balancing act

    Collaboration

    Many subject matter experts are necessary to create accurate requirements, but their time is limited too.

    Communication

    Stakeholders should be kept informed throughout the requirements gathering process, but you need to get the right information to the right people.

    Documentation

    Recording, organizing, and presenting requirements are essential, but excessive documentation will slow time to delivery.

    Control

    Establishing control points in your requirements gathering process can help confirm, verify, and approve requirements accurately, but stage gates limit delivery.

    What changes for the business analyst?

    In Agile, the what of business analysis does not change.

    What does change is the how and when that work happens.

    Business analysts need to focus on six key elements when managing requirements in Agile.

    • Team formation and interaction
    • Stakeholder engagement and communication
    • The timing and sequencing of their work
    • Decision-making
    • Documentation
    • Dealing with change

    Where does the business analysis function fit on an Agile team?

    Team formation is key, as Agile is a team sport

    A business analyst in an Agile team typically interacts with several different roles, including:

    • The product owner,
    • The Sponsor or Executive
    • The development team,
    • Other stakeholders such as customers, end-users, and subject matter experts
    • The Design team,
    • Security,
    • Testing,
    • Deployment.

    This is an image the roles who typically interact with a Business Analyst.

    How we do our requirements work will change

    • Team formation and interaction
    • Stakeholder engagement and communication
    • The timing and sequencing of their work
    • Decision-making
    • Documentation
    • Dealing with change

    As a result, you'll need to focus on;

    • Emphasizing flexibility
    • Enabling continuous delivery
    • Enhancing collaboration and communication
    • Developing a user-centered approach

    Get stakeholders on board with Agile requirements

    1. Stakeholder feedback and management support are key components of a successful Agile Requirements.
    2. Stakeholders can see a project's progression and provide critical feedback about its success at critical milestones.
    3. Management helps teams succeed by trusting them to complete projects with business value at top of mind and by removing impediments that are inhibiting their productivity.
    4. Agile will bring a new mindset and significant numbers of people, process, and technology changes that stakeholders and management may not be accustomed to. Working through these issues in requirements management enables a smoother rollout.
    5. Management will play a key role in ensuring long-term Agile requirements success and ultimately rolling it out to the rest of the organization.
    6. The value of leadership involvement has not changed even though responsibilities will. The day-to-day involvement in projects will change but continual feedback will ultimately dictate the success or failure of a project.

    Measuring your success

    Tracking metrics and measuring your progress

    As you implement the actions from this Blueprint, you should see measurable improvements in;

    • Team and stakeholder satisfaction
    • Requirements quality
    • Documentation cost

    Without sacrificing time to delivery

    Metric Description and motivation
    Team satisfaction (%) Expect team satisfaction to increase as a result of clearer role delineation and value contribution.
    Stakeholder satisfaction (%) Expect Stakeholder satisfaction to similarly increase, as requirements quality increases, bringing increased value
    Requirements rework Measures the quality of requirements from your Agile Projects. Expect that the Requirements Rework will decrease, in terms of volume/frequency.
    Cost of documentation Quantifies the cost of documentation, including Elicitation, Analysis, Validation, Presentation, and Management
    Time to delivery Balancing Metric. We don't want improvements in other at the expense of time to delivery

    Info-Tech's methodology for Agile requirements

    1. Framing Agile and Business Analysis

    2. Tailoring Your Approach

    3. Defining Your Requirements Thresholds

    4. Planning Your Next Steps

    Phase Activities

    1.1 Understand the benefits and limitations of Agile and business analysis

    1.2 Align Agile and business analysis within your organization

    2.1 Decide the best-fit approach for delivery

    2.2 Manage your requirements backlog

    3.1 Define project roles and responsibilities

    3.2 Define your level of acceptable documentation

    3.3 Manage requirements as an asset

    3.4 Define your requirements change management plan

    4.1 Preparing new ways of working

    4.2 Develop a roadmap for next steps

    Phase Outcomes

    Recognize the benefits and detriments of both Agile and BA.

    Understand the current state of Agile and business analysis in your organization.

    Confirm the appropriate delivery methodology.

    Manage your requirements backlog.

    Connect the business need to user story.

    Clearly defined interactions between the BA and their partners.

    Define a plan for management and governance at the project team level.

    Documentation and tactics that are right-sized for the need.

    Recognize and prepare for the new ways of working for communication, stakeholder engagement, within the team, and across the organization.

    Establish a roadmap for next steps to mature your Agile requirements practice.

    Blueprint tools and templates

    Key deliverable:

    This is a screenshot from the Agile Requirements Playbook

    Agile Requirements Playbook

    A practical playbook for aligning your teams and articulating the guidelines for managing your requirements in Agile

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    This is a screenshot from the Documentation Calculator

    Documentation Calculator

    A tool to help you answer the question: What is the right level of Agile requirements documentation for my organization?

    This is a screenshot from the Agile Requirements Assessment

    Agile Requirements Assessment

    Establishes your current maturity level, defines your target state, and supports planning to get there.

    This is a screenshot from the Agile Requirements Workbook

    Agile Requirements Workbook

    Supporting tools and templates in advancing your Agile requirements practice, to be used with the Agile Requirements Blueprint and Playbook.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    1. Framing Agile and Business Analysis / 2. Tailoring Your Approach 3. Defining Your Requirements
    Thresholds
    3. Defining Your Requirements Thresholds / 4. Planning Your Next Steps (OPTIONAL) Agile Requirements Techniques (a la carte) Next Steps and Wrap-Up (Offsite)

    Activities

    What does Agile mean in your organization? What do requirements mean in your organization?

    Agile Requirements Assessment

    Confirm your selected methodology

    Define your Agile requirements process

    Define your Agile requirements RACI (Optional)

    Define your Agile requirements governance

    Defining your change management plan

    Define your

    communication plan

    Capability gap list

    Planning your Agile requirements roadmap

    Managing requirements traceability

    Creating and managing user stories

    Managing your requirements backlog

    Maintaining a requirements library

    Develop Agile Requirements Playbook

    Complete in-progress deliverables from previous four days.

    Set up review time for workshop deliverables and next steps

    Outcomes

    Shared definition of Agile and business analysis / requirements

    Understand the current state of Agile and business analysis in your organization

    Agile requirements process

    Agile requirements RACI (Optional)

    Defined Agile requirements governance and documentation plan

    Change and backlog refinement plan

    Stakeholder communication plan

    Action plan and roadmap for maturing your Agile requirements practice

    Practical knowledge and practice about various tactics and techniques in support of your Agile requirements efforts

    Completed Agile Requirements Playbook

    Guided Implementation

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope objectives, and your specific challenges.

    Call #4: Define your approach to project delivery.

    Call #6: Define your Agile requirements process.

    Call #9: Identify gaps from current to target state maturity.

    Call #2: Assess current maturity.

    Call #5: Managing your requirements backlog.

    Call #7: Define roles and responsibilities.

    Call #10: Pprioritize next steps to mature your Agile requirements practice.

    Call #3: Identify target-state capabilities.

    Call #8: Define your change and backlog refinement approach.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 10 calls over the course of 4 to 6 months.

    Framing Agile and Business Analysis

    Phase 1

    Framing Agile and Business Analysis

    Phase 1Phase 2Phase 3Phase 4

    1.1 Understand the benefits and limitations of Agile and business analysis

    1.2 Align Agile and business analysis within your organization

    2.1 Confirm the best-fit approach for delivery

    2.2 manage your requirements backlog

    3.1 Define project roles and responsibilities

    3.2 define your level of acceptable documentation

    3.3 Manage requirements as an asset

    3.4 Define your requirements change management plan

    4.1 Preparing new ways of working

    4.2 Develop a roadmap for next steps

    This phase will walk you through the following activities:

    • EXERCISE: What do Agile and requirements mean in your organization?
    • ASSESSMENT: Agile requirements assessment
    • KEY DELIVERABLE: Agile Requirements Playbook

    This phase involves the following participants:

    • Business analyst and project team
    • Stakeholders
    • Sponsor/Executive

    Managing Requirements in an Agile Environment

    Step 1.1

    Understand the benefits and limitations of Agile and business analysis

    Activities

    1.1.1 Define what Agile and business analysis mean in your organization

    This step involves the following participants:

    • Business analyst and project team
    • Sponsor/Executive

    Outcomes of this step

    • Recognize the benefits and detriments of both Agile and business analysis

    Framing Agile and Business Analysis

    There have been many challenges with waterfall delivery

    It turns out waterfall is not that great at reducing risk and ensuring value delivery after all

    • Lack of flexibility
    • Difficulty in measuring progress
    • Difficulties with scope creep
    • Limited stakeholder involvement
    • Long feedback loops

    48%
    Had project deadlines more than double

    85%
    Exceeded their original budget by at least 20%

    25%
    At least doubled their original budget

    This is an image of the Waterfall Project Results

    Source: PPM Express.

    Business analysis had a clear home in waterfall

    Business analysts had historically been aligned to specific lines of business, in support of their partners in their respective domains. Somewhere along the way, the function was moved to IT. Conceptually this made sense, in that it allowed BAs to provide technical solutions to complex business problems. This had the unintended result of lost domain knowledge, and connection to the business.

    It all starts with the business. IT enables business goals. The closer you can get to the business, the better.

    Business analysts were the main drivers of helping to define the business requirements, or needs, and then decompose those into solution requirements, to develop the best option to solve those problems, or address those needs. And the case for good analysis was clear. The later a poor requirement was caught, the more expensive it was to fix. And if requirements were poor, there was no way to know until much later in the project lifecycle, when the cost to correct them was exponentially higher, to the tune of 10-100x the initial cost.

    This is an image of a graph showing the cost multiplier for Formulating Requirements, Architecture Design, Development, Testing and, Operations

    Adapted from PPM Express. "Why Projects Fail: Business Analysis is the Key".

    Agile was meant to address the shortcomings of waterfall

    The wait for solutions was too long for our business partners. The idea of investing significant time, money, and resources upfront, building an exhaustive and complete vision of the desired state, and then waiting months or even years to get that solution became unpalatable for them. And rightfully so. Once we cast a light on the pains, it became difficult to stand pat in the current state. And besides, organizations evolve at a rapid pace. What was a pain at the beginning of an initiative may not be so even six months later.

    Agile became the answer.

    Since its first appearance nearly 20 years ago, Agile has become the methodology of choice for a huge swathe of organizations. According to the 15th Annual State of Agile report, Agile adoption within software development teams increased from 37% in 2020 to 86% in 2021.

    To say that's significant is an understatement.

    The four core values of Agile helped shift focus

    According to the Agile manifesto, "We value. . ."

    This is an image of what is valued according to the Agile Manifesto.

    "…while there is value in the items on the right, we value the items on the left more."

    Source: Agilemanifesto, 2001

    Agile has made significant inroads in IT and beyond

    94% of respondents report using Agile practices in their organization

    according to Digital.AI's "The 15th State of Agile Report"

    That same report notes a steady expansion of Agile outside of IT, as other areas of the organization seek to benefit from increased agility and responsiveness, including Human Resources, Finance and Marketing.

    While it addressed some problems…

    This is an image of the Waterfall Project Results, compared to Agile Product Results.

    "Agile projects are 37% faster to market than [the] industry average"

    (Requirements Engineering Magazine, 2017)

    • Business requirements documents are massive and unreadable
    • Waterfall erects barriers and bottlenecks between the business and the development team
    • It's hard to define the solution at the outset of a project
    • There's a long turnaround between requirements work and solution delivery
    • Locking in requirements dictates an often-inflexible solution. And the costs to make changes tend to add up.

    …Implementing Agile led to other challenges

    This is an image of a series of thought bubbles, each containing a unique challenge resulting from implementing Agile.

    Adopting Agile led to challenges with requirements

    Requirements analysis, design maturity, and management are critical for a successful Agile transformation.

    "One of the largest sources of failure we have seen on large projects is an immature Agile implementation in the context of poorly defined requirements."
    – BCG, 2015

    "Requirements maturity is more important to project outcomes than methodology."
    – IAG Consulting, 2009.

    "Mature Agile practices spend 28% of their time on analysis and design."
    – InfoQ, 2017."

    "There exists a Requirements Premium… organizations using poor practices spent 62% more on similarly sized projects than organizations using the best requirements practices."
    – Requirements Engineering Magazine, 2017

    Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

    This is an image of a bar graph comparing the percentage of respondents with high stakeholder satisfaction, to the percentage of respondents with low stakeholder satisfaction for four different categories.  these include: Availability of IT Capacity to Complete Projects; Overall IT Projects; IT Projects Meet Business Needs; Overall IT Satisfaction

    N= 324 small organizations from Info-Tech Research Group's CIO Business Vision diagnostic.

    Note: High satisfaction was classified as organizations with a score greater or equal to eight and low satisfaction was every organization that scored below eight on the same questions.

    Agile is being misinterpreted as an opportunity to bypass planning and analysis activities

    Agile is a highly effective tool.

    This isn't about discarding Agile. It is being used for things completely outside of what was originally intended. When developing products or code, it is in its element. However, outside of that realm, its being used to bypass business analysis activities, which help define the true customer and business need.

    Business analysts were forced to adapt and shift focus. Overnight they morphed into product owners, or no longer had a place on the team. Requirements and analysis took a backseat.

    The result?

    Increased rework, decreased stakeholder satisfaction, and a lot of wasted money and effort.

    "Too often, the process of two-week sprints becomes the thing, and the team never gets the time and space to step back and obsess over what is truly needed to delight customers."
    Harvard Business Review, 9 April 2021.

    Info-Tech Insight

    Requirements in Agile are the same, but the purpose of requirements changes.

    • The purpose of requirements in waterfall is for stakeholder approval.
    • The purpose of requirements in Agile is knowledge management; to maintain a record of the current state.

    Many have misinterpreted the spirit of Agile and waterfall

    The stated principles of waterfall say nothing of how work is to be linear.

    This is an image of a comparison between using Agile and Being Prescriptive.This is an image of Royce's 5 principles for success.

    Source: Royce, Dr. Winston W., 1970.

    For more on Agile methodology, check out Info-Tech's Agile Research Centre

    How did the pendulum swing so far?

    Shorter cycles of work made requirements management more difficult. But the answer isn't to stop doing it.

    Organizations went from engaging business stakeholders up front, and then not until solution delivery, to forcing those partners to give up their resources to the project. From taking years to deliver a massive solution (which may or may not even still fit the need) to delivering in rapid cycles called sprints.

    This tug-of-war is costing organizations significant time, money, and effort.

    Your approach to requirements management needs to be centered. We can start to make that shift by better aligning our Agile and business analysis practices. Outside of the product space, Agile needs to be combined with other disciplines (Harvard Business Review, 2021) to be effective.

    Agility is important. Though it is not a replacement for approach or strategy (RCG Global Services, 2022). In Agile, team constraints are leveraged because of time. There is a failure to develop new capabilities to address the business needs Harvard Business Review, 2021).

    Agility needs analysis.

    Agile requirements are a balancing act

    Collaboration

    Many subject matter experts are necessary to create accurate requirements, but their time is limited too.

    Communication

    Stakeholders should be kept informed throughout the requirements gathering process, but you need to get the right information to the right people.

    Documentation

    Recording, organizing, and presenting requirements are essential, but excessive documentation will slow time to delivery.

    Control

    Establishing control points in your requirements gathering process can help confirm, verify, and approve requirements accurately, but stage gates limit delivery.

    Start by defining what the terms mean in your organization

    We do this because there isn't even agreement by the experts on what the terms "Agile" and "business analysis" mean, so let's establish a definition within the context of your organization.

    1.1.1 What do Agile and business analysis mean in your organization?

    Estimated time: 30 Minutes

    1. Explore the motivations behind the need for aligning Agile with business analysis. Are there any current challenges related to outputs, outcomes, quality? How can the team and organization align the two more effectively for the purposes of requirements management?
    2. Gather the appropriate stakeholders to discuss their definition of the terms "Agile" and "business analysis" It can be related to their experience, practice, or things they've read or heard.
    3. Brainstorm and document all shared thoughts and perspectives.
    4. Synthesize those thoughts and perspectives into a shared definition of each term, of a sentence or two.
    5. Revisit this definition as needed, and as your Agile requirements efforts evolve.

    Input

    • Challenges and experiences/perspectives related to Agile and business requirements

    Output

    • A shared definition of Agile and business analysis, to help guide alignment on Agile requirements management

    Materials

    • Agile Requirements Workbook

    Participants

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Build your Agile Requirements Playbook

    Keep the outcomes of this blueprint in a single document

    Share at the beginning of a new project, as part of team member onboarding, and revisit as your practice matures.

    This is a series of three screenshots from the Agile Requirements Playbook.

    Your Agile Requirements Playbook will include

    • Your shared definition of Agile and business analysis for your organization
    • The Agile Requirements Maturity Assessment
    • A Methodology Selection Matrix
    • Agile requirements RACI
    • A defined Agile requirements process
    • Documentation Calculator
    • Your Requirements Repository Information
    • Capability Gap List (from current to target state)
    • Target State Improvement Roadmap and Action Plan

    Step 1.2

    Align Agile and Business Analysis Within Your Organization

    Activities

    1.2.1 Assess your Agile requirements maturity

    This step involves the following participants:

    • Business Analyst and Project Team
    • Stakeholders
    • Sponsor/Executive

    Outcomes of this step

    • Complete the Agile Requirements Maturity Assessment to establish your current and target states

    Framing Agile and Business Analysis

    Consider the question: "Why Agile?"

    What is the driving force behind that decision?

    There are many reasons to leverage the power of Agile within your organization, and specifically as part of your requirements management efforts. And it shouldn't just be to improve productivity. That's only one aspect.
    Begin by asking, "Why Agile?" Are you looking to improve:

    • Time to market
    • Team engagement
    • Product quality
    • Customer satisfaction
    • Stakeholder engagement
    • Employee satisfaction
    • Consistency in delivery of value
    • Predictably of your releases

    Or a combination of the above?

    Info-Tech Insight

    Project delivery methodologies aren't either/or. You don't have to be 100% waterfall or 100% Agile. Select the right approach for your project, product, or service.

    In the end, your business partners don't want projects delivered faster, they want value faster!

    For more on understanding Agile, check out the Implement Agile Practices That Work Blueprint

    Responses to a 2019 KPMG survey:

    13% said that their top management fully supports Agile transformation.

    76% of organizations did not agree that their organization supports Agile culture.

    62% of top management believe Agile has no implications for them.

    What changes for the business analyst?

    Business analysts need to focus on six key elements when managing requirements in Agile.

    • Team formation and interaction
    • Stakeholder engagement and communication
    • The timing and sequencing of their work
    • Decision-making
    • Documentation
    • Dealing with change

    In Agile, the what of business analysis does not change.

    What does change is the how and when that work happens.

    1.2.1 Assess your Agile requirements maturity

    This is a series of screenshots from the Agile Requirements Maturity Assessment.

    1.2.1 Assess your Agile requirements maturity

    Estimated time: 30 Minutes

      1. Using the Agile Requirements Maturity Assessment, gather all appropriate stakeholders, and discuss and score the current state of your practice. Scoring can be done by:
        1. Consensus: Generally better with a smaller group, where the group agrees the score and documents the result
        2. Average: Have everyone score individually, and aggregate the results into an average, which is then entered.
        3. Weighted Average: As above, but weight the individual scores by individual or line of business to get a weighted average.
      2. When current state is complete, revisit to establish target state (or hold as a separate session) using the same scoring approach as in current state.
        1. Recognize that there is a cost to maturity, so don't default to the highest score by default.
        2. Resist the urge at this early stage to generate ideas to navigate from current to target state. We will re-visit this exercise in Phase 4, once we've defined other pieces of our process and practice.

    Input

    • Participant knowledge and experience

    Output

    • A current and target state assessment of your Agile requirements practice

    Materials

    • Agile Requirements Maturity Assessment

    Participants

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Tailoring Your Approach

    Phase 2

    Phase 1Phase 2Phase 3Phase 4

    1.1 Understand the benefits and limitations of Agile and business analysis

    1.2 Align Agile and business analysis within your organization

    2.1 Confirm the best-fit approach for delivery

    2.2 manage your requirements backlog

    3.1 Define project roles and responsibilities

    3.2 define your level of acceptable documentation

    3.3 Manage requirements as an asset

    3.4 Define your requirements change management plan

    4.1 Preparing new ways of working

    4.2 Develop a roadmap for next steps

    This phase will walk you through the following activities:

    • Selecting the appropriate delivery methodology
    • Managing your requirements backlog
    • Tracing from business need to user story

    This phase involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Managing Requirements in an Agile Environment

    Step 2.1

    Confirm the Best-fit Approach for Delivery

    Activities

    2.1.1 Confirm your methodology

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Outcomes of this step

    • A review of potential delivery methodologies to select the appropriate, best-fit approach to your projects

    Confirming you're using the best approach doesn't have be tricky

    Selecting the right approach (or confirming you're on the right track) is easier when you assess two key inputs to your project; your level of certainty about the solution, and the level of complexity among the different variables and inputs to your project, such as team experience and training, the number of impacted stakeholders or context. lines of business, and the organizational

    Solution certainty refers to the level of understanding of the problem and the solution at the start of the project. In projects with high solution certainty, the requirements and solutions are well defined, and the project scope is clear. In contrast, projects with low solution certainty have vague or changing requirements, and the solutions are not well understood.

    Project complexity refers to the level of complexity of the project, including the number of stakeholders, the number of deliverables, and the level of technical complexity. In projects with high complexity, there are many stakeholders with different priorities, many deliverables, and high technical complexity. In contrast, projects with low complexity have fewer stakeholders, fewer deliverables, and lower technical complexity.

    "Agile is a fantastic approach when you have no clue how you're going to solve a problem"

    • Ryan Folster, Consulting Services Manager, Business Analysis, Dimension Data

    Use Info-Tech's methodology selection matrix

    Waterfall methodology is best suited for projects with high solution certainty and high complexity. This is because the waterfall model follows a linear and sequential approach, where each phase of the project is completed before moving on to the next. This makes it ideal for projects where the requirements and solutions are well-defined, and the project scope is clear.

    On the other hand, Agile methodology is best suited for projects with low solution certainty. Agile follows an iterative and incremental approach, where the requirements and solutions are detailed and refined throughout the project. This makes it ideal for projects where the requirements and solutions are vague or changing.

    Note that there are other models that exist for determining which path to take, should this approach not fit within your organization.

    Use info-tech's-methodology-selection-matrix

    This is an image of Info-Tech’s methodology selection matrix

    Adapted from The Chaos Report, 2015 (The Standish Group)

    Download the Agile Requirements Workbook

    2.1.1 Confirm your methodology

    Estimated time: 30 Minutes

    1. Using the Agile Requirements Workbook, find the tab labelled "Methodology Assessment" and answer the questions to establish your complexity and certainty scores, where;

    1 = Strongly disagree
    2 = Disagree
    3 = Neutral
    4 = Agree
    5 = Strongly agree.

    1. In the same workbook, plot the results in the grid on the tab labelled "Methodology Matrix".
    2. Projects falling into Green are good fits for Agile. Yellow are viable. And Red may not be a great fit for Agile.
    3. Note: Ultimately, the choice of methodology is yours. Recognize there may be additional challenges when a project is too complex, or uncertainty is high.

    Input

    • Current project complexity and solution certainty

    Output

    • A clear choice of delivery methodology

    Materials

    • Agile Requirements Workbook

    Participants

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Step 2.2

    Manage Your Requirements Backlog

    Activities

    2.2.1 Create your user stories

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Outcomes of this step

    • Understand how to convert requirements into user stories, which populate the Requirements Backlog.

    Tailoring Your Approach

    There is a hierarchy to requirements

    This is a pyramid, with the base being: Solution Requirements; The middle being: Stakeholder Requirements; and the Apex being: Business Requirements.
    • Higher-level statements of the goals, objectives, or needs of the enterprise.
    • Business requirements focus on the needs of the organization, and not the stakeholders within it.

    Defines

    Intended benefits and outcomes

    • Statements of the needs of a particular stakeholder or class of stakeholders, and how that stakeholder will interact with a solution.

    Why it is needed, and by who

    • Describes the characteristics of a solution that meets business requirements and stakeholder requirements. Functional describes the behavior and information that the solution will manage. They describe capabilities the system will be able to perform in terms of behaviors or operations. Non-functional represents constraints on the ultimate solution and tends to be less negotiable.

    What is needed, and how its going to be achieved

    Connect the dots with a traceability matrix

    Business requirements describe what a company needs in order to achieve its goals and objectives. Solution requirements describe how those needs will be met. User stories are a way to express the functionality that a solution will provide from the perspective of an end user.

    A traceability matrix helps clearly connect and maintain your requirements.

    To connect business requirements to solution requirements, you can start by identifying the specific needs that the business has and then determining how those needs can be met through technology or other solutions; or what the solution needs to do to meet the business need. So, if the business requirement is to increase online sales, a solution requirement might include implementing a shopping cart feature on your company website.

    Once you have identified the solution requirements, you can then use those to create user stories. A user story describes a specific piece of functionality that the solution will provide from the perspective of a user.

    For example, "As a customer, I want to be able to add items to my shopping cart so that I can purchase them." This user story is directly tied to the solution requirement of implementing a shopping cart feature.

    Tracing from User Story back up to Business Requirement is essential in ensuring your solutions support your organization's strategic vison and objectives.

    This is an image of a traceability matrix for Business Requirements.

    Download the Info-Tech Requirements Traceability Matrix

    Improve the quality of your solution requirements

    A solution requirement is a statement that clearly outlines the functional capability that the business needs from a system or application.

    There are several attributes to look for in requirements:

    Verifiable

    Unambiguous

    Complete

    Consistent

    Achievable

    Traceable

    Unitary

    Agnostic

    Stated in a way that can be easily tested

    Free of subjective terms and can only be interpreted in one way

    Contains all relevant information

    Does not conflict with other requirements

    Possible to accomplish with budgetary and technological constraints

    Trackable from inception through to testing

    Addresses only one thing and cannot be decomposed into multiple requirements

    Doesn't pre-suppose a specific vendor or product

    For more on developing high quality requirements, check out the Improve Requirements Gathering Blueprint

    Prioritize your requirements

    When everything is a priority, nothing is a priority.

    Prioritization is the process of ranking each requirement based on its importance to project success. Each requirement should be assigned a priority level. The delivery team will use these priority levels to ensure efforts are targeted toward the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order your requirements.

    The MoSCoW Model of Prioritization

    This is an image of The MoSCoW Model of Prioritization

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994

    (Source: ProductPlan).

    Base your prioritization on the right set of criteria

    Criteria Description
    Regulatory and legal compliance These requirements will be considered mandatory.
    Policy compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business value significance Give a higher priority to high-value requirements.
    Business risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of success Especially in proof-of-concept projects, it is recommended that requirements have good odds.
    Implementation complexity Give a higher priority to low implementation difficulty requirements.
    Alignment with strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    Info-Tech Insight

    It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.

    Manage solution requirements in a Product backlog

    What is a backlog?

    Agile teams are familiar with the use of a Sprint Backlog, but in Requirements Management, a Product Backlog is a more appropriate choice.

    A product backlog and a Sprint backlog are similar in that they are both lists of items that need to be completed in order to deliver a product or project, but there are some key differences between the two.

    A product backlog is a list of all the features, user stories, and requirements that are needed for a product or project. It is typically created and maintained by the business analyst or product owner and is used to prioritize and guide the development of the product.

    A Sprint backlog, on the other hand, is a list of items specifically for an upcoming sprint, which is an iteration of work in Scrum. The Sprint backlog is created by the development team and is used to plan and guide the work that will be done during the sprint. The items in the Sprint backlog are typically taken from the product backlog and are prioritized based on their importance and readiness.

    For more on building effective product backlogs, visit Deliver on Your Digital Product Vision

    A backlog stores and organizes requirements at various stages

    Your backlog must give you a holistic understanding of demand for change in the product.

    A well-formed backlog can be thought of as a DEEP backlog

    Detailed appropriately: Requirements are broken down and refined as necessary

    Emergent: The backlog grows and evolves over time as requirements are added and removed.

    Estimated: The effort to deliver a requirement is estimated at each tier.

    Prioritized: A requirement's value and priority are determined at each tier.

    This is an image of an inverted funnel, with the top being labeled: Ideas; The middle being labeled: Qualified; and the bottom being labeled: Ready.

    Adapted from Essential Scrum

    Ensure requests and requirements are ready for development

    Clearly define what it means for a requirement, change, or maintenance request to be ready for development.

    This will help ensure the value and scope of each functionality and change are clear and well understood by both developers and stakeholders before the start of the sprint. The definition of ready should be two-fold: ready for the backlog, and ready for coding.

    1. Create a checklist that indicates when a requirement or request is ready for the development backlog. Consider the following questions:
      1. Is the requirement or request in the correct format?
      2. Does the desired functionality or change have significant business value?
      3. Can the requirement or request be reasonably completed within defined release timelines under the current context?
      4. Does the development team agree with the budget and points estimates?
      5. Is there an understanding of what the requirement or request means from the stakeholder or user perspective?
    2. Create a checklist that indicates when a requirement or request is ready for development. Consider the following questions:
      1. Have the requirements and requests been prioritized in the backlog?
      2. Has the team sufficiently collaborated on how the desired functionality or change can be completed?
      3. Do the tasks in each requirement or request contain sufficient detail and direction to begin development?
      4. Can the requirement or request be broken down into smaller pieces?

    Converting solution requirements into user stories

    Define the user

    Who will be interacting with the product or feature being developed? This will help to focus the user story on the user's needs and goals.

    Create the story

    Create the user story using the following template: "As a [user], I want [feature] so that [benefit]."
    This helps articulate the user's need and the value that the requirement will provide.

    Decompose

    User stories are typically too large to be implemented in a single sprint, so they should be broken down into smaller, more manageable tasks.

    Prioritize

    User stories are typically too large to be implemented in a single sprint, so they should be broken down into smaller, more manageable tasks.

    2.2.1 Create your user stories

    Estimated time: 60 Minutes

    1. Gather the project team and relevant stakeholders. Have access to your current list of solution requirements.
    2. Leverage the approach on previous slide "Converting Solution Requirements into User Stories" to generate a collection of user stories.

    NOTE: There is not a 1:1 relationship between requirements and user stories.
    It is possible that a single requirement will have multiple user stories, and similarly, that a single user story will apply to multiple solution requirements.

    Input

    • Requirements
    • Use Case Template

    Output

    • A collection of user stories

    Materials

    • Current Requirements

    Participants

    • Business Analyst(s)
    • Project Team
    • Relevant Stakeholders

    Use the INVEST model to create good user stories

    At this point your requirements should be high-level stories. The goal is to refine your backlog items, so they are . . .

    A vertical image of the Acronym: INVEST, taken from the first letter of each bolded word in the column to the right of the image.

    Independent: Ideally your user stories can be built in any order (i.e. independent from each other). This allows you to prioritize based on value and not get caught up in sequencing and prerequisites.
    Negotiable: As per the Agile principle, collaboration over contracts. Your user stories are meant to facilitate collaboration between the developer and the business. Therefore, they should be built to allow negotiation between all parties.
    Valuable: A user story needs to state the value so it can be effectively prioritized, but also so developers know what they are building.
    Estimable: As opposed to higher-level approximation given to epics, user stories need more accuracy in their estimates in order to, again, be effectively prioritized, but also so teams can know what can fit into a sprint or release plans.
    Small: User stories should be small enough for a number of them to fit into a sprint. However, team size and velocity will impact how many can be completed. A general guideline is that your teams should be able to deliver multiple stories in a sprint.
    Testable: Your stories need to be testable, which means they must have defined acceptance criteria and any related test cases as defined in your product quality standards.
    Source: Agile For All

    Defining Your Requirements Thresholds

    Phase 3

    Defining Your Requirements Thresholds

    Phase 1Phase 2Phase 3Phase 4

    1.1 Understand the benefits and limitations of Agile and business analysis

    1.2 Align Agile and business analysis within your organization

    2.1 Confirm the best-fit approach for delivery

    2.2 manage your requirements backlog

    3.1 Define project roles and responsibilities

    3.2 define your level of acceptable documentation

    3.3 Manage requirements as an asset

    3.4 Define your requirements change management plan

    4.1 Preparing new ways of working

    4.2 Develop a roadmap for next steps

    This phase will walk you through the following activities:

    • Assigning roles and responsibilities optional (Tool: RACI)
    • Define your Agile requirements process
    • Calculate the cost of your documentation (Tool: Documentation Calculator)
    • Define your backlog refinement plan

    This phase involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Managing Requirements in an Agile Environment

    Step 3.1

    Define Project Roles and Responsibilities

    Activities

    3.1.1 Define your Agile requirements RACI (optional)

    3.1.2 Define your Agile requirements process

    Defining Your Requirements Thresholds

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Outcomes of this step

    • A defined register of roles and responsibilities, along with a defined process for how Agile requirements work is to be done.

    Defining Your Requirements Thresholds

    Where does the BA function fit on an Agile team?

    Team formation is key, as Agile is a team sport

    A business analyst in an Agile team typically interacts with several different roles, including the product owner, development team, and many other stakeholders throughout the organization.

    This is an image the roles who typically interact with a Business Analyst.

    • The product owner, to set the priorities and direction of the project, and to gather requirements and ensure they are being met. Often, but not always, the BA and product owner are the same individual.
    • The development team, to provide clear and concise requirements that they can use to build and test the product.
    • Other stakeholders, such as customers, end-users, and subject matter experts to gather their requirements, feedback and validate the solution.
      • Design, to ensure that the product meets user needs. They may provide feedback and ensure that the design is aligned with requirements.
      • Security, to ensure that the solution meets all necessary security requirements and to identify potential risks and appropriate use of controls.
      • Testing, to ensure that the solution is thoroughly tested before it is deployed. They may create test cases or user scenarios that validate that everything is working as intended.
      • Deployment, to ensure that the necessary preparations have been made, including testing, security, and user acceptance.

    Additionally, during the sprint retrospectives, the team will review their performance and find ways to improve for the next sprint. As a team member, the business analyst helps to identify areas where the team could improve how they are working with requirements and understand how the team can improve communication with stakeholders.

    3.1.1 (Optional) Define Your Agile Requirements RACI

    Estimated Time: 60 Minutes

    1. Identify the project deliverables: The first step is to understand the project deliverables and the tasks that are required to complete them. This will help you to identify the different roles and responsibilities that need to be assigned.
    2. Define the roles and responsibilities: Identify the different roles that will be involved in the project and their associated responsibilities. These roles may include project manager, product owner, development team, stakeholders, and any other relevant parties.
    3. Assign RACI roles: Assign a RACI role to each of the identified tasks. The RACI roles are:
      1. Responsible: the person or team who is responsible for completing the task
      2. Accountable: the person who is accountable for the task being completed on time and to the required standard
      3. Consulted: the people or teams who need to be consulted to ensure the task is completed successfully
      4. Informed: the people or teams who need to be informed of the task's progress and outcome
    4. Create the RACI chart: Use the information gathered in the previous steps to create a matrix or chart that shows the tasks, the roles, and the RACI roles assigned to each task.
    5. Review and refine: Review the RACI chart with the project team and stakeholders to ensure that it accurately reflects the roles and responsibilities of everyone involved. Make any necessary revisions and ensure that all parties understand their roles and responsibilities.
    6. Communicate and implement: Communicate the RACI chart to all relevant parties and ensure that it is used as a reference throughout the project. This will help to ensure that everyone understands their role and that tasks are completed on time and to the required standard.

    Input

    • A list of required tasks and activities
    • A list of stakeholders

    Output

    • A list of defined roles and responsibilities for your project

    Materials

    • Agile Requirements Workbook

    Participants

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    A Case Study in Team Formation

    Industry: Anonymous Organization in the Energy sector
    Source: Interview

    Challenge

    Agile teams were struggling to deliver within a defined sprint, as there were consistent delays in requirements meeting the definition of ready for development. As such, sprints were often delayed, or key requirements were descoped and deferred to a future sprint.

    During a given two-week sprint cycle, the business analyst assigned to the team would be working along multiple horizons, completing elicitation, analysis, and validation, while concurrently supporting the sprint and dealing with stakeholder changes.

    Solution

    As a part of addressing this ongoing pain, a pilot program was run to add a second business analyst to the team.

    The intent was, as one is engaged preparing requirements through elicitation, analysis, and validation for a future sprint, the second is supporting the current sprint cycle, and gaining insights from stakeholders to refine the requirements backlog.

    Essentially, these two were leap-frogging each other in time. At all times, one BA was focused on the present, and one on the future.

    Result

    A happier team, more satisfied stakeholders, and consistent delivery of features and functions by the Agile teams. The pilot team outperformed all other Agile teams in the organization, and the "2 BA" approach was made the new standard.

    Understanding the Agile requirements process

    Shorter cycles make effective requirements management more necessary, not less

    Short development cycles can make requirements management more difficult because they often result in a higher rate of change to the requirements. In a shorter timeframe, there is less time to gather and verify requirements, leading to a higher likelihood of poor or incomplete requirements. Additionally, there may be more pressure to make decisions quickly, which can lead to less thorough analysis and validation of requirements. This can make it more challenging to ensure that the final solution meets the needs of the stakeholders.
    When planning your requirements cycles, it's important to consider;

    • Your sprint logistics (how long?)
    • Your release plan (at the end of every sprint, monthly, quarterly?)
    • How the backlog will be managed (as tickets, on a visual medium, such as a Kanban board?)
    • How will you manage communication?
    • How will you monitor progress?
    • How will future sprint planning happen?

    Info-Tech's Agile requirements framework

    Sprint N(-1)

    Sprint N

    Sprint N(+1)

    An image of Sprint N(-1) An image of Sprint N An image of Sprint N(+1)

    Changes from waterfall to Agile

    Gathering and documenting requirements: Requirements are discovered and refined throughout the project, rather than being gathered and documented up front. This can be difficult for business analysts who are used to working in a waterfall environment where all requirements are gathered and documented before development begins.
    Prioritization of requirements: Requirements are prioritized based on their value to the customer and the team's ability to deliver them. This can be difficult for business analysts who are used to prioritizing requirements based on the client's needs or their own understanding of what is important.

    Defining acceptance criteria: Acceptance criteria are defined for each user story to ensure that the team understands what needs to be delivered. Business analysts need to understand how to write effective acceptance criteria and how to use them to ensure that the team delivers what the customer needs.
    Supporting Testing and QA: The business analyst plays a role in ensuring that testing (and test cases) are completed and of proper quality, as defined in the requirements.

    Managing changing requirements: It is expected that requirements will change throughout the project. Business analysts need to be able to adapt quickly to changing requirements and ensure that the team is aware of the changes and how they will impact the project.
    Collaboration with stakeholders: Requirements are gathered from a variety of stakeholders, including customers, users, and team members. Business analysts need to be able to work effectively with all stakeholders to gather and refine requirements and ensure that the team is building the right product.

    3.1.2 Define your Agile requirements process

    Estimated time: 60 Minutes

    1. Gather all relevant stakeholders to discuss and define your process for requirements management.
    2. Have a team member facilitate the session to define the process. The sample in the Agile Requirements Workbook can be used optionally as a starting point. You can also use any existing processes and procedures as a baseline.
    3. Gain agreement on the process from all involved stakeholders.
    4. Revisit the process periodically to review its performance and make adjustments as needed.

    NOTE: The process is intended to be at a high enough level to leave space and flexibility for team members to adapt and adjust, but at a sufficient depth that everyone understands the process and workflows. In other words, the process will be both flexible and rigid, and the two are not mutually exclusive.

    Input

    • Project team and RACI
    • Existing Process (if available)

    Output

    • A process for Agile requirements that is flexible yet rigid

    Materials

    • Agile Requirements Workbook

    Participants

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Establish the right level of governance and decision-making

    Establishing the right level of governance and decision making is important in Agile requirements because there is a cost to decision making, as time plays an important factor. Even the failure to decide can have significant impacts.

    Good governance and decision-making practices can help to minimize risks, ensure that requirements are well understood and managed, and that project progress is tracked and reported effectively.

    In Agile environments, this often involves establishing clear roles and responsibilities, implementing effective communication and collaboration practices, and ensuring that decision-making processes are efficient and effective.

    Good requirements management practices can help to ensure that projects are aligned with organizational goals and strategy, that stakeholders' needs are understood and addressed, and that deliverables are of high quality and meet the needs of the business.

    By ensuring that governance and decision-making is effective, organizations can improve the chances of project success, and deliver value to the business. Risks and costs can be mitigated by staying small and nimble.

    Check out Make Your IT Governance Adaptable

    Develop an adaptive governance process

    A pyramid, with the number 4 at the apex, and the number 1 at the base.  In order from base-apex, the following titles are found to the right of the pyramid: Ad-Hoc governance; Controlled Governance; Agile Governance; Embedded/Automated governance.

    Maturing governance is a journey

    Organizations should look to progress in their governance stages. Ad-hoc and controlled governance tends to be slow, expensive, and a poor fit for modern practices.

    The goal as you progress through your stages is to delegate governance and empower teams to make optimal decisions in real-time, knowing that they are aligned with the understood best interests of the organization.

    Automate governance for optimal velocity, while mitigating risks and driving value.

    This puts your organization in the best position to be adaptive and able to react effectively to volatility and uncertainty.

    A graph charting Trust and empowerment on the x-axis, and Progress Integration on the Y axis.

    Five key principles for building an adaptive governance framework

    Delegate and empower

    Decision making must be delegated down within the organization, and all resources must be empowered and supported to make effective decisions.

    Define outcomes

    Outcomes and goals must be clearly articulated and understood across the organization to ensure decisions are in line and stay within reasonable boundaries.

    Make risk- informed decisions

    Integrated risk information must be available with sufficient data to support decision making and design approaches at all levels of the organization.

    Embed / automate

    Governance standards and activities need to be embedded in processes and practices. Optimal governance reduces its manual footprint while remaining viable. This also allows for more dynamic adaptation.

    Establish standards and behavior

    Standards and policies need to be defined as the foundation for embedding governance practices organizationally. These guardrails will create boundaries to reinforce delegated decision making.

    Sufficient decision-making power should be given to your Agile teams

    Push the decision-making process down to your pilot teams.

    • Bring your business stakeholders and subject matter experts together to identify the potential high-level risks.
    • Bring your business stakeholders and subject matter experts together to identify the potential high-level risks.
    • Discuss with the business the level of risk they are willing to accept.
    • Define the level of authority project teams have in making critical decisions.

    "Push the decision making down as far as possible, down to the point where sprint teams completely coordinate all the integration, development, and design. What I push up the management chain is risk taking. [Management] decides what level of risk they are willing to take and [they] demonstrate that by the amount of decision making you push down."
    – Senior Manager, Canadian P&C Insurance Company, Info-Tech Interview

    Step 3.2

    Define Your Level of Acceptable Documentation

    Activities

    3.2.1 Calculate the cost of documentation

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Relevant Stakeholders

    Outcomes of this step

    • Quantified cost of documentation produced for your Agile project.

    Defining Your Requirements Thresholds

    Right-size Your Documentation

    Why do we need it, and what purpose does it serve?

    Before creating any documentation, consider why; why are you creating documentation, and what purpose is it expected to serve?
    Is it:

    • … to gain approval?
    • … to facilitate decision-making?
    • .. to allow the team to think through a challenge or compare solution options?

    Next, consider what level of documentation would be acceptable and 'enough' for your stakeholders. Recognize that 'enough' will depend on your stakeholder's personal definition and perspective.
    There may also be considerations for maintaining documentation for the purposes of compliance, and auditability in some contexts and industries.
    The point is not to eliminate all documentation, but rather, to question why we're producing it, so that we can create just enough to deliver value.

    "What does the next person need to do their work well, to gain or create a shared understanding?"
    - Filip Hendrickx, Innovating BA and Founder, altershape

    Documentation comes at a cost

    We need to quantify the cost of documentation, against the expected benefit

    All things take time, and that would imply that all things have an inherent cost. We often don't think in these terms, as it's just the work we do, and costs are only associated with activities requiring additional capital expenditure. Documentation of requirements can come at a cost in terms of time and resources. Creating and maintaining detailed documentation requires effort from project team members, which could be spent on other aspects of the project such as development or testing. Additionally, there may be costs associated with storing and distributing the documentation.

    When creating documentation, we are making a decision. There is an opportunity cost of investing time to create, and concurrently, not working on other activities. Documentation of requirements can come at a cost in terms of time and resources. Creating and maintaining detailed documentation requires effort from project team members, which could be spent on other aspects of the project such as development or testing. Additionally, there may be costs associated with storing and distributing the documentation.

    In order to make better informed decisions about the types, quantity and even quality of the documentation we are producing, we need to capture that data. To ensure we are receiving good value for our documentation, we should compare the expected costs to the expected benefits of a sprint or project.

    3.2.1 Calculate the cost of documentation

    Estimated time: as needed

    1. Use this tool to quantify the cost of creating and maintaining current state documentation for your Agile requirements team. It provides an indication, via the Documentation Cost Index, of when your project is documenting excessively, relative to the expected benefits of the sprint or project.
    2. In Step 1, enter the hourly rate for the person (or persons) completing the business analysis function for your Agile team. NB: This does not have to be a person with the title of business analyst. If there are multiple people fulfilling this role, enter the average rate (if their rates are same or similar) or a weighted average (if there is a significant range in the hourly rate)
    3. In Step 2, enter the expected benefit (in $) for the sprint or project.
    4. In Step 3, enter the total number of hours spent on each task/activity during the sprint or project. Use blank spaces as needed to add tasks and activities not listed.
    5. In Step 4, you'll find the Documentation Cost Index, which compares your total documentation cost to the expected benefits. The cell will show green when the value is < 0.8, yellow between 0.8 and 1, and red when >1.
    6. Use the information to plan future sprints and documentation needs, identify opportunities for improvement in your requirements practice, and find balance in "just enough" documentation.

    Input

    • Project team and RACI
    • Existing Process (if available)

    Output

    • A process for Agile requirements that is flexible yet rigid

    Materials

    • Agile Requirements Workbook

    Participants

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Lack of documentation also comes at a cost

    Lack of documentation can bring costs to Agile projects in a few different ways.

    • Onboarding new team members
    • Improving efficiency
    • Knowledge management
    • Auditing and compliance
    • Project visibility
    • Maintaining code

    Info-Tech Insight

    Re-using deliverables (documentation, process, product, etc.) is important in maintaining the velocity of work. If you find yourself constantly recreating your current state documentation at the start of a project, it's hard to deliver with agility.

    Step 3.3

    Manage Requirements as an Asset

    Activities

    3.3.1 Discuss your current perspectives on requirements as assets

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Relevant Stakeholders

    Outcomes of this step

    • Awareness of the value in, and tactics for enabling effective management of requirements as assets

    Defining Your Requirements Thresholds

    What do we mean by "assets"?

    And when do requirements become assets?

    In order to delivery with agility, you need to maximize the re-usability of artifacts. These artifacts could take the form of current state documentation, user stories, test cases, and yes, even requirements for re-use.
    Think of it like a library for understanding where your organization is today. Understanding the people, processes, and technology, in one convenient location. These artifacts become assets when we choose to retain them, rather than discard them at the end of a project, when we think they'll no longer be needed.
    And just like finding a single book in a vast library, we need to ensure our assets can be found when we need them. And this means making them searchable.
    We can do this by establishing criteria for requirements and artifact reuse;

    • What business need and benefit is it aligned to?
    • What metadata needs to be attached, related to source, status, subject, author, permissions, type, etc.?
    • Where will it be stored for ease of retrieval?

    Info-Tech Insight

    When writing requirements for products or services, write them for the need first, and not simply for what is changing.

    The benefits of managing requirements as assets

    Retention of knowledge in a knowledge base that allows the team to retain current business requirements, process documentation, business rules, and any other relevant information.
    A clearly defined scope to reduce stakeholder, business, and compliance conflicts.
    Impact analysis of changes to the current organizational assets.

    Source: Requirement Engineering Magazine, 2017.

    A case study in creating an asset repository

    Industry: Anonymous Organization in the Government sector
    Source: Interview

    Challenge

    A large government organization faced a challenge with managing requirements, processes, and project artifacts with any consistency.

    Historically, their documentation was lacking, with multiple versions existing in email sent folders and manila folders no one could find. Confirming the current state at any given time meant the heavy lift of re-documenting and validating, so that effort was avoided for an excessive period.

    Then there was a request for audit and compliance, to review their existing documentation practices. With nothing concrete to show, drastic recommendations were made to ensure this practice would end.

    Solution

    A small but effective team was created to compile and (if not available) document all existing project and product documentation, including processes, requirements, artifacts, business cases, etc.

    A single repository was built and demonstrated to key stakeholders to ensure it would satisfy the needs of the audit and compliance group.

    Result

    A single source of truth for the organization, which was;

    • Accessible (view access to the entire organization).
    • Transparent (anyone could see and understand the process and requirements as intended).
    • A baseline for continuous improvement, as it was clear what the one defined "best way" was.
    • Current, where no one retained current documentation outside of this library.

    3.3.1 Discuss your current perspectives on requirements as assets

    Estimated time: 30 Minutes

    1. Gather all relevant stakeholder to share perspectives on the use of requirements as assets, historically in the organization.
    2. Have a team member facilitate the session. It is optional to document the findings.
    3. After looking at the historical use of requirements as assets, discuss the potential uses, benefits, and drawbacks of managing as assets in the target state.

    Input

    • Participant knowledge and experience

    Output

    • A shared perspective and history on requirements as assets

    Materials

    • A method for data capture (optional)

    Participants

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Apply changes to baseline documentation

    Baseline + Release Changes = New Baseline

    • Start from baseline documentation dramatically to reduce cost and risk
    • Treat all scope as changes to baseline requirements
    • Sum of changes in the release scope
    • Sum of changes and original baseline becomes the new baseline
    • May take additional time and effort to maintain accurate baseline

    What is the right tool?

    While an Excel spreadsheet is great to start off, its limitations will become apparent as your product delivery process becomes more complex. Look at these solutions to continue your journey in managing your Agile requirements:

    Step 3.4

    Define Your Requirements Change Management Plan

    Activities

    3.4.1 Triage your requirements

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Relevant Stakeholders

    Outcomes of this step

    • An approach for determining the appropriate level of governance over changes to requirements.

    Expect and embrace change

    In Agile development, change is expected and embraced. Instead of trying to rigidly follow a plan that may become outdated, Agile teams focus on regularly reassessing their priorities and adapting their plans accordingly. This means that the requirements can change often, and it's important for the team to have a process in place for managing these changes.

    A common approach to managing change in Agile is to use a technique called "backlog refinement." Where previously we populated our backlog with requirements to get them ready for development and deployment, this involves regularly reviewing and updating the list of work to be done. The team will prioritize the items on the evolving backlog, and the prioritized items will be worked on during the next sprint. This allows the team to quickly respond to changes in requirements and stay focused on the most important work.

    Another key aspect of managing change in Agile is effective communication. The team should have regular meetings, such as daily stand-up meetings or weekly sprint planning meetings, to discuss any changes in requirements and ensure that everyone is on the same page.

    Best practices in change and backlog refinement

    Communicate

    Clearly communicate your change process, criteria, and any techniques, tools, and templates that are part of your approach.

    Understand impacts/risks

    Maintain consistent control and communication and ensure that an impact assessment is completed. This is key to managing risks.

    Leverage tools

    Leverage tools when you have them available. This could be a Requirements Management system, a defect/change log, or even by turning on "track changes" in your documents.

    Cross-reference

    For every change, define the source of the change, the reason for the change, key dates for decisions, and any supporting documentation.

    Communicate the reason, and stay on message throughout the change

    Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.

    • The change message should:
    • Explain why the change is needed.
    • Summarize the things that will stay the same.
    • Highlight the things that will be left behind.
    • Emphasize the things that are being changed.
    • Explain how the change will be implemented.
    • Address how the change will affect the various roles in the organization.
    • Discuss staff's role in making the change successful.

    The five elements of communicating the reason for the change:

    An image of a cycle, including the five elements for communicating the reason for change.  these include: What will the role be for each department and individual?; What is the change?; Why are we doing it?; How are we going to go about it?; How long will it take us?

    How to make the management of changes more effective

    Key decisions and considerations

    How will changes to requirements be codified?
    How will intake happen?

    • What is the submission process?
    • Who has approval to submit?
    • What information is needed to submit a request?

    How will potential changes be triaged and evaluated?

    • What criteria will be used to assess the impact and urgency of the potential change?
    • How will you treat material and non-material changes?

    What is the review and approval process?

    • How will acceptance or rejection status be communicated to the submitter?

    3.4.1 Triage Your requirements

    An image of an inverted triangle, with the top being labeled: No Material Impact, the middle being labeled: Material impact; and the bottom being labeled: Governance Impact.  To the right of the image, are text boxes elaborating on each heading.

    If there's no material impact, update and move on

    An image of an inverted triangle, with the top being labeled: No Material Impact, the middle being labeled: Material impact; and the bottom being labeled: Governance Impact. To the right of the image, is a cycle including the following terms: Validate change; Update requirements; Track change (log); Package and communicate

    Material changes require oversight and approval

    An image of an inverted triangle, with the top being labeled: No Material Impact, the middle being labeled: Material impact; and the bottom being labeled: Governance Impact. To the right of the image, is a cycle including the following terms: Define impact; Revise; Change control needed?; Implement change.

    Planning Your Next Steps

    Phase 4

    Planning Your Next Steps

    Phase 1Phase 2Phase 3Phase 4

    1.1 Understand the benefits and limitations of Agile and business analysis

    1.2 Align Agile and business analysis within your organization

    2.1 Confirm the best-fit approach for delivery

    2.2 manage your requirements backlog

    3.1 Define project roles and responsibilities

    3.2 define your level of acceptable documentation

    3.3 Manage requirements as an asset

    3.4 Define your requirements change management plan

    4.1 Preparing new ways of working

    4.2 Develop a roadmap for next steps

    This phase will walk you through the following activities:

    • Completing Your Agile Requirements Playbook
    • EXERCISE: Capability Gap List

    This phase involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Managing Requirements in an Agile Environment

    Step 4.1

    Preparing New Ways of Working

    Activities

    4.1.1 Define your communication plan

    Planning Your Next Steps

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Outcomes of this step

    • Recognize the changes required on the team and within the broader organization, to bring stakeholders on board.

    How we do requirements work will change

    • Team formation and interaction
    • Stakeholder engagement and communication
    • The timing and sequencing of their work
    • Decision-making
    • Documentation
    • Dealing with change

    As a result, you'll need to focus on;

    Emphasizing flexibility: In Agile organizations, there is a greater emphasis on flexibility and the ability to adapt to change. This means that requirements may evolve over time and may not be fully defined at the beginning of the project.
    Enabling continuous delivery: Agile organizations often use continuous delivery methods, which means that new features and functionality are delivered to users on a regular basis. This requires a more iterative approach to requirements management, as new requirements may be identified and prioritized during the delivery process.
    Enhancing collaboration and communication: Agile organizations place a greater emphasis on collaboration and communication between team members, stakeholders, and customers.
    Developing a user-centered approach: Agile organizations often take a user-centered approach to requirements gathering, which means that the needs and goals of the end-user are prioritized.

    Change within the team, and in the broader organization

    How to build an effective blend Agile and requirements management

    Within the team

    • Meetings should happen as needed
    • Handoffs should be clear and concise
    • Interactions should add value
    • Stand-ups should similarly add value, and shouldn't be for status updates

    Within the organization

    • PMO inclusion, to ensure alignment across the organization
    • Business/Operating areas, to recognize what they are committing to for time, resources, etc.
    • Finance, for how your project or product is funded
    • Governance and oversight, to ensure velocity is maintained

    "Whether in an Agile environment or not, collaboration and relationships are still required and important…how you collaborate, communicate, and how you build relationships are key."
    - Paula Bell, CEO, Paula A. Bell Consulting

    Get stakeholders on board with Agile requirements

    1. Stakeholder feedback and management support are key components of successful Agile requirements.
    2. Stakeholders can see a project's progression and provide critical feedback about its success at critical milestones.
    3. Management helps teams succeed by trusting them to complete projects with business value at top of mind and by removing impediments that are inhibiting their productivity.
    4. Agile will bring a new mindset and significant amounts of people, process, and technology changes that stakeholders and management may not be accustomed to. Working through these issues in requirements management enables a smoother rollout.
    5. Management will play a key role in ensuring long-term Agile requirements success and ultimately rolling it out to the rest of the organization.
    6. The value of leadership involvement has not changed even though responsibilities will. The day-to-day involvement in projects will change but continual feedback will ultimately dictate the success or failure of a project.

    4.1.1 Define your communication plan

    Estimated time: 60 Minutes

      1. Gather all relevant stakeholder to create a communication plan for project or product stakeholders.
      2. Have a team member facilitate the session.
      3. Identify
      4. ;
        1. Each stakeholder
        2. The nature of information they are interested in
        3. The channel or medium best to communicate with them
        4. The frequency of communication
      5. (Optional) Consider validating the results with the stakeholders, if not present.
      6. Document the results in the Agile Requirements Workbook and include in Agile Requirements Playbook.
      7. Revisit as needed, whether at the beginning of a new initiative, or over time, to ensure the content is still valid.

    Input

    • Participant knowledge and experience

    Output

    • A plan for communicating with stakeholders

    Materials

    • Agile Requirements Workbook

    Participants

    • Business Analyst(s)
    • Project Team

    Step 4.2

    Develop a Roadmap for Next Steps

    Activities

    4.2.1 Develop your Agile requirements action plan

    4.2.2 Prioritize with now, next, later

    This step involves the following participants:

    • Business Analyst(s)
    • Project Team
    • Sponsor/Executive
    • Relevant Stakeholders

    Outcomes of this step

    • A comprehensive and prioritized list of opportunities and improvements to be made to mature the Agile requirements practice.

    Planning Your Next Steps

    Identify opportunities to improve and close gaps

    Maturing at multiple levels

    With a mindset of continuous improvement, there is always some way we can get better.

    As you mature your Agile requirements practice, recognize that those gaps for improvement can come from multiple levels, from the organizational down to the individual.

    Each level will bring challenges and opportunities.

    The organization

    • Organizational culture
    • Organizational behavior
    • Political will
    • Unsupportive stakeholders

    The team

    • Current ways of working
    • Team standards, norms and values

    The individual

    • Practitioner skills
    • Practitioner experience
    • Level of training received

    Make sure your organization is ready to transition to Agile requirements management

    A cycle is depicted, with the following Terms: Learning; Automation; Integrated teams; Metrics and governance; Culture.

    Learning:

    Agile is a radical change in how people work
    and think. Structured, facilitated learning is required throughout the transformation to
    help leaders and practitioners go from

    doing Agile to being Agile.

    Automation:

    While Agile is tool-agnostic at its roots, Agile work management tools and DevOps inspired SDLC tools that have become a key part of Agile practices.

    Integrated Teams:


    While temporary project teams can get some benefits from Agile, standing, self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of Agile.

    Metrics and Governance:

    Successful Agile implementations
    require the disciplined use

    of delivery and operations
    metrics that support governance focused on developing better teams.

    Culture:

    Agile teams believe that value is best created by standing, self-organizing cross-functional teams who deliver sustainably in frequent,
    short increments supported by leaders
    who coach them through challenges.

    Info-Tech Insight

    Agile gaps may only have a short-term, perceived benefit. For example, coding without a team mindset can allow for maximum speed to market for a seasoned developer. Post-deployment maintenance initiatives, however, often lock the single developer as no one else understands the rationale for the decisions that were made.

    4.2.1 Develop your Agile requirements action plan

    Estimated time: 60 Minutes

    1. Gather all relevant stakeholder to create a road map and action plan for requirements management.
    2. Have a team member facilitate the session using the results of the Agile Requirements Maturity Assessment.
    3. Identify gaps from current to future state and brainstorm possible actions that can be taken to address those gaps. Resist the urge to analyze or discuss the feasibility of each idea at this stage. The intent is idea generation.
    4. When the group has exhausted all ideas, the facilitator should group like ideas together, with support from participants. Discuss any ideas that are unclear or ambiguous.
    5. Document the results in the Agile Requirements Workbook.

    Note: the feasibility and timing of the ideas will happen in the following "Now, Next, Later" exercise.

    Prioritize your roadmap

    Taking steps to mature your Agile requirements practice.

    An image of the Now; Next; Later technique.

    The "Now, Next, Later" technique is a method for prioritizing and planning improvements or tasks. This involves breaking down a list of tasks or improvements into three categories:

    • "Now" tasks are those that must be completed immediately. These tasks are usually urgent or critical, and they must be completed to keep the project or organization running smoothly.
    • "Next" tasks are those that should be completed soon. These tasks are not as critical as "now" tasks, but they are still important and should be tackled relatively soon.
    • "Later" tasks are those that can be completed later. These tasks are less critical and can be deferred without causing major problems.

    By using this technique, you can prioritize and plan the most important tasks first, while also allowing for flexibility and the ability to adjust plans as necessary.
    This process also helps you get a clear picture on what needs to be done first and what can be done later. This way you can work on the most important things first, and keep track of what you need to do next, for keeping the development/improvement process smooth and efficient.

    Monitor your progress

    Monitoring progress is important in achieving your target state. Be deliberate with your actions, to continue to mature your Agile requirements practice.

    As you navigate toward your target state, continue to monitor your progress, your successes, and your challenges. As your Agile requirements practice matures, you should see improvements in the stated metrics below.

    Establish a cadence to review these metrics, as well as how you are progressing on your roadmap, against the plan.

    This is not about adding work, but rather, about ensuring you're heading in the right direction; finding the balance in your Agile requirements practice.

    Metric
    Team satisfaction (%) Expect team satisfaction to increase as a result of clearer role delineation and value contribution.
    Stakeholder satisfaction (%) Expect stakeholder satisfaction to similarly increase, as requirements quality increases, bringing increased value.
    Requirements rework Measures the quality of requirements from your Agile projects. Expect that the requirements rework will decrease, in terms of volume/frequency.
    Cost of documentation Quantifies the cost of documentation, including elicitation, analysis, validation, presentation, and management.
    Time to delivery Balancing metric. We don't want improvements in other at the expense of time to delivery.

    Appendix

    Research Contributors and Experts

    This is a picture of Emal Bariali

    Emal Bariali
    Business Architect & Business Analyst
    Bariali Consulting

    Emal Bariali is a Senior Business Analyst and Business Architect with 17 years of experience, executing nearly 20 projects. He has experience in both waterfall and Agile methodologies and has delivered solutions in a variety of forms, including custom builds and turnkey projects. He holds a Master's degree in Information Systems from the University of Toronto, a Bachelor's degree in Information Technology from York University, and a post-diploma in Software & Database Development from Seneca College.

    This is a picture of Paula Bell

    Paula Bell
    Paula A. Bell Consulting, LLC

    Paula Bell is the CEO of Paula A Bell Consulting, LLC. She is a Business Analyst, Leadership and Career Development coach, consultant, speaker, and author with 21+ years of experience in corporate America in project roles including business analyst, requirements manager, business initiatives manager, business process quality manager, technical writer, project manager, developer, test lead, and implementation lead. Paula has experience in a variety of industries including media, courts, manufacturing, and financial. Paula has led multiple highly-visible multi-million-dollar technology and business projects to create solutions to transform businesses as either a consultant, senior business analyst, or manager.

    Currently she is Director of Operations for Bridging the Gap, where she oversees the entire operation and their main flagship certification program.

    This is a picture of Ryan Folster

    Ryan Folster
    Consulting Services Manager, Business Analysis
    Dimension Data

    Ryan Folster is a Business Analyst Lead and Product Professional from Johannesburg, South Africa. His strong focus on innovation and his involvement in the business analysis community have seen Ryan develop professionally from a small company, serving a small number of users, to large multi-national organizations. Having merged into business analysis through the business domain, Ryan has developed a firm grounding and provides context to the methodologies applied to clients and projects he is working on. Ryan has gained exposure to the Human Resources, Asset Management, and Financial Services sectors, working on projects that span from Enterprise Line of Business Software to BI and Compliance.

    Ryan is also heavily involved in the local chapter of IIBA®; having previously served as the chapter president, he currently serves as a non-executive board member. Ryan is passionate about the role a Business Analyst plays within an organization and is a firm believer that the role will develop further in the future and become a crucial aspect of any successful business.

    This is a picture of Filip Hendrickx

    Filip Hendrickx
    Innovating BA, Visiting Professor @ VUB
    altershape

    Filip loves bridging business analysis and innovation and mixes both in his work as speaker, trainer, coach, and consultant.

    As co-founder of the BA & Beyond Conference and IIBA Brussels Chapter president, Filip helps support the BA profession and grow the BA community in and around Belgium. For these activities, Filip received the 2022 IIBA® EMEA Region Volunteer of the Year Award.

    Together with Ian Richards, Filip is the author ofBrainy Glue, a business novel on business analysis, innovation and change. Filip is also co-author of the BCS book Digital Product Management and Cycles, a book, method and toolkit enabling faster innovation.

    This is a picture of Fabricio Laguna

    Fabricio Laguna
    Professional Speaker, Consultant, and Trainer
    TheBrazilianBA.com

    Fabrício Laguna, aka The Brazilian BA, is the main reference on business analysis in Brazil. Author and producer of videos, articles, classes, lectures, and playful content, he can explain complex things in a simple and easy-to-understand way. IIBA Brazil Chapter president between 2012-2022. CBAP, AAC, CPOA, PMP, MBA. Consultant and instructor for more than 25 years working with business analysis, methodology, solution development, systems analysis, project management, business architecture, and systems architecture. His online courses are approved by students from 65 countries.

    This is a picture of Ryland Leyton

    Ryland Leyton
    Business Analyst and Agile Coach
    Independent Consultant

    Ryland Leyton, CBAP, PMP, CSM, is an avid Agile advocate and coach, business analyst, author, speaker, and educator. He has worked in the technology sector since 1998, starting off with database and web programming, gradually moving through project management and finding his passion in the BA and Agile fields. He has been a core team member of the IIBA Extension to the BABOK and the IIBA Agile Analysis Certification. Ryland has written popular books on agility, business analysis, and career. He can be reached at www.RylandLeyton.com.

    This is a picture of Steve Jones

    Steve Jones
    Supervisor, Market Support Business Analysis
    ISO New England

    Steve is a passionate analyst and BA manager with more than 20 years of experience in improving processes, services and software, working across all areas of software development lifecycle, business change and business analysis. He rejoices in solving complex business problems and increasing process reproducibility and compliance through the application of business analysis tools and techniques.

    Steve is currently serving as VP of Education for IIBA Hartford. He is a CBAP, certified SAFe Product Owner/Product Manager, Six Sigma Green Belt, and holds an MS in Information Management and Communications.

    This is a picture of Angela Wick

    Angela Wick
    Founder
    BA-Squared and BA-Cube

    Founder of BA-Squared and BA-Cube.com, Angela is passionate about teaching practical, modern product ownership and BA skills. With over 20 years' experience she takes BA skills to the next level and into the future!
    Angela is also a LinkedIn Learning instructor on Agile product ownership and business analysis, an IC-Agile Authorized Trainer, Product Owner and BA highly-rated trainer, highly-rated speaker, sought-after workshop facilitator, and contributor to many industry publications, including:

    • IIBA BABOK v3 Core Team, leading author on the BABOK v3
    • Expert Reviewer, IIBA Agile Extension to the BABOK
    • PMI BA Practice Guide – Expert Reviewer
    • PMI Requirements Management Practice Guide – Expert Reviewer
    • IIBA Competency Model – Lead Author and Team Lead, V1, V2, and V3.

    This is a picture of Rachael Wilterdink

    Rachael Wilterdink
    Principal Consultant
    Infotech Enterprises

    Rachael Wilterdink is a Principal Consultant with Infotech Enterprises. With over 25 years of IT experience, she holds multiple business analysis and Agile certifications. As a consultant, Rachael has served clients in the financial, retail, manufacturing, healthcare, government, non-profit, and insurance industries. Giving back to the professional community, Ms. Wilterdink served on the boards of her local IIBA® and PMI® chapters. As a passionate public speaker, Rachael presents various topics at conferences and user groups across the country and the world. Rachael is also the author of the popular eBook "40 Agile Transformation Pain Points (and how to avoid or manage them)."

    Bibliography

    "2021 Business Agility Report: Rising to the Challenge." Business Agility, 2021. Accessed 13 June 2022.
    Axure. "The Pitfalls of Agile and How We Got Here". Axure. Accessed 14 November 2022.
    Beck, Kent, et al. "Manifesto for Agile Software Development." Agilemanifesto. 2001.
    Brock, Jon, et al. "Large-Scale IT Projects: From Nightmare to Value Creation." BCG, 25 May 2015.
    Bryar, Colin and Bill Carr. "Have We Taken Agile Too Far?" Harvard Business Review, 9 April 2021. Accessed 11 November, 2022.
    Clarke, Thomas. "When Agile Isn't Responsive to Business Goals" RCG Global Services, Accessed 14 November 2022.
    Digital.ai "The 15th State of Agile Report". Digital.ai. Accessed 21 November 2022.
    Hackshall, Robin. "Product Backlog Refinement." Scrum Alliance. 9 Oct. 2014.
    Hartman, Bob. "New to Agile? INVEST in good user stories." Agile For All.
    IAG Consulting. "Business Analysis Benchmark: Full Report." IAG Consulting, 2009.
    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce. 18 May 2018
    KPMG. Agile Transformation (2019 Survey on Agility). KPMG. Accessed November 29.
    Laguna, Fabricio "REQM guidance matrix: A framework to drive requirements management", Requirements Engineering Magazine. 12 September 2017. Accessed 10 November 2022.
    Miller, G. J. (2013). Agile problems, challenges, & failures. Paper presented at PMI® Global Congress 2013—North America, New Orleans, LA. Newtown Square, PA: Project Management Institute.
    Product Management: MoSCoW Prioritization." ProductPlan, n.d. Web.
    Podeswa, Howard "The Business Case for Agile Business Analysis" Requirements Engineering Magazine. 21 February 2017. Accessed 7 November 2022.
    PPM Express. "Why Projects Fail: Business Analysis is the Key". PPM Express. Accessed 16 November 2022.
    Reifer, Donald J. "Quantitative Analysis of Agile Methods Study: Twelve Major Findings." InfoQ, 6 February, 2017.
    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." Scf.usc.edu. 1970. (royce1970.pdf (usc.edu))
    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education. 2012.
    Singer, Michael. "15+ Surprising Agile Statistics: Everything You Need To Know About Agile Management". Enterprise Apps Today. 22 August 2022.
    The Standish Group. The Chaos Report, 2015. The Standish Group.

    Where do I go next?

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Make the Case for Product Delivery

    Align your organization on the practices to deliver what matters most.

    Requirements for Small and Medium Enterprises

    Right-size the guidelines of your requirements gathering process.

    Implement Agile Practices that Work

    Improve collaboration and transparency with the business to minimize project failure.

    Create an Agile-Friendly Gating and Governance Model

    Use Info-Tech's Agile Gating Framework as a guide to gating your Agile projects following a "trust but verify" approach.

    Make Your IT Governance Adaptable

    Governance isn't optional, so keep it simple and make it flexible.

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Business Value

    • Buy Link or Shortcode: {j2store}7|cart{/j2store}
    • Related Products: {j2store}7|crosssells{/j2store}
    • Up-Sell: {j2store}7|upsells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management
    Maximize your ROI on IT through benefits realization

    Strengthen the SSDLC for Enterprise Mobile Applications

    • Buy Link or Shortcode: {j2store}283|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • CEOs see mobile for employees as their top mandate for upcoming technology innovation initiatives, making security a key competency for development.
    • Unsecure mobile applications can cause your employees to question the mobile applications’ integrity for handling sensitive data, limiting uptake.
    • Secure mobile development tends to be an afterthought, where vulnerabilities are tested for post-production rather than during the build process.
    • Developers lack the expertise, processes, and proper tools to effectively enhance applications for mobile security.

    Our Advice

    Critical Insight

    • Organizations currently react to security issues. Info-Tech recommends a proactive approach to ensure a secure software development life cycle (SSDLC) end-to-end.
    • Organizations currently lack the secure development practices to provide highly secure mobile applications that end users can trust.
    • Enable your developers with five key secure development techniques from Info-Tech’s development toolkit.

    Impact and Result

    • Embed secure development techniques into your SDLC.
    • Create a repeatable process for your developers to continually evaluate and optimize mobile application security for new threats and corresponding mitigation steps.
    • Build capabilities within your team based on Info-Tech’s framework by supporting ongoing security improvements through monitoring and metric analysis.

    Strengthen the SSDLC for Enterprise Mobile Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt secure development techniques for mobile application development, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess secure mobile development processes

    Determine the current security landscape of mobile application development.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 1: Assess Secure Mobile Development Practices
    • Systems Architecture Template
    • Mobile Application High-Level Design Requirements Template

    2. Implement and test secure mobile techniques

    Incorporate the various secure development techniques into current development practices.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 2: Implement and Test Secure Mobile Techniques

    3. Monitor and support secure mobile applications

    Create a roadmap for mobile optimization initiatives.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 3: Monitor and Support Secure Mobile Applications
    • Mobile Optimization Roadmap
    [infographic]

    Workshop: Strengthen the SSDLC for Enterprise Mobile Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Your Secure Mobile Development Practices

    The Purpose

    Identification of the triggers of your secure mobile development initiatives.

    Assessment of the security vulnerabilities in your mobile applications from an end-user perspective.

    Identification of the execution of your mobile environment.

    Assessment of the mobile threats and vulnerabilities to your systems architecture.

    Prioritization of your mobile threats.

    Creation of your risk register.

    Key Benefits Achieved

    Key opportunity areas where a secure development optimization initiative can provide tangible benefits.

    Identification of security requirements.

    Prioritized list of security threats.

    Initial mobile security risk register created. 

    Activities

    1.1 Establish the triggers of your secure mobile development initiatives.

    1.2 Assess the security vulnerabilities in your mobile applications from an end-user perspective.

    1.3 Understand the execution of your mobile environment with a systems architecture.

    1.4 Assess the mobile threats and vulnerabilities to your systems architecture.

    1.5 Prioritize your mobile threats.

    1.6 Begin building your risk register.

    Outputs

    Mobile Application High-Level Design Requirements Document

    Systems Architecture Diagram

    2 Implement and Test Your Secure Mobile Techniques

    The Purpose

    Discovery of secure development techniques to apply to current development practices.

    Discovery of new user stories from applying secure development techniques.

    Discovery of new test cases from applying secure development techniques.

    Key Benefits Achieved

    Areas within your code that can be optimized for improving mobile application security.

    New user stories created in relation to mitigation steps.

    New test cases created in relation to mitigation steps.

    Activities

    2.1 Gauge the state of your secure mobile development practices.

    2.2 Identify the appropriate techniques to fill gaps.

    2.3 Develop user stories from security development gaps identified.

    2.4 Develop test cases from user story gaps identified.

    Outputs

    Mobile Application High-Level Design Requirements Document

    3 Monitor and Support Your Secure Mobile Applications

    The Purpose

    Identification of key metrics used to measure mobile application security issues.

    Identification of secure mobile application and development process optimization initiatives.

    Identification of enablers and blockers of your mobile security optimization.

    Key Benefits Achieved

    Metrics for measuring application security.

    Modified triaging process for addressing security issues.

    Initiatives for development optimization.

    Enablers and blockers identified for mobile security optimization initiatives.

    Process for developing your mobile optimization roadmap.

    Activities

    3.1 List the metrics that would be gathered to assess the success of your mobile security optimization.

    3.2 Adjust and modify your triaging process to enhance handling of security issues.

    3.3 Brainstorm secure mobile application and development process optimization initiatives.

    3.4 Identify the enablers and blockers of your mobile security optimization.

    3.5 Define your mobile security optimization roadmap.

    Outputs

    Mobile Optimization Roadmap

    Redesign Your IT Organizational Structure

    • Buy Link or Shortcode: {j2store}275|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $71,830 Average $ Saved
    • member rating average days saved: 25 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design

    Most organizations go through an organizational redesign to:

    • Better align to the strategic objectives of the organization.
    • Increase the effectiveness of IT as a function.
    • Provide employees with clarity in their roles and responsibilities.
    • Support new capabilities.
    • Better align IT capabilities to suit the vision.
    • Ensure the IT organization can support transformation initiatives.

    Our Advice

    Critical Insight

    • Organizational redesign is only as successful as the process leaders engage in. It shapes a story framed in a strong foundation of need and a method to successfully implement and adopt the new structure.
    • Benchmarking your organizational redesign to other organizations will not work. Other organizations have different strategies, drivers, and context. It’s important to focus on your organization, not someone else's.
    • You could have the best IT employees in the world, but if they aren’t structured well your organization will still fail in reaching its vision.

    Impact and Result

    • We are often unsuccessful in organizational redesign because we lack an understanding of why this initiative is required or fail to recognize that it is a change initiative.
    • Successful organizational design requires a clear understanding of why it is needed and what will be achieved by operating in a new structure.
    • Additionally, understanding the impact of the change initiative can lead to greater adoption by core stakeholders.

    Redesign Your IT Organizational Structure Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Redesign Your IT Organizational Structure Deck – A defined method of redesigning your IT structure that is founded by clear drivers and consistently considering change management practices.

    The purpose of this storyboard is to provide a four-phased approach to organizational redesign.

    • Redesign Your IT Organizational Structure – Phases 1-4

    2. Communication Deck – A method to communicate the new organizational structure to critical stakeholders to gain buy-in and define the need.

    Use this templated Communication Deck to ensure impacted stakeholders have a clear understanding of why the new organizational structure is needed and what that structure will look like.

    • Organizational Design Communications Deck

    3. Redesign Your IT Organizational Structure Executive Summary Template – A template to secure executive leadership buy-in and financial support for the new organizational structure to be implemented.

    This template provides IT leaders with an opportunity to present their case for a change in organizational structure and roles to secure the funding and buy-in required to operate in the new structure.

    • Redesign Your IT Organizational Structure Executive Summary

    4. Redesign Your IT Organizational Structure Workbook – A method to document decisions made and rationale to support working through each phase of the process.

    This Workbook allows IT and business leadership to work through the steps required to complete the organizational redesign process and document key rationale for those decisions.

    • Redesign Your IT Organizational Structure Workbook

    5. Redesign Your IT Organizational Structure Operating Models and Capability Definitions – A tool that can be used to provide clarity on the different types of operating models that exist as well as the process definitions of each capability.

    Refer to this tool when working through the redesign process to better understand the operating model sketches and the capability definitions. Each capability has been tied back to core frameworks that exist within the information and technology space.

    • Redesign Your IT Organizational Structure Operating Models and Capability Definitions

    Infographic

    Workshop: Redesign Your IT Organizational Structure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Organizational Design Foundation

    The Purpose

    Lay the foundation for your organizational redesign by establishing a set of organizational design principles that will guide the redesign process.

    Key Benefits Achieved

    Clearly articulate why this organizational redesign is needed and the implications the strategies and context will have on your structure.

    Activities

    1.1 Define the org design drivers.

    1.2 Document and define the implications of the business context.

    1.3 Align the structure to support the strategy.

    1.4 Establish guidelines to direct the organizational design process.

    Outputs

    Clear definition of the need to redesign the organizational structure

    Understanding of the business context implications on the organizational structure creation.

    Strategic impact of strategies on organizational design.

    Customized Design Principles to rationalize and guide the organizational design process.

    2 Create the Operating Model Sketch

    The Purpose

    Select and customize an operating model sketch that will accurately reflect the future state your organization is striving towards. Consider how capabilities will be sourced, gaps in delivery, and alignment.

    Key Benefits Achieved

    A customized operating model sketch that informs what capabilities will make up your IT organization and how those capabilities will align to deliver value to your organization.

    Activities

    2.1 Augmented list of IT capabilities.

    2.2 Capability gap analysis

    2.3 Identified capabilities for outsourcing.

    2.4 Select a base operating model sketch.

    2.5 Customize the IT operating model sketch.

    Outputs

    Customized list of IT processes that make up your organization.

    Analysis of which capabilities require dedicated focus in order to meet goals.

    Definition of why capabilities will be outsourced and the method of outsourcing used to deliver the most value.

    Customized IT operating model reflecting sourcing, centralization, and intended delivery of value.

    3 Formalize the Organizational Structure

    The Purpose

    Translate the operating model sketch into a formal structure with defined functional teams, roles, reporting structure, and responsibilities.

    Key Benefits Achieved

    A detailed organizational chart reflecting team structures, reporting structures, and role responsibilities.

    Activities

    3.1 Categorize your IT capabilities within your defined functional work units.

    3.2 Create a mandate statement for each work unit.

    3.3 Define roles inside the work units and assign accountability and responsibility.

    3.4 Finalize your organizational structure.

    Outputs

    Capabilities Organized Into Functional Groups

    Functional Work Unit Mandates

    Organizational Chart

    4 Plan for the Implementation & Change

    The Purpose

    Ensure the successful implementation of the new organizational structure by strategically communicating and involving stakeholders.

    Key Benefits Achieved

    A clear plan of action on how to transition to the new structure, communicate the new organizational structure, and measure the effectiveness of the new structure.

    Activities

    4.1 Identify and mitigate key org design risks.

    4.2 Define the transition plan.

    4.3 Create the change communication message.

    4.4 Create a standard set of FAQs.

    4.5 Align sustainment metrics back to core drivers.

    Outputs

    Risk Mitigation Plan

    Change Communication Message

    Standard FAQs

    Implementation and sustainment metrics.

    Further reading

    Redesign Your IT Organizational Structure

    Designing an IT structure that will enable your strategic vision is not about an org chart – it’s about how you work.

    EXECUTIVE BRIEF

    Analyst Perspective

    Structure enables strategy.

    The image contains a picture of Allison Straker.

    Allison Straker

    Research Director,

    Organizational Transformation

    The image contains a picture of Brittany Lutes.

    Brittany Lutes

    Senior Research Analyst,

    Organizational Transformation

    An organizational structure is much more than a chart with titles and names. It defines the way that the organization operates on a day-to-day basis to enable the successful delivery of the organization’s information and technology objectives. Moreover, organizational design sees beyond the people that might be performing a specific role. People and role titles will and often do change frequently. Those are the dynamic elements of organizational design that allow your organization to scale and meet specific objectives at defined points of time. Capabilities, on the other hand, are focused and related to specific IT processes.

    Redesigning an IT organizational structure can be a small or large change transformation for your organization. Create a structure that is equally mindful of the opportunities and the constraints that might exist and ensure it will drive the organization towards its vision with a successful implementation. If everyone understands why the IT organization needs to be structured that way, they are more likely to support and adopt the behaviors required to operate in the new structure.

    Executive Summary

    Your Challenge

    Your organization needs to reorganize itself because:

    • The current IT structure does not align to the strategic objectives of the organization.
    • There are inefficiencies in how the IT function is currently operating.
    • IT employees are unclear about their role and responsibilities, leading to inconsistencies.
    • New capabilities or a change in how the capabilities are organized is required to support the transformation.

    Common Obstacles

    Many organizations struggle when it comes redesigning their IT organizational structure because they:

    • Jump right into creating the new organizational chart.
    • Do not include the members of the IT leadership team in the changes.
    • Do not include the business in the changes.
    • Consider the context in which the change will take place and how to enable successful adoption.

    Info-Tech’s Approach

    Successful IT organization redesign includes:

    • Understanding the drivers, context, and strategies that will inform the structure.
    • Remaining objective by focusing on capabilities over people or roles.
    • Identifying gaps in delivery, sourcing strategies, customers, and degrees of centralization.
    • Remembering that organizational design is a change initiative and will require buy-in.

    Info-Tech Insight

    A successful redesign requires a strong foundation and a plan to ensure successful adoption. Without these, the organizational chart has little meaning or value.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Redesign the IT structure to align to the strategic objectives of the enterprise.
    • Increase the effectiveness in how the IT function is operating in the organization.
    • Provide clarity to employees around their roles and responsibilities.
    • Ensure there is an ability to support new IT capabilities and/or align capabilities to better support the direction of the organization.
    • Align the IT organization to support a business transformation such as becoming digitally enabled or engaging in M&A activities.

    Organizational design is a challenge for many IT and digital executives

    69% of digital executives surveyed indicated challenges related to structure, team silos, business-IT alignment, and required roles when executing on a digital strategy.

    Source: MIT Sloan, 2020

    Common obstacles

    These barriers make IT organizational redesign difficult to address for many organizations:

    • Confuse organizational design and organizational charts as the same thing.
    • Start with the organizational chart, not taking into consideration the foundational elements that will make that chart successful.
    • Fail to treat organizational redesign as a change management initiative and follow through with the change.
    • Exclude impacted or influential IT leaders and/or business stakeholders from the redesign process.
    • Leverage an operating model because it is trending.

    To overcome these barriers:

    • Understand the context in which the changes will take place.
    • Communicate the changes to those impacted to enable successful adoption and implementation of a new organizational structure.
    • Understand that organizational design is for more than just HR leaders now; IT executives should be driving this change.

    Succeed in Organizational Redesign

    75% The percentage of change efforts that fail.

    Source: TLNT, 2019

    55% The percentage of practitioners who identify how information flows between work units as a challenge for their organization.

    Source: Journal of Organizational Design, 2019

    Organizational design defined

    If your IT strategy is your map, your IT organizational design represents the optimal path to get there.

    IT organizational design refers to the process of aligning the organization’s structure, processes, metrics, and talent to the organization’s strategic plan to drive efficiency and effectiveness.

    Why is the right IT organizational design so critical to success?

    Adaptability is at the core of staying competitive today

    Structure is not just an organizational chart

    Organizational design is a never-ending process

    Digital technology and information transparency are driving organizations to reorganize around customer responsiveness. To remain relevant and competitive, your organizational design must be forward looking and ready to adapt to rapid pivots in technology or customer demand.

    The design of your organization dictates how roles function. If not aligned to the strategic direction, the structure will act as a bungee cord and pull the organization back toward its old strategic direction (ResearchGate.net, 2014). Structure supports strategy, but strategy also follows structure.

    Organization design is not a one-time project but a continuous, dynamic process of organizational self-learning and continuous improvement. Landing on the right operating model will provide a solid foundation to build upon as the organization adapts to new challenges and opportunities.

    Understand the organizational differences

    Organizational Design

    Organizational design the process in which you intentionally align the organizational structure to the strategy. It considers the way in which the organization should operate and purposely aligns to the enterprise vision. This process often considers centralization, sourcing, span of control, specialization, authority, and how those all impact or are impacted by the strategic goals.

    Operating Model

    Operating models provide an architectural blueprint of how IT capabilities are organized to deliver value. The placement of the capabilities can alter the culture, delivery of the strategic vision, governance model, team focus, role responsibility, and more. Operating model sketches should be foundational to the organizational design process, providing consistency through org chart changes.

    Organizational Structure

    The organizational structure is the chosen way of aligning the core processes to deliver. This can be strategic, or it can be ad hoc. We recommend you take a strategic approach unless ad hoc aligns to your culture and delivery method. A good organizational structure will include: “someone with authority to make the decisions, a division of labor and a set of rules by which the organization operates” (Bizfluent, 2019).

    Organizational Chart

    The capstone of this change initiative is an easy-to-read chart that visualizes the roles and reporting structure. Most organizations use this to depict where individuals fit into the organization and if there are vacancies. While this should be informed by the structure it does not necessarily depict workflows that will take place. Moreover, this is the output of the organizational design process.

    Sources: Bizfluent, 2019; Strategy & Business, 2015; SHRM, 2021

    The Technology Value Trinity

    The image contains a diagram of the Technology Value Trinity as described in the text below.

    All three elements of the Technology Value Trinity work in harmony to delivery business value and achieve strategic needs. As one changes, the others need to change as well.

    How do these three elements relate?

    • Digital and IT strategy tells you what you need to achieve to be successful.
    • Operating model and organizational design align resources to deliver on your strategy and priorities. This is done by strategically structuring IT capabilities in a way that enables the organizations vision and considers the context in which the structure will operate.
    • I&T governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy and is the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy.

    Too often strategy, organizational design, and governance are considered separate practices – strategies are defined without teams and resources to support. Structure must follow strategy.

    Info-Tech’s approach to organizational design

    Like a story, a strategy without a structure to deliver on it is simply words on paper.

    Books begin by setting the foundation of the story.

    Introduce your story by:

    • Defining the need(s) that are driving this initiative forward.
    • Introducing the business context in which the organizational redesign must take place.
    • Outlining what’s needed in the redesign to support the organization in reaching its strategic IT goals.

    The plot cannot thicken without the foundation. Your organizational structure and chart should not exist without one either.

    The steps to establish your organizational chart - with functional teams, reporting structure, roles, and responsibilities defined – cannot occur without a clear definition of goals, need, and context. An organizational chart alone won’t provide the insight required to obtain buy-in or realize the necessary changes.

    Conclude your story through change management and communication.

    Good stories don’t end without referencing what happened before. Use the literary technique of foreshadowing – your change management must be embedded throughout the organizational redesign process. This will increase the likelihood that the organizational structure can be communicated, implemented, and reinforced by stakeholders.

    Info-Tech uses a capability-based approach to help you design your organizational structure

    Once your IT strategy is defined, it is critical to identify the capabilities that are required to deliver on those strategic initiatives. Each initiative will require a combination of these capabilities that are only supported through the appropriate organization of roles, skills, and team structures.

    The image contains a diagram of the various services and blueprints that Info-Tech has to offer.

    Embed change management into organizational design

    Change management practices are needed from the onset to ensure the implementation of an organizational structure.

    For each phase of this blueprint, its important to consider change management. These are the points when you need to communicate the structure changes:

    • Phase 1: Begin to socialize the idea of new organizational structure with executive leadership and explain how it might be impactful to the context of the organization. For example, a new control, governance model, or sourcing approach could be considered.
    • Phase 2: The chosen operating model will influence your relationships with the business and can create/eliminate silos. Ensure IT and business leaders have insight into these possible changes and a willingness to move forward.
    • Phase 3: The new organizational structure could create or eliminate teams, reduce or increase role responsibilities, and create different reporting structures than before. It’s time to communicate these changes with those most impacted and be able to highlight the positive outcomes of the various changes.
    • Phase 4: Should consider the change management practices holistically. This includes the type of change and length of time to reach the end state, communication, addressing active resistors, acquiring the right skills, and measuring the success of the new structure and its adoption.

    Info-Tech Insight

    Do not undertake an organizational redesign initiative if you will not engage in change management practices that are required to ensure its successful adoption.

    Measure the value of the IT organizational redesign

    Given that the organizational redesign is intended to align with the overall vision and objectives of the business, many of the metrics that support its success will be tied to the business. Adapt the key performance indicators (KPIs) that the business is using to track its success and demonstrate how IT can enable the business and improve its ability to reach those targets.

    Strategic Resources

    The percentage of resources dedicated to strategic priorities and initiatives supported by IT operating model. While operational resources are necessary, ensuring people are allocating time to strategic initiatives as well will drive the business towards its goal state. Leverage Info-Tech’s IT Staffing Assessment diagnostic to benchmark your IT resource allocation.

    Business Satisfaction

    Assess the improvement in business satisfaction overall with IT year over year to ensure the new structure continues to drive satisfaction across all business functions. Leverage Info-Tech’s CIO Business Vision diagnostic to see how your IT organization is perceived.

    Role Clarity

    The degree of clarity that IT employees have around their role and its core responsibilities can lead to employee engagement and retention. Consider measuring this core job driver by leveraging Info-Tech’s Employee Engagement Program.

    Customer & User Satisfaction

    Measure customer satisfaction with technology-enabled business services or products and improvements in technology-enabled client acquisition or retention processes. Assess the percentage of users satisfied with the quality of IT service delivery and leverage Info-Tech’s End-User Satisfaction Survey to determine improvements.

    Info-Tech’s methodology for Redesigning Your IT Organization

    Phase

    1. Establish the Organizational Design Foundation

    2. Create the Operating Model Sketch

    3. Formalize the Organizational Structure

    4. Plan for Implementation and Change

    Phase Outcomes

    Lay the foundation for your organizational redesign by establishing a set of organizational design principles that will guide the redesign process.

    Select and customize an operating model sketch that will accurately reflect the future state your organization is striving towards. Consider how capabilities will be sourced, gaps in delivery, and alignment.

    Translate the operating model sketch into a formal structure with defined functional teams, roles, reporting structure, and responsibilities.

    Ensure the successful implementation of the new organizational structure by strategically communicating and involving stakeholders.

    Insight summary

    Overarching insight

    Organizational redesign processes focus on defining the ways in which you want to operate and deliver on your strategy – something an organizational chart will never be able to convey.

    Phase 1 insight

    Focus on your organization, not someone else's’. Benchmarking your organizational redesign to other organizations will not work. Other organizations have different strategies, drivers, and context.

    Phase 2 insight

    An operating model sketch that is customized to your organization’s specific situation and objectives will significantly increase the chances of creating a purposeful organizational structure.

    Phase 3 insight

    If you follow the steps outlined in the first three phases, creating your new organizational chart should be one of the fastest activities.

    Phase 4 insight

    Throughout the creation of a new organizational design structure, it is critical to involve the individuals and teams that will be impacted.

    Tactical insight

    You could have the best IT employees in the world, but if they aren’t structured well your organization will still fail in reaching its vision.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:


    Communication Deck

    Communicate the changes to other key stakeholders such as peers, managers, and staff.

    Workbook

    As you work through each of the activities, use this workbook as a place to document decisions and rationale.

    Reference Deck

    Definitions for every capability, base operating model sketches, and sample organizational charts aligned to those operating models.

    Job Descriptions

    Key deliverable:

    Executive Presentation

    Leverage this presentation deck to gain executive buy-in for your new organizational structure.

    Blueprint benefits

    IT Benefits

    • Create an organizational structure that aligns to the strategic goals of IT and the business.
    • Provide IT employees with clarity on their roles and responsibilities to ensure the successful delivery of IT capabilities.
    • Highlight and sufficiently staff IT capabilities that are critical to the organization.
    • Define a sourcing strategy for IT capabilities.
    • Increase employee morale and empowerment.

    Business Benefits

    • IT can carry out the organization’s strategic mission and vision of all technical and digital initiatives.
    • Business has clarity on who and where to direct concerns or questions.
    • Reduce the likelihood of turnover costs as IT employees understand their roles and its importance.
    • Create a method to communicate how the organizational structure aligns with the strategic initiatives of IT.
    • Increase ability to innovate the organization.

    Executive Brief Case Study

    IT design needs to support organizational and business objectives, not just IT needs.

    INDUSTRY: Government

    SOURCE: Analyst Interviews and Working Sessions

    Situation

    IT was tasked with providing equality to the different business functions through the delivery of shared IT services. The government created a new IT organizational structure with a focus on two areas in particular: strategic and operational support capabilities.

    Challenge

    When creating the new IT structure, an understanding of the complex and differing needs of the business functions was not reflected in the shared services model.

    Outcome

    As a result, the new organizational structure for IT did not ensure adequate meeting of business needs. Only the operational support structure was successfully adopted by the organization as it aligned to the individual business objectives. The strategic capabilities aspect was not aligned to how the various business lines viewed themselves and their objectives, causing some partners to feel neglected.

    Info-Tech offers various levels of support to best suit your needs.

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    Call #1: Define the process, understand the need, and create a plan of action.

    Phase 2

    Call #2: Define org. design drivers and business context.

    Call #3: Understand strategic influences and create customized design principles.

    Call #4: Customize, analyze gaps, and define sourcing strategy for IT capabilities.

    Call #5: Select and customize the IT operating model sketch.

    Phase 3

    Call #6: Establish functional work units and their mandates.

    Call #7: Translate the functional organizational chart to an operational organizational chart with defined roles.

    Phase 4

    Call #8: Consider risks and mitigation tactics associated with the new structure and select a transition plan.

    Call #9: Create your change message, FAQs, and metrics to support the implementation plan.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Organizational Redesign Foundation

    Create the Operating Model Sketch

    Formalize the Organizational Structure

    Plan for Implementation and Change

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Define the org. design drivers.

    1.2 Document and define the implications of the business context.

    1.3 Align the structure to support the strategy.

    1.4 Establish guidelines to direct the organizational design process.

    2.1 Augment list of IT capabilities.

    2.2 Analyze capability gaps.

    2.3 Identify capabilities for outsourcing.

    2.4 Select a base operating model sketch.

    2.5 Customize the IT operating model sketch.

    3.1 Categorize your IT capabilities within your defined functional work units.

    3.2 Create a mandate statement for each work unit.

    3.3 Define roles inside the work units and assign accountability and responsibility.

    3.4 Finalize your organizational structure.

    4.1 Identify and mitigate key org. design risks.

    4.2 Define the transition plan.

    4.3 Create the change communication message.

    4.4 Create a standard set of FAQs.

    4.5 Align sustainment metrics back to core drivers.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Foundational components to the organizational design
    2. Customized design principles
    1. Heat mapped IT capabilities
    2. Defined outsourcing strategy
    3. Customized operating model
    1. Capabilities organized into functional groups
    2. Functional work unit mandates
    3. Organizational chart
    1. Risk mitigation plan
    2. Change communication message
    3. Standard FAQs
    4. Implementation and sustainment metrics
    1. Completed organizational design communications deck

    This blueprint is part one of a three-phase approach to organizational transformation

    PART 1: DESIGN

    PART 2: STRUCTURE

    PART 3: IMPLEMENT

    IT Organizational Architecture

    Organizational Sketch

    Organizational Structure

    Organizational Chart

    Transition Strategy

    Implement Structure

    1. Define the organizational design drivers, business context, and strategic alignment.

    2. Create customized design principles.

    3. Develop and customize a strategically aligned operating model sketch.

    4. Define the future-state work units.

    5. Create future-state work unit mandates.

    6. Define roles by work unit.

    7. Turn roles into jobs with clear capability accountabilities and responsibilities.

    8. Define reporting relationships between jobs.

    9. Assess options and select go-forward organizational sketch.

    11. Validate organizational sketch.

    12. Analyze workforce utilization.

    13. Define competency framework.

    14. Identify competencies required for jobs.

    15. Determine number of positions per job

    16. Conduct competency assessment.

    17. Assign staff to jobs.

    18. Build a workforce and staffing plan.

    19. Form an OD implementation team.

    20. Develop change vision.

    21. Build communication presentation.

    22. Identify and plan change projects.

    23. Develop organizational transition plan.

    24. Train managers to lead through change.

    25. Define and implement stakeholder engagement plan.

    26. Develop individual transition plans.

    27. Implement transition plans.

    Risk Management: Create, implement, and monitor risk management plan.

    HR Management: Develop job descriptions, conduct job evaluation, and develop compensation packages.

    Monitor and Sustain Stakeholder Engagement

    Phase 1

    Establish the Organizational Redesign Foundation

    This phase will walk you through the following activities:

    1.1 Define the organizational redesign driver(s)

    1.2 Create design principles based on the business context

    1.3a (Optional Exercise) Identify the capabilities from your value stream

    1.3b Identify the capabilities required to deliver on your strategies

    1.4 Finalize your list of design principles

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership

    Embed change management into the organizational design process

    Articulate the Why

    Changes are most successful when leaders clearly articulate the reason for the change – the rationale for the organizational redesign of the IT function. Providing both staff and executive leaders with an understanding for this change is imperative to its success. Despite the potential benefits to a redesign, they can be disruptive. If you are unable to answer the reason why, a redesign might not be the right initiative for your organization.

    Employees who understand the rationale behind decisions made by executive leaders are 3.6 times more likely to be engaged.

    McLean & Company Engagement Survey Database, 2021; N=123,188

    Info-Tech Insight

    Successful adoption of the new organizational design requires change management from the beginning. Start considering how you will convey the need for organizational change within your IT organization.

    The foundation of your organizational design brings together drivers, context, and strategic implications

    All aspects of your IT organization’s structure should be designed with the business’ context and strategic direction in mind.

    Use the following set of slides to extract the key components of your drivers, business context, and strategic direction to land on a future structure that aligns with the larger strategic direction.

    REDESIGN DRIVERS

    Driver(s) can originate from within the IT organization or externally. Ensuring the driver(s) are easy to understand and articulate will increase the successful adoption of the new organizational structure.

    BUSINESS CONTEXT

    Defines the interactions that occur throughout the organization and between the organization and external stakeholders. The context provides insight into the environment by both defining the purpose of the organization and the values that frame how it operates.

    STRATEGY IMPLICATIONS

    The IT strategy should be aligned to the overall business strategy, providing insight into the types of capabilities required to deliver on key IT initiatives.

    Understand IT’s desired maturity level, alignment with business expectations, and capabilities of IT

    Where are we today?

    Determine the current overall maturity level of the IT organization.

    Where do we want to be as an organization?

    Use the inputs from Info-Tech’s diagnostic data to determine where the organization should be after its reorganization.

    How can you leverage these results?

    The result of these diagnostics will inform the design principles that you’ll create in this phase.

    Leverage Info-Tech’s diagnostics to provide an understanding of critical areas your redesign can support:

    CIO Business Vision Diagnostic

    Management & Governance Diagnostic

    IT Staffing Diagnostic

    The image contains a picture of Info-Tech's maturity ladder.

    Consider the organizational design drivers

    Consider organizational redesign if …

    Effectiveness is a concern:

    • Insufficient resources to meet demand
    • Misalignment to IT (and business) strategies
    • Lack of clarity around role responsibility or accountability
    • IT functions operating in silos

    New capabilities are needed:

    • Organization is taking on new capabilities (digital, transformation, M&A)
    • Limited innovation
    • Gaps in the capabilities/services of IT
    • Other external environmental influences or changes in strategic direction

    Lack of business understanding

    • Misalignment between business and IT or how the organization does business
    • Unhappy customers (internal or external)

    Workforce challenges

    • Frequent turnover or inability to attract new skills
    • Low morale or employee empowerment

    These are not good enough reasons …

    • New IT leader looking to make a change for the sake of change or looking to make their legacy known
    • To work with specific/hand-picked leaders over others
    • To “shake things up” to see what happens
    • To force the organization to see IT differently

    Info-Tech Insight

    Avoid change for change’s sake. Restructuring could completely miss the root cause of the problem and merely create a series of new ones.

    1.1 Define the organizational redesign driver(s)

    1-2 hours

    1. As a group, brainstorm a list of current pain points or inhibitors in the current organizational structure, along with a set of opportunities that can be realized during your restructuring. Group these pain points and opportunities into themes.
    2. Leverage the pain points and opportunities to help further define why this initiative is something you’re driving towards. Consider how you would justify this initiative to different stakeholders in the organization.
    3. Questions to consider:
      1. Who is asking for this initiative?
      2. What are the primary benefits this is intended to produce?
      3. What are you optimizing for?
      4. What are we capable of achieving as an IT organization?
      5. Are the drivers coming from inside or outside the IT organization?
    4. Once you’ve determined the drivers for redesigning the IT organization, prioritize those drivers to ensure there is clarity when communicating why this is something you are focusing time and effort on.

    Input

    Output

    • Knowledge of the current organization
    • Pain point and opportunity themes
    • Defined drivers of the initiative

    Materials

    Participants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Frame the organizational design within the context of the business

    Workforce Considerations:

    • How does your organization view its people resources? Does it have the capacity to increase the number of resources?
    • Do you currently have sufficient staff to meet the demands of the organization? Are you able to outsource resources when demand requires it?
    • Are the members of your IT organization unionized?
    • Is your workforce distributed? Do time zones impact how your team can collaborate?

    Business Context Consideration

    IT Org. Design Implication

    Culture:

    Culture, "the way we do things here,” has huge implications for executing strategy, driving engagement, and providing a guiding force that ensures organizations can work together toward common goals.

    • What is the culture of your organization? Is it cooperative, traditional, competitive, or innovative? (See appendix for details.)
    • Is this the target culture or a stepping-stone to the ideal culture?
    • How do the attitudes and behaviors of senior leaders in the organization reinforce this culture?

    Consider whether your organization’s culture can accept the operating model and organizational structure changes that make sense on paper.

    Certain cultures may lean toward particular operating models. For example, the demand-develop-service operating model may be supported by a cooperative culture. A traditional organization may lean towards the plan-build-run operating model.

    Ensure you have considered your current culture and added exercises to support it.

    If more capacity is required to accomplish the goals of the organization, you’ll want to prepare the leaders and explain the need in your design principles (to reflect training, upskilling, or outsourcing). Unionized environments require additional consideration. They may necessitate less structural changes, and so your principles will need to reflect other alternatives (hiring additional resources, creative options) to support organizational needs. Hybrid or fully remote workforces may impact how your organization interacts.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Control & Governance:

    It is important to consider how your organization is governed, how decisions are made, and who has authority to make decisions.

    Strategy tells what you do, governance validates you’re doing the right things, and structure is how you execute on what’s been approved.

    • How do decisions get considered and approved in your organization? Are there specific influences that impact the priorities of the organization?
    • Are those in the organization willing to release decision-making authority around specific IT components?
    • Should the organization take on greater accountability for specific IT components?

    Organizations that require more controls may lean toward more centralized governance. Organizations that are looking to better enable and empower their divisions (products, groups, regions, etc.) may look to embed governance in these parts of the organization.

    For enterprise organizations, consider where IT has authority to make decisions (at the global, local, or system level). Appropriate governance needs to be built into the appropriate levels.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Financial Constraints:

    Follow the money: You may need to align your IT organization according to the funding model.

    • Do partners come to IT with their budgets, or does IT have a central pool that they use to fund initiatives from all partners?
    • Are you able to request finances to support key initiatives/roles prioritized by the organization?
    • How is funding aligned: technology, data, digital, etc.? Is your organization business-line funded? Pooled?
    • Are there special products or digital transformation initiatives with resources outside IT? Product ownership funding?
    • How are regulatory changes funded?
    • Do you have the flexibility to adjust your budget throughout the fiscal year?
    • Are chargebacks in place? Are certain services charged back to business units

    Determine if you can move forward with a new model or if you can adjust your existing one to suit the financial constraints.

    If you have no say over your funding, pre-work may be required to build a business case to change your funding model before you look at your organizational structure – without this, you might have to rule out centralized and focus on hybrid/centralized. If you don’t control the budget (funding comes from your partners), it will be difficult to move to a more centralized model.

    A federated business organization may require additional IT governance to help prioritize across the different areas.

    Budgets for digital transformation might come from specific areas of the business, so resources may need to be aligned to support that. You’ll have to consider how you will work with those areas. This may also impact the roles that are going to exist within your IT organization – product owners or division owners might have more say.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Business Perspective of IT:

    How the business perceives IT and how IT perceives itself are sometimes not aligned. Make sure the business’ goals for IT are well understood.

    • Are your business partners satisfied if IT is an order taker? Do they agree with the need for IT to become a business partner? Is IT expected to innovate and transform the organization?
    • Is what the business needs from IT the same as what IT is providing currently?

    Business Organization Structure and Growth:

    • How is the overall organization structured: Centralized/decentralized? Functionally aligned? Divided by regions?
    • In what areas does the organization prioritize investments?
    • Is the organization located across a diverse geography?
    • How big is the organization?
    • How is the organization growing and changing – by mergers and acquisitions?

    If IT needs to become more of a business partner, you’ll want to define what that means to your organization and focus on the capabilities to enable this. Educating your partners might also be required if you’re not aligned.

    For many organizations, this will include stakeholder management, innovation, and product/project management. If IT and its business partners are satisfied with an order-taker relationship, be prepared for the consequences of that.

    A global organization will require different IT needs than a single location. Specifically, site reliability engineering (SRE) or IT support services might be deployed in each region. Organizations growing through mergers and acquisitions can be structured differently depending on what the organization needs from the transaction. A more centralized organization may be appropriate if the driver is reuse for a more holistic approach, or the organization may need a more decentralized organization if the acquisitions need to be handled uniquely.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Sourcing Strategy:

    • What are the drivers for sourcing? Staff augmentation, best practices, time zone support, or another reason?
    • What is your strategy for sourcing?
    • Does IT do all of your technology work, or are parts being done by business or other units?
    • Are we willing/able to outsource, and will that place us into non-compliance (regulations)?
    • Do you have vendor management capabilities in areas that you might outsource?
    • How cloud-driven is your organization?
    • Do you have global operations?

    Change Tolerance:

    • What’s your organization’s tolerance to make changes around organizational design?
    • What's the appetite and threshold for risk?

    Your sourcing strategy affects your organizational structure, including what capabilities you group together. Since managing outsourced capabilities also includes the need for vendor management, you’ll need to ensure there aren’t too many capabilities required per leader. Look closely at what can be achieved through your operating model if IT is done through other groups. Even though these groups may not be in scope of your organization changes, you need to ensure your IT team works with them effectively.

    If your organization is going to push back if there are big structural changes, consider whether the changes are truly necessary. It may be preferred to take baby steps – use an incremental versus big-bang approach.

    A need for incremental change might mean not making a major operating model change.

    Business context considerations

    Business Context Consideration

    IT Org Design. Implication

    Stakeholder Engagement & Focus:

    Identify who your customers and stakeholders are; clarify their needs and engagement model.

    • Who is the customer for IT products and services?
    • Is your customer internal? External? Both?
    • How much of a priority is customer focus for your organization?
    • How will IT interact with customers, end users, and partners? What is the engagement model desired?

    Business Vision, Services, and Products:

    Articulate what your organization was built to do.

    • What does the organization create or provide?
    • Are these products and services changing?
    • What are the most critical capabilities to your organization?
    • What makes your organization a success? What are critical success factors of the organization and how are they measuring this to determine success?

    For a customer or user focus, ensure capabilities related to understanding needs (stakeholder, UX, etc.) are prioritized. Hybrid, decentralized, or demand-develop-service models often have more of a focus on customer needs.

    Outsourcing the service desk might be a consideration if there’s a high demand for the service. A differentiation between these users might mean there’s a different demand for services.

    Think broadly in terms of your organizational vision, not just the tactical (widget creation). You might need to choose an operating model that supports vision.

    Do you need to align your organization with your value stream? Do you need to decentralize specific capabilities to enable prioritization of the key capabilities?

    1.2 Create design principles based on the business context

    1-3 hours

    1. Discuss the business context in which the IT organizational redesign will be taking place. Consider the following standard components of the business context; include other relevant components specific to your organization:
    • Culture
    • Workforce Considerations
    • Control and Governance
    • Financial Constraints
    • Business Perspective of IT
    • Business Organization Structure and Growth
    • Sourcing Strategy
    • Change Tolerance
    • Stakeholder Engagement and Focus
    • Business Vision, Services, and Products
  • Different stakeholders can have different perspectives on these questions. Be sure to consider a holistic approach and engage these individuals.
  • Capture your findings and use them to create initial design principles.
  • Input

    Output

    • Business context
    • Design principles reflecting how the business context influences the organizational redesign for IT

    Materials

    Participants

    • Whiteboard/flip charts (physical or electronic)
    • List of Context Questions
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    How your IT organization is structured needs to reflect what it must be built to do

    Structure follows strategy – the way you design will impact what your organization can produce.

    Designing your IT organization requires an assessment of what it needs to be built to do:

    • What are the most critical capabilities that you need to deliver, and what does success look like in those different areas?
    • What are the most important things that you deliver overall in your organization?

    The IT organization must reflect your business needs:

    • Understand your value stream and/or your prioritized business goals.
    • Understand the impact of your strategies – these can include your overall digital strategy and/or your IT strategy

    1.3a (Optional Exercise) Identify the capabilities from your value stream

    1 hour

    1. Identify your organization’s value stream – what your overall organization needs to do from supplier to consumer to provide value. Leverage Info-Tech’s industry reference architectures if you haven’t identified your value stream, or use the Document Your Business Architecture blueprint to create yours.
    2. For each item in your value stream, list capabilities that are critical to your organizational strategy and IT needs to further invest in to enable growth.
    3. Also, list those that need further support, e.g. those that lead to long wait times, rework time, re-tooling, down-time, unnecessary processes, unvaluable processes.*
    4. Capture the IT capabilities required to enable your business in your draft principles.
    The image contains a screenshot of the above activity: Sampling Manufacturing Business Capabilities.
    Source: Six Sigma Study Guide, 2014
    Input Output
    • Organization’s value stream
    • List of IT capabilities required to support the IT strategy
    Materials Participants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Your strategy will help you decide on your structure

    Ensure that you have a clear view of the goals and initiatives that are needed in your organization. Your IT, digital, business, and/or other strategies will surface the IT capabilities your organization needs to develop. Identify the goals of your organization and the initiatives that are required to deliver on them. What capabilities are required to enable these? These capabilities will need to be reflected in your design principles.

    Sample initiatives and capabilities from an organization’s strategies

    The image contains a screenshot of sample initiatives and capabilities from an organization's strategies.

    1.3b Identify the capabilities required to deliver on your strategies

    1 hour

    1. For each IT goal, there may be one or more initiatives that your organization will need to complete in order to be successful.
    2. Document those goals and infinitives. For each initiative, consider which core IT capabilities will be required to deliver on that goal. There might be one IT capability or there might be several.
    3. Identify which capabilities are being repeated across the different initiatives. Consider whether you are currently investing in those capabilities in your current organizational structure.
    4. Highlight the capabilities that require IT investment in your design principles.
    InputOutput
    • IT goals
    • IT initiatives
    • IT, digital, and business strategies
    • List of IT capabilities required to support the IT strategy
    MaterialsParticipants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Create your organizational design principles

    Your organizational design principles should define a set of loose rules that can be used to design your organizational structure to the specific needs of the work that needs to be done. These rules will guide you through the selection of the appropriate operating model that will meet your business needs. There are multiple ways you can hypothetically organize yourself to meet these needs, and the design principles will point you in the direction of which solution is the most appropriate as well as explain to your stakeholders the rationale behind organizing in a specific way. This foundational step is critical: one of the key reasons for organizational design failure is a lack of requisite time spent on the front-end understanding what is the best fit.

    The image contains an example of organizing design principles as described above.

    1.4 Finalize your list of design principles

    1-3 hours

    1. As a group, review the key outputs from your data collection exercises and their implications.
    2. Consider each of the previous exercises – where does your organization stand from a maturity perspective, what is driving the redesign, what is the business context, and what are the key IT capabilities requiring support. Identify how each will have an implication on your organizational redesign. Leverage this conversation to generate design principles.
    3. Vote on a finalized list of eight to ten design principles that will guide the selection of your operating model. Have everyone leave the meeting with these design principles so they can review them in more detail with their work units or functional areas and elicit any necessary feedback.
    4. Reconvene the group that was originally gathered to create the list of design principles and make any final amendments to the list as necessary. Use this opportunity to define exactly what each design principle means in the context of your organization so everyone has the same understanding of what this means moving forward.
    InputOutput
    • Organizational redesign drivers
    • Business context
    • IT strategy capabilities
    • Organizational design principles to help inform the selection of the right operating model sketch
    MaterialsParticipants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Example design principles

    Your eight to ten design principles will be those that are most relevant to YOUR organization. Below are samples that other organizations have created, but yours will not be the same.

    Design Principle

    Description

    Decision making

    We will centralize decision making around the prioritization of projects to ensure that the initiatives driving the most value for the organization as a whole are executed.

    Fit for purpose

    We will build and maintain fit-for-purpose solutions based on business units’ unique needs.

    Reduction of duplication

    We will reduce role and application duplication through centralized management of assets and clearly differentiated roles that allow individuals to focus within key capability areas.

    Managed security

    We will manage security enterprise-wide and implement compliance and security governance policies.

    Reuse > buy > build

    We will maximize reuse of existing assets by developing a centralized application portfolio management function and approach.

    Managed data

    We will create a specialized data office to provide data initiatives with the focus they need to enable our strategy.

    Design Principle

    Description

    Controlled technical diversity

    We will control the variety of technology platforms we use to allow for increased operability and reduction of costs.

    Innovation

    R&D and innovation are critical – we will build an innovation team into our structure to help us meet our digital agenda.

    Resourcing

    We will separate our project and maintenance activities to ensure each are given the dedicated support they need for success and to reduce the firefighting mentality.

    Customer centricity

    The new structure will be directly aligned with customer needs – we will have dedicated roles around relationship management, requirements, and strategic roadmapping for business units.

    Interoperability

    We will strengthen our enterprise architecture practices to best prepare for future mergers and acquisitions.

    Cloud services

    We will move toward hosted versus on-premises infrastructure solutions, retrain our data center team in cloud best practices, and build roles around effective vendor management, cloud provisioning, and architecture.

    Phase 2

    Create the Operating Model Sketch

    This phase will walk you through the following activities:

    2.1 Augment the capability list

    2.2 Heatmap capabilities to determine gaps in service

    2.3 Identify the target state of sourcing for your IT capabilities

    2.4 Review and select a base operating model sketch

    2.5 Customize the selected overlay to reflect the desired future state

    This phase involves the following participants:

    • CIO
    • IT Leadership

    Embed change management into the organizational design process

    Gain Buy-In

    Obtain desire from stakeholders to move forward with organizational redesign initiative by involving them in the process to gain interest. This will provide the stakeholders with assurance that their concerns are being heard and will help them to understand the benefits that can be anticipated from the new organizational structure.

    “You’re more likely to get buy-in if you have good reason for the proposed changes – and the key is to emphasize the benefits of an organizational redesign.”

    Source: Lucid Chart

    Info-Tech Insight

    Just because people are aware does not mean they agree. Help different stakeholders understand how the change in the organizational structure is a benefit by specifically stating the benefit to them.

    Info-Tech uses capabilities in your organizational design

    We differentiate between capabilities and competencies.

    Capabilities

    • Capabilities are focused on the entire system that would be in place to satisfy a particular need. This includes the people who are competent to complete a specific task and also the technology, processes, and resources to deliver.
    • Capabilities work in a systematic way to deliver on specific need(s).
    • A functional area is often made up of one or more capabilities that support its ability to deliver on that function.
    • Focusing on capabilities rather then the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.

    Competencies

    • Competencies on the other hand are specific to an individual. It determines if the individual poses the skills or ability to perform.
    • Competencies are rooted in the term competent, which looks to understand if you are proficient enough to complete the specific task at hand.
    • Source: The People Development Magazine, 2020

    Use our IT capabilities to establish your IT organization design

    The image contains a diagram of the various services and blueprints that Info-Tech has to offer.

    2.1 Augment the capability list

    1-3 hours

    1. Using the capability list on the previous slide, go through each of the IT capabilities and remove any capabilities for which your IT organization is not responsible and/or accountable. Refer to the Operating Model and Capability Definition List for descriptions of each of the IT capabilities.
    2. Augment the language of specific capabilities that you feel are not directly reflective of what is being done within your organizational context or that you feel need to be changed to reflect more specifically how work is being done in your organization.
    • For example, some organizations may refer to their service desk capability as help desk or regional support. Use a descriptive term that most accurately reflects the terminology used inside the organization today.
  • Add any core capabilities from your organization that are missing from the provided IT capability list.
    • For example, organizations that leverage DevOps capabilities for their product development may desire to designate this in their operating model.
  • Document the rationale for decisions made for future reference.
  • Input Output
    • Baseline list of IT capabilities
    • IT capabilities required to support IT strategy
    • Customized list of IT capabilities
    Materials Participants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Gaps in delivery

    Identify areas that require greater focus and attention.

    Assess the gaps between where you currently are and where you need to be. Evaluate how critical and how effective your capabilities are:

    • Criticality = Importance
      • Try to focus on those which are highly critical to the organization.
      • These may be capabilities that have been identified in your strategies as areas to focus on.
    • Effectiveness = Performance
      • Identify those where the process or system is broken or ineffective, preventing the team from delivering on the capability.
      • Effectiveness could take into consideration how scalable, adaptable, or sustainable each capability is.
      • Focus on the capabilities that are low or medium in effectiveness but highly critical. Addressing the delivery of these capabilities will lead to the most positive outcomes in your organization.

    Remember to identify what allows the highly effective capabilities to perform at the capacity they are. Leverage this when increasing effectiveness elsewhere.

    High Gap

    There is little to no effectiveness (high gap) and the capability is highly important to your organization.

    Medium Gap

    Current ability is medium in effectiveness (medium gap) and there might be some priority for that capability in your organization.

    Low Gap

    Current ability is highly effective (low gap) and the capability is not necessarily a priority for your organization.

    2.2 Heatmap capabilities to determine gaps in delivery

    1-3 hours

    1. At this point, you should have identified what capabilities you need to have to deliver on your organization's goals and initiatives.
    2. Convene a group of the key stakeholders involved in the IT organizational design initiative.
    3. Review your IT capabilities and color each capability border according to the effectiveness and criticality of that capability, creating a heat map.
    • Green indicates current ability is highly effective (low gap) and the capability is not necessarily a priority for your organization.
    • Yellow indicates current ability is medium in effectiveness (medium gap) and there might be some priority for that capability in your organization.
    • Red indicates that there is little to no effectiveness (high gap) and the capability is highly important to your organization.
    Input Output
    • Selected capabilities from activity 2.1
    • Gap analysis in delivery of capabilities currently
    Materials Participants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Don’t forget the why: why are you considering outsourcing?

    There are a few different “types” of outsourcing:

    1. Competitive Advantage – Working with a third-party organization for the knowledge, insights, and best practices they can bring to your organization.
    2. Managed Service– The third party manages a capability or function for your organization.
    3. Staff Augmentation – Your organization brings in contractors and third-party organizations to fill specific skills gaps.

    Weigh which sourcing model(s) will best align with the needed capabilities to deliver effectively

    Insourcing

    Staff Augmentation

    Managed Service

    Competitive Advantage

    Description

    The organization maintains full responsibility for the management and delivery of the IT capability or service.

    Vendor provides specialized skills and enables the IT capability or service together with the organization to meet demand.

    Vendor completely manages the delivery of value for the IT capability, product or service.

    Vendor has unique skills, insights, and best practices that can be taught to staff to enable insourced capability and competency.

    Benefits

    • Retains in-house control over proprietary knowledge and assets that provide competitive or operational advantage.
    • Gains efficiency due to integration into the organization’s processes.
    • Provision of unique skills.
    • Addresses variation in demand for resources.
    • Labor cost savings.
    • Improves use of internal resources.
    • Improves effectiveness due to narrow specialization.
    • Labor cost savings.
    • Gain insights into aspects that could provide your organization with advantages over competitors.
    • Long-term labor cost savings.
    • Short-term outsourcing required.
    • Increase in-house competencies.

    Drawbacks

    • Quality of services/capabilities might not be as high due to lack of specialization.
    • No labor cost savings.
    • Potentially inefficient distribution of labor for the delivery of services/capabilities.
    • Potential conflicts in management or delivery of IT services and capabilities.
    • Negative impact on staff morale.
    • Limited control over services/capabilities.
    • Limited integration into organization’s processes.
    • Short-term labor expenses.
    • Requires a culture of continuous learning and improvement.

    Your strategy for outsourcing will vary with capability and capacity

    The image contains a diagram to show the Develop Vendor Management Capabilities, as described in the text below.

    Capability

    Capacity

    Outsourcing Model

    Low

    Low

    Your solutions may be with you for a long time, so it doesn’t matter whether it is a strategic decision to outsource development or if you are not able to attract the talent required to deliver in your market. Look for a studio, agency, or development shop that has a proven reputation for long-term partnership with its clients.

    Low

    High

    Your team has capacity but needs to develop new skills to be successful. Look for a studio, agency, or development shop that has a track record of developing its customers and delivering solutions.

    High

    Low

    Your organization knows what it is doing but is strapped for people. Look at “body shops” and recruiting agencies that will support short-term development contracts that can be converted to full-time staff or even a wholesale development shop acquisition.

    High

    High

    You have capability and capacity for delivering on your everyday demands but need to rise to the challenge of a significant, short-term rise in demand on a critical initiative. Look for a major system integrator or development shop with the specific expertise in the appropriate technology.

    Use these criteria to inform your right sourcing strategy

    Sourcing Criteria

    Description

    Determine whether you’ll outsource using these criteria

    1. Critical or commodity

    Determine whether the component to be sourced is critical to your organization or if it is a commodity. Commodity components, which are either not strategic in nature or related to planning functions, are likely candidates for outsourcing. Will you need to own the intellectual property created by the third party? Are you ok if they reuse that for their other clients?

    2. Readiness to outsource

    Identify how easy it would be to outsource a particular IT component. Consider factors such as knowledge transfer, workforce reassignment or reduction, and level of integration with other components.

    Vendor management readiness – ensuring that you have sufficient capabilities to manage vendors – should also be considered here.

    3. In-house capabilities

    Determine if you have the capability to deliver the IT solutions in-house. This will help you establish how easy it would be to insource an IT component.

    4. Ability to attract resources (internal vs. outsourced)

    Determine if the capability is one that is easily sourced with full-time, internal staff or if it is a specialty skill that is best left for a third-party to source.

    Determine your sourcing model using these criteria

    5. Cost

    Consider the total cost (investment and ongoing costs) of the delivery of the IT component for each of the potential sourcing models for a component.

    6. Quality

    Define the potential impact on the quality of the IT component being sourced by the possible sourcing models.

    7. Compliance

    Determine whether the sourcing model would fit with regulations in your industry. For example, a healthcare provider would only go for a cloud option if that provider is HIPAA compliant.

    8. Security

    Identify the extent to which each sourcing option would leave your organization open to security threats.

    9. Flexibility

    Determine the extent to which the sourcing model will allow your organization to scale up or down as demand changes.

    2.3 Identify capabilities that could be outsourced

    1-3 hours

    1. For each of the capabilities that will be in your future-state operating model, determine if it could be outsourced. Review the sourcing criteria available on the previous slide to help inform which sourcing strategy you will use for each capability.
    2. When looking to outsource or co-source capabilities, consider why that capability would be outsourced:
    • Competitive Advantage – Work with a third-party organization for the knowledge, insights, and best practices they can bring to your organization.
    • Managed Service – The third party manages a capability or function for your organization.
    • Staff Augmentation – Your organization brings in contractors and third-party organizations to fill specific skills gaps.
  • Place an asterisk (*) around the capabilities that will be leveraging one of the three previous sourcing options.
  • InputOutput
    • Customized IT capabilities
    • Sourcing strategy for each IT capability
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    What is an operating model?

    Leverage a cohesive operating model throughout the organizational design process.

    An IT operating model sketch is a visual representation of the way your IT organization needs to be designed and the capabilities it requires to deliver on the business mission, strategic objectives, and technological ambitions. It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint.

    The visual should be the optimization and alignment of the IT organization’s structure to deliver the capabilities required to achieve business goals. Additionally, it should clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization. Investing time in the front end getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and your model to change as the business changes.

    The image contains an example of an operating model as described in the text above.

    Info-Tech Insight

    Every structure decision you make should be based on an identified need, not on a trend.Build your IT organization to enable the priorities of the organization.

    Each IT operating model is characterized by a variety of advantages and disadvantages

    Centralized

    Hybrid

    Decentralized

    Advantages
    • Maximum flexibility to allocate IT resources across business units.
    • Low-cost delivery model and greatest economies of scale.
    • Control and consistency offers opportunity for technological rationalization and standardization and volume purchasing at the highest degree.
    • Centralizes processes and services that require consistency across the organization.
    • Decentralizes processes and services that need to be responsive to local market conditions.
    • Eliminates duplication and redundancy by allowing effective use of common resources (e.g. shared services, standardization).
    • Goals are aligned to the distinct business units or functions.
    • Greater flexibility and more timely delivery of services.
    • Development resources are highly knowledgeable about business-unit-specific applications.
    • Business unit has greatest control over IT resources and can set and change priorities as needed.

    Disadvantages

    • Less able to respond quickly to local requirements with flexibility.
    • IT can be resistant to change and unwilling to address the unique needs of end users.
    • Business units can be frustrated by perception of lack of control over resources.
    • Development of special business knowledge can be limited.
    • Requires the most disciplined governance structure and the unwavering commitment of the business; therefore, it can be the most difficult to maintain.
    • Requires new processes as pooled resources must be staffed to approved projects.
    • Redundancies, conflicts, and incompatible technologies can result from business units having differentiated services and applications – increasing cost.
    • Ability to share IT resources is low due to lack of common approaches.
    • Lack of integration limits the communication of data between businesses and reduces common reporting.

    Decentralization can take many forms – define what it means to your organization

    Decentralization can take a number of different forms depending on the products the organization supports and how the organization is geographically distributed. Use the following set of explanations to understand the different types of decentralization possible and when they may make sense for supporting your organizational objectives.

    Line of Business

    Decentralization by lines of business (LoB) aligns decision making with business operating units based on related functions or value streams. Localized priorities focus the decision making from the CIO or IT leadership team. This form of decentralization is beneficial in settings where each line of business has a unique set of products or services that require specific expertise or flexible resourcing staffing between the teams.

    Product Line

    Decentralization by product line organizes your team into operationally aligned product families to improve delivery throughput, quality, and resource flexibility within the family. By adopting this approach, you create stable product teams with the right balance between flexibility and resource sharing. This reinforces value delivery and alignment to enterprise goals within the product lines.

    Geographical

    Geographical decentralization reflects a shift from centralized to regional influences. When teams are in different locations, they can experience a number of roadblocks to effective communication (e.g. time zones, regulatory differences in different countries) that may necessitate separating those groups in the organizational structure, so they have the autonomy needed to make critical decisions.

    Functional

    Functional decentralization allows the IT organization to be separated by specialty areas. Organizations structured by functional specialization can often be organized into shared service teams or centers of excellence whereby people are grouped based on their technical, domain, or functional area within IT (Applications, Data, Infrastructure, Security, etc.). This allows people to develop specialized knowledge and skills but can also reinforce silos between teams.

    2.4 Review and select a base operating model sketch

    1 hour

    1. Review the set of base operating model sketches available on the following slides.
    2. For each operating model sketch, there are benefits and risks to be considered. Make an informed selection by understanding the risks that your organization might be taking on by adopting that particular operating model.
    3. If at any point in the selection process the group is unsure about which operating model will be the right fit, refer back to your design principles established in activity 1.4. These should guide you in the selection of the right operating model and eliminate those which will not serve the organization.
    InputOutput
    • Organizational design principles
    • Customized list of IT capabilities
    • Operating model sketch examples
    • Selected operating model sketch
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Centralized Operating Model #1: Plan-Build-Run

    I want to…

    • Establish a formalized governance process that takes direction from the organization on which initiatives should be prioritized by IT.
    • Ensure there is a clear separation between teams that are involved in strategic planning, building solutions, and delivering operational support.
    • Be able to plan long term by understanding the initiatives that are coming down the pipeline and aligning to an infrequent budgeting plan.

    BENEFITS

    • Effective at implementing long-term plans efficiently; separates maintenance and projects to allow each to have the appropriate focus.
    • More oversight over financials; better suited for fixed budgets.
    • Works across centralized technology domains to better align with the business’ strategic objectives – allows for a top-down approach to decision making.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Well-suited for a project-driven environment that employs waterfall or a hybrid project management methodology that is less iterative.

    RISKS

    • Creates artificial silos between the build (developers) and run (operations staff) teams, as both teams focus on their own responsibilities and often fail to see the bigger picture.
    • Miss opportunities to deliver value to the organization or innovate due to an inability to support unpredictable/shifting project demands as decision making is centralized in the plan function.
    • The portfolio of initiatives being pursued is often determined before requirements analysis takes place, meaning the initiative might be solving the wrong need or problem.
    • Depends on strong hand-off processes to be defined and strong knowledge transfer from build to run functions in order to be successful.
    The image contains an example of a Centralized Operating Model: Plan-Build-Run.

    Centralized Operating Model #2: Demand-Develop-Service

    I want to…

    • Listen to the business to understand new initiatives or service enhancements being requested.
    • Enable development and operations to work together to seamlessly deliver in a DevOps culture.
    • Govern and confirm that initiatives being requested by the business are still aligned to IT’s overarching strategy and roadmap before prioritizing those initiatives.

    BENEFITS

    • Aligns well with an end-to-end services model; constant attention to customer demand and service supply.
    • Centralizes service operations under one functional area to serve shared needs across lines of business.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Elevates sourcing and vendor management as its own strategic function; lends well to managed service and digital initiatives.
    • Development and operations housed together; lends well to DevOps-related initiatives and reduces the silos between these two core groups.

    RISKS

    • IT prioritizes the initiatives it thinks are a priority to the business based on how well it establishes good stakeholder relations and communications.
    • Depends on good governance to prevent enhancements and demands from being prioritized without approval from those with accountability and authority.
    • This model thrives in a DevOps culture but does not mean it ensures your organization is a “DevOps” organization. Be sure you're encouraging the right behaviors and attitudes.

    The image contains an example of a Centralized Operating Model: Demand, Develop, Service.

    Hybrid Operating Model #1: LOB/Functional Aligned

    I want to…

    • Better understand the various needs of the organization to align IT priorities and ensure the right services can be delivered.
    • Keep all IT decisions centralized to ensure they align with the overarching strategy and roadmap that IT has set.
    • Organize your shared services in a strategic manner that enables delivery of those services in a way that fits the culture of the organization and the desired method of operating.

    BENEFITS

    • Best of both worlds of centralization and decentralization; attempts to channel benefits from both centralized and decentralized models.
    • Embeds key IT functions that require business knowledge within functional areas, allowing for critical feedback and the ability to understand those business needs.
    • Places IT in a position to not just be “order takers” but to be more involved with the different business units and promote the value of IT.
    • Achieves economies of scale where necessary through the delivery of shared services that can be requested by the function.
    • Shared services can be organized to deliver in the best way that suits the organization.

    RISKS

    • Different business units may bypass governance to get their specific needs met by functions – to alleviate this, IT must have strong governance and prioritize amongst demand.
    • Decentralized role can be viewed as an order taker by the business if not properly embedded and matured.
    • No guaranteed synergy and integration across functions; requires strong communication, collaboration, and steering.
    • Cannot meet every business unit’s needs – can cause tension from varying effectiveness of the IT functions.

    The image contains an example of a Hybrid Operating Model: LOB/Functional Aligned.

    Hybrid Model #2: Product-Aligned Operating Model

    I want to…

    • Align my IT organization into core products (services) that IT provides to the organization and establish a relationship with those in the organization that have alignment to that product.
    • Have roles dedicated to the lifecycle of their product and ensure the product can continuously deliver value to the organization.
    • Maintain centralized set of standards as it applies to overall IT strategy, security, and architecture to ensure consistency across products and reduce silos.

    BENEFITS

    • Focus is on the full lifecycle of a product – takes a strategic view of how technology enables the organization.
    • Promotes centralized backlog around a specific value creator, rather than a traditional project focus that is more transactional.
    • Dedicated teams around the product family ensure you have all of the resources required to deliver on your product roadmap.
    • Reduces barriers between IT and business stakeholders; focuses on technology as a key strategic enabler.
    • Delivery is largely done through frequent releases that can deliver value.

    RISKS

    • If there is little or no business involvement, it could prevent IT from truly understanding business demand and prioritizing the wrong work.
    • A lack of formal governance can create silos between the IT products, causing duplication of efforts, missed opportunities for collaboration, and redundancies in application or vendor contracts.
    • Members of each product can interpret the definition of standards (e.g. architecture, security) differently.

    The image contains an example of the Hybrid Operating Model: Product-Aligned Operating Model.

    Hybrid Operating Model #3: Service-Aligned Operating Model

    I want to…

    • Decentralize the IT organization by the various IT services it offers to the organization while remaining centralized with IT strategy, governance, security and operational services.
    • Ensure IT services are defined and people resources are aligned to deliver on those services.
    • Enable each of IT’s services to have the autonomy to understand the business needs and be able to manage the operational and new project initiatives with a dedicated service owner or business relationship manager.

    BENEFITS

    • Strong enabler of agility as each service has the autonomy to make decisions around operational work versus project work based on their understanding of the business demand.
    • Individuals in similar roles that are decentralized across services are given coaching to provide common direction.
    • Allows teams to efficiently scale with service demand.
    • This is a structurally baseline DevOps model. Each group will have services built within that have their own dedicated teams that will handle the full gambit of responsibilities, from new features to enhancements and maintenance.

    RISKS

    • Service owners require a method to collaborate to avoid duplication of efforts or projects that conflict with the efforts of other IT services.
    • May result in excessive cost through role redundancies across different services, as each will focus on components like integration, stakeholder management, project management, and user experiences.
    • Silos cause a high degree of specialization, making it more difficult for team members to imagine moving to another defined service group, limiting potential career advancement opportunities.
    • The level of complex knowledge required by shared services (e.g. help desk) is often beyond what they can provide, causing them to rely on and escalate to defined service groups more than with other operating models.

    The image contains an example of the Hybrid Operating Model: Service-Aligned Operating Model.

    Decentralized Model: Division Decentralization (LoB, Geography, Function, Product)

    I want to…

    • Decentralize the IT organization to enable greater autonomy within specific groups that have differing customer demands and levels of support.
    • Maintain a standard level of service that can be provided by IT for all divisions.
    • Ensure each division has access to critical data and reports that supports informed decision making.

    BENEFITS

    • Organization around functions allows for diversity in approach in how areas are run to best serve a specific business unit’s needs.
    • Each functional line exists largely independently, with full capacity and control to deliver service at the committed SLAs.
    • Highly responsive to shifting needs and demands with direct connection to customers and all stages of the solution development lifecycle.
    • Accelerates decision making by delegating authority lower into the function.
    • Promotes a flatter organization with less hierarchy and more direct communication with the CIO.

    RISKS

    • Requires risk and security to be centralized and have oversight of each division to prevent the decisions of one division from negatively impacting other divisions or the enterprise.
    • Less synergy and integration across what different lines of business are doing can result in redundancies and unnecessary complexity.
    • Higher overall cost to the IT group due to role and technology duplication across different divisions.
    • It will be difficult to centralize aspects of IT in the future, as divisions adopt to a culture of IT autonomy.

    The image contains an example of the Decentralized Model: Division Decentralization.

    Enterprise Model: Multi-Modal

    I want to…

    • Have an organizational structure that leverages several different operating models based on the needs and requirements of the different divisions.
    • Provide autonomy and authority to the different divisions so they can make informed and necessary changes as they see fit without seeking approval from a centralized IT group.
    • Support the different initiatives the enterprise is focused on delivering and ensure the right model is adopted based on those initiatives.

    BENEFITS

    • Allows for the organization to work in ways that best support individual areas; for example, areas that support legacy systems can be supported through traditional operating models while areas that support digital transformations may be supported through more flexible operating models.
    • Enables a specialization of knowledge related to each division.

    RISKS

    • Inconsistency across the organization can lead to confusion on how the organization should operate.
    • Parts of the organization that work in more traditional operating models may feel limited in career growth and innovation.
    • Cross-division initiatives may require greater oversight and a method to enable operations between the different focus areas.

    The image contains an example of the Enterprise Model: Multi-Modal.

    Create enabling teams that bridge your divisions

    The following bridges might be necessary to augment your divisions:

    • Specialized augmentation: There might not be a sufficient number of resources to support each division. These teams will be leveraged across the divisions; this means that the capabilities needed for each division will exist in this bridge team, rather than in the division.
    • Centers of Excellence: Capabilities that exist within divisions can benefit from shared knowledge across the enterprise. Your organization might set up centers of excellence to support best practices in capabilities organization wide. These are Forums in the unfix model, or communities of practice and support capability development rather than deliveries of each division.
    • Facilitation teams might be required to support divisions through coaching. This might include Agile or other coaches who can help teams adopt practices and embed learnings.
    • Holistic teams provide an enterprise view as they work with various divisions. This can include capabilities like user experience, which can benefit from the holistic perspective rather than a siloed one. People with these capabilities augment the divisions on an as-needed basis.
    The image contains a diagram to demonstrate the use of bridges on divisions.

    2.5 Customize the selected sketch to reflect the desired future state

    1-3 hours

    1. Using the baseline operating model sketch, walk through each of the IT capabilities. Based on the outputs from activity 2.1:
      1. Remove any capabilities for which your IT organization is not responsible and/or accountable.
      2. Augment the language of specific capabilities that you feel are not directly reflective of what is being done within your organizational context or that you feel need to be changed to reflect more specifically how work is being done in your organization.
      3. Add any core capabilities from your organization that are missing from the provided IT capability list.
    2. Move capabilities to the right places in the operating model to reflect how each of the core IT processes should interact with one another.
    3. Add bridges as needed to support the divisions in your organization. Identify which capabilities will sit in these bridges and define how they will enable the operating model sketch to deliver.
    InputOutput
    • Selected base operating model sketch
    • Customized list of IT capabilities
    • Understanding of outsourcing and gaps
    • Customized operating model sketch
    MaterialsParticipants
    • Whiteboard/flip charts
    • Operating model sketch examples
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Document the final operating model sketch in the Communications Deck

    Phase 3

    Formalize the Organizational Structure

    This phase will walk you through the following activities:

    3.1 Create work units

    3.2 Create work unit mandates

    3.3 Define roles inside the work units

    3.4 Finalize the organizational chart

    3.5 Identify and mitigate key risks

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership

    Embed change management into the organizational design process

    Enable adoption of the new structure.

    You don’t have to make the change in one big bang. You can adopt alternative transition plans such as increments or pilots. This allows people to see the benefits of why you are undergoing the change, allows the change message to be repeated and applied to the individuals impacted, and provides people with time to understand their role in making the new organizational structure successful.

    “Transformational change can be invigorating for some employees but also highly disruptive and stressful for others.”

    Source: OpenStax, 2019

    Info-Tech Insight

    Without considering the individual impact of the new organizational structure on each of your employees, the change will undoubtedly fail in meeting its intended goals and your organization will likely fall back into old structured habits.

    Use a top-down approach to build your target-state IT organizational sketch

    The organizational sketch is the outline of the organization that encompasses the work units and depicts the relationships among them. It’s important that you create the structure that’s right for your organization, not one that simply fits with your current staff’s skills and knowledge. This is why Info-Tech encourages you to use your operating model as a mode of guidance for structuring your future-state organizational sketch.

    The organizational sketch is made up of unique work units. Work units are the foundational building blocks on which you will define the work that IT needs to get done. The number of work units you require and their names will not match your operating model one to one. Certain functional areas will need to be broken down into smaller work units to ensure appropriate leadership and span of control.

    Use your customized operating model to build your work units

    WHAT ARE WORK UNITS?

    A work unit is a functional group or division that has a discrete set of processes or capabilities that it is responsible for, which don’t overlap with any others. Your customized list of IT capabilities will form the building blocks of your work units. Step one in the process of building your structure is grouping IT capabilities together that are similar or that need to be done in concert in the case of more complex work products. The second step is to iterate on these work units based on the organizational design principles from Phase 1 to ensure that the future-state structure is aligned with enablement of the organization’s objectives.

    Work Unit Examples

    Here is a list of example work units you can use to brainstorm what your organization’s could look like. Some of these overlap in functionality but should provide a strong starting point and hint at some potential alternatives to your current way of organizing.

    • Office of the CIO
    • Strategy and Architecture
    • Architecture and Design
    • Business Relationship Management
    • Projection and Portfolio Management
    • Solution Development
    • Solution Delivery
    • DevOps
    • Infrastructure and Operations
    • Enterprise Information Security
    • Security, Risk & Compliance
    • Data and Analytics

    Example of work units

    The image contains an example of work units.

    3.1 Create functional work units

    1-3 hours

    1. Using a whiteboard or large tabletop, list each capability from your operating model on a sticky note and recreate your operating model. Use one color for centralized activities and a second color for decentralized activities.
    2. With the group of key IT stakeholders, review the operating model and any important definitions and rationale for decisions made.
    3. Starting with your centralized capabilities, review each in turn and begin to form logical groups of compatible capabilities. Review the decentralized capabilities and repeat the process, writing additional sticky notes for capabilities that will be repeated in decentralized units.
    4. Note: Not all capabilities need to be grouped. If you believe that a capability has a high enough priority, has a lot of work, or is significantly divergent from others put this capability by itself.
    5. Define a working title for each new work unit, and discuss the pros and cons of the model. Ensure the work units still align with the operating model and make any changes to the operating model needed.
    6. Review your design principles and ensure that they are aligned with your new work units.
    InputOutput
    • Organizational business objectives
    • Customized operating model
    • Defined work units
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Group formation

    Understand the impact of the functional groups you create.

    A group consists of two or more individuals who are working toward a common goal. Group formation is how those individuals are organized to deliver on that common goal. It should take into consideration the levels of hierarchy in your structure, the level of focus you give to processes, and where power is dispersed within your organizational design.

    Importance: Balance highly important capabilities with lower priority capabilities

    Specialization: The scope of each role will be influenced by specialized knowledge and a dedicated leader

    Effectiveness: Group capabilities that increase their efficacy

    Span of Control: Identify the right number of employees reporting to a single leader

    Choose the degree of specialization required

    Be mindful of the number of hats you’re placing on any one role.

    • Specialization exists when individuals in an organization are dedicated to performing specific tasks associated with a common goal and requiring a particular skill set. Aligning the competencies required to carry out the specific tasks based on the degree of complexity associated with those tasks ensures the right people and number of people can be assigned.
    • When people are organized by their specialties, it reduces the likelihood of task switching, reduces the time spent training or cross-training, and increases the focus employees can provide to their dedicated area of specialty.
    • There are disadvantages associated with aligning teams by their specialization, such as becoming bored and seeing the tasks they are performing as monotonous. Specialization doesn’t come without its problems. Monitor employee motivation

    Info-Tech Insight

    Smaller organizations will require less specialization simply out of necessity. To function and deliver on critical processes, some people might be asked to wear several hats.

    Avoid overloading the cognitive capacity of employees

    Cognitive load refers to the number of responsibilities that one can successfully take on.

    • When employees are assigned an appropriate number of responsibilities this leads to:
      • Engaged employees
      • Less task switching
      • Increased effectiveness on assigned responsibilities
      • Reduced bottlenecks
    • While this cognitive load can differ from employee to employee, when assigning role responsibilities, ensure each role isn’t being overburdened and spreading their focus thin.
    • Moreover, capable does not equal successful. Just because someone has the capability to take on more responsibilities doesn’t mean they will be successful.
    • Leverage the cognitive load being placed on your team to help create boundaries between teams and demonstrate clear role expectations.
    Source: IT Revolution, 2021

    Info-Tech Insight

    When you say you are looking for a team that is a “jack of all trades,” you are likely exceeding appropriate cognitive loads for your staff and losing productivity to task switching.

    Factors to consider for span of control

    Too many and too few direct reports have negative impacts on the organization.

    Complexity: More complex work should have fewer direct reports. This often means the leader will need to provide lots of support, even engaging in the work directly at times.

    Demand: Dynamic shifts in demand require more managerial involvement and therefore should have a smaller span of control. Especially if this demand is to support a 24/7 operation.

    Competency Level: Skilled employees should require less hands-on assistance and will be in a better position to support the business as a member of a larger team than those who are new to the role.

    Purpose: Strategic leaders are less involved in the day-to-day operations of their teams, while operational leaders tend to provide hands-on support, specifically when short-staffed.

    Group formation will influence communication structure

    Pick your poison…

    It’s important to understand the impacts that team design has on your services and products. The solutions that a team is capable of producing is highly dependent on how teams are structured. For example, Conway’s Law tells us that small distributed software delivery teams are more likely to produce modular service architecture, where large collocated teams are better able to create monolithic architecture. This doesn’t just apply to software delivery but also other products and services that IT creates. Note that small distributed teams are not the only way to produce quality products as they can create their own silos.

    Sources: Forbes, 2017

    Create mandates for each of your identified work units

    WHAT ARE WORK UNIT MANDATES?

    The work unit mandate should provide a quick overview of the work unit and be clear enough that any reader can understand why the work unit exists, what it does, and what it is accountable for.

    Each work unit will have a unique mandate. Each mandate should be distinguishable enough from your other work units to make it clear why the work is grouped in this specific way, rather than an alternative option. The mandate will vary by organization based on the agreed upon work units, design archetype, and priorities.

    Don’t just adopt an example mandate from another organization or continue use of the organization’s pre-existing mandate – take the time to ensure it accurately depicts what that group is doing so that its value-added activities are clear to the larger organization.

    Examples of Work Unit Mandates

    The Office of the CIO will be a strategic enabler of the IT organization, driving IT organizational performance through improved IT management and governance. A central priority of the Office of the CIO is to ensure that IT is able to respond to evolving environments and challenges through strategic foresight and a centralized view of what is best for the organization.

    The Project Management Office will provide standardized and effective project management practices across the IT landscape, including an identified project management methodology, tools and resources, project prioritization, and all steps from project initiation through to evaluation, as well as education and development for project managers across IT.

    The Solutions Development Group will be responsible for the high-quality development and delivery of new solutions and improvements and the production of customized business reports. Through this function, IT will have improved agility to respond to new initiatives and will be able to deliver high-quality services and insights in a consistent manner.

    3.2 Create work unit mandates

    1-3 hours

    1. Break into teams of three to four people and assign an equal number of work units to each team.
    2. Have each team create a set of statements that describe the overall purpose of that working group. Each mandate statement should:
    • Be clear enough that any reader can understand.
    • Explain why the work unit exists, what it does, and what it is accountable for.
    • Be distinguishable enough from your other work units to make it clear why the work is grouped in this specific way, rather than an alternative option.
  • Have each group present their work unit mandates and make changes wherever necessary.
  • InputOutput
    • Work units
    • Work unit mandates
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Identify the key roles and responsibilities for the target IT organization

    Now that you have identified the main units of work in the target IT organization, it is time to identify the roles that will perform that work. At the end of this step, the key roles will be identified, the purpose statement will be built, and accountability and responsibility for roles will be clearly defined. Make sure that accountability for each task is assigned to one role only. If there are challenges with a role, change the role to address them (e.g. split roles or shift responsibilities).

    The image contains an example of two work units: Enterprise Architecture and PMO. It then lists the roles of the two work units.

    Info-Tech Insight

    Do not bias your role design by focusing on your existing staff’s competencies. If you begin to focus on your existing team members, you run the risk of artificially narrowing the scope of work or skewing the responsibilities of individuals based on the way it is, rather than the way it should be.

    3.3 Define roles inside the work units

    1-3 hours

    1. Select a work unit from the organizational sketch.
    2. Describe the most senior role in that work unit by asking, “what would the leader of this group be accountable or responsible for?” Define this role and move the capabilities they will be accountable for under that leader. Repeat this activity for the capabilities this leader would be responsible for.
    3. Continue to define each role that will be required in that work unit to deliver or provide oversight related to those capabilities.
    4. Continue until key roles are identified and the capabilities each role will be accountable or responsible for are clarified.
    5. Remember, only one role can have accountability for each capability but several can have responsibility.
    6. For each role, use the list of capabilities that the position will be accountable, responsible, or accountable and responsible for to create a job description. Leverage your own internal job descriptions or visit our Job Descriptions page.
    InputOutput
    • Work units
    • Work unit mandates
    • Responsibilities
    • Accountabilities
    • Roles with clarified responsibilities and accountabilities
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Delivery model for product or solution development

    Can add additional complexity or clarity

    • Certain organizational structures will require a specific type of resourcing model to meet expectations and deliver on the development or sustainment of core products and solutions.
    • There are four common methods that we see in IT organizations:
      • Functional Roles: Completed work is handed off from functional team to functional team sequentially as outlined in the organization’s SDLC.
      • Shared Service & Resource Pools (Matrix): Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.
      • Product or System: Work is directly sent to the teams who are directly managing the product or directly supporting the requestor.
      • Skills & Competencies: Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.
    • Each of these will lead to a difference in how the functional team is skilled. They could have a great understanding of their customer, the product, the solution, or their service.

    Info-Tech Insight

    Despite popular belief, there is no such thing as the Spotify model, and organizations that structured themselves based on the original Spotify drawing might be missing out on key opportunities to obtain productivity from employees.

    Sources: Indeed, 2020; Agility Scales

    There can be different patterns to structure and resource your product delivery teams

    The primary goal of any product delivery team is to improve the delivery of value for customers and the business based on your product definition and each product’s demand. Each organization will have different priorities and constraints, so your team structure may take on a combination of patterns or may take on one pattern and then transform into another.

    Delivery Team Structure Patterns

    How Are Resources and Work Allocated?

    Functional Roles

    Teams are divided by functional responsibilities (e.g. developers, testers, business analysts, operations, help desk) and arranged according to their placement in the software development lifecycle (SDLC).

    Completed work is handed off from team to team sequentially as outlined in the organization’s SDLC.

    Shared Service and Resource Pools

    Teams are created by pulling the necessary resources from pools (e.g. developers, testers, business analysts, operations, help desk).

    Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.

    Product or System

    Teams are dedicated to the development, support, and management of specific products or systems.

    Work is directly sent to the teams who are directly managing the product or directly supporting the requester.

    Skills and Competencies

    Teams are grouped based on skills and competencies related to technology (e.g. Java, mobile, web) or familiarity with business capabilities (e.g. HR, Finance).

    Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.

    Delivery teams will be structured according to resource and development needs

    Functional Roles

    Shared Service and Resource Pools

    Product or System

    Skills and Competencies

    When your people are specialists versus having cross-functional skills

    Leveraged when specialists such as Security or Operations will not have full-time work on the product

    When you have people with cross-functional skills who can self-organize around a product’s needs

    When you have a significant investment in a specific technology stack

    The image contains a diagram of functional roles.The image contains a diagram of shared service and resource pools.The image contains a diagram of product or system.The image contains a diagram of skills and competencies.

    For more information about delivering in a product operating model, refer to our Deliver Digital Products at Scale blueprint.

    3.4 Finalize the organizational chart

    1-3 hours

    1. Import each of your work units and the target-state roles that were identified for each.
    2. In the place of the name of each work unit in your organizational sketch, replace the work unit name with the prospective role name for the leader of that group.
    3. Under each of the leadership roles, import the names of team members that were part of each respective work unit.
    4. Validate the final structure as a group to ensure each of the work units includes all the necessary roles and responsibilities and that there is clear delineation of accountabilities between the work units.

    Input

    Output

    • Work units
    • Work unit mandates
    • Roles with accountabilities and responsibilities
    • Finalized organizational chart

    Materials

    Participants

    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook & Executive Communications Deck

    Proactively consider and mitigate redesign risks

    Every organizational structure will include certain risks that should have been considered and accepted when choosing the base operating model sketch. Now that the final organizational structure has been created, consider if those risks were mitigated by the final organizational structure that was created. For those risks that weren’t mitigated, have a tactic to control risks that remain present.

    3.5 Identify and mitigate key risks

    1-3 hours

    1. For each of the operating model sketch options, there are specific risks that should have been considered when selecting that model.
    2. Take those risks and transfer them into the correct slide of the Organizational Design Workbook.
    3. Consider if there are additional risks that need to be considered with the new organizational structure based on the customizations made.
    4. For each risk, rank the severity of that risk on a scale of low, medium, or high.
    5. Determine one or more mitigation tactic(s) for each of the risks identified. This tactic should reduce the likelihood or impact of the risk event happening.
    InputOutput
    • Final organizational structure
    • Operating model sketch benefits and risks
    • Redesign risk mitigation plan
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Phase 4

    Plan for Implementation & Change

    This phase will walk you through the following activities:

    4.1 Select a transition plan

    4.2 Establish the change communication messages

    4.3 Be consistent with a standard set of FAQs

    4.4 Define org. redesign resistors

    4.5 Create a sustainment plan

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership
    • HR Business Partners

    All changes require change management

    Change management is:

    Managing a change that requires replanning and reorganizing and that causes people to feel like they have lost control over aspects of their jobs.

    – Padar et al., 2017
    People Process Technology

    Embedding change management into organizational design

    PREPARE A

    Awareness: Establish the need for organizational redesign and ensure this is communicated well.

    This blueprint is mostly focused on the prepare and transition components.

    D

    Desire: Ensure the new structure is something people are seeking and will lead to individual benefits for all.

    TRANSITION K

    Knowledge: Provide stakeholders with the tools and resources to function in their new roles and reporting structure.

    A

    Ability: Support employees through the implementation and into new roles or teams.

    FUTURE R

    Reinforcement: Emphasize and reward positive behaviors and attitudes related to the new organizational structure.

    Implementing the new organizational structure

    Implementing the organizational structure can be the most difficult part of the process.

    • To succeed in the process, consider creating an implementation plan that adequately considers these five components.
    • Each of these are critical to supporting the final organizational structure that was established during the redesign process.

    Implementation Plan

    Transition Plan: Identify the appropriate approach to making the transition, and ensure the transition plan works within the context of the business.

    Communication Strategy: Create a method to ensure consistent, clear, and concise information can be provided to all relevant stakeholders.

    Plan to Address Resistance: Given that not everyone will be happy to move forward with the new organizational changes, ensure you have a method to hear feedback and demonstrate concerns have been heard.

    Employee Development Plan: Provide employees with tools, resources, and the ability to demonstrate these new competencies as they adjust to their new roles.

    Monitor and Sustain the Change: Establish metrics that inform if the implementation of the new organizational structure was successful and reinforce positive behaviors.

    Define the type of change the organizational structure will be

    As a result, your organization must adopt OCM practices to better support the acceptance and longevity of the changes being pursued.

    Incremental Change

    Transformational Change

    Organizational change management is highly recommended and beneficial for projects that require people to:

    • Adopt new tools and workflows.
    • Learn new skills.
    • Comply with new policies and procedures.
    • Stop using old tools and workflows.

    Organizational change management is required for projects that require people to:

    • Move into different roles, reporting structures, and career paths.
    • Embrace new responsibilities, goals, reward systems, and values.
    • Grow out of old habits, ideas, and behaviors.
    • Lose stature in the organization.

    Info-Tech Insight

    How you transition to the new organizational structure can be heavily influenced by HR. This is the time to be including them and leveraging their expertise to support the transition “how.”

    Transition Plan Options

    Description

    Pros

    Cons

    Example

    Big Bang Change

    Change that needs to happen immediately – “ripping the bandage off.”

    • It puts an immediate stop to the current way of operating.
    • Occurs quickly.
    • More risky.
    • People may not buy into the change immediately.
    • May not receive the training needed to adjust to the change.

    A tsunami in Japan stopped all imports and exports. Auto manufacturers were unable to get parts shipped and had to immediately find an alternative supplier.

    Incremental Change

    The change can be rolled out slower, in phases.

    • Can ensure that people are bought in along the way through the change process, allowing time to adjust and align with the change.
    • There is time to ensure training takes place.
    • It can be a timely process.
    • If the change is dragged on for too long (over several years) the environment may change and the rationale and desired outcome for the change may no longer be relevant.

    A change in technology, such as HRIS, might be rolled out one application at a time to ensure that people have time to learn and adjust to the new system.

    Pilot Change

    The change is rolled out for only a select group, to test and determine if it is suitable to roll out to all impacted stakeholders.

    • Able to test the success of the change initiative and the implementation process.
    • Able to make corrections before rolling it out wider, to aid a smooth change.
    • Use the pilot group as an example of successful change.
    • Able to gain buy-in and create change champions from the pilot group who have experienced it and see the benefits.
    • Able to prevent an inappropriate change from impacting the entire organization.
    • Lengthy process.
    • Takes time to ensure the change has been fully worked through.

    A retail store is implementing a new incentive plan to increase product sales. They will pilot the new incentive plan at select stores, before rolling it out broadly.

    4.1 Select a transition plan approach

    1-3 hours

    1. List each of the changes required to move from your current structure to the new structure. Consider:
      1. Changes in reporting structure
      2. Hiring new members
      3. Eliminating positions
      4. Developing key competencies for staff
    2. Once you’ve defined all the changes required, consider the three different transition plan approaches: big bang, incremental, and pilot. Each of the transition plan approaches will have drawbacks and benefits. Use the list of changes to inform the best approach.
    3. If you are proceeding with the incremental or the pilot, determine the order in which you will proceed with the changes or the groups that will pilot the new structure first.
    InputOutput
    • Customized operating model sketch
    • New org. chart
    • Current org. chart
    • List of changes to move from current to future state
    • Transition plan to support changes
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • HR Business Partners

    Record the results in the Organizational Design Workbook

    Make a plan to effectively manage and communicate the change

    Success of your new organizational structure hinges on adequate preparation and effective communication.

    The top challenge facing organizations in completing the organizational redesign is their organizational culture and acceptance of change. Effective planning for the implementation and communication throughout the change is pivotal. Make sure you understand how the change will impact staff and create tailored plans for communication.

    65% of managers believe the organizational change is effective when provided with frequent and clear communication.

    Source: SHRM, 2021

    Communicate reasons for organizational structure changes and how they will be implemented

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Five elements of communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • How long will it take us to do it?
    • What will the role be for each department and individual?
    Source: Cornelius & Associates, 2010

    4.2 Establish the change communication messages

    2 hours

    1. The purpose of this activity is to establish a change communication message you can leverage when talking to stakeholders about the new organizational structure.
    2. Review the questions in the Organizational Design Workbook.
    3. Establish a clear message around the expected changes that will have to take place to help realize the new organizational structure.
    InputOutput
    • Customized operating model sketch
    • New org. chart
    • Current org. chart
    • List of changes
    • Transition plan
    • Change communication message for new organizational structure
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Apply the following communication principles to make your IT organization redesign changes relevant to stakeholders

    Be Clear

    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Don’t use jargon.

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.

    Be Relevant

    • Talk about what matters to the stakeholder.
    • Talk about what matters to the initiative.
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • IT thinks in processes but stakeholders only care about results: talk in terms of results.
    • IT wants to be understood but this does not matter to stakeholders. Think: “what’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.

    Frequently asked questions (FAQs) provide a chance to anticipate concerns and address them

    As a starting point for building an IT organizational design implementation, look at implementing an FAQ that will address the following:

    • The what, who, when, why, and where
    • The transition process
    • What discussions should be held with clients in business units
    • HR-centric questions

    Questions to consider answering:

    • What is the objective of the IT organization?
    • What are the primary changes to the IT organization?
    • What does the new organizational structure look like?
    • What are the benefits to our IT staff and to our business partners?
    • How will the IT management team share new information with me?
    • What is my role during the transition?
    • What impact is there to my reporting relationship within my department?
    • What are the key dates I should know about?

    4.3 Be consistent with a standard set of FAQs

    1 hour

    1. Beyond the completed communications plans, brainstorm a list of answers to the key “whats” of your organizational design initiative:
    • What is the objective of the IT organization?
    • What are the primary changes to the IT organization?
    • What does the new organizational structure look like?
    • What are the benefits to our IT staff and to our business partners?
  • Think about any key questions that may rise around the transition:
    • How will the IT management team share new information with me?
    • What is my role during the transition?
    • What impact is there to my reporting relationship within my department?
    • What are the key dates I should know about?
  • Determine the best means of socializing this information. If you have an internal wiki or knowledge-sharing platform, this would be a useful place to host the information.
  • InputOutput
    • Driver(s) for the new organizational structure
    • List of changes to move from current to future state
    • Change communication message
    • FAQs to provide to staff about the organizational design changes
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    The change reaction model

    The image contains a picture of the change reaction model. The model includes a double arrow pointing in both directions of left and right. On top of the arrow are 4 circles spread out on the arrow. They are labelled: Active Resistance, Detachment, Questioning, Acceptance.

    (Adapted from Cynthia Wittig)

    Info-Tech Insight

    People resist changes for many reasons. When it comes to organizational redesign changes, some of the most common reasons people resist change include a lack of understanding, a lack of involvement in the process, and fear.

    Include employees in the employee development planning process

    Prioritize

    Assess employee to determine competency levels and interests.

    Draft

    Employee drafts development goals; manager reviews.

    Select

    Manager helps with selection of development activities.

    Check In

    Manager provides ongoing check-ins, coaching, and feedback.

    Consider core and supplementary components that will sustain the new organizational structure

    Supplementary sustainment components:

    • Tools & Resources
    • Structure
    • Skills
    • Work Environment
    • Tasks
    • Disincentives

    Core sustainment components:

    • Empowerment
    • Measurement
    • Leadership
    • Communication
    • Incentives

    Sustainment Plan

    Sustain the change by following through with stakeholders, gathering feedback, and ensuring that the change rationale and impacts are clearly understood. Failure to so increases the potential that the change initiative will fail or be a painful experience and cost the organization in terms of loss of productivity or increase in turnover rates.

    Support sustainment with clear measurements

    • Measurement is one of the most important components of monitoring and sustaining the new organizational structure as it provides insight into where the change is succeeding and where further support should be added.
    • There should be two different types of measurements:
    1. Standard Change Management Metrics
    2. Organizational Redesign Metrics
  • When gathering data around metrics, consider other forms of measurement (qualitative) that can provide insights on opportunities to enhance the success of the organizational redesign change.
    1. Every measurement should be rooted to a goal. Many of the goals related to organizational design will be founded in the driver of this change initiative
    2. Once the goals have been defined, create one or more measurements that determines if the goal was successful.
    3. Use specific key performance indicators (KPIs) that contain a metric that is being measured and the frequency of that measurement.

    Info-Tech Insight

    Obtaining qualitative feedback from employees, customers, and business partners can provide insight into where the new organizational structure is operating optimally versus where there are further adjustments that could be made to support the change.

    4.4 Consider sustainment metrics

    1 hour

    1. Establish metrics that bring the entire process together and that will ensure the new organizational design is a success.
    2. Go back to your driver(s) for the organizational redesign. Use these drivers to help inform a particular measurement that can be used to determine if the new organizational design will be successful. Each measurement should be related to the positive benefits of the organization, an individual, or the change itself.
    3. Once you have a list of measurements, use these to determine the specific KPI that can be qualified through a metric. Often you are looking for an increase or decrease of a particular measurement by a dollar or percentage within a set time frame.
    4. Use the example metrics in the workbook and update them to reflect your organization’s drivers.
    InputOutput
    • Driver(s) for the new organizational structure
    • List of changes to move from current to future state
    • Change communication message
    • Sustainment metrics
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Related Info-Tech Research

    Build a Strategic IT Workforce Plan

    • Continue into the second phase of the organizational redesign process by defining the required workforce to deliver.
    • Leveraging trends, data, and feedback from your employees, define the competencies needed to deliver on the defined roles.

    Implement a New IT Organizational Structure

    • Organizational design implementations can be highly disruptive for IT staff and business partners.
    • Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to the change.

    Define the Role of Project Management in Agile and Product-Centric Delivery

    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.

    Research Contributors and Experts

    The image contains a picture of Jardena London.

    Jardena London

    Transformation Catalyst, Rosetta Technology Group

    The image contains a picture of Jodie Goulden.

    Jodie Goulden

    Consultant | Founder, OrgDesign Works

    The image contains a picture of Shan Pretheshan.

    Shan Pretheshan

    Director, SUPA-IT Consulting

    The image contains a picture of Chris Briley.

    Chris Briley

    CIO, Manning & Napier

    The image contains a picture of Dean Meyer.

    Dean Meyer

    President N. Dean Meyer and Associates Inc.

    The image contains a picture of Jimmy Williams.

    Jimmy Williams

    CIO, Chocktaw Nation of Oklahoma

    Info-Tech Research Group

    Cole Cioran, Managing Partner

    Dana Daher, Research Director

    Hans Eckman, Principal Research Director

    Ugbad Farah, Research Director

    Ari Glaizel, Practice Lead

    Valence Howden, Principal Research Director

    Youssef Kamar, Senior Manager, Consulting

    Carlene McCubbin, Practice Lead

    Baird Miller, Executive Counsellor

    Josh Mori, Research Director

    Rajesh Parab, Research Director

    Gary Rietz, Executive Counsellor

    Bibliography

    “A Cheat Sheet for HR Professionals: The Organizational Development Process.” AIHR, 2021. Web.

    Acharya, Ashwin, Roni Lieber, Lissa Seem, and Tom Welchman. “How to identify the right ‘spans of control’ for your organization.” McKinsey, 21 December 2017. Web.

    Anand. N., and Jean-Louis Barsoux. “What everyone gets wrong about change management. Harvard Business Review, December 2017. Web.

    Atiken, Chris. “Operating model design-first principles.” From Here On, 24 August 2018. Web.

    “Avoid common digital transformation challenges: Address your IT Operating Model Now.” Sofigate, 5 May 2020. Web.

    Baumann, Oliver, and Brian Wu. “The many dimensions of research on designing flat firms.” Journal of Organizational Design, no. 3, vol. 4. 09 May 2022.Web.

    Bertha, Michael. “Cross the project to product chasm.” CIO, 1 May 2020. Web.

    Blenko, Marcia, and James Root. “Design Principles for a Robust Operating Model.” Bain & Company, 8 April 2015. Web.

    Blenko, Marcia, Leslie Mackrell, and Kevin Rosenberg. “Operating models: How non-profits get from strategy to results.” The Bridge Span Group, 15 August 2019. Web.

    Boulton, Clint. “PVH finds perfect fit in hybrid IT operating model amid pandemic.” CIO, 19 July 2021. Web.

    Boulton, Clint. “Why digital disruption leaves no room for bimodal IT.” CIO, 11 May 2017. Web.

    Bright, David, et al. “Chapter 10: Organizational Structure & Change.” Principles of Management, OpenStax, Rice University, 20 March 2019. Book.

    Campbell, Andrew. “Design Principles: How to manage them.” Ashridge Operating Models. 1 January 2022. Web.

    D., Maria. “3 Types of IT Outsourcing Models and How to Choose Between Them.” Cleveroad, 29 April 2022. Web.

    Devaney, Eric. “9 Types of Organizational Structure Every Company Should Consider.” HubSpot, 11 February 2022. Web.

    Devaney, Erik. “The six building blocks of organizational structure.” Hubspot, 3 June 2020. Web.

    Eisenman, M., S. Paruchuri, and P. Puranam. “The design of emergence in organizations.” Journal of Organization Design, vol. 9, 2020. Web.

    Forbes Business Development Council. “15 Clear Signs It’s Time to Restructure the Business.” Forbes, 10 February 2020. Web.

    Freed, Joseph. “Why Cognitive Load Could Be The Most Important Employee Experience Metric In The Next 10 Years.” Forbes, 30 June 2020. Web.

    Galibraith, Jay. “The Star Model.” JayGalbraith.com, n.d. Web.

    Girod, Stéphane, and Samina Karim. “Restructure or reconfigure?” Harvard Business Review, April 2017. Web.

    Goldman, Sharon. “The need for a new IT Operating Model: Why now?” CIO, 27 August 2019. Web.

    Halapeth, Milind. “New age IT Operating Model: Creating harmony between the old and the new.” Wirpo, n.d. Web.

    Harvey, Michelle. “Why a common operating model is efficient for business productivity.” CMC, 10 May 2020. Web.

    Helfand, Heidi. “Dynamic Reteaming.” O’Reilly Media, 7 July 2020. Book.

    JHeller, Martha. “How Microsoft CIO Jim DuBois changed the IT Operating Model.” CIO, 2 February 2016. Web.

    Heller, Martha. “How Stryker IT Shifted to a global operating model.” CIO, 19 May 2021. Web.

    Heller, Michelle. “Inside blue Shields of California’s IT operating model overhaul.” CIO, 24 February 2021. Web.

    Hessing, Ted. “Value Stream Mapping.” Six Sigma Study Guide, 11 April 2014. Web.

    Huber, George, P. “What is Organization Design.” Organizational Design Community, n.d. Web.

    Indeed Editorial Team. “5 Advantages and Disadvantages of the Matrix Organizational Structure.” Indeed, 23 November 2020. Web.

    Indeed Editorial Team. “How to plan an effective organization restructure.” Indeed, 10 June 2021. Web.

    “Insourcing vs Outsourcing vs Co-Sourcing.” YML Group, n.d. Web.

    “Investing in more strategic roles.” CAPS Research, 3 February 2022. Web.

    Jain, Gagan. “Product IT Operating Model: The next-gen model for a digital work.” DevOps, 22 July 2019. Web.

    Kane, Gerald, D. Plamer, and Anh Phillips. “Accelerating Digital Innovation Inside and Out.” Deloitte Insights, 4 June 2019. Web.

    Krush, Alesia. “IT companies with ‘flat’ structures: utopia or innovative approach?” Object Style, 18 October 2018. Web.

    Law, Michael. “Adaptive Design: Increasing Customer Value in Your Organisation.” Business Agility Institute, 5 October 2020. Web.

    LucidContent Team. “How to get buy-in for changes to your organizational structure.” Lucid Chart, n.d. Web.

    Matthews, Paul. “Do you know the difference between competence and capability?” The People Development Magazine, 25 September 2020. Web.

    Meyer, Dean N. “Analysis: Common symptoms of organizational structure problems.” NDMA, n.d. Web.

    Meyer, N. Dean. “Principle-based Organizational Structure.” NDMA Publishing, 2020. Web.

    Morales Pedraza, Jorge. Answer to posting, “What is the relationship between structure and strategy?” ResearchGate.net, 5 March 2014. Web.

    Nanjad, Len. “Five non-negotiables for effective organization design change.” MNP, 01 October 2021. Web.

    Neilson, Gary, Jaime Estupiñán, and Bhushan Sethi. “10 Principles of Organizational Design.” Strategy & Business, 23 March 2015. Web.

    Nicastro, Dom. “Understanding the Foundational Concepts of Organizational Design.” Reworked, 24 September 2020. Web.

    Obwegeser, Nikolaus, Tomoko Yokoi, Michael Wade, and Tom Voskes. “7 Key Principles to Govern Digital Initiatives.” MIT Sloan, 1 April 2020. Web.

    “Operating Models and Tools.” Business Technology Standard, 23 February 2021. Web.

    “Organizational Design Agility: Journey to a combined community.” ODF-BAI How Space, Organizational Design Forum, 2022. Web.

    “Organizational Design: Understanding and getting started.” Ingentis, 20 January 2021. Web.

    Padar, Katalin, et al. “Bringing project and change management roles into sync.” Journal of Change Management, 2017. Web.

    Partridge, Chris. “Evolve your Operating Model- It will drive everything.” CIO, 30 July 2021. Web.

    Pijnacker, Lieke. “HR Analytics: role clarity impacts performance.” Effectory, 25 September 2019. Web.

    Pressgrove, Jed. “Centralized vs. Federated: Breaking down IT Structures.” Government Technology, March 2020. Web.

    Sherman, Fraser. “Differences between Organizational Structure and Design.” Bizfluent, 20 September 2019. Web.

    Skelton, Matthew, and Manual Pais. “Team Cognitive Load.” IT Revolution, 19 January 2021. Web.

    Skelton, Matthew, and Manual Pais. Team Topologies. IT Revolution Press, 19 September 2019. Book

    Spencer, Janet, and Michael Watkins. “Why organizational change fails.” TLNT, 26 November 2019. Web.

    Storbakken, Mandy. “The Cloud Operating Model.” VMware, 27 January 2020. Web.

    "The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2010. Web.

    “Understanding Organizational Structures.” SHRM, 31 August 2021. Web.

    "unfix Pattern: Base.” AgilityScales, n.d. Web.

    Walker, Alex. “Half-Life: Alyx helped change Valve’s Approach to Development.” Kotaku, 10 July 2020. Web.

    "Why Change Management.” Prosci, n.d. Web.

    Wittig, Cynthia. “Employees' Reactions to Organizational Change.” OD Practioner, vol. 44, no. 2, 2012. Web.

    Woods, Dan. “How Platforms are neutralizing Conway’s Law.” Forbes, 15 August 2017. Web.

    Worren, Nicolay, Jeroen van Bree, and William Zybach. “Organization Design Challenges. Results from a practitioner survey.” Journal of Organizational Design, vol. 8, 25 July 2019. Web.

    Appendix

    IT Culture Framework

    This framework leverages McLean & Company’s adaptation of Quinn and Rohrbaugh’s Competing Values Approach.

    The image contains a diagram of the IT Culture Framework. The framework is divided into four sections: Competitive, Innovative, Traditional, and Cooperative, each with their own list of descriptors.

    Mergers & Acquisitions: The Buy Blueprint

    • Buy Link or Shortcode: {j2store}325|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    There are four key scenarios or entry points for IT as the acquiring organization in M&As:

    • IT can suggest an acquisition to meet the business objectives of the organization.
    • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and valuates the organization potentially being acquired.
    • IT needs to reactively prepare its environment to enable the integration.

    Consider the ideal scenario for your IT organization.

    Our Advice

    Critical Insight

    Acquisitions are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    • Transactions that are driven by digital motivations, requiring IT’s expertise.
    • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

    Impact and Result

    Prepare for a growth/integration transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Mergers & Acquisitions: The Buy Blueprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how your organization can excel its growth strategy by engaging in M&A transactions. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Proactive Phase

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    • One-Pager: M&A Proactive
    • Case Study: M&A Proactive
    • Information Asset Audit Tool
    • Data Valuation Tool
    • Enterprise Integration Process Mapping Tool
    • Risk Register Tool
    • Security M&A Due Diligence Tool

    2. Discovery & Strategy

    Create a standardized approach for how your IT organization should address acquisitions.

    • One-Pager: M&A Discovery & Strategy – Buy
    • Case Study: M&A Discovery & Strategy – Buy

    3. Due Diligence & Preparation

    Evaluate the target organizations to minimize risk and have an established integration project plan.

    • One-Pager: M&A Due Diligence & Preparation – Buy
    • Case Study: M&A Due Diligence & Preparation – Buy
    • IT Due Diligence Charter
    • Technical Debt Business Impact Analysis Tool
    • IT Culture Diagnostic
    • M&A Integration Project Management Tool (SharePoint)
    • SharePoint Template: Step-by-Step Deployment Guide
    • M&A Integration Project Management Tool (Excel)
    • Resource Management Supply-Demand Calculator

    4. Execution & Value Realization

    Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

    • One-Pager: M&A Execution & Value Realization – Buy
    • Case Study: M&A Execution & Value Realization – Buy

    Infographic

    Workshop: Mergers & Acquisitions: The Buy Blueprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-Transaction Discovery & Strategy

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for acquiring.

    Formalize the program plan.

    Create the valuation framework.

    Strategize the transaction and finalize the M&A strategy and approach.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Set up crucial elements to facilitate the success of the transaction.

    Have a repeatable transaction strategy that can be reused for multiple organizations.

    Activities

    1.1 Conduct the CIO Business Vision and CEO-CIO Alignment Diagnostics.

    1.2 Identify key stakeholders and outline their relationship to the M&A process.

    1.3 Identify the rationale for the company's decision to pursue an acquisition.

    1.4 Assess the IT/digital strategy.

    1.5 Identify pain points and opportunities tied to the acquisition.

    1.6 Create the IT vision and mission statements and identify IT guiding principles and the transition team.

    1.7 Document the M&A governance.

    1.8 Establish program metrics.

    1.9 Create the valuation framework.

    1.10 Establish the integration strategy.

    1.11 Conduct a RACI.

    1.12 Create the communication plan.

    1.13 Prepare to assess target organization(s).

    Outputs

    Business perspectives of IT

    Stakeholder network map for M&A transactions

    Business context implications for IT

    IT’s acquiring strategic direction

    Governance structure

    M&A program metrics

    IT valuation framework

    Integration strategy

    RACI

    Communication plan

    Prepared to assess target organization(s)

    2 Mid-Transaction Due Diligence & Preparation

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for integration.

    Assess the target organization(s).

    Create the valuation framework.

    Plan the integration roadmap.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Methodology identified to assess organizations during due diligence.

    Methodology can be reused for multiple organizations.

    Integration activities are planned and assigned.

    Activities

    2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

    2.2 Review the business rationale for the acquisition.

    2.3 Establish the integration strategy.

    2.4 Create the due diligence charter.

    2.5 Create a list of IT artifacts to be reviewed in the data room.

    2.6 Conduct a technical debt assessment.

    2.7 Assess the current culture and identify the goal culture.

    2.8 Identify the needed workforce supply.

    2.9 Create the valuation framework.

    2.10 Establish the integration roadmap.

    2.11 Establish and align project metrics with identified tasks.

    2.12 Estimate integration costs.

    Outputs

    Stakeholder map

    IT strategy assessment

    IT operating model and IT governance structure defined

    Business context implications for IT

    Integration strategy

    Due diligence charter

    Data room artifacts

    Technical debt assessment

    Culture assessment

    Workforce supply identified

    IT valuation framework

    Integration roadmap and associated resourcing

    3 Post-Transaction Execution & Value Realization

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for integration.

    Plan the integration roadmap.

    Prepare employees for the transition.

    Engage in integration.

    Assess the transaction outcomes.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Integration activities are planned and assigned.

    Employees are set up for a smooth and successful transition.

    Integration strategy and roadmap executed to benefit the organization.

    Review what went well and identify improvements to be made in future transactions.

    Activities

    3.1 Identify key stakeholders and determine IT transaction team.

    3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

    3.3 Review the business rationale for the acquisition.

    3.4 Establish the integration strategy.

    3.5 Prioritize integration tasks.

    3.6 Establish the integration roadmap.

    3.7 Establish and align project metrics with identified tasks.

    3.8 Estimate integration costs.

    3.9 Assess the current culture and identify the goal culture.

    3.10 Identify the needed workforce supply.

    3.11 Create an employee transition plan.

    3.12 Create functional workplans for employees.

    3.13 Complete the integration by regularly updating the project plan.

    3.14 Begin to rationalize the IT environment where possible and necessary.

    3.15 Confirm integration costs.

    3.16 Review IT’s transaction value.

    3.17 Conduct a transaction and integration SWOT.

    3.18 Review the playbook and prepare for future transactions.

    Outputs

    M&A transaction team

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Integration strategy

    Integration roadmap and associated resourcing

    Culture assessment

    Workforce supply identified

    Employee transition plan

    Employee functional workplans

    Updated integration project plan

    Rationalized IT environment

    SWOT of transaction

    M&A Buy Playbook refined for future transactions

    Further reading

    Mergers & Acquisitions: The Buy Blueprint

    For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A purchase.

    EXECUTIVE BRIEF

    Analyst Perspective

    Don’t wait to be invited to the M&A table, make it.

    Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
    Brittany Lutes
    Research Analyst,
    CIO Practice
    Info-Tech Research Group
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
    Ibrahim Abdel-Kader
    Research Analyst,
    CIO Practice
    Info-Tech Research Group

    IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

    To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

    IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

    Executive Summary

    Your Challenge

    There are four key scenarios or entry points for IT as the acquiring organization in M&As:

    • IT can suggest an acquisition to meet the business objectives of the organization.
    • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and valuates the organization potentially being acquired.
    • IT needs to reactively prepare its environment to enable the integration.

    Consider the ideal scenario for your IT organization.

    Common Obstacles

    Some of the obstacles IT faces include:

    • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
    • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
    • The people and culture element are forgotten or not given adequate priority.

    These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

    Info-Tech's Approach

    Prepare for a growth/integration transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Info-Tech Insight

    As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

    The changing M&A landscape

    Businesses will embrace more digital M&A transactions in the post-pandemic world

    • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
    • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
    • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

    The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

    Virtual deal-making will be the preferred method of 55% of organizations in the post-pandemic world. (Wall Street Journal, 2020)

    Your challenge

    IT is often not involved in the M&A transaction process. When it is, it’s often too late.

    • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
    • Additionally, IT’s lack of involvement in the process negatively impacts the business:
      • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates).
      • Weak integration teams contribute to the failure of 70% of M&A integrations (The Wall Street Journal, 2019).
      • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
    • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

    Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

    Common Obstacles

    These barriers make this challenge difficult to address for many organizations:

    • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where integration will be critical to business continuity.
    • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
    • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
    • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

    In hindsight, it’s clear to see: Involving IT is just good business.

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

    40% of acquiring businesses discovered a cybersecurity problem at an acquisition.” (Source: Okta)

    Info-Tech's approach

    Acquisitions & Divestitures Framework

    Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    2. Transactions that are driven by digital motivations, requiring IT’s expertise.
    3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
    A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

    The business’ view of IT will impact how soon IT can get involved

    There are four key entry points for IT

    A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
    1. Innovator: IT suggests an acquisition to meet the business objectives of the organization.
    2. Business Partner: IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspective.
    3. Trusted Operator: IT participates in due diligence activities and valuates the organization potentially being acquired.
    4. Firefighter: IT reactively engages in the integration with little time to prepare.

    Merger, acquisition, and divestiture defined

    Merger

    A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

    Acquisition

    The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

    Divestiture

    An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

    Info-Tech Insight

    A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

    Buying vs. selling

    The M&A process approach differs depending on whether you are the executive IT leader on the buy side or sell side

    This blueprint is only focused on the buy side:

    • More than two organizations could be involved in a transaction.
    • Examples of buy-related scenarios include:
      • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
      • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
      • Your organization is buying components of another organization with the intent of integrating them into your original company.
    • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

    The sell side is focused on:

    • Examples of sell-related scenarios include:
      • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
      • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
      • Your organization is engaging in a divestiture with the intent of:
        • Separating components to be part of the purchasing organization permanently.
        • Separating components to be part of a spinoff and establish a unit as a standalone new company.
    • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

    For more information on divestitures or selling your entire organization, check out Info-Tech’s Mergers & Acquisitions: The Sell Blueprint.

    Core business timeline

    For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

    Info-Tech’s methodology for Buying Organizations in Mergers, Acquisitions, or Divestitures

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    Phase Steps

    1. Identify Stakeholders and Their Perspective of IT
    2. Assess IT’s Current Value and Future State
    3. Drive Innovation and Suggest Growth Opportunities
    1. Establish the M&A Program Plan
    2. Prepare IT to Engage in the Acquisition
    1. Assess the Target Organization
    2. Prepare to Integrate
    1. Execute the Transaction
    2. Reflection and Value Realization

    Phase Outcomes

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    Create a standardized approach for how your IT organization should address acquisitions.

    Evaluate the target organizations successfully and establish an integration project plan.

    Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

    Potential metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    The IT executive’s role in the buying transaction is critical

    And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

    1. Reduced Risk

      IT can identify risks that may go unnoticed when IT is not involved.
    2. Increased Accuracy

      The business can make accurate predictions around the costs, timelines, and needs of IT.
    3. Faster Integration

      Faster integration means faster value realization for the business.
    4. Informed Decision Making

      IT leaders hold critical information that can support the business in moving the transaction forward.
    5. Innovation

      IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

    The IT executive’s critical role is demonstrated by:

    • Reduced Risk

      47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).
    • Increased Accuracy

      87% of respondents to a Deloitte survey effectively conducted a virtual deal, with a focus on cybersecurity and integration (Deloitte, 2020).
    • Faster Integration

      Integration costs range from as low as $4 million to as high as $3.8 billion, making the process an investment for the organization (CIO Dive).
    • Informed Decision Making

      Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).
    • Innovation

      Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

    Playbook benefits

    IT Benefits

    • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
    • Develop a streamlined method to valuate the potential organization being purchased and ensure risk management concerns are brought to the business’ attention immediately.
    • Create a comprehensive list of items that IT needs to do during the integration that can be prioritized and actioned.

    Business Benefits

    • The business will get accurate and relevant information about the organization being acquired, ensuring that the anticipated value of the transaction is correctly planned for.
    • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority integration tasks.
    • The business can make a fair offer to the purchased organization, having properly valuated all aspects being bought, including the IT environment.

    Insight summary

    Overarching Insight

    As an IT executive, take control of when you get involved in a growth transaction. Do this by proactively identifying acquisition targets, demonstrating the value of IT, and ensuring that integration of IT environments does not lead to unnecessary and costly decisions.

    Proactive Insight

    CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

    Discovery & Strategy Insight

    IT organizations that have an effective M&A program plan are more prepared for the buying transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

    Due Diligence & Preparation Insight

    Most IT synergies can be realized in due diligence. It is more impactful to consider IT processes and practices (e.g. contracts and culture) in due diligence rather than later in the integration.

    Execution & Value Realization Insight

    IT needs to realize synergies within the first 100 days of integration. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

    Blueprint deliverables

    Key Deliverable: M&A Buy Playbook

    The M&A Buy Playbook should be a reusable document that enables your IT organization to successfully deliver on any acquisition transaction.

    Screenshots of the 'M and A Buy Playbook' deliverable.

    M&A Buy One-Pager

    See a one-page overview of each phase of the transaction.

    Screenshots of the 'M and A Buy One-Pagers' deliverable.

    M&A Buy Case Studies

    Read a one-page case study for each phase of the transaction.

    Screenshots of the 'M and A Buy Case Studies' deliverable.

    M&A Integration Project Management Tool (SharePoint)

    Manage the integration process of the acquisition using this SharePoint template.

    Screenshots of the 'M and A Integration Project Management Tool (SharePoint)' deliverable.

    M&A Integration Project Management Tool (Excel)

    Manage the integration process of the acquisition using this Excel tool if you can’t or don’t want to use SharePoint.

    Screenshots of the 'M and A Integration Project Management Tool (Excel)' deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

      Proactive Phase

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Discovery & Strategy Phase

    • Call #2: Determine stakeholders and their perspectives of IT.
    • Call #3: Identify how M&A could support business strategy and how to communicate.
    • Due Diligence & Preparation Phase

    • Call #4: Establish a transaction team and acquisition strategic direction.
    • Call #5: Create program metrics and identify a standard integration strategy.
    • Call #6: Assess the potential organization(s).
    • Call #7: Identify the integration program plan.
    • Execution & Value Realization Phase

    • Call #8: Establish employee transitions to retain key staff.
    • Call #9: Assess IT’s ability to deliver on the acquisition transaction.

    The Buy Blueprint

    Phase 1

    Proactive

    Phase 1

    Phase 2 Phase 3 Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Conduct the CEO-CIO Alignment diagnostic
    • Conduct the CIO Business Vision diagnostic
    • Visualize relationships among stakeholders to identify key influencers
    • Group stakeholders into categories
    • Prioritize your stakeholders
    • Plan to communicate
    • Valuate IT
    • Assess the IT/digital strategy
    • Determine pain points and opportunities
    • Align goals to opportunities
    • Recommend growth opportunities

    This phase involves the following participants:

    • IT and business leadership

    What is the Proactive phase?

    Embracing the digital drivers

    As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

    In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

    Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

    In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

    Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

    Proactive Prerequisite Checklist

    Before coming into the Proactive phase, you should have addressed the following:

    • Understand what mergers, acquisitions, and divestitures are.
    • Understand what mergers, acquisitions, and divestitures mean for the business.
    • Understand what mergers, acquisitions, and divestitures mean for IT.

    Review the Executive Brief for more information on mergers, acquisitions, and divestitures for purchasing organizations.

    Proactive

    Step 1.1

    Identify M&A Stakeholders and Their Perspective of IT

    Activities

    • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
    • 1.1.2 Conduct the CIO Business Vision diagnostic
    • 1.1.3 Visualize relationships among stakeholders to identify key influencers
    • 1.1.4 Group stakeholders into categories
    • 1.1.5 Prioritize your stakeholders
    • 1.16 Plan to communicate

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

    Business executives' perspectives of IT

    Leverage diagnostics and gain alignment on IT’s role in the organization

    • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
    • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
    • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
    • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
    A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

    Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

    Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

    Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine indicators of the relationship between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

    Business Satisfaction and Importance for Core Services

    The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

    Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

    1.1.1 Conduct the CEO-CIO Alignment diagnostic

    2 weeks

    Input: IT organization expertise and the CEO-CIO Alignment diagnostic

    Output: An understanding of an executive business stakeholder’s perception of IT

    Materials: CEO-CIO Alignment diagnostic, M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
    3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
    4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support growth transactions or support your rationale in recommending growth transactions.

    Download the sample report.

    Record the results in the M&A Buy Playbook.

    1.1.2 Conduct the CIO Business Vision diagnostic

    2 weeks

    Input: IT organization expertise, CIO BV diagnostic

    Output: An understanding of business stakeholder perception of certain IT capabilities and services

    Materials: CIO Business Vision diagnostic, Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, Senior business leaders

    1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
    3. Examine the results of the survey and take note of any IT services that have low scores.
    4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

    Download the sample report.

    Record the results in the M&A Buy Playbook.

    Create a stakeholder network map for M&A transactions

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Example:

    Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

      Legend
    • Black arrows indicate the direction of professional influence
    • Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    1.1.3 Visualize relationships among stakeholders to identify key influencers

    1-3 hours

    Input: List of M&A stakeholders

    Output: Relationships among M&A stakeholders and influencers

    Materials: M&A Buy Playbook

    Participants: IT executive leadership

    1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
    2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Record the results in the M&A Buy Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

    A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.1.4 Group stakeholders into categories

    30 minutes

    Input: Stakeholder map, Stakeholder list

    Output: Categorization of stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, Stakeholders

    1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
    2. Map your results to the model to the right to determine each stakeholder’s category.

    Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the M&A Buy Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Supporter

    Evangelist

    Neutral

    Blocker

    Stakeholder Category Player Critical High High Critical
    Mediator Medium Low Low Medium
    Noisemaker High Medium Medium High
    Spectator Low Irrelevant Irrelevant Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    1.1.5 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix

    Output: Stakeholder and influencer prioritization

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization

    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the M&A Buy Playbook.

    Define strategies for engaging stakeholders by type

    A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

    Type

    Quadrant

    Actions

    Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

    1.1.6 Plan to communicate

    30 minutes

    Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

    Output: Stakeholder communication plan

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

    1. In the M&A Buy Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
    2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

    Record the results in the M&A Buy Playbook.

    Proactive

    Step 1.2

    Assess IT’s Current Value and Method to Achieve a Future State

    Activities

    • 1.2.1 Valuate IT
    • 1.2.2 Assess the IT/digital strategy

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical stakeholders to M&A

    Outcomes of Step

    Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

    How to valuate your IT environment

    And why it matters so much

    • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
    • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
    • (Source: “Valuation Methods,” Corporate Finance Institute)

    Four ways to create value through digital

    1. Reduced costs
    2. Improved customer experience
    3. New revenue sources
    4. Better decision making
    5. (Source: McKinsey & Company)

    1.2.1 Valuate IT

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of IT

    Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership

    The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

    1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
    2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Buy Playbook.

    Data valuation

    Data valuation identifies how you monetize the information that your organization owns.

    Create a data value chain for your organization

    When valuating the information and data that exists in an organization, there are many things to consider.

    Info-Tech has two tools that can support this process:

    1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
    2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

    Data Collection

    Insight Creation

    Value Creation

    Data Valuation

    01 Data Source
    02 Data Collection Method
    03 Data
    04 Data Analysis
    05 Insight
    06 Insight Delivery
    07 Consumer
    08 Value in Data
    09 Value Dimension
    10 Value Metrics Group
    11 Value Metrics
    Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

    Instructions

    1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
    2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
    3. Fill out the columns for data sources, data collection, and data first.
    4. Capture data analysis and related information.
    5. Then capture the value in data.
    6. Add value dimensions such as usage, quality, and economic dimensions.
      • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
    7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
    8. Finally, calculate the value that has a direct correlation with underlying value metrics.

    Application valuation

    Calculate the value of your IT applications

    When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

    • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

    Instructions

    1. Start by calculating user costs. This is the product of the (# of users) × (% of time spent using IT) × (fully burdened salary).
    2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
    3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.
    4. User Costs

      Total User Costs

      Derived Productivity Ratio (DPR)

      Total DPR

      Application Value

      # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

    5. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
    6. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.
    7. IT and Business Costs

      Total IT and Business Costs

      Net Value of Applications

      Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

    (Source: CSO)

    Infrastructure valuation

    Assess the foundational elements of the business’ information technology

    The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

    Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

    Instructions:

    1. Start by listing all of the infrastructure-related items that are relevant to your organization.
    2. Once you have finalized your items column, identify the total costs/value of each item.
      • For example, total software costs would include servers and storage.
    3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

    Item

    Costs/Value

    Hardware Assets Total Value +$3.2 million
    Hardware Leased/Service Agreement -$
    Software Purchased +$
    Software Leased/Service Agreement -$
    Operational Tools
    Network
    Disaster Recovery
    Antivirus
    Data Centers
    Service Desk
    Other Licenses
    Total:

    For additional support, download the M&A Runbook for Infrastructure and Operations.

    Risk and security

    Assess risk responses and calculate residual risk

    The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

    1. Risk Register Tool
    2. Security M&A Due Diligence Tool

    Instructions

    1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
    2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.
    3. Probability of Risk Occurrence

      Occurrence Criteria
      (Classification; Probability of Risk Event Within One Year)

      Negligible Very Unlikely; ‹20%
      Very Low Unlikely; 20 to 40%
      Low Possible; 40 to 60%
      Moderately Low Likely; 60 to 80%
      Moderate Almost Certain; ›80%

    Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

    Financial & Reputational Impact

    Budgetary and Reputational Implications
    (Financial Impact; Reputational Impact)

    Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
    Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
    Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
    Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
    Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

    Risk Category Details

    Probability of Occurrence

    Estimated Financial Impact

    Estimated Severity (Probability X Impact)

    Capacity Planning
    Enterprise Architecture
    Externally Originated Attack
    Hardware Configuration Errors
    Hardware Performance
    Internally Originated Attack
    IT Staffing
    Project Scoping
    Software Implementation Errors
    Technology Evaluation and Selection
    Physical Threats
    Resource Threats
    Personnel Threats
    Technical Threats
    Total:

    1.2.2 Assess the IT/digital strategy

    4 hours

    Input: IT strategy, Digital strategy, Business strategy

    Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

    Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

    1. On the left half of the corresponding slide in the M&A Buy Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
    2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

    For additional support, see Build a Business-Aligned IT Strategy.

    Record the results in the M&A Buy Playbook.

    Proactive

    Step 1.3

    Drive Innovation and Suggest Growth Opportunities

    Activities

    • 1.3.1 Determine pain points and opportunities
    • 1.3.2 Align goals with opportunities
    • 1.3.3 Recommend growth opportunities

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest growth opportunities.

    1.3.1 Determine pain points and opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

    Output: List of pain points or opportunities that IT can address

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

    1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
    2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
    3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

    Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

    Record the results in the M&A Buy Playbook.

    1.3.2 Align goals with opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

    Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for growth strategy

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

    1. For the top three to five business goals, consider:
      1. Underlying drivers
      2. Digital opportunities
      3. Whether a growth or reduction strategy is the solution
    2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

    Record the results in the M&A Buy Playbook.

    1.3.3 Recommend growth opportunities

    1-2 hours

    Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

    Output: M&A transaction opportunities suggested

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

    1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
    2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

    Info-Tech Insight

    With technology and digital driving many transactions, leverage this opening and begin the discussions with your business on how and why an acquisition would be a great opportunity.

    Record the results in the M&A Buy Playbook.

    By the end of this Proactive phase, you should:

    Be prepared to suggest M&A opportunities to support your company’s goals through growth or acquisition transactions

    Key outcome from the Proactive phase

    Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through growth or reduction strategies such as mergers, acquisitions, or divestitures.

    Key deliverables from the Proactive phase
    • Business perspective of IT examined
    • Key stakeholders identified and relationship to the M&A process outlined
    • Ability to valuate the IT environment and communicate IT’s value to the business
    • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
    • Pain points and opportunities that could be alleviated or supported through an M&A transaction
    • Acquisition or buying recommendations

    The Buy Blueprint

    Phase 2

    Discovery & Strategy

    Phase 1

    Phase 2

    Phase 3Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Create the mission and vision
    • Identify the guiding principles
    • Create the future-state operating model
    • Determine the transition team
    • Document the M&A governance
    • Create program metrics
    • Establish the integration strategy
    • Conduct a RACI
    • Create the communication plan
    • Assess the potential organization(s)

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for AcquiringFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
    • 0.2 Identify key stakeholders and outline their relationship to the M&A process
    • 0.3 Identify the rationale for the company's decisions to pursue an acquisition
    • 1.1 Review the business rationale for the acquisition
    • 1.2 Assess the IT/digital strategy
    • 1.3 Identify pain points and opportunities tied to the acquisition
    • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
    • 2.1 Create the future-state operating model
    • 2.2 Determine the transition team
    • 2.3 Document the M&A governance
    • 2.4 Establish program metrics
    • 3.1 Valuate your data
    • 3.2 Valuate your applications
    • 3.3 Valuate your infrastructure
    • 3.4 Valuate your risk and security
    • 3.5 Combine individual valuations to make a single framework
    • 4.1 Establish the integration strategy
    • 4.2 Conduct a RACI
    • 4.3 Review best practices for assessing target organizations
    • 4.4 Create the communication plan
    • 5.1 Complete in-progress deliverables from previous four days
    • 5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Business perspectives of IT
    2. Stakeholder network map for M&A transactions
    1. Business context implications for IT
    2. IT’s acquisition strategic direction
    1. Operating model for future state
    2. Transition team
    3. Governance structure
    4. M&A program metrics
    1. IT valuation framework
    1. Integration strategy
    2. RACI
    3. Communication plan
    1. Completed M&A program plan and strategy
    2. Prepared to assess target organization(s)

    What is the Discovery & Strategy phase?

    Pre-transaction state

    The Discovery & Strategy phase during an acquisition is a unique opportunity for many IT organizations. IT organizations that can participate in the acquisition transaction at this stage are likely considered a strategic partner of the business.

    For one-off acquisitions, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many acquisitions over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

    During this phase of the pre-transaction state, IT will also be asked to participate in ensuring that the potential organization being sought will be able to meet any IT-specific search criteria that was set when the transaction was put into motion.

    Goal: To identify a repeatable program plan that IT can leverage when acquiring all or parts of another organization’s IT environment, ensuring customer satisfaction and business continuity

    Discovery & Strategy Prerequisite Checklist

    Before coming into the Discovery & Strategy phase, you should have addressed the following:

    • Understand the business perspective of IT.
    • Know the key stakeholders and have outlined their relationships to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Understand the rationale for the company's decisions to pursue an acquisition and the opportunities or pain points the acquisition should address.

    Discovery & Strategy

    Step 2.1

    Establish the M&A Program Plan

    Activities

    • 2.1.1 Create the mission and vision
    • 2.1.2 Identify the guiding principles
    • 2.1.3 Create the future-state operating model
    • 2.1.4 Determine the transition team
    • 2.1.5 Document the M&A governance
    • 2.1.6 Create program metrics

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Establish an M&A program plan that can be repeated across acquisitions.

    The vision and mission statements clearly articulate IT’s aspirations and purpose

    The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

    Vision Statements

    Mission Statements

    Characteristics

    • Describe a desired future
    • Focus on ends, not means
    • Concise
    • Aspirational
    • Memorable
    • Articulate a reason for existence
    • Focus on how to achieve the vision
    • Concise
    • Easy to grasp
    • Sharply focused
    • Inspirational

    Samples

    To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

    2.1.1 Create the mission and vision statements

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction

    Output: IT’s mission and vision statements for growth strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a growth strategy.

    1. Review the definitions and characteristics of mission and vision statements.
    2. Brainstorm different versions of the mission and vision statements.
    3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the growth process.

    Record the results in the M&A Buy Playbook.

    Guiding principles provide a sense of direction

    IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

    A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

    IT principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

    Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

    Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

    Long lasting. Build IT principles that will withstand the test of time.

    Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

    Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

    Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

    Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Consider the example principles below

    IT Principle Name

    IT Principle Statement

    1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
    2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
    3. Integration for Success We will create an integration strategy that enables the organization and clearly communicates the resources required to succeed.
    4. Managed Data We will handle data creation, modification, integration, and use across the enterprise in compliance with our data governance policy.
    5. Establish a single IT Environment We will identify, prioritize, and manage the applications and services that IT provides in order to eliminate redundant technology and maximize the value that users and customers experience.
    6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchased organization.
    7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
    8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
    9. Operating to Succeed We will bring all of IT into a central operating model within two years of the transaction.

    2.1.2 Identify the guiding principles

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

    Output: IT’s guiding principles for growth strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the growth strategy process.

    1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
    2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
    3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the growth process.
    4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ growth strategy goals.

    Record the results in the M&A Buy Playbook.

    Create two IT teams to support the transaction

    IT M&A Transaction Team

    • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
    • The roles selected for this team will have very specific skills sets or deliver on critical integration capabilities, making their involvement in the combination of two or more IT environments paramount.
    • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
    • Expect to have to certain duplicate capabilities or roles across the M&A transaction team and operational team.

    IT Operational Team

    • This group is responsible for ensuring the business operations continue.
    • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
    • The roles of this team should ensure that end users or external customers remain satisfied.

    Key capabilities to support M&A

    Consider the following capabilities when looking at who should be a part of the M&A transaction team.

    Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

    Infrastructure

    • Systems Integration
    • Data Management

    Business Focus

    • Service-Level Management
    • Enterprise Architecture
    • Stakeholder Management
    • Project Management

    Risk & Security

    • Privacy Management
    • Security Management
    • Risk & Compliance Management

    Build a lasting and scalable operating model

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

    It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    As you assess the current operating model, consider the following:

    • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
    • What capabilities should be duplicated?
    • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
    • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
    A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

    Info-Tech Insight

    Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

    2.1.3 Create the future-state operating model

    4 hours

    Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Future-state operating model

    Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a growth transaction.

    1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
    2. Identify what core capabilities would be critical to the buying transaction process and integration. Highlight and make copies of those capabilities in the M&A Buy Playbook.
    3. Arrange the capabilities to clearly show the flow of inputs and outputs. Identify critical stakeholders of the process (such as customers or end users) if that will help the flow.
    4. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses or products to better understand needs and deliver on the capability.

    An example operating model is included in the M&A Buy Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

    Record the results in the M&A Buy Playbook.

    2.1.4 Determine the transition team

    3 hours

    Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

    1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
    2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
    3. Review the examples in the M&A Buy Playbook and identify which roles will be a part of the transition team.

    For more information, see Redesign Your Organizational Structure

    What is governance?

    And why does it matter so much to IT and the M&A process?

    • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
    • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
    • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
    • For example, funds to support integration need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
    • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
    A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

    2.1.5 Document M&A governance

    1-2 hours

    Input: List of governing bodies, Governing body committee profiles, Governance structure

    Output: Documented method on how decisions are made as it relates to the M&A transaction

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

    1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
    2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
    3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

    Record the results in the M&A Buy Playbook.

    Current-state structure map – definitions of tiers

    Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

    Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

    Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

    Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

    Measure the IT program’s success in terms of its ability to support the business’ M&A goals

    Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

    Business-Specific Metrics

    • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
    • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
    • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

    IT-Specific Metrics

    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

    Establish your own metrics to gauge the success of IT

    Establish SMART M&A Success Metrics

    S pecific Make sure the objective is clear and detailed.
    M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    R ealistic Objectives must be achievable given your current resources or known available resources.
    T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
    • Provide a definition of synergies.
    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc.
    • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
    • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    2.1.6 Create program metrics

    1-2 hours

    Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

    Output: Program metrics to support IT throughout the M&A process

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

    1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
    2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
    3. Establish a baseline for each metric based on information collected within your organization.
    4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

    Record the results in the M&A Buy Playbook.

    Discovery & Strategy

    Step 2.2

    Prepare IT to Engage in the Acquisition

    Activities

    • 2.2.1 Establish the integration strategy
    • 2.2.2 Conduct a RACI
    • 2.2.3 Create the communication plan
    • 2.2.4 Assess the potential organization(s)

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Identify IT’s plan of action when it comes to the acquisition and align IT’s integration strategy with the business’ M&A strategy.

    Integration strategies

    There are several IT integration strategies that will help you achieve your target technology environment.

    IT Integration Strategies
    • Absorption. Convert the target organization’s strategy, structure, processes, and/or systems to that of the acquiring organization.
    • Best-of-Breed. Pick and choose the most effective people, processes, and technologies to form an efficient operating model.
    • Transformation Retire systems from both organizations and use collective capabilities, data, and processes to create something entirely new.
    • Preservation Retain individual business units that will operate within their own capability. People, processes, and technologies are unchanged.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the integration strategy is well understood and influenced by the frequency of and rationale for acquiring.
    • Based on the initiatives generated by each business process owner, you need to determine the IT integration strategy that will best support the desired target technology environment.

    Key considerations when choosing an IT integration strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT integration best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable growth?

    Absorption and best-of-breed

    Review highlights and drawbacks of absorption and best-of-breed integration strategies

    Absorption
      Highlights
    • Recommended for businesses striving to reduce costs and drive efficiency gains.
    • Economies of scale realized through consolidation and elimination of redundant applications.
    • Quickest path to a single company operation and systems as well as lower overall IT cost.
      Drawbacks
    • Potential for disruption of the target company’s business operations.
    • Requires significant business process changes.
    • Disregarding the target offerings altogether may lead to inferior system decisions that do not yield sustainable results.
    Best-of-Breed
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
    • Potential for better buy-in from the target because some of their systems are kept, resulting in willingness to
      Drawbacks
    • May take longer to integrate because it tends to present increased complexity that results in higher costs and risks.
    • Requires major integration efforts from both sides of the company. If the target organization is uncooperative, creating the desired technology environment will be difficult.

    Transformation and preservation

    Review highlights and drawbacks of transformation and preservation integration strategies

    Transformation
      Highlights
    • This is the most customized approach, although it is rarely used.
    • It is essential to have an established long-term vision of business capabilities when choosing this path.
    • When executed correctly, this approach presents potential for significant upside and creation of sustainable competitive advantages.
      Drawbacks
    • This approach requires extensive time to implement, and the cost of integration work may be significant.
    • If a new system is created without strategic capabilities, the organizations will not realize long-term benefits.
    • The cost of correcting complexities at later stages in the integration effort may be drastic.
    Preservation
      Highlights
    • This approach is appropriate if the merging organizations will remain fairly independent, if there will be limited or no communication between companies, and if the companies’ market strategies, products, and channels are entirely distinct.
    • Environment can be accomplished quickly and at a low cost.
      Drawbacks
    • Impact to each business is minimal, but there is potential for lost synergies and higher operational costs. This may be uncontrollable if the natures of the two businesses are too different to integrate.
    • Reduced benefits and limited opportunities for IT integration.

    2.2.1 Establish the integration strategy

    1-2 hours

    Input: Business integration strategy, Guiding principles, M&A governance

    Output: IT’s integration strategy

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine IT’s approach to integration. The approach might differ slightly from transaction to transaction. However, the business’ approach to transactions should give insight into the general integration strategy IT should adopt.

    1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall integration.
    2. Review and discuss the highlights and drawbacks of each type of integration.
    3. Use Info-Tech’s Integration Posture Selection Framework on the next slide to select the integration posture that will appropriately enable the business. Consider these questions during your discussion:
      1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
      2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
      3. What IT integration best helps obtain these benefits?

    Record the results in the M&A Buy Playbook.

    Integration Posture Selection Framework

    Business M&A Strategy

    Resultant Technology Strategy

    M&A Magnitude (% of Acquirer Assets, Income, or Market Value)

    IT Integration Posture

    A. Horizontal Adopt One Model ‹10% Absorption
    10 to 75% Absorption or Best-of-Breed
    ›75% Best-of-Breed
    B. Vertical Create Links Between Critical Systems Any
    • Preservation (Differentiated Functions)
    • Absorption or Best-of-Breed (Non-Differentiated Functions)
    C. Conglomerate Independent Model Any Preservation
    D. Hybrid: Horizontal & Conglomerate Independent Model Any Preservation

    2.2.2 Conduct a RACI

    1-2 hours

    Input: IT capabilities, Transition team, Integration strategy

    Output: Completed RACI for transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

    1. First, identify a list of critical tasks that need to be completed to support the purchase or acquisition. For example:
      • Communicate with the company M&A team.
      • Identify critical IT risks that could impact the organization after the transaction.
      • Identify key artifacts to collect and review during due diligence.
    2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

    Record the results in the M&A Buy Playbook.

    Communication and change

    Prepare key stakeholders for the potential changes

    • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
    • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
    • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
    • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
      • Organizations with a low appetite for change will require more direct, assertive communications.
      • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change:

    • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
      In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
    • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
    • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    2.2.3 Create the communication plan

    1-2 hours

    Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT integration strategy, RACI

    Output: IT’s M&A communication plan

    Materials: Flip charts/whiteboard, Markers, RACI, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

    1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
    2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
    3. Review Info-Tech’s example communication plan in the M&A Buy Playbook and update it with relevant information.
    4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

    Record the results in the M&A Buy Playbook.

    Assessing potential organizations

    As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when they have to assess the IT organization of a potential purchase. As a result, having a standardized template to quickly gauge the value of the business can be critical.

    Ways to Assess

    1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
    2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on their employees.
    3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
    4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them.

    2.2.4 Assess the potential organization(s)

    1-2 hours

    Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

    Output: IT’s valuation of the potential organization(s) for acquisition

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to assess the organization(s) that your organization is considering purchasing.

    1. Complete the Historical Valuation Worksheet in the M&A Buy Playbook to understand the type of IT organization that your company may inherit and need to integrate with.
      • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
    2. Use the information identified to help the business narrow down which organizations should be targeted for the acquisition.

    Record the results in the M&A Buy Playbook.

    By the end of this pre-transaction phase you should:

    Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in growth transactions

    Key outcomes from the Discovery & Strategy phase
    • Be prepared to analyze and recommend potential organizations that the business can acquire or merge with, using a strong program plan that can be repeated across transactions.
    • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
    Key deliverables from the Discovery & Strategy phase
    • Create vision and mission statements
    • Establish guiding principles
    • Create a future-state operating model
    • Identify the key roles for the transaction team
    • Identify and communicate the M&A governance
    • Determine target metrics
    • Identify the M&A operating model
    • Select the integration strategy framework
    • Conduct a RACI for key transaction tasks for the transaction team
    • Document the communication plan

    M&A Buy Blueprint

    Phase 3

    Due Diligence & Preparation

    Phase 1Phase 2

    Phase 3

    Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Drive value with a due diligence charter
    • Identify data room artifacts
    • Assess technical debt
    • Valuate the target IT organization
    • Assess culture
    • Prioritize integration tasks
    • Establish the integration roadmap
    • Identify the needed workforce supply
    • Estimate integration costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for IntegrationAssess the Target Organization(s)Create the Valuation FrameworkPlan the Integration RoadmapNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Identify the rationale for the company's decisions to pursue an acquisition.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the acquisition.
    • 1.2 Identify pain points and opportunities tied to the acquisition.
    • 1.3 Establish the integration strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Create a list of IT artifacts to be reviewed in the data room.
    • 2.2 Conduct a technical debt assessment.
    • 2.3 Assess the current culture and identify the goal culture.
    • 2.4 Identify the needed workforce supply.
    • 3.1 Valuate the target organization’s data.
    • 3.2 Valuate the target organization’s applications.
    • 3.3 Valuate the target organization’s infrastructure.
    • 3.4 Valuate the target organization’s risk and security.
    • 3.5 Combine individual valuations to make a single framework.
    • 4.1 Prioritize integration tasks.
    • 4.2 Establish the integration roadmap.
    • 4.3 Establish and align project metrics with identified tasks.
    • 4.4 Estimate integration costs.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Integration strategy
    3. Due diligence charter
    1. Data room artifacts
    2. Technical debt assessment
    3. Culture assessment
    4. Workforce supply identified
    1. IT valuation framework to assess target organization(s)
    1. Integration roadmap and associated resourcing
    1. Acquisition integration strategy for IT

    What is the Due Diligence & Preparation phase?

    Mid-transaction state

    The Due Diligence & Preparation phase during an acquisition is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to integration expectations set by the business.

    While not all IT organizations are able to participate in this phase, the evolving nature of M&As to be driven by digital and technological capabilities increases the rationale for IT being at the table. Identifying critical IT risks, which will inevitably be business risks, begins during the due diligence phase.

    This is also the opportunity for IT to plan how it will execute the planned integration strategy. Having access to critical information only available in data rooms will further enable IT to successfully plan and execute the acquisition to deliver the value the business is seeking through a growth transaction.

    Goal: To thoroughly evaluate all potential risks associated with the organization(s) being pursued and create a detailed plan for integrating the IT environments

    Due Diligence Prerequisite Checklist

    Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select an integration strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.

    Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT’s value to the business.

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    • Digital & Technology Strategy
      The identification of objectives and initiatives necessary to achieve business goals.
    • IT Operating Model
      The model for how IT is organized to deliver on business needs and strategies.
    • Information & Technology Governance
      The governance to ensure the organization and its customers get maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

    • Digital and IT Strategy tells you what you need to achieve to be successful.
    • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
    • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

    Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

    Due Diligence & Preparation

    Step 3.1

    Assess the Target Organization

    Activities

    • 3.1.1 Drive value with a due diligence charter
    • 3.1.2 Identify data room artifacts
    • 3.1.3 Assess technical debt
    • 3.1.4 Valuate the target IT organization
    • 3.1.5 Assess culture

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Outcomes of Step

    This step of the process is when IT should actively evaluate the target organization being pursued for acquisition.

    3.1.1 Drive value with a due diligence charter

    1-2 hours

    Input: Key roles for the transaction team, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

    Output: IT Due Diligence Charter

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

    1. In the IT Due Diligence Charter in the M&A Buy Playbook, complete the aspects of the charter that are relevant for you and your organization.
    2. We recommend including these items in the charter:
      • Communication plan
      • Transition team roles
      • Goals and metrics for the transaction
      • Integration strategy
      • Acquisition RACI
    3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

    Record the results in the M&A Buy Playbook.

    3.1.2 Identify data room artifacts

    4 hours

    Input: Future-state operating model, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

    Output: List of items to acquire and review in the data room

    Materials: Critical domain lists on following slides, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a list of the key artifacts that should be asked for and reviewed during the due diligence process.

    1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room. This information should be directed to the target organization.
    2. IT leadership may or may not be asked to enter the data room directly. Therefore, it’s important that you clearly identify these artifacts.
    3. List each question or concern, select the associated workstream in the M&A Buy Playbook, and update the status of the information retrieval.
    4. Use the comments section to document your discoveries or concerns.

    Record the results in the M&A Buy Playbook.

    Critical domains

    Understand the key stakeholders and outputs for each domain

    Each critical domain will likely have different stakeholders who know that domain best. Communicate with these stakeholders throughout the M&A process to make sure you are getting accurate information and interpreting it correctly.

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Business
    • Enterprise Architecture
    • Business Relationship Manager
    • Business Process Owners
    • Business capability map
    • Capability map (the M&A team should be taking care of this, but make sure it exists)
    • Business satisfaction with various IT systems and services
    Leadership/IT Executive
    • CIO
    • CTO
    • CISO
    • IT budgets
    • IT capital and operating budgets (from current year and previous year)
    Data & Analytics
    • Chief Data Officer
    • Data Architect
    • Enterprise Architect
    • Master data domains, system of record for each
    • Unstructured data retention requirements
    • Data architecture
    • Master data domains, sources, and storage
    • Data retention requirements
    Applications
    • Applications Manager
    • Application Portfolio Manager
    • Application Architect
    • Applications map
    • Applications inventory
    • Applications architecture
    • Copy of all software license agreements
    • Copy of all software maintenance agreements
    Infrastructure
    • Head of Infrastructure
    • Enterprise Architect
    • Infrastructure Architect
    • Infrastructure Manager
    • Infrastructure map
    • Infrastructure inventory
    • Network architecture (including which data centers host which infrastructure and applications)
    • Inventory (including integration capabilities of vendors, versions, switches, and routers)
    • Copy of all hardware lease or purchase agreements
    • Copy of all hardware maintenance agreements
    • Copy of all outsourcing/external service provider agreements
    • Copy of all service-level agreements for centrally provided, shared services and systems
    Products and Services
    • Product Manager
    • Head of Customer Interactions
    • Product lifecycle
    • Product inventory
    • Customer market strategy

    Critical domains (continued)

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Operations
    • Head of Operations
    • Service catalog
    • Service overview
    • Service owners
    • Access policies and procedures
    • Availability and service levels
    • Support policies and procedures
    • Costs and approvals (internal and customer costs)
    IT Processes
    • CIO
    • IT Management
    • VP of IT Governance
    • VP of IT Strategy
    • IT process flow diagram
    • Processes in place and productivity levels (capacity)
    • Critical processes/processes the organization feels they do particularly well
    IT People
    • CIO
    • VP of Human Resources
    • IT organizational chart
    • Competency & capacity assessment
    • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
    • IT headcount and location
    Security
    • CISO
    • Security Architect
    • Security posture
    • Information security staff
    • Information security service providers
    • Information security tools
    • In-flight information security projects
    Projects
    • Head of Projects
    • Project portfolio
    • List of all future, ongoing, and recently completed projects
    Vendors
    • Head of Vendor Management
    • License inventory
    • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

    Assess the target organization’s technical debt

    The other organization could be costly to purchase if not yet modernizing.

    • Consider the potential costs that your business will have to spend to get the other IT organization modernized or even digital.
    • This will be highly affected by your planned integration strategy.
    • A best-of-breed strategy might simply mean there's little to bring over from the other organization’s environment.
    • It’s often challenging to identify a direct financial cost for technical debt. Consider direct costs but also assess categories of impact that can have a long-term effect on your business: lost customer, staff, or business partner goodwill; limited flexibility and resilience; and health, safety, and compliance impacts.
    • Use more objective measures to track subjective impact. For example, consider the number of customers who could be significantly affected by each tech debt in the next quarter.

    Focus on solving the problems you need to address.

    Analyzing technical debt has value in that the analysis can help your organization make better risk management and resource allocation decisions.

    Review these examples of technical debt

    Do you have any of these challenges?

    Applications
    • Inefficient or incomplete code
    • Fragile or obsolete systems of record that limit the implementation of new functionality
    • Out-of-date IDEs or compilers
    • Unsupported applications
    Data & Analytics
    • Data presented via API that does not conform to chosen standards (EDI, NRF-ARTS, etc.)
    • Poor data governance
    • No transformation between OLTP and the data warehouse
    • Heavy use of OLTP for reporting
    • Lack of AI model and decision governance, maintenance
    End-User Computing
    • Aging and slow equipment
    • No configuration management
    • No MDM/UEM
    Security
    • Unpatched/unpatchable systems
    • Legacy firewalls
    • No data classification system
    • “Perimeter” security architecture
    • No documented security incident response
    • No policies, or unenforced policies
    Operations
    • Incomplete, ineffective, or undocumented business continuity and disaster recovery plans
    • Insufficient backups or archiving
    • Inefficient MACD processes
    • Application sprawl with no record of installed applications or licenses
    • No ticketing or ITSM system
    • No change management process
    • No problem management process
    • No event/alert management
    Infrastructure
    • End-of-life/unsupported equipment
    • Aging power or cooling systems
    • Water- or halon-based data center fire suppression systems
    • Out-of-date firmware
    • No DR site
    • Damaged or messy cabling
    • Lack of system redundancy
    • Integrated computers on business equipment (e.g. shop floor equipment, medical equipment) running out-of-date OS/software
    Project & Portfolio Management
    • No project closure process
    • Ineffective project intake process
    • No resource management practices

    “This isn’t a philosophical exercise. Knowing what you want to get out of this analysis informs the type of technical debt you will calculate and the approach you will take.” (Scott Buchholz, CTO, Deloitte Government & Public Services Practice, The Wall Street Journal, 2015)

    3.1.3 Assess technical debt

    1-2 hours

    Input: Participant views on organizational tech debt, Five to ten key technical debts, Business impact scoring scales, Reasonable next-quarter scenarios for each technical debt, Technical debt business impact analysis

    Output: Initial list of tech debt for the target organization

    Materials: Whiteboard, Sticky notes, Technical Debt Business Impact Analysis Tool, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

    The purpose of this activity is to assess the technical debt of the other IT organization. Taking on unnecessary technical debt is one of the biggest risks to the IT environment

    1. This activity can be completed by leveraging the blueprint Manage Your Technical Debt, specifically the Technical Debt Business Impact Analysis Tool. Complete the following activities in the blueprint:
      • 1.2.1 Identify your technical debt
      • 1.2.2 Select tech debt for your impact analysis
      • 2.2.2 Estimate tech debt impact
      • 2.2.3 Identify the most-critical technical debts
    2. Review examples of technical debt in the previous slide to assist you with this activity.
    3. Document the results from tab 3, Impact Analysis, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.

    Record the results in the M&A Buy Playbook.

    How to valuate an IT environment

    And why it matters so much

    • Valuating the target organization’s IT environment is a critical step to fully understand what it might be worth. Business partners are often not in the position to valuate the IT aspects to the degree that you would be.
    • The business investments in IT can be directly translated to a value amount. Meaning for every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT can be so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.

    The IT valuation conducted during due diligence can have a significant impact on the final financials of the transaction for the business.

    3.1.4 Valuate the target IT organization

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of target organization’s IT

    Materials: Relevant templates/tools, Capital budget, Operating budget, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Prospective IT organization

    The purpose of this activity is to valuate the other IT organization.

    1. Review each of slides 42 to 45 to generate a valuation of IT’s data, applications, infrastructure, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount. For more information on this activity, review Activity 1.2.1 from the Proactive phase.
    2. Identify financial amounts for each critical area and add the financial output to the summary slide in the M&A Buy Playbook.
    3. Compare this information against your own IT organization’s valuation.
      1. Does it add value to your IT organization?
      2. Is there too much risk to accept if this transaction goes through?

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Buy Playbook.

    Culture should not be overlooked, especially as it relates to the integration of IT environments

    • There are three types of culture that need to be considered.
    • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
    • Make a decision on which type of culture you’d like IT to have post-transition.

    Target Organization’s Culture

    The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

    Your Organization’s Culture

    The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

    Ideal Culture

    What will the future culture of the IT organization be once integration is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

    Culture categories

    Map the results of the IT Culture Diagnostic to an existing framework

    Competitive
    • Autonomy
    • Confront conflict directly
    • Decisive
    • Competitive
    • Achievement oriented
    • Results oriented
    • High performance expectations
    • Aggressive
    • High pay for good performance
    • Working long hours
    • Having a good reputation
    • Being distinctive/different
    Innovative
    • Adaptable
    • Innovative
    • Quick to take advantage of opportunities
    • Risk taking
    • Opportunities for professional growth
    • Not constrained by rules
    • Tolerant
    • Informal
    • Enthusiastic
    Traditional
    • Stability
    • Reflective
    • Rule oriented
    • Analytical
    • High attention to detail
    • Organized
    • Clear guiding philosophy
    • Security of employment
    • Emphasis on quality
    • Focus on safety
    Cooperative
    • Team oriented
    • Fair
    • Praise for good performance
    • Supportive
    • Calm
    • Developing friends at work
    • Socially responsible

    Culture Considerations

    • What culture category was dominant for each IT organization?
    • Do you share the same dominant category?
    • Is your current dominant culture category the most ideal to have post-integration?

    3.1.5 Assess Culture

    3-4 hours

    Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

    Output: Goal for IT culture

    Materials: IT Culture Diagnostic, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

    The purpose of this activity is to assess the different cultures that might exist within the IT environments of both organizations. More importantly, your IT organization can select its desired IT culture for the long term if it does not already exist.

    1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic. Fill out the diagnostic for the IT department in your organization:
      1. Answer the 16 questions in tab 2, Diagnostic.
      2. Find out your dominant culture and review recommendations in tab 3, Results.
    2. Document the results from tab 3, Results, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.
    3. Repeat the activity for the target organization.
    4. Leverage the information to determine what the goal for the culture of IT will be post-integration if it will differ from the current culture.

    Record the results in the M&A Buy Playbook.

    Due Diligence & Preparation

    Step 3.2

    Prepare to Integrate

    Activities

    • 3.2.1 Prioritize integration tasks
    • 3.2.2 Establish the integration roadmap
    • 3.2.3 Identify the needed workforce supply
    • 3.2.4 Estimate integration costs
    • 3.2.5 Create an employee transition plan
    • 3.2.6 Create functional workplans for employees
    • 3.2.7 Align project metrics with identified tasks

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Have an established plan of action toward integration across all domains and a strategy toward resources.

    Don’t underestimate the importance of integration preparation

    Integration is the process of combining the various components of one or more organizations into a single organization.

    80% of integration should happen within the first two years. (Source: CIO Dive)

    70% of M&A IT integrations fail due to components that could and should be addressed at the beginning. (Source: The Wall Street Journal, 2019)

    Info-Tech Insight

    Integration is not rationalization. Once the organization has integrated, it can prepare to rationalize the IT environment.

    Integration needs

    Identify your domain needs to support the target technology environment

    Set up a meeting with your IT due diligence team to:

    • Address data, applications, infrastructure, and other domain gaps.
    • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

    Use this opportunity to:

    • Identify data and application complexities between your organization and the target organization.
    • Identify the IT people and process gaps, redundancies, and initiatives.
    • Determine your infrastructure needs and identify redundancies.
      • Does IT have the infrastructure to support the applications and business capabilities of the resultant enterprise?
      • Identify any gaps between the current infrastructure in both organizations and the infrastructure required in the resultant enterprise.
      • Identify any redundancies.
      • Determine the appropriate IT integration strategies.
    • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of integration.

    Integration implications

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Data & Analytics

    • Consider data sources that might need to be combined (e.g. financials, email lists, internet).
    • Understand where each organization will warehouse its data and how it will be managed in a cost-effective manner.
    • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
    • Analyze whether or not the data types are compatible between companies.
    • Understand the critical data needs and the complexity of integration activities.
    • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
    • Focus on the master data domains that represent the core of your business.
    • Assess the value, size, location, and cleanliness of the target organization’s data sets.
    • Determine the data sets that will be migrated to capture expected synergies and drive core capabilities while addressing how other data sets will be maintained and managed.
    • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
    • Establish interim linkages and common interfaces for applications while major migrations occur.

    Applications

    • Establish whether or not there are certain critical applications that still need to be linked (e.g. email, financials).
    • Leverage the unique strengths and functionalities provided by the applications used by each organization.
    • Confirm that adequate documentation and licensing exists.
    • Decide which critical applications need to be linked versus which need to be kept separate to drive synergies. For example, financial, email, and CRM may need to be linked, while certain applications may remain distinct.
    • Pay particular attention to the extent to which systems relating to customers, products, orders, and shipments need to be integrated.
    • Determine the key capabilities that require support from the applications identified by business process owners.
    • Assess which major applications need to be adopted by both organizations, based on the M&A goals.
    • Establish interim linkages and common interfaces for applications while major migrations occur.
    • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
    • Establish interim linkages and common interfaces for applications while major migrations occur.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Infrastructure

    • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
    • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
    • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
    • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
    • Evaluate whether certain infrastructure components, such as data centers, can be consolidated to support the new model while also eliminating redundancies. This will help reduce costs.
    • Assess which infrastructure components need to be kept versus which need to be terminated to support the new application portfolio. Keep in mind that increasing the transaction volume on a particular application increases the infrastructure capacity that is required for that application.
    • Extend the network to integrate additional locations.

    IT People & Processes

    • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
    • Consider whether there are redundancies in staffing that could be eliminated.
    • The IT processes of each organization will most likely remain separate.
    • Consider the impact of the target organization on your IT processes.
    • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
    • Consider whether there are redundancies in staffing that could be eliminated.
    • Consider how critical IT processes of the target organization fit with your current IT processes.
    • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the common systems.
    • If there is overlap with the IT processes in both organizations, you may wish to map out both processes to get a sense for how they might work together.
    • Assess what processes will be prioritized to support IT strategies.
    • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the prioritized IT processes.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Leadership/IT Executive

    • Have insight into the goals and direction of the organization’s leadership. Make sure that a communication path has been established to receive information and provide feedback.
    • The decentralized model will require some form of centralization and strong governance processes to enable informed decisions.
    • Ensure that each area can deliver on its needs while not overstepping the goals and direction of the organization.
    • This will help with integration in the sense that front-line employees can see a single organization beginning to form.
    • In this model, there is the opportunity to select elements of each leadership style and strategy that will work for the larger organization.
    • Leadership can provide a single and unified approach to how the strategic goals will be executed.
    • More often than not, this would be the acquiring organization’s strategic direction.

    Vendors

    • Determine which contracts the target organization currently has in place.
    • Having different vendors in place will not be a bad model if it makes sense.
    • Spend time reviewing the contracts and ensuring that each organization has the right contracts to succeed.
    • Identify what redundancies might exist (ERPs, for example) and determine if the vendor would be willing to terminate one contract or another.
    • Through integration, it might be possible to engage in one set of contract negotiations for a single application or technology.
    • Identify whether there are opportunities to combine contracts or if they must remain completely separated until the end of the term.
    • In an effort to capitalize on the contracts working well, reduce the contracts that might be hindering the organization.
    • Speak to the vendor offering the contract.
    • Going forward, ensure the contracts are negotiated to include clauses to allow for easier and more cost-effective integration.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Security

    • Both organizations would need to have a process for securing their organization.
    • Sharing and accessing information might be more difficult, as each organization would need to keep the other organization separate to ensure the organization remains secure.
    • Creating standard policies and procedures that each organization must adhere to would be critical here (for example, multifactor authentication).
    • Establish a single path of communication between the two organizations, ensuring reliable and secure data and information sharing.
    • Leverage the same solutions to protect the business as a whole from internal and external threats.
    • Identify opportunities where there might be user points of failure that could be addressed early in the process.
    • Determine what method of threat detection and response will best support the business and select that method to apply to the entire organization, both original and newly acquired.

    Projects

    • Projects remain ongoing as they were prior to the integration.
    • Some projects might be made redundant after the initial integration is over.
    • Re-evaluate the projects after integration to ensure they continue to deliver on the business’ strategic direction.
    • Determine which projects are similar to one another and identify opportunities to leverage business needs and solutions for each organization where possible.
    • Review project histories to determine the rationale for and success of projects that could be reused in either organization going forward.
    • Determine which projects should remain ongoing and which projects could wait to be implemented or could be completely stopped.
    • There might be certain modernization projects ongoing that cannot be stopped.
    • However, for all other projects, embrace a single portfolio.
    • Completely reduce or remove all ongoing projects from the one organization and continue with only the projects of the other organization.
    • Add in new projects when they arise as needed.

    3.2.1 Prioritize integration tasks

    2 hours

    Input: Integration tasks, Transition team, M&A RACI

    Output: Prioritized integration list

    Materials: Integration task checklist, Integration roadmap

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to prioritize the different integration tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

    1. Download the SharePoint or Excel version of the M&A Integration Project Management Tool. Identify which integration tasks you want as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
    2. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
    3. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Integration checklists

    Prerequisite Checklist
    • Build the project plan for integration and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the acquisition or purchase
    • Develop IT's purchasing strategy
    • Determine goal opportunities
    • Create the mission and vision statements
    • Create the guiding principles
    • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Assess workforce demand and supply
    • Plan and communicate potential layoffs
    • Create an employee transition plan
    • Identify the IT investment
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Identify and assess all of IT's risks
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the needed workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Data architecture
    • Data sources
    • Data storage (on-premises vs. cloud)
    • Enterprise content management
    • Compatibility of data types between organizations
    • Cleanliness/usability of target organization data sets
    • Identify data sets that need to be combined to capture synergies/drive core capabilities
    • Reporting and analytics capabilities
    Applications
    • Prioritize and address critical applications
      • ERP
      • CRM
      • Email
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
    • Leverage application rationalization framework to determine applications to keep, terminate, or create
    • Develop method of integrating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    Operations
    • Communicate helpdesk/service desk information
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Consolidate phone lists and extensions
    • Synchronize email address books

    Integration checklists (continued)

    Infrastructure
    • Determine single network access
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Rationalize vendor services and solutions
    • Identify opportunities to mature the security architecture
    People
    • Design an IT operating model
    • Redesign your IT organizational structure
    • Conduct a RACI
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Create a list of employees to be terminated
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Stop duplicate or unnecessary target organization projects
    • Communicate project intake process
    • Prioritize projects
    Products & Services
    • Ensure customer services requirements are met
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    Security
    • Conduct a security assessment of target organization
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be terminated
    • Identify process expectations from target organization
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies

    3.2.2 Establish the integration roadmap

    2 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

    Output: Integration roadmap

    Materials: M&A Integration Project Plan Tool (SharePoint), M&A Integration Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

    The purpose of this activity is to create a roadmap to support IT throughout the integration process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth integration.

    1. Leverage our M&A Integration Project Management Tool to track critical elements of the integration project. There are a few options available:
      1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template.
      2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
        **Remember that this your tool, so customize to your liking.
    2. Identify who will own or be accountable for each of the integration tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Integration Project Management Tool (SharePoint Template)

    Follow these instructions to upload our template to your SharePoint environment

    1. Create or use an existing SP site.
    2. Download the M&A Integration Project Plan Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Buy Blueprint landing page.
    3. To import a template into your SharePoint environment, do the following:
      1. Open PowerShell.
      2. Connect-SPO Service (need to install PowerShell module).
      3. Enter in your tenant admin URL.
      4. Enter in your admin credentials.
      5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
      OR
      1. Turn on both custom script features to allow users to run custom
    4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
    5. Enable the SharePoint Server Standard Site Collection features.
    6. Upload the .wsp file in Solutions Gallery.
    7. Deploy by creating a subsite and select from custom options.
      • Allow or prevent custom script
      • Security considerations of allowing custom script
      • Save, download, and upload a SharePoint site as a template
    8. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

    For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

    Participate in active workforce planning to transition employees

    The chosen IT operating model, primary M&A goals, and any planned changes to business strategy will dramatically impact IT staffing and workforce planning efforts.

    Visualization of the three aspects of 'IT workforce planning', as listed below.

    IT workforce planning

    • Primary M&A goals
      If the goal of the M&A is cost cutting, then workforce planning will be necessary to identify labor redundancies.
    • Changes to business strategy
      If business strategy will change after the merger, then workforce planning will typically be more involved than if business strategy will not change.
    • Integration strategy
      For independent models, workforce planning will typically be unnecessary.
      For connection of essential systems or absorption, workforce planning will likely be an involved, time-consuming process.
    1. Estimate the headcount you will need through the end of the M&A transition period.
    2. Outline the process you will use to assess staff for roles that have more than one candidate.
    3. Review employees in each department to determine the best fit for each role.
    4. Determine whether terminations will happen all together or in waves.

    Info-Tech Insight

    Don’t be a short-term thinker when it comes to workforce planning! IT teams that only consider the headcount needed on day one of the new entity will end up scrambling to find skilled resources to fill workforce gaps later in the transition period.

    3.2.3 Identify the needed workforce supply

    3-4 hours

    Input: IT strategy, Prioritized integration tasks

    Output: A clear indication of how many resources are required for each role and the number of resources that the organization actually has

    Materials: Resource Management Supply-Demand Calculator

    Participants: IT executive/CIO, IT senior leadership, Target organization employees, Company M&A team, Transition team

    The purpose of this activity is to determine the anticipated amount of work that will be required to support projects (like integration), administrative, and keep-the-lights-on activities.

    1. Download the Resource Management Supply-Demand Calculator.
    2. The calculator requires minimal up-front staff participation: You can obtain meaningful results with participation from as few as one person with insight on the distribution of your resources and their average work week or month.
    3. The calculator will yield a report that shows a breakdown of your annual resource supply and demand, as well as the gap between the supply and demand. Further insight on project and non-project supply and demand are provided.
    4. Repeat the tool several times to identify the needs of your IT environment for day one, day 30/100, and year one. Anticipate that these will change over time. Also, do not forget to obtain this information from the target organization. Given that you will be integrating, it’s important to know how many staff they have in which roles.
    5. **For additional information, please review slides starting from slide 44 in Establish Realistic IT Resource Management Practices to see how to use the tool.

    Record the results in the Resource Management Supply-Demand Calculator.

    Resource Supply-Demand Calculator Output Example

    Example of a 'Resource Management Supply-Demand Analysis Report' with charts and tables measuring Annualized Resource Supply and Demand, Resource Capacity Confidence, Project Capacity, and combinations of those metrics.

    Resource Capacity Confidence. This figure is based on your confidence in supply confidence, demand stability, and the supply-demand ratio.

    Importance of estimating integration costs

    Change is the key driver of integration costs

    Integration costs are dependent on the following:
    • Meeting synergy targets – whether that be cost saving or growth related.
      • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
    • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk-mitigation standards.
    • Governance or third party–related support required to ensure timelines are met and the integration is a success.
    Integration costs vary by industry type.
    • Certain industries may have integration costs made up of mostly one type, differing from other industries, due to the complexity and different demands of the transaction. For example:
      • Healthcare integration costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
      • Energy and Utilities tend to have the lowest integration costs due to most transactions occurring within the same sector rather than as a cross-sector investment. For example, oil and gas acquisitions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

    Integration costs are more related to the degree of change required than the size of the transaction.

    3.2.4 Estimate integration costs

    3-4 hours

    Input: Integration tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

    Output: List of anticipated costs required to support IT integration

    Materials: Integration task checklist, Integration roadmap, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to estimate the costs that will be associated with the integration. It’s important to ensure a realistic figure is identified and communicated to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

    1. On the associated slide in the M&A Buy Playbook, input:
      • Task
      • Domain
      • Cost type
      • Total cost amount
      • Level of certainty around the cost
    2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

    Record the results in the M&A Buy Playbook.

    Employee transition planning

    Considering employee impact will be a huge component to ensure successful integration

    • Meet With Leadership
    • Plan Individual and Department Redeployment
    • Plan Individual and Department Layoffs
    • Monitor and Manage Departmental Effectiveness
    • For employees, the transition could mean:
      • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
      • Being laid off because the role they are currently occupying has been made redundant.
    • It is important to plan for what the M&A integration needs will be and what the IT operational needs will be.
    • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

    Info-Tech Insight

    Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

    3.2.5 Create an employee transition plan

    3-4 hours

    Input: IT strategy, IT organizational design, Resource Supply-Demand Calculator output

    Output: Employee transition plans

    Materials: M&A Buy Playbook, Whiteboard, Sticky notes, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a transition plan for employees.

    1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
      • Understand the direction of the employee transitions.
      • Identify employees that will be involved in the transition (moved or laid off).
      • Prepare to meet with employees.
      • Meet with employees.
    2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
    3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

    **Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

    Record the results in the M&A Buy Playbook.

    3.2.6 Create functional workplans for employees

    3-4 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

    Output: Employee functional workplans

    Materials: M&A Buy Playbook, Learning and development tools

    Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

    The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

    1. First complete the transition plan from the previous activity (3.2.5) and the separation roadmap. Have these documents ready to review throughout this process.
    2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
    3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Buy Playbook.
    4. For each employee, identify someone who will be a point of contact for them throughout the transition.

    It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

    Record the results in the M&A Buy Playbook.

    Metrics for integration

    Valuation & Due Diligence

    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target

    Execution & Value Realization

    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    3.2.7 Align project metrics with identified tasks

    3-4 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners, M&A goals

    Output: Integration-specific metrics to measure success

    Materials: Roadmap template, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Transition team

    The purpose of this activity is to understand how to measure the success of the integration project by aligning metrics to each identified task.

    1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
    2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
      • What is the main goal or objective that this metric is trying to solve?
      • What does success look like?
      • Does the metric promote the right behavior?
      • Is the metric actionable? What is the story you are trying to tell with this metric?
      • How often will this get measured?
      • Are there any metrics it supports or is supported by?

    Record the results in the M&A Buy Playbook.

    By the end of this mid-transaction phase you should:

    Have successfully evaluated the target organization’s IT environment, escalated the acquisition risks and benefits, and prepared IT for integration.

    Key outcomes from the Due Diligence & Preparation phase
    • Participate in due diligence activities to accurately valuate the target organization(s) and determine if there are critical risks or benefits the current organization should be aware of.
    • Create an integration roadmap that considers the tasks that will need to be completed and the resources required to support integration.
    Key deliverables from the Due Diligence & Preparation phase
    • Establish a due diligence charter
    • Create a list of data room artifacts and engage in due diligence
    • Assess the target organization’s technical debt
    • Valuate the target IT organization
    • Assess and plan for culture
    • Prioritize integration tasks
    • Establish the integration roadmap
    • Identify the needed workforce supply
    • Estimate integration costs
    • Create employee transition plans
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    M&A Buy Blueprint

    Phase 4

    Execution & Value Realization

    Phase 1Phase 2Phase 3

    Phase 4

    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Rationalize the IT environment
    • Continually update the project plan
    • Confirm integration costs
    • Review IT’s transaction value
    • Conduct a transaction and integration SWOT
    • Review the playbook and prepare for future transactions

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Engage in Integration

    Day 4

    Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Integration RoadmapPrepare Employees for the TransitionEngage in IntegrationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

    Activities

    • 0.1 Understand the rationale for the company's decisions to pursue an acquisition.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the acquisition.
    • 1.2 Identify pain points and opportunities tied to the acquisition.
    • 1.3 Establish the integration strategy.
    • 1.4 Prioritize Integration tasks.
    • 2.1 Establish the integration roadmap.
    • 2.2 Establish and align project metrics with identified tasks.
    • 2.3 Estimate integration costs.
    • 3.1 Assess the current culture and identify the goal culture.
    • 3.2 Identify the needed workforce supply.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • I.1 Complete the integration by regularly updating the project plan.
    • I.2 Begin to rationalize the IT environment where possible and necessary.
    • 4.1 Confirm integration costs.
    • 4.2 Review IT’s transaction value.
    • 4.3 Conduct a transaction and integration SWOT.
    • 4.4 Review the playbook and prepare for future transactions.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Integration strategy
    1. Integration roadmap and associated resourcing
    1. Culture assessment
    2. Workforce supply identified
    3. Employee transition plan
    1. Rationalized IT environment
    2. Updated integration project plan
    1. SWOT of transaction
    2. M&A Buy Playbook refined for future transactions

    What is the Execution & Value Realization phase?

    Post-transaction state

    Once the transaction comes to a close, it’s time for IT to deliver on the critical integration tasks. Set the organization up for success by having an integration roadmap. Retaining critical IT staff throughout this process will also be imperative to the overall transaction success.

    Throughout the integration process, roadblocks will arise and need to be addressed. However, by ensuring that employees, technology, and processes are planned for ahead of the transaction, you as IT will be able to weather those unexpected concerns with greater ease.

    Now that you as an IT leader have engaged in an acquisition, demonstrating the value IT was able to provide to the process is critical to establishing a positive and respected relationship with other senior leaders in the business. Be prepared to identify the positives and communicate this value to advance the business’ perception of IT.

    Goal: To carry out the planned integration activities and deliver the intended value to the business

    Execution Prerequisite Checklist

    Before coming into the Execution & Value Realization phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics and align to project tasks.
    • Select an integration strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.
    • Create a list of data room artifacts and engage in due diligence (directly or indirectly).
    • Prioritize integration tasks.
    • Establish the integration roadmap.
    • Identify the needed workforce supply.
    • Create employee transition plans.

    Before coming into the Execution & Value Realization phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Establish a due diligence charter.
    • Assess the target organization’s technical debt.
    • Valuate the target IT organization.
    • Assess and plan for culture.
    • Estimate integration costs.
    • Create functional workplans for employees.

    Integration checklists

    Prerequisite Checklist
    • Build the project plan for integration and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the acquisition or purchase
    • Develop IT's purchasing strategy
    • Determine goal opportunities
    • Create the mission and vision statements
    • Create the guiding principles
    • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Assess workforce demand and supply
    • Plan and communicate potential layoffs
    • Create an employee transition plan
    • Identify the IT investment
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Identify and assess all of IT's risks
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the needed workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Data architecture
    • Data sources
    • Data storage (on-premises vs. cloud)
    • Enterprise content management
    • Compatibility of data types between organizations
    • Cleanliness/usability of target organization data sets
    • Identify data sets that need to be combined to capture synergies/drive core capabilities
    • Reporting and analytics capabilities
    Applications
    • Prioritize and address critical applications
      • ERP
      • CRM
      • Email
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
    • Leverage application rationalization framework to determine applications to keep, terminate, or create
    • Develop method of integrating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    Operations
    • Communicate helpdesk/service desk information
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Consolidate phone lists and extensions
    • Synchronize email address books

    Integration checklists (continued)

    Infrastructure
    • Determine single network access
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Rationalize vendor services and solutions
    • Identify opportunities to mature the security architecture
    People
    • Design an IT operating model
    • Redesign your IT organizational structure
    • Conduct a RACI
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Create a list of employees to be terminated
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Stop duplicate or unnecessary target organization projects
    • Communicate project intake process
    • Prioritize projects
    Products & Services
    • Ensure customer services requirements are met
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    Security
    • Conduct a security assessment of target organization
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be terminated
    • Identify process expectations from target organization
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies

    Execution & Value Realization

    Step 4.1

    Execute the Transaction

    Activities

    • 4.1.1 Rationalize the IT environment
    • 4.1.2 Continually update the project plan

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Outcomes of Step

    Successfully execute on the integration and strategize how to rationalize the two (or more) IT environments and update the project plan, strategizing against any roadblocks as they might come.

    Compile –› Assess –› Rationalize

    Access to critical information often does not happen until day one

    • As the transaction comes to a close and the target organization becomes the acquired organization, it’s important to start working on the rationalization of your organization.
    • One of the most important elements will be to have a complete understanding of the acquired organization’s IT environment. Specifically, assess the technology, people, and processes that might exist.
    • This rationalization will be heavily dependent on your planned integration strategy determined in the Discovery & Strategy phase of the process.
    • If your IT organization was not involved until after that phase, then determine whether your organization plans on remaining in its original state, taking on the acquired organization’s state, or forming a best-of-breed state by combining elements.
    • To execute on this, however, a holistic understanding of the new IT environment is required.

    Some Info-Tech resources to support this initiative:

    • Reduce and Manage Your Organization’s Insider Threat Risk
    • Build an Application Rationalization Framework
    • Rationalize Your Collaboration Tools
    • Consolidate IT Asset Management
    • Build Effective Enterprise Integration on the Back of Business Process
    • Consolidate Your Data Centers

    4.1.1 Rationalize the IT environment

    6-12 months

    Input: RACI chart, List of critical applications, List of vendor contracts, List of infrastructure assets, List of data assets

    Output: Rationalized IT environment

    Materials: Software Terms & Conditions Evaluation Tool

    Participants: IT executive/CIO, IT senior leadership, Vendor management

    The purpose of this activity is to rationalize the IT environment to reduce and eliminate redundant technology.

    1. Compile a list of the various applications and vendor contracts from the acquired organization and the original organization.
    2. Determine where there is repetition. Have a member of the vendor management team review those contracts and identify cost-saving opportunities.

    This will not be a quick and easy activity to complete. It will require strong negotiation on the behalf of the vendor management team.

    For additional information and support for this activity, see the blueprint Master Contract Review and Negotiations for Software Agreements.

    4.1.2 Continually update the project plan

    Reoccurring basis following transition

    Input: Prioritized integration tasks, Integration RACI, Activity owners

    Output: Updated integration project plan

    Materials: M&A Integration Project Management Tool

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

    1. Set a regular cadence for the transaction team to meet, update and review the status of the various integration task items, and strategize how to overcome any roadblocks.
    2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Execution & Value Realization

    Step 4.2

    Reflection and Value Realization

    Activities

    • 4.2.1 Confirm integration costs
    • 4.2.2 Review IT’s transaction value
    • 4.2.3 Conduct a transaction and integration SWOT
    • 4.2.4 Review the playbook and prepare for future transactions

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Review the value that IT was able to generate around the transaction and strategize on how to improve future acquisition transactions.

    4.2.1 Confirm integration costs

    3-4 hours

    Input: Integration tasks, Transition team, Previous RACI, Estimated costs

    Output: Actual integration costs

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to confirm the associated costs around integration. While the integration costs would have been estimated previously, it’s important to confirm the costs that were associated with the integration in order to provide an accurate and up-to-date report to the company’s M&A team.

    1. Taking all the original items identified previously in activity 3.2.4, identify if there were changes in the estimated costs. This can be an increase or a decrease.
    2. Ensure that each cost has a justification for why the cost changed from the original estimation.

    Record the results in the M&A Buy Playbook.

    Track synergy capture through the IT integration

    The ultimate goal of the M&A is to achieve and deliver deal objectives. Early in the M&A, IT must identify, prioritize, and execute upon synergies that deliver value to the business and its shareholders. Continue to measure IT’s contribution toward achieving the organization’s M&A goals throughout the integration by keeping track of cost savings and synergies that have been achieved. When these achievements happen, communicate them and celebrate success.

    1. Define Synergy Metrics: Select metrics to track synergies through the integration.
      1. You can track value by looking at percentages of improvement in process-level metrics depending on the synergies being pursued.
      2. For example, if the synergy being pursued is increasing asset utilization, metrics could range from capacity to revenue generated through increased capacity.
    2. Prioritize Synergistic Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
        Steps
      • Determine the benefits that each initiative is expected to deliver.
      • Determine the high-level costs of implementation (capacity, time, resources, effort).
    3. Track Synergy Captures: Develop a detailed workplan to resource the roadmap and track synergy captures as the initiatives are undertaken.

    Once 80% of the necessary synergies are realized, executive pressure will diminish. However, IT must continue to work toward the technology end state to avoid delayed progression.

    4.2.2 Review IT’s transaction value

    3-4 hours

    Input: Prioritized integration tasks, Integration RACI, Activity owners, M&A company goals

    Output: Transaction value

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company's M&A team

    The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

    1. If your organization did not have the opportunity to identify metrics earlier, determine from the company M&A team what those metrics might be. Review activity 3.2.7 for more information on metrics.
    2. Identify whether the metric (which should be used to support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful engaging in the transaction and that the business can count on them in future transactions.
    3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals that were set out by the business.

    Record the results in the M&A Buy Playbook.

    4.2.3 Conduct a transaction and integration SWOT

    2 hours

    Input: Integration costs, Retention rates, Value IT contributed to the transaction

    Output: Strengths, weaknesses, opportunities, and threats

    Materials: Flip charts, Markers, Sticky notes

    Participants: IT executive/CIO, IT senior leadership, Business transaction team

    The purpose of this activity is to assess the positive and negative elements of the transaction.

    1. Consider the various internal and external elements that could have impacted the outcome of the transaction.
      • Strengths. Internal characteristics that are favorable as they relate to your development environment.
      • Weaknesses Internal characteristics that are unfavorable or need improvement.
      • Opportunities External characteristics that you may use to your advantage.
      • Threats External characteristics that may be potential sources of failure or risk.

    Record the results in the M&A Buy Playbook.

    M&A Buy Playbook review

    With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

    • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement in future transactions.
    • Critically examine the M&A Buy Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
    • If your organization were to engage in another acquisition under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

    4.2.4 Review the playbook and prepare for future transactions

    4 hours

    Input: Transaction and integration SWOT

    Output: Refined M&A playbook

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

    1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
    2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
      Remember, this is your M&A Buy Playbook, and it should reflect the most successful outcome for you in your organization.

    Record the results in the M&A Buy Playbook.

    By the end of this post-transaction phase you should:

    Have completed the integration post-transaction and be fluidly delivering the critical value that the business expected of IT.

    Key outcomes from the Execution & Value Realization phase
    • Ensure the integration tasks are being completed and that any blockers related to the transaction are being removed.
    • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
    Key deliverables from the Execution & Value Realization phase
    • Rationalize the IT environment
    • Continually update the project plan for completion
    • Confirm integration costs
    • Review IT’s transaction value
    • Conduct a transaction and integration SWOT
    • Review the playbook and prepare for future transactions

    Summary of Accomplishment

    Problem Solved

    Congratulations, you have completed the M&A Buy Blueprint!

    Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in an acquisition. You now have:

    • Created a standardized approach for how your IT organization should address acquisitions.
    • Evaluated the target organizations successfully and established an integration project plan.
    • Delivered on the integration project plan successfully and communicated IT’s transaction value to the business.

    Now that you have done all of this, reflect on what went well and what can be improved in case if you have to do this all again in a future transaction.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8899

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst | CIO
    Info-Tech Research Group
    Brittany Lutes
    Senior Research Analyst | CIO
    Info-Tech Research Group
    John Annand
    Principal Research Director | Infrastructure
    Info-Tech Research Group
    Scott Bickley
    Principal Research Director | Vendor Management
    Info-Tech Research Group
    Cole Cioran
    Practice Lead | Applications
    Info-Tech Research Group
    Dana Daher
    Research Analyst | Strategy & Innovation
    Info-Tech Research Group
    Eric Dolinar
    Manager | M&A Consulting
    Deloitte Canada
    Christoph Egel
    Director, Solution Design & Deliver
    Cooper Tire & Rubber Company
    Nora Fisher
    Vice President | Executive Services Advisory
    Info-Tech Research Group
    Larry Fretz
    Vice President | Industry
    Info-Tech Research Group

    Research Contributors and Experts

    David Glazer
    Vice President of Analytics
    Kroll
    Jack Hakimian
    Senior Vice President | Workshops and Delivery
    Info-Tech Research Group
    Gord Harrison
    Senior Vice President | Research & Advisory
    Info-Tech Research Group
    Valence Howden
    Principal Research Director | CIO
    Info-Tech Research Group
    Jennifer Jones
    Research Director | Industry
    Info-Tech Research Group
    Nancy McCuaig
    Senior Vice President | Chief Technology and Data Office
    IGM Financial Inc.
    Carlene McCubbin
    Practice Lead | CIO
    Info-Tech Research Group
    Kenneth McGee
    Research Fellow | Strategy & Innovation
    Info-Tech Research Group
    Nayma Naser
    Associate
    Deloitte
    Andy Neill
    Practice Lead | Data & Analytics, Enterprise Architecture
    Info-Tech Research Group

    Research Contributors and Experts

    Rick Pittman
    Vice President | Research
    Info-Tech Research Group
    Rocco Rao
    Research Director | Industry
    Info-Tech Research Group
    Mark Rosa
    Senior Vice President & Chief Information Officer
    Mohegan Gaming and Entertainment
    Tracy-Lynn Reid
    Research Lead | People & Leadership
    Info-Tech Research Group
    Jim Robson
    Senior Vice President | Shared Enterprise Services (retired)
    Great-West Life
    Steven Schmidt
    Senior Managing Partner Advisory | Executive Services
    Info-Tech Research Group
    Nikki Seventikidis
    Senior Manager | Finance Initiative & Continuous Improvement
    CST Consultants Inc.
    Allison Straker
    Research Director | CIO
    Info-Tech Research Group
    Justin Waelz
    Senior Network & Systems Administrator
    Info-Tech Research Group
    Sallie Wright
    Executive Counselor
    Info-Tech Research Group

    Bibliography

    “5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

    Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

    “America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

    Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

    Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

    Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

    Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

    Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

    Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

    Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

    Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

    “Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

    Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

    Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

    Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

    Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

    “How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

    Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

    Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

    Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

    Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

    Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

    Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

    Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

    “M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

    Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

    Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

    “Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

    “Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

    “Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

    Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

    Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

    Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

    Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

    Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

    Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

    Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

    Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

    “SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

    Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

    Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

    “The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

    “The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

    Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

    “Valuation Methods.” Corporate Finance Institute, n.d. Web.

    Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

    Find Value With Cloud Asset Management

    • Buy Link or Shortcode: {j2store}61|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Spending on cloud platforms and software-as-a-service (SaaS) is growing, and with spending comes waste.
    • The barriers are drastically lower for purchasing SaaS and cloud services as compared to traditional IT components.
    • Skills gap: IT asset managers tend not to have the skills to optimize spending on cloud platforms.
    • New space, new tools: The IT asset management market space is still developing cloud asset management and SaaS management capabilities. Practitioners must rely on cloud optimization tools in the meantime.

    Our Advice

    Critical Insight

    • IT asset managers are uniquely suited to provide value here. They already optimize costs and manage assets.
    • Scope creep is a killer. Focus first on your highest value, highest risk cloud instances.
    • Don’t completely centralize. Central oversight is powerful, but outsource some responsibility to the business.

    Impact and Result

    • Introduce governance: Work with developers, power business users, and infrastructure groups to define a governance approach to cloud assets and to SaaS.
    • Standardize high-impact, low-effort cloud services: Focus your efforts where they will have the most value and in places where you can provide early value.
    • Update your processes: Ensure that your asset registers and your configuration management database is up to date when cloud assets are provisioned and quiesced.

    Find Value With Cloud Asset Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement IT asset management for cloud instances and SaaS, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define cloud asset management

    Define when a cloud instance is an asset, and what it means for the asset to be managed.

    • Find Value With Cloud Asset Management – Phase 1: Define Cloud Asset Management
    • Cloud Asset Management Standard Operating Procedures
    • Cloud Instance Provisioning Standards Checklist

    2. Build cloud asset management practices

    Develop an approach to auditing and optimizing cloud assets.

    • Find Value With Cloud Asset Management – Phase 2: Build Cloud Asset Management Practices
    • Cloud Asset Management Policy
    • Monthly Cloud Asset Optimization Checklist
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Establish an Effective Data Protection Plan

    • Buy Link or Shortcode: {j2store}504|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $6,850 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Business requirements can be vague. Not knowing the business needs often results in overspending and overexposure to liability through data hoarding.
    • Backup options are abundant. Disk, tape, or cloud? Each has drawbacks, efficiencies, and cost factors that should be considered.
    • Backup infrastructure is never greenfield. Any organization with a history has been doing backup. Existing software was likely determined by past choices and architecture.

    Our Advice

    Critical Insight

    • Don’t let failure be your metric.
      The past is not an indication of future performance! Quantify the cost of your data being unavailable to demonstrate value to the business.
    • Stop offloading backup to your most junior staff.
      Data protection should not exist in isolation. Get key leadership involved to ensure you can meet organizational requirements.
    • A lot of data is useless. Neglecting to properly tag and classify data will lead to a costly data protection solution that protects redundant, useless, or outdated data

    Impact and Result

    • Determine the current state of your data protection strategy by identifying the pains and gains of the solution and create a business-facing diagram to present to relevant stakeholders.
    • Quantify the value of data to the business to properly understand the requirements for data protection through a business impact analysis.
    • Identify the attributes and necessary requirements for your data tiers to procure a fit-for-purpose solution.

    Establish an Effective Data Protection Plan Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why the business should be involved in your data protection plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the current state of your data protection plan

    Define the current state of your data protection practices by documenting the backup process and identifying problems and opportunities for the desired state.

    • Establish an Effective Data Protection Plan – Phase 1: Define the Current State of Your Data Protection Plan
    • Data Protection Value Proposition Canvas Template

    2. Conduct a business impact analysis to understand requirements for restoring data

    Understand the business priorities.

    • Establish an Effective Data Protection Plan – Phase 2: Conduct a Business Impact Analysis to Understand Requirements for Restoring Data
    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool
    • Data Protection Recovery Workflow

    3. Propose the future state of your data protection plan

    Determine the desired state.

    • Establish an Effective Data Protection Plan – Phase 3: Propose the Future State of Your Data Protection Plan

    4. Establish proper governance for your data protection plan

    Explore the component of governance required.

    • Establish an Effective Data Protection Plan – Phase 4: Establish Proper Governance for Your Data Protection Plan
    • Data Protection Proposal Template
    [infographic]

    Build a Data Warehouse

    • Buy Link or Shortcode: {j2store}200|cart{/j2store}
    • member rating overall impact (scale of 10): 8.7/10 Overall Impact
    • member rating average dollars saved: $94,499 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Relational data warehouses, although reliable, centralized repositories for corporate data, were not built to handle the speed and volume of data and analytics today.
    • IT is under immense pressure from business units to provide technology that will yield greater agility and insight.
    • While some organizations are benefitting from modernization technologies, the majority of IT departments are unfamiliar with the technologies and have not yet defined clear use cases.

    Our Advice

    Critical Insight

    • The vast majority of your corporate data is not being properly leveraged. Modernize the data warehouse to get value from the 80% of unstructured data that goes unused.
    • Avoid rip and replace. Develop a future state that complements your existing data warehouse with emerging technologies.
    • Be flexible in your roadmap. Create an implementation roadmap that’s incremental and adapts to changing business priorities.

    Impact and Result

    • Establish both the business and IT perspectives of today’s data warehouse environment.
    • Explore the art-of-the-possible. Don’t get stuck trying to gather technical requirements from business users who don’t know what they don’t know. Use Info-Tech’s interview guide to discuss the pains of the current environment, and more importantly, where stakeholders want to be in the future.
    • Build an internal knowledgebase with respect to emerging technologies. The technology landscape is constantly shifting and often difficult for IT staff to keep track of. Use Info-Tech’s Data Warehouse Modernization Technology Education Deck to ensure that IT is able to appropriately match the right tools to the business’ use cases.
    • Create a compelling business case to secure investment and support.

    Build a Data Warehouse Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be looking to modernize the relational data warehouse, review Info-Tech’s framework for identifying modernization opportunities, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the current data warehouse environment

    Review the business’ perception and architecture of the current data warehouse environment.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 1: Assess the Current Data Warehouse Environment
    • Data Warehouse Maturity Assessment Tool

    2. Define modernization drivers

    Collaborate with business users to identify the strongest motivations for data warehouse modernization.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 2: Define Modernization Drivers
    • Data Warehouse Modernization Stakeholder Interview Guide
    • Data Warehouse Modernization Technology Education Deck
    • Data Warehouse Modernization Initiative Building Tool

    3. Create the modernization future state

    Combine business ideas with modernization initiatives and create a roadmap.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 3: Create the Modernization Future State
    • Data Warehouse Modernization Technology Architectural Template
    • Data Warehouse Modernization Deployment Plan
    [infographic]

    Workshop: Build a Data Warehouse

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current Data Warehouse Environment

    The Purpose

    Discuss the general project overview for data warehouse modernization.

    Establish the business and IT perspectives of the current state.

    Key Benefits Achieved

    Holistic understanding of the current data warehouse.

    Business user engagement from the start of the project.

    Activities

    1.1 Review data warehouse project history.

    1.2 Evaluate data warehouse maturity.

    1.3 Draw architecture diagrams.

    1.4 Review supporting data management practices.

    Outputs

    Data warehouse maturity assessment

    Data architecture diagrams

    2 Explore Business Opportunities

    The Purpose

    Conduct a user workshop session to elicit the most pressing needs of business stakeholders.

    Key Benefits Achieved

    Modernization technology selection is directly informed by business drivers.

    In-depth IT understanding of the business pains and opportunities.

    Activities

    2.1 Review general trends and drivers in your industry.

    2.2 Identify primary business frustrations, opportunities, and risks.

    2.3 Identify business processes to target for modernization.

    2.4 Capture business ideas for the future state.

    Outputs

    Business ideas for modernization

    Defined strategic direction for data warehouse modernization

    3 Review the Technology Landscape

    The Purpose

    Educate IT staff on the most common technologies for data warehouse modernization.

    Key Benefits Achieved

    Improved ability for IT to match technology with business ideas.

    Activities

    3.1 Appoint Modernization Advisors.

    3.2 Hold an open education and discussion forum for modernization technologies.

    Outputs

    Modernization Advisors identified

    Modernization technology education deck

    4 Define Modernization Solutions

    The Purpose

    Consolidate business ideas into modernization initiatives.

    Key Benefits Achieved

    Refinement of the strategic direction for data warehouse modernization.

    Activities

    4.1 Match business ideas to technology solutions.

    4.2 Group similar ideas to create modernization initiatives.

    4.3 Create future-state architecture diagrams.

    Outputs

    Identified strategic direction for data warehouse modernization

    Defined modernization initiatives

    Future-state architecture for data warehouse

    5 Establish a Modernization Roadmap

    The Purpose

    Validate and build out initiatives with business users.

    Define benefits and costs to establish ROI.

    Identify enablers and barriers to modernization.

    Key Benefits Achieved

    Completion of materials for a compelling business case and roadmap.

    Activities

    5.1 Validate use cases with business users.

    5.2 Define initiative benefits.

    5.3 Identify enablers and barriers to modernization.

    5.4 Define preliminary activities for initiatives.

    5.5 Evaluate initiative costs.

    5.6 Determine overall ROI.

    Outputs

    Validated modernization initiatives

    Data warehouse modernization roadmap

    Leverage Big Data by Starting Small

    • Buy Link or Shortcode: {j2store}201|cart{/j2store}
    • member rating overall impact (scale of 10): 7.0/10 Overall Impact
    • member rating average dollars saved: 3 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • The desire for rapid decision making is increasing and the complexity of data sources is growing; business users want access to several new data sources, but in a way that is controlled and easily consumable.
    • Organizations may understand the transformative potential of a big data initiative, but struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of that ecosystem may cause a paralysis for organizations.

    Our Advice

    Critical Insight

    • Big data is simply data. With technological advances, what was once considered big data is now more approachable for all organizations irrespective of size.
    • The variety element is the key to unlocking big data value. Drill down into your specific use cases more effectively by focusing on what kind of data you should use.
    • Big data is about deep analytics. Deep doesn’t mean difficult. Visualization of data, integrating new data, and understanding associations are ways to deepen your analytics.

    Impact and Result

    • Establish a foundational understanding of what big data entails and what the implications of its different elements are for your organization.
    • Confirm your current maturity for taking on a big data initiative, and make considerations for core data management practices in the context of incorporating big data.
    • Avoid boiling the ocean by pinpointing use cases by industry and functional unit, followed by identifying the most essential data sources and elements that will enable the initiative.
    • Leverage a repeatable pilot project framework to build out a successful first initiative and implement future projects en-route to evolving a big data program.

    Leverage Big Data by Starting Small Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should leverage big data, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Undergo big data education

    Build a foundational understanding of the current big data landscape.

    • Leverage Big Data by Starting Small – Phase 1: Undergo Big Data Education

    2. Assess big data readiness

    Appraise current capabilities for handling a big data initiative and revisit the key data management practices that will enable big data success.

    • Leverage Big Data by Starting Small – Phase 2: Assess Big Data Readiness
    • Big Data Maturity Assessment Tool

    3. Pinpoint a killer big data use case

    Armed with Info-Tech’s variety dimension framework, identify the top use cases and the data sources/elements that will power the initiative.

    • Leverage Big Data by Starting Small – Phase 3: Pinpoint a Killer Big Data Use Case
    • Big Data Use-Case Suggestion Tool

    4. Structure a big data proof-of-concept project

    Leverage a repeatable framework to detail the core components of the pilot project.

    • Leverage Big Data by Starting Small – Phase 4: Structure a Big Data Proof-of-Concept Project
    • Big Data Work Breakdown Structure Template
    • Data Scientist
    • Big Data Cost/Benefit Tool
    • Big Data Stakeholder Presentation Template
    • Big Data Communication Tracking Template
    [infographic]

    Workshop: Leverage Big Data by Starting Small

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Undergo Big Data Education

    The Purpose

    Understand the basic elements of big data and its relationship to traditional business intelligence.

    Key Benefits Achieved

    Common, foundational knowledge of what big data entails.

    Activities

    1.1 Determine which of the four Vs is most important to your organization.

    1.2 Explore new data through a social lens.

    1.3 Brainstorm new opportunities for enhancing current reporting assets with big data sources.

    Outputs

    Relative importance of the four Vs from IT and business perspectives

    High-level improvement ideas to report artifacts using new data sources

    2 Assess Your Big Data Readiness

    The Purpose

    Establish an understanding of current maturity for taking on big data, as well as revisiting essential data management practices.

    Key Benefits Achieved

    Concrete idea of current capabilities.

    Recommended actions for developing big data maturity.

    Activities

    2.1 Determine your organization’s current big data maturity level.

    2.2 Plan for big data management.

    Outputs

    Established current state maturity

    Foundational understanding of data management practices in the context of a big data initiative

    3 Pinpoint Your Killer Big Data Use Case

    The Purpose

    Explore a plethora of potential use cases at the industry and business unit level, followed by using the variety element of big data to identify the highest value initiative(s) within your organization.

    Key Benefits Achieved

    In-depth characterization of a pilot big data initiative that is thoroughly informed by the business context.

    Activities

    3.1 Identify big data use cases at the industry and/or departmental levels.

    3.2 Conduct big data brainstorming sessions in collaboration with business stakeholders to refine use cases.

    3.3 Revisit the variety dimension framework to scope your big data initiative in further detail.

    3.4 Create an organizational 4-column data flow model with your big data sources/elements.

    3.5 Evaluate data sources by considering business value and risk.

    3.6 Perform a value-effort assessment to prioritize your initiatives.

    Outputs

    Potential big data use cases

    Potential initiatives rooted in the business context and identification of valuable data sources

    Identification of specific data sources and data elements

    Characterization of data sources/elements by value and risk

    Prioritization of big data use cases

    4 Structure a Big Data Proof-of-Concept Project

    The Purpose

    Put together the core components of the pilot project and set the stage for enterprise-wide support.

    Key Benefits Achieved

    A repeatable framework for implementing subsequent big data initiatives.

    Activities

    4.1 Construct a work breakdown structure for the pilot project.

    4.2 Determine your project’s need for a data scientist.

    4.3 Establish the staffing model for your pilot project.

    4.4 Perform a detailed cost/benefit analysis.

    4.5 Make architectural considerations for supporting the big data initiative.

    Outputs

    Comprehensive list of tasks for implementing the pilot project

    Decision on whether or not a data scientist is needed, and where data science capabilities will be sourced

    RACI chart for the project

    Big data pilot cost/benefit summary

    Customized, high-level architectural model that incorporates technologies that support big data

    Enable Product Delivery – Executive Leadership Workshop

    • Buy Link or Shortcode: {j2store}353|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.
    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.

    Our Advice

    Critical Insight

    • Empowered product managers and product owners are the key to ensuring your delivery teams are delivering the right value at the right time to the right stakeholders.
    • Establishing operationally aligned product families helps bridge the gap between enterprise priorities and product enhancements.
    • Leadership must be aligned to empower and support Agile values and product teams to unlock the full value realization within your organization.

    Impact and Result

    • Common understanding of product management and Agile delivery.
    • Commitment to support and empower product teams.

    Enable Product Delivery – Executive Leadership Workshop Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enabling Product Delivery – Executive workshop to align senior leadership with their transition to product management and delivery.

    • Enabling Product Delivery – Executive Workshop Storyboard

    2. Enabling Product Delivery –Executive Workshop Outcomes.

    • Enabling Product Delivery – Executive Workshop Outcomes
    [infographic]

    Workshop: Enable Product Delivery – Executive Leadership Workshop

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understanding Your Top Challenges

    The Purpose

    Understand the drivers for your product transformation.

    Key Benefits Achieved

    Define the drivers for your transition to product-centric delivery.

    Activities

    1.1 What is driving your organization to become product focused?

    Outputs

    List of challenges and drivers

    2 Transitioning From Projects to Product-Centric Delivery

    The Purpose

    Understand the product transformation journey and differences.

    Key Benefits Achieved

    Identify the cultural, behavioral, and leadership changes needed for a successful transformation.

    Activities

    2.1 Define the differences between projects and product delivery

    Outputs

    List of differences

    3 Enterprise Agility and the Value of Change

    The Purpose

    Understand why smaller iterations increase value realization and decrease accumulated risk.

    Key Benefits Achieved

    Leverage smaller iterations to reduce time to value and accumulated risk to core operations.

    Activities

    3.1 What is business agility?

    Outputs

    Common understanding about the value of smaller iterations

    4 Defining Products and Product Management in Your Context

    The Purpose

    Establish an organizational starting definition of products.

    Key Benefits Achieved

    Tailor product management to meet the needs and vision of your organization.

    Activities

    4.1 What is a product? Who are your consumers?

    4.2 Identify enablers and blockers of product ownership

    4.3 Define a set of guiding principles for product management

    Outputs

    Product definition

    List of enablers and blockers of product ownership

    Set of guiding principles for product management

    5 Connecting Product Management to Agile Practices

    The Purpose

    Understand the relationship between product management and product delivery.

    Key Benefits Achieved

    Optimize product management to prioritize the right changes for the right people at the right time.

    Activities

    5.1 Discussions

    Outputs

    Common understanding

    6 Commit to Empowering Agile Product Teams

    The Purpose

    Personalize and commit to supporting product teams.

    Key Benefits Achieved

    Embrace leadership and cultural changes needed to empower and support teams.

    Activities

    6.1 Your management culture

    6.2 Personal Cultural Stop, Start, and Continue

    6.3 Now, Next, Later to support product owners

    Outputs

    Your management culture map

    Personal Cultural Stop, Start, and Continue list

    Now, Next, Later roadmap

    Further reading

    Enable Product Delivery – Executive Leadership Workshop

    Strengthen product management in your organization through effective executive leadership by focusing on product teams, core capabilities, and proper alignment.

    Objective of this workshop

    To develop a common understanding and foundation for product management so we, as leaders, better understand how to lead product owners, product managers, and their teams.

    Enable Product Delivery - Executive Leadership Workshop

    Learn how enterprise agility can provide lasting value to the organization

    Clarify your role in supporting your teams to deliver lasting value to stakeholders and customers

    1. Understanding Your Top Challenges
      • Define your challenges, goals, and opportunities Agile and product management will impact.
    2. Transitioning from Projects to Product-centric Delivery
      • Understand the shift from fixed delivery to continuous improvement and delivery of value.
    3. Enterprise Agility and the Value of Change
      • Organizations need to embrace change and leverage smaller delivery cycles.
    4. Defining Your "Products" and Product Management
      • Define products in your culture and how to empower product delivery teams.
    5. Connecting Product Management to Agile Practices
      • Use product ownership to drive increased ROI into your product delivery teams and lifecycles.
    6. Commit to Empowering Agile Product Teams
      • Define the actions and changes you must make for this transformation to be successful.

    Your Product Transformation Journey

    1. Make the Case for Product Delivery
      • Align your organization with the practices to deliver what matters most
    2. Enable Product Delivery – Executive Workshop
      • One-day executive workshop – align and prepare your leadership
      • Audience: Senior executives and IT leadership.
        Size: 8-16 people
        Time: 6 hours
    3. Deliver on Your Digital Product Vision
      • Enhance product backlogs, roadmapping, and strategic alignment
      • Audience: Product Owners/Mangers
        Size: 10-20 people
        Time: 3-4 days
    4. Deliver Your Digital Products at Scale
      • Scale Product Families to Align Enterprise Goals
      • Audience: Product Owners/Mangers
        Size: 10-20 people
        Time: 3-4 days
    5. Mature and Scale Product Ownership
      • Align and mature your product owners
      • Audience: Product Owners/Mangers
        Size: 8-16 people
        Time: 2-4 days

    Repeat workshops with different companies, operating units, departments, or teams as needed.

    What is a workshop?

    We WILL ENGAGE in discussions and activities:

    • Flexible, to accommodate the needs of the group.
    • Open forum for discussion and questions.
    • Share your knowledge, expertise, and experiences (roadblocks and success stories).
    • Everyone is part of the process.
    • Builds upon itself.

    This workshop will NOT be:

    • A lecture or class.
    • A monologue that never ends.
    • Technical training.
    • A presentation.
    • Us making all the decisions.

    Roles within the workshop

    We each have a role to play to make our workshop successful!

    Facilitators

    • Introduce the best practice framework used by Info-Tech.
    • Ask questions about processes, procedures, and assumptions.
    • Guide for the methodology.
    • Liaison for any other relevant Info-Tech research or services.

    Participants

    • Contribute and speak out as much as needed.
    • Provide expertise on the current processes and technology.
    • Ask questions.
    • Provide feedback.
    • Collaborate and work together to produce solutions.

    Understanding Your Top Challenges

    • Understanding Your Top Challenges
    • Transitioning From Projects to Product-Centric Delivery
    • Enterprise Agility and the Value of Change
    • Defining Your Products and Product Management
    • Connecting Product Management to Agile Practices
    • Commit to Empowering Agile Product Teams
    • Wrap-Up and Retrospective

    Executive Summary

    Your Challenge

    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • The shift to becoming a product organization is intended to continually increase the value you provide to the broader organization as you grow and evolve.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.

    Common Obstacles

    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Info-Tech's Approach

    Info-Tech's approach will guide you through:

    • Understanding the top challenges driving your product initiative.
    • Improving your transitioning from projects to product-centric delivery.
    • Enhancing enterprise agility and the value of change.
    • Defining products and product management in your context.
    • Connecting product management to Agile practices.
    • Committing to empowering Agile Product teams.
    This is an image of an Info-Tech Thought Map for Accelerate Your Transition to Product Delivery
    This is an image of an Info-Tech Thought Map for Delier on your Digital Product Vision
    This is an image of an Info-Tech Thought Map for Deliver Digital Products at Scale via Enterprise Product Families.
    This is an image of an Info-Tech Thought Map for What We Mean by an Applcation Department Strategy.

    What is driving your organization to become product focused?

    30 minutes

    • Team introductions:
      • Share your name and role
      • What are the key challenges you are looking to solve around product management?
      • What blockers or challenges will we need to overcome?

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Input

    • Organizational knowledge
    • Goals and challenges

    Output

    • List of key challenges
    • List of workshop expectations
    • Parking lot items

    Transitioning From Projects to Product-Centric Delivery

    • Understanding Your Top Challenges
    • Transitioning From Projects to Product-Centric Delivery
    • Enterprise Agility and the Value of Change
    • Defining Your Products and Product Management
    • Connecting Product Management to Agile Practices
    • Commit to Empowering Agile Product Teams
    • Wrap-Up and Retrospective

    Define the differences between projects and product delivery

    30 minutes

    • Consider project delivery and product delivery.
    • Discussion:
      • What are some differences between the two?

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • List of differences between projects and product delivery

    Define the differences between projects and product delivery

    15 minutes

    Project Delivery

    vs

    Product Delivery

    Point in time

    What is changed

    Method of funding changes

    Needs an owner

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • List of differences between projects and product delivery

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Identify the differences between a project-centric and a product-centric organization

    Project

    Product

    Fund Projects

    Funding

    Fund Products or Teams

    Line of Business Sponsor

    Prioritization

    Product Owner

    Makes Specific Changes
    to a Product

    Product Management

    Improve Product Maturity
    and Support

    Assign People to Work

    Work Allocation

    Assign Work
    to Product Teams

    Project Manager Manages

    Capacity Management

    Team Manages Capacity

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    This is an image showing the relationship between the project lifecycle, a hybrid lifecycle, and a product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a "product-based" or "project-based" shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    While Agile and product are intertwined, they are not the same!

    Delivering products does not necessarily require an Agile mindset. However, Agile methods help facilitate the journey because product thinking is baked into them.

    This image shows the product delivery maturity process from waterfall to continuous integration and delivery.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    This is an image adapted from Pichler, What is Product Management.

    Adapted from: Pichler, "What Is Product Management?"

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Prepare Your Organization to Successfully Embrace the “New Normal”

    • Buy Link or Shortcode: {j2store}422|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $61,749 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • The COVID-19 pandemic is creating significant challenges across every sector, but even the deepest crisis will eventually pass. However, many of the changes it has brought to how organizations function are here to stay.
    • As an IT leader, it can be challenging to envision what this future state will look like and how to position IT as a trusted partner to the business to help steer the ship as the crisis abates.

    Our Advice

    Critical Insight

    • Organizations need to cast their gaze into the “New Normal” and determine an appropriate strategy to stabilize their operations, mitigate ongoing challenges, and seize new opportunities that will be presented in a post-COVID-19 world.
    • IT needs to understand the key trends and permanent changes that will exist following the crisis and develop a proactive roadmap for rapidly adapting their technology stack, processes, and resourcing to adjust to the new normal.

    Impact and Result

    • Info-Tech recommends a three-step approach for adapting to the new normal: begin by surveying crucial changes that will occur as a result of the COVID-19 pandemic, assess their relevance to your organization’s unique situation, and create an initiatives roadmap to support the new normal.
    • This mini-blueprint will examine five key themes: changing paradigms for remote work, new product delivery models, more self-service options for customers, greater decentralization and agility for organizational decision making, and a renewed emphasis on security architecture.

    Prepare Your Organization to Successfully Embrace the “New Normal” Research & Tools

    Read the Research

    Understand the five key trends that will persist after the pandemic has passed and create a roadmap of initiatives to help your organization adapt to the "New Normal."

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Prepare Your Organization to Successfully Embrace the “New Normal” Storyboard
    [infographic]

    Develop Meaningful Service Metrics

    • Buy Link or Shortcode: {j2store}399|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $20,308 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • IT organizations measure services from a technology perspective but rarely from a business goal or outcome perspective.
    • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

    Our Advice

    Critical Insight

    • Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
    • Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
    • Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

    Impact and Result

    Effective service metrics will provide the following service gains:

    • Confirm service performance and identify gaps.
    • Drive service improvement to maximize service value.
    • Validate performance improvements while quantifying and demonstrating business value.
    • Ensure service reporting aligns with end-user experience.
    • Achieve and confirm process and regulatory compliance.

    Which will translate into the following relationship gains:

    • Embed IT into business value achievement.
    • Improve the relationship between the business and IT.
    • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing).
    • Reinforce desirable actions and behaviors from both IT and the business.

    Develop Meaningful Service Metrics Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop meaningful service metrics, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop Meaningful Service Metrics – Executive Brief
    • Develop Meaningful Service Metrics – Phases 1-3

    1. Design the metrics

    Identify the appropriate service metrics based on stakeholder needs.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 1: Design the Metrics
    • Metrics Development Workbook

    2. Design reports and dashboards

    Present the right metrics in the most interesting and stakeholder-centric way possible.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 2: Design Reports and Dashboards
    • Metrics Presentation Format Selection Guide

    3. Implement, track, and maintain

    Run a pilot with a smaller sample of defined service metrics, then continuously validate your approach and make refinements to the processes.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 3: Implement, Track, and Maintain
    • Metrics Tracking Tool
    [infographic]

    Workshop: Develop Meaningful Service Metrics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Design the Metrics

    The Purpose

    Define stakeholder needs for IT based on their success criteria and identify IT services that are tied to the delivery of business outcomes.

    Derive meaningful service metrics based on identified IT services and validate that metrics can be collected and measured.

    Key Benefits Achieved

    Design meaningful service metrics from stakeholder needs.

    Validate that metrics can be collected and measured.

    Activities

    1.1 Determine stakeholder needs, goals, and pain points.

    1.2 Determine the success criteria and related IT services.

    1.3 Derive the service metrics.

    1.4 Validate the data collection process.

    1.5 Validate metrics with stakeholders.

    Outputs

    Understand stakeholder priorities

    Adopt a business-centric perspective to align IT and business views

    Derive meaningful business metrics that are relevant to the stakeholders

    Determine if and how the identified metrics can be collected and measured

    Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics

    2 Design Reports and Dashboards

    The Purpose

    Determine the most appropriate presentation format based on stakeholder needs.

    Key Benefits Achieved

    Ensure the metrics are presented in the most interesting and stakeholder-centric way possible to guarantee that they are read and used.

    Activities

    2.1 Understand the different presentation options.

    2.2 Assess stakeholder needs for information.

    2.3 Select and design the metric report.

    Outputs

    Learn about infographic, scorecard, formal report, and dashboard presentation options

    Determine how stakeholders would like to view information and how the metrics can be presented to aid decision making

    Select the most appropriate presentation format and create a rough draft of how the report should look

    3 Implement, Track, and Maintain Your Metrics

    The Purpose

    Run a pilot with a smaller sample of defined service metrics to validate your approach.

    Make refinements to the implementation and maintenance processes prior to activating all service metrics.

    Key Benefits Achieved

    High user acceptance and usability of the metrics.

    Processes of identifying and presenting metrics are continuously validated and improved.

    Activities

    3.1 Select the pilot metrics.

    3.2 Gather data and set initial targets.

    3.3 Generate the reports and validate with stakeholders.

    3.4 Implement the service metrics program.

    3.5 Track and maintain the metrics program.

    Outputs

    Select the metrics that should be first implemented based on urgency and impact

    Complete the service intake form for a specific initiative

    Create a process to gather data, measure baselines, and set initial targets

    Establish a process to receive feedback from the business stakeholders once the report is generated

    Identify the approach to implement the metrics program across the organization

    Set up mechanism to ensure the success of the metrics program by assessing process adherence and process validity

    Further reading

    Develop Meaningful Service Metrics

    Select IT service metrics that drive business value.

    ANALYST PERSPECTIVE

    Are you measuring and reporting what the business needs to know?

    “Service metrics are one of the key tools at IT’s disposal in articulating and ensuring its value to the business, yet metrics are rarely designed and used for that purpose.

    Creating IT service metrics directly from business and stakeholder outcomes and goals, written from the business perspective and using business language, is critical to ensuring that the services that IT provides are meeting business needs.

    The ability to measure, manage, and improve IT service performance in relation to critical business success factors, with properly designed metrics, embeds IT in the value chain of the business and ensures IT’s focus on where and how it enables business outcomes.”

    Valence Howden,
    Senior Manager, CIO Advisory
    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:
    • CIO
    • IT VPs
    This Research Will Help You:
    • Align business/IT objectives (design top-down or outside-in)
    • Significantly improve the relationship between the business and IT aspects of the organization
    • Reinforce desirable actions and behaviors
    This Research Will Also Assist:
    • Service Level Managers
    • Service Owners
    • Program Owners
    This Research Will Help Them
    • Identify unusual deviations from the normal operating state
    • Drive service improvement to maximize service value
    • Validate the value of performance improvements while quantifying and demonstrating benefits realization

    Executive summary

    Situation

    • IT organizations measure services from a technology perspective yet rarely measure services from a business goal/outcome perspective.
    • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

    Complication

    • IT organizations have difficulty identifying the right metrics to demonstrate the value of IT services to the business in tangible terms.
    • IT metrics, as currently designed, reinforce division between the IT and business perspectives of service performance. They drive siloed thinking and finger-pointing within the IT structure, and prevent IT resources from understanding how their work impacts business value.

    Resolution

    • Our program enables IT to develop the right service metrics to tie IT service performance to business value and user experience.
    • Ensure the metrics you implement have immediate stakeholder value, reinforcing alignment between IT and the business while influencing behavior in the desired direction.
    • Make sure that your metrics are defined in relation to the business goals and drivers, ensuring they will provide actionable outcomes.

    Info-Tech Insight

    1. Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
    2. Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
    3. Poorly designed metrics drive unintended and unproductive behaviors, which have negative impacts on IT and produce negative service outcomes.

    Service metrics 101

    What are service metrics?

    Service metrics measure IT services in a way that relates to a business outcome. IT needs to measure performance from the business perspective using business language.

    Why do we need service metrics?

    To ensure the business cares about the metrics that IT produces, start with business needs to make sure you’re measuring the right things. This will give IT the opportunity talk to the right stakeholders and develop metrics that will meet their business needs.

    Service metrics are designed with the business perspective in mind, so they are fully aligned with business objectives.

    Perspectives Matter

    Different stakeholders will require different types of metrics. A CEO may require metrics that provide a snapshot of the critical success of the company while a business manager is more concerned about the performance metrics of their department.

    What are the benefits of implementing service metrics?

    Service metrics help IT communicate with the business in business terms and enables IT to articulate how and where they provide business value. Business stakeholders can also easily understand how IT services contribute to their success.

    The majority of CIOs feel metrics relating to business value and stakeholder satisfaction require significant improvement

    A significantly higher proportion of CIOs than CEOs feel that there is significant improvement necessary for business value metrics and stakeholder satisfaction reporting. Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Business Value Metrics'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

    Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Stakeholder Satisfaction Reporting'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

    (Source: Info-Tech CIO-CXO Alignment Diagnostic Survey)

    Meaningless metrics are a headache for the business

    A major pitfall of many IT organizations is that they often provide pages of technical metrics that are meaningless to their business stakeholders.

    1. Too Many MetricsToo many metrics are provided and business leaders don’t know what to do with these metrics.
    2. Metrics Are Too TechnicalIT provides technical metrics that are hard to relate to business needs, and methods of calculating metrics are not clearly understood, articulated, and agreed on.
    3. Metrics Have No Business ValueService metrics are not mapped to business goals/objectives and they drive incorrect actions or spend.
    When considering only CEOs who said that stakeholder satisfaction reporting needed significant improvement, the average satisfaction score goes down to 61.6%, which is a drop in satisfaction of 12%.

    A bar that says 73% dropping to a bar that says 61%. Description above.

    (Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)

    Poorly designed metrics hurt IT’s image within the organization

    By providing metrics that do not articulate the value of IT services, IT reinforces its role as a utility provider and an outsider to strategic decisions.

    When the CIOs believe business value metrics weren’t required, 50% of their CEOs said that significant improvements were necessary.

    Pie Chart presenting the survey results from CEOs regarding 'Business Value Metrics'. Description above.

    (Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)
    1. Reinforce the wrong behaviorThe wrong metrics drive us-against-them, siloed thinking within IT, and meeting metric targets is prioritized over providing meaningful outcomes.
    2. Do not reflect user experienceMetrics don’t align with actual business/user experience, reinforcing a poor view of IT services.
    3. Effort ≠ ValueInvesting dedicated resources and effort to the achievement of the wrong metrics will only leave IT more constrained for other important initiatives.

    Articulate meaningful service performance that supports the achievement of business outcomes

    Service metrics measure the performance of IT services and how they enable or drive the activity outcomes.

    A business process consists of multiple business activities. In many cases, these business activities require one or more supporting IT services.

    A 'Business Process' broken down to its parts, multiple 'Business Activities' and their 'IT Services'. For each business process, business stakeholders and their goals and objectives should be identified.

    For each business activity that supports the completion of a business process, define the success criteria that must be met in order to produce the desirable outcome.

    Identify the IT services that are used by business stakeholders for each business activity. Measure the performance of these services from a business perspective to arrive at the appropriate service metrics.

    Differentiate between different types of metrics

    Stakeholders have different goals and objectives; therefore, it is critical to identify what type of metrics should be presented to each stakeholder.

    Business Metrics

    Determine Business Success

    Business metrics are derived from a pure business perspective. These are the metrics that the business stakeholders will measure themselves on, and business success is determined using these metrics.

    Arrow pointing right.

    Service Metrics

    Manage Service Value to the Business

    Service metrics are used to measure IT service performance against business outcomes. These metrics, while relating to IT services, are presented in business terms and are tied to business goals.

    Arrow pointing right.

    IT Metrics

    Enable Operational Excellence

    IT metrics are internal to the IT organization and used to manage IT service delivery. These metrics are technical, IT-specific, and drive action for IT. They are not presented to the business, and are not written in business language.

    Implementing service metrics is a key step in becoming a service provider and business partner

    As a prerequisite, IT organizations must have already established a solid relationship with the business and have a clear understanding of its critical business-facing services.

    At the very least, IT needs to have a service-oriented view and understand the specific needs and objectives associated with each stakeholder.

    Visualization of 'Business Relationship Management' with an early point on the line representing 'Service Provider: Establish service-oriented culture and business-centric service delivery', and the end of the line being 'Strategic Partner'.

    Once IT can present service metrics that the business cares about, it can continue on the service provider journey by managing the performance of services based on business needs, determine and influence service demand, and assess service value to maximize benefits to the business.

    Which processes drive service metrics?

    Both business relationship management (BRM) and service level management (SLM) provide inputs into and receive outputs from service metrics.

    Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

    Business Relationship Management

    BRM works to understand the goals and objectives of the business and inputs them into the design of the service metrics.

    Service Metrics

    BRM leverages service metrics to help IT organizations manage the relationship with the business.

    BRM articulates and manages expectations and ensures IT services are meeting business requirements.

    Which processes drive service metrics?

    Both BRM and SLM provide inputs into and receive outputs from service metrics.

    Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

    Service Level Management

    SLM works with the business to understand service requirements, which are key inputs in designing the service metrics.

    Service Metrics

    SLM leverages service metrics in overseeing the day-to-day delivery of IT services. It ensures they are provided to meet expected service level targets and objectives.

    Effective service metrics will deliver both service gains and relationship gains

    Effective service metrics will provide the following service gains:

    • Confirm service performance and identify gaps
    • Drive service improvement to maximize service value
    • Validate performance improvements while quantifying and demonstrating business value
    • Ensure service reporting aligns with end-user experience
    • Achieve and confirm process and regulatory compliance
        Which will translate into the following relationship gains:
        • Embed IT into business value achievement
        • Improve relationship between the business and IT
        • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing)
        • Reinforce desirable actions and behaviors from both IT and the business

    Don’t let conventional wisdom become your roadblock

    Conventional Wisdom

    Info-Tech Perspective

    Metrics are measured from an application or technology perspective Metrics need to be derived from a service and business outcome perspective.
    The business doesn’t care about metrics Metrics are not usually designed to speak in business terms about business outcomes. Linking metrics to business objectives creates metrics that the business cares about.
    It is difficult to have a metrics discussion with the business It is not a metrics/number discussion, it is a discussion on goals and outcomes.
    Metrics are only presented for the implementation of the service, not the ongoing outcome of the service IT needs to focus on service outcome and not project outcome.
    Quality can’t be measured Quality must be measured in order to properly manage services.

    Our three-phase approach to service metrics development

    Let Info-Tech guide you through your service metrics journey

    1

    2

    3

    Design Your Metrics Develop and Validate Reporting Implement, Track, and Maintain
    Sample of Phase 1 of Info-Tech's service metric development package, 'Design Your Metrics'. Sample of Phase 2 of Info-Tech's service metric development package, 'Develop and Validate Reporting'. Sample of Phase 3 of Info-Tech's service metric development package, 'Implement, Track, and Maintain'.
    Start the development and creation of your service metrics by keeping business perspectives in mind, so they are fully aligned with business objectives. Identify the most appropriate presentation format based on stakeholder preference and need for metrics. Track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

    CIOs must actively lead the design of the service metrics program

    The CIO must actively demonstrate support for the service metrics program and lead the initial discussions to determine what matters to business leaders.

    1. Lead the initiative by defining the need
      Show visible support and demonstrate importance
    2. Articulate the value to both IT and the business
      Establish the urgency and benefits
    3. Select and assemble an implementation group
      Find the best people to get the job done
    4. Drive initial metrics discussions: goals, objectives, actions
      Lead brainstorming with senior business leaders
    5. Work with the team to determine presentation formats and communication methods
      Identify the best presentation approach for senior stakeholders
    6. Establish a feedback loop for senior management
      Solicit feedback on improvements
    7. Validate the success of the metrics
      Confirm service metrics support business outcomes

    Measure the success of your service metrics

    It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

    Validating Service Metrics Design

    Target Outcome

    Related Metrics

    The business is enabled to identify and improve service performance to their end customer # of improvement initiatives created based on service metrics
    $ cost savings/revenue generated due to actions derived from service metrics

    Procedure to validate the usefulness of IT metrics

    # / % of service metrics added/removed per year

    Alignment between IT and business objectives and processes Business’ satisfaction with IT

    Measure the success of your service metrics

    It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

    Validating Service Metrics Process

    Target Outcome

    Related Metrics

    Properly defined service metrics aligned with business goals/outcomes
    Easy understood measurement methodologies
    % of services with (or without) defined service metrics

    % of service metrics tied to business goals

    Consistent approach to review and adjust metrics# of service metrics adjusted based on service reviews

    % of service metrics reviewed on schedule

    Demonstrate monetary value and impact through the service metrics program

    In a study done by the Aberdeen Group, organizations engaged in the use of metrics benchmarking and measurement have:
    • 88% customer satisfaction rate
    • 60% service profitability
    • 15% increase in workforce productivity over the last 12 months

    Stock image of a silhouette of three people's head and shoulders.
    (Source: Aberdeen Group. “Service Benchmarking and Measurement.”)

    A service metric is defined for: “Response time for Business Application A

    The expected response time has not been achieved and this is visible in the service metrics. The reduced performance has been identified as having an impact of $250,000 per month in lost revenue potential.

    The service metric drove an action to perform a root-cause analysis, which identified a network switch issue and drove a resolution action to fix the technology and architect redundancy to ensure continuity.

    The fix eliminated the performance impact, allowing for recovery of the $250K per month in revenue, improved end-user confidence in the organization, and increased use of the application, creating additional revenue.

    Implementing and measuring a video conferencing service

    CASE STUDY
    Industry: Manufacturing | Source: CIO interview and case material
    Situation

    The manufacturing business operates within numerous countries and requires a lot of coordination of functions and governance oversight. The company has monthly meetings, both regional and national, and key management and executives travel to attend and participate in the meetings.

    Complication

    While the meetings provide a lot of organizational value, the business has grown significantly and the cost of business travel has started to become prohibitive.

    Action

    It was decided that only a few core meetings would require onsite face-to-face meetings, and for all other meetings, the company would look at alternative means. The face-to-face aspect of the meetings was still considered critical so they focused on options to retain that aspect.

    The IT organization identified that they could provide a video conferencing service to meet the business need. The initiative was approved and rolled out in the organization.

    Result:

    IT service metrics needed to be designed to confirm that the expected value outcome of the implementation of video conferencing was achieved.

    Under the direction of the CIO, the business goals and needs driving use of the service (i.e. reduction in travel costs, efficiency, no loss of positive outcome) were used to identify success criteria and key questions to confirm success.

    With this information, the service manager was able to implement relevant service metrics in business language and confirmed an 80% adoption rate and a 95% success rate in term meetings running as expected and achieving core outcomes.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Develop meaningful service metrics to ensure business and user satisfaction

    1. Design the Metrics 2. Design Reports and Dashboards 3. Implement, Track, and Maintain
    Supporting Tool icon

    Best-Practice Toolkit

    1. Defining stakeholder needs for IT based on their success criteria
    2. Derive meaningful service metrics based on identified IT services and validate with business stakeholders
    3. Validate metrics can be collected and measured
    4. Determine calculation methodology
    1. Presentation format selected based on stakeholder needs and preference for information
    2. Presentation format validated with stakeholders
    1. Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
    2. Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
    3. Roll out the metrics implementation for a broader audience
    4. Establish roles and timelines for metrics maintenance

    Guided Implementations

    • Design metrics based on business needs
    • Validate the metrics
    • Select presentation format
    • Review metrics presentation design
    • Select and implement pilot metrics
    • Determine rollout process and establish maintenance/tracking mechanism
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Derive Service Metrics From Business Goals
    Module 2:
    Select and Design Reports and Dashboards
    Module 3:
    Implement, Track, and Maintain Your Metrics to Ensure Success
    Phase 1 Outcome:
    • Meaningful service metrics designed from stakeholder needs
    Phase 2 Outcome:
    • Appropriate presentation format selected for each stakeholder
    Phase 3 Outcome:
    • Metrics implemented and process established to maintain and track program success

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.
    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Design the Metrics
    Determine Presentation Format and Implement Metrics
    Gather Service Level Requirements
    Monitor and Improve Service Levels

    Activities

    • 1.1 Determine stakeholder needs
    • 1.2 Determine success criteria and key performance indicators
    • 1.3 Derive metrics
    • 1.4 Validate the metric collection
    • 2.1 Discuss stakeholder needs/preference for data and select presentation format
    • 2.2 Select and design the metric report
    • Requirements
    • 3.1 Determine the business requirements
    • 3.2 Negotiate service levels
    • 3.3 Align operational level agreements (OLAs) and supplier contracts
    • 4.1 Conduct service report and perform service review
    • 4.2 Communicate service review
    • 4.3 Remediate issues using action plan
    • 4.4 Proactive prevention

    Deliverables

    1. Metrics Development Workbook
    1. Metrics Presentation Format Selection Guide
    2. Metrics Tracking Tool
    1. Service Level Management SOP
    2. Service Level Agreement
    1. Service Level Report
    2. Service Level Review
    3. Business Satisfaction Report

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 1

    Design the Metrics

    Step (1): Design the Metrics

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • CIO
    • Business Relationship Manager (BRM)
    • Service Level Manager (SLM)

    Outcomes of this step

    • Defined stakeholder needs for IT based on their success criteria
    • Identified IT services that are tied to the delivery of business outcomes
    • Derived meaningful service metrics based on identified IT services and validated with business stakeholders
    • Validated that metrics can be collected and measured
    • Determined calculation methodology

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Design the Metrics

    Proposed Time to Completion (in weeks): 4 weeks
    Step 1.1: Design Metrics Step 1.2: Validate the Metrics
    Start with an analyst kick-off call:
    • Determine the stakeholder and their needs
    • Identify IT services that are tied to the delivery of business outcomes
    • Derive the service metrics
    Review findings with analyst:
    • For the selected metrics, identify the data source for collection
    • Validate whether or not the data can be created
    • Create a calculation method for the metrics
    Then complete these activities…
    • Using the methodology provided, identify additional stakeholders and map out their success criteria, including KPIs to determine the appropriate service metrics
    Then complete these activities…
    • Determine whether the designed metrics are measurable, and if so, how
    With these tools & templates:
    • Metrics Development Workbook
    With these tools & templates:
    • Metrics Development Workbook

    Design your service metrics – overview

    Figure representing 'CIO'. Step 1
    Derive your service metrics

    Metrics Worksheet

    Figure representing 'SLM' and/or 'BRM'. Step 2
    Validate your metrics

    Metrics Worksheet

    Figures representing 'CIO', 'SLM', and/or 'BRM'. Step 3
    Confirm with stakeholders

    Metrics Tracking Sheet

    A star.

    Defined IT Service Metrics

    Deriving the right metrics is critical to ensuring that you will generate valuable and actionable service metrics.

    Derive your service metrics from business objectives and needs

    Service metrics must be designed with the business perspective in mind so they are fully aligned with business objectives.

    Thus, IT must start by identifying specific stakeholder needs. The more IT understands about the business, the more relevant the metrics will be to the business stakeholders.

    1. Who are your stakeholders?
    2. What are their goals and pain points?
    3. What do the stakeholders need to know?
    4. What do I need to measure?
    5. Derive your service metrics

    Derive your service metrics

    Supporting Tool icon 1.1 Metrics Development Workbook

    This workbook guides the development and creation of service metrics that are directly tied to stakeholder needs.

    This process will ensure that your service metrics are designed with the business perspective in mind so they are fully aligned with business objectives.

    1. Who are the relevant stakeholders?
    2. What are the goals and pain points of your stakeholders?
    3. What do the stakeholders need to know?
    4. What does IT need to measure?
    5. What are the appropriate IT metrics?

    Download the Metrics Development Workbook.

    Sample of Info-Tech's Metrics Development Workbook.

    Determine your stakeholders

    Supporting Tool icon 1.1 0.5 Hour

    Who are your stakeholders?

    1. Identify the primary stakeholders of your service metrics. Stakeholders are the people who have a very specific need to know about how IT services affect their business outcomes. Different stakeholders can have different perspective on the same IT service metric.Most often, the primary target of service metrics are the business stakeholders, e.g. VP of a business unit.
    2. Identify any additional stakeholders. The CIO is also a stakeholder since they are effectively the business relationship manager for the senior leaders.

    Video Conferencing Case Study
    Manufacturing company

    For this phase, we will demonstrate how to derive the service metrics by going through the steps in the methodology.

    At a manufacturing company, the CIO’s main stakeholder is the CEO, whose chief concern is to improve the financial position of the company.

    Identify goals and pain points of your stakeholders

    Supporting Tool icon 1.2 0.5 Hour

    What are their goals and pain points?

    1. Clearly identify each stakeholder’s business goals and outcomes. These would be particular business goals related to a specific business unit.
    2. Identify particular pain points for each business unit to understand what is preventing them from achieving the desirable business outcome.

    VC Case Study

    One of the top initiatives identified by the company to improve financial performance was to reduce expense.

    Because the company has several key locations in different states, company executives used to travel extensively to carry out meetings at each location.

    Therefore, travel expenses represent a significant proportion of operational expenses and reducing travel costs is a key goal for the company’s executives.

    What do the stakeholders need to know?

    Supporting Tool icon 1.3 0.5 Hour

    What do the stakeholders need to know?

    1. Identify the key things that the stakeholders would need to know based on the goals and pain points derived from the previous step.These are your success criteria and must be met to successfully achieve the desired goals.

    VC Case Study

    The CEO needs to have assurance that without executives traveling to each location, remote meetings can be as effective as in-person meetings.

    These meetings must provide the same outcome and allow executives to collaborate and make similar strategic decisions without the onsite, physical presence.

    Therefore, the success criteria are:

    • Reduced travel costs
    • Effective collaboration
    • High-quality meetings

    What do I need to measure?

    Supporting Tool icon 1.4 1 Hour

    What does IT need to measure?

    1. Identify the IT services that are leveraged to achieve the business goals and success criteria.
    2. Identify the users of those services and determine the nature of usage for each group of users.
    3. Identify the key indicators that must be measured for those services from an IT perspective.

    VC Case Study

    The IT department decides to implement the video conferencing service to reduce the number of onsite meetings. This technology would allow executives to meet remotely with both audio and video and is the best option to replicate a physical meeting.

    The service is initially available to senior executives and will be rolled out to all internal users once the initial implementation is deemed successful.

    To determine the success of the service, the following needs to be measured:

    1. Outcomes of VC meetings
    2. Quality of the VC meetings
    3. Reduction in travel expenses

    Derive service metrics

    Supporting Tool icon 1.5 0.5 Hour

    Derive your service metrics

    1. Derive the service metrics that are meaningful to business stakeholders based on the IT services and the key indicators identified in the previous steps.
    2. Distinguish between service metrics and business metrics. You may identify some business metrics in addition to the IT metrics, and although these are important, IT doesn’t own the process of tracking and reporting business metrics.

    VC Case Study

    In the previous step, IT identified that it must measure the outcomes of VC meetings, quality of the VC meetings, and the reduction in travel expenses. From these, the appropriate service metrics can be derived to answer the needs of the CEO.

    IT needs to measure:

    1. Percent of VC meetings successfully delivered
    2. Growth of number of executive meetings conducted via VC
    Outcomes

    IT also identified the following business metrics:

    1. Reduction in percent of travel expense/spend
    2. Reduction in lost time due to travel

    Validate your metrics

    Once appropriate service metrics are derived from business objectives, the next step is to determine whether or not it is viable to actually measure the metrics.

    Can you measure it? The first question IT must answer is whether the metric is measurable. IT must identify the data source, validate its ability to collect the data, and specify the data requirement. Not all metrics can be measured!
    How will you measure it? If the metric is measurable, the next step is to create a way to measure the actual data. In most cases, simple formulas that can be easily understood are the best approach.
    Define your actions Metrics must be used to drive or reinforce desirable outcomes and behaviors. Thus, IT must predetermine the necessary actions associated with the different metric levels, thresholds, or trends.

    Determine if you can measure the identified metric

    Supporting Tool icon 1.6 0.5 Hour

    INSTRUCTIONS

    1. Determine what data sources are available. Make sure that you know where the information you need is captured, or will need to be captured. This would include:
      • A ticket/request system
      • An auto discovery tool
      • A configuration management database ( CMDB)
    2. Confirm that IT has the ability to collect the information.
      • If the necessary data is already contained in an identified data source, then you can proceed.
      • If not, consider whether it’s possible to gather the information using current sources and systems.
      • Understand the constraints and cost/ROI to implement new technology or revise processes and data gathering to produce the data.

    VC Case Study

    Using the metric derived from the video conferencing service example, IT wants to measure the % of VC meetings successfully delivered.

    What are the data sources?

    • Number of VC meetings that took place
    • Number of service incidents
    • User survey

    Determine if you can measure the identified metric

    Supporting Tool icon 1.6 0.5 Hour

    INSTRUCTIONS

    1. Understand your data requirements
      • To produce relevant metrics from your data, you need to ensure the level of quality and currency that provides you with useful information. You need to define:
        • The level of detail that has to be captured to make the data useful.
        • The consistency of the data, and how it needs to be entered or gathered.
        • The accuracy of the data. This includes how current the data needs to be, how quickly changes have to be made, and how data quality will be verified.

    VC Case Study

    Data requirement for percent of successful VC meetings:

    • Level of detail – user category, location, date/time,
    • Consistency – how efficiently are VC-related incidents opened and closed? Is the data collected and stored consistently?
    • Accuracy – is the information entered accurately?

    Create the calculation to measure it

    Supporting Tool icon 1.7 0.5 Hour

    Determine how to calculate the metrics.

    INSTRUCTIONS
    1. Develop the calculations that will be used for each accepted metric. The measurement needs to be clear and straightforward.
    2. Define the scope and assumptions for each calculation, including:
      • The defined measurement period (e.g. monthly, weekly)
      • Exclusions (e.g. nonbusiness hours, during maintenance windows)

    VC Case Study

    Metric: Percent of VC meetings delivered successfully

    IT is able to determine the total number of VC meetings that took place and the number of VC service requests to the help desk.

    That makes it possible to use the following formula to determine the success percentage of the VC service:

    ((total # VC) – (# of VC with identified incidents)) / (total # VC) * 100

    Define the actions to be taken for each metric

    Supporting Tool icon 1.7 1.5 Hour

    INSTRUCTIONS

    Centered on the defined metrics and their calculations, IT can decide on the actions that should be driven out of each metric based on one of the following scenarios:
    • Scenario 1: Ad hoc remedial action and root-cause investigation. If the reason for the result is unknown, determining root cause or identifying trends is required to determine required actions.
    • Scenario 2: Predefined remedial action. A set of predetermined actions associated with different results. This is useful when the meaning of the results is clear and points to specific issues within the environment.
    • Scenario 3: Nonremedial action. The metrics may produce a result that reinforces or supports company direction and strategy, or identifies an opportunity that may drive a new initiative or idea.

    VC Case Study

    If the success rate of the VC meetings is below 90%, IT needs to focus on determining if there is a common cause and identify if this is a consistent downward trend.

    A root-cause analysis is performed that identifies that network issues are causing difficulties, impacting the connection quality and usability of the VC service.

    Validate the confirmed metrics with the business

    Supporting Tool icon 1.8 1 Hour

    INPUT: Selected service metrics, Discussion with the business

    OUTPUT: Validated metrics with the business

    Materials: Metrics with calculation methodology

    Participants: IT and business stakeholders, Service owners

    INSTRUCTIONS

    1. Once you have derived the appropriate metrics and established that the metrics are measurable, you must go back to the targeted stakeholders and validate that the selected metrics will provide the right information to meet their identified goals and success criteria.
    2. Add confirmed metrics to the Metrics Tracking Tool, in the Metrics Tracking Plan tab.
    Service Metric Corresponding
    Business Goal
    Measurement
    Method
    Defined Actions

    Example: Measuring the online banking service at a financial institution

    Who are IT’s stakeholders? The financial institution provides various banking solutions to its customers. Retail banking is a core service offered by the bank and the VP of retail banking is a major stakeholder of IT.
    What are their goals and pain points? The VP of retail banking’s highest priorities are to increase revenue, increase market share, and maintain the bank’s brand and reputation amongst its customers.
    What do they need to know? In order to measure success, the VP of retail banking needs to determine performance in attracting new clients, retaining clients, expanding into new territory, and whether they have increased the number of services provided to existing clients.
    What does IT need to measure? The recent implementation of an online banking service is a key initiative that will keep the bank competitive and help retail banking meet its goals. The key indicators of this service are: the total number of clients, the number of products per client, percent of clients using online banking, number of clients by segment, service, territory.
    Derive the service metrics Based on the key indicators, IT can derive the following service metrics:
    1. Number of product applications originated from online banking
    2. Customer satisfaction/complaints
    As part of the process, IT also identified some business metrics, such as the number of online banking users per month or the number of times a client accesses online banking per month.

    Design service metrics to track service performance and value

    CASE STUDY
    Industry: Manufacturing | Source: CIO
    Challenge Solution Results
    The IT organization needed to generate metrics to show the business whether the video conferencing service was being adopted and if it was providing the expected outcome and value.

    Standard IT metrics were technical and did not provide a business context that allowed for easy understanding of performance and decision making.

    The IT organization, working through the CIO and service managers, sat down with the key business stakeholders of the video conferencing service.

    They discussed the goals for the meeting and defined the success criteria for those goals in the context of video conference meeting outcomes.

    The success criteria that were discussed were then translated into a set of questions (key performance indicators) that if answered, would show that the success criteria were achieved.

    The service manager identified what could be measured to answer the defined questions and eliminated any metrics that were either business metrics or non-IT related.

    The remaining metrics were identified as the possible service metrics, and the ability to gather the information and produce the metric was confirmed.

    Service metrics were defined for:

    1. Percent of video conference meetings delivered successfully
    2. Growth in the number of executive meetings conducted via video conference

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    Sample of activity 1.1 'Determine your stakeholders'. Determine stakeholder needs, goals, and pain points

    The onsite analyst will help you select key stakeholders and analyze their business objectives and current pain points.

    1.2

    Sample of activity 1.2 'Identify goals and pain points of your stakeholders'. Determine the success criteria and related IT services

    The analyst will facilitate a discussion to uncover the information that these stakeholders care about. The group will also identify the IT services that are supporting these objectives.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    1.5

    Sample of activity 1.5 'Derive service metrics'. Derive the service metrics

    Based on the key performance indicators obtained in the previous page, derive meaningful business metrics that are relevant to the stakeholders.

    1.6

    Sample of activity 1.6 'Determine if you can measure the identified metric'. Validate the data collection process

    The analyst will help the workshop group determine whether the identified metrics can be collected and measured. If so, a calculation methodology is created.

    1.7

    Sample of activity 1.7 'Create the caluclation to measure it'. Validate metrics with stakeholders

    Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics.

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 2

    Design Reports and Dashboards

    Step (2): Design Reports and Dashboards

    PHASE 1PHASE 2PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • Business Relationship Manager
    • Service Level Manager
    • Business Stakeholders

    Outcomes of this step

    • Presentation format selected based on stakeholder needs and preference for information
    • Presentation format validated with stakeholders

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Design Reports and Dashboards

    Proposed Time to Completion (in weeks): 3 weeks
    Step 2.1: Select Presentation Format Step 2.2: Review Design
    Start with an analyst kick-off call:
    • Review the different format of metrics presentation and discuss the pros/cons of each format
    • Discuss stakeholder needs/preference for data
    • Select the presentation format
    Review findings with analyst:
    • Discuss stakeholder feedback based on selected presentation format
    • Modify and adjust the presentation format as needed
    Then complete these activities…
    • Design the metrics using the selected format
    Then complete these activities…
    • Finalize the design for metrics presentation
    With these tools & templates:
    • Metrics Presentation Format Selection Guide
    With these tools & templates:
    • Metrics Presentation Format Selection Guide

    Design the reports – overview

    Figure representing 'SLM' and/or 'BRM'. Step 1
    Understand the pros and cons of different reporting styles
    Figure representing 'SLM' and/or 'BRM'. Step 2
    Determine your reporting and presentation style

    Presentation Format Selection

    Figure representing 'SLM' and/or 'BRM'. Step 3
    Design your metrics reports
    A star.

    Validated Service Reports

    The design of service metrics reporting is critically important. The reporting style must present the right information in the most interesting and stakeholder-centric way possible to ensure that it is read and used.

    The reports must also display information in a way that generates actions. If your stakeholders cannot make decisions, kick off activities, or ask questions based on your reports, then they have no value.

    Determine the right presentation format for your metrics

    Most often, metrics are presented in the following ways:

    Dashboard
    (PwC. “Mega-Trends and Implications.”)
    Sample of the 'Dashboard' metric presentation format.
    Infographic
    (PwC. “Healthcare’s new entrants.”)
    Sample of the 'Infographic' metric presentation format.
    Report
    (PwC Blogs. “Northern Lights.”)
    Sample of the 'Report' metric presentation format.
    Scorecard
    (PwC. “Annual Report 2015.”)
    Sample of the 'Scorecard' metric presentation format.

    Understand the advantages and disadvantages of each reporting style – Dashboard

    A dashboard is a reporting method that provides a dynamic at-a-glance view of key metrics from the perspective of key stakeholders. It provides a quick graphical way to process important performance information in real time.

    Features

    Typically web-based

    Dynamic data that is updated in real time

    Advantage

    Aggregates a lot of information into a single view

    Presents metrics in a simplistic style that is well understood

    Provides a quick point-in-time view of performance

    Easy to consume visual presentation style

    Disadvantage

    Complicated to set up well.
    Requires additional technology support: programming, API, etc.

    Promotes a short-term outlook – focus on now, no historical performance and no future trends. Doesn’t provide the whole picture and story.

    Existing dashboard tools are often not customized enough to provide real value to each stakeholder.

    Dashboards present real-time metrics that can be accessed and viewed at any time

    Sample of the 'Dashboard' metric presentation format.
    (Source: PwC. “Mega-Trends and Implications.”)
    Metrics presented through online dashboards are calculated in real time, which allows for a dynamic, current view into the performance of IT services at any time.

    Understand the advantages and disadvantages of each reporting style – Infographic

    An infographic is a graphical representation of metrics or data, which is used to show information quickly and clearly. It’s based on the understanding that people retain and process visual information more readily than written details.

    Features

    Turns dry into attractive –transforms data into eye-catching visual memory that is easier to retain

    Can be used as the intro to a formal report

    There are endless types of infographics

    Advantage

    Easily consumable

    Easy to retain

    Eye catching

    Easily shared

    Spurs conversation

    Customizable

    Disadvantage

    Require design expertise and resources

    Can be time consuming to generate

    Could be easily misinterpreted

    Message can be lost with poor design

    Infographics allow for completely unique designs

    Sample of the 'Infographic' metric presentation format.
    (Source: PwC. “Healthcare’s new entrants…”)
    There is no limit when it comes to designing an infographic. The image used here visually articulates the effects of new entrants pulling away the market.

    Understand the advantages and disadvantages of each reporting style – Formal Report

    A formal report is a more structured and official reporting style that contains detailed research, data, and information required to enable specific business decisions, and to help evaluate performance over a defined period of time.

    Definition

    Metrics can be presented as a component of a periodic, formal report

    A physical document that presents detailed information to a particular audience

    Advantage

    More detailed, more structured and broader reporting period

    Formal, shows IT has put in the effort

    Effectively presents a broader and more complete story

    Targets different stakeholders at the same time

    Disadvantage

    Requires significant effort and resources

    Higher risk if the report does not meet the expectation of the business stakeholder

    Done at a specific time and only valuable for that specific time period

    Harder to change format

    Formal reports provide a detailed view and analysis of performance

    Sample of the 'Formal Report' metric presentation format.
    (Source: PwC Blogs. “Northern Lights: Where are we now?”)
    An effective report incorporates visuals to demonstrate key improvements.

    Formal reports can still contain visuals, but they are accompanied with detailed explanations.

    Understand the advantages and disadvantages of each reporting style – Scorecard

    A scorecard is a graphic view of the progress and performance over time of key performance metrics. These are in relation to specified goals based on identified critical stakeholder objectives.

    Features

    Incorporates multiple metrics effectively.

    Scores services against the most important organizational goals and objectives. Scorecards may tie back into strategy and different perspectives of success.

    Advantage

    Quick view of performance against objectives

    Measure against a set of consistent objectives

    Easily consumable

    Easy to retain

    Disadvantage

    Requires a lot of forethought

    Scorecards provide a time-bound summary of performance against defined goals

    Sample of the 'Scorecard' metric presentation format.
    (PwC. “Annual Report 2015.”)
    Scorecards provide a summary of performance that is directly linked to the organizational KPIs.

    Determine your report style

    Supporting Tool icon 2.1 Metrics Presentation Format Selection Guide

    In this section, you will determine the optimal reporting style for the service metrics.

    This guide contains four questions, which will help IT organizations identify the most appropriate presentation format based on stakeholder preference and needs for metrics.

    1. Who is the relevant stakeholder?
    2. What are the defined actions for the metric?
    3. How frequently does the stakeholder need to see the metric?
    4. How does the stakeholder like to receive information?
    Sample of Info-Tech's Metrics Presentation Format Selection Guide.
    Download the Metrics Presentation Format Selection Guide.

    Determine your best presentation option

    Supporting Tool icon 2.1 2 Hours

    INPUT: Identified stakeholder and his/her role

    OUTPUT: Proper presentation format based on need for information

    Materials: Metrics Presentation Format Selection Guide

    Participants: BRM, SLM, Program Manager

    After deciding on the report type to be used to present the metric, the organization needs to consider how stakeholders will consume the metric.

    There are three options based on stakeholder needs and available presentation options within IT.

    1. Paper-based presentation is the most traditional form of reporting and works well with stakeholders who prefer physical copies. The report is produced at a specific time and requires no additional IT capability.
    2. Online documents stored on webpages, SharePoint, or another knowledge management system could be used to present the metrics. This allows the report to be linked to other information and easily shared.
    3. Online dashboards and graphics can be used to have dynamic, real-time reporting and anytime access. These webpages can be incorporated into an intranet and allow the user to view the metrics at any time. This will require IT to continuously update the data in order to maintain the accuracy of the metrics.

    Design your metric reports with these guidelines in mind

    Supporting Tool icon 2.2 30 Minutes
    1. Stakeholder-specificThe report must be driven by the identified stakeholder needs and preferences and articulate the metrics that are important to them.
    2. ClarityTo enable decision making and drive desired actions, the metrics must be clear and straightforward. They must be presented in a way that clearly links the performance measurement to the defined outcome without leading to different interpretations of the results.
    3. SimplicityThe report must be simple to read, understand, and analyze. The language of the report must be business-centric and remove as much complexity as possible in wording, imaging, and context.

    Be sure to consider access rights for more senior reports. Site and user access permissions may need to be defined based on the level of reporting.

    Metrics reporting on the video conferencing service

    CASE STUDY
    Industry: Manufacturing | Source: CIO Interview
    The Situation

    The business had a clear need to understand if the implementation of video conferencing would allow previously onsite meetings to achieve the same level of effectiveness.

    Reporting Context

    Provided reports had always been generated from an IT perspective and the business rarely used the information to make decisions.

    The metrics needed to help the business understand if the meetings were remaining effective and be tied into the financial reporting against travel expenses, but there would be limited visibility during the executive meetings.

    Approach

    The service manager reviewed the information that he had gathered to confirm how often they needed information related to the service. He also met with the CIO to get some insight into the reports that were already being provided to the business, including the ones that were most effective.

    Considerations

    The conversations identified that there was no need for a dynamic real-time view of the performance of the service, since tracking of cost savings and utility would be viewed monthly and quarterly. They also identified that the item would be discussed within a very small window of time during the management meetings.

    The Solution

    It was determined that the best style of reporting for the metric was an existing scorecard that was produced monthly, using some infographics to ensure that the information is clear at a glance to enable quick decision making.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    Sample of presentation format option slide 'Determine the right presentation format for your metrics'. Understand the different presentation options

    The onsite analyst will introduce the group to the communication vehicles of infographic, scorecard, formal report, and dashboard.

    2.1

    Sample of activity 2.1 'Determine your best presentation option'. Assess stakeholder needs for information

    For selected stakeholders, the analyst will facilitate a discussion on how stakeholders would like to view information and how the metrics can be presented to aid decision making.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    2.2

    Sample of activity 2.2 'Design your metric reports with these guidelines in mind'. Select and design the metric report

    Based on the discussion, the working group will select the most appropriate presentation format and create a rough draft of how the report should look.

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 3

    Implement, Track, and Maintain Your Metrics

    Step (3): Implement, Track, and Maintain Your Metrics

    PHASE 1PHASE 2PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • Service Level Manager
    • Business Relationship Manager
    • Service Metrics Program Manager

    Activities in this step

    • Determine the first batch of metrics to be implemented as part of the pilot program
    • Create a process to collect and validate data, determine initial targets, and integrate with SLM and BRM functions
    • Present the metric reports to the relevant stakeholders and incorporate the feedback into the metric design
    • Establish a standard process and roll out the implementation of metrics in batches
    • Establish a process to monitor and track the effectiveness of the service metrics program and make adjustments when necessary

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Implement, Track, and Maintain Your Metrics

    Proposed Time to Completion (in weeks): 4 weeks
    Step 3.1: Select and Launch Pilot Metrics Step 3.2: Track and Maintain the Metrics
    Start with an analyst kick-off call:
    • Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
    • Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
    Review findings with analyst:
    • Review the success of metrics and discuss feedback from stakeholders
    • Roll out the metrics implementation to a broader audience
    • Establish roles and timelines for metrics maintenance
    Then complete these activities…
    • Document the first batch of metrics
    • Document the baseline, initial targets
    • Create a plan to integrate with SLM and BRM functions
    Then complete these activities…
    • Create a document that defines how the organization will track and maintain the success of the metrics program
    • Review the metrics program periodically
    With these tools & templates:
    • Metrics Tracking Tool
    With these tools & templates:
    • Metrics Tracking Tool

    Implement, Track, and Maintain the Metrics

    Figure representing 'SLM' and/or 'BRM'. Step 1
    Run your pilot

    Metrics Tracking Tool

    Figure representing 'SLM' and/or 'BRM'. Step 2
    Validate success

    Metrics Tracking Tool

    Figure representing 'SLM' and/or 'BRM'. Step 3
    Implement your metrics program in batches

    Metrics Tracking Tool

    A star.

    Active Service Metrics Program

    Once you have defined the way that you will present the metrics, you are ready to run a pilot with a smaller sample of defined service metrics.

    This allows you to validate your approach and make refinements to the implementation and maintenance processes where necessary, prior to activating all service metrics.

    Track the performance of your service metrics

    Supporting Tool icon 3.1

    The Metrics Tracking Tool will enable you to track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

    There are three sections in this tool:
    1. Metrics Tracking Plan. Identify the metrics to be tracked and their purpose.
    2. Metrics Tracking Actuals. Monitor and track the actual performance of the metrics.
    3. Remediation Tracking. Determine and document the steps that need to be taken to correct a sub-performing metric.
    Sample of Info-Tech's Metrics Tracking Tool.

    Select pilot metrics

    Supporting Tool icon 3.1 30 Minutes

    INPUT: Identified services, Business feedback

    OUTPUT: Services with most urgent need or impact

    Materials: Service catalog or list of identified services

    Participants: BRM, SLM, Business representatives

    To start the implementation of your service metrics program and drive wider adoption, you need to run a pilot using a smaller subset of metrics.

    INSTRUCTIONS

    To determine the sample for the pilot, consider metrics that:

    • Are related to critical business services and functions
    • or
    • Address known/visible pain points for the business
    • or
    • Were designed for supportive or influential stakeholders

    Metrics that meet two or more criteria are ideal for the pilot

    Collect and validate data

    Supporting Tool icon 3.2 1 Hour

    INPUT: Identified metrics

    OUTPUT: A data collection mythology, Metrics tracking

    Materials: Metrics

    Participants: SLM, BRM, Service owner

    You will need to start collection and validation of your identified data in order to calculate the results for your pilot metrics.

    INSTRUCTIONS

    1. Initiate data collection
      • Use the data sources identified during the design phase and initiate the data collection process.
    2. Determine start date
      • If historical data can be retrieved and gathered, determine how far back you want your measurements to start.
    3. Compile data and validate
      • Ensure that the information is accurate and up to date. This will require some level of data validation and audit.
    4. Run the metric
      • Use the defined calculation and source data to generate the metrics result.
    5. Record metrics results
      • Use the metrics tracking sheet to track the actual results.

    Determine initial targets

    Supporting Tool icon 3.3 1 Hour

    INPUT: Historical data/baseline data

    OUTPUT: Realistic initial target for improvement

    Materials: Metrics Tracking Tool

    Participants: BRM, SLM, Service owner

    INSTRUCTIONS

    Identify an initial service objective based on one or more of the following options:

    1. Establish an initial target using historical data and trends of performance.
    2. Establish an initial target based on stakeholder-identified requirements and expectations.
    3. Run the metrics report over a defined period of time and use the baseline level of achievement to establish an initial target.

    The target may not always be a number - it could be a trend. The initial target will be changed after review with stakeholders

    Integrate with SLM and BRM processes

    Supporting Tool icon 3.4 1 Hour

    INPUT: SLM and BRM SOPs or responsibility documentations

    OUTPUT: Integrate service metrics into the SLM/BRM role

    Materials: SLM / BRM reports

    Participants: SLM, BRM, CIO, Program manager, Service manager

    The service metrics program is usually initiated, used, and maintained by the SLM and BRM functions.

    INSTRUCTIONS

    Ensure that the metrics pilot is integrated with those functions by:

    1. Engaging with SLM and BRM functions/resources
      • Identify SLM and BRM resources associated with or working on the services where the metrics are being piloted
      • Obtain their feedback on the metrics/reporting
    2. Integrating with the existing reporting and meeting cycles
      • Ensure the metrics will be calculated and available for discussion at standing meetings and with existing reports
    3. Establishing the metrics review and validation cycle for these metrics
      • Confirm the review and validation period for the metrics in order to ensure they remain valuable and actionable

    Generate reports and present to stakeholders

    Supporting Tool icon 3.5 1 Hour

    INPUT: Identified metrics, Selected presentation format

    OUTPUT: Metrics reports that are ready for distribution

    Materials: Metrics Presentation Format Selection Guide

    Participants: BRM, SLM, CIO, Business representatives

    INSTRUCTIONS

    Once you have completed the calculation for the pilot metrics:

    1. Confirm the report style for the selected metrics (as defined in Phase 2)
    2. Generate the reporting for the pilot metrics
    3. Present the pilot metric reports to the identified BRM and SLM resources who will present the reporting to the stakeholders
    4. Gather feedback from Stakeholders on metrics - results and process
    5. Create and execute remediation plans for any actions identified from the metrics
    6. Initiate the review cycle for metrics (to ensure they retain value)

    Plan the rollout and implementation of the metrics reporting program

    Supporting Tool icon 3.6 1 Hour

    INPUT: Feedback from pilot, Services in batch

    OUTPUT: Systematic implementation of metrics

    Materials: Metrics Tracking Tool

    Participants: BRM, SLM, Program manager

    Upon completion of the pilot, move to start the broader implementation of metrics across the organization:

    INSTRUCTIONS

    1. Identify the service metrics that you will implement. They can be selected based on multiple criteria, including:
      • Organizational area/business unit
      • Service criticality
      • Pain points
      • Stakeholder engagement (detractors, supporters)
    2. Create a rollout plan for implementation in batches, identifying expected launch timelines, owners, targeted stakeholders, and communications plans
    3. Use the implementation plan from the pilot to roll out each batch of service metrics:
      • Collect and validate data
      • Determine target(s)
      • Integrate with BRM and SLM
      • Generate and communicate reports to stakeholders

    Maintain the service metrics

    Supporting Tool icon 3.7 1.5 Hour

    INPUT: Feedback from business stakeholders

    OUTPUT: Modification to individual metrics or to the process

    Materials: Metrics Tracking Tool, Metrics Development Workbook

    Participants: CIO, BRM, SLM, Program manager, Service owner

    Once service metrics and reporting become active, it is necessary to determine the review time frame for your metrics to ensure they remain useful.

    INSTRUCTIONS

    1. Confirm and establish a review time frame with stakeholders (e.g. annually, bi-annually, after organizational or strategic changes).
    2. Meet with stakeholders by the review date to discuss the value of existing metrics and validate:
      • Whether the goals associated with the metrics are still valid
      • If the metric is still necessary
      • If there is a more effective way to present the metrics
    3. Track actions based on review outcomes and update the remediation tracking sheet.
    4. Update tracking sheet with last complete review date.

    Maintain the metrics

    Supporting Tool icon 3.7

    Based on the outcome of the review meeting, decide what needs to be done for each metric, using the following options:

    Add

    A new metric is required or an existing metric needs large-scale changes (example: calculation method or scope).
    Triggers metrics design as shown in phases 1 and 2.

    Change

    A minor change is required to the presentation format or data. Note: a major change in a metric would be performed through the Add option.

    Remove

    The metric is no longer required, and it needs to be removed from reporting and data gathering. A final report date for that metric should be determined.

    Maintain

    The metric is still useful and no changes are required to the metric, its measurement, or how it’s reported.

    Ensuring metrics remain valuable

    VC CASE STUDY
    Industry: Manufacturing | Source: CIO Interview

    Reviewing the value of active metrics

    When the video conferencing service was initially implemented, it was performed as a pilot with a group of executives, and then expanded for use throughout the company. It was understood that prior to seeing the full benefit in cost reduction and increased efficiency and effectiveness, the rate of use and adoption had to be understood.

    The primary service metrics created for the service were based on tracking the number of requests for video conference meetings that were received by the IT organization. This identified the growth in use and could be used in conjunction with financial metrics related to travel to help identify the impact of the service through its growth phase.

    Once the service was adopted, this metric continued to be tracked but no longer showed growth or expanded adoption.

    The service manager was no longer sure this needed to be tracked.

    Key Activity

    The metrics around requests for video conference meetings were reviewed at the annual metrics review meeting with the business. The service manager asked if the need for the metric, the goal of tracking adoption, was still important for the business.

    The discussion identified that the adoption rate was over 80%, higher than anticipated, and that there was no value in continuing to track this metric.

    Based on the discussion, the adoption metrics were discontinued and removed from data gathering and reporting, while a success rate metric was added (how many meetings ran successfully and without issue) to ensure the ongoing value of the video conferencing service.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    Sample of activity 3.1 'Select pilot metrics'. Select the pilot metrics

    The onsite analyst will help the workshop group select the metrics that should be first implemented based on the urgency and impact of these metrics.

    3.2

    Sample of activity 3.2 'Collect and validate data'. Gather data and set initial targets

    The analyst will help the group create a process to gather data, measure baselines, and set initial targets.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    3.5

    Sample of activity 3.5 'Generate reports and present to stakeholders'. Generate the reports and validate with stakeholders

    The Info-Tech analyst will help the group establish a process to receive feedback from the business stakeholders once the report is generated.

    3.6

    Sample of activity 3.6 'Plan the rollout and implementation of the metrics reporting program'. Implement the service metrics program

    The analyst will facilitate a discussion on how to implement the metrics program across the organization.

    3.7

    Sample of activity 3.7 'Maintain the service metrics'. Track and maintain the metrics program

    Set up a mechanism to ensure the success of the metrics program by assessing process adherence and process validity.

    Insight breakdown

    Insight 1

    Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.

    Insight 2

    Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.

    Insight 3

    Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

    Summary of accomplishment

    Knowledge Gained

    • Follow a methodology to identify metrics that are derived from business objectives.
    • Understand the proper presentation format based on stakeholder needs for information.
    • Establish a process to ensure the metrics provided will continue to provide value and aid decision making.

    Processes Optimized

    • Metrics presentation to business stakeholders
    • Metrics maintenance and tracking

    Deliverables Completed

    • Metrics Development Workbook
    • Metrics Presentation Format Selection Guide
    • Metrics Tracking Tool

    Research contributors and experts

    Name Organization
    Joe Evers Joe Evers Consulting
    Glen Notman Associate Partner, Citihub
    David Parker Client Program Manager, eHealth Ontario
    Marianne Doran Collins CIO, The CIO-Suite, LLC
    Chris Kalbfleisch Manager, Service Management, eHealth Ontario
    Joshua Klingenberg BHP Billiton Canada Inc.

    Related Info-Tech research

    Stock image of a menu. Design & Build a User-Facing Service Catalog
    The user-facing service catalog is the go-to place for IT service-related information.
    Stock image of a laptop keyboard. Unleash the True Value of IT by Transforming Into a Service Provider
    Earn your seat at the table and influence business strategy by becoming an IT service provider.

    Bibliography

    Pollock, Bill. “Service Benchmarking and Measurement: Using Metrics to Drive Customer Satisfaction and Profits.” Aberdeen Group. June 2009. http://722consulting.com/ServiceBenchmarkingandMeasurement.pdf

    PwC. “Mega-Trends and Implications.” RMI Discussion. LinkedIn SlideShare. September 2015. http://www.slideshare.net/AnandRaoPwC/mega-trends-and-implications-to-retirement

    PwC. “Healthcare’s new entrants: Who will be the industry’s Amazon.com?” Health Research Institute. April 2014. https://www.pwc.com/us/en/health-industries/healthcare-new-entrants/assets/pwc-hri-new-entrant-chart-pack-v3.pdf

    PwC. “Northern Lights: Where are we now?” PwC Blogs. 2012. http://pwc.blogs.com/files/12.09.06---northern-lights-2--summary.pdf

    PwC. “PwC’s key performance indicators

    Modernize Your Corporate Website to Drive Business Value

    • Buy Link or Shortcode: {j2store}524|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Users are demanding more valuable web functionalities and improved access to your website services. They are expecting development teams to keep up with their changing needs.
    • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

    Our Advice

    Critical Insight

    Complication

    • Organizations are focusing too much on the UI when they optimize the user experience of their websites. The UI is only one of many components involved in successful websites with good user experience.
    • User experience (UX) is often an afterthought in development, risking late and costly fixes to improve end-user reception after deployment.

    Insights

    • Organizations often misinterpret UX as UI. In fact, UX incorporates both the functional and emotional needs of the user, going beyond the website’s UI.
    • Human behaviors and tendencies are commonly left out of the define and design phases of website development, putting user satisfaction and adoption at risk.

    Impact and Result

    • Gain a deep understanding of user needs and behaviors. Become familiar with the human behaviors, emotions, and pain points of your users in order to shortlist the design elements and website functions that will receive the highest user satisfaction.
    • Perform a comprehensive website review. Leverage satisfaction surveys, user feedback, and user monitoring tools (e.g. heat maps) to reveal high-level UX issues. Use these insights to drill down into the execution and composition of your website to identify the root causes of issues.
    • Incorporate modern UX trends in your design. New web technologies are continuously emerging in the industry to enhance user experience. Stay updated on today’s UX trends and validate their fit for the specific needs of your target audience.

    Modernize Your Corporate Website to Drive Business Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your website, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define UX requirements

    Reveal the opportunities to heighten the user experience of your website through a deep understanding of the behaviors, emotions, and needs of your end users in order to design a receptive and valuable website.

    • Modernize Your Corporate Website to Drive Business Value – Phase 1: Define UX Requirements
    • Website Design Document Template

    2. Design UX-driven website

    Design a satisfying and receptive website by leveraging industry best practices and modern UX trends and ensuring the website is supported with reliable and scalable data and infrastructure.

    • Modernize Your Corporate Website to Drive Business Value – Phase 2: Design UX-Driven Website
    [infographic]

    Workshop: Modernize Your Corporate Website to Drive Business Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your UX Requirements

    The Purpose

    List the business objectives of your website.

    Describe your user personas, use cases, and user workflow.

    Identify current UX issues through simulations, website design, and system reviews.

    Key Benefits Achieved

    Strong understanding of the business goals of your website.

    Knowledge of the behaviors and needs of your website’s users.

    Realization of the root causes behind the UX issues of your website.

    Activities

    1.1 Define the business objectives for the website you want to optimize

    1.2 Define your end-user personas and map them to use cases

    1.3 Build your website user workflow

    1.4 Conduct a SWOT analysis of your website to drive out UX issues

    1.5 Gauge the UX competencies of your web development team

    1.6 Simulate your user workflow to identify the steps driving down UX

    1.7 Assess the composition and construction of your website

    1.8 Understand the execution of your website with a system architecture

    1.9 Pinpoint the technical reason behind your UX issues

    1.10 Clarify and prioritize your UX issues

    Outputs

    Business objectives

    End-user personas and use cases

    User workflows

    Website SWOT analysis

    UX competency assessment

    User workflow simulation

    Website design assessment

    Current state of web system architecture

    Gap analysis of web system architecture

    Prioritized UX issues

    2 Design Your UX-Driven Website

    The Purpose

    Design wireframes and storyboards to be aligned to high priority use cases.

    Design a web system architecture that can sufficiently support the website.

    Identify UX metrics to gauge the success of the website.

    Establish a website design process flow.

    Key Benefits Achieved

    Implementation of key design elements and website functions that users will find stimulating and valuable.

    Optimized web system architecture to better support the website.

    Website design process aligned to your current context.

    Rollout plan for your UX optimization initiatives.

    Activities

    2.1 Define the roles of your UX development team

    2.2 Build your wireframes and user storyboards

    2.3 Design the target state of your web environment

    2.4 List your UX metrics

    2.5 Draw your website design process flow

    2.6 Define your UX optimization roadmap

    2.7 Identify and engage your stakeholders

    Outputs

    Roles of UX development team

    Wireframes and user storyboards

    Target state of web system architecture

    List of UX metrics

    List of your suppliers, inputs, processes, outputs, and customers

    Website design process flow

    UX optimization rollout roadmap

    Manage Your Chromebooks and MacBooks

    • Buy Link or Shortcode: {j2store}167|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices

    Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    • If you have modernized your end-user computing strategy, you may have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks may be ideal as a low-cost interface into DaaS for your employees.
    • Managing Chromebooks can be particularly challenging as they grow in popularity in the education sector.

    Our Advice

    Critical Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Impact and Result

    • Many solutions are available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don’t purchase capabilities that you may never use.
    • Use the associated Endpoint Management Selection Tool spreadsheet to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    Manage Your Chromebooks and MacBooks Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Your Chromebooks and MacBooks deck – MacBooks and Chromebooks are growing in popularity in enterprise and education environments, and now you have to manage them.

    Explore options, guidance and some best practices related to the management of Chromebooks and MacBooks in the enterprise environment and educational institutions. Our guidance will help you understand features and options available in a variety of solutions. We also provide guidance on selecting the best endpoint management solution for your own environment.

    • Manage Your Chromebooks and MacBooks Storyboard

    2. Endpoint Management Selection Tool – Select the best endpoint management tool for your environment. Build a table to compare endpoint management offerings in relation to the features and options desired by your organization.

    This tool will help you determine the features and options you want or need in an endpoint management solution.

    • Endpoint Management Selection Tool
    [infographic]

    Further reading

    Manage Your Chromebooks and MacBooks

    Financial constraints, strategy, and your user base dictate the need for Chromebooks and MacBooks – now you have to manage them in your environment.

    Analyst Perspective

    Managing MacBooks and Chromebooks is similar to managing Windows devices in many ways and different in others. The tools have many common features, yet they struggle to achieve the same goals.

    Until recently, Windows devices dominated the workplace globally. Computing devices were also rare in many industries such as education. Administrators and administrative staff may have used Windows-based devices, but Chromebooks were not yet in use. Most universities and colleges were Windows-based in offices with some flavor of Unix in other areas, and Apple devices were gaining some popularity in certain circles.

    That is a stark contrast compared to today, where Chromebooks dominate the classrooms and MacBooks and Chromebooks are making significant inroads into the enterprise environment. MacBooks are also a common sight on many university campuses. There is no doubt that while Windows may still be the dominant player, it is far from the only one in town.

    Now that Chromebooks and MacBooks are a notable, if not significant, part of the education and enterprise environments, they must be afforded the same considerations as Windows devices in those environments when it comes to management. The good news is that there is no lack of available solutions for managing these devices, and the endpoint management landscape is continually evolving and improving.

    This is a picture of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You modernized your end-user computing strategy and now have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks would be ideal as a low-cost interface into DaaS for your employees.
    • You are responsible for the management of all the new Chromebooks in your educational district.
    • Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    Common Obstacles

    • Endpoint management solutions typically do a great job at managing one category of devices, like Windows or MacBooks, but they struggle to fully manage alternative endpoints.
    • Multiple solutions to manage multiple devices will result in multiple dashboards. A single view would be better.
    • One solution may not fit all, but multiple solutions is not desirable either, especially if you have Windows devices, MacBooks, and Chromebooks.

    Info-Tech's Approach

    • Use the tools at your disposal first – don't needlessly spend money if you don't have to. Many solutions can already manage other types of devices to some degree.
    • Use the integration capabilities of endpoint management tools. Many of them can integrate with each other to give you a single interface to manage multiple types of devices while taking advantage of additional functionality.
    • Don't purchase capabilities you will never use. Using 80% of a less expensive tool is economically smarter than using 10% of a more expensive tool.

    Info-Tech Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Insight Summary

    Insight 1

    Google Admin Console is necessary to manage Chromebooks, but it can be paired with other tools. Implementation partnerships provide solutions to track the device lifecycle, track the repair lifecycle, sync with Google Admin Console as well as PowerSchool to provide a more complete picture of the user and device, and facilitate reminders to return the device, pay fees if necessary, pick up a device when a repair is complete, and more.

    Insight 2

    The Google Admin Console allows admins to follow an organizational unit (OU) structure very similar to what they may have used in Microsoft's Active Directory environment. This familiarity makes the task of administering Chromebooks easier for admins.

    Insight 3

    Chromebook management goes beyond securing and manipulating the device. Controls to protect the students while online, such as Safe Search and Safe Browsing, should also be implemented.

    Insight 4

    Most companies choose to use a dedicated MacBook management tool. Many unified endpoint management (UEM) tools can manage MacBooks to some extent, but admins tend to agree that a MacBook-focused endpoint management tool is best for MacBooks while a Windows-based endpoint management tool is best for Windows devices.

    Insight 5

    Some MacBook management solutions advocate integration with Windows UEM solutions to take advantage of Microsoft features such as conditional access, security functionality, and data governance. This approach can also be applied to Chromebooks.

    Chromebooks

    Chromebooks had a respectable share of the education market before 2020, but the COVID-19 pandemic turbocharged the penetration of Chromebooks in the education industry.

    Chromebooks are also catching the attention of some decision makers in the enterprise environment.

    "In 2018, Chromebooks represented an incredible 60 percent of all laptop or tablet devices in K-12 -- up from zero percent when the first Chromebook launched during the summer break in 2011."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    "Chromebooks were the best performing PC products in Q3 2020, with shipment volume increasing to a record-high 9.4 million units, up a whopping 122% year-on-year."
    – Android Police

    "Until the pandemic, Chrome OS' success was largely limited to U.S. schools. Demand in 2020 appears to have expanded beyond that small but critical part of the U.S. PC market."
    – Geekwire

    "In addition to running a huge number of Chrome Extensions and Apps at once, Chromebooks also run Android, Linux and Windows apps."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    Managing Chromebooks

    Start with the Google Admin Console (GAC)

    GAC is necessary to initially manage Chrome OS devices.

    GAC gives you a centralized console that will allow you to:

    • Create organizational units
    • Add your Chromebook devices
    • Add users
    • Assign users to devices
    • Create groups
    • Create and assign policies
    • Plus more

    GAC can facilitate device management with features such as:

    • Control admin permissions
    • Encryption and update settings
    • App deployment, screen timeout settings
    • Perform a device wipe if required
    • Audit user activity on a device
    • Plus more

    Device and user addition, group and organizational unit creation and administration, applying policies to devices and users – does all this remind you of your Active Directory environment?

    GAC lets you administer users and devices with a similar approach.

    Managing Chromebooks

    Use Active Directory to manage Chromebooks.

    • Enable Active Directory (AD) management from within GAC and you will be able to integrate your Chromebook devices with your AD environment.
    • Devices will be visible in both the GAC and AD environment.
    • Use Windows Group Policy to manage devices and to push policies to users and devices.
    • Users can use their AD username and password to sign into Chromebook devices.
    • GAC can still be used for devices that are not synced with AD.

    Chromebooks can also be managed through these approved partners:

    • Cisco Meraki
    • Citrix XenMobile
    • IBM MaaS360
    • ManageEngine Mobile Device Manager Plus
    • VMware Workspace ONE

    Source: Google

    You must be running the Chrome Enterprise Upgrade and have any licenses required by the approved partner to take advantage of this management option. The partner admin policies supersede GAC.

    If you stop using the approved partner admin console to manage your devices, the polices and settings in GAC will immediately take over the devices.

    Microsoft still has the market share when it comes to device sales, and many administrators are already familiar with Microsoft's Active Directory. Google took advantage of that familiarity when it designed the Google Admin Console structure for users, groups, and organizational units.

    Chromebook Deployment

    Chromebook deployment becomes a challenge when device quantities grow. The enrollment process can be time consuming, and every device must be enrolled before it can be used by an employee or a student. Many admins enlist their full IT teams to assist in the short term. Some vendor partners may assist with distribution options if staffing levels permit. Recent developments from Google have opened additional options for device enrollment beyond the manual enrollment approach.

    Enrolling Chromebooks comes down to one of two approaches:

    1. Manually enrolling one device at a time
      • Users can assist by entering some identifying details during the enrollment if permitted.
      • Some third-party solutions exist, such as USB drives to reduce repetitive keystrokes or hubs to facilitate manually enrolling multiple Chromebooks simultaneously.
    2. Google's Chrome Enterprise Upgrade or the Chrome Education Upgrade
      • This allows you to let your users enroll devices after they accept the end-user license agreement.
      • You can take advantage of Google's vendor partner program and use a zero-touch deployment method where the Chromebook devices automatically receive the assigned policies, apps, and settings as soon as the device is powered on and an authorized user signs in.
      • The Enterprise Upgrade and the Education Upgrade do come with an annual cost per device, which is currently less than US$50.
      • The Enterprise and Education Upgrades come with other features as well, such as enhanced security.

    Chromebooks are automatically assigned to the top-level organizational unit (OU) when enrolled. Devices can be manually moved to another OU, but admins can also create enrollment policies to place newly enrolled devices in a specific OU or have the device locate itself in the same OU as the user.

    Chromebooks in Education

    GAC is also used with Education-licensed devices

    Most of the settings and features previously mentioned are also available for Education-licensed devices and users. Enterprise-specific features will not be available to Education licenses. (Active Directory integration with Education licenses, for example, is accomplished using a different approach)

    • Groups, policies, administrative controls, app deployment and management, adding devices and users, creating organizational units, and more features are all available to Education Admins to use.

    Education device policies and settings tend to focus more on protecting the students with controls such as:

    • Disable incognito mode
    • Disable location tracking
    • Disable external storage devices
    • Browser based protections such as Safe Search or Safe Browsing
    • URL blocking
    • Video input disable for websites
    • App installation prevention, auto re-install, and app blocking
    • Forced re-enrollment to your domain after a device is wiped
    • Disable Guest Mode
    • Restrict who can sign in
    • Audit user activity on a device

    When a student takes home a Chromebook assigned to them, that Chromebook may be the only computer in the household. Administrative polices and settings must take into account the fact that the device may have multiple users accessing many different sites and applications when the device is outside of the school environment.

    Chromebook Management Extended

    An online search for Chromebook management solutions will reveal several software solutions that augment the capabilities of the Google Admin Console. Many of these solutions are focused on the education sector and classroom and student options, although the features would be beneficial to enterprises and educational organizations alike.

    These solutions assist or augment Chromebook management with features such as:

    • Ability to sync with Google Admin Console
    • Ability to sync with student information systems, such as PowerSchool
    • Financial management, purchase details, and chargeback
    • Asset lifecycle management
    • 1:1 Chromebook distribution management
    • Repair programs and repair process management
    • Check-out/loan program management
    • Device distribution/allocation management, including barcode reader integration
    • Simple learning material distribution to the classroom for teachers
    • Facilitate GAC bulk operations
    • Manage inventory of non-IT assets such as projectors, TVs, and other educational assets
    • Plus more

    "There are many components to managing Chromebooks. Schools need to know which student has which device, which school has which device, and costs relating to repairs. Chromebook Management Software … facilitates these processes."
    – VIZOR

    MacBooks

    • MacBooks are gaining popularity in the Enterprise world.
    • Some admins claim MacBooks are less expensive in the long run over Windows-based PCs.
    • Users claim less issues when using a MacBook, and overall, companies report increased retention rates when users are using MacBooks.

    "Macs now make up 23% of endpoints in enterprises."
    – ComputerWeekly.com

    "When given the choice, no less than 72% of employees choose Macs over PCs."
    – "5 Reasons Mac is a must," Jamf

    "IBM says it is 3X more expensive to manage PCs than Macs."
    – Computerworld

    "74% of those who previously used a PC for work experienced fewer issues now that they use a Mac"
    – "Global Survey: Mac in the Enterprise," Jamf

    "When enterprise moves to Mac, staff retention rates improve by 20%. That's quite a boost! "
    – "5 Reasons Mac is a must," Jamf

    Managing MacBooks

    Can your existing UEM keep up?

    Many Windows unified endpoint management (UEM) tools can manage MacBooks, but most companies choose to use a dedicated MacBook management tool.

    • UEM tools that are primarily Windows focused do not typically go deep enough into the management capabilities of non-Windows devices.
    • Admins have noted limitations when it comes to using Windows UEM tools, and reasons they prefer a dedicated MacBook management solution include:
      • Easier to use
      • Faster response times when deploying settings and policies
      • Better control over notification settings and lock screen settings.
      • Easier Apple Business Manager (ABM) integration and provisioning.
    • Note that not every UEM will have the same limitations or advantages. Functionality is different between vendor products.

    Info-Tech Insight

    Most Windows UEM tools are constantly improving, and it is only a matter of time before they rival many of the dedicated MacBook management tools out there.

    Admins tend to agree that a Windows UEM is best for Windows while an Apple-based UEM is best for Apple devices.

    Managing MacBooks

    The market for "MacBook-first" management solutions includes a variety of players of varying ages such as:

    • Jamf
    • Kandji
    • Mosyle
    • SimpleMDM
    • Others

    MacBook-focused management tools can provide features such as:

    • Encryption and update settings
    • App deployment and lifecycle management
    • Remote device wipe, scan, shutdown, restart, and lock
    • Zero touch deployment and support
    • Location tracking
    • Browser content filtering
    • Enable, hide/block, or disable built-in features
    • Configure Wi-Fi, VPN, and certificate-based settings
    • Centralized dashboard with device and app listings as well as individual details
    • Data restrictions
    • Plus more

    Unified endpoint management (UEM) solutions that can provide MacBook management to some degree include (but are not limited to):

    • Intune
    • Ivanti
    • Endpoint Central
    • WorkspaceOne

    Dedicated solutions advocate integration with UEM solutions to take advantage of conditional access, security functionality, and data governance features.

    Jamf and Microsoft entered into a collaboration several years ago with the intention of making the MacBook management process easier and more secure.

    Microsoft Intune and Jamf Pro: Better together to manage and secure Macs
    Microsoft Conditional Access with Jamf Pro ensures that company data is only accessed by trusted users, on trusted devices, using trusted apps. Jamf extends this Enterprise Mobile + Security (EMS) functionality to Mac, iPhone and iPad.
    – "Microsoft Intune and Jamf Pro," Jamf

    Endpoint Management Selection Tool
    Activity

    There are many solutions available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don't purchase capabilities that you may never use.

    Use the Endpoint Management Selection Tool to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    1. List out the desired features you want in an endpoint solution for your devices and record those features in the first column. Use the features provided, or add your own and edit or delete the existing ones if necessary.
    2. List your selected endpoint management solution vendors in each of the columns in place of "Vendor 1," "Vendor 2," etc.
    3. Fill out the spreadsheet by changing the corresponding desired feature cell under each vendor to a "yes" or "no" based on your findings while investigating each vendor solution.
    4. When you have finished your investigation, review your spreadsheet to compare the various offerings and pros and cons of each vendor.
    5. Select your endpoint management solution.

    Endpoint Management Selection Tool

    In the first column, list out the desired features you want in an endpoint solution for your devices. Use the features provided if desired, or add your own and edit or delete the existing ones if necessary. As you look into various endpoint management solution vendors, list them in the columns in place of "Vendor 1," "Vendor 2," etc. Use the "Desired Feature" list as a checklist and change the values to "yes" or "no" in the corresponding box under the vendors' names. When complete, you will be able to look at all the features and compare vendors in a single table.

    Desired Feature Vendor 1 Vendor 2 Vendor 3
    Organizational unit creation Yes No Yes
    Group creation Yes Yes Yes
    Ability to assign users to devices No Yes Yes
    Control of administrative permissions Yes Yes Yes
    Conditional access No Yes Yes
    Security policies enforced Yes No Yes
    Asset management No Yes No
    Single sign-on Yes Yes Yes
    Auto-deployment No Yes No
    Repair lifecycle tracking No Yes No
    Application deployment Yes Yes No
    Device tracking Yes Yes Yes
    Ability to enable encryption Yes No Yes
    Device wipe Yes No Yes
    Ability to enable/disable device tracking No No Yes
    User activity audit No No No

    Related Info-Tech Research

    this is a screenshot from Info-Tech's Modernize and Transform Your End-User Computing Strategy.

    Modernize and Transform Your End-User Computing Strategy
    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Best Unified Endpoint Management (UEM) Software 2022 | SoftwareReviews
    Compare and evaluate unified endpoint management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best unified endpoint management software for your organization.

    Best Enterprise Mobile Management (EMM) Software 2022 | (softwarereviews.com)
    Compare and evaluate enterprise mobile management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best enterprise mobile management software for your organization.

    Bibliography

    Bridge, Tom. "Macs in the enterprise – what you need to know". Computerweekly.com, TechTarget. 27 May 2022. Accessed 12 Aug. 2022.
    Copley-Woods, Haddayr. "5 reasons Mac is a must in the enterprise". Jamf.com, Jamf. 28 June 2022. Accessed 16 Aug. 2022.
    Duke, Kent. "Chromebook sales skyrocketed in Q3 2020 with online education fueling demand." androidpolice.com, Android Police. 16 Nov 2020. Accessed 10 Aug. 2022.
    Elgin, Mike. "Will Chromebooks Rule the Enterprise? (5 Reasons They May)". Computerworld.com, Computerworld. 30 Aug 2019. Accessed 10 Aug. 2022.
    Evans, Jonny. "IBM says it is 3X more expensive to manage PCs than Macs". Computerworld.com, Computerworld. 19 Oct 2016. Accessed 23 Aug. 2022.
    "Global Survey: Mac in the Enterprise". Jamf.com, Jamf. Accessed 16 Aug. 2022.
    "How to Manage Chromebooks Like a Pro." Vizor.cloud, VIZOR. Accessed 10 Aug. 2022.
    "Manage Chrome OS Devices with EMM Console". support.google.com, Google. Accessed 16 Aug. 2022.
    Protalinski, Emil. "Chromebooks outsold Macs worldwide in 2020, cutting into Windows market share". Geekwire.com, Geekwire. 16 Feb 2021. Accessed 22 Aug. 2022.
    Smith, Sean. "Microsoft Intune and Jamf Pro: Better together to manage and secure Macs". Jamf.com, Jamf. 20 April 2022. Accessed 16 Aug. 2022.

    Implement and Mature Your User Experience Design Practice

    • Buy Link or Shortcode: {j2store}430|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design

    Many organizations want to get to market quickly and on budget but don’t know the steps to get the right product/service to satisfy the users and business. This may be made apparent through uninformed decisions leading to lack of adoption of your product or service, rework due to post-implementation user feedback, or the competition discovering new approaches that outshine yours.

    Our Advice

    Critical Insight

    Ensure your practice has a clear understanding of the design problem space – not just the solution. An understanding of the user is critical to this.

    Impact and Result

    • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
      • Establishing a practice with a common vision.
      • Enhancing the practice through four design factors.
      • Communicating a roadmap to improve your business through design.
    • Create a practice that develops solutions specific to the needs of users, customers, and stakeholders.

    Implement and Mature Your User Experience Design Practice Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an experience design practice, review Info-Tech’s methodology, and understand the four dimensions we recommend using to mature your practice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the foundation

    Motivate your team with a common vision, mission, and goals.

    • Design Roadmap Workbook
    • User Experience Practice Roadmap

    2. Review the design dimensions

    Examine your practice – from the perspectives of organizational alignment, business outcomes, design perspective, and design integration – to determine what it takes to improve your maturity.

    3. Build your roadmap and communications

    Bring it all together – determine your team structure, the roadmap for the practice maturity, and communication plan.

    [infographic]

    Workshop: Implement and Mature Your User Experience Design Practice

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “So What?”

    The Purpose

    Make the case for UX. Bring the team together with a common mission, vision, and goals.

    Key Benefits Achieved

    Mission, vision, and goals for design

    Activities

    1.1 Define design practice goals.

    1.2 Generate the vision statement.

    1.3 Develop the mission statement.

    Outputs

    Design vision statement

    Design mission statement

    Design goals

    2 Examine Design Dimensions

    The Purpose

    Review the dimensions that help organizations to mature, and assess what next steps make sense for your organization.

    Key Benefits Achieved

    Develop initiatives that are right-sized for your organization.

    Activities

    2.1 Examine organizational alignment.

    2.2 Establish priorities for initiatives.

    2.3 Identify business value sources.

    2.4 Identify design perspective.

    2.5 Brainstorm design integration.

    2.6 Complete UCD-Canvas.

    Outputs

    Documented initiatives for design maturity

    Design canvas framework

    3 Create Structure and Initiatives

    The Purpose

    Make your design practice structure right for you.

    Key Benefits Achieved

    Examine patterns and roles for your organization.

    Activities

    3.1 Structure your design practice.

    Outputs

    Design practice structure with patterns

    4 Roadmap and Communications

    The Purpose

    Define the communications objectives and audience for your roadmap.

    Develop your communication plan.

    Sponsor check-in.

    Key Benefits Achieved

    Complete in-progress deliverables from previous four days.

    Set up review time for workshop deliverables and to discuss next steps.

    Activities

    4.1 Define the communications objectives and audience for your roadmap.

    4.2 Develop your communication plan.

    Outputs

    Communication Plan and Roadmap

    Create a Buyer Persona and Journey

    • Buy Link or Shortcode: {j2store}558|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers' emails go unopened and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Our Advice

    Critical Insight

    • Marketing leaders in possession of well-researched and up-to-date buyer personas and journeys dramatically improve product market fit, lead gen, and sales results.
    • Success starts with product, marketing, and sales alignment on targeted personas.
    • Speed to deploy is enabled via initial buyer persona attribute discovery internally.
    • However, ultimate success requires buyer interviews, especially for the buyer journey.
    • Leading marketers update journey maps every six months as disruptive events such as COVID-19 and new media and tech platform advancements require continual innovation.

    Impact and Result

    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.

    Create a Buyer Persona and Journey Research & Tools

    Start here – read the Executive Brief

    Our Executive Brief summarizes the challenges faced when buyer persona and journeys are ill-defined. It describes the attributes of, and the benefits that accrue from, a well-defined persona and journey and the key steps to take to achieve success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive an aligned initial draft of buyer persona

    Define and align your team on target persona, outline steps to capture and document a robust buyer persona and journey, and capture current team buyer knowledge.

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    2. Interview buyers and validate persona and journey

    Hold initial buyer interviews, test initial results, and continue with interviews.

    3. Prepare communications and educate stakeholders

    Consolidate interview findings, present to product, marketing, and sales teams. Work with them to apply to product design, marketing launch/campaigning, and sales and customer success enablement.

    • Buyer Persona and Journey Summary Template
    [infographic]

    Workshop: Create a Buyer Persona and Journey

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Align Team, Identify Persona, and Document Current Knowledge

    The Purpose

    Organize, drive alignment on target persona, and capture initial views.

    Key Benefits Achieved

    Steering committee and project team roles and responsibilities clarified.

    Product, marketing, and sales aligned on target persona.

    Build initial team understanding of persona.

    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    Outputs

    Documented steering committee and working team

    Executive Brief on personas and journey

    Personas and initial targets

    Documented team knowledge

    2 Validate Initial Work and Identify Buyer Interviewees

    The Purpose

    Build list of buyer interviewees, finalize interview guide, and validate current findings with analyst input.

    Key Benefits Achieved

    Interview efficiently using 75-question interview guide.

    Gain analyst help in persona validation, reducing workload.

    Activities

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    Outputs

    Analyst-validated initial findings

    Target interviewee types

    3 Schedule and Hold Buyer Interviews

    The Purpose

    Validate current persona hypothesis and flush out those attributes only derived from interviews.

    Key Benefits Achieved

    Get to a critical mass of persona and journey understanding quickly.

    Activities

    3.1 Identify actual list of 15-20 interviewees.

    3.2 Hold interviews and use interview guides over the course of weeks.

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    Outputs

    List of interviewees; calls scheduled

    Initial review – “are you going in the right direction?”

    Completed interviews

    4 Summarize Findings and Provide Actionable Guidance to Colleagues

    The Purpose

    Summarize persona and journey attributes and provide activation guidance to team.

    Key Benefits Achieved

    Understanding of product market fit requirements, messaging, and marketing, and sales asset content.

    Activities

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/executives and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    Outputs

    Complete findings

    Action items for team members

    Plan for activation

    5 Measure Impact and Results

    The Purpose

    Measure results, adjust, and improve.

    Key Benefits Achieved

    Activation of outcomes; measured results.

    Activities

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    5.3 Reconvene team to review results.

    Outputs

    Activation review

    List of suggested next steps

    Further reading

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    B2B marketers without documented personas and journeys often experience the following:

    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers’ emails go unopened, and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Without a deeper understanding of buyer needs and how they buy, B2B marketers will waste time and precious resources targeting the incorrect personas.

    Common Obstacles

    Despite being critical elements, organizations struggle to build personas due to:

    • A lack of alignment and collaboration among marketing, product, and sales.
    • An internal focus; or a lack of true customer centricity.
    • A lack of tools and techniques for building personas and buyer journeys.

    In today’s Agile development environment, combined with the pressure to generate revenues quickly, high tech marketers often skip the steps necessary to go deeper to build buyer understanding.

    SoftwareReviews’ Approach

    With a common framework and target output, clients will:

    • Align marketing, sales, and product, and collaborate together to share current knowledge on buyer personas and journeys.
    • Target 12-15 customers and prospects to interview and validate insights. Share that with customer-facing staff.
    • Activate the insights for more customer-centric lead generation, product development, and selling.

    Clients who activate findings from buyer personas and journeys will see a 50% results improvement.

    SoftwareReviews Insight:
    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Buyer personas and journeys: A go-to-market critical success factor

    Marketers – large and small – will fail to optimize product-market fit, lead generation, and sales effectiveness without well-defined buyer personas and a buyer journey.

    Critical Success Factors of a Successful G2M Strategy:

    • Opportunity size and business case
    • Buyer personas and journey
    • Competitively differentiated product hypothesis
    • Buyer-validated commercial concept
    • Sales revenue plan and program cost budget
    • Consolidated communications to steering committee

    Jeff Golterman, Managing Director, SoftwareReviews Advisory

    “44% of B2B marketers have already discovered the power of Personas.”
    – Hasse Jansen, Boardview.io!, 2016

    Documenting buyer personas enables success beyond marketing

    Documenting buyer personas has several essential benefits to marketing, sales, and product teams:

    • Achieve a better understanding of your target buyer – by building a detailed buyer persona for each type of buyer and keeping it fresh, you take a giant step toward becoming a customer-centric organization.
    • Team alignment on a common definition – will happen when you build buyer personas collaboratively and among those teams that touch the customer.
    • Improved lead generation – increases dramatically when messaging and marketing assets across your lead generation engine better resonate with buyers because you have taken the time to understand them deeply.
    • More effective selling – is possible when sellers apply persona development output to their interactions with prospects and customers.
    • Better product-market fit – increases when product teams more deeply understand for whom they are designing products. Documenting buyer challenges, pain points, and unmet needs gives product teams what they need to optimize product adoption.

    “It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way, by knowing what your customer wants and needs, you can present them with content targeted specifically to their wants and needs.”
    – Emma Bilardi, Product Marketing Alliance, 2020

    Buyer understanding activates just about everything

    Without the deep buyer insights that persona and journey capture enables, marketers are suboptimized.

    Buyer Persona and Journey

    • Product design
    • Customer targeting
    • Personalization
    • Messaging
    • Content marketing
    • Lead gen & scoring
    • Sales Effectiveness
    • Customer retention

    “Marketing eutopia is striking the all-critical sweet spot that adds real value and makes customers feel recognized and appreciated, while not going so far as to appear ‘big brother’. To do this, you need a deep understanding of your audience coming from a range of different data sets and the capability to extract meaning.”
    – Plexure, 2020

    Does your organization need buyer persona and journey updating?

    “Yes,” if experiencing one or more key challenges:

    • Sales time is wasted on unqualified leads
    • Website abandon rates are high
    • Lead gen engine click-through rates are low
    • Ideal customer profile is ill defined
    • Marketing asset downloads are low
    • Seller discovery with prospects is ineffective
    • Sales win/loss rates drop due to poor product-market fit
    • Higher than desired customer churn

    SoftwareReviews Advisory Insight:
    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Outcomes and benefits

    Building your buyer persona and journey using our methodology will enable:

    • Greater stakeholder alignment – when marketing, product, and sales agree on personas, less time is wasted on targeting alternate personas.
    • Improved product-market fit – when buyers see both pain-relieving features and value-based pricing, “because you asked vs. guessed,” win rates increase.
    • Greater open and click-through rates – because you understood buyer pain points and motivations for solution seeking, you’ll see higher visits and engagement with your lead gen engine, and because you asked “what asset types do you find most helpful” your CTAs become ”lead-gen magnets” because you’ve offered the right asset types in your content marketing strategy.
    • More qualified leads – because you defined a more accurate ideal customer profile (ICP) and your lead scoring algorithm has improved, sellers see more qualified leads.
    • Increased sales cycle velocity – since you learned from personas their content and engagement preferences and what collateral types they need during the down-funnel sales discussions, sales calls are more productive and sales cycles shrink.

    Our methodology for buyer persona and journey creation

    1. Document Team Knowledge of Buyer Persona and Drive Alignment 2. Interview Target Buyer Prospects and Customers 3. Create Outputs and Apply to Marketing, Sales, and Product
    Phase Steps
    1. Outline a vision for buyer persona and journey creation and identify stakeholders.
    2. Pull stakeholders together, identify initial buyer persona, and begin to document team knowledge about buyer persona (and journey where possible).
    3. Validate with industry and marketing analyst’s initial buyer persona, and identify list of buyer interviewees.
    1. Hold interviews and document and share findings.
    2. Validate initial drafts of buyer persona and create initial documented buyer journey. Review findings among key stakeholders, steering committee, and supporting analysts.
    3. Complete remaining interviews.
    1. Summarize findings.
    2. Convene steering committee/exec. and working team for final review.
    3. Communicate to key stakeholders in product, marketing, sales, and customer success for activation.
    Phase Outcomes
    1. Steering committee and team selection
    2. Team insights about buyer persona documented
    3. Buyer persona validation with industry and marketing analysts
    4. Sales, marketing, and product alignment
    1. Interview guide
    2. Target interviewee list
    3. Buyer-validated buyer persona
    4. Buyer journey documented with asset types, channels, and “how buyers buy” fully documented
    1. Education deck on buyer persona and journey ready for use with all stakeholders: product, field marketing, sales, executives, customer success, partners
    2. Activation will update product-market fit, optimize lead gen, and improve sales effectiveness

    Our approach provides interview guides and templates to help rebuild buyer persona

    Our methodology will enable you to align your team on why it’s important to capture the most important attributes of buyer persona including:

    • Functional – helps you find and locate your target personas
    • Emotive – deepens team understanding of buyer initiatives, motivations for seeking alternatives, challenges they face, pain points for your offerings to address, and terminology that describes the “space”
    • Solution – enables greater product market fit
    • Behavioral – clarifies how to communicate with personas and understand their content preferences
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    Buyer journeys are constantly shifting

    If you didn’t remap buyer journeys in 2021, you may be losing to competitors that did. Leaders remap buyer journey frequently.

    • The multi-channel buyer journey is constantly changing. Today’s B2B buyer uses industry research sites, vendor content marketing assets, software reviews sites, contacts with vendor salespeople, events participation, peer networking, consultants, emails, social media sites, and electronic media to research purchasing decisions.
    • COVID-19 has dramatically decreased face-to-face interaction. We estimate a B2B buyer spent 20-25% more time online in 2021 than pre-COVID-19 researching software buying decisions. This has diminished the importance of face-to-face selling and given dramatic rise to digital selling and outbound marketing.
    • Content marketing has exploded, but without mapping the buyer journey and knowing where – by channel –and when – by buyer journey step – to offer content marketing assets, we will fail to convert prospects into buyers.

    “~2/3 of [B2B] buyers prefer remote human interactions or digital self-service.” And during Aug. ‘20 to Feb. ‘21, use of digital self-service to interact with sales reps leapt by more than 10% for both researching and evaluating new suppliers.”
    – Liz Harrison, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai McKinsey & Company, 2021

    SoftwareReviews Advisory Insight:
    Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is affected due to events such as COVID-19 and as emerging media such as AR shifts asset-type usage and engagement options.

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    You’ll be more successful by following our overall guidance

    Overarching insight

    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Align Your Team

    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Jump-Start Persona Development

    Marketing leaders leverage the buyer persona knowledge not only from in-house experts in areas such as sales and executives but from analysts that speak with their buyers each and every day.

    Buyer Interviews Are a Must

    While leaders will get a fast start by interviewing sellers, executives, and analysts, you will fail to craft the right messages, build the right marketing assets, and design the best buyer journey if you skip buyer interviews.

    Watch for Disruption

    Leaders will update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID-19 and as emerging media such as AR and VR shifts the way buyers engage.

    Advanced Buyer Journey Discovery

    Digital marketers that ramp up lead gen engine capabilities to capture “wins” and measure engagement back through the lead gen and nurturing engines will build a more data-driven view of the buyer journey. Target to build this advanced capability in your initial design.

    Tools and templates to speed your success

    This blueprint is accompanied by supporting deliverables to help you gather team insights, interview customers and prospects, and summarize results for ease in communications.

    To support your buyer persona and journey creation, we’ve created the enclosed tools

    Buyer Persona Creation Template

    A PowerPoint template to aid the capture and summarizing of your team’s insights on the buyer persona.

    Buyer Persona and Journey Interview Guide and Data Capture Tool

    For interviewing customers and prospects, this tool is designed to help you interview personas and summarize results for up to 15 interviewees.

    Buyer Persona and Journey Summary Template

    A PowerPoint template into which you can drop your buyer persona and journey interviewees list and summary findings.

    SoftwareReviews offers two levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    The "do-it-yourself" step-by-step instructions begin with Phase 1.

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    A Guided Implementation is a series of analysts inquiries with you and your team.

    Diagnostics and consistent frameworks are used throughout each option.

    Guided Implementation

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    What does our GI on buyer persona and journey mapping look like?

    Drive an Aligned Initial Draft of Buyer Persona

    • Call #1: Collaborate on vision for buyer persona and the buyer journey. Review templates and sample outputs. Identify your team.
    • Call #2: Review work in progress on capturing working team knowledge of buyer persona elements.
    • Call #3: (Optional) Review Info-Tech’s research-sourced persona insights.
    • Call #4: Validate the persona WIP with Info-Tech analysts. Review buyer interview approach and target list.

    Interview Buyers and Validate Persona and Journey

    • Call #5: Revise/review interview guide and final interviewee list; schedule interviews.
    • Call #6: Review interim interview finds; adjust interview guide.
    • Call #7: Use interview findings to validate/update persona and build journey map.
    • Call #8: Add supporting analysts to final stakeholder review.

    Prepare Communications and Educate Stakeholders

    • Call #9: Review output templates completed with final persona and journey findings.
    • Call #10: Add supporting analysts to stakeholder education meetings for support and help with addressing questions/issues.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day1 Day 2 Day 3 Day 4 Day 5
    Align Team, Identify Persona, and Document Current Knowledge Validate Initial Work and Identify Buyer Interviewees Schedule and Hold Buyer interviews Summarize Findings and Provide Actionable Guidance to Colleagues Measure Impact and Results
    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    3.1 Identify actual list of 15-20 interviewees.

    A gap of up to a week for scheduling of interviews.

    3.2 Hold interviews and use interview guides (over the course of weeks).

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/exec. and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    A period of weeks will likely intervene to execute and gather results.

    5.3 Reconvene team to review results.

    Deliverables
    1. Documented steering committee and working team
    2. Executive Brief on personas and journey
    3. Personas and initial targets
    4. Documented team knowledge
    1. Analyst-validated initial findings
    2. Target interviewee types
    1. List of interviewees; calls scheduled
    2. Initial review – “are we going in the right direction?”
    3. Completed interviews
    1. Complete findings
    2. Action items for team members
    3. Plan for activation
    1. Activation review
    2. List of suggested next steps

    Phase 1
    Drive an Aligned Initial Draft of Buyer Persona

    This Phase walks you through the following activities:

    • Develop an understanding of what comprises a buyer persona and journey, including their importance to overall go-to-market strategy and execution.
    • Sample outputs.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Representative(s) from Sales
    • Executive Leadership

    1.1 Establish the team and align on shared vision

    Input

    • Typically a joint recognition that buyer personas have not been fully documented.
    • Identify working team members/participants (see below), and an executive sponsor.

    Output

    • Communication of team members involved and the make-up of steering committee and working team
    • Alignment of team members on a shared vision of “Why Build Buyer Personas and Journey” and what key attributes define both.

    Materials

    • N/A

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    60 minutes

    1. Schedule inquiry with working team members and walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation.
    2. Optional: Have the (SoftwareReviews Advisory) SRA analyst walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation as part of your session.

    Review the Create a Buyer Persona Executive Brief (Slides 3-14)

    1.2 Document team knowledge of buyer persona

    Input

    • Working team member knowledge

    Output

    • Initial draft of your buyer persona

    Materials

    • Buyer Persona Creation Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    2-3 sessions of 60 minutes each

    1. Schedule meeting with working team members and, using the Buyer Persona Template, lead the team in a discussion that documents current team knowledge of the target buyer persona.
    2. Lead the team to prioritize an initial, single, most important persona and to collaborate to complete the template (and later, the buyer journey). Once the team learns the process for working on the initial persona, the development of additional personas will become more efficient.
    3. Place the PowerPoint template in a shared drive for team collaboration. Expect to schedule several 60-minute meets. Quicken collaboration by encouraging team to “do their homework” by sharing persona knowledge within the shared drive version of the template. Your goal is to get to an initial agreed upon version that can be shared for additional validation with industry analyst(s) in the next step.

    Download the Buyer Persona Creation Template

    1.3 Validate with industry analysts

    Input

    • Identify gaps in persona from previous steps

    Output

    • Further validated buyer persona

    Materials

    • Bring your Buyer Persona Creation Template to the meeting to share with analysts

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Info-Tech analyst covering your product category and SoftwareReviews marketing analyst

    30 minutes

    1. Schedule meeting with working team members and discuss which persona areas require further validation from an Info-Tech analyst who has worked closely with those buyers within your persona.

    60 minutes

    1. Schedule an inquiry with the appropriate Info-Tech analyst and SoftwareReviews Advisory analyst to share current findings and see:
      1. Info-Tech analyst provide content feedback given what they know about your target persona and product category.
      2. SoftwareReviews Advisory analyst provide feedback on persona approach and to coach any gaps or important omissions.
    2. Tabulate results and update your persona summary. At this point you will likely require additional validation through interviews with customers and prospects.

    1.4 Identify interviewees and prepare for interviews

    Input

    • Identify segments within which you require persona knowledge
    • Understand your persona insight gaps

    Output

    • List of interviewees

    Materials

    • Interviewee recording template on following slide
    • Interview guide questions found within the Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Identify the types of customers and prospects that will best represent your target persona. Choose interviewees that when interviewed will inform key differences among key segments (geographies, company size, mix of customers and prospects, etc.).
    2. Recruit interviewees and schedule interviews for 45 minutes.
    3. Keep track of Interviewees using the slide following this one.
    4. In preparation for interviews, review the Buyer Persona and Journey Interview Guide and Data Capture Tool. Review the two sets of questions:
      1. Buyer Persona-Related – use to validate areas where you still have gaps in your persona, OR if you are starting with a blank persona and wish to build your personas entirely based on customer and prospect interviews.
      2. Buyer-Journey Related, which we will focus on in the next phase.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    The image shows a table titled ‘Interviewee List.’ A note next to the title indicates: Here you will document your interviewee list and outreach plan. A note in the Segment column indicates: Ensure you are interviewing personas across segments that will give you the insights you need, e.g. by size, by region, mix of customers and prospects. A note in the Title column reads: Vary your title types up or down in the “buying center” if you are seeking to strengthen buying center dynamics understanding. A note in the Roles column reads: Vary your role types according to decision-making roles (decision maker, influencer, ratifier, coach, user) if you are seeking to strengthen decision-making dynamics understanding.

    Phase 2
    Interview Buyers and Validate Persona and Journey

    This Phase walks you through the following activities:

    • Developing final interview guide.
    • Interviewing buyers and customers.
    • Adjusting approach.
    • Validating buyer persona.
    • Crafting buyer journey
    • Gaining analyst feedback.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Representative(s) from Sales

    2.1 Hold interviews

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Hold interviews and adjust your interviewing approach as you go along. Uncover where you are not getting the right answers, check with working team and analysts, and adjust.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2 Use interview findings to validate what’s needed for activation

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys
    • Stakeholder feedback that actionable insights are resulting from interviews

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    2 hours

    1. Convene your team, with marketing analysts, and test early findings: It’s wise to test initial interview results to check that you are getting the right insights to understand and validate key challenges, pain points, needs, and other vital areas pertaining to the buyer persona. Are the answers you are getting enabling you to complete the Summary slides for later communications and training for Sales?
    2. Check when doing buyer journey interviews that you are getting actionable answers that drive messaging, what asset types are needed, what the marketing channel mix is, and other vital insights to activate the results. Are the answers you are getting adequate to give guidance to campaigners, content marketers, and sales enablement?
    3. See the following slides for detailed questions that need to be answered satisfactorily by your team members that need to “activate” the results.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2.1 Are you getting what you need from interviews to inform the buyer persona?

    Test that you are on the right track:

    1. Are you getting the functional answers so you can guide sellers to the right roles? Can you guide marketers/campaigners to the right “Ideal Customer Profile” for lead scoring?
    2. Are you capturing the right emotive areas that will support message crafting? Solutioning? SEM/SEO?
    3. Are you capturing insights into “how they decide” so sellers are well informed on the decision-making dynamics?
    4. Are you getting a strong understanding of content, interaction preferences, and news and information sources so sellers can outreach more effectively, you can pinpoint media spend, and content marketing can create the right assets?
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    2.2.2 Are you getting what you need from interviews to support the buyer journey?

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    2.3 Continue interviews

    Input

    • Final adjustments to list of interview questions

    Output

    • Final buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Continue customer and prospect interviews.
    2. Ensure you are gaining the segment perspectives needed.
    3. Complete the “Summary” columns within the Buyer Persona and Journey Interview Guide and Data Capture Tool.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Phase 3
    Prepare Communications and Educate Stakeholders

    This Phase walks you through the following activities:

    • Creating outputs for key stakeholders
    • Communicating final findings and supporting marketing, sales, and product activation.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Sales
    • Field Marketing/Campaign Management
    • Executive Leadership

    3.1 Summarize interview results and convene full working team and steering committee for final review

    Input

    • Buyer persona and journey interviews detail

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and Data Capture Tool
    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    1-2 hours

    1. Summarize interview results within the Buyer Persona and Journey Summary Template.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Download the Buyer Persona and Journey Summary Template

    3.2 Convene executive steering committee and working team to review results

    Input

    • Buyer persona and journey interviews summary

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 hours

    1. Present final persona and journey results to the steering committee/executives and to working group using the summary slides interview results within the Buyer Persona and Journey Summary Template to finalize results.

    Download the Buyer Persona and Journey Summary Template

    3.3 Convene stakeholder meetings to activate results

    Input

    • Buyer persona and journey interviews summary

    Output

    Activation of key learnings to drive:

    • Better product –market fit
    • Lead gen
    • Sales effectiveness
    • Awareness

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Stakeholder team members (see left)

    4-5 hours

    Present final persona and journey results to each stakeholder team. Key presentations include:

    1. Product team to validate product market fit.
    2. Content marketing to provide messaging direction for the creation of awareness and lead gen assets.
    3. Campaigners/Field Marketing for campaign-related messaging and to identify asset types required to be designed and delivered to support the buyer journey.
    4. Social media strategists for social post copy, and PR for other awareness-building copy.
    5. Sales enablement/training to enable updating of sales collateral, proposals, and sales training materials. Sellers to help with their targeting, prospecting, and crafting of outbound messaging and talk tracks.

    Download the Buyer Persona and Journey Summary Template

    Summary of Accomplishment

    Problem Solved

    With the help of this blueprint, you have deepened your and your colleagues’ buyer understanding at both the persona “who they are” level and the buyer journey “how do they buy” level. You are among the minority of marketing leaders that have fully documented a buyer persona and journey – congratulations!

    The benefits of having led your team through the process are significant and include the following:

    • Better alignment of customer/buyer-facing teams such as in product, marketing, sales, and customer success.
    • Messaging that can be used by marketing, sales, and social teams that will resonate with buyer initiatives, pain points, sought-after “pain relief,” and value.
    • Places in the digital and physical universe where your prospects “hang out” so you can optimize your media spend.
    • More effective use of marketing assets and sales collateral that align with the way your prospect needs to consume information throughout their buyer journey to make a decision in your solution area.

    And by capturing and documenting your buyer persona and journey even for a single buyer type, you have started to build the “institutional strength” to apply the process to other roles in the decision-making process or for when you go after new and different buyer types for new products. And finally, by bringing your team along with you in this process, you have also led your team in becoming a more customer-focused organization – a strategic shift that all organizations should pursue.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com

    1-888-670-8889

    Related Software Reviews Research

    Optimize Lead Generation With Lead Scoring

    • Save time and money and improve your sales win rates when you apply our methodology to score contacts with your lead gen engine more accurately and pass better qualified leads over to your sellers.
    • Our methodology teaches marketers to develop your own lead scoring approach based upon lead/contact profile vs. your Ideal Customer Profile (ICP) and scores contact engagement. Applying the methodology to arrive at your own approach to scoring will mean reduced lead gen costs, higher conversion rates, and increased marketing-influenced wins.

    Bibliography

    Bilardi, Emma. “How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.

    Harrison, Liz, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March 2021. Accessed Dec. 2021.

    Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview.io!, 19 Feb. 2016. Accessed Jan. 2022.

    Raynor, Lilah. “Understanding The Changing B2B Buyer Journey.” Forbes Agency Council, 18 July 2021. Accessed Dec. 2021.

    Simpson, Jon. “Finding Your Audience: The Importance of Developing a Buyer Persona.” Forbes Agency Council, 16 May 2017. Accessed Dec. 2021.

    “Successfully Executing Personalized Marketing Campaigns at Scale.” Plexure, 6 Jan. 2020. Accessed Dec 2020.

    Ulwick, Anthony W. JOBS TO BE DONE: Theory to Practice. E-book, Strategyn, 1 Jan. 2017. Accessed Jan. 2022.

    Measure and Manage Customer Satisfaction Metrics That Matter the Most

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity on what to improve and how resources should be allocated.

    Our Advice

    Critical Insight

    • All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and will keep them coming back to you to have their needs met.
    • Obstacles:
      • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
      • Lack of a clear definition of what satisfaction means to customers, metric definitions and/or standard methods of measurement, and a consistent monitoring cadence.

    Impact and Result

    • Understanding of who your satisfied and dissatisfied customers are.
    • Understanding of the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establishment of a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Development of an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Knowledge of where money, time, and other resources are needed most to improve satisfaction levels and ultimately increase retention.

    Measure and Manage Customer Satisfaction Metrics That Matter the Most Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Measure and Manage the Customer Satisfaction Metrics that Matter the Most Deck – An overview of how to understand what drives customer satisfaction and how to measure and manage it for improved business outcomes.

    Understand the true drivers of customer satisfaction and build a process for managing and improving customer satisfaction.

    [infographic]

    Further reading

    Measure and Manage the Customer Satisfaction Metrics that Matter the Most

    Understand what truly keeps your customer satisfied. Start to measure what matters to improve customer experience and increase satisfaction and advocacy. 

    EXECUTIVE BRIEF

    Analyst perspective

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    The image contains a picture of Emily Wright.

    “Healthy customer relationships are the paramount to long-term growth. When customers are satisfied, they remain loyal, spend more, and promote your company to others in their network. The key to high satisfaction is understanding and measuring the true drivers of satisfaction to enable the delivery of real customer value.

    Most companies believe they know who their satisfied customers are and what keeps them satisfied, and 76% of B2B buyers expect that providers understand their unique needs (Salesforce Research, 2020). However, on average B2B companies have customer experience scores of less than 50% (McKinsey, 2016). This disconnect between customer expectations and provider experience indicates that businesses are not effectively measuring and monitoring satisfaction and therefore are not making meaningful enhancements to their service, offerings, and overall experience.

    By focusing on the underlying drivers of customer satisfaction, organizations develop a truly accurate picture of what is driving deep satisfaction and loyalty, ensuring that their company will achieve sustainable growth and stay competitive in a highly competitive market.”

    Emily Wright

    Senior Research Analyst, Advisory

    SoftwareReviews

    Executive summary

    Your Challenge

    Common Obstacles

    SoftwareReviews’ Approach

    Getting a truly accurate picture of satisfaction levels among customers, and where to focus efforts to improve satisfaction, is challenging. Providers often find themselves reacting to customer challenges and being blindsided when customers leave. More effective customer satisfaction measurement is possible when providers self-assess for the following challenges:

    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity of what needs to be improved and how resources should be allocated.
    • Lack of reliable internal data for effective customer satisfaction monitoring.

    What separates customer success leaders from developing a full view of their customers are several nagging obstacles:

    • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
    • Friction from customers participating in customer satisfaction studies.
    • Lack of data, or integrated databases from which to track, pull, and analyze customer satisfaction data.
    • Lack a clear definition of what satisfaction means to customers, metric definitions, and/or standard methods of measurement and a consistent monitoring cadence.
    • Lack of time, resources, or technology to uncover and effectively measure and monitor satisfaction drivers.

    Through the SoftwareReviews’ approach, customer success leaders will:

    • Understand who your satisfied and dissatisfied customers are.
    • Understand the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establish a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Develop an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Know where money, time, and resources are needed most to improve satisfaction levels and ultimately retention.

    Overarching SoftwareReviews Advisory Insight:

    All companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about. This will keep them coming back to you to have their needs met.

    Healthy Customer Relationships are vital for long-term success and growth

    Measuring customer satisfaction is critical to understanding the overall health of your customer relationships and driving growth.

    Through effective customer satisfaction measurement, organizations can:

    Improve Customer Experience

    Increase Retention and CLV

    Increase Profitability

    Reduce Costs

    • Provide insight into where and how to improve.
    • Enhance experience, increase loyalty.
    • By providing strong CX, organizations can increase revenue by 10-15% (McKinsey, 2014).
    • Far easier to retain existing customers than to acquire new ones.
    • Ensuring high satisfaction among customers increases Customer Lifetime Value (CLV) through longer tenure and higher spending.
    • NPS Promoter score has a customer lifetime value that's 600%-1,400% higher than a Detractor (Bain & Company, 2015).
    • Highly satisfied customers spend more through expansions and add-ons, as well as through their long tenure with your company.
    • They also spread positive word of mouth, which brings in new customers.
    • “Studies demonstrate a strong correlation between customer satisfaction and increased profits — with companies with high customer satisfaction reporting 5.7 times more revenue than competitors.” (Matthew Loper, CEO and Co-Founder of WELLTH, 2022)
    • Measuring, monitoring, and maintaining high satisfaction levels reduces costs across the board.
    • “Providing a high-quality customer experience can save up to 33% of customer service costs” (Deloitte, 2018).
    • Satisfied customers are more likely to spread positive word of mouth which reduces acquisition / marketing costs for your company.

    “Measuring customer satisfaction is vital for growth in any organization; it provides insights into what works and offers opportunities for optimization. Customer satisfaction is essential for improving loyalty rate, reducing costs and retaining your customers.”

    -Ken Brisco, NICE, 2019

    Poor customer satisfaction measurement is costly

    Virtually all companies measure customer satisfaction, but few truly do it well. All too often, customer satisfaction measurement consists of a set of vanity metrics that do not result in actionable insight for product/service improvement. Improper measurement can result in numerous consequences:

    Direct and Indirect Costs

    Being unaware of true drivers of satisfaction that are never remedied costs your business directly through customer churn, service costs, etc.

    Tarnished Brand

    Tarnished brand through not resolving issues drives dissatisfaction; dissatisfied customers share their negative experiences, which can damage brand image and reputation.

    Waste Limited Resources

    Putting limited resources towards vanity programs and/or fixes that have little to no bearing on core satisfaction drivers wastes time and money.

    “When customer dissatisfaction goes unnoticed, it can slowly kill a company. Because of the intangible nature of customer dissatisfaction, managers regularly underestimate the magnitude of customer dissatisfaction and its impact on the bottom line.”

    - Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, 2013

    SoftwareReviews Advisory Insight:

    Most companies struggle to understand what’s truly driving customers to stay or leave. By understanding the true satisfaction drivers, tech providers can measure and monitor satisfaction more effectively, avoiding the numerous harmful consequences that result from average customer satisfaction measurement.

    Does your customer satisfaction measurement process need improvement?

    Getting an accurate picture of customer satisfaction is no easy task. Struggling with any of the following means you are ready for a detailed review of your customer satisfaction measurement efforts:

    • Not knowing who your most satisfied customers are.
    • Lacking early detection for declining satisfaction – either reactive, or unaware of dissatisfaction as it’s occurring.
    • Lacking a process for monitoring changes in satisfaction and lack ability to be proactive; you feel blindsided when customers leave.
    • Inability to fix the problem and wasting money on the wrong areas, like vanity metrics that don’t bring value to customers.
    • Spending money and other resources towards fixes based on a gut feeling, without quantifying the real root cause drivers and investing in their improvement.
    • Having metrics and data but lacking context; don’t know what contributed to the metrics/results, why people are dissatisfied or what contributes to satisfaction.
    • Lacking clear definition of what satisfaction means to customers / customer segments.
    • Difficulty tying satisfaction back to financial results.

    Customers are more satisfied with software vendors who understand the difference between surface level and short-term satisfaction, and deep or long-term satisfaction

    Surface-level satisfaction

    Surface-level satisfaction has immediate effects, but they are usually short-term or limited to certain groups of users. There are several factors that contribute to satisfaction including:

    • Novelty of new software
    • Ease of implementation
    • Financial savings
    • Breadth of features

    Software Leaders Drive Deep Satisfaction

    Deep satisfaction has long-term and meaningful impacts on the way that organizations work. Deep satisfaction has staying power and increases or maintains satisfaction over time, by reducing complexity and delivering exceptional quality for end-users and IT alike. This report found that the following capabilities provided the deepest levels of satisfaction:

    • Usability and intuitiveness
    • Quality of features
    • Ease of customization
    • Vendor-specific capabilities

    The above solve issues that are part of everyday problems, and each drives satisfaction in deep and meaningful ways. While surface-level satisfaction is important, deep and impactful capabilities can sustain satisfaction for a longer time.

    Deep Customer Satisfaction Among Software Buyers Correlates Highly to “Emotional Attributes”

    Vendor Capabilities and Product Features remain significant but are not the primary drivers

    The image contains a graph to demonstrate a correlation to Satisfaction, all Software Categories.
    Source: SoftwareReviews buyer reviews (based on 82,560 unique reviews).

    Driving deep satisfaction among software customers vs. surface-level measures is key

    Vendor capabilities and product features correlate significantly to buyer satisfaction

    Yet, it’s the emotional attributes – what we call the “Emotional Footprint”, that correlate more strongly

    Business-Value Created and Emotional Attributes are what drives software customer satisfaction the most

    The image contains a screenshot of a graph to demonstrate Software Buyer Satisfaction Drivers and Emotional Attributes are what drives software customer satisfaction.

    Software companies looking to improve customer satisfaction will focus on business value created and the Emotional Footprint attributes outlined here.

    The essential ingredient is understanding how each is defined by your customers.

    Leaders focus on driving improvements as described by customers.

    SoftwareReviews Insight:

    These true drivers of satisfaction should be considered in your customer satisfaction measurement and monitoring efforts. The experience customers have with your product and brand is what will differentiate your brand from competitors, and ultimately, power business growth. Talk to a SoftwareReviews Advisor to learn how users rate your product on these satisfaction drivers in the SoftwareReviews Emotional Footprint Report.

    Benefits of Effective Customer Satisfaction Measurement

    Our research provides Customer Success leaders with the following key benefits:

    • Ability to know who is satisfied, dissatisfied, and why.
    • Confidence in how to understand or uncover the factors behind customer satisfaction; understand and identify factors driving satisfaction, dissatisfaction.
    • Ability to develop a clear plan for improving customer satisfaction.
    • Knowledge of how to establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.
    • Understanding of what metrics to use, how to measure them, and where to find the right information/data.
    • Knowledge of where money, time, and other resources are needed most to drive tangible customer value.

    “81% of organizations cite CX as a competitive differentiator. The top factor driving digital transformation is improving CX […] with companies reporting benefits associated with improving CX including:

    • Increased customer loyalty (92%)
    • An uplift in revenue (84%)
    • Cost savings (79%).”

    – Dan Cote, “Advocacy Blooms and Business Booms When Customers and Employees Engage”, Influitive, 2021

    The image contains a screenshot of a thought model that focuses on Measure & Manage the Customer Satisfaction Metrics That Matter the Most.

    Who benefits from improving the measurement and monitoring of customer satisfaction?

    This Research Is Designed for:

    • Customer Success leaders and marketers who are:
      • Responsible for understanding how to benchmark, measure, and understand customer satisfaction to improve satisfaction, NPS, and ROI.
      • Looking to take a more proactive and structured approach to customer satisfaction measurement and monitoring.
      • Looking for a more effective and accurate way to measure and understand how to improve customer satisfaction around products and services.

    This Research Will Help You:

    • Understand the factors driving satisfaction and dissatisfaction.
    • Know which customers are satisfied/dissatisfied.
    • Know where time, money, and resources are needed the most in order to improve or maintain satisfaction levels.
    • Develop a formal plan to improve customer satisfaction.
    • Establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.

    This Research Will Also Assist:

    • Customer Success Leaders, Marketing and Sales Directors and Managers, Product Marketing Managers, and Advocacy Managers/Coordinators who are responsible for:
      • Product improvements and enhancements
      • Customer service and onboarding
      • Customer advocacy programs
      • Referral/VoC programs

    This Research Will Help Them:

    • Coordinate and align on customer experience efforts and actions.
    • Gather and make use of customer feedback to improve products, solutions, and services provided.
    • Provide an amazing customer experience throughout the entirety of the customer journey.

    SoftwareReviews’ methodology for measuring the customer satisfaction metrics that matter the most

    1. Identify true customer satisfaction drivers

    2. Develop metrics dashboard

    3. Develop customer satisfaction measurement and management plan

    Phase Steps

    1. Identify data sources, documenting any gaps in data
    2. Analyze all relevant data on customer experiences and outcomes
    3. Document top satisfaction drivers
    1. Identify business goals, problems to be solved / define business challenges and marketing/customer success goals
    2. Use SR diagnostic to assess current state of satisfaction measurement, assessing metric alignment to satisfaction drivers
    3. Define your metrics dashboard
    4. Develop common metric definitions, language for discussing, and standards for measuring customer satisfaction
    1. Determine committee structure to measure performance metrics over time
    2. Map out gaps in satisfaction along customer journey/common points in journey where customers are least dissatisfied
    3. Build plan that identifies weak areas and shows how to fix using SR’s emotional footprint, other measures
    4. Create plan and roadmap for CSat improvement
    5. Create communication deck

    Phase Outcomes

    1. Documented satisfaction drivers
    2. Documented data sources and gaps in data
    1. Current state customer satisfaction measurement analysis
    2. Common metric definitions and measurement standards
    3. Metrics dashboard
    1. Customer satisfaction measurement plan
    2. Customer satisfaction improvement plan
    3. Customer journey maps
    4. Customer satisfaction improvement communication deck
    5. Customer Satisfaction Committee created

    Insight summary

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and which will keep them coming back to you to have their needs met.

    Positive experiences drive satisfaction more so than features and cost

    According to our analysis of software buyer reviews data*, the biggest drivers of satisfaction and likeliness to recommend are the positive experiences customers have with vendors and their products. Customers want to feel that:

    1. Their productivity and performance is enhanced, and the vendor is helping them innovate and grow as a company.
    2. Their vendor inspires them and helps them to continually improve.
    3. They can rely on the vendor and the product they purchased.
    4. They are respected by the vendor.
    5. They can trust that the vendor will be on their side and save them time.
    *8 million data points across all software categories

    Measure Key Relationship KPIs to gauge satisfaction

    Key metrics to track include the Business Value Created score, Net Emotional Footprint, and the Love/Hate score (the strength of emotional connection).

    Orient the organization around customer experience excellence

    1. Arrange staff incentives around customer value instead of metrics that are unrelated to satisfaction.
    2. Embed customer experience as a core company value and integrate it into all functions.
    3. Make working with your organization easy and seamless for customers.

    Have a designated committee for customer satisfaction measurement

    Best in class organizations create customer satisfaction committees that meet regularly to measure and monitor customer satisfaction, resolve issues quickly, and work towards improved customer experience and profit outcomes.

    Use metrics that align to top satisfaction drivers

    This will give you a more accurate and fulsome view of customer satisfaction than standard satisfaction metrics alone will.

    Guided Implementation

    What is our GI on measuring and managing the customer satisfaction metrics that matter most?

    Identify True Customer Satisfaction Drivers

    Develop Metrics Dashboard Develop Customer Satisfaction Measurement and Management Plan

    Call #1: Discuss current pain points and barriers to successful customer satisfaction measurement, monitoring and maintenance. Plan next call – 1 week.

    Call #2: Discuss all available data, noting any gaps. Develop plan to fill gaps, discuss feasibility and timelines. Plan next call – 1 week.

    Call #3: Walk through SoftwareReviews reports to understand EF and satisfaction drivers. Plan next call – 3 days.

    Call #4: Segment customers and document key satisfaction drivers. Plan next call – 2 week.

    Call #5: Document business goals and align them to metrics. Plan next call – 1 week.

    Call #6: Complete the SoftwareReviews satisfaction measurement diagnostic. Plan next call – 3 days.

    Call #7: Score list of metrics that align to satisfaction drivers. Plan next call – 2 days.

    Call #8: Develop metrics dashboard and definitions. Plan next call – 2 weeks.

    Call #9: Finalize metrics dashboard and definitions. Plan next call – 1 week.

    Call #10: Discuss committee and determine governance. Plan next call – 2 weeks.

    Call #11: Map out gaps in satisfaction along customer journey as they relate to top satisfaction drivers. Plan next call –2 weeks.

    Call #12: Develop plan and roadmap for satisfaction improvement. Plan next call – 1 week.

    Call #13: Finalize plan and roadmap. Plan next call – 1 week.

    Call # 14: Review and coach on communication deck.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    Software Reviews offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
    Included within Advisory Membership Optional add-ons

    Bibliography

    “Are you experienced?” Bain & Company, Apr. 2015. Accessed 6 June. 2022.

    Brisco, Ken. “Measuring Customer Satisfaction and Why It’s So Important.” NICE, Feb. 2019. Accessed 6 June. 2022.

    CMO.com Team. “The Customer Experience Management Mandate.” Adobe Experience Cloud Blog, July 2019. Accessed 14 June. 2022.

    Cote, Dan. “Advocacy Blooms and Business Booms When Customers and Employees Engage.” Influitive, Dec. 2021. Accessed 15 June. 2022.

    Fanderl, Harald and Perrey, Jesko. “Best of both worlds: Customer experience for more revenues and lower costs.” McKinsey & Company, Apr. 2014. Accessed 15 June. 2022.

    Gallemard, Jeremy. “Why – And How – Should Customer Satisfaction Be Measured?” Smart Tribune, Feb. 2020. Accessed 6 June. 2022.

    Kumar, Swagata. “Customer Success Statistics in 2021.” Customer Success Box, 2021. Accessed 17 June. 2022.

    Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, Management Accounting Quarterly, vol. 14, no. 3, 2013, pp 38. Accessed 17 June. 2022.

    Loper, Matthew. “Why ‘Customer Satisfaction’ Misses the Mark – And What to Measure Instead.” Newsweek, Jan. 2022. Accessed 16 June. 2022.

    Maechler, Nicolas, et al. “Improving the business-to-business customer experience.” McKinsey & Company, Mar. 2016. Accessed 16 June.

    “New Research from Dimension Data Reveals Uncomfortable CX Truths.” CISION PR Newswire, Apr. 2017. Accessed 7 June. 2022.

    Sheth, Rohan. 75 Must-Know Customer Experience Statistics to move Your Business Forward in 2022.” SmartKarrot, Feb. 2022. Accessed 17 June. 2022.

    Smith, Mercer. “111 Customer Service Statistics and Facts You Shouldn’t Ignore.” HelpScout, May 2022. Accessed 17 June. 2022.

    “State of the Connected Customer.” Salesforce, 2020. Accessed 14 June. 2022

    “The true value of customer experiences.” Deloitte, 2018. Accessed 15 June. 2022.

    Enter Into Mobile Development Without Confusion and Frustration

    • Buy Link or Shortcode: {j2store}282|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • IT managers don’t know where to start when initiating a mobile program.
    • IT has tried mobile development in the past but didn't achieve success.
    • IT must initiate a mobile program quickly based on business priorities and needs a roadmap based on best practices.

    Our Advice

    Critical Insight

    • Form factors and mobile devices won't drive success – business alignment and user experience will. Don't get caught up with the latest features in mobile devices.
    • Software emulation testing is not true testing. Get on the device and run your tests.
    • Cross form-factor testing cannot be optimized to run in parallel. Therefore, anticipate longer testing cycles for cross form-factor testing.

    Impact and Result

    • Prepare your development, testing, and deployment teams for mobile development.
    • Get a realistic assessment of ROI for the launch of a mobile program.

    Enter Into Mobile Development Without Confusion and Frustration Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for a Mobile Program

    Understand the current mobile ecosystem. Use this toolkit to help you initiate a mobile development program.

    • Storyboard: Enter Into Mobile Development Without Confusion and Frustration

    2. Assess Your Dev Process for Readiness

    Review and evaluate your current application development process.

    3. Prepare to Execute Your Mobile Program

    Prioritize your mobile program based on your organization’s prioritization profile.

    • Mobile Program Tool

    4. Communicate with Stakeholders

    Summarize the execution of the mobile program.

    • Project Status Communication Worksheet
    [infographic]

    Workshop: Enter Into Mobile Development Without Confusion and Frustration

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build your Future Mobile Development State

    The Purpose

    Understand the alignment of stakeholder objectives and priorities to mobile dev IT drivers.

    Assess readiness of your organization for mobile dev.

    Understand how to build your ideal mobile dev process.

    Key Benefits Achieved

    Identify and address the gaps in your existing app dev process.

    Build your future mobile dev state.

    Activities

    1.1 Getting started

    1.2 Assess your current state

    1.3 Establish your future state

    Outputs

    List of key stakeholders

    Stakeholder and IT driver mapping and assessment of current app dev process

    List of practices to accommodate mobile dev

    2 Prepare and Execute your Mobile Program

    The Purpose

    Assess the impact of mobile dev on your existing app dev process.

    Prioritize your mobile program.

    Understand the dev practice metrics to gauge success.

    Key Benefits Achieved

    Properly prepare for the execution of your mobile program.

    Calculate the ROI of your mobile program.

    Prioritize your mobile program with dependencies in mind.

    Build a communication plan with stakeholders.

    Activities

    2.1 Conduct an impact analysis

    2.2 Prepare to execute

    2.3 Communicate with stakeholders

    Outputs

    Impact analysis of your mobile program and expected ROI

    Mobile program order of execution and project dependencies mapping

    List of dev practice metrics

    Enterprise Architecture Trends

    • Buy Link or Shortcode: {j2store}584|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • The digital transformation journey brings business and technology increasingly closer.
    • Because the two become more and more intertwined, the role of the enterprise architecture increases in importance, aligning the two in providing additional efficiencies.
    • The current need for an accelerated digital transformation elevates the importance of enterprise architecture.

    Our Advice

    Critical Insight

    • Enterprise architecture is impacted and has an increasing role in the following areas:
      • Business agility
      • Security
      • Innovation
      • Collaborative EA
      • Tools and automation

    Impact and Result

    EA’s role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    Enterprise Architecture Trends Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Architecture Trends Deck – A trend report to support executives as they digitally transform the enterprise.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions, while embracing unprecedented opportunities to scale, stimulating innovation, in order to increase the organization’s competitive advantage.

    • Enterprise Architecture Trends Report

    Infographic

    Further reading

    Enterprise Architecture Trends

    Supporting Executives to Digitally Transform the Enterprise

    Analyst Perspective

    Enterprise architecture, seen as the glue of the organization, aligns business goals with all the other aspects of the organization, providing additional effectiveness and efficiencies while also providing guardrails for safety.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture (EA) is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions while embracing unprecedented opportunities to scale, stimulating innovation to increase the organization’s competitive advantage.

    Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group.

    Milena Litoiu
    Principal/Senior Director, Enterprise Architecture
    Info-Tech Research Group

    Accelerated digital transformation elevates the importance of EA

    The Digital transformation journey brings Business and technology increasingly closer.

    Because the two become more and more intertwined, the role OF Enterprise Architecture increases in importance, aligning the two in providing additional efficiencies.

    THE Current need for an accelerated Digital transformation elevates the importance of Enterprise Architecture.

    More than 70% of organizations revamp their enterprise architecture programs. (Info-Tech Tech Trends 2022 Survey)

    Most organizations still see a significant gap between the business and IT.

    Enterprise Architecture (EA) is impacted and has an increasing role in the following areas

    Accelerated Digital Transformation

    • Business agility Business agility, needed more that ever, increases reliance on enterprise strategies.
      EA creates alignment between business and IT to improve business nimbleness.
    • Security More sophisticated attacks require more EA coordination.
      EA helps adjust to the increasing sophistication of external threats. Partnering with the CISO office to develop strategies to protect the enterprise becomes a prerequisite for survival.
    • Innovation EA's role in an innovation increases synergies at the enterprise level.
      EA plays an increasingly stronger role in innovation, from business endeavors to technology, across business units, etc.
    • Collaborative EA Collaborative EA requires new ways of working.
      Enterprise collaboration gains new meaning, replacing stiff governance.
    • Tools & automation Tools-based automation becomes increasingly common.
      Tools support as well as new artificial intelligence or machine- learning- powered approaches help achieve tools-assisted coordination across viewpoints and teams.

    Info-Tech Insight

    EA's role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    EA Enabling Business Agility

    Trend 01 — Business Agility is needed more than ever and THIS increases reliance on enterprise Strategies. to achieve nimbleness, organizations need to adapt timely to changes in the environment.

    Approaches:
    A plethora of approaches are needed (e.g. architecture modularity, data integration, AI/ML) in addition to other Agile/iterative approaches for the entire organization.

    Human Resources Management

    • Buy Link or Shortcode: {j2store}31|cart{/j2store}
    • Related Products: {j2store}31|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.6/10
    • member rating average dollars saved: $13,367
    • member rating average days saved: 7
    • Parent Category Name: people and Resources
    • Parent Category Link: /people-and-resources
    Talent is the differentiator; availability is not.

    Train Managers to Strengthen Employee Relationships to Improve Engagement

    • Buy Link or Shortcode: {j2store}545|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • The responsibility of employee engagement has been on the shoulders of HR and the executive team for years, but managers, not HR or executives, should be primarily responsible for employee engagement.
    • Managers often fail to take steps to improve due to the following reasons:
      • They don’t understand the impact they can have on engagement.
      • They don’t understand the value of an engaged workforce.
      • They don’t feel that they are responsible for engagement.
      • They don’t know what steps they can personally take to improve engagement levels.

    Our Advice

    Critical Insight

    • Managers have a large impact on employee engagement and retention. According to McLean & Company’s engagement data, every 10% increase in the category “my manager inspires me to improve” resulted in a 3.6% increase in an employee’s intent to stay.
    • To improve the manager relationship driver, managers cannot abdicate the responsibility of strengthening relationships with employees to HR – they must take the ownership role.

    Impact and Result

    • When an organization focuses on strengthening manager relationships with employees, managers should be the owner and IT leadership should be the facilitator.
    • Info-Tech recommends starting with the three most important actions to improve employee trust and therefore engagement: inform employees of the why behind decisions, interact with them on a personal level, and involve them in decisions that affect them (also known as the “3 I’s”).
    • Use this blueprint to prepare to train managers on how to apply the 3 I principles and improve the score on this engagement driver.

    Train Managers to Strengthen Employee Relationships to Improve Engagement Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case

    Educate managers on the impact they have on engagement.

    • Train Managers to Strengthen Employee Relationships to Improve Engagement Storyboard

    2. Prepare for the training session by understanding key concepts

    Learn the 3 I’s of engagement and understand IT leaders as role models for engagement.

    • Training Deck: Train Managers to Build Trusting Relationships to Improve Engagement

    3. Plan the training session and customize the materials

    Determine the logistics of the training session: the who, what, and where.

    • Participant Notebook: Take Ownership of Manager Relationships

    4. Track training success metrics and follow up

    Determine ways to track the impact the training has on employee engagement.

    • Training Evaluation: Manager Relationships
    [infographic]

    Workshop: Train Managers to Strengthen Employee Relationships to Improve Engagement

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for Strengthening Manager Relationships

    The Purpose

    Educate managers on the impact they have on engagement and the relationship between employee trust and engagement.

    Identify reasons why managers fail to positively impact employee engagement.

    Inform managers of their responsibility for employee engagement.

    Key Benefits Achieved

    Increased awareness of managers regarding their impact on employee engagement.

    Improved understanding of manager role.

    Creation of plan to increase employee trust and engagement.

    Activities

    1.1 Describe relationship between trust and engagement.

    1.2 Review data on manager’s impact on engagement.

    Outputs

    Gain an understanding of the 3 I’s of building trust.

    Address key objections managers might have.

    2 Prepare for the Training Session by Understanding Key Concepts and Your Role as HR

    The Purpose

    Understand key concepts for engagement, such as inform, interact, and involve.

    Use McLean & Company’s advice to get past pain points with managers.

    Key Benefits Achieved

    Understand the key principles and activities in the manager training deck.

    Gain advice for dealing with pushback from managers.

    Learn about actions that you can take to adopt the 3 I’s principle and act as a role model.

    Activities

    2.1 Practice manager training exercises on informing, interacting with, and involving employees.

    Outputs

    Become familiar with and prepared to take managers through key training exercises.

    3 Plan the Training Session and Customize the Materials

    The Purpose

    Determine who will participate in the manager training session.

    Become familiar with the content in the training deck and ensure the provided examples are appropriate.

    Key Benefits Achieved

    Logistics planned for your own training session.

    Your own case made more powerful by adding your engagement data to the training deck slides.

    Improved delivery of training, making it more effective and engaging for participants.

    Activities

    3.1 Consider your audience for delivering the training.

    3.2 Plan out logistics for the training session—the who, where, and when.

    Outputs

    Ensure that your training sessions include the appropriate participants.

    Deliver a smooth and successful training session.

    4 Track Training Success Metrics and Follow Up

    The Purpose

    Determine ways to track the impact the training has on employee engagement.

    Understand how to apply the 3 I’s principle across HR functions. 

    Key Benefits Achieved

    Measure the value of engagement training.

    Gain immediate feedback on employee engagement with the McLean Leadership Index.

    Determine how HR can support managers in building stronger relationships with employees.

    Activities

    4.1 Determine how HR can support management in strengthening employee relationships.

    Outputs

    Create a culture of trust throughout the organization.

    Build a Service Desk Consolidation Strategy

    • Buy Link or Shortcode: {j2store}479|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Incompatible technologies. Organizations with more than one service desk are likely to have many legacy IT service management (ITSM) solutions. These come with a higher support cost, costly skill-set maintenance, and the inability to negotiate volume licensing discounts.
    • Inconsistent processes. Organizations with more than one service desk often have incompatible processes, which can lead to inconsistent service support across departments, less staffing flexibility, and higher support costs.
    • Lack of data integration. Without a single system and consistent processes, IT leaders often have only a partial view of service support activities. This can lead to rigid IT silos, limit the ability to troubleshoot problems, and streamline process workflows.

    Our Advice

    Critical Insight

    • Every step should put people first. It’s tempting to focus the strategy on designing processes and technologies for the target architecture. However, the most common barrier to success is workforce resistance to change.
    • A consolidated service desk is an investment, not a cost-reduction program. Focus on efficiency, customer service, and end-user satisfaction. There will be many cost savings, but viewing them as an indirect consequence of the pursuit of efficiency and customer service is the best approach.

    Impact and Result

    • Conduct a comprehensive assessment of existing service desk people, processes, and technology.
    • Identify and retire resources and processes that are no longer meeting business needs, and consolidate and modernize resources and processes that are worth keeping.
    • Identify logistic and cost considerations and create a roadmap of consolidation initiatives.
    • Communicate the change and garner support for the consolidation initiative.

    Build a Service Desk Consolidation Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a service desk consolidation strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a shared vision

    Engage stakeholders to develop a vision for the project and perform a comprehensive assessment of existing service desks.

    • Build a Service Desk Consolidation Strategy – Phase 1: Develop a Shared Vision
    • Stakeholder Engagement Workbook
    • Consolidate Service Desk Executive Presentation
    • Consolidate Service Desk Assessment Tool
    • IT Skills Inventory and Gap Assessment Tool

    2. Design the consolidated service desk

    Outline the target state of the consolidated service desk and assess logistics and cost of consolidation.

    • Build a Service Desk Consolidation Strategy – Phase 2: Design the Consolidated Service Desk
    • Consolidate Service Desk Scorecard Tool
    • Consolidated Service Desk SOP Template
    • Service Desk Efficiency Calculator
    • Service Desk Consolidation TCO Comparison Tool

    3. Plan the transition

    Build a project roadmap and communication plan.

    • Build a Service Desk Consolidation Strategy – Phase 3: Plan the Transition
    • Service Desk Consolidation Roadmap
    • Service Desk Consolidation Communications and Training Plan Template
    • Service Desk Consolidation News Bulletin & FAQ Template
    [infographic]

    Workshop: Build a Service Desk Consolidation Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Engage Stakeholders to Develop a Vision for the Service Desk

    The Purpose

    Identify and engage key stakeholders.

    Conduct an executive visioning session to define the scope and goals of the consolidation.

    Key Benefits Achieved

    A list of key stakeholders and an engagement plan to identify needs and garner support for the change.

    A common vision for the consolidation initiative with clearly defined goals and objectives.

    Activities

    1.1 Identify key stakeholders and develop an engagement plan.

    1.2 Brainstorm desired service desk attributes.

    1.3 Conduct an executive visioning session to craft a vision for the consolidated service desk.

    1.4 Define project goals, principles, and KPIs.

    Outputs

    Stakeholder Engagement Workbook

    Executive Presentation

    2 Conduct a Full Assessment of Each Service Desk

    The Purpose

    Assess the overall maturity, structure, organizational design, and performance of each service desk.

    Assess current ITSM tools and how well they are meeting needs.

    Key Benefits Achieved

    A robust current state assessment of each service desk.

    An understanding of agent skills, satisfaction, roles, and responsibilities.

    An evaluation of existing ITSM tools and technology.

    Activities

    2.1 Review the results of diagnostics programs.

    2.2 Map organizational structure and roles for each service desk.

    2.3 Assess overall maturity and environment of each service desk.

    2.4 Assess current information system environment.

    Outputs

    Consolidate Service Desk Assessment Tool

    3 Design Target Consolidated Service Desk

    The Purpose

    Define the target state for consolidated service desk.

    Identify requirements for the service desk and a supporting solution.

    Key Benefits Achieved

    Detailed requirements and vision for the consolidated service desk.

    Gap analysis of current vs. target state.

    Documented standardized processes and procedures.

    Activities

    3.1 Identify requirements for target consolidated service desk.

    3.2 Build requirements document and shortlist for ITSM tool.

    3.3 Use the scorecard comparison tool to assess the gap between existing service desks and target state.

    3.4 Document standardized processes for new service desk.

    Outputs

    Consolidate Service Desk Scorecard Tool

    Consolidated Service Desk SOP

    4 Plan for the Transition

    The Purpose

    Break down the consolidation project into specific initiatives with a detailed timeline and assigned responsibilities.

    Plan the logistics and cost of the consolidation for process, technology, and facilities.

    Develop a communications plan.

    Key Benefits Achieved

    Initial analysis of the logistics and cost considerations to achieve the target.

    A detailed project roadmap to migrate to a consolidated service desk.

    A communications plan with responses to anticipated questions and objections.

    Activities

    4.1 Plan the logistics of the transition.

    4.2 Assess the cost and savings of consolidation to refine business case.

    4.3 Identify initiatives and develop a project roadmap.

    4.4 Plan communications for each stakeholder group.

    Outputs

    Consolidation TCO Tool

    Consolidation Roadmap

    Executive Presentation

    Communications Plan

    News Bulletin & FAQ Template

    Further reading

    Build a Service Desk Consolidation Strategy

    Manage the dark side of growth.

    ANALYST PERSPECTIVE

    A successful service desk consolidation begins and ends with people.

    "It’s tempting to focus strategic planning on the processes and technology that will underpin the consolidated service desk. Consistent processes and a reliable tool will cement the consolidation, but they are not what will hold you back.

    The most common barrier to a successful consolidation is workforce resistance to change. Cultural difference, perceived risks, and organizational inertia can hinder data gathering, deter collaboration, and impede progress from the start.

    Building a consolidated service desk is first and foremost an exercise in organizational change. Garner executive support for the project, enlist a team of volunteers to lead the change, and communicate with key stakeholders early and often. The key is to create a shared vision for the project and engage those who will be most affected."

    Sandi Conrad

    Senior Director, Infrastructure Practice

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • CIOs who need to reduce support costs and improve customer service.
    • IT leaders tasked with the merger of two or more IT organizations.
    • Service managers implementing a shared service desk tool.
    • Organizations rationalizing IT service management (ITSM) processes.

    This Research Will Help You:

    • Develop a shared vision for the consolidated service desk.
    • Assess key metrics and report on existing service desk architecture.
    • Design a target service desk architecture and assess how to meet the new requirements.
    • Deploy a strategic roadmap to build the consolidated service desk architecture.

    Executive summary

    Situation

    Every organization must grow to survive. Good growth makes an organization more agile, responsive, and competitive, which leads to further growth.

    The proliferation of service desks is a hallmark of good growth when it empowers the service of diverse end users, geographies, or technologies.

    Complication

    Growth has its dark side. Bad growth within a business can hinder agility, responsiveness, and competitiveness, leading to stagnation.

    Supporting a large number of service desks can be costly and inefficient, and produce poor or inconsistent customer service, especially when each service desk uses different ITSM processes and technologies.

    Resolution

    Manage the dark side of growth. Consolidating service desks can help standardize ITSM processes, improve customer service, improve service desk efficiency, and reduce total support costs. A consolidation is a highly visible and mission critical project, and one that will change the public face of IT. Organizations need to get it right.

    Building a consolidated service desk is an exercise in organizational change. The success of the project will hinge on how well the organization engages those who will be most affected by the change. Build a guiding coalition for the project, create a shared vision, enlist a team of volunteers to lead the change, and communicate with key stakeholders early and often.

    Use a structured approach to facilitate the development of a shared strategic vision, design a detailed consolidated architecture, and anticipate resistance to change to ensure the organization reaps project benefits.

    Info-Tech Insight

    1. Every step should put people first. It’s tempting to focus the strategy on designing processes and technologies for the target architecture. However, the most common barrier to success is workforce resistance to change.
    2. A consolidated service desk is an investment, not a cost-reduction program. Focus on efficiency, customer service, and end-user satisfaction. Cost savings, and there will be many, should be seen as an indirect consequence of the pursuit of efficiency and customer service.

    Focus the service desk consolidation project on improving customer service to overcome resistance to change

    Emphasizing cost reduction as the most important motivation for the consolidation project is risky.

    End-user satisfaction is a more reliable measure of a successful consolidation.

    • Too many variables affect the impact of the consolidation on the operating costs of the service desk to predict the outcome reliably.
    • Potential reductions in costs are unlikely to overcome organizational resistance to change.
    • Successful service desk consolidations can increase ticket volume as agents capture tickets more consistently and increase customer service.

    The project will generate many cost savings, but they will take time to manifest, and are best seen as an indirect consequence of the pursuit of customer service.

    Info-Tech Insight

    Business units facing a service desk consolidation are often concerned that the project will lead to a loss of access to IT resources. Focus on building a customer-focused consolidated service desk to assuage those fears and earn their support.

    End users, IT leaders, and process owners recognize the importance of the service desk.

    2nd out of 45

    On average, IT leaders and process owners rank the service desk 2nd in terms of importance out of 45 core IT processes. Source: Info-Tech Research Group, Management and Governance Diagnostic (2015, n = 486)

    42.1%

    On average, end users who were satisfied with service desk effectiveness rated all other IT services 42.1% higher than dissatisfied end users. Source: Info-Tech Research Group, End-User Satisfaction Survey 2015, n = 133)

    38.0%

    On average, end users who were satisfied with service desk timeliness rated all other IT services 38.0% higher than dissatisfied end users. Source: Info-Tech Research Group, End-User Satisfaction Survey (2015, n = 133)

    Overcome the perceived barriers from differing service unit cultures to pursue a consolidated service desk (CSD)

    In most organizations, the greatest hurdles that consolidation projects face are related to people rather than process or technology.

    In a survey of 168 service delivery organizations without a consolidated service desk, the Service Desk Institute found that the largest internal barrier to putting in place a consolidated service desk was organizational resistance to change.

    Specifically, more than 56% of respondents reported that the different cultures of each service unit would hinder the level of collaboration such an initiative would require.

    The image is a graph titled Island cultures are the largest barrier to consolidation. The graph lists Perceived Internal Barriers to CSD by percentage. The greatest % barrier is Island cultures, with executive resistance the next highest.

    Service Desk Institute (n = 168, 2007)

    Info-Tech Insight

    Use a phased approach to overcome resistance to change. Focus on quick-win implementations that bring two or three service desks together in a short time frame and add additional service desks over time.

    Avoid the costly proliferation of service desks that can come with organizational growth

    Good and bad growth

    Every organization must grow to survive, and relies heavily on its IT infrastructure to do that. Good growth makes an organization more agile, responsive, and competitive, and leads to further growth.

    However, growth has its dark side. Bad growth hobbles agility, responsiveness, and competitiveness, and leads to stagnation.

    As organizations grow organically and through mergers, their IT functions create multiple service desks across the enterprise to support:

    • Large, diverse user constituencies.
    • Rapidly increasing call volumes.
    • Broader geographic coverage.
    • A growing range of products and services.

    A hallmark of bad growth is the proliferation of redundant and often incompatible ITSM services and processes.

    Project triggers:

    • Organizational mergers
    • ITSM tool purchase
    • Service quality or cost-reduction initiatives
    Challenges arising from service desk proliferation:
    Challenge Impact
    Incompatible Technologies
    • Inability to negotiate volume discounts.
    • Costly skill set maintenance.
    • Increased support costs.
    • Increased shadow IT.
    Inconsistent Processes
    • Low efficiency.
    • High support costs.
    • Inconsistent support quality.
    • Less staffing flexibility.
    Lack of Data Integration
    • Only partial view of IT.
    • Inefficient workflows.
    • Limited troubleshooting ability.
    Low Customer Satisfaction
    • Fewer IT supporters.
    • Lack of organizational support.

    Consolidate service desks to integrate the resources, processes, and technology of your support ecosystem

    What project benefits can you anticipate?

    • Consolidated Service Desk
      • End-user group #1
      • End-user group #2
      • End-user group #3
      • End-user group #4

    A successful consolidation can significantly reduce cost per transaction, speed up service delivery, and improve the customer experience through:

    • Single point of contact for end users.
    • Integrated ITSM solution where it makes sense.
    • Standardized processes.
    • Staffing integration.
    Project Outcome

    Expected Benefit

    Integrated information The capacity to produce quick, accurate, and segmented reports of service levels across the organization.
    Integrated staffing Flexible management of resources that better responds to organizational needs.
    Integrated technology Reduced tool procurement costs, improved data integration, and increased information security.
    Standardized processes Efficient and timely customer service and a more consistent customer experience.

    Standardized and consolidated service desks will optimize infrastructure, services, and resources benefits

    • To set up a functioning service desk, the organization will need to invest resources to build and integrate tier 1, tier 2, and tier 3 capabilities to manage incidents and requests.
    • The typical service desk (Figure 1) can address a certain number of tickets from all three tiers. If your tickets in a given tier are less than that number, you are paying for 100% of service costs but consuming only a portion of it.
    • The consolidated model (Figure 2) reduces the service cost by reducing unused capacity.
    • Benefits of consolidation include a single service desk solution, a single point of contact for the business, data integration, process standardization, and consolidated administration, reporting, and management.

    The image is a graphic showing 2 figures. The first shows ring graphs labelled Service Desk 1 and Service Desk 2, with the caption Service provisioning with distinct service desks. Figure 2 shows one graphic, captioned Service provisioning with Consolidated service providers. At the bottom of the image, there is a legend.

    Info-Tech’s approach to service desk consolidation draws on key metrics to establish a baseline and a target state

    The foundation of a successful service desk consolidation initiative is a robust current state assessment. Given the project’s complexity, however, determining the right level of detail to include in the evaluation of existing service desks can be challenging.

    The Info-Tech approach to service desk consolidation includes:

    • Envisioning exercises to set project scope and garner executive support.
    • Surveys and interviews to identify the current state of people, processes, technologies, and service level agreements (SLAs) in each service desk, and to establish a baseline for the consolidated service desk.
    • Service desk comparison tools to gather the results of the current state assessment for analysis and identify current best practices for migration to the consolidated service desk.
    • Case studies to illustrate the full scope of the project and identify how different organizations deal with key challenges.

    The project blueprint walks through a method that helps identify which processes and technologies from each service desk work best, and it draws on them to build a target state for the consolidated service desk.

    Inspiring your target state from internal tools and best practices is much more efficient than developing new tools and processes from scratch.

    Info-Tech Insight

    The two key hurdles that a successful service desk consolidation must overcome are organizational complexity and resistance to change.

    Effective planning during the current state assessment can overcome these challenges.

    Identify existing best practices for migration to the consolidated service desk to foster agent engagement and get the consolidated service desk up quickly.

    A consolidation project should include the following steps and may involve multiple transition phases to complete

    Phase 1: Develop a Shared Vision

    • Identify stakeholders
    • Develop vision
    • Measure baseline

    Phase 2: Design the Consolidation

    • Design target state
    • Assess gaps to reach target
    • Assess logistics and cost

    Phase 3: Plan the Transition

    • Develop project plan and roadmap
    • Communicate changes
    • Make the transition
      • Evaluate and prepare for next transition phase (if applicable)
      • Evaluate and stabilize
        • CSI

    Whether or not your project requires multiple transition waves to complete the consolidation depends on the complexity of the environment.

    For a more detailed breakdown of this project’s steps and deliverables, see the next section.

    Follow Info-Tech’s methodology to develop a service desk consolidation strategy

    Phases Phase 1: Develop a Shared Vision Phase 2: Design the Consolidated Service Desk Phase 3: Plan the Transition
    Steps 1.1 - Identify and engage key stakeholders 2.1 - Design target consolidated service desk 3.1 - Build the project roadmap
    1.2 - Develop a vision to give the project direction
    1.3 - Conduct a full assessment of each service desk 2.2 - Assess logistics and cost of consolidation 3.2 - Communicate the change
    Tools & Templates Executive Presentation Consolidate Service Desk Scorecard Tool Service Desk Consolidation Roadmap
    Consolidate Service Desk Assessment Tool Consolidated Service Desk SOP Communications and Training Plan Template
    Service Desk Efficiency Calculator News Bulletin & FAQ Template
    Service Desk Consolidation TCO Comparison Tool

    Service desk consolidation is the first of several optimization projects focused on building essential best practices

    Info-Tech’s Service Desk Methodology aligns with the ITIL framework

    Extend

    Facilitate the extension of service management best practices to other business functions to improve productivity and position IT as a strategic partner.

    Standardize

    Build essential incident, service request, and knowledge management processes to create a sustainable service desk that meets business needs.

    Improve

    Build a continual improvement plan for the service desk to review and evaluate key processes and services, and manage the progress of improvement initiatives.

    Adopt Lean

    Build essential incident, service request, and knowledge management processes to create a sustainable service desk that boosts business value.

    Select and Implement

    Review mid-market and enterprise service desk tools, select an ITSM solution, and build an implementation plan to ensure your investment meets your needs.

    Consolidate

    Build a strategic roadmap to consolidate service desks to reduce end-user support costs and sustain end-user satisfaction.

    Our Approach to the Service Desk

    Service desk optimization goes beyond the blind adoption of best practices.

    Info-Tech’s approach focuses on controlling support costs and making the most of IT’s service management expertise to improve productivity.

    Complete the projects sequentially or in any order.

    Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

    The image shows Info-Tech's IT Management & Governance Framework. It is a grid of boxes, which are colour-coded by category. The framework includes multiple connected categories of research, including Infrastructure & Operations, where Service Desk is highlighted.

    Oxford University IT Service Desk successfully undertook a consolidation project to merge five help desks into one

    CASE STUDY

    Industry: Higher Education

    Source: Oxford University, IT Services

    Background

    Until 2011, three disparate information technology organizations offered IT services, while each college had local IT officers responsible for purchasing and IT management.

    ITS Service Desk Consolidation Project

    Oxford merged the administration of these three IT organizations into IT Services (ITS) in 2012, and began planning for the consolidation of five independent help desks into a single robust service desk.

    Complication

    The relative autonomy of the five service desks had led to the proliferation of different tools and processes, licensing headaches, and confusion from end users about where to acquire IT service.

    Oxford University IT at a Glance

    • One of the world’s oldest and most prestigious universities.
    • 36 colleges with 100+ departments.
    • Over 40,000 IT end users.
    • Roughly 350 ITS staff in 40 teams.
    • 300 more distributed IT staff.
    • Offers more than 80 services.

    Help Desks:

    • Processes → Business Services & Projects
    • Processes → Computing Services
    • Processes → ICT Support Team

    "IT Services are aiming to provide a consolidated service which provides a unified and coherent experience for users. The aim is to deliver a ‘joined-up’ customer experience when users are asking for any form of help from IT Services. It will be easier for users to obtain support for their IT – whatever the need, service or system." – Oxford University, IT Services

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Service Desk Consolidation Strategy – project overview

    1. Develop shared vision 2. Design consolidation 3. Plan transition
    Best-Practice Toolkit

    1.1 Identify and engage key stakeholders

    1.2 Develop a vision to give the project direction

    1.3 Conduct a full assessment of each service desk

    2.1 Design target consolidated service desk

    2.2 Assess logistics and cost of consolidation

    3.1 Build project roadmap

    3.2 Communicate the change

    Guided Implementations
    • Build the project team and define their roles and responsibilities, then identify key stakeholders and formulate an engagement plan
    • Develop an executive visioning session plan to formulate and get buy-in for the goals and vision of the consolidation
    • Use diagnostics results and the service desk assessment tool to evaluate the maturity and environment of each service desk
    • Define the target state of the consolidated service desk in detail
    • Identify requirements for the consolidation, broken down by people, process, technology and by short- vs. long-term needs
    • Plan the logistics of the consolidation for process, technology, and facilities, and evaluate the cost and cost savings of consolidation with a TCO tool
    • Identify specific initiatives for the consolidation project and evaluate the risks and dependencies for each, then plot initiatives on a detailed project roadmap
    • Brainstorm potential objections and questions and develop a communications plan with targeted messaging for each stakeholder group
    Onsite Workshop

    Module 1: Engage stakeholders to develop a vision for the service desk

    Module 2: Conduct a full assessment of each service desk

    Module 3: Design target consolidated service desk Module 4: Plan for the transition

    Phase 1 Outcomes:

    • Stakeholder engagement and executive buy-in
    • Vision for the consolidation
    • Comprehensive assessment of each service desk’s performance

    Phase 2 Outcomes:

    • Defined requirements, logistics plan, and target state for the consolidated service desk
    • TCO comparison

    Phase 3 Outcomes:

    • Detailed consolidation project roadmap
    • Communications plan and FAQs

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    • Service Desk Assessment Tool (Excel)
    • Executive Presentation (PowerPoint)
    • Service Desk Scorecard Comparison Tool (Excel)
    • Service Desk Efficiency Calculator (Excel)
    • Service Desk Consolidation Roadmap (Excel)
    • Service Desk Consolidation TCO Tool (Excel)
    • Communications and Training Plan (Word)
    • Consolidation News Bulletin & FAQ Template (PowerPoint)

    Measured value for Guided Implementations (GIs)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value
    Phase 1:
    • Time, value, and resources saved by using Info-Tech’s methodology to engage stakeholders, develop a project vision, and assess your current state.
    • For example, 2 FTEs * 10 days * $80,000/year = $6,200
    Phase 2:
    • Time, value, and resources saved by using Info-Tech’s tools and templates to design the consolidated service desk and evaluate cost and logistics.
    • For example, 2 FTEs * 5 days * $80,000/year = $3,100
    Phase 3:
    • Time, value, and resources saved by following Info-Tech’s tools and methodology to build a project roadmap and communications plan.
    • For example, 1 FTE * 5 days * $80,000/year = $1,500
    Total savings $10,800

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-Workshop Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Module 0: Gather relevant data

    0.1 Conduct CIO Business Vision Survey

    0.2 Conduct End-User Satisfaction Survey

    0.3 Measure Agent Satisfaction

    Module 1: Engage stakeholders to develop a vision for the service desk

    1.1 Identify key stakeholders and develop an engagement plan

    1.2 Brainstorm desired service desk attributes

    1.3 Conduct an executive visioning session to craft a vision for the consolidated service desk

    1.4 Define project goals, principles, and KPIs

    Module 2: Conduct a full assessment of each service desk

    2.1 Review the results of diagnostic programs

    2.2 Map organizational structure and roles for each service desk

    2.3 Assess overall maturity and environment of each service desk

    2.4 Assess current information system environment

    Module 3: Design target consolidated service desk

    3.1 Identify requirements for target consolidated service desk

    3.2 Build requirements document and shortlist for ITSM tool

    3.3 Use the scorecard comparison tool to assess the gap between existing service desks and target state

    3.4 Document standardized processes for new service desk

    Module 4: Plan for the transition

    4.1 Plan the logistics of the transition

    4.2 Assess the cost and savings of consolidation to refine business case

    4.3 Identify initiatives and develop a project roadmap

    4.4 Plan communications for each stakeholder group

    Deliverables
    1. CIO Business Vision Survey Diagnostic Results
    2. End-User Satisfaction Survey Diagnostic Results
    1. Stakeholder Engagement Workbook
    2. Executive Presentation
    1. Consolidate Service Desk Assessment Tool
    1. Consolidate Service Desk Scorecard Tool
    2. Consolidated Service Desk SOP
    1. Consolidation TCO Tool
    2. Executive Presentation
    3. Consolidation Roadmap
    4. Communications Plan
    5. News Bulletin & FAQ Template

    Insight breakdown

    Phase 1 Insight

    Don’t get bogged down in the details. A detailed current state assessment is a necessary first step for a consolidation project, but determining the right level of detail to include in the evaluation can be challenging. Gather enough data to establish a baseline and make an informed decision about how to consolidate, but don’t waste time collecting and evaluating unnecessary information that will only distract and slow down the project, losing management interest and buy-in.

    How we can help

    Leverage the Consolidate Service Desk Assessment Tool to gather the data you need to evaluate your existing service desks.

    Phase 2 Insight

    Select the target state that is right for your organization. Don’t feel pressured to move to a complete consolidation with a single point of contact if it wouldn’t be compatible with your organization’s needs and abilities, or if it wouldn’t be adopted by your end users. Design an appropriate level of standardization and centralization for the service desk and reinforce and improve processes moving forward.

    How we can help

    Leverage the Consolidate Service Desk Scorecard Tool to analyze the gap between your existing processes and your target state.

    Phase 3 Insight

    Getting people on board is key to the success of the consolidation, and a communication plan is essential to do so. Develop targeted messaging for each stakeholder group, keeping in mind that your end users are just as critical to success as your staff. Know your audience, communicate to them often and openly, and ensure that every communication has a purpose.

    How we can help

    Leverage the Communications Plan and Consolidation News Bulletin & FAQ Template to plan your communications.

    Phase 1

    Develop a Shared Vision

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Develop shared vision

    Proposed Time to Completion (in weeks): 4-8

    Step 1.1: Identify and engage key stakeholders

    Discuss with an analyst:

    • Build the project team and define their roles and responsibilities
    • Identify key stakeholders and formulate an engagement plan

    Then complete these activities…

    • Assign project roles and responsibilities
    • Identify key stakeholders
    • Formalize an engagement plan and conduct interviews

    With these tools & templates:

    Stakeholder Engagement Workbook

    Step 1.2: Develop a vision to give the project direction

    Discuss with an analyst:

    • Develop an executive visioning session plan to formulate and get buy-in for the goals and vision of the consolidation

    Then complete these activities…

    • Host an executive visioning exercise to define the scope and goals of the consolidation

    With these tools & templates:

    Consolidate Service Desk Executive Presentation

    Step 1.3: Conduct a full assessment of each service desk

    Discuss with an analyst:

    • Use diagnostics results and the service desk assessment tool to evaluate the maturity and environment of each service desk
    • Assess agent skills, satisfaction, roles and responsibilities

    Then complete these activities…

    • Analyze organizational structure
    • Assess maturity and environment of each service desk
    • Assess agent skills and satisfaction

    With these tools & templates:

    Consolidate Service Desk Assessment Tool

    IT Skills Inventory and Gap Assessment Tool

    Phase 1 Outcome:

    • A common vision for the consolidation initiative, an analysis of existing service desk architectures, and an inventory of existing best practices.

    Step 1.1: Get buy-in from key stakeholders

    Phase 1

    Develop a shared vision

    1.1 Identify and engage key stakeholders

    1.2 Develop a vision to give the project direction

    1.3 Conduct a full assessment of each service desk

    This step will walk you through the following activities:
    • 1.1.1 Assign roles and responsibilities
    • 1.1.2 Identify key stakeholders for the consolidation
    • 1.1.3 Conduct stakeholder interviews to understand needs in more depth, if necessary
    This step involves the following participants:
    • Project Sponsor
    • CIO or IT Director
    • Project Manager
    • IT Managers and Service Desk Manager(s)
    Step Outcomes:
    • A project team with clearly defined roles and responsibilities
    • A list of key stakeholders and an engagement plan to identify needs and garner support for the change

    Oxford consulted with people at all levels to ensure continuous improvement and new insights

    CASE STUDY

    Industry: Higher Education

    Source: Oxford University, IT Services

    Motivation

    The merging of Oxford’s disparate IT organizations was motivated primarily to improve end-user service and efficiency.

    Similarly, ITS positioned the SDCP as an “operational change,” not to save costs, but to provide better service to their customers.

    "The University is quite unique in the current climate in that reduction in costs was not one of the key drivers behind the project. The goal was to deliver improved efficiencies and offer a single point of contact for their user base." – Peter Hubbard, ITSM Consultant Pink Elephant

    Development

    Oxford recognized early that they needed an open and collaborative environment to succeed.

    Key IT and business personnel participated in a “vision workshop” to determine long- and short-term objectives, and to decide priorities for the consolidated service desk.

    "Without key support at this stage many projects fail to deliver the expected outcomes. The workshop involved the key stakeholders of the project and was deemed a successful and positive exercise, delivering value to this stage of the project by clarifying the future desired state of the Service Desk." – John Ireland, Director of Customer Service & Project Sponsor

    Deployment

    IT Services introduced a Service Desk Consolidation Project Blog very early into the project, to keep everyone up-to-date and maintain key stakeholder buy-in.

    Constant consultation with people at all levels led to continuous improvement and new insights.

    "We also became aware that staff are facing different changes depending on the nature of their work and which toolset they use (i.e. RT, Altiris, ITSM). Everyone will have to change the way they do things at least a little – but the changes depend on where you are starting from!" – Jonathan Marks, Project Manager

    Understand and validate the consolidation before embarking on the project

    Define what consolidation would mean in the context of your organization to help validate and frame the scope of the project before proceeding.

    What is service desk consolidation?

    Service desk consolidation means combining multiple service desks into one centralized, single point of contact.

    • Physical consolidation = personnel and assets are combined into a single location
    • Virtual consolidation = service desks are combined electronically

    Consolidation must include people, process, and technology:

    1. Consolidation of some or all staff into one location
    2. Consolidation of processes into a single set of standardized processes
    3. One consolidated technology platform or ITSM tool

    Consolidation can take the form of:

    1. Merging multiple desks into one
    2. Collapsing multiple desks into one
    3. Connecting multiple desks into a virtual desk
    4. Moving all desks to one connected platform

    Service Desk 1 - Service Desk 2 - Service Desk 3

    Consolidated Service Desk

    Info-Tech Insight

    Consolidation isn’t for everyone.

    Before you embark on the project, think about unique requirements for your organization that may necessitate more than one service desk, such as location-specific language. Ask yourself if consolidation makes sense for your organization and would achieve a benefit for the organization, before proceeding.

    1.1 Organize and build the project team to launch the project

    Solidify strong support for the consolidation and get the right individuals involved from the beginning to give the project the commitment and direction it requires.

    Project Sponsor
    • Has direct accountability to the executive team and provides leadership to the project team.
    • Legitimatizes the consolidation and provides necessary resources to implement the project.
    • Is credible, enthusiastic, and understands the organization’s culture and values.
    Steering Committee
    • Oversees the effort.
    • Ensures there is proper support from the organization and provides resources where required.
    • Resolves any conflicts.
    Core Project Team
    • Full-time employees drawn from roles that are critical to the service desk, and who would have a strong understanding of the consolidation goals and requirements.
    • Ideal size: 6-10 full-time employees.
    • May include roles defined in the next section.

    Involve the right people to drive and facilitate the consolidation

    Service desk consolidations require broad support and capabilities beyond only those affected in order to deal with unforeseen risks and barriers.

    • Project manager: Has primary accountability for the success of the consolidation project.
    • Senior executive project sponsor: Needed to “open doors” and signal organization’s commitment to the consolidation.
    • Technology SMEs and architects: Responsible for determining and communicating requirements and risks of the technology being implemented or changed, especially the ITSM tool.
    • Business unit leads: Responsible for identifying and communicating impact on business functions, approving changes, and helping champion change.
    • Product/process owners: Responsible for identifying and communicating impact on business functions, approving changes, and helping champion change.
    • HR specialists: Most valuable when roles and organizational design are affected, i.e. the consolidation requires staff redeployment or substantial training (not just using a new system or tool but acquiring new skills and responsibilities) or termination.
    • Training specialists: If you have full-time training staff in the organization, you will eventually need them to develop training courses and material. Consulting them early will help with scoping, scheduling, and identifying the best resources and channels to deliver the training.
    • Communications specialists (internal): Valuable in crafting communications plan, required if communications function owns internal communications.

    Use a RACI table (e.g. in the following section) to clarify who is to be accountable, responsible, consulted, and informed.

    Info-Tech Insight

    The more transformational the change, the more it will affect the organizational chart – not just after the implementation but through the transition.

    Take time early in the project to define the reporting structure for the project/transition team, as well as any teams and roles supporting the transition.

    Assign roles and responsibilities

    1.1.1 Use a RACI chart to assign overarching project responsibilities

    Participants
    • Project Sponsor
    • IT Director, CIO
    • Project Manager
    • IT Managers and Service Desk Manager(s)
    What You'll Need
    • RACI chart

    RACI = Responsible, Accountable, Consulted, Informed

    The RACI chart will provide clarity for overarching roles and responsibilities during the consolidation.

    1. Confirm and modify the columns to match the stakeholders in your organization.
    2. Confirm and modify the roles listed as rows if there are obvious gaps or opportunities to consolidate rows.
    3. Carefully analyze and document the roles as a group.
    Task Project Sponsor Project Manager Sr. Executives SMEs Business Lead Service Desk Managers HR Trainers Communications
    Meeting project objectives A R A R R
    Identifying risks and opportunities R A A C C C C I I
    Assessing current state I A I R C R
    Defining target state I A I C C R
    Planning logistics I A I R R C R
    Building the action plan I A C R R R R R R
    Planning and delivering communications I A C C C C R R A
    Planning and delivering training I A C C C C R R C
    Gathering and analyzing feedback and KPIs I A C C C C C R R

    Identify key stakeholders to gather input from the business, get buy-in for the project, and plan communications

    Identify the key stakeholders for the consolidation to identify the impact consolidation will have on them and ensure their concerns don’t get lost.

    1. Use a stakeholder analysis to identify the people that can help ensure the success of your project.
    2. Identify an Executive Sponsor
      • A senior-level project sponsor is someone who will champion the consolidation project and help sell the concept to other stakeholders. They can also ensure that necessary financial and human resources will be made available to help secure the success of the project. This leader should be someone who is credible, tactful, and accessible, and one who will not only confirm the project direction but also advocate for the project.

    Why is a stakeholder analysis essential?

    • Ignoring key stakeholders is an important cause of failed consolidations.
    • You can use the opinions of the most influential stakeholders to shape the project at an early stage.
    • Their support will secure resources for the project and improve the quality of the consolidation.
    • Communicating with key stakeholders early and often will ensure they fully understand the benefits of your project.
    • You can anticipate the reaction of key stakeholders to your project and plan steps to win their support.

    Info-Tech Insight

    Be diverse and aware. When identifying key stakeholders for the project, make sure to include a rich diversity of stakeholder expertise, geography, and tactics. Also, step back and add silent members to your list. The loudest voices and heaviest campaigners are not necessarily your key stakeholders.

    Identify key stakeholders for the consolidation

    1.1.2 Identify project stakeholders, particularly project champions

    Participants
    • CIO/IT Director
    • Project Sponsor
    • Project Manager
    • IT Managers
    What You’ll Need
    • Whiteboard or flip chart and markers

    Goal: Create a prioritized list of people who are affected or can affect your project so you can plan stakeholder engagement and communication.

    • Use an influence/commitment matrix to determine where your stakeholders lie.
    • High influence, high commitment individuals should be used in conjunction with your efforts to help bring others on board. Identify these individuals and engage with them immediately.
    • Beware of the high influence, low commitment individuals. They should be the first priority for engagement.
    • High commitment, low influence individuals can be used to help influence the low influence, low commitment individuals. Designate a few of these individuals as “champions” to help drive engagement on the front lines.

    Outcome: A list of key stakeholders to include on your steering committee and your project team, and to communicate with throughout the project.

    The image is a matrix, with Influence on the Y-axis and Commitment to change on the X-axis. It is a blank template.

    Overcome the value gap by gathering stakeholder concerns

    Simply identifying and engaging your stakeholders is not enough. There needs to be feedback: talk to your end users to ensure their concerns are heard and determine the impact that consolidation will have on them. Otherwise, you risk leaving value on the table.

    • Talk to the business end users who will be supported by the consolidated service desk.
    • What are their concerns about consolidation?
    • Which functions and services are most important to them? You need to make sure these won't get lost.
    • Try to determine what impact consolidation will have on them.

    According to the Project Management Institute, only 25% of individuals fully commit to change. The remaining 75% either resist or simply accept the change. Gathering stakeholder concerns is a powerful way to gain buy-in.

    The image is a graph with Business Value on the Y-Axis and Time on the X-Axis. Inside the graph, there is a line moving horizontally, separated into segments: Installation, Implementation, and Target Value. The line inclines during the first two segments, and is flat during the last. Emerging from the space between Installation and Implementation is a second line marked Actual realized value. The space between the target value line and the actual realized value line is labelled: Value gap.

    Collect relevant quantitative and qualitative data to assess key stakeholders’ perceptions of IT across the organization

    Don’t base your consolidation on a hunch. Gather reliable data to assess the current state of IT.

    Solicit direct feedback from the organization to gain critical insights into their perceptions of IT.

    • CIO Business Vision: Understanding the needs of your stakeholders is the first and most important step in building a consolidation strategy. Use the results of this survey to assess the satisfaction and importance of different IT services.
    • End-User Satisfaction: Solicit targeted department feedback on core IT service capabilities, IT communications, and business enablement. Use the results to assess the satisfaction of end users with each service broken down by department and seniority level.

    We recommend completing at least the End-User Satisfaction survey as part of your service desk consolidation assessment and planning. An analyst will help you set up the diagnostic and walk through the report with you.

    To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).

    Data-Driven Diagnostics:

    End-User Satisfaction Survey

    CIO Business Vision

    Review the results of your diagnostics in step 1.3

    Formalize an engagement plan to cultivate support for the change from key stakeholders

    Use Info-Tech’s Stakeholder Engagement Workbook to formalize an engagement strategy

    If a more formal engagement plan is required for this project, use Info-Tech’s Stakeholder Engagement Workbook to document an engagement strategy to ensure buy-in for the consolidation.

    The engagement plan is a structured and documented approach for gathering requirements by eliciting input and validating plans for change and cultivating sponsorship and support from key stakeholders early in the project lifecycle.

    The Stakeholder Engagement Workbook situates stakeholders on a grid that identifies which ones have the most interest in and influence on your project, to assist you in developing a tailored engagement strategy.

    You can also use this analysis to help develop a communications plan for each type of stakeholder in step 3.2.

    Conduct stakeholder interviews to understand needs in more depth, if necessary

    1.1.3 Interview key stakeholders to identify needs

    • If the consolidation will be a large and complex project and there is a need to understand requirements in more depth, conduct stakeholder interviews with “high-value targets” who can help generate requirements and promote communication around requirements at a later point.
    • Choose the interview method that is most appropriate based on available resources.
    Method Description Assessment and Best Practices Stakeholder Effort Business Analyst Effort
    Structured One-on-One Interview In a structured one-on-one interview, the business analyst has a fixed list of questions to ask the stakeholder and follows up where necessary. Structured interviews provide the opportunity to quickly hone in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose – to receive specific stakeholder feedback on proposed requirements or help identify systemic constraints. Generally speaking, they should be 30 minutes or less. Low

    Medium

    Unstructured One-on-One Interview In an unstructured one-on-one interview, the business analyst allows the conversation to flow freely. The BA may have broad themes to touch on, but does not run down a specific question list. Unstructured interviews are most useful for initial elicitation, when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialog and allow the participants to speak openly. They should be 60 minutes or less. Medium Low

    Step 1.2: Develop a vision to give the project direction

    Phase 1

    Develop a shared vision

    1.1 Get buy-in from key stakeholders

    1.2 Develop a vision to give the project direction

    1.3 Conduct a full assessment of each service desk

    This step will walk you through the following activities:
    • 1.2.1 Brainstorm desired attributes for the consolidated service desk to start formulating a vision
    • 1.2.2 Develop a compelling vision and story of change
    • 1.2.3 Create a vision for the consolidated service desk
    • 1.2.4 Identify the purpose, goals, and guiding principles of the consolidation project
    • 1.2.5 Identify anticipated benefits and associated KPIs
    • 1.2.6 Conduct a SWOT analysis on the business
    This step involves the following participants:
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Business Executives
    Step outcomes

    A shared vision for the consolidated service desk that:

    • Defines the scope of the consolidation
    • Encompasses the goals and guiding principles of the project
    • Identifies key attributes of the consolidated service desk and anticipated benefits it will bring
    • Is documented in an executive presentation

    Hold an executive visioning session to kick off the project

    A major change such as service desk consolidation requires a compelling vision to engage staff and motivate them to comprehend and support the change.

    After identifying key stakeholders, gather them in a visioning session or workshop to establish a clear direction for the project.

    An executive visioning session can take up to two days of focused effort and activities with the purpose of defining the short and long-term view, objectives, and priorities for the new consolidated service desk.

    The session should include the following participants:

    • Key stakeholders identified in step 1.1, including:
      • IT management and CIO
      • Project sponsor
      • Business executives interested in the project

    The session should include the following tasks:

    • Identify and prioritize the desired outcome for the project
    • Detail the scope and definition of the consolidation
    • Identify and assess key problems and opportunities
    • Surface and challenge project assumptions
    • Clarify the future desired state of the service desk
    • Determine how processes, functions, and systems are to be included in a consolidation analysis
    • Establish a degree of ownership by senior management

    The activities throughout this step are designed to be included as part of the visioning session

    Choose the attributes of your desired consolidated service desk

    Understand what a model consolidated service desk should look like before envisioning your target consolidated service desk.

    A consolidated service desk should include the following aspects:

    • Handles all customer contacts – including internal and external users – across all locations and business units
    • Provides a single point of contact for end users to submit requests for help
    • Handles both incidents and service requests, as well as any additional relevant ITIL modules such as problem, change, or asset management
    • Consistent, standardized processes and workflows
    • Single ITSM tool with workflows for ticket handling, prioritization, and escalations
    • Central data repository so that staff have access to all information needed to resolve issues quickly and deliver high-quality service, including:
      • IT infrastructure information (such as assets and support contracts)
      • End-user information (including central AD, assets and products owned, and prior interactions)
      • Knowledgebase containing known resolutions and workarounds

    Consolidated Service Desk

    • Service Desk 1
    • Service Desk 2
    • Service Desk 3
    • Consolidated staff
    • Consolidated ITSM tool
    • Consolidated data repository

    Brainstorm desired attributes for the consolidated service desk to start formulating a vision

    1.2.1 Identify the type of consolidation and desired service desk attributes

    Participants
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Other interested business executives
    What You'll Need
    • Whiteboard or flip chart and markers
    Document

    Document in the Consolidate Service Desk Executive Presentation, slide 6.

    Brainstorm the model and attributes of the target consolidated service desk. You will use this to formulate a vision and define more specific requirements later on.
    1. Identify the type of consolidation: virtual, physical, or hybrid (both)
    2. Identify the level of consolidation: partial (some service desks consolidated) or complete (all service desks consolidated)
    Consolidated Service Desk Model Level of Consolidation
    Partial Complete
    Type of Consolidation Virtual
    Physical
    Hybrid

    3. As a group, brainstorm and document a list of attributes that the consolidated service desk should have.

    Examples:

    • Single point of contact for all users
    • One ITSM tool with consistent built-in automated workflows
    • Well-developed knowledgebase
    • Self-serve portal for end users with ability to submit and track tickets
    • Service catalog

    Develop a compelling vision and story of change

    1.2.2 Use a vision table to begin crafting the consolidation vision

    Participants
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    • Other interested business executives
    What You'll Need
    • Whiteboard or flip chart and markers
    Document

    Document in the Consolidate Service Desk Executive Presentation, slide 7.

    Build desire for change.

    In addition to standard high-level scope elements, consolidation projects that require organizational change also need a compelling story or vision to influence groups of stakeholders.

    Use the vision table below to begin developing a compelling vision and story of change.

    Why is there a need to consolidate service desks?
    How will consolidation benefit the organization? The stakeholders?
    How did we determine this is the right change?
    What would happen if we didn’t consolidate?
    How will we measure success?

    Develop a vision to inspire and sustain leadership and commitment

    Vision can be powerful but is difficult to craft. As a result, vision statements often end up being ineffective (but harmless) platitudes.

    A service desk consolidation project requires a compelling vision to energize staff and stakeholders toward a unified goal over a sustained period of time.

    Great visions:

    • Tell a story. They describe a journey with a beginning (who we are and how we got here) and a destination (our goals and expected success in the future).
    • Convey an intuitive sense of direction (or “spirit of change”) that helps people act appropriately without being explicitly told what to do.
    • Appeal to both emotion and reason to make people want to be part of the change.
    • Balance abstract ideas with concrete facts. Without concrete images and facts, the vision will be meaninglessly vague. Without abstract ideas and principles, the vision will lack power to unite people and inspire broad support.
    • Are concise enough to be easy to communicate and remember in any situation.

    Info-Tech Insight

    Tell a story. Stories pack a lot of information into few words. They are easy to write, remember, and most importantly – share. It’s worth spending a little extra time to get the details right.

    Create a vision for the consolidated service desk

    1.2.3 Tell a story to describe the consolidated service desk vision

    Participants
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    What You'll Need
    • Whiteboard or flip chart and markers
    • Document in the Executive Presentation, slide 8.

    Craft a vision of the future state of the service desk.

    Tell a story.

    Stories serve to give the consolidation real-world context by describing what the future state will mean for both staff and users of the service desk. The story should sum up the core of the experience of using the consolidated service desk and reflect how the service desk will fit into the life of the user.

    Stories should include:

    • Action describing the way things happen.
    • Contextual detail that helps readers relate to the person in the story.
    • Challenging ideas that contradict common belief and may be disruptive, but help suggest new directions.
    Example:

    Imagine if…

    … users could access one single online service that allows them to submit a ticket through a self-service portal and service catalog, view the status of their ticket, and receive updates about organization-wide outages and announcements. They never have to guess who to contact for help with a particular type of issue or how to contact them as there is only one point of contact for all types of incidents and service requests.

    … all users receive consistent service delivery regardless of their location, and never try to circumvent the help desk or go straight to a particular technician for help as there is only one way to get help by submitting a ticket through a single service desk.

    … tickets from any location could be easily tracked, prioritized, and escalated using standardized definitions and workflows to ensure consistent service delivery and allow for one set of SLAs to be defined and met across the organization.

    Discuss the drivers of the consolidation to identify the goals the project must achieve

    Identifying the reasons behind the consolidation will help formulate the vision for the consolidated service desk and the goals it should achieve.

    The image is a graph, titled Deployment Drivers for Those Planning a Consolidated Service Desk. From highest to lowest, they are: Improved Service Delivery/Increased Productivity; Drive on Operational Costs; and Perceived Best Practice.

    Service Desk Institute (n = 20, 2007)

    A survey of 233 service desks considering consolidation found that of the 20 organizations that were in the planning stages of consolidation, the biggest driver was to improve service delivery and/or increase productivity.

    This is in line with the recommendation that improved service quality should be the main consolidation driver over reducing costs.

    This image is a graph titled Drivers Among Those Who Have Implemented a Consolidated Service Desk. From highest to lowest, they are: Improved Service Delivery/Increased Productivity; Best Practice; Drive on Operational Costs; Internal vs Outsourcing; and Legacy.

    Service Desk Institute (n = 43, 2007)

    The drivers were similar among the 43 organizations that had already implemented a consolidated service desk, with improved service delivery and increased productivity again the primary driver.

    Aligning with best practice was the second most cited driver.

    Identify the purpose, goals, and guiding principles of the consolidation project

    1.2.4 Document goals of the project

    Participants
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    What You'll Need
    • Whiteboard or flip chart and markers
    • Document in the Executive Presentation, slide 9.

    Use the results of your stakeholder analysis and interviews to facilitate a discussion among recommended participants and document the purpose of the consolidation project, the goals the project aims to achieve, and the guiding principles that must be followed.

    Use the following example to guide your discussion:

    Purpose The purpose of consolidating service desks is to improve service delivery to end users and free up more time and resources to achieve the organization’s core mission.
    Goals
    • Align IT resources with business strategies and priorities
    • Provide uniform quality and consistent levels of service across all locations
    • Improve the end-user experience by reducing confusion about where to get help
    • Standardize service desk processes to create efficiencies
    • Identify and eliminate redundant functions or processes
    • Combine existing resources to create economies of scale
    • Improve organizational structure, realign staff with appropriate job duties, and improve career paths
    Guiding Principles

    The consolidated service desk must:

    1. Provide benefit to the organization without interfering with the core mission of the business
    2. Balance cost savings with service quality
    3. Increase service efficiency without sacrificing service quality
    4. Not interfere with service delivery or the experience of end users
    5. Be designed with input from key stakeholders

    Identify the anticipated benefits of the consolidation to weigh them against risks and plan future communications

    The primary driver for consolidation of service desks is improved service delivery and increased productivity. This should relate to the primary benefits delivered by the consolidation, most importantly, improved end-user satisfaction.

    A survey of 43 organizations that have implemented a consolidated service desk identified the key benefits delivered by the consolidation (see chart at right).

    The image is a bar graph titled Benefits Delivered by Consolidated Service Desk. The benefits, from highest to lowest are: Increased Customer Satisfaction; Optimised Resourcing; Cost Reduction; Increased Productivity/Revenue; Team Visibility/Ownership; Reporting/Accountability.

    Source: Service Desk Institute (n = 43, 2007)

    Info-Tech Insight

    Cost reduction may be an important benefit delivered by the consolidation effort, but it should not be the most valuable benefit delivered. Focus communications on anticipated benefits for improved service delivery and end-user satisfaction to gain buy-in for the project.

    Identify anticipated outcomes and benefits of consolidation

    1.2.5 Use a “stop, start, continue” exercise to identify KPIs

    What You'll Need
    • Whiteboard or flip chart and markers
    Participants
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    Document

    Document in the Executive Presentation, slide 10

    1. Divide the whiteboard into 3 columns: stop, start, and continue
    2. Identify components of your service desk that:
    • Are problematic and should be phased out (stop)
    • Provide value but are not in place yet (start)
    • Are effective and should be sustained, if not improved (continue)
  • For each category, identify initiatives or outcomes that will support the desired goals and anticipated benefits of consolidation.
  • Stop Start Continue
    • Escalating incidents without following proper protocol
    • Allowing shoulder taps
    • Focusing solely on FCR as a measure of success
    • Producing monthly ticket trend reports
    • Creating a self-serve portal
    • Communicating performance to the business
    • Writing knowledgebase articles
    • Improving average TTR
    • Holding weekly meetings with team members

    Use a SWOT analysis to assess the service desk

    • A SWOT analysis is a structured planning method that organizations can use to evaluate the strengths, weaknesses, opportunities, and threats involved in a project or business venture.
    • Use a SWOT analysis to identify the organization’s current IT capabilities and classify potential disruptive technologies as the first step toward preparing for them.
    Review these questions...
    Strengths (Internal) Weaknesses (Internal)
    • What Service Desk processes provide value?
    • How does the Service Desk align with corporate/IT strategy?
    • How does your Service Desk benefit end users?
    • Does the Service Desk produce reports or data that benefit the business?
    • Does your Service Desk culture offer an advantage?
    • What areas of your service desk require improvement?
    • Are there gaps in capabilities?
    • Do you have budgetary limitations?
    • Are there leadership gaps (succession, poor management, etc.)?
    • Are there reputational issues with the business?
    Opportunities (External) Threats (External)
    • Are end users adopting hardware or software that requires training and education for either themselves or the Service Desk staff?
    • Can efficiencies be gained by consolidating our Service Desks?
    • What is the most cost-effective way to solve the user's technology problems and get them back to work?
    • How can we automate Service Desk processes?
    • Are there obstacles that the Service Desk must face?
    • Are there issues with respect to sourcing of staff or technologies?
    • Could the existing Service Desk metrics be affected?
    • Will the management team need changes to their reporting?
    • Will SLAs need to be adjusted?

    …to help you conduct your SWOT analysis on the service desk.

    Strengths (Internal) Weaknesses (Internal)
    • End user satisfaction >80%
    • Comprehensive knowledgebase
    • Clearly defined tiers
    • TTR on tickets is <1 day
    • No defined critical incident workflow
    • High cost to solve issues
    • Separate toolsets create disjointed data
    • No root cause analysis
    • Ineffective demand planning
    • No clear ticket categories
    Opportunities (External) Threats (External)
    • Service catalog
    • Ticket Templates
    • Ticket trend analysis
    • Single POC through the use of one tool
    • Low stakeholder buy-in
    • Fear over potential job loss
    • Logistics of the move
    • End user alienation over process change

    Conduct a SWOT analysis on the business

    1.2.6 Conduct SWOT analysis

    Participants
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and Service Desk Manager(s)
    What You'll Need
    • Whiteboard or flip chart and markers
    Document
    • Document in the Executive Presentation, slide 11
    1. Break the group into two teams:
    • Assign team A strengths and weaknesses.
    • Assign team B opportunities and threats.
  • Have the teams brainstorm items that fit in their assigned areas.
    • Refer to the questions on the previous slide to help guide discussion
  • Choose someone from each group to fill in the grid on the whiteboard.
  • Conduct a group discussion about the items on the list.
  • Helpful to achieving the objective Harmful to achieving the objective
    Internal origin attributes of the organization Strengths Weaknesses

    External Origin attributes of the environment

    Opportunities Threats

    Frame your project in terms of people, process, technology

    A framework should be used to guide the consolidation effort and provide a standardized basis of comparison between the current and target state.

    Frame the project in terms of the change and impact it will have on:

    • People
    • Process
    • Technology

    Service desk consolidation will likely have a significant impact in all three categories by standardizing processes, implementing a single service management tool, and reallocating resources. Framing the project in this way will ensure that no aspect goes forgotten.

    For each of the three categories, you will identify:

    • Current state
    • Target state
    • Gap and actions required
    • Impact, risks, and benefits
    • Communication and training requirements
    • How to measure progress/success

    People

    • Tier 1 support
    • Tier 2 support
    • Tier 3 support
    • Vendors

    Process

    • Incident management
    • Service request management
    • SLAs

    Technology

    • ITSM tools
    • Knowledgebase
    • CMDB and other databases
    • Technology supported

    Complete the Consolidate Service Desk Executive Presentation

    Complete an executive presentation using the decisions made throughout this step

    Use the Consolidate Service Desk Executive Presentation to deliver the outputs of your project planning to the business and gain buy-in for the project.

    1. Use the results of the activities throughout step 1.2 to produce the key takeaways for your executive presentation.
    2. At the end of the presentation, include 1-2 slides summarizing any additional information specific to your organization.
    3. Once complete, pitch the consolidation project to the project sponsor and executive stakeholders.
      • This presentation needs to cement buy-in for the project before any other progress is made.

    Step 1.3: Conduct a full assessment of each service desk

    Phase 1

    Develop a shared vision

    1.1 Get buy-in from key stakeholders

    1.2 Develop a vision to give the project direction

    1.3 Conduct a full assessment of each service desk

    This step will walk you through the following activities:
    • 1.3.1 Review the results of your diagnostic programs
    • 1.3.2 Analyze the organizational structure of each service desk
    • 1.3.3 Assess the overall maturity of each service desk
    • 1.3.4 Map out roles and responsibilities of each service desk using organizational charts
    • 1.3.5 Assess and document current information system environment
    This step involves the following participants:
    • CIO
    • IT Directors
    • Service Desk Managers
    • Service Desk Technicians
    Step outcomes
    • A robust current state assessment of each service desk, including overall maturity, processes, organizational structure, agent skills, roles and responsibilities, agent satisfaction, technology and ITSM tools.

    Oxford saved time and effort by sticking with a tested process that works

    CASE STUDY

    Industry: Higher Education

    Source: Oxford University, IT Services

    Oxford ITS instigated the service desk consolidation project in the fall of 2012.

    A new ITSM solution was formally acquired in the spring 2014, and amalgamated workflows designed.

    Throughout this period, at least 3 detailed process analyses occurred in close consultation with the affected IT units.

    Responsibility for understanding each existing process (incident, services, change management, etc.) were assigned to members of the project team.

    They determined which of the existing processes were most effective, and these served as the baseline – saving time and effort in the long run by sticking with tested processes that work.

    Reach out early and often.

    Almost from day one, the Oxford consolidation team made sure to consult closely with each relevant ITS team about their processes and the tools they used to manage their workflows.

    This was done both in structured interviews during the visioning stage and informally at periodic points throughout the project.

    The result was the discovery of many underlying similarities. This information was then instrumental to determining a realistic baseline from which to design the new consolidated service desk.

    "We may give our activities different names or use different tools to manage our work but in all cases common sense has prevailed and it’s perhaps not so surprising that we have common challenges that we choose to tackle in similar ways." – Andrew Goff, Change Management at Oxford ITS

    Review the results of your diagnostic programs to inform your current state assessment

    1.3.1 Understand satisfaction with the service desk

    Participants
    • CIO/IT Director
    • IT Manager
    • Service Manager(s)
    Document
    1. Set up an analyst call through your account manager to review the results of your diagnostic.
    • Whatever survey you choose, ask the analyst to review the data and comments concerning:
      • Assessments of service desk timeliness/effectiveness
      • IT business enablement
      • IT innovation leadership
  • Book a meeting with recommended participants. Go over the results of your diagnostic survey.
  • Facilitate a discussion of the results. Focus on the first few summary slides and the overall department results slide.
    • What is the level of IT support?
    • What are stakeholders’ perceptions of IT performance?
    • How satisfied are stakeholders with IT?
    • Does the department understand and act on business needs?
    • What are the business priorities and how well are you doing in meeting these priorities?
    • How can the consolidation project assist the business in achieving goals?
    • How could the consolidation improve end-user satisfaction and business satisfaction?
  • A robust current state assessment is the foundation of a successful consolidation

    You can’t determine where you’re going without a clear idea of where you are now.

    Before you begin planning for the consolidation, make sure you have a clear picture of the magnitude of what you plan on consolidating.

    Evaluate the current state of each help desk being considered for consolidation. This should include an inventory of:

    • Process:
      • Processes and workflows
      • Metrics and SLAs
    • People:
      • Organizational structure
      • Agent workload and skills
      • Facility layout and design
    • Technology:
      • Technologies and end users supported
      • Technologies and tools used by the service desk

    Info-Tech Insight

    A detailed current state assessment is a necessary first step for a consolidation project, but determining the right level of detail to include in the evaluation can be challenging. Gather enough data to establish a baseline and make an informed decision about how to consolidate, but don’t waste time collecting unnecessary information that will only distract and slow down the project.

    Review ticket handling processes for each service desk to identify best practices

    Use documentation, reports, and metrics to evaluate existing processes followed by each service desk before working toward standardized processes.

    Poor Processes vs. Optimized Processes

    Inconsistent or poor processes affect the business through:

    • Low business satisfaction
    • Low end-user satisfaction
    • High cost to resolve
    • Delayed progress on project work
    • Lack of data for reporting due to ineffective ticket categorization, tools, and logged tickets
    • No root cause analysis leads to a reactive vs. proactive service desk
    • Lack of cross-training and knowledge sharing result in time wasted troubleshooting recurring issues
    • Lack of trend analysis limits the effectiveness of demand planning

    Standardized service desk processes increase user and technician satisfaction and lower costs to support through:

    • Improved business satisfaction Improved end-user satisfaction Incidents prioritized and escalated accurately and efficiently
    • Decreased recurring issues due to root cause analysis and trends
    • Increased self-sufficiency of end users
    • Strengthened team and consistent delivery through cross-training and knowledge sharing
    • Enhanced demand planning through trend analysis and reporting

    The image is a graphic of a pyramid, with categories as follows (from bottom): FAQ/Knowledgebase; Users; Tier 1-75-80%; Tier 2-15%; Tier 3 - 5%. On the right side of the pyramid is written Resolution, with arrows extending from each of the higher sections down to Users. On the left is written Escalation, with arrows from each lower category up to the next highest. Inside the pyramid are arrows extending from the bottom to each level and vice versa.

    Analyze the organizational structure of each service desk

    1.3.2 Discuss the structure of each service desk

    Participants
    • CIO
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You'll Need
    • Consolidate Service Desk Assessment Tool

    1. Facilitate a discussion among recommended participants to discuss the structure of each service desk. Decide which model best describes each service desk:

    • The Gatekeeper Model: All calls are routed through a central call group whose sole responsibility is to link the customer to the right individual or group.
    • The Call Sorting Model: All calls are sorted into categories using technology and forwarded to the right 2nd level specialist group.
    • Tiered Structure (Specialist Model): All calls are sorted through a single specialist group, such as desktop support. Their job is to log the interaction, attempt resolution, and escalate when the problem is beyond their ability to resolve.
    • Tiered Structure (Generalist Model): All calls are sorted through a single generalist group, whose responsibility is to log the interaction, attempt a first resolution, and escalate when the problem is beyond their ability to resolve.

    2. Use a flip chart or whiteboard to draw the architecture of each service desk, using the example on the right as a guide.

    The image is a graphic depicting the organizational structure of a service desk, from Users to Vendor. The graphic shows how a user request can move through tiers of service, and the ways that Tiers 2 and 3 of the service desk are broken down into areas of specialization.

    Assess the current state of each service desk using the Consolidate Service Desk Assessment Tool

    Assess the current state of each service desk

    The Consolidate Service Desk Assessment Tool will provide insight into the overall health of each existing service desk along two vectors:

    1. Process Maturity (calculated on the basis of a comprehensive survey)
    2. Metrics (calculated on the basis of entered ticket and demographic data)

    Together these answers offer a snapshot of the health, efficiency, performance, and perceived value of each service desk under evaluation.

    This tool will assist you through the current state assessment process, which should follow these steps:

    1. Send a copy of this tool to the Service Desk Manager (or other designated party) of each service desk that may be considered as part of the consolidation effort.
      • This will collect key metrics and landscape data and assess process maturity
    2. Analyze the data and discuss as a group
    3. Ask follow-up questions
    4. Use the information to compare the health of each service desk using the scorecard tool

    These activities will be described in more detail throughout this step of the project.

    Gather relevant data to assess the environment of each service desk

    Assess each service desk’s environment using the assessment tool

    Send a copy of the Consolidate Service Desk Assessment Tool to the Service Desk Manager (or other designated party) of each service desk that will be considered as part of the consolidation.

    Instruct them to complete tab 2 of the tool, the Environment Survey:

    • Enter Profile, Demographic, Satisfaction, Technology, and Ticket data into the appropriate fields as accurately as possible. Satisfaction data should be entered as percentages.
    • Notes can be entered next to each field to indicate the source of the data, to note missing or inaccurate data, or to explain odd or otherwise confusing data.

    This assessment will provide an overview of key metrics to assess the performance of each service desk, including:

    • Service desk staffing for each tier
    • Average ticket volume and distribution per month
    • # staff in IT
    • # service desk staff
    • # supported devices (PC, laptops, mobiles, etc.)
    • # desktop images

    Assess the overall maturity of each service desk

    1.3.3 Use the assessment tool to measure the maturity of each service desk

    Participants
    • CIO
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You'll Need
    • Consolidate Service Desk Assessment Tool
    1. Assemble the relevant team for each service desk: process owners, functional managers, service desk manager, and relevant staff and technicians who work with the processes to be assessed. Each service desk team should meet to complete the maturity assessment together as a group.
    2. Go to tab 3 (Service Desk Maturity Survey) of the Consolidate Service Desk Assessment Tool and respond to the questions in the following categories:
    • Prerequisites (general questions)
    • People
    • Process
    • Technology
    • SLAs
  • Rate each element. Be honest. The goal is to end up with as close a representation as possible to what really exists. Only then can you identify realistic improvement opportunities. Use the maturity definitions as guides.
  • Evaluate resource utilization and satisfaction to allocate resources effectively

    Include people as part of your current state assessment to evaluate whether your resources are appropriately allocated to maximize effectiveness and agent satisfaction.

    Skills Inventory

    Use the IT Skills Inventory and Gap Assessment Tool to assess agent skills and identify gaps or overlaps.

    Agent Satisfaction

    Measure employee satisfaction and engagement to identify strong teams.

    Roles and Responsibilities

    Gather a clear picture of each service desk’s organizational hierarchy, roles, and responsibilities.

    Agent Utilization

    Obtain a snapshot of service desk productivity by calculating the average amount of time an agent is handling calls, divided by the average amount of time an agent is at work.

    Conduct a skills inventory for each service desk

    Evaluate agent skills across service desks

    After evaluating processes, evaluate the skill sets of the agents tasked with following these processes to identify gaps or overlap.

    Send the Skills Coverage Tool tab to each Service Desk Manager, who will either send it to the individuals who make up their service desk with instructions to rate themselves, or complete the assessment together with individuals as part of one-on-one meetings for discussing development plans.

    IT Skills Inventory and Gap Assessment Tool will enable you to:

    • List skills required to support the organization.
    • Document and rate the skills of the existing IT staffing contingent.
    • Assess the gaps to help determine hiring or training needs, or even where to pare back.
    • Build a strategy for knowledge sharing, transfer, and training through the consolidation project.

    Map out roles and responsibilities of each service desk using organizational charts

    1.3.4 Obtain or draw organizational charts for each location

    Clearly document service desk roles and responsibilities to rationalize service desk architecture.
    Participants
    • CIO, IT Director
    • Service Desk Manager(s)
    • Tier/Specialist Manager(s)
    What You’ll Need
    • Org. charts
    • Flip chart or whiteboard and markers
    1. Obtain or draw (on a whiteboard or flip chart) the organizational chart for each service desk to get a clear picture of the roles that fulfill each service desk. If there is any uncertainty or disagreement, discuss as a group to come to a resolution.
    2. Discuss the roles and reporting relationships within the service desk and across the organization to establish if/where inefficiencies exist and how these might be addressed through consolidation.
    3. If an up-to-date organizational chart is not in place, use this time to define the organizational structure as-is and consider future state.
    IT Director
    Service Desk Manager
    Tier 1 Help Desk Lead Tier 2 Help Desk Lead Tier 2 Apps Support Lead Tier 3 Specialist Support Lead
    Tier 1 Specialist Name Title Name Title Name Title
    Tier 1 Specialist Name Title Name Title Name Title
    Name Title Name Title Name Title
    Name Title Name Title

    Conduct an agent satisfaction survey to compare employee engagement across locations

    Evaluate agent satisfaction

    End-user satisfaction isn’t the only important satisfaction metric.

    Agent satisfaction forms a key metric within the Consolidate Service Desk Assessment Tool, and it can be evaluated in a variety of ways. Choose the approach that best suits your organization and time restraints for the project.

    Determine agent satisfaction on the basis of a robust (and anonymous) survey of service desk agents. Like the end-user satisfaction score, this measure is ideally computed as a percentage.

    There are several ways to measure agent satisfaction:

    1. If your organization runs an employee engagement survey, use the most recent survey results, separating them by location and converting them to a percentage.
    2. If your organization does not currently measure employee engagement or satisfaction, consider one of Info-Tech and McLean & Company’s two engagement diagnostics:
      • Full Engagement Diagnostic – 81 questions that provide a comprehensive view into your organization's engagement levels
      • McLean & Company’s Pulse Survey – 15 questions designed to give a high-level view of employee engagement
    3. For smaller organizations, a survey may not be feasible or make sense. In this case, consider gathering informal engagement data through one-on-one meetings.
    4. Be sure to discuss and document any reasons for dissatisfaction, including pain points with the current tools or processes.
    Document
    • Document on tab 2 of the Consolidate Service Desk Assessment Tool

    Assess the service management tools supporting your service desks

    Identify the different tools being used to support each service desk in order to assess whether and how they can be consolidated into one service management tool.

    Ideally, your service desks are already on the same ITSM platform, but if not, a comprehensive assessment of current tools is the first step toward a single, consolidated solution.

    Include the following in your tools assessment:

    • All automated ITSM solutions being used to log and track incidents and service requests
    • Any manual or other methods of tracking tickets (e.g. Excel spreadsheets)
    • Configurations and any customizations that have been made to the tools
    • How configuration items are maintained and how mature the configuration management databases (CMDB) are
    • Pricing and licensing agreements for tools
    • Any unique functions or limitations of the tools

    Info-Tech Insight

    Document not only the service management tools that are used but also any of their unique and necessary functions and configurations that users may have come to rely upon, such as remote support, self-serve, or chat support, in order to inform requirements in the next phase.

    Assess the IT environment your service desks support

    Even if you don’t do any formal asset management, take this opportunity for discovery and inventory to gain a complete understanding of your IT environment and the range of devices your service desks support.

    Inventory your IT environment, including:

    User Devices

    • Device counts by category Equipment/resources by user

    Servers

    • Server hardware, CPU, memory
    • Applications residing on servers

    Data centers

    • Including location and setup

    In addition to identifying the range of devices you currently support, assess:

    • Any future devices, hardware, or software that the service desk will need to support (e.g. BYOD, mobile)
    • How well each service desk is currently able to support these devices
    • Any unique or location-specific technology or devices that could limit a consolidation

    Info-Tech Insight

    The capabilities and configuration of your existing infrastructure and applications could limit your consolidation plans. A comprehensive technology assessment of not only the service desk tools but also the range of devices and applications your service desks supports will help you to prepare for any potential limitations or obstacles a consolidated service desk may present.

    Assess and document current information system environment

    1.3.5 Identify specific technology and tool requirements

    Participants
    • CIO
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You'll Need
    • Consolidate Service Desk Assessment Tool, tab 2.
    Document

    Document information on number of devices supported and number of desktop images associated with each service desk in the section on “Technology Data” of the Consolidate Service Desk Assessment Tool.

    1. Identify and document the service management tools that are used by each service desk.
    2. For each tool, identify and document any of the following that apply:
    • Integrations
    • Configurations that were made during implementation
    • Customizations that were made during implementation
    • Version, licenses, cost
  • For each service desk, document any location-specific or unique technology requirements or differences that could impact consolidation, including:
    • Devices and technology supported
    • Databases and configuration items
    • Differing applications or hardware needs
  • If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1 Assign roles and responsibilities

    Use a RACI chart to assign overarching responsibilities for the consolidation project.

    1.3.2 Analyze the organizational structure of each service desk

    Map out the organizational structure and flow of each service desk and discuss the model that best describes each.

    Phase 2

    Design the Consolidated Service Desk

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Design consolidated service desk

    Proposed Time to Completion (in weeks): 2-4

    Step 2.1: Model target consolidated service desk

    Start with an analyst kick-off call:

    • Define the target state of the consolidated service desk in detail
    • Identify requirements for the consolidation, broken down by people, process, technology and by short- vs. long-term needs

    Then complete these activities…

    • Set project metrics to measure success of the consolidation
    • Brainstorm people, process, technology requirements for the service desk
    • Build requirements documents and RFP for a new tool
    • Review results of the scorecard comparison tool

    With these tools & templates:

    Consolidate Service Desk Scorecard Tool

    Step 2.2: Assess logistics and cost of consolidation

    Review findings with analyst:

    • Plan the logistics of the consolidation for process, technology, and facilities
    • Evaluate the cost and cost savings of consolidation using a TCO tool

    Then complete these activities…

    • Plan logistics for process, technology, facilities, and resource allocation
    • Review the results of the Service Desk Efficiency Calculator to refine the business case for the consolidation project

    With these tools & templates:

    Service Desk Efficiency Calculator

    Service Desk Consolidation TCO Comparison Tool

    Phase 2 Results:

    • Detailed requirements and vision for the consolidated service desk, gap analysis of current vs. target state, and an initial analysis of the logistical considerations to achieve target.

    Step 2.1: Model target consolidated state

    Phase 2

    Design consolidation

    2.1 Design target consolidated service desk

    2.2 Assess logistics and cost of consolidation

    This step will walk you through the following activities:
    • 2.1.1 Determine metrics to measure the value of the project
    • 2.1.2 Set targets for each metric to measure progress and success of the consolidation
    • 2.1.3 Brainstorm process requirements for consolidated service desk
    • 2.1.4 Brainstorm people requirements for consolidated service desk
    • 2.1.5 Brainstorm technology requirements for consolidated service desk
    • 2.1.6 Build a requirements document for the service desk tool
    • 2.1.7 Evaluate alternative tools, build a shortlist for RFPs, and arrange web demonstrations or evaluation copies
    • 2.1.8 Set targets for key metrics to identify high performing service desks
    • 2.1.9 Review the results of the scorecard to identify best practices
    This step involves the following participants:
    • CIO
    • IT Director
    • Service Desk Managers
    • Service Desk Technicians
    Step Outcomes
    • A list of people, process, and technology requirements for the new consolidated service desk
    • A clear vision of the target state
    • An analysis of the gaps between existing and target service desks

    Ensure the right people and methods are in place to anticipate implementation hurdles

    CASE STUDY

    Industry: Higher Education

    Source: Oxford University, IT Services

    "Since our last update, a review and re-planning exercise has reassessed the project approach, milestones, and time scales. This has highlighted some significant hurdles to transition which needed to be addressed, resulting primarily from the size of the project and the importance to the department of a smooth and well-planned transition to the new processes and toolset." – John Ireland, Director of Customer Service & Project Sponsor

    Initial hurdles led to a partial reorganization of the project in Fall 2014

    Despite careful planning and its ultimate success, Oxford’s consolidation effort still encountered some significant hurdles along the way – deadlines were sometimes missed and important processes overlooked.

    These bumps can be mitigated by building flexibility into your plan:

    • Adopt an Agile methodology – review and revise groups of tasks as the project progresses, rather than waiting until near the end of the project to get approval for the complete implementation.
    • Your Tiger Team or Project Steering Group must include the right people – the project team should not just include senior or high-level management; members of each affected IT group should be consulted, and junior-level employees can provide valuable insight into existing and potential processes and workflows.

    Info-Tech Insight

    Ensure that the project lead is someone conversant in ITSM, so that they are equipped to understand and react to the unique challenges and expectations of a consolidation and can easily communicate with process owners.

    Use the consolidation vision to define the target service desk in more detail

    Use your baseline assessment and your consolidation vision as a guide to figure out exactly where you’re going before planning how to get there.

    With approval for the project established and a clear idea of the current state of each service desk, narrow down the vision for the consolidated service desk into a specific picture of the target state.

    The target state should provide answers to the following types of questions:

    Process:

    • Will there be one set of SLAs across the organization?
    • What are the target SLAs?
    • How will ticket categories be defined?
    • How will users submit and track their tickets?
    • How will tickets be prioritized and escalated?
    • Will a knowledgebase be maintained and accessible by both service desk and end users?

    People:

    • How will staff be reorganized?
    • What will the roles and responsibilities look like?
    • How will tiers be structured?
    • What will the career path look like within the service desk?

    Technology:

    • Will there be one single ITSM tool to support the service desk?
    • Will an existing tool be used or will a new tool be selected?
    • If a new tool is needed, what are the requirements?

    Info-Tech Insight

    Select the target state that is right for your organization. Don’t feel pressured to select the highest target state or a complete consolidation. Instead select the target state that is most compatible with your organization’s current needs and capabilities.

    Determine metrics to measure the value of the project

    2.1.1 Identify KPIs to measure the success of the consolidation

    Participants
    • CIO
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You’ll Need
    • Whiteboard or flip chart and markers

    Identify three primary categories where the consolidation project is expected to yield benefits to the business. Use the example on the right to guide your discussion.

    Efficiency and effectiveness are standard benefits for this project, but the third category may depend on your organization.

    • Examples include: improved resourcing, security, asset management, strategic alignment, end-user experience, employee experience

    Identify 1-3 key performance indicators (KPIs) associated with each benefit category, which will be used to measure the success of the consolidation project. Ensure that each has a baseline measure that can be reassessed after the consolidation.

    Efficiency

    Streamlined processes to reduce duplication of efforts

    • Reduced IT spend and cost of delivery
    • One ITSM tool Improved reliability of service
    • Improved response time

    Resourcing

    Improved allocation of human and financial resources

    • Improved resource sharing
    • Improved organizational structure of service desk

    Effectiveness

    Service delivery will be more accessible and standardized

    • Improved responsive-ness to incidents and service requests
    • Improved resolution time
    • Single point of contact for end users
    • Improved reporting

    Set targets for each metric to measure progress and success of the consolidation

    2.1.2 Identify specific metrics for each KPI and targets for each

    Participants
    • IT Director
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You’ll Need
    • KPIs from previous step
    • Whiteboard or flip chart and markers
    1. Select one core KPI for each critical success factor, which will be used to measure progress and success of the consolidation effort down the road.
    2. For each KPI, document the average baseline metric the organization is achieving (averaged across all service desks).
    3. Discuss and document a target metric that the project will aim to reach through the single consolidated service desk.
    4. Set a short and long-term target for each metric to encourage continuous improvement. Examples:
    Efficiency
    Business Value KPI Current Metric Short-Term (6 month) Target Long-Term (1 year) Target
    Streamlined processes to reduce duplication of efforts Improved response time 2 hours 1 hour 30 minutes
    Effectiveness
    Business Value KPI Current Metric Short-Term (6 month) Target Long-Term (1 year) Target
    Service delivery will be more accessible and standardized Improved first call resolution (% resolved at Tier 1) 50% 60% 70%

    If poor processes were in place, take the opportunity to start fresh with the consolidation

    If each service desk’s existing processes were subpar, it may be easier to build a new service desk from the basics rather than trying to adapt existing processes.

    You should have these service management essentials in place:

    Service Requests:

    • Standardize process to verify, approve, and fulfill service requests.
    • Assign priority according to business criticality and service agreements.
    • Think about ways to manage service requests to better serve the business long term.

    Incident Management:

    • Set standards to define and record incidents.
    • Define incident response actions and communications.

    Knowledgebase:

    • Define standards for knowledgebase.
    • Introduce creation of knowledgebase articles.
    • Create a knowledge-sharing and cross-training culture.

    Reporting:

    • Select appropriate metrics.
    • Generate relevant insights that shed light on the value that IT creates for the organization.

    The image is a circle comprised of 3 concentric circles. At the centre is a circle labelled Standardized Service Desk. The ring outside of it is split into 4 sections: Incident Management; Service Requests; Structure and Reporting; and Knowledgebase. The outer circle is split into 3 sections: People, Process, Technologies.

    Evaluate how your processes compare with the best practices defined here. If you need further guidance on how to standardize these processes after planning the consolidation, follow Info-Tech’s blueprint, Standardize the Service Desk.

    Even optimized processes will need to be redefined for the target consolidated state

    Your target state doesn’t have to be perfect. Model a short-term, achievable target state that can demonstrate immediate value.

    Consider the following elements when designing service desk processes:
    • Ticket input (i.e. how can tickets be submitted?)
    • Ticket classification (i.e. how will tickets be categorized?)
    • Ticket prioritization (i.e. how will critical incidents be defined?)
    • Ticket escalation (i.e. how and at what point will tickets be assigned to a more specialized resource?)
    • Ticket resolution (i.e. how will resolution be defined and how will users be notified?)
    • Communication with end users (i.e. how and how often will users be notified about the status of their ticket or of other incidents and outages?)

    Consider the following unique process considerations for consolidation:

    • How will knowledge sharing be enabled in order for all technicians to quickly access known errors and resolve problems?
    • How can first contact resolution levels be maintained through the transition?
    • How will procedures be clearly documented so that tickets are escalated properly?
    • Will ticket classification and prioritization schemes need to change?
    • Will new services such as self-serve be introduced to end users and how will this be communicated?

    Info-Tech Insight

    Don’t do it all at once. Consolidation will lead to some level of standardization. It will be reinforced and improved later through ongoing reengineering and process improvement efforts (continual improvement management).

    Brainstorm process requirements for consolidated service desk

    2.1.3 Identify process-related requirements for short and long term

    Participants
    • CIO
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You'll Need
    • Whiteboard, sticky notes, markers
    • Vision and goals for the consolidation from step 1.2
    Document
    • Document internally, or leave on a whiteboard for workshop participants to return to when documenting tasks in the roadmap tool.
    1. Review the questions in the previous section to frame a discussion on process considerations and best practices for the target consolidated service desk.
    2. Use your responses to the questions to brainstorm a list of process requirements or desired characteristics for the target state, particularly around incident management and service request management.
    3. Write each requirement onto a sticky note and categorize it as one of the following:
      1. Immediate requirement for consolidated service desk
      2. Implement within 6 months
      3. Implement within 1 year

    Example:

    Whiteboard:

    • Immediate
      • Clearly defined ticket prioritization scheme
      • Critical incident process workflow
    • 6 months
      • Clearly defined SOP, policies, and procedures
      • Transactional end-user satisfaction surveys
    • 1 year
      • Change mgmt.
      • Problem mgmt.

    Define the target resource distribution and utilization for the consolidated service desk

    Consolidation can sound scary to staff wondering if there will be layoffs. Reduce that by repurposing local staff and maximizing resource utilization in your organizational design.

    Consider the following people-related elements when designing your target state:

    • How will roles and responsibilities be defined for service desk staff?
    • How many agents will be required to deal with ticket demand?
    • What is the target agent utilization rate?
    • How will staff be distributed among tiers?
    • What will responsibilities be at each tier?
    • Will performance goals and rewards be established or standardized?

    Consider the following unique people considerations for consolidation:

    • Will staffing levels change?
    • Will job titles or roles change for certain individuals?
    • How will staff be reorganized?
    • Will staff need to be relocated to one location?
    • Will reporting relationships change?
    • How will this be managed?
    • How will performance measurements be consolidated across teams and departments to focus on the business goals?
    • Will there be a change to career paths?
    • What will consolidation do to morale, job interest, job opportunities?

    Info-Tech Insight

    Identify SMEs and individuals who are knowledgeable about a particular location, end-user base, technology, or service offering. They may be able to take on a different, greater role due to the reorganization that would make better use of their skills and capabilities and improve morale.

    Brainstorm people requirements for consolidated service desk

    2.1.4 Identify people-related requirements for short and long term

    Participants
    • CIO
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You'll Need
    • Whiteboard, sticky notes, markers
    • Vision and goals for the consolidation from step 1.2
    Document

    Document internally, or leave on a whiteboard for workshop participants to return to when documenting tasks in the roadmap tool.

    1. Review the questions in the previous section to frame a discussion on people considerations and best practices for the target consolidated service desk.
    2. Use your responses to the questions to brainstorm a list of requirements for the allocation and distribution of resources, including roles, responsibilities, and organizational structure.
    3. When thinking about people, consider requirements for both your staff and your end users.
    4. Write each requirement onto a sticky note and categorize it as one of the following:
      1. Immediate requirement for consolidated service desk
      2. Implement within 6 months
      3. Implement within 1 year

    Example:

    Whiteboard:

    • Immediate
      • Three tier structure with SMEs at Tier 2 and 3
      • All staff working together in one visible location
    • 6 months
      • Roles and responsibilities well defined and documented
      • Appropriate training and certifications available to staff
    • 1 year
      • Agent satisfaction above 80%
      • End-user satisfaction above 75%

    Identify the tools that will support the service desk and those the service desk will support

    One of the biggest technology-related decisions you need to make is whether you need a new ITSM tool. Consider how it will be used by a single service desk to support the entire organization.

    Consider the following technology elements when designing your target state:
    • What tool will be used to support the service desk?
    • What processes or ITIL modules can the tool support?
    • How will reports be produced? What types of reports will be needed for particular audiences?
    • Will a self-service tool be in place for end users to allow for password resets or searches for solutions?
    • Will the tool integrate with tools for change, configuration, problem, and asset management?
    • Will the majority of manual processes be automated?
    Consider the following unique technology considerations for consolidation:
    • Is an existing service management tool extensible?
    • If so, can it integrate with essential non-IT systems?
    • Can the tool support a wider user base?
    • Can the tool support all areas, departments, and technologies it will need to after consolidation?
    • How will data from existing tools be migrated to the new tool?
    • What implementation or configuration needs and costs must be considered?
    • What training will be required for the tool?
    • What other new tools and technologies will be required to support the consolidated service desk?

    Info-Tech Insight

    Talk to staff at each service desk to ask about their tool needs and requirements to support their work. Invite them to demonstrate how they use their tools to learn about customization, configuration, and functionality in place and to help inform requirements. Engaging staff in the process will ensure that the new consolidated tool will be supported and adopted by staff.

    Brainstorm technology requirements for consolidated service desk

    2.1.5 Identify technology-related requirements for short and long term

    Participants
    • CIO
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You’ll Need
    • Whiteboard, sticky notes, markers
    • Vision and goals for the consolidation from step 1.2
    Document

    Document internally, or leave on a whiteboard for workshop participants to return to when documenting tasks in the roadmap tool.

    1. Review the questions in the previous section to frame a discussion on technology considerations and best practices for the target consolidated service desk.
    2. Use your responses to the questions to brainstorm a list of requirements for the tools to support the consolidated service desk, along with any other technology requirements for the target state.
    3. Write each requirement onto a sticky note and categorize it as one of the following:
      1. Immediate requirement for consolidated service desk
      2. Implement within 6 months
      3. Implement within 1 year

    Example:

    Whiteboard:

    • Immediate
      • Single ITSM tool
      • Remote desktop support
    • 6 months
      • Self-service portal
      • Regular reports are produced accurately
    • 1 year
      • Mobile portal
      • Chat integration

    Identify specific requirements for a tool if you will be selecting a new ITSM solution

    Service desk software needs to address both business and technological needs. Assess these needs to identify core capabilities required from the solution.

    Features Description
    Modules
    • Do workflows integrate seamlessly between functions such as incident management, change management, asset management, desktop and network management?

    Self-Serve

    • Does the existing tool support self-serve in the form of web forms for incident reporting, forms for service requests, as well as FAQs for self-solve?
    • Is a service catalog available or can one be integrated painlessly?
    Enterprise Service Management Needs
    • Integration of solution to all of IT, Human Resources, Finance, and Facilities for workflows and financial data can yield great benefits but comes at a higher cost and greater complexity. Weigh the costs and benefits.
    Workflow Automation
    • If IT has advanced beyond simple workflows, or if extending these workflows beyond the department, more power may be necessary.
    • Full business process management (BPM) is part of a number of more advanced service desk/service management solutions.
    License Maintenance Costs
    • Are license and maintenance costs still reasonable and appropriate for the value of the tool?
    • Will the vendor renegotiate?
    • Are there better tools out there for the same or better price?
    Configuration Costs
    • Templates, forms, workflows, and reports all take time and skills but bring big benefits. Can these changes be done in-house? How much does it cost to maintain and improve?
    Speed / Performance
    • Data growth and volume may have reached levels beyond the current solution’s ability to cope, despite database tuning.
    Vendor Support
    • Is the vendor still supporting the solution and developing the roadmap? Has it been acquired? Is the level of support still meeting your needs?

    Build a requirements document for the service desk tool

    2.1.6 Create a requirements list and demo script for an ITSM tool (optional)

    Participants
    • CIO/IT Director
    • Service Desk Manager(s)
    • Service Desk Technicians
    What You'll Need
    • Flip charts and markers
    • Templates:
      • IT Service Management Demo Script Template
      • Service Desk Software and RFP Evaluation Tool

    Create a requirements list for the service desk tool.

    1. Break the group into smaller functional groups.
    2. Brainstorm features that would be important to improving efficiencies, services to users, and visibility to data.
    3. Document on flip chart paper, labelling each page with the functional group name.
    4. Prioritize into must-have and nice-to-have items.
    5. Reconvene and discuss each list with the group.
    6. Info-Tech’s Service Desk Software and RFP Evaluation Tool can also be used to document requirements for an RFI.

    Create a demo script:

    Using information from the requirements list, determine which features will be important for the team to see during a demo. Focus on areas where usability is a concern, for example:

    • End-user experience
    • Workflow creation and modification
    • Creating templates
    • Creating service catalog items
    • Knowledgebase

    Evaluate alternative tools, build a shortlist for RFPs, and arrange web demonstrations or evaluation copies

    2.1.7 Identify an alternative tool and build an RFP (optional)

    Participants
    • CIO (optional)
    • Service Desk Manager
    • Service Desk Technician(s)
    • Service Desk Tool Administrator
    What You'll Need
    • Whiteboard or flip chart and markers
    • Service Desk RFP Template

    Evaluate current tool:

    • Investigate to determine if these features are present and just not in use.
    • Contact the vendor if necessary.
    • If enough features are present, determine if additional training is required.
    • If tool is proven to be inadequate, investigate options.

    Consider alternatives:

    Use Info-Tech’s blueprints for further guidance on selecting and implementing an ITSM tool

    1. Select a tool

    Info-Tech regularly evaluates ITSM solution providers and ranks each in terms of functionality and affordability. The results are published in the Enterprise and Mid-Market Service Desk Software Vendor Landscapes.

    2. Implement the tool

    After selecting a solution, follow the Build an ITSM Tool Implementation Plan project to develop an implementation plan to ensure the tool is appropriately designed, installed, and tested and that technicians are sufficiently trained to ensure successful deployment and adoption of the tool.

    Compare your existing service desks with the Consolidate Service Desk Scorecard Tool

    Complete the scorecard tool along with the activities of the next step

    The Consolidate Service Desk Scorecard Tool will allow you to compare metrics and maturity results across your service desks to identify weak and poor performers and processes.

    The purpose of this tool is to organize the data from up to six service desks that are part of a service desk consolidation initiative. Displaying this data in an organized fashion, while offering a robust comparative analysis, should facilitate the process of establishing a new baseline for the consolidated service desk.

    Use the results on tab 4 of the Consolidate Service Desk Assessment Tool. Enter the data from each service desk into tab “2. InfoCards” of the Consolidate Service Desk Scorecard Tool.

    Data from up to six service desks (up to six copies of the assessment tool) can be entered into this tool for comparison.

    Set targets for key metrics to identify high performing service desks

    2.1.8 Use the scorecard tool to set target metrics against which to compare service desks

    Participants
    • CIO or IT Director
    • Service Desk Manager(s)
    What You’ll Need
    • Consolidate Service Desk Scorecard Tool
    1. Review the explanations of the six core metrics identified from the service desk assessment tool. These are detailed on tab 3 of the Consolidate Service Desk Scorecard Tool.
      1. End-user satisfaction
      2. Agent satisfaction
      3. Cost per ticket
      4. Agent utilization rate
      5. First contact resolution rate
      6. First tier resolution rate
    2. For each metric (except agent utilization), define a “worst” and “best” target number. These numbers should be realistic and determined only after some consideration.
    • Service desks scoring at or above the “best” threshold for a particular metric will receive 100% on that metric; while service desks scoring at or below the “worst” threshold for a particular metric will receive 0% on that metric.
    • For agent utilization, only a “best” target number is entered. Service desks hitting this target number exactly will receive 100%, with scores decreasing as a service desk’s agent utilization gets further away from this target.
  • Identify the importance of each metric and vary the values in the “weighting” column accordingly.
  • The values entered on this tab will be used in calculating the overall metric score for each service desk, allowing you to compare the performance of existing service desks against each other and against your target state.

    Review the results of the scorecard to identify best practices

    2.1.9 Discuss the results of the scorecard tool

    Participants
    • CIO or IT Director (optional)
    • Service Desk Manager(s)
    What You'll Need
    • Consolidate Service Desk Scorecard Tool
    1. Facilitate a discussion on the results of the scorecard tool on tabs 4 (Overall Results), 5 (Maturity Results), and 6 (Metrics Results).
    2. Identify the top performing service desks(s) (SD Champions) as identified by the average of their metric and maturity scores.
    3. Identify the top performing service desk by maturity level (tab 5; Level 3 – Integrated or Optimized), paying particular attention to high scorers on process maturity and maturity in incident & service request management.
    4. Identify the top performing service desk by metric score (tab 6), paying particular attention to the metrics that tie into your KPIs.
    5. For those service desks, review their processes and identify what they are doing well to glean best practices.
      1. Incorporate best practices from existing high performing service desks into your target state.
      2. If one service desk is already performing well in all areas, you may choose to model your consolidated service desk after it.

    Document processes and procedures in an SOP

    Define the standard operating procedures for the consolidated service desk

    Develop one set of standard operating procedures to ensure consistent service delivery across locations.

    One set of standard operating procedures for the new service desk is essential for a successful consolidation.

    Info-Tech’s Consolidated Service Desk SOP Template provides a detailed example of documenting procedures for service delivery, roles and responsibilities, escalation and prioritization rules, workflows for incidents and service requests, and resolution targets to help ensure consistent service expectations across locations.

    Use this template as a guide to develop or refine your SOP and define the processes for the consolidated service desk.

    Step 2.2: Assess logistics and cost of consolidation

    Phase 2

    Design consolidation

    2.1 Design target consolidated state

    2.2 Assess logistics and cost

    This step will walk you through the following activities:
    • 2.2.1 Plan logistics for process, technology, and facilities
    • 2.2.2 Plan logistics around resource allocation
    • 2.2.3 Review the results of the Service Desk Efficiency Calculator to refine the business case for the consolidation project
    This step involves the following participants:
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    Step outcomes
    • An understanding and list of tasks to accomplish to ensure all logistical considerations for the consolidation are accounted for
    • An analysis of the impact on staffing and service levels using the Service Desk Efficiency Calculator
    • An assessment of the cost of consolidation and the cost savings of a consolidated service desk using a TCO tool

    The United States Coast Guard’s consolidation saved $20 million in infrastructure and support costs

    CASE STUDY

    Industry: US Coast Guard

    Source: CIO Rear Adm. Robert E. Day, Jr. (retired)

    Challenges

    The US Coast Guard was providing internal IT support for 42,000 members on active duty from 11 distinct regional IT service centers around the US.

    Pain Points

    1. Maintaining 11 disparate IT architectures was costly and time consuming.
    2. Staffing inefficiencies limited the USCG’s global IT service operations to providing IT support from 8am to 4pm.
    3. Individual sites were unable to offload peak volume during heavier call loads to other facilities.
    4. Enforcing adherence to standard delivery processes, procedures, and methods was nearly impossible.
    5. Personnel didn’t have a single point of contact for IT support.
    6. Leadership has limited access to consolidated analytics.

    Outcomes

    • Significant reduction in infrastructure, maintenance, and support costs.
    • Reduced risk through comprehensive disaster recovery.
    • Streamlined processes and procedures improved speed of incident resolution.
    • Increased staffing efficiencies.
    • Deeper analytical insight into service desk performance.

    Admiral Day was the CIO from 2009 to 2014. In 2011, he lead an initiative to consolidate USCG service desks.

    Selecting a new location communicated the national mandate of the consolidated service desk

    Site Selection - Decision Procedures

    • Determine location criteria, including:
      • Access to airports, trains, and highways
      • Workforce availability and education
      • Cost of land, real estate, taxes
      • Building availability Financial incentives
    • Review space requirements (i.e. amount and type of space).
    • Identify potential locations and analyze with defined criteria.
    • Develop cost models for various alternatives.
    • Narrow selection to 2-3 sites. Analyze for fit and costs.
    • Conduct site visits to evaluate each option.
    • Make a choice and arrange for securing the site.
    • Remember to compare the cost to retrofit existing space with the cost of creating a space for the consolidated service desk.

    Key Decision

    Relocating to a new location involved potentially higher implementation costs, which was a significant disadvantage.

    Ultimately, the relocation reinforced the national mandate of the consolidated service desk. The new organization would act as a single point of contact for the support of all 42,000 members of the US Coast Guard.

    "Before our regional desks tended to take on different flavors and processes. Today, users get the same experience whether they’re in Alaska or Maryland by calling one number: (855) CG-FIX IT." – Rear Adm. Robert E. Day, Jr. (retired)

    Plan the logistics of the consolidation to inform the project roadmap and cost assessment

    Before proceeding, validate that the target state is achievable by evaluating the logistics of the consolidation itself.

    A detailed project roadmap will help break down the project into manageable tasks to reach the target state, but there is no value to this if the target state is not achievable or realistic.

    Don’t forget to assess the logistics of the consolidation that can be overlooked during the planning phase:

    • Service desk size
    • Location of the service desk
    • Proximity to company management and facilities
    • Unique applications, platforms, or configurations in each location/region
    • Distribution of end-user population and varying end-user needs
    • Load balancing
    • Call routing across locations
    • Special ergonomic or accessibility requirements by location
    • Language requirements

    Info-Tech Insight

    Language barriers can form significant hurdles or even roadblocks for the consolidation project. Don’t overlook the importance of unique language requirements and ensure the consolidated service desk will be able to support end-user needs.

    Plan logistics for process, technology, and facilities

    2.2.1 Assess logistical and cost considerations around processes, technology, and facilities

    Participants
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    What You'll Need
    • Whiteboard or flip chart and markers
    • Consolidate roadmap
    Document

    Identify tasks that should form part of the roadmap and document in the roadmap tool.

    Identify costs that should be included in the TCO assessment and document in the TCO tool.

    Discuss and identify any logistic and cost considerations that will need to form part of the consolidation plan and roadmap. Examples are highlighted below.

    Logistic considerations

    • Impact of ticket intake process changes on end users
    • Process change impact on SLAs and productivity standards
    • Call routing changes and improvements
    • Workstations and workspace – is there enough and what will it look like for each agent?
    • Physical access to the service desk – will walk-ups be permitted? Is it accessible?
    • Security or authorization requirements for specific agents that may be impacted by relocation
    • Layout and design of new location, if applicable
    • Hardware, platform, network, and server implications
    • Licensing and contract limitations of the service desk tool

    Cost considerations

    • Cost savings from ITSM tool consolidation
    • Cost of new ITSM tool purchase, if applicable
    • Efficiencies gained from process simplification
    • New hardware or software purchases
    • Cost per square foot of new physical location, if applicable

    Develop a staffing plan that leverages the strengths you currently have and supplement where your needs require

    Your staff are your greatest assets; be sensitive to their concerns as you plan the consolidation.

    Keep in mind that if your target state involves reorganization of resources and the creation of resources, there will be additional staffing tasks that should form part of the consolidation plan. These include:

    • Develop job descriptions and reporting relationships
    • Evaluate current competencies Identify training and hiring needs
    • Develop migration strategy (including severance and migration packages)

    If new positions will be created, follow these steps to mitigate risks:

    1. Conduct skills assessments (a skills inventory should have been completed in phase 1)
    2. Re-interview existing staff for open positions before considering hiring outside staff
    3. Hire staff from outside if necessary

    For more guidance on hiring help desk staff, see Info-Tech’s blueprint, Manage Help Desk Staffing.

    Be sensitive to employee concerns.

    Develop guiding principles for the consolidation to ensure that employee satisfaction remains a priority throughout the consolidation.

    Examples include:

    1. Reconcile existing silos and avoid creating new silos
    2. Keep current systems where it makes sense to avoid staff having to learn multiple new systems to do their jobs and to reduce costs
    3. Repurpose staff and allocate according to their knowledge and expertise as much as possible
    4. Remain open and transparent about all changes and communicate change regularly

    Info-Tech Insight

    The most talented employees can be lost in the migration to a consolidated service desk, resulting in organizational loss of core knowledge. Mitigate this risk using measurement strategies, competency modeling, and knowledge sharing to reduce ambiguity and discomfort of affected employees.

    Plan logistics around resource allocation

    2.2.2 Assess logistical and cost considerations around people

    Participants
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    What You’ll Need
    • Whiteboard or flip chart and markers
    • Consolidate roadmap
    Document

    Identify tasks that should form part of the roadmap and document in the roadmap tool.

    Identify costs that should be included in the TCO assessment and document in the TCO tool.

    Discuss and identify any logistic and cost considerations surrounding resources and staffing that will need to form part of the consolidation plan and roadmap. Examples are highlighted below.

    Logistic considerations

    • Specialized training requirements for staff moving to new roles
    • Enablement of knowledge sharing across agents
    • Potential attrition of staff who do not wish to relocate or be reallocated
    • Relocation of staff – will staff have to move and will there be incentives for moving?
    • Skills requirements, recruitment needs, job descriptions, and postings for hiring

    Cost considerations

    • Existing and future salaries for employees
    • Potential attrition of employees
    • Retention costs and salary increases to keep employees
    • Hiring costs
    • Training needs and costs

    Assess impact on staffing with the Service Desk Efficiency Calculator

    How do organizations calculate the staffing implications of a service desk consolidation?

    The Service Desk Efficiency Calculator uses the ITIL Gross Staffing Model to think through the impact of consolidating service desk processes.

    To estimate the impact of the consolidation on staffing levels, estimate what will happen to three variables:

    • Ticket volume
    • Average call resolution
    • Spare capacity

    All things being equal, a reduction in ticket volume (through outsourcing or the implementation of self-serve options, for example), will reduce your staffing requirements (all things being equal). The same goes for a reduction in the average call resolution rate.

    Constraints:

    Spare capacity: Many organizations are motivated to consolidate service desks by potential reductions in staffing costs. However, this is only true if your service desk agents have spare capacity to take on the consolidated ticket volume. If they don’t, you will still need the same number of agents to do the work at the consolidated service desk.

    Agent capabilities: If your agents have specialised skills that you need to maintain the same level of service, you won’t be able to reduce staffing until agents are cross-trained.

    Review the results of the Service Desk Efficiency Calculator to refine the business case for the consolidation project

    2.2.3 Discuss the results of the efficiency calculator in the context of consolidation

    Participants
    • CIO or IT Director
    • Service Desk Manager(s)
    What You’ll Need
    • Completed Service Desk Efficiency Calculator

    The third tab of the Service Desk Efficiency Calculator will quantify:

    • Service Desk Staffing: The impact of different ticket distribution on service desk staffing levels.
    • Service Desk Ticket Resolution Cost: The impact of different ticket distributions on ticket resolution costs.
    • Service Management Efficiency: The business impact of service management initiatives, specifically, the time lost or captured in service management processes relative to an average full-time employee equivalent.

    Facilitate a discussion around the results.

    Evaluate where you are now and where you hope to be. Focus on the efficiency gains expected from the outsourcing project. Review the expected gains in average resolution time, the expected impact on service desk ticket volume, and the associated productivity gains.

    Use this information to refine the business case and project plan for the consolidation, if needed.

    Assess consolidation costs and cost savings to refine the business case

    While cost savings should not be the primary driver of consolidation, they should be a key outcome of the project in order to deliver value.

    Typical cost savings for a service desk consolidation are highlighted below:

    People 10-20% savings (through resource pooling and reallocation)

    Process 5-10% savings (through process simplification and efficiencies gained)

    Technology 10-15% savings (through improved call routing and ITSM tool consolidation)

    Facilities 5-10% savings (through site selection and redesign)

    Cost savings should be balanced against the costs of the consolidation itself (including hiring for consolidation project managers or consultants, moving expenses, legal fees, etc.)

    Evaluate consolidation costs using the TCO Comparison Tool described in the next section.

    Analyze resourcing and budgeting to create a realistic TCO and evaluate the benefits of consolidation

    Use the TCO tool to assess the cost and cost savings of consolidation

    • The tool compares the cost of operating two service desks vs. one consolidated service desk, along with the cost of consolidation.
    • If your consolidation effort involves more than two facilities, then use multiple copies of the tool.
      • E.g. If you are consolidating four service desks (A, B, C, and D) into one service desk (X), then use two copies of the tool. We encourage you to book an analyst call to help you get the most out of this tool and process.

    Service Desk Consolidation TCO Comparison Tool

    Refine the business case and update the executive presentation

    Check in with executives and project sponsor before moving forward with the transition

    Since completing the executive visioning session in step 1.2, you should have completed the following activities:

    • Current state assessment
    • Detailed target state and metrics
    • Gap analysis between current and target state
    • Assessment of logistics and cost of consolidation

    The next step will be to develop a project roadmap to achieve the consolidation vision.

    Before doing this, check back in with the project sponsor and business executives to refine the business case, obtain necessary approvals, and secure buy-in.

    If necessary, add to the executive presentation you completed in step 1.2, copying results of the deliverables you have completed since:

    • Consolidate Service Desk Assessment Tool (current state assessment)
    • Consolidate Service Desk Scorecard Tool
    • Service Desk Consolidation TCO Comparison Tool

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.3 Brainstorm process requirements for consolidated service desk

    Identify process requirements and desired characteristics for the target consolidated service desk.

    2.1.9 Review the results of the scorecard to identify best practices

    Review the results of the Consolidate Service Desk Scorecard Tool to identify top performing service desks and glean best practices.

    Phase 3

    Plan the Transition

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Plan the transition

    Proposed Time to Completion (in weeks): 2-4

    Step 3.1: Build project roadmap

    Discuss with an analyst:

    • Identify specific initiatives for the consolidation project and evaluate the risks and dependencies for each
    • Plot initiatives on a detailed project roadmap with assigned responsibilities

    Then complete these activities…

    • Break the consolidation project down into specific initiatives
    • Identify and document risks and dependencies
    • Plot your initiatives onto a detailed project roadmap
    • Select transition date for consolidation

    With these tools & templates:

    Service Desk Consolidation Roadmap

    Step 3.2: Communicate the change

    Discuss with an analyst:

    • Identify the goals of communication, then develop a communications plan with targeted messaging for each stakeholder group to achieve those goals
    • Brainstorm potential objections and questions as well as responses to each

    Then complete these activities…

    • Build the communications delivery plan
    • Brainstorm potential objections and questions and prepare responses
    • Complete the news bulletin to distribute to your end users

    With these tools & templates:

    Service Desk Consolidation Communications and Training Plan Template

    Service Desk Consolidation News Bulletin & FAQ Template

    Phase 3 Results:
    • A detailed project roadmap toward consolidation and a communications plan to ensure stakeholders are on board

    Step 3.1: Build the project roadmap

    Phase 3

    Plan the consolidation

    3.1 Build the project roadmap

    3.2 Communicate the change

    This step will walk you through the following activities:
    • 3.1.1 Break the consolidation project down into a series of specific initiatives
    • 3.1.2 Identify and document risks and dependencies
    • 3.1.3 Plot your initiatives onto a detailed project roadmap
    • 3.1.4 Select transition date based on business cycles
    This step involves the following participants:
    • CIO
    • IT Directors
    • Service Desk Managers
    • Consolidation Project Manager
    • Service Desk Technicians
    Step outcomes

    A detailed roadmap to migrate to a single, consolidated service desk, including:

    • A breakdown of specific tasks groups by people, process, and technology
    • Identified risks and dependencies for each task
    • A timeline for completion of each task and the overall consolidation
    • Assigned responsibility for task completion

    Failure to engage stakeholders led to the failure of a large healthcare organization’s consolidation

    CASE STUDY

    Industry: Healthcare

    Source: Organizational insider

    A large US healthcare facilities organization implemented a service desk consolidation initiative in early 2013. Only 18 months later, they reluctantly decided to return to their previous service desk model.

    Why did this consolidation effort fail?

    1. Management failed to communicate the changes to service-level staff, leading to agent confusion and pushback. Initially, each desk became part of the other’s overflow queue with no mention of the consolidation effort. Next, the independent desks began to share a basic request queue. Finally, there was a complete virtual consolidation – which came as a shock to service agents.
    2. The processes and workflows of the original service desks were not integrated, requiring service agents to consult different processes and use different workflows when engaging with end users from different facilities, even though all calls were part of the same queue.
    3. Staff at the different service centers did not have a consistent level of expertise or technical ability, even though they all became part of the same queue. This led to a perceived drop in end-user satisfaction – end users were used to getting a certain level of service and were suddenly confronted with less experienced agents.

    Before Consolidation

    Two disparate service desks:

    • With distinct geographic locations.
    • Servicing several healthcare facilities in their respective regions.
    • With distinct staff, end users, processes, and workflows.

    After Consolidation

    One virtually-consolidated service desk servicing many facilities spread geographically over two distinct locations.

    The main feature of the new virtual service desk was a single, pooled ticket queue drawn from all the end users and facilities in the new geographic regions.

    Break the consolidation project down into a series of specific initiatives

    3.1.1 Create a list of specific tasks that will form the consolidation project

    Participants
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    What You’ll Need
    • Whiteboard and markers
    • List of prioritized target state requirements
    • Consolidation roadmap
    Document

    Document the list of initiatives in the Service Desk Consolidation Roadmap.

    In order to translate your newly made decisions regarding the target state and logistical considerations into a successful consolidation strategy, create an exhaustive list of all the steps and sub-steps that will lead you from your current state to your target state.

    Use the next few steps to finish brainstorming the initiative list, identify risks and dependencies, and construct a detailed timeline populated with specific project steps.

    Instructions

    Start with the list you have been curating throughout the current and future state assessments. If you are completing this project as a workshop, add to the initiative list you have been developing on the whiteboard.

    Try to organize your initiatives into groups of related tasks. Begin arranging your initiatives into people, process, technology, or other categories.

    Whiteboard People Process Technology Other

    Evaluate the impact of potential risks and develop a backup plan for high risk initiatives

    A service desk consolidation has a high potential for risks. Have a backup plan prepared for when events don’t go as planned.

    • A consolidation project requires careful planning as it is high risk and not performed often.
    • Apply the same due diligence to the consolidation plan as you do in preparing your disaster recovery plan. Establish predetermined resolutions to realistic risks so that the team can think of solutions quickly during the consolidation.

    Potential Sources of Risk

    • Service desk tool or phone line downtime prevents ability to submit tickets
    • Unable to meet SLAs through the transition
    • Equipment failure or damage through the physical move
    • Lost data through tool migration
    • Lost knowledge from employee attrition
    Risk - degree of impact if activities do not go as planned High

    A – High Risk, Low Frequency

    Tasks that are rarely done and are high risk. Focus attention here with careful planning (e.g. consolidation)

    B – High Risk, High Frequency

    Tasks that are performed regularly and must be watched closely each time (e.g. security authorizations)

    C – Low Risk, Low Frequency

    Tasks that are performed regularly with limited impact or risk (e.g. server upgrades)

    D – Low Risk, High Frequency

    Tasks that are done all the time and are not risky (e.g. password resets)

    Low High
    Frequency - how often the activity has been performed

    Service desk consolidations fit in category A

    Identify risks for people, processes, tools, or data to ensure the project plan will include appropriate mitigations

    Each element of the consolidation has an inherent risk associated with it as the daily service flow is interrupted. Prepare in advance by anticipating these risks.

    The project manager, service desk managers, and subject matter experts (SMEs) of different areas, departments, or locations should identify risks for each of the processes, tools, resource groups (people), and any data exchanges and moves that will be part of the project or impacted by the project.

    Process - For each process, validate that workflows can remain intact throughout the consolidation project. If any gaps may occur in the process flows, develop a plan to be implemented in parallel with the consolidation to ensure service isn’t interrupted.

    Technology - For a tool consolidation, upgrade, or replacement, verify that there is a plan in place to ensure continuation of service delivery processes throughout the change.

    Make a plan for if and how data from the old tool(s) will be migrated to the new tool, and how the new tool will be installed and configured.

    People - For movement of staff, particularly with termination, identify any risks that may occur and involve your HR and legal departments to ensure all movement is compliant with larger processes within the organization.

    Info-Tech Insight

    Don’t overlook the little things. Sometimes the most minor-seeming components of the consolidation can cause the greatest difficulty. For example, don’t assume that the service desk phone number can simply roll over to a new location and support the call load of a combined service desk. Verify it.

    Identify and document risks and dependencies

    3.1.2 Risks, challenges, and dependencies exercise - Estimated Time: 60 minutes

    Participants
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    • SMEs
    What You'll Need
    • Whiteboard and markers
    • List of initiatives identified in previous activities
    • Consolidation roadmap
    Document

    Use the outcome of this activity to complete your consolidation roadmap.

    Instructions
    • Document risks and challenges, as well as dependencies associated with the initiatives identified earlier, using a different color sticky note from your initiatives.
    • See example below.
    Combine Related Initiatives
    • Look for initiatives that are highly similar, dependent on each other, or occurring at the same time. Consolidate these initiatives into a single initiative with several sub-steps in order to better organize your roadmap and reduce redundancy.
    • Create hierarchies for dependent initiatives that could affect the scheduling of initiatives on a roadmap, and reorganize the whiteboard where necessary.
    Optional:
    • Use a scoring method to categorize risks. E.g.:
      • High: will stop or delay operations, radically increase cost, or significantly reduce consolidation benefits
      • Medium: would cause some delay, cost increase, or performance shortfall, but would not threaten project viability
      • Low: could impact the project to a limited extent, causing minor delays or cost increases
    • Develop contingency plans for high risks or adjust to avoid the problem entirely
    Implement new ISTM tool:
    • Need to transition from existing tools
    • Users must be trained
    • Data and open tickets must be migrated

    Plot your initiatives onto a detailed project roadmap

    3.1.3 Estimated Time: 45 minutes

    Participants
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    Document

    Document your initiatives on tab 2 of the Service Desk Consolidation Roadmap or map it out on a whiteboard.

    Determine the sequence of initiatives, identify milestones, and assign dates.
    • The purpose of this exercise is to define a timeline and commit to initiatives to reach your goals.
    • Determine the order in which previously identified consolidation initiatives will be implemented, document previously identified risks and dependencies, assign ownership for each task, and assign dates for pilots and launch.

    Select transition date based on business cycles

    3.1.4

    Participants
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    What You'll Need
    • Consolidation roadmap
    Document

    Adjust initiatives in the consolidation roadmap if necessary.

    The transition date will be used in communications in the next step.

    1. Review the initiatives in the roadmap and the resulting sunshine diagram on tab 3.
    2. Verify that the initiatives will be possible within the determined time frame and adjust if necessary.
    3. Based on the results of the roadmap, select a target transition date for the consolidation by determining:
      1. Whether there are dates when a major effort of this kind should not be scheduled.
      2. Whether there are merger and acquisition requirements that dictate a specific date for the service desk merger.
    4. Select multiple measurable checkpoints to alert the team that something is awry and mitigate risks.
    5. Verify that stakeholders are aware of the risks and the proposed steps necessary to mitigate them, and assign the necessary resources to them.
    6. Document or adjust the target transition date in the roadmap.

    Info-Tech Insight

    Consolidating service desks doesn’t have to be done in one shot, replacing all your help desks, tools, and moving staff all at the same time. You can take a phased approach to consolidating, moving one location, department, or tool at a time to ease the transition.

    Step 3.2: Communicate the change

    Phase 3

    Design consolidation

    3.1 Build the project roadmap

    3.2 Communicate the change

    This step will walk you through the following activities:
    • 3.2.1 Build the communications delivery plan
    • 3.2.2 Brainstorm potential objections and questions and prepare responses
    This step involves the following participants:
    • IT Director
    • Project Manager
    • Service Desk Manager(s)
    • Service Desk Agents
    Step outcomes
    • A detailed communications plan with key messages, delivery timeline, and spokesperson responsibility for each key stakeholder audience
    • A set of agreed-upon responses to anticipated objections and questions to ensure consistent message delivery
    • A news bulletin and list of FAQs to distribute to end users to prepare them for the change

    Create your communication plan with everyone in mind, from the CIO to end users

    CASE STUDY

    Industry: Higher Education

    Source: Oxford University, IT Services

    Oxford implemented extremely innovative initiatives as part of its robust communications plan.

    ITS ran a one-day ITSM “business simulation” for the CIO and direct reports, increasing executive buy-in.

    The business simulation was incredibly effective as a way of getting management buy-in – it really showed what we are driving at. It’s a way of making it real, bringing people on board. ” – John Ireland, Director of Customer Service

    Detailed use cases were envisioned referencing particular ITIL processes as the backbone of the process framework.

    The use cases were very helpful, they were used […] in getting a broad engagement from teams across our department and getting buy-in from the distributed IT staff who we work with across the wider University. ” – John Ireland, Director of Customer Service

    The Oxford ITS SDCP blog was accessible to everyone.

    • Oxford’s SDCP blog acted as a project touchstone not only to communicate updates quickly, but also to collect feedback, enable collaboration, and set a project tone.
    • An informal tone and accessible format facilitated the difficult cultural shifts required of the consolidation effort.

    We in the project team would love to hear your view on this project and service management in general, so please feel free to comment on this blog post, contact us using the project email address […] or, for further information visit the project SharePoint site […] ” – Oxford ITS SDCP blog post

    Plan for targeted and timely communications to all stakeholders

    Develop a plan to keep all affected stakeholders informed about the changes consolidation will bring, and more importantly, how they will affect them.

    All stakeholders must be kept informed of the project plan and status as the consolidation progresses.
    • Management requires frequent communication with the core project group to evaluate the success of the project in meeting its goals.
    • End users should be informed about changes that are happening and how these changes will affect them.

    A communications plan should address three elements:

    1. The audience and their communication needs
    2. The most effective means of communicating with this audience
    3. Who should deliver the message

    Goals of communication:

    1. Create awareness and understanding of the consolidation and what it means for each role, department, or user group
    2. Gain commitment to the change from all stakeholders
    3. Reduce and address any concerns about the consolidation and be transparent in responding to any questions
    4. Communicate potential risks and mitigation plan
    5. Set expectations for service levels throughout and after the consolidation

    Plan the method of delivery for your communications carefully

    Plan the message, test it with a small audience, then deliver to your employees and stakeholders in person to avoid message avoidance or confusion.

    Message Format

    Email and Newsletters

    Email and newsletters are convenient and can be transmitted to large audiences easily, but most users are inundated with email already and may not notice or read the message.

    • Use email to make large announcements or invite people to meetings but not as the sole medium of communication.

    Face-to-Face Communication

    Face-to-face communication helps to ensure that users are receiving and understanding a clear message, and allows them to voice their concerns and clarify any confusion or questions.

    • Use one-on-ones for key stakeholders and team meetings for groups.

    Internal Website/Drive

    Internal sites help sustain change by making knowledge available after the consolidation, but won’t be retained beforehand.

    • Use for storing policies, how-to-guides, and SOPs.
    Message Delivery
    1. Plan your message
      1. Emphasize what the audience really needs to know, that is, how the change will impact them.
    2. Test your message
      1. Run focus groups or test your communications with a small audience (2-3 people) first to get feedback and adjust messages before delivering them more broadly.
    3. Deliver and repeat your message
      1. “Tell them what you’re going to tell them, then tell them, then tell them what you told them.”
    4. Gather feedback and evaluate communications
      1. Evaluate the effectiveness of the communications (through surveys, focus groups, stakeholder interviews, or metrics) to ensure the message was delivered and received successfully and communication goals were met.

    Address the specific concerns of the business vs. employees

    Focus on alleviating concerns from both sides of the communication equation: the business units and employees.

    Business units:

    Be attentive to the concerns of business unit management about loss of power. Appease worries about the potential risk of reduced service quality and support responsiveness that may have been experienced in prior corporate consolidation efforts.

    Make the value of the consolidation clear, and involve business unit management in the organizational change process.

    Focus on producing a customer-focused consolidated service desk. It will assuage fears over the loss of control and influence. Business units may be relinquishing control of their service desk, but they should retain the same level of influence.

    Employees:

    Employees are often fearful of the impact of a consolidation on their jobs. These fears should be addressed and alleviated as soon as possible.

    Design a communication plan outlining the changes and the reasons motivating it.

    Put support programs in place for displaced and surviving employees.

    Motivate employees during the transition and increase employee involvement in the change.

    Educate and train employees who make the transition to the new structure and new job demands.

    Info-Tech Insight

    Know your audience. Be wary of using technical jargon or acronyms that may seem like common knowledge within your department but would not be part of the vocabulary of non-technical audiences. Ensure your communications are suitable for the audience. If you need to use jargon or acronyms, explain what you mean.

    Build the communications delivery plan

    3.2.1 Develop a plan to deliver targeted messages to key stakeholder groups

    Participants
    • CIO or IT Director
    • Project Manager
    • Service Desk Manager(s)
    What You'll Need
    • Communications plan template
    • Whiteboard and markers
    Document

    Document your decisions in the communications plan template

    1. Define the goals of the communications in section 1 of the Service Desk Consolidation Communications and Training Plan Template.
    2. Determine when communication milestones/activities need to be delivered by completing the Communications Schedule in section 2.
    3. Determine the key stakeholder groups or audiences to whom you will need to deliver communications.
    4. Identify the content of the key messages that need to be delivered and select the most appropriate delivery method for each (i.e. email, team meeting, individual meetings). Designate who will be responsible for delivering the messages.
    5. Document a plan for gathering feedback and evaluating the effectiveness of the communications in section 5 (i.e. stakeholder interviews and surveys).

    Section 4 of the communications plan on objections and question handling will be completed in activity 3.2.2.

    Optional Activity

    If you completed the Stakeholder Engagement Workbook in step 1.1, you may also complete the Communications tab in that workbook to further develop your plan to engage stakeholders.

    Effectively manage the consolidation by implementing change management processes

    Implement change management processes to ensure that the consolidation runs smoothly with limited impact on IT infrastructure.

    Communicate and track changes: Identify and communicate changes to all stakeholders affected by the change to ensure they are aware of any downtime and can plan their own activities accordingly.

    Isolate testing: Test changes within a safe non-production environment to eliminate the risk of system outages that result from defects discovered during testing.

    Document back-out plans: Documented back-out/backup plans enable quick recovery in the event that the change fails.

    The image is a horizontal bar graph, titled Unplanned downtime due to change versus change management maturity. The graph shows that for a Change Management Maturity that is Informal, the % Experiencing Unplanned Downtime due to Failed Change is 41%; for Defined, it is 25%; and for Optimized, it is 19%.

    Organizations that have more mature and defined change management processes experience less unplanned downtime when implementing change across the organization.

    Sustain changes by adapting people, processes, and technologies to accept the transition

    Verify that people, process, and technologies are prepared for the consolidation before going live with the transition.

    What?

    1. Adapt people to the change

    • Add/change roles and responsibilities.
    • Move people to different roles/teams.
    • Change compensation and incentive structures to reinforce new goals, if applicable.

    2. Adapt processes to the change

    • Add/change supporting processes.
    • Eliminate or consolidate legacy processes.
    • Add/change standard operating procedures.

    3. Adapt technologies to the change

    • Add/change/update supporting technologies.
    • Eliminate or consolidate legacy technologies
    How? Work with HR on any changes involving job design, personnel changes, or compensation. Work with enterprise architects or business analysts to manage significant changes to processes that may impact the business and service levels.

    See Info-Tech’s Optimize the Change Management Processblueprint to use a disciplined change control process for technology changes.

    Info-Tech Insight

    Organizational change management (OCM) is widely recognized as a key component of project success, yet many organizations struggle to get adoption for new tools, policies, and procedures. Use Info-Tech’s blueprint on driving organizational change to develop a strategy and toolkit to achieve project success.

    Manage people by addressing their specific concerns based on their attitude toward change

    Avoid high turnover and resistance to change by engaging both the enthusiasts and the skeptics with targeted messaging.

    • Clearly articulate and strongly champion the changes that will result from the consolidation for those willing to adapt to the change.
    • Make change management practices integral to the entire project.
    • Provide training workshops on new processes, new goals or metrics, new technologies and tools, and teamwork as early as possible after consolidation.
    1. Enthusiasts - Empower them to stay motivated and promote the change
    2. Fence-Sitters/Indifferent - Continually motivate them by example but give them time to adapt to the change
    3. Skeptics - Engage them early and address their concerns and doubts to convert them to enthusiasts
    4. Saboteurs - Prevent them from spreading dissent and rumors, thus undermining the project, by counteracting negative claims early

    Leverage the Stakeholder Engagement Workbook from step 1.1 as well as Info-Tech’s blueprint on driving organizational change for more tactics on change management, particularly managing and engaging various personas.

    Prepare ahead of time for questions that various stakeholder groups may have

    Anticipate questions that will arise about the consolidation so you can prepare and distribute responses to frequently asked questions. Sample questions from various stakeholders are provided below.

    General
    1. Why is the organization moving to a consolidated service desk?
    2. Where is the consolidated service desk going to be located?
    3. Are all or only some service desks consolidating?
    4. When is the consolidation happening?
    5. What are the anticipated benefits of consolidation?

    Business

    1. What is the budget for the project?
    2. What are the anticipated cost savings and return on investment?
    3. When will the proposed savings be realized?
    4. Will there be job losses from the consolidation and when will these occur?
    5. Will the organization subsidize moving costs?

    Employees

    1. Will my job function be changing?
    2. Will my job location be changing?
    3. What will happen if I can’t relocate?
    4. Will my pay and benefits be the same?
    5. Will reporting relationships change?
    6. Will performance expectations and metrics change?

    End Users

    1. How do I get help with IT issues?
    2. How do I submit a ticket?
    3. How will I be notified of ticket status, outages?
    4. Where will the physical service desk be located?
    5. Will I be able to get help in my language?
    6. Will there be changes for levels of service?

    Brainstorm likely objections/questions to prepare responses

    3.2.2 Prepare responses to likely questions to ensure consistent messaging

    Participants
    • IT Director
    • Project Manager
    • Service Desk Manager(s)
    • Service Desk Agents
    Document

    Document your questions and responses in section 4 of the communications plan template. This should be continually updated.

    1. Brainstorm anticipated objections and questions you may hear from various stakeholder groups: service desk employees, end users, and management or executives.
    2. For each objection or question, prepare a response that will be delivered to ensure consistent messaging. Use a table like the example below.
    Group Objection/Question Response
    Service desk staff I’m comfortable with the service desk tool we’ve been using here and won’t know how to use the new one. We carefully evaluated the new solution against our requirements and selected it as the one that will provide the best service to our users and be user friendly. We tested the solution through user-acceptance testing to ensure staff will be comfortable using it, and we will provide comprehensive training to all users of the tool before launching it.
    End user I’m used to going to my favorite technician for help. How will I get service now? We are initiating a single point of contact so that you will know exactly where to go to get help quickly and easily, so that we can more quickly escalate your issue to the appropriate technician, and so that we can resolve it and notify you as soon as possible. This will make our service more effective and efficient than you having to find one individual who may be tied up with other work or unavailable.

    Keep the following in mind when formulating your responses:

    • Lead with the benefits
    • Be transparent and honest
    • Avoid acronyms, jargon, and technical terms
    • Appeal to both emotion and reason
    • Be concise and straightforward
    • Don’t be afraid to be repetitive; people need repetition to remember the message
    • Use concrete facts and images wherever possible

    Complete the Service Desk Consolidation News Bulletin & FAQ Template to distribute to your end users

    Customize the template or use as a guide to develop your own

    The Service Desk Consolidation News Bulletin & FAQ Template is intended to be an example that you can follow or modify for your own organization. It provides a summary of how the consolidation project will change how end users interact with the service desk.

    1. What the change means to end users
    2. When they should contact the service desk (examples)
    3. How to contact the service desk (include all means of contact and ticket submission)
    4. Answers to questions they may have
    5. Links to more information

    The bulletin is targeted for mass distribution to end users. A similar letter may be developed for service desk staff, though face-to-face communication is recommended.

    Instructions:

    1. Use the template as a guide to develop your own FAQ news bulletin and adjust any sections or wording as you see fit.
    2. You may wish to develop separate letters for each location, referring more specifically to their location and where the new service desk will be located.
    3. Save the file as a PDF for print or email distribution at the time determined in your communications plan.

    Keeping people a priority throughout the project ensured success

    CASE STUDY

    Industry: Higher Education

    Source: Oxford University, IT Services

    Oxford’s new consolidated service desk went live April 20, 2015.

    They moved from 3 distinct tools and 5 disparate help desks to a single service desk with one robust ITSM solution, all grounded by a unified set of processes and an integrated workflow.

    The success of this project hinged upon:

    • A bold vision, formulated early and in collaboration with all stakeholders.
    • Willingness to take time to understand the unique perspective of each role and help desk, then carefully studying existing processes and workflows to build upon what works.
    • Constant collaboration, communication, and the desire to listen to feedback from all interested parties.

    "We have had a few teething issues to deal with, but overall this has been a very smooth transition given the scale of it." – ICTF Trinity Term 2015 IT Services Report

    Beyond the initial consolidation.
    • Over the summer of 2015, ITS moved to full 24/7 support coverage.
    • Oxford’s ongoing proposition with regard to support services is to extend the new consolidated service desk beyond its current IT role:
      • Academic Admissions
      • Case Management
      • IT Purchasing
    • To gradually integrate those IT departments/colleges/faculties that remain independent at the present time.
    • Info-Tech can facilitate these goals in your organization with our research blueprint, Extend the Service Desk to Enterprise.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1 Break the consolidation project down into a series of specific initiatives

    Create a list of specific tasks that will form the consolidation project on sticky notes and organize into people, process, technology, and other categories to inform the roadmap.

    3.2.2 Brainstorm likely objections/questions to prepare responses

    Brainstorm anticipated questions and objections that will arise from various stakeholder groups and prepare consistent responses to each.

    Related Info-Tech research

    Standardize the Service Desk - Provide timely and effective responses to user requests and resolutions of all incidents.

    Extend the Service Desk to the Enterprise - Position IT as an innovator.

    Build a Continual Improvement Plan for the Service Desk - Teach your old service desk new tricks.

    Adopt Lean IT to Streamline the Service Desk - Turn your service desk into a Lean, keen, value-creating machine.

    Vendor Landscape: Enterprise Service Desk Software - Move past tickets to proactive, integrated service.

    Vendor Landscape: Mid-Market Service Desk Software - Ensure the productivity of the help desk with the right platform.

    Build an ITSM Tool Implementation Plan - Nail your ITSM tool implementation from the outset.

    Drive Organizational Change from the PMO - Don’t let bad change happen to good projects.

    Research contributors and experts

    Stacey Keener - IT Manager for the Human Health and Performance Directorate, Johnson Space Center, NASA

    Umar Reed - Director of IT Support Services US Denton US LLP

    Maurice Pryce - IT Manager City of Roswell, Georgia

    Ian Goodhart - Senior Business Analyst Allegis Group

    Gerry Veugelaers - Service Delivery Manager New Zealand Defence Force

    Alisa Salley Rogers - Senior Service Desk Analyst HCA IT&S Central/West Texas Division

    Eddie Vidal - IS Service Desk Managers University of Miami

    John Conklin - Chief Information Officer Helen of Troy LP

    Russ Coles - Senior Manager, Computer Applications York Region District Schoolboard

    John Seddon - Principal Vanguard Consulting

    Ryan van Biljon - Director, Technical Services Samanage

    Rear Admiral Robert E. Day Jr. (ret.) - Chief Information Officer United States Coast Guard

    George Bartha - Manager of Information Technology Unifrax

    Peter Hubbard - IT Service Management Consultant Pink Elephant

    Andre Gaudreau - Manager of School Technology Operations York Region District School Board

    Craig Nekola - Manager, Information Technology Anoka County

    Bibliography and Further Reading

    Hoen, Jim. “The Single Point of Contact: Driving Support Process Improvements with a Consolidated IT Help-Desk Approach.” TechTeam Global Inc. September 2005.

    Hubbard, Peter. “Leading University embarks on IT transformation programme to deliver improved levels of service excellence.” Pink Elephant. http://pinkelephant.co.uk/about/case-studies/service-management-case-study/

    IBM Global Services. “Service Desk: Consolidation, Relocation, Status Quo.” IBM. June 2005.

    Keener, Stacey. “Help Desks: a Problem of Astronomical Proportions.” Government CIO Magazine. 1 February 2015.

    McKaughan, Jeff. “Efficiency Driver.” U.S. Coast Guard Forum Jul. 2013. Web. http://www.intergraphgovsolutions.com/documents/CoastGuardForumJuly2013.pdf

    Numara Footprints. “The Top 10 Reasons for Implementing a Consolidated Service Desk.” Numara Software.

    Roy, Gerry, and Frederieke Winkler Prins. “How to Improve Service Quality through Service Desk Consolidation.” BMC Software.

    Smith, Andrew. “The Consolidated Service Desk – An Achievable Goal?” The Service Desk Institute.

    Wolfe, Brandon. “Is it Time for IT Service Desk Consolidation?” Samanage. 4 August 2015.

    Prepare for Post-Quantum Cryptography

    • Buy Link or Shortcode: {j2store}268|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Fault-tolerant quantum computers, capable of breaking existing encryption algorithms and cryptographic systems, are widely expected to be available sooner than originally projected.
    • Data considered secure today may already be at risk due to the threat of harvest-now-decrypt-later schemes.
    • Many current security controls will be completely useless, including today's strongest encryption techniques.

    Our Advice

    Critical Insight

    The advent of quantum computing is closer than you think: some nations have already demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer provide sufficient protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Impact and Result

    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • Organizations need to act now to begin their transformation to quantum-resistant encryption.
    • Data security (especially for sensitive data) should be an organization’s top priority. Organizations with particularly critical information need to be on top of this quantum movement.

    Prepare for Post-Quantum Cryptography Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for Post-Quantum Cryptography Storyboard – Research to help organizations to prepare and implement quantum-resistance cryptography solutions.

    Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications. Organizations need to act now to begin their transformation to quantum-resistant encryption.

    • Prepare for Post-Quantum Cryptography Storyboard
    [infographic]

    Further reading

    Prepare for Post-Quantum Cryptography

    It is closer than you think, and you need to act now.

    Analyst Perspective

    It is closer than you think, and you need to act now.

    The quantum realm presents itself as a peculiar and captivating domain, shedding light on enigmas within our world while pushing the boundaries of computational capabilities. The widespread availability of quantum computers is expected to occur sooner than anticipated. This emerging technology holds the potential to tackle valuable problems that even the most powerful classical supercomputers will never be able to solve. Quantum computers possess the ability to operate millions of times faster than their current counterparts.

    As we venture further into the era of quantum mechanics, organizations relying on encryption must contemplate a future where these methods no longer suffice as effective safeguards. The astounding speed and power of quantum machines have the potential to render many existing security measures utterly ineffective, including the most robust encryption techniques used today. To illustrate, a task that currently takes ten years to crack through a brute force attack could be accomplished by a quantum computer in under five minutes.

    Amid this transition into a quantum future, the utmost priority for organizations remains data security, particularly safeguarding sensitive information. Organizations must proactively prepare for the development of countermeasures and essential resilience measures to attain a state of being "quantum safe."

    This is a picture of Alan Tang

    Alan Tang
    Principal Research Director, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Anticipated advancements in fault-tolerant quantum computers, surpassing existing encryption algorithms and cryptographic systems, are expected to materialize sooner than previously projected. The timeframe for their availability is diminishing daily.
    • Data that is presently deemed secure faces potential vulnerability due to the emergence of harvest-now-decrypt-later strategies.
    • Numerous contemporary security controls, including the most robust encryption techniques, have become obsolete and offer little efficacy.

    Common Obstacles

    • The complexity involved makes it challenging for organizations to incorporate quantum-resistant cryptography into their current IT infrastructure.
    • The endeavor of transitioning to quantum-resilient cryptography demands significant effort and time, with the specific requirements varying for each organization.
    • A lack of comprehensive understanding regarding the cryptographic technologies employed in existing IT systems poses difficulties in identifying and prioritizing systems for upgrading to post-quantum cryptography.

    Info-Tech's Approach

    • The development of quantum-resistant cryptography capabilities is essential for safeguarding the security and integrity of critical applications.
    • Organizations must proactively initiate their transition toward quantum-resistant encryption to ensure data protection.
    • Ensuring the security of corporate data assets should be of utmost importance for organizations, with special emphasis on those possessing highly critical information in light of the advancements in quantum technology.

    Info-Tech Insight

    The advent of quantum computing (QC) is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Evolvement of QC theory and technologies

    1900-1975

    1976-1997

    1998-2018

    2019-Now

    1. 1900: Max Planck – The energy of a particle is proportional to its frequency: E = hv, where h is a relational constant.
    2. 1926: Erwin Schrödinger – Since electrons can affect each other's states, their energies change in both time and space. The total energy of a particle is expressed as a probability function.
    1. 1976: Physicist Roman Stanisław Ingarden publishes the paper "Quantum Information Theory."
    2. 1980: Paul Benioff describes the first quantum mechanical model of a computer.
    3. 1994: Peter Shor publishes Shor's algorithm.
    1. 1998: A working 2-qubit NMR quantum computer is used to solve Deutsch's problem by Jonathan A. Jones and Michele Mosca at Oxford University.
    2. 2003: DARPA Quantum Network becomes fully operational.
    3. 2011: D-Wave claims to have developed the first commercially available quantum computer, D-Wave One.
    4. 2018: the National Quantum Initiative Act was signed into law by President Donald Trump.
    1. 2019: A paper by Google's quantum computer research team was briefly available, claiming the project has reached quantum supremacy.
    2. 2020: Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system known as Jiuzhang.
    3. 2021: Chinese researchers reported that they have built the world's largest integrated quantum communication network.
    4. 2022: The Quantinuum System Model H1-2 doubled its performance claiming to be the first commercial quantum computer to pass quantum volume 4096.

    Info-Tech Insight

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    Fundamental physical principles and business use cases

    Unlike conventional computers that rely on bits, quantum computers use quantum bits or qubits. QC technology surpasses the limitations of current processing powers. By leveraging the properties of superposition, interference, and entanglement, quantum computers have the capacity to simultaneously process millions of operations, thereby surpassing the capabilities of today's most advanced supercomputers.

    A 2021 Hyperion Research survey of over 400 key decision makers in North America, Europe, South Korea, and Japan showed nearly 70% of companies have some form of in-house QC program.

    Three fundamental QC physical principles

    1. Superposition
    2. Interference
    3. Entanglement

    This is an image of two headings, Optimization; and Simulation. there are five points under each heading, with an arrow above pointing left to right, labeled Qbit Count.

    Info-Tech Insight

    Organizations need to reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.

    Percentage of Surveyed Companies That Have QC Programs

    • 31% Have some form of in-house QC program
    • 69% Have no QC program

    Early adopters and business value

    QC early adopters see the promise of QC for a wide range of computational workloads, including machine learning applications, finance-oriented optimization, and logistics/supply chain management.

    This is an image of the Early Adopters, and the business value drivers.

    Info-Tech Insight

    Experienced attackers are likely to be the early adopters of quantum-enabled cryptographic solutions, harnessing the power of QC to exploit vulnerabilities in today's encryption methods. The risks are particularly high for industries that rely on critical infrastructure.

    The need of quantum-safe solution is immediate

    Critical components of classical cryptography will be at risk, potentially leading to the exposure of confidential and sensitive information to the general public. Business, technology, and security leaders are confronted with an immediate imperative to formulate a quantum-safe strategy and establish a roadmap without delay.

    Case Study – Google, 2019

    In 2019, Google claimed that "Our Sycamore processor takes about 200 seconds to sample one instance of a quantum circuit a million times—our benchmarks currently indicate that the equivalent task for a state-of-the-art classical supercomputer would take approximately 10,000 years."
    Source: Nature, 2019

    Why You Should Start Preparation Now

    • The complexity with integrating QC technology into existing IT infrastructure.
    • The effort to upgrade to quantum-resilient cryptography will be significant.
    • The amount of time remaining will decrease every day.

    Case Study – Development in China, 2020

    On December 3, 2020, a team of Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system (43 average) known as Jiuzhang, which performed calculations at 100 trillion times the speed of classical supercomputers.
    Source: science.org, 2020

    Info-Tech Insight

    The emergence of QC brings forth cybersecurity threats. It is an opportunity to regroup, reassess, and revamp our approaches to cybersecurity.

    Security threats posed by QC

    Quantum computers have reached a level of advancement where even highly intricate calculations, such as factoring large numbers into their primes, which serve as the foundation for RSA encryption and other algorithms, can be solved within minutes.

    Threat to data confidentiality

    QC could lead to unauthorized decryption of confidential data in the future. Data confidentiality breaches also impact improperly disposed encrypted storage media.

    Threat to authentication protocols and digital governance

    A recovered private key, which is derived from a public key, can be used through remote control to fraudulently authenticate a critical system.

    Threat to data integrity

    Cybercriminals can use QC technology to recover private keys and manipulate digital documents and their digital signatures.

    Example:

    Consider RSA-2048, a widely used public-key cryptosystem that facilitates secure data transmission. In a 2021 survey, a majority of leading authorities believed that RSA-2048 could be cracked by quantum computers within a mere 24 hours.
    Source: Quantum-Readiness Working Group, 2022

    Info-Tech Insight

    The development of quantum-safe cryptography capabilities is of utmost importance in ensuring the security and integrity of critical applications' data.

    US Quantum Computing Cybersecurity Preparedness Act

    The US Congress considers cryptography essential for the national security of the US and the functioning of the US economy. The Quantum Computing Cybersecurity Preparedness Act was introduced on April 18, 2022, and became a public law (No: 117-260) on December 21, 2022.

    Purpose

    The purpose of this Act is to encourage the migration of Federal Government information technology systems to quantum-resistant cryptography, and for other purposes.

    Scope and Exemption

    • Scope: Systems of government agencies.
    • Exemption: This Act shall not apply to any national security system.

    Main Obligations

    Responsibilities

    Requirements
    Inventory Establishment Not later than 180 days after the date of enactment of this Act, the Director of OMB, shall issue guidance on the migration of information technology to post-quantum cryptography.
    Agency Reports "Not later than 1 year after the date of enactment of this Act, and on an ongoing basis thereafter, the head of each agency shall provide to the Director of OMB, the Director of CISA, and the National Cyber Director— (1) the inventory described in subsection (a)(1); and (2) any other information required to be reported under subsection (a)(1)(C)."
    Migration and Assessment "Not later than 1 year after the date on which the Director of NIST has issued post-quantum cryptography standards, the Director of OMB shall issue guidance requiring each agency to— (1) prioritize information technology described under subsection (a)(2)(A) for migration to post-quantum cryptography; and (2) develop a plan to migrate information technology of the agency to post-quantum cryptography consistent with the prioritization under paragraph (1)."

    "It is the sense of Congress that (1) a strategy for the migration of information technology of the Federal Government to post-quantum cryptography is needed; and (2) the government wide and industry-wide approach to post- quantum cryptography should prioritize developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility." – Quantum Computing Cybersecurity Preparedness Act

    The development of post-quantum encryption

    Since 2016, the National Institute of Standards and Technology (NIST) has been actively engaged in the development of post-quantum encryption standards. The objective is to identify and establish standardized cryptographic algorithms that can withstand attacks from quantum computers.

    NIST QC Initiative Key Milestones

    Date Development
    Dec. 20, 2016 Round 1 call for proposals: Announcing request for nominations for public-key post-quantum cryptographic algorithms
    Nov. 30, 2017 Deadline for submissions – 82 submissions received
    Dec. 21, 2017 Round 1 algorithms announced (69 submissions accepted as "complete and proper")
    Jan. 30, 2019 Second round candidates announced (26 algorithms)

    July 22, 2020

    Third round candidates announced (7 finalists and 8 alternates)

    July 5, 2022

    Announcement of candidates to be standardized and fourth round candidates
    2022/2024 (Plan) Draft standards available

    Four Selected Candidates to be Standardized

    CRYSTALS – Kyber

    CRYSTALS – Dilithium

    FALCON

    SPHINCS+

    NIST recommends two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). In addition, the signature schemes FALCON and SPHINCS+ will also be standardized.

    Info-Tech Insight

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Prepare for post-quantum cryptography

    The advent of QC is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    This is an infographic showing the three steps: Threat is Imminent; Risks are Profound; and Take Acton Now.

    Insight summary

    Overarching Insight

    The advent of QC is closer than you think as some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Business Impact Is High

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    It's a Collaborative Effort

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a Chief Information Security Officer (CISO) alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Leverage Industry Standards

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Take a Holistic Approach

    The advent of QC poses threats to cybersecurity. It's a time to regroup, reassess, and revamp.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • This blueprint will help organizations to discover and then prioritize the systems to be upgraded to post-quantum cryptography.
    • This blueprint will enable organizations to integrate quantum-resistant cryptography into existing IT infrastructure.
    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • This blueprint will help organizations to save effort and time needed upgrade to quantum-resilient cryptography.
    • Organizations will reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.
    • Avoid reputation and brand image by preventing data breach and leakage.
    • This blueprint will empower organizations to protect corporate data assets in the post-quantum era.
    • Be compliant with various security and privacy laws and regulations.

    Info-Tech Project Value

    Time, value, and resources saved to obtain buy-in from senior leadership team using our research material:

    1 FTEs*10 days*$100,000/year = $6,000

    Time, value, and resources saved to implement quantum-resistant cryptography using our research guidance:

    2 FTEs* 30 days*$100,000/year = $24,000

    Estimated cost and time savings from this blueprint:

    $6,000 + $24,000 =$30,000

    Get prepared for a post-quantum world

    The advent of sufficiently powerful quantum computers poses a risk of compromising or weakening traditional forms of asymmetric and symmetric cryptography. To safeguard data security and integrity for critical applications, it is imperative to undertake substantial efforts in migrating an organization's cryptographic systems to post-quantum encryption. The development of quantum-safe cryptography capabilities is crucial in this regard.

    Phase 1 - Prepare

    • Obtain buy-in from leadership team.
    • Educate your workforce about the upcoming transition.
    • Create defined projects to reduce risks and improve crypto-agility.

    Phase 2 - Discover

    • Determine the extent of your exposed data, systems, and applications.
    • Establish an inventory of classical cryptographic use cases.

    Phase 3 - Assess

    • Assess the security and data protection risks posed by QC.
    • Assess the readiness of transforming existing classical cryptography to quantum-resilience solutions.

    Phase 4 - Prioritize

    • Prioritize transformation plan based on criteria such as business impact, near-term technical feasibility, and effort, etc.
    • Establish a roadmap.

    Phase 5 - Mitigate

    • Implement post-quantum mitigations.
    • Decommissioning old technology that will become unsupported upon publication of the new standard.
    • Validating and testing products that incorporate the new standard.

    Phase 1 – Prepare: Protect data assets in the post-quantum era

    The rise of sufficiently powerful quantum computers has the potential to compromise or weaken conventional asymmetric and symmetric cryptography methods. In anticipation of a quantum-safe future, it is essential to prioritize crypto-agility. Consequently, organizations should undertake specific tasks both presently and in the future to adequately prepare for forthcoming quantum threats and the accompanying transformations.

    Quantum-resistance preparations must address two different needs:

    Reinforce digital transformation initiatives

    To thrive in the digital landscape, organizations must strengthen their digital transformation initiatives by embracing emerging technologies and novel business practices. The transition to quantum-safe encryption presents a unique opportunity for transformation, allowing the integration of these capabilities to evolve business transactions and relationships in innovative ways.

    Protect data assets in the post-quantum era

    Organizations should prioritize supporting remediation efforts aimed at ensuring the quantum safety of existing data assets and services. The implementation of crypto-agility enables organizations to respond promptly to cryptographic vulnerabilities and adapt to future changes in cryptographic standards. This proactive approach is crucial, as the need for quantum-safe measures existed even before the complexities posed by QC emerged.

    Preparation for the post-quantum world has been recommended by the US government and other national bodies since 2016.

    In 2016, NIST, the National Security Agency (NSA), and Central Security Service stated in their Commercial National Security Algorithm Suite and QC FAQ: "NSA believes the time is now right [to start preparing for the post-quantum world] — consistent with advances in quantum computing."
    Source: Cloud Security Alliance, 2021

    Phase 1 – Prepare: Key tasks

    Preparing for quantum-resistant cryptography goes beyond simply acquiring knowledge and conducting experiments in QC. It is vital for senior management to receive comprehensive guidance on the challenges, risks, and potential mitigations associated with the post-quantum landscape. Quantum and post-quantum education should be tailored to individuals based on their specific roles and the impact of post-quantum mitigations on their responsibilities. This customized approach ensures that individuals are equipped with the necessary knowledge and skills relevant to their respective roles.

    Leadership Buy-In

    • Get senior management commitment to post-quantum project.
    • Determine the extent of exposed data, systems, and applications.
    • Identify near-term, achievable cryptographic maturity goals, creating defined projects to reduce risks and improve crypto-agility.

    Roles and Responsibilities

    • The ownership should be clearly defined regarding the quantum-resistant cryptography program.
    • This should be a cross-functional team within which members represent various business units.

    Awareness and Education

    • Senior management needs to understand the strategic threat to the organization and needs to adequately address the cybersecurity risk in a timely fashion.
    • Educate your workforce about the upcoming transition. All training and education should seek to achieve awareness of the following items with the appropriate stakeholders.

    Info-Tech Insight

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a CISO alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Phase 2 – Discover: Establish a data protection inventory

    During the discovery phase, it is crucial to locate and identify any critical data and devices that may require post-quantum protection. This step enables organizations to understand the algorithms in use and their specific locations. By conducting this thorough assessment, organizations gain valuable insights into their existing infrastructure and cryptographic systems, facilitating the implementation of appropriate post-quantum security measures.

    Inventory Core Components

    1. Description of devices and/or data
    2. Location of all sensitive data and devices
    3. Criticality of the data
    4. How long the data or devices need to be protected
    5. Effective cryptography in use and cryptographic type
    6. Data protection systems currently in place
    7. Current key size and maximum key size
    8. Vendor support timeline
    9. Post-quantum protection readiness

    Key Things to Consider

    • The accuracy and thoroughness of the discovery phase are critical factors that contribute to the success of a post-quantum project.
    • It is advisable to conduct this discovery phase comprehensively across all aspects, not solely limited to public-key algorithms.
    • Performing a data protection inventory can be a time-consuming and challenging phase of the project. Breaking it down into smaller subtasks can help facilitate the process.
    • Identifying all information can be particularly challenging since data is typically scattered throughout an organization. One approach to begin this identification process is by determining the inputs and outputs of data for each department and team within the organization.
    • To ensure accountability and effectiveness, it is recommended to assign a designated individual as the ultimate owner of the data protection inventory task. This person should have the necessary responsibilities and authority to successfully accomplish the task.

    Phase 3 – Assess: The workflow

    Quantum risk assessment entails evaluating the potential consequences of QC on existing security measures and devising strategies to mitigate these risks. This process involves analyzing the susceptibility of current systems to attacks by quantum computers and identifying robust security measures that can withstand QC threats.

    Risk Assessment Workflow

    This is an image of the Risk Assessment Workflow

    By identifying the security gaps that will arise with the advent of QC, organizations can gain insight into the substantial vulnerabilities that core business operations will face when QC becomes a prevalent reality. This proactive understanding enables organizations to prepare and implement appropriate measures to address these vulnerabilities in a timely manner.

    Phase 4 – Prioritize: Balance business value, security risks, and effort

    Organizations need to prioritize the mitigation initiatives based on various factors such as business value, level of security risk, and the effort needed to implement the mitigation controls. In the diagram below, the size of the circle reflects the degree of effort. The bigger the size, the more effort is needed.

    This is an image of a chart where the X axis represents Security Risk level, and the Y axis is Business Value.

    QC Adopters Anticipated Annual Budgets

    This is an image of a bar graph showing the Anticipated Annual Budgets for QC Adopters.
    Source: Hyperion Research, 2022

    Hyperion's survey found that the range of expected budget varies widely.

    • The most selected option, albeit by only 38% of respondents, was US$5 million to US$15 million.
    • About one-third of respondents foresaw annual budgets that exceeded US$15 million, and one-fifth expected budgets to exceed US$25 million.

    Build your risk mitigation roadmap

    2 hours

    1. Review the quantum-resistance initiatives generated in Phase 3 – Assessment.
    2. With input from all stakeholders, prioritize the initiatives based on business value, security risks, and effort using the 2x2 grid.
    3. Review the position of all initiatives and adjust accordingly considering other factors such as dependency, etc.
    4. Place prioritized initiatives to a wave chart.
    5. Assign ownership and target timeline for each initiative.

    This is an image the Security Risk Vs. Business value graph, above an image showing Initiatives Numbered 1-7, divided into Wave 1; Wave 2; and Wave 3.

    Input

    • Data protection inventory created in phase 2
    • Risk assessment produced in phase 3
    • Business unit leaders' and champions' understanding (high-level) of challenges posed by QC

    Output

    • Prioritization of quantum-resistance initiatives

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Pen/whiteboard markers

    Participants

    • Quantum-resistance program owner
    • Senior leadership team
    • Business unit heads
    • Chief security officer
    • Chief privacy officer
    • Chief information officer
    • Representatives from legal, risk, and governance

    Phase 5 – Mitigate: Implement quantum-resistant encryption solutions

    To safeguard against cybersecurity risks and threats posed by powerful quantum computers, organizations need to adopt a robust defense-in-depth approach. This entails implementing a combination of well-defined policies, effective technical defenses, and comprehensive education initiatives. Organizations may need to consider implementing new cryptographic algorithms or upgrading existing protocols to incorporate post-quantum encryption methods. The selection and deployment of these measures should be cost-justified and tailored to meet the specific needs and risk profiles of each organization.

    Governance

    Implement solid governance mechanisms to promote visibility and to help ensure consistency

    • Update policies and documents
    • Update existing acceptable cryptography standards
    • Update security and privacy audit programs

    Industry Standards

    • Stay up to date with newly approved standards
    • Leverage industry standards (i.e. NIST's post-quantum cryptography) and test the new quantum-safe cryptographic algorithms

    Technical Mitigations

    Each type of quantum threat can be mitigated using one or more known defenses.

    • Physical isolation
    • Replacing quantum-susceptible cryptography with quantum-resistant cryptography
    • Using QKD
    • Using quantum random number generators
    • Increasing symmetric key sizes
    • Using hybrid solutions
    • Using quantum-enabled defenses

    Vendor Management

    • Work with key vendors on a common approach to quantum-safe governance
    • Assess vendors for possible inclusion in your organization's roadmap
    • Create acquisition policies regarding quantum-safe cryptography

    Research Contributors and Experts

    This is a picture of Adib Ghubril

    Adib Ghubril
    Executive Advisor, Executive Services
    Info-Tech Research Group

    This is a picture of Erik Avakian

    Erik Avakian
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Alaisdar Graham

    Alaisdar Graham
    Executive Counselor
    Info-Tech Research Group

    This is a picture of Carlos Rivera

    Carlos Rivera
    Principal Research Advisor
    Info-Tech Research Group

    This is a picture of Hendra Hendrawan

    Hendra Hendrawan
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Fritz Jean-Louis

    Fritz Jean-Louis
    Principal Cybersecurity Advisor
    Info-Tech Research Group

    Bibliography

    117th Congress (2021-2022). H.R.7535 - Quantum Computing Cybersecurity Preparedness Act. congress.gov, 21 Dec 2022.
    Arute, Frank, et al. Quantum supremacy using a programmable superconducting processor. Nature, 23 Oct 2019.
    Bernhardt, Chris. Quantum Computing for Everyone. The MIT Press, 2019.
    Bob Sorensen. Quantum Computing Early Adopters: Strong Prospects For Future QC Use Case Impact. Hyperion Research, Nov 2022.
    Candelon, François, et al. The U.S., China, and Europe are ramping up a quantum computing arms race. Here's what they'll need to do to win. Fortune, 2 Sept 2022.
    Curioni, Alessandro. How quantum-safe cryptography will ensure a secure computing future. World Economic Forum, 6 July 2022.
    Davis, Mel. Toxic Substance Exposure Requires Record Retention for 30 Years. Alert presented by CalChamber, 18 Feb 2022.
    Eddins, Andrew, et al. Doubling the size of quantum simulators by entanglement forging. arXiv, 22 April 2021.
    Gambetta, Jay. Expanding the IBM Quantum roadmap to anticipate the future of quantum-centric supercomputing. IBM Research Blog, 10 May 2022.
    Golden, Deborah, et al. Solutions for navigating uncertainty and achieving resilience in the quantum era. Deloitte, 2023.
    Grimes, Roger, et al. Practical Preparations for the Post-Quantum World. Cloud Security Alliance, 19 Oct 2021.
    Harishankar, Ray, et al. Security in the quantum computing era. IBM Institute for Business Value, 2023.
    Hayat, Zia. Digital trust: How to unleash the trillion-dollar opportunity for our global economy. World Economic Forum, 17 Aug 2022.
    Mateen, Abdul. What is post-quantum cryptography? Educative, 2023.
    Moody, Dustin. Let's Get Ready to Rumble—The NIST PQC 'Competition.' NIST, 11 Oct 2022.
    Mosca, Michele, Dr. and Dr. Marco Piani. 2021 Quantum Threat Timeline Report. Global Risk Institute, 24 Jan 2022.
    Muppidi, Sridhar and Walid Rjaibi. Transitioning to Quantum-Safe Encryption. Security Intelligence, 8 Dec 2022.
    Payraudeau, Jean-Stéphane, et al. Digital acceleration: Top technologies driving growth in a time of crisis. IBM Institute for Business Value, Nov 2020.
    Quantum-Readiness Working Group (QRWG). Canadian National Quantum-Readiness- Best Practices and Guidelines. Canadian Forum for Digital Infrastructure Resilience (CFDIR), 17 June 2022.
    Rotman, David. We're not prepared for the end of Moore's Law. MIT Technology Review, 24 Feb 2020.
    Saidi, Susan. Calculating a computing revolution. Roland Berger, 2018.
    Shorter., Ted. Why Companies Must Act Now To Prepare For Post-Quantum Cryptography. Forbes.com, 11 Feb 2022.
    Sieger, Lucy, et al. The Quantum Decade, Third edition. IBM, 2022.
    Sorensen, Bob. Broad Interest in Quantum Computing as a Driver of Commercial Success. Hyperion Research, 17 Nov 2021.
    Wise, Jason. How Much Data is Created Every Day in 2022? Earthweb, 22 Sept 2022.
    Wright, Lawrence. The Plague Year. The New Yorker, 28 Dec 2020.
    Yan, Bao, et al. Factoring integers with sublinear resources on a superconducting quantum processor. arXiv, 23 Dec 2022.
    Zhong, Han-Sen, et al. Quantum computational advantage using photons. science.org, 3 Dec 2020.

    Take Control of Cloud Costs on AWS

    • Buy Link or Shortcode: {j2store}425|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $62,500 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Traditional IT budgeting and procurement processes don't work for public cloud services.
    • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
    • Without centralized control or oversight, organizations can quickly end up with massive AWS bills that exceed their IT salary cost.

    Our Advice

    Critical Insight

    • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
    • Often there are no consequences for over architecting or overspending on AWS.
    • Many organizations lack sufficient visibility into their AWS spend, making it impossible to establish accountability and controls.

    Impact and Result

    • Define roles and responsibilities.
    • Establish visibility.
    • Develop processes, procedures, and policies.

    Take Control of Cloud Costs on AWS Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build cost accountability framework

    Assess your current state, define your cost allocation model, and define roles and responsibilities.

    • Cloud Cost Management Worksheet
    • Cloud Cost Management Capability Assessment
    • Cloud Cost Management Policy
    • Cloud Cost Glossary of Terms

    2. Establish visibility

    Define dashboards and reports, and document account structure and tagging requirements.

    • Service Cost Cheat Sheet

    3. Define processes and procedures

    Establish governance for tagging and cost control, define processes for right-sizing, and define processes for purchasing commitment discounts.

    • Right-Sizing Workflow (Visio)
    • Right-Sizing Workflow (PDF)
    • Commitment Purchasing Workflow (Visio)
    • Commitment Purchasing Workflow (PDF)

    4. Build implementation plan

    Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

    • Cloud Cost Management Task List

    Infographic

    Workshop: Take Control of Cloud Costs on AWS

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build Cost Accountability Framework

    The Purpose

    Establish clear lines of accountability and document roles and responsibilities to effectively manage cloud costs.

    Key Benefits Achieved

    Chargeback/showback model to provide clear accountability for costs.

    Understanding of key areas to focus on to improve cloud cost management capabilities.

    Activities

    1.1 Assess current state

    1.2 Determine cloud cost model

    1.3 Define roles and responsibilities

    Outputs

    Cloud cost management capability assessment

    Cloud cost model

    Roles and responsibilities

    2 Establish Visibility

    The Purpose

    Establish visibility into cloud costs and drivers of those costs.

    Key Benefits Achieved

    Better understanding of what is driving costs and how to keep them in check.

    Activities

    2.1 Develop architectural patterns

    2.2 Define dashboards and reports

    2.3 Define account structure

    2.4 Document tagging requirements

    Outputs

    Architectural patterns; service cost cheat sheet

    Dashboards and reports

    Account structure

    Tagging scheme

    3 Define Processes and Procedures

    The Purpose

    Develop processes, procedures, and policies to control cloud costs.

    Key Benefits Achieved

    Improved capability of reducing costs.

    Documented processes and procedures for continuous improvement.

    Activities

    3.1 Establish governance for tagging

    3.2 Establish governance for costs

    3.3 Define right-sizing process

    3.4 Define purchasing process

    3.5 Define notification and alerts

    Outputs

    Tagging policy

    Cost control policy

    Right-sizing process

    Commitment purchasing process

    Notifications and Alerts

    4 Build Implementation Plan

    The Purpose

    Document next steps to implement and improve cloud cost management program.

    Key Benefits Achieved

    Concrete roadmap to stand up and/or improve the cloud cost management program.

    Activities

    4.1 Document process interaction changes

    4.2 Define cloud cost program KPIs

    4.3 Build implementation roadmap

    4.4 Build communication plan

    Outputs

    Changes to process interactions

    Cloud cost program KPIs

    Implementation roadmap

    Communication plan

    Embrace Business-Managed Applications

    • Buy Link or Shortcode: {j2store}179|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $64,999 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • The traditional model of managing applications does not address the demands of today’s rapidly changing market and digitally minded business, putting stress on scarce IT resources. The business is fed up with slow IT responses and overbearing desktop and system controls.
    • The business wants more control over the tools they use. Software as a service (SaaS), business process management (BPM), robotic process automation (RPA), artificial intelligence (AI), and low-code development platforms are all on their radar.
    • However, your current governance and management structures do not accommodate the risks and shifts in responsibilities to business-managed applications.

    Our Advice

    Critical Insight

    • IT is a business partner, not just an operator. Effective business operations hinge on high-quality, valuable, fit-for-purpose applications. IT provides the critical insights, guidance, and assistance to ensure applications are implemented and leveraged in a way that maximizes return on investment, whether it is being managed by end users or lines of business (LOBs). This can only happen if the organization views IT as a critical asset, not just a supporting player.
    • All applications should be business owned. You have applications because LOBs need them to meet the objectives and key performance indicators defined in the business strategy. Without LOBs, there would be no need for business applications. LOBs define what the application should be and do for it to be successful, so LOBs should own them.
    • Everything boils down to trust. The business is empowered to make their own decisions on how they want to implement and use their applications and, thus, be accountable for the resulting outcomes. Guardrails, role-based access, application monitoring, and other controls can help curb some risk factors, but it should not come at the expense of business innovation and time-sensitive opportunities. IT must trust the business will make rational application decisions, and the business must trust IT to support them in good times and bad.

    Impact and Result

    • Focus on the business units that matter. BMA can provide significant value to LOBs if teams and stakeholders are encouraged and motivated to adopt organizational and operational changes.
    • Reimagine the role of IT. IT is no longer the gatekeeper that blocks application adoption. Rather, IT enables the business to adopt the tools they need to be productive and they guide the business on successful BMA practices.
    • Instill business accountability. With great power comes great responsibility. If the business wants more control of their applications, they must be willing to take ownership of the outcomes of their decisions.

    Embrace Business-Managed Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should embrace business-managed applications, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Embrace Business-Managed Applications – Phases 1-3
    • Business-Managed Applications Communication Template

    1. State your objectives

    Level-set the expectations for your business-managed applications.

    • Embrace Business- Managed Applications – Phase 1: State Your Objectives

    2. Design your framework and governance

    Identify and define your application managers and owners and build a fit-for-purpose governance model.

    • Embrace Business-Managed Applications – Phase 2: Design Your Framework & Governance

    3. Build your roadmap

    Build a roadmap that illustrates the key initiatives to implement your BMA and governance models.

    • Embrace Business-Managed Applications – Phase 3: Build Your Roadmap

    [infographic]

    Workshop: Embrace Business-Managed Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 State Your Objectives

    The Purpose

    Define business-managed applications in your context.

    Identify your business-managed application objectives.

    State the value opportunities with business-managed applications.

    Key Benefits Achieved

    A consensus definition and list of business-managed applications goals

    Understanding of the business value business-managed applications can deliver

    Activities

    1.1 Define business-managed applications.

    1.2 List your objectives and metrics.

    1.3 State the value opportunities.

    Outputs

    Grounded definition of a business-managed application

    Goals and objectives of your business-managed applications

    Business value opportunity with business-managed applications

    2 Design Your Framework & Governance

    The Purpose

    Develop your application management framework.

    Tailor your application delivery and ownership structure to fit business-managed applications.

    Discuss the value of an applications committee.

    Discuss technologies to enable business-managed applications.

    Key Benefits Achieved

    Fit-for-purpose and repeatable application management selection framework

    Enhanced application governance model

    Applications committee design that meets your organization’s needs

    Shortlist of solutions to enable business-managed applications

    Activities

    2.1 Develop your management framework.

    2.2 Tune your delivery and ownership accountabilities.

    2.3 Design your applications committee.

    2.4 Uncover your solution needs.

    Outputs

    Tailored application management selection framework

    Roles definitions of application owners and managers

    Applications committee design

    List of business-managed application solution features and services

    3 Build Your Roadmap

    The Purpose

    Build your roadmap to implement busines-managed applications and build the foundations of your optimized governance model.

    Key Benefits Achieved

    Implementation initiatives

    Adoption roadmap

    Activities

    3.1 Build your roadmap.

    Outputs

    Business-managed application adoption roadmap

     

    Optimize Software Pricing in a Volatile Competitive Market

    • Buy Link or Shortcode: {j2store}566|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Your challenge:

    • Rising supplier costs and inflation are eroding margins and impacting customers' budgets.
    • There is pressure from management to make a gut-feeling decision because of time, lack of skills, and process limitations.
    • You must navigate competing pricing-related priorities among product, sales, and finance teams.
    • Product price increases fail because discovery lacks understanding of costs, price/value equation, and competitive price points.
    • Customers can react negatively, and results are seen much later (more than 12 months) after the price decision.

    Our Advice

    Critical Insight

    Product leaders will price products based on a deep understanding of the buyer price/value equation and alignment with financial and competitive pricing strategies, and make ongoing adjustments based on an ability to monitor buyer, competitor, and product cost changes.

    Impact and Result

    • Success for many SaaS product managers requires a reorganization and modernization of pricing tools, techniques, and assumptions. Leaders will develop the science of tailored price changes versus across-the-board price actions and account for inflation exposure and the customers’ willingness to pay.
    • This will build skills on how to price new products or adjust pricing for existing products. The disciplines using our pricing strategy methodology will strengthen efforts to develop repeatable pricing models and processes and build credibility with senior management.

    Optimize Software Pricing in a Volatile Competitive Market Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Optimize Software Pricing in a Volatile Competitive Market Executive Brief - A deck to build your skills on how to price new products or adjust pricing for existing products.

    This Executive Brief will build your skills on how to price new products or adjust pricing for existing products.

    • Optimize Software Pricing in a Volatile Competitive Market Executive Brief

    2. Optimize Software Pricing in a Volatile Competitive Market Storyboard – A deck that provides key steps to complete the project.

    This blueprint will build your skills on how to price new products or adjust pricing for existing products with documented key steps to complete the pricing project and use the Excel workbook and customer presentation.

    • Optimize Software Pricing in a Volatile Competitive Market – Phases 1-3

    3. Optimize Software Pricing in a Volatile Competitive Market Workbook – A tool that enables product managers to simplify the organization and collection of customer and competitor information for pricing decisions.

    These five organizational workbooks for product pricing priorities, interview tracking, sample questions, and critical competitive information will enable the price team to validate price change data through researching the three pricing schemes (competitor, customer, and cost-based).

    • Optimize Software Pricing in a Volatile Competitive Market Workbook

    4. Optimize Software Pricing in a Volatile Competitive Market Presentation Template – A template that serves as a guide to communicating the Optimize Pricing Strategy team's results for a product or product line.

    This template includes the business case to justify product repricing, contract modifications, and packaging rebuild or removal for launch. This template calls for the critical summarized results from the Optimize Software Pricing in a Volatile Competitive Market blueprint and the Optimize Software Pricing in a Volatile Competitive Market Workbook to complete.

    • Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Infographic

    Further reading

    SoftwareReviews — A Division of INFO~TECH RESEARCH GROUP

    Optimize Software Pricing in a Volatile Competitive Market

    Leading SaaS product managers align pricing strategy to company financial goals and refresh the customer price/value equation to avoid leaving revenues uncaptured.

    Table of Contents

    Section Title Section Title
    1 Executive Brief 2 Key Steps
    3 Concluding Slides

    Optimize Software Pricing in a Volatile Competitive Market

    Leading SaaS product managers align pricing strategy to company financial goals and refresh the customer price/value equation to avoid leaving revenues uncaptured.

    EXECUTIVE BRIEF

    Analyst Perspective

    Optimized Pricing Strategy

    Product managers without well-documented and repeatable pricing management processes often experience pressure from “Agile” management to make gut-feel pricing decisions, resulting in poor product revenue results. When combined with a lack of customer, competitor, and internal cost understanding, these process and timing limitations drive most product managers into suboptimal software pricing decisions. And, adding insult to injury, the poor financial results from bad pricing decisions aren’t fully measured for months, which further compounds the negative effects of poor decision making.

    A successful product pricing strategy aligns finance, marketing, product management, and sales to optimize pricing using a solid understanding of the customer perception of price/value, competitive pricing, and software production costs.

    Success for many SaaS product managers requires a reorganization and modernization of pricing tools, techniques, and data. Leaders will develop the science of tailored price changes versus across-the-board price actions and account for inflation exposure and the customers’ willingness to pay.

    This blueprint will build your skills on how to price new products or adjust pricing for existing products. The discipline you build using our pricing strategy methodology will strengthen your team’s ability to develop repeatable pricing and will build credibility with senior management and colleagues in marketing and sales.

    Photo of Joanne Morin Correia, Principal Research Director, SoftwareReviews.

    Joanne Morin Correia
    Principal Research Director
    SoftwareReviews

    Executive Summary

    Organizations struggle to build repeatable pricing processes:
    • A lack of alignment and collaboration among finance, marketing, product development, and sales.
    • A lack of understanding of customers, competitors, and market pricing.
    • Inability to stay ahead of complex and shifting software pricing models.
    • Time is wasted without a deep understanding of pricing issues and opportunities, and revenue opportunities go unrealized.
    Obstacles add friction to the pricing management process:
    • Pressure from management to make quick decisions results in a gut-driven approach to pricing.
    • A lack of pricing skills and management processes limits sound decision making.
    • Price changes fail because discovery often lacks competitive intelligence and buyer value to price point understanding. Customers’ reactions are often observed much later, after the decision is made.
    • Economic disruptions, supplier price hikes, and higher employee salaries/benefits are driving costs higher.
    Use SoftwareReviews’ approach for more successful pricing:
    • Organize for a more effective pricing project including roles & responsibilities as well as an aligned pricing approach.
    • Work with CFO/finance partner to establish target price based on margins and key factors affecting costs.
    • Perform a competitive price assessment and understand the buyer price/value equation.
    • Arrive at a target price based on the above and seek buy-in and approvals.

    SoftwareReviews Insight

    Product leaders will price products based on a deep understanding of the buyer price/value equation and alignment with financial and competitive pricing strategies, and they will make ongoing adjustments based on an ability to monitor buyers, competitors, and product cost changes.

    What is an optimized price strategy?

    “Customer discovery interviews help reduce the chance of failure by testing your hypotheses. Quality customer interviews go beyond answering product development and pricing questions.” (Pricing Strategies, Growth Ramp, March 2022)

    Most product managers just research their direct competitors when launching a new SaaS product. While this is essential, competitive pricing intel is insufficient to create a long-term optimized pricing strategy. Leaders will also understand buyer TCO.

    Your customers are constantly comparing prices and weighing the total cost of ownership as they consider your competition. Why?

    Implementing a SaaS solution creates a significant time burden as buyers spend days learning new software, making sure tools communicate with each other, configuring settings, contacting support, etc. It is not just the cost of the product or service.

    Optimized Price Strategy Is…
    • An integral part of any product plan and business strategy.
    • Essential to improving and maintaining high levels of margins and customer satisfaction.
    • Focused on delivering the product price to your customer’s business value.
    • Understanding customer price-value for your software segment.
    • Monitoring your product pricing with real-time data to ensure support for competitive strategy.
    Price Strategy Is Not…
    • Increasing or decreasing price on a gut feeling.
    • Changing price for short-term gain.
    • Being wary of asking customers pricing-related questions.
    • Haphazardly focusing entirely on profit.
    • Just covering product costs.
    • Only researching direct competitors.
    • Focusing on yourself or company satisfaction but your target customers.
    • Picking the first strategy you see.

    SoftwareReviews Insight

    An optimized pricing strategy establishes the “best” price for a product or service that maximizes profits and shareholder value while considering customer business value vs. the cost to purchase and implement – the total cost of ownership (TCO).

    Challenging environment

    Product managers are currently experiencing the following:
    • Supplier costs and inflation are rising, eroding product margins and impacting customers’ budgets.
    • Pressure from management to make a gut-feeling decision because of time, lack of skills, and process limitations.
    • Navigating competing pricing-related priorities among product, sales, and finance.
    • Product price increases that fail because discovery lacks understanding of costs, price/value equation, and competitive price points.
    • Slowing customer demand due to poorly priced offerings may not be fully measured for many months following the price decision.
    Doing nothing is NOT an option!
    Offense Double Down

    Benefit: Leverage long-term financial and market assets

    Risk: Market may not value those assets in the future
    Fight Back

    Benefit: Move quickly

    Risk: Hard to execute and easy to get pricing wrong
    Defense Retrench

    Benefit: Reduce threats from new entrants through scale and marketing

    Risk: Causes managed decline and is hard to sell to leadership
    Move Away

    Benefit: Seize opportunities for new revenue sources

    Risk: Diversification is challenging to pull off
    Existing Markets and Customers New Markets and Customers

    Pricing skills are declining

    Among product managers, limited pricing skills are big obstacles that make pricing difficult and under-optimized.

    Visual of a bar chart with descending values, each bar has written on it: 'Limited - Limits in understanding of engineering, marketing, and sales expectations or few processes for pricing and/or cost', 'Inexperienced - Inexperience in pricing project skills and corporate training', 'Lagging - Financial lag indicators (marketing ROI, revenue, profitability, COGs)', 'Lacking - Lack of relevant competitive pricing/packaging information', 'Shifting - Shift to cloud subscription-based revenue models is challenging'.

    The top three weakest product management skills have remained constant over the past five years:
    • Competitive analysis
    • Pricing
    • End of life
    Pricing is the weakest skill and has been declining the most among surveyed product professionals every year. (Adapted from 280 Group, 2022)

    Key considerations for more effective pricing decisions

    Pricing teams can improve software product profitability by:
    • Optimizing software profit with four critical elements: properly pricing your product, giving complete and accurate quotations, choosing the terms of the sale, and selecting the payment method.
    • Implementing tailored price changes (versus across-the-board price actions) to help account for inflation exposure, customer willingness to pay, and product attribute changes.
    • Accelerating ongoing pricing decision-making with a dedicated cross-functional team ready to act quickly.
    • Resetting discounting and promotion, and revisiting service-level agreements.
    Software pricing leaders will regularly assess:

    Has it been over a year since prices were updated?

    Have customers told you to raise your prices?

    Do you have the right mix of customers in each pricing plan?

    Do 40% of your customers say they would be very disappointed if your product disappeared? (Adapted from Growth Ramp, 2021)

    Case Study

    Middleware Vendor

    INDUSTRY
    Technology Middleware
    SOURCE
    SoftwareReviews Custom Pricing Strategy Project
    A large middleware vendor, who is running on Microsoft Azure, known for quality development and website tools, needed to react strategically to the March 2022 Microsoft price increase.

    Key Initiative: Optimize New Pricing Strategy

    The program’s core objective was to determine if the vendor should implement a price increase and how the product should be packaged within the new pricing model.

    For this initiative, the company interviewed buyers using three key questions: What are the core capabilities to focus on building/selling? What are the optimal features and capabilities valued by customers that should be sold together? And should they be charging more for their products?

    Results
    This middleware vendor saw buyer support for a 10% price increase to their product line and restructuring of vertical contract terms. This enabled them to retain customers over multi-year subscription contracts, and the price increase enabled them to protect margins after the Microsoft price increase.

    The Optimize New Pricing Strategy included the following components:

    Components: 'Product Feature Importance & Satisfaction', 'Correlation of Features and Value Drivers', 'Fair Cost to Value Average for Category', 'Average Discounting for Category', 'Customer Value Is an Acceptable Multiple of Price'. First four: 'Component fails into the scope of optimizing price strategy to value'; last one: 'They are optimizing their price strategy decisions'.

    New product price approach

    As a collaborative team across product management, marketing, and finance, we see leaders taking a simple yet well-researched approach when setting product pricing.

    Iterating to a final price point is best done with research into how product pricing:

    • Delivers target margins.
    • Is positioned vs. key competitors.
    • Delivers customer value at a fair price/value ratio.
    To arrive at our new product price, we suggest iterating among 3 different views:

    New Target Price:

    • Buyer Price vs. Value
    • Cost - Plus
    • Vs. Key Competitors
    We analyzed:
    • Customer price/value equation interviews
    • Impacts of Supplier cost increases
    • Competitive pricing research
    • How product pricing delivers target margins

    Who should care about optimized pricing?

    Product managers and marketers who:

    • Support the mandate for optimizing pricing and revenue generation.
    • Need a more scientific way to plan and implement new pricing processes and methods to optimize revenues and profits.
    • Want a way to better apply customer and competitive insights to product pricing.
    • Are evaluating current pricing and cost control to support a refreshed pricing strategy.

    Finance, sales, and marketing professionals who are pricing stakeholders in:

    • Finding alternatives to current pricing and packaging approaches.
    • Looking for ways to optimize price within the shifting market momentum.

    How will they benefit from this research?

    • Refine the ability to effectively target pricing to specific market demands and customer segments.
    • Strengthen product team’s reputation for reliable and repeatable price-management capabilities among senior leadership.
    • Recognize and plan for new revenue opportunities or cost increases.
    • Allow for faster, more accurate intake of customer and competitive data. 
    • Improve pricing skills for professional development and business outcomes.
    • Create new product price, packaging, or market opportunities. 
    • Reduce financial costs and mistakes associated with manual efforts and uneducated guessing.
    • Price software products that better achieve financial goals optimizing revenue, margins, or market share.
    • Enhance the product development and sales processes with real competitive and customer expectations.

    Is Your Pricing Strategy Optimized?

    With the right pricing strategy, you can invest more money into your product, service, or growth. A 1% price increase will improv revenues by:

    Three bars: 'Customer acquisition, 3.32%', 'Customer retention, 6.71%', 'Price monetization, 12.7%'.

    Price monetization will almost double the revenue increases over customer acquisition and retention. (Pricing Strategies, Growth Ramp, March 2022)

    DIAGNOSE PRICE CHALLENGES

    Prices of today's cloud-based services/products are often misaligned against competition and customers' perceived value, leaving more revenues on the table.
    • Do you struggle to price new products with confidence?
    • Do you really know your SaaS product's costs?
    • Have you lost pricing power to stronger competitors?
    • Has cost focus eclipsed customer value focus?
    If so, you are likely skipping steps and missing key outputs in your pricing strategy.

    OPTIMIZE THESE STEPS

    ALIGNMENT
    1. Assign Team Responsibilities
    2. Set Timing for Project Deliverables
    3. Clarify Financial Expectations
    4. Collect Customer Contacts
    5. Determine Competitors
    6. BEFORE RESEARCH, HAVE YOU
      Documented your executive's financial expectations? If "No," return.

    RESEARCH & VALIDATE
    1. Research Competitors
    2. Interview Customers
    3. Test Pricing vs. Financials
    4. Create Pricing Presentation
    5. BEFORE PRESENTING, HAVE YOU:
      Clarified your customer and competitive positioning to validate pricing? If "No," return.

    BUY-IN
    1. Executive Pricing Presentation
    2. Post-Mortem of Presentation
    3. Document New Processes
    4. Monitor the Pricing Changes
    5. BEFORE RESEARCH, HAVE YOU:
      Documented your executive's financial expectations? If "No," return.

    DELIVER KEY OUTPUTS

    Sponsoring executive(s) signs-offs require a well-articulated pricing plan and business case for investment that includes:
    • Competitive features and pricing financial templates
    • Customer validation of price value
    • Optimized price presentation
    • Repeatable pricing processes to monitor changes

    REAP THE REWARDS

    • Product pricing is better aligned to achieve financial goals
    • Improved pricing skills or professional development
    • Stronger team reputation for reliable price management

    Key Insights

    1. Gain a competitive edge by using market and customer information to optimize product financials, refine pricing, and speed up decisions.
    2. Product leaders will best set software product price based on a deep understanding of buyer/price value equation, alignment with financial strategy, and an ongoing ability to monitor buyer, competitor, and product costs.

    SoftwareReviews’ methodology for optimizing your pricing strategy

    Steps

    1.1 Establish the Team and Responsibilities
    1.2 Educate/Align Team on Pricing Strategy
    1.2 Document Portfolio & Target Product(s) for Pricing Updates
    1.3 Clarify Product Target Margins
    1.4 Establish Customer Price/Value
    1.5 Identify Competitive Pricing
    1.6 Establish New Price and Gain Buy-In

    Outcomes

    1. Well-organized project
    2. Clarified product pricing strategy
    3. Customer value vs. price equation
    4. Competitive price points
    5. Approvals

    Insight summary

    Modernize your price planning

    Product leaders will price products based on a deep understanding of the buyer price/value equation and alignment with financial and competitive pricing strategies, and make ongoing adjustments based on an ability to monitor buyer, competitor, and product cost changes.

    Ground pricing against financials

    Meet and align with financial stakeholders.
    • Give finance a heads-up that you want to work with them.
    • Find out the CFO’s expectations for pricing and margins.
    • Ask for a dedicated finance team member.

    Align on pricing strategy

    Lead stakeholders in SaaS product pricing decisions to optimize pricing based on four drivers:
    • Customer’s price/value
    • Competitive strategy
    • Reflective of costs
    • Alignment with financial goals

    Decrease time for approval

    Drive price decisions, with the support of the CFO, to the business value of the suggested change:
    • Reference current product pricing guidelines
    • Compare to the competition and our strategy and weigh results against our customer’s price/value
    • Compare against the equation to business value for the suggested change
    Develop the skill of pricing products

    Increase product revenues and margins by enhancing modern processes and data monetization. Shift from intuitive to information-based pricing decisions.

    Look at other options for revenue

    Adjust product design, features, packaging, and contract terms while maintaining the functionality customers find valuable to their business.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
    Key deliverable:

    New Pricing Strategy Presentation Template

    Capture key findings for your price strategy with the Optimize Your Pricing in a Volatile Competitive Market Strategy Presentation Template

    Sample of the 'Acme Corp New Product Pricing' blueprint.

    Optimize Software Pricing in a Volatile Competitive Market Executive Brief

    This executive brief will build your knowledge on how to price new products or adjust pricing for existing products.

    Sample of the 'Optimize Software Pricing in a Volatile Competitive Market' blueprint.

    Optimize Software Pricing in a Volatile Competitive Market Workbook

    This workbook will help you prioritize which products require repricing, hold customer interviews, and capture competitive insights.

    Sample of the 'Optimize Software Pricing in a Volatile Competitive Market' workbook.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews analyst to help implement our best practices in your organization.

    A typical GI is 4 to 8 calls over the course of 2 to 4 months.

    What does a typical GI on optimizing software pricing look like?

    Alignment

    Research & Reprice

    Buy-in

    Call #1: Share the pricing team vision and outline activities for the pricing strategy process. Plan next call – 1 week.

    Call #2: Outline products that require a new pricing approach and steps with finance. Plan next call – 1 week.

    Call #3: Discuss the customer interview process. Plan next call – 1 week.

    Call #4 Outline competitive analysis. Plan next call – 1 week.

    Call #5: Review customer and competitive results for initial new pricing business case with finance for alignment. Plan next call – 3 weeks.

    Call #6: Review the initial business case against financial plans across marketing, sales, and product development. Plan next call – 1 week.

    Call #7 Review the draft executive pricing presentation. Plan next call – 1 week.

    Call #8: Discuss gaps in executive presentation. Plan next call – 3 days.

    SoftwareReviews Offers Various Levels of Support to Meet Your Needs

    Included in Advisory Membership Optional add-ons

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Desire a Guided Implementation?

    • A GI is where your SoftwareReviews engagement manager and executive advisor/counselor will work with SoftwareReviews research team members to craft with you a Custom Key Initiative Plan (CKIP).
    • A CKIP guides your team through each of the major steps, outlines responsibilities between members of your team and SoftwareReviews, describes expected outcomes, and captures actual value delivered.
    • A CKIP also provides you and your team with analyst/advisor/counselor feedback on project outputs, helps you communicate key principles and concepts to your team, and helps you stay on project timelines.
    • If Guided Implementation assistance is desired, contact your engagement manager.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Align Team, Identify Customers, and Document Current Knowledge
    Validate Initial Insights and Identify Competitors and Market View
    Schedule and Hold Buyer Interviews
    Summarize Findings and Provide Actionable Guidance to Stakeholders
    Present, Go Forward, and Measure Impact and Results
    Activities

    1.1 Identify Team Members, roles, and responsibilities

    1.2 Establish timelines and project workflow

    1.3 Gather current product and future financial margin expectations

    1.4 Review the Optimize Software Executive Brief and Workbook Templates

    1.4 Build prioritized pricing candidates hypothesis

    2.1 Identify customer interviewee types by segment, region, etc.

    2.2 Hear from industry analysts their perspectives on the competitors, buyer expectations, and price trends

    2.3 Research competitors for pricing, contract type, and product attributes

    3.2 Review pricing and attributes survey and interview questionnaires

    3.2 Hold interviews and use interview guides (over four weeks)

    A gap of up to 4 weeks for scheduling of interviews.

    3.3 Hold review session after initial 3-4 interviews to make adjustments

    4.1 Review all draft price findings against the market view

    4.2 Review Draft Executive Presentation

    5.1 Review finalized pricing strategy plan with analyst for market view

    5.2 Review for comments on the final implementation plan

    Deliverables
    1. Documented steering committee and working team
    2. Current and initial new pricing targets for strategy
    3. Documented team knowledge
    1. Understanding of market and potential target interviewee types
    2. Objective competitive research
    1. Initial review – “Are we going in the right direction with surveys?”
    2. Validate or adjust the pricing surveys to what you hear in the market
    1. Complete findings and compare to the market
    2. Review and finish drafting the Optimize Software Pricing Strategy presentation
    1. Final impute on strategy
    2. Review of suggested next steps and implementation plan

    Our process

    Align team, perform research, and gain executive buy-in on updated price points

    1. Establish the team and responsibilities
    2. Educate/align team on pricing strategy
    3. Document portfolio & target product(s) for pricing updates
    4. Clarify product target margins
    5. Establish customer price/value
    6. Identify competitive pricing
    7. Establish new price and gain buy-in

    Optimize Software Pricing in a Volatile Competitive Market

    Our process will help you deliver the following outcomes:

    • Well-organized project
    • Clarified product pricing strategy
    • Customer value vs. price equation
    • Competitive price points
    • Approvals

    This project involves the following participants:

    • Product management
    • Program leadership
    • Product marketing
    • CFO or finance representative/partner
    • Others
    • Representative(s) from Sales

    1.0 Assign team responsibilities

    Input: Steering committee roles and responsibilities, Steering committee interest and role

    Output: List of new pricing strategy steering committee and workstream members, roles, and timelines, Updated Software Pricing Strategy presentation

    Materials: Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: CFO, sponsoring executive, Functional leads – development, product marketing, product management, marketing, sales, customer success/support

    1-2 hours
    1. The product manager/member running this pricing/repricing program should review the entire Optimize Software Pricing in a Volatile Competitive Market blueprint and each blueprint attachment.
    2. The product manager should also refer to slide 19 of the Optimize Software Pricing in a Volatile Competitive Market blueprint and decide if help via a Guided Implementation (GI) is of value. If desired, alert your SoftwareReviews engagement manager.
    1-2 hours
    1. The product manager should meet with the chief product officer/CPO and functional leaders, and set the meeting agenda to:
      1. Nominate steering committee members.
      2. Nominate work-stream leads.
      3. Establish key pricing project milestones.
      4. Schedule both the steering committee (suggest monthly) and workstream lead meetings (suggest weekly) through the duration of the project.
      5. Ask the CPO to craft, outside this meeting, his/her version of the "Message from the chief product officer.”
      6. If a Guided Implementation is selected, inform the meeting attendees that a SoftwareReviews analyst will join the next meeting to share his/her Executive Brief on Pricing Strategy.
    2. Record all above findings in the Optimize Software Pricing in a Volatile Competitive Market Presentation Template.

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    SoftwareReviews Advisory Insight:

    Pricing steering committees are needed to steer overall product, pricing, and packaging decisions. Some companies include the CEO and CFO on this committee and designate it as a permanent body that meets monthly to give go/no-go decisions to “all things product and pricing related” across all products and business units.

    2.0 Educate the team

    1 hour

    Input: Typically, a joint recognition that pricing strategies need upgrading and have not been fully documented, Steering committee and working team members

    Output: Communication of team members involved and the makeup of the steering committee and working team, Alignment of team members on a shared vision of “why a new price strategy is critical” and what key attributes define both the need and impact on business

    Materials: Optimize Your Software Strategy Executive Brief PowerPoint presentation

    Participants: Initiative manager – individual leading the new pricing strategy, CFO/sponsoring executive, Working team – typically representatives in product marketing, product management, and sales, SoftwareReviews marketing analyst (optional)

    1. Walk the team through the Optimize Software Pricing in a Volatile Competitive Market Executive Brief PowerPoint presentation.
    2. Optional – Have the SoftwareReviews Advisory (SRA) analyst walk the team through the Optimize Software Pricing in a Volatile Competitive Market Executive Brief PowerPoint presentation as part of your session. Contact your engagement manager to schedule.
    3. Walk the team through the current version of the Optimize Software Pricing in a Volatile Competitive Market Presentation Template outlining project goals, steering committee and workstream make-up and responsibilities, project timeline and key milestones, and approach to arriving at new product pricing.
    4. Set expectations among team members of their specific roles and responsibilities for this project, review the frequency of steering committee and workstream meetings to set expectations of key milestones and deliverable due dates.

    Download the Optimize Software Pricing in a Volatile Competitive Market Executive Brief

    3.0 Document portfolio and target products for pricing update

    1-3 Hours

    Input: List of entire product portfolio

    Output: Prioritized list of product candidates that should be repriced

    Materials: Optimize Software Pricing in a Volatile Competitive Market Executive Brief presentation, Optimize Software Pricing in a Volatile Competitive Market Workbook

    Participants: Initiative manager – individual leading the new pricing strategy, CFO/sponsoring executive, Working team – typically representatives in product marketing, product management, and sales

    1. Walk the team through the current version of Optimize Software Pricing in a Volatile Competitive Market workbook, tab 2: “Product Portfolio Organizer.” Modify sample attributes to match your product line where necessary.
    2. As a group, record the product attributes for your entire portfolio.
    3. Prioritize the product price optimization candidates for repricing with the understanding that it might change after meeting with finance.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    4.0 Clarify product target margins

    2-3 sessions of 1 Hour each

    Input: Finance partner/CFO knowledge of target product current and future margins, Finance partner/CFO who has information on underlying costs with details that illustrate supplier contributions

    Output: Product finance markup target percentage margins and revenues

    Materials: Finance data on the product family, Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Finance partner/CFO

    1. Schedule a meeting with your finance partner/CFO to validate expectations for product margins. The goal is to understand the detail of underlying costs/margins and if the impacts of supplier costs affect the product family. The information will be placed into the Optimize Software Pricing in a Volatile Competitive Market Workbook on tab 2, Product Portfolio Organizer under the “Unit Margins” heading.
    2. Arrive at a final “Cost-Plus New Price” based on underlying costs and target margins for each of the products. Record results in the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 2, under the “Cost-Plus New Price” heading.
    3. Record product target finance markup price under “Cost-Plus” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9, and details in Appendix, “Cost-Plus Analysis,” slide 11.
    4. Repeat this process for any other products to be repriced.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    5.0 Establish customer price to value

    1-4 weeks

    Input: Identify segments within which you require price-to-value information, Understand your persona insight gaps, Review Sample Interview Guide using the Optimize Software Pricing in a Volatile, Competitive Market Workbook, Tab 4. Interview Guide.

    Output: List of interviewees, Updated Interview Guide

    Materials: Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Customer success to help identify interviewees, Customers, prospects

    1. Identify a list of customers and prospects that best represent your target persona when interviewed. Choose interviewees who will inform key differences among key segments (geographies, company size, a mix of customers and prospects, etc.) and who are decision makers and can best inform insights on price/value and competitors.
    2. Recruit interviewees and schedule 30-minute interviews.
    3. Keep track of interviewees using the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 3: “Interviewee Tracking.”
    4. Review the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 4: “Interview Guide,” and modify/update it where appropriate.
    5. Record interviewee perspectives on the “price they are willing to pay for the value received” (price/value equation) using the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 4: “Interview Guide.”
    6. Summarize findings to result in an average “customer’s value price.” Record product target ”customer’s value price” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9 and supporting details in Appendix, “Customer Pricing Analysis,” slide 12.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    6.0 Identify competitive pricing

    1-2 weeks

    Input: Identify price candidate competitors, Your product pricing, contract type, and product attribute information to compare against, Knowledge of existing competitor information, websites, and technology research sites to guide questions

    Output: Competitive product average pricing

    Materials: Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Customers, prospects

    1. Identify the top 3-5 competitors’ products that you most frequently compete against with your selected product.
    2. Perform competitive intelligence research on deals won or lost that contain competitive pricing insights by speaking with your sales force.
    3. Use the interviews with key customers to also inform competitive pricing insights. Include companies which you may have lost to a competitor in your customer interviewee list.
    4. Modify and add key competitive pricing, contract, or product attributes in the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 5: “Competitive Information.”
    5. Place your product’s information into the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 5: “Competitive Information.”
    6. Research your competitors’ summarized pricing and product attribute insights into the workbook.
    7. Record research in the Summarize research on competitors to arrive at an average “Competitors Avg. Price”. Record in ”Customer’s Value Price” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9, and details in Appendix, “Competitor Pricing Analysis,” slide 13.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    7.0 Establish new price and gain buy-in

    2-3 hours

    Input: Findings from competitive, cost-plus, and customer price/value analysis

    Output: Approvals for price change

    Materials: Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Steering committee, Working team – typically representatives in product marketing, product management, sales

    1. Using prior recorded findings of Customer’s Value Price, Competitors’ Avg. Price, and Finance Markup Price, arrive at a recommended “New Price” and record in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9 and the Appendix for Project Analysis Details.
    2. Present findings to steering committee. Be prepared to show customer interviews and competitive analysis results to support your recommendation.
    3. Plan internal and external communications and discuss the timing of when to “go live” with new pricing. Discuss issues related to migration to a new price, how to handle currently low-priced customers, and how to migrate them over time to the new pricing.
    4. Identify if it makes sense to target a date to launch the new pricing in the future, so customers can be alerted in advance and therefore take advantage of “current pricing” to drive added revenues.
    5. Confer with IT to assess times required to implement within CPQ systems and with product marketing for time to change sales proposals, slide decks, and any other affected assets and systems.

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Summary of Accomplishment

    Problem Solved

    With the help of this blueprint, you have deepened your and your company’s understanding of how to look at new pricing opportunities and what the market and the buyer will pay for your product. You are among the minority of product and marketing leaders that have thoroughly documented their new pricing strategy and processes – congratulations!

    The benefits of having led your team through the process are significant and include the following:

    • Allow for faster, more accurate intake of customer and competitive data 
    • Refine the ability to effectively target pricing to specific market demands and customer segments 
    • Understand the association between the value proposition of products and services
    • Reduce financial costs and mistakes associated with manual efforts & uneducated guessing
    • Recognize and plan for new revenue opportunities or cost increases
    • Create new market or product packaging opportunities
    And finally, by bringing your team along with you in this process, you have also led your team to become more customer-focused while pricing your products – a strategic shift that all organizations should pursue.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com
    1-888-670-8889

    Bibliography

    “Chapter 4 Reasons for Project Failure.” Kissflow's Guide to Project Management. Kissflow, n.d. Web.

    Edie, Naomi. “Microsoft Is Raising SaaS Prices, and Other Vendors Will, Too.” CIO Dive, 8 December 2021. Web.

    Gruman, Galen, Alan S. Morrison, and Terril A. Retter. “Software Pricing Trends.” PricewaterhouseCoopers, 2018. Web.

    Hargrave, Marshall. “Example of Economic Exposure.” Investopedia, 12 April 2022. Web.

    Heaslip, Emily. “7 Smart Pricing Strategies to Attract Customers.” CO—, 17 November 2021. Web.

    Higgins, Sean. “How to Price a Product That Your Sales Team Can Sell.” HubSpot, 4 April 2022. Web.

    “Pricing Strategies.” Growth Ramp, March 2022. Web.

    “Product Management Skills Benchmark Report 2021.” 280 Group, 9 November 2021. Web.

    Quey, Jason. “Price Increase: How to Do a SaaS Pricing Change in 8 Steps.” Growth Ramp, 22 March 2021. Web.

    Steenburg, Thomas, and Jill Avery. “Marketing Analysis Toolkit: Pricing and Profitability Analysis.” Harvard Business School, 16 July 2010. Web.

    “2021 State of Competitive Intelligence.” Crayon and SCIO, n.d. Web.

    Valchev, Konstantin. “Cost of Goods Sold (COGS) for Software-as-a-Service (SaaS) Business.” OpenView Venture Partners, OV Blog, 20 April 2020. Web.

    “What Is Price Elasticity?” Market Business News, n.d. Web.

    Formalize Your Digital Business Strategy

    • Buy Link or Shortcode: {j2store}101|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Your organization already has a digital strategy, but there is a lack of understanding of what digital means across the enterprise. Digital investments have been made in the past but failed to yield or demonstrate business value. Given the pace of change, the current digital strategy is outdated, and new digital opportunities need to be identified to inform the technology innovation roadmap.

    Our Advice

    Critical Insight

    Turn your digital strategy into a compelling change story that will create a unified vision of how you want to transform your business.

    Impact and Result

    • Identify new digitally enabled growth opportunities.
    • Understand which digital ideas yield the biggest return and the value they generate for the organization.
    • Understand the impact of opportunities on your business capabilities.
    • Map a customer journey to identify opportunities to transform stakeholder experiences.

    Formalize Your Digital Business Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Formalize Your Digital Business Strategy – a document that walks you through a series of activities to help brainstorm and ideate on possible new digital opportunities as an input into building your business case for a new IT innovation roadmap.

    Knowing which digital opportunities create the greatest business value requires a structured approach to ideate, prioritize, and understand the value they create for the business to help inform the creation of your business case for investment approval.

    • Formalize Your Digital Strategy Storyboard

    Infographic

    Further reading

    Formalize Your Digital Business Strategy

    Stay relevant in an evolving digital economy

    Executive Summary

    Your Challenge

    Common Obstacles

    Solution

    • Since 2020, the environment has been volatile, leading many CIOs to rethink their priorities and strategies.
    • The organization already has a digital strategy, but there is a lack of understanding of what digital means across the enterprise.
    • Digital investments have been made but fail to demonstrate the business value.
    • The current digital strategy was developed in isolation and failed to garner consensus on a common understanding of the digital vision from across the business.
    • CIOs struggle to understand what existing capabilities need to transform or what new digital capabilities are needed to support the digital ambitions.
    • The existing Digital Strategy is synonymous with the IT Strategy.
    • Identify new digitally enabled growth opportunities.
    • Understand which digital ideas yield the biggest return and the value they generate for the organization.
    • Understand the impact of opportunities on your business capabilities.
    • Map the customer journey to identify opportunities to transform the stakeholder experience.

    Info-Tech Insight

    Turn your existing digital strategy into a compelling change story that will create a unified vision of how you want to transform your business.

    Info-Tech’s Digital Transformation Journey

    Your journey: An IT roadmap for your Digital Business Strategy

    The image contains a screenshot of Info-Tech's Digital Transformation Journey.

    By now, you understand your current business context and capabilities

    The image contains a screenshot of the IT roadmap for your Digital Business Strategy.

    By this point you have leveraged industry roundtables to better understand the art of the possible, exploring global trends, shifts in market forces, customer needs, emerging technologies, and economic forecasts to establish your business objectives and innovation goals.

    Now you need to formalize digital business strategy.

    Phase 1: Industry Trends Report

    The image contains a screenshot of phase 1 industry trends report.

    Phase 2: Digital Maturity Assessment

    The image contains a screenshot of phase 2 digital maturity assessment.

    Phase 3: Zero-In on Business Objectives

    The image contains a screenshot of phase 3 Zero-in on business objectives.

    Business and innovation goals are established through stakeholder interviews and a heatmap of your current capabilities for transformation.

    Since 2020, market dynamics have forced organizations to reassess their strategies

    The unprecedented pace of global disruptions has become both a curse and a silver lining for many CIOs. The ability to maximize the value of digital will be vital to remain relevant in the new digital economy.

    The image contains a screenshot of an image that demonstrates how market dynamics force organizations to reassess their strategies.

    Formalize your digital strategy to address industry trends and market dynamics

    The goal of this phase is to ensure the scope of the current digital strategy reflects the right opportunities to allocate capital to resources, assets, and capabilities to drive strategic growth and operational efficiency.

    There are three key activities outlined in this deck that that can be undertaken by industry members to help evolve their current digital business strategy.

    1. Identify New Digitally Enabled Growth Opportunities
      • Host an ideation session to identify new leapfrog ideas
      • Discuss assumptions, value drivers, and risks
      • Translate ideas into opportunities and consolidate
    2. Evaluate New Digital Opportunities and Business Capabilities
      • Build an opportunity profile
      • Identify business capabilities for transformation
    3. Transform Stakeholder Journeys
      • Understand the impact of opportunities on value-chains
      • Identify stakeholder personas
      • Build a stakeholder journey map
      • Compile your new list of digital opportunities
    The image contains a screenshot of Formalize your digital business strategy.

    Info-Tech’s approach

    1. Identify New Digital Opportunities
      • Conduct an ideation session
      • Identify leapfrog ideas from trends
      • Evaluate each leapfrog idea to define opportunity
    2. Evaluate Opportunities and Business Capabilities
      • Build Opportunity Profile
      • Understand the impact of opportunities on business capabilities
    3. Transform Stakeholder Journeys
      • Analyze value chains
      • Map your Stakeholder Journey
      • Breakdown opportunities into initiatives

    Overview of Key Activities

    Formalize your digital business strategy

    Methodology

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Phase 1: New Digital Opportunities

    Phase 2: Evaluate Opportunities and Business Capabilities

    Phase 3: Transform Stakeholder Journeys

    Content Leveraged

    • Digital Business Strategy blueprint
    • Client’s Business Architecture
    1. Hold an ideation session with business executives.
      • Review relevant reports on industry trends, market shifts, and emerging technologies.
      • Establish guiding principles for digital transformation.
      • Leverage a trend-analysis approach to determine the most impactful and relevant trends.
      • From tends, elicit leapfrog ideas for growth opportunities.
      • For each idea, engage in discussion on assumptions, value drivers, benefits, and risks.
    1. Create opportunity profiles.
      • Evaluate each opportunity to determine if it is important to turn into initiatives
    2. Evaluate the impact of opportunities on your business capabilities.
      • Leverage a value-chain analysis to assess the impact of the opportunity across value chains in order to understand the impact across your business capabilities.
    1. Map stakeholder journey:
      • Identify stakeholder personas
      • Identify one journey scenario
      • Map stakeholder journey
      • Consolidate opportunities
    2. Breakdown opportunities into actional initiatives
      • Brainstorm priority initiatives against opportunities.

    Deliverable:

    Client’s Digital Business Strategy

    Phase 1: Deliverable

    1. Compiled list of leapfrog ideas for new growth opportunities

    Phase 2: Deliverables

    1. Opportunity Profile
    2. Business Capability Impact

    Phase 3: Deliverables

    1. Opportunity Profile
    2. Business Capability Impact

    Glossary of Terms

    LEAPFROG IDEAS

    The concept was originally developed in the area of industrial organizations and economic growth. Leapfrogging is the notion that organizations can identify opportunities to skip one or several stages ahead of their competitors.

    DIGITAL OPPORTUNITIES

    Opening of new possibilities to transform or change your business model and create operational efficiencies and customer experiences through the adoption of digital platforms, solutions, and capabilities.

    INITIATIVES

    Breakdown of opportunities into actionable initiatives that creates value for organizations through new or changes to business models, operational efficiencies, and customer experiences.

    1. LEAPFROG IDEAS:
      • Precision medicine
    2. DIGITAL OPPORTUNITY:
      • Machine Learning to sniff out pre-cancer cells
    3. INITIATIVES:
      1. Define genomic analytics capabilities and recruit
      2. Data quality and cleansing review
      3. Implement Machine Learning SW

    Identify Digitally Enabled Opportunities

    Host an ideation session to turn trends into growth opportunities with new leapfrog ideas.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 1

    Host an Ideation Session to Identify New Digital Opportunities

    1.1

    IDENTIFY AND ASSEMBLE YOUR KEY STAKEHOLDERS

    Build support and eliminate blind spots

    It is important to make sure the right stakeholders participate in this working group. Designing a digital strategy will require debate, insights, and business decisions from a broad perspective across the enterprise. The focus is on the value to be generated from digital.

    Consider:

    • Who are the decision makers and key influencers?
    • Who will impact the business?
    • Who has a vested interest in the success or failure of the practice? Who has the skills and competencies necessary to help you be successful?

    Avoid:

    • Don’t focus on the organizational structure and hierarchy. Often stakeholder groups don’t fit the traditional structure.
    • Don’t ignore subject matter experts on either the business or IT side. You will need to consider both.
    1.2

    ESTABLISH GUIDING PRINCIPLES

    Define the guardrails to focus your ideas

    All ideas are great until you need one that works. Establish guiding principles that will help you establish the perimeters for turning big ideas into opportunities.

    Consider:

    • Focus on the breadth and alignment to support business objectives
    • This should help narrow conceptual ideas into actionable initiatives

    Avoid:

    • Don’t recreate the corporate guiding principles
    • Focus on what will help define strategic growth opportunities and operational efficiencies
    1.3

    LEVERAGE STRATEGIC FORESIGHT TO IDENTIFY LEAPFROG IDEAS

    Create space to elicit “big ideas”

    Leverage industry roundtables and trend reports imagining how digital solutions can help drive strategic growth and operational efficiency. Brainstorm new opportunities and discuss their viability to create value and better experiences for your stakeholders.

    Consider:

    • Accelerate this exercise by leveraging stakeholder insights from:
      • Your corporate strategy and financial plan
      • Outputs from stakeholder interviews
      • Market research

    Avoid:

    • Don’t simply go with the existing documented strategic objectives for the business. Ensure they are up to date and interview the decision makers to validate their perspectives if needed.

    Host an Ideation Session

    Identify digitally enabled opportunities

    Industry Roundtables and Trend Reports

    Industry Trends Report

    The image contains a screenshot of phase 1 industry trends report.

    Business Documents

    The image contains a screenshot of Business Documents.

    Digital Maturity Assessment

    The image contains a screenshot of phase 2 digital maturity assessment.

    Activity: 2-4 hours

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Hold a visioning session with key business executives (e.g., CIO, CEO, CFO, CCO, and COO) and others as needed. Here is a proposed agenda of activities for the ideation session:

    1. Leverage current trend reports and relevant emerging trend reports, market analysis, and customer research to envision future possibilities.
    2. Establish guiding principles for defining your digital strategy and scope.
    3. Leverage insights from trend reports and market analysis to generate leapfrog ideas that can be turned into opportunities.
    4. For each leapfrog idea, engage in a discussion on assumptions, value drivers, benefits, and risks.

    Content Leveraged

    • Digital Trends Report
    • Industry roundtables and trend reports
    • Digital Maturity Assessment
    • Digital Business Strategy v1.0

    Deliverable:

    1. Guiding principles
    2. Strategic growth opportunities

    1.1 Executive Stakeholder Engagement

    Assemble Executive Stakeholders

    Set yourself up for success with these three steps.

    CIOs tasked with designing digital strategies must add value to the business. Given the goal of digital is to transform the business, CIOs will need to ensure they have both the mandate and support from the business executives.

    Designing the digital strategy is more than just writing up a document. It is an integrated set of business decisions to create a competitive advantage and financial returns. Establishing a forum for debates, decisions, and dialogue will increase the likelihood of success and support during execution.

    1. Confirm your role

    2. Identify Stakeholders

    3. Diverse Perspective

    The digital strategy aims to transform the business. Given the scope, validate your role and mandate to lead this work. Identify a business executive to co-sponsor.

    Identify key decision-makers and influencers who can help make rapid decisions as well as garner support across the enterprise.

    Don’t be afraid to include contrarians or naysayers. They will help reduce any blind spots but can also become the greatest allies through participation.

    1.2 Guiding Principles

    Set the Guiding Principles

    Guiding principles help define the parameters of your digital strategy. They act as priori decisions that establish the guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgets that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

    Consider these three components when brainstorming

    Breadth

    Digital strategy should span people, culture, organizational structure, governance, capabilities, assets, and technology. The guiding principle should cover a 3600 view across the entire organization.

    Planning Horizon

    Timing should anchor stakeholders to look to the long-term with an eye on the foreseeable future i.e., business value realization in one, two, and three years.

    Depth

    Needs to encompass more than the enterprise view of lofty opportunities but establish boundaries to help define actionable initiatives (i.e., individual projects).

    1.2 Guiding Principles

    Examples of Guiding Principles

    IT Principle NameIT Principle Statement
    1.Enterprise value focusWe aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    2.Fit for purposeWe maintain capability levels and create solutions that are fit for purpose without over engineering them.
    3.SimplicityWe choose the simplest solutions and aim to reduce operational complexity of the enterprise.
    4.Reuse > buy > buildWe maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
    5.Managed dataWe handle data creation and modification and use it enterprise-wide in compliance with our data governance policy.
    6.Controlled technical diversityWe control the variety of what technology platforms we use.
    7.Managed securityWe manage security enterprise-wide in compliance with our security governance policy.
    8.Compliance to laws and regulationsWe operate in compliance with all applicable laws and regulations.
    9.InnovationWe seek innovative ways to use technology for business advantage.
    10.Customer centricityWe deliver best experiences to our customers with our services and products.
    11.Digital by default We always put digital solutions at the core of our plans for all viable solutions across the organization.
    12.Customer-centricity by designWe design new products and services with the goal to drive greater engagement and experiences with our customers.

    1.3 Trend-Analysis

    Leverage strategic foresight to identify growth opportunities

    What is Strategic Foresight?

    In times of increasing uncertainty, rapid change, market volatility, and complexity, the development of strategies can be difficult. Strategic foresight offers a solution.
    Strategic foresight refers to an approach that uses a range of methodologies, such as scanning the horizon for emerging changes and signals, analyzing megatrends, and developing multiple scenarios to identify opportunities (source: OECD, 2022). However, it cannot predict the future and is distinct from:

    • Forecasting tools
    • Strategic planning
    • Scenario planning (only)
    • Predictive analyses of the future

    Why is Strategic Foresight useful?

    • Reduce uncertainties about the future
    • Better anticipate changes
    • Future-proof to stress test proposed strategies
    • Explore innovation to reveal new products, services, and approaches

    Explore Info-Tech’s Strategic Foresight Process Tool

    “When situations lack analogies to the past, it’s hard to envision the future.”

    - J. Peter Scoblic, HBR, 2020

    1.3 Trend-Analysis

    Leverage industry roundtables and trend reports to understand the art of the possible

    Uncover important business and industry trends that can inform possibilities for technology innovation.

    Explore trends in areas such as:

    • Machine Learning
    • Citizen Dev 2.0
    • Venture Architecture
    • Autonomous Organizations
    • Self-Sovereign Cloud
    • Digital Sustainability

    Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to get started.

    The image contains screenshots from Info-Tech blueprints.

    Images are from Info-Tech’s Rethinking Higher Education Report and 2023 Tech Trends Report

    1.3 Trend-Analysis

    Scan the Horizon

    Understand how the environment is evolving in your industry

    Scan the horizon to detect early signs of future changes or threats.

    Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

    Macro Trends

    A macro trend captures a large-scale transformative trend on a global scale that could impact your addressable market

    Industry Trend

    An industry trend captures specific use cases of the macro trend in relation to your market and industry. Consider this in terms of shifts in your market dynamics i.e., competitors, size, transaction, international trade, supply/demand, etc.

    Driver(s)

    A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.

    Identify signals of change in the present and their potential future impacts.

    1.3 Trend-Analysis

    Identify macro trends

    Macro trends capture a global shift that can change the market and the industry. Here are examples of macro-trends to consider when scanning the horizon for your own organization:

    Talent Availability

    Customer Expectations

    Emerging Technologies

    Regulatory System

    Supply Chain Continuity

    Decentralized workforce

    Hybrid workforce

    Diverse workforce

    Skills gap

    Digital workforce

    Multigenerational workforce

    Personalization

    Digital experience

    Data ownership

    Transparency

    Accessibility

    On-demand

    Mobility

    AI & robotics

    Virtual world

    Ubiquitous connectivity

    Genomics (nano, bio, smart….)

    Big data

    Market control

    Economic shifts

    Digital regulation

    Consumer protection

    Global green

    Resource scarcity

    Sustainability

    Supply chain digitization

    Circular supply chains

    Agility

    Outsource

    1.3 Trend-Analysis

    Determine impact and relevance of trends

    Understand which trends create opportunities or risks for your organization.

    Key Concepts:

    Once an organization has uncovered a set of trends that are of potential importance, a judgment must be made on which of the trends should be prioritized to understand their impact on your market and ultimately, the implications for your business or organization. Consider the following criteria to help you prioritize your trends.

    Impact to Industry: The degree of impact the trend will have on your industry and market to create possibilities or risks for your business. Will this trend create opportunities for the business? Or does it pose a risk that we need to mitigate?

    Relevance to Organization. The relevance of the trend to your organization. Does the trend align with the mission, vision, and business objectives of your organization?

    Activity: 2-4hours

    In order to determine which trends will have an impact on your industry and are relevant to your organization, you need to use a gating approach to short-list those that may create opportunities to capitalize on while you need to manage the ones that pose risk.

    Impact

    What does this trend mean for my industry and market?

    • Degree – how broad or narrow is the impact
    • Likelihood – the reality of disrupting an industry or market
    • Timing – when do we expect disruption?

    Relevance

    What opportunity or risk does it pose to my business/organization?

    • Significance – depth and breadth across the enterprise
    • Duration – how long is the anticipated impact?

    1.3 Trend-Analysis

    Prioritize Trends for Exploration

    The image contains a screenshot of a table to demonstrate the trends.The image contains a graph that demonstrates the trends from the table on a graph to show how to prioritze them based on relevance and impact.

    Info-Tech Insight

    While the scorecard may produce a ranking based on weighted metrics, you need to leverage the group discussion to help contextualize and challenge assumptions when validating the priority. The room for debate is important to truly understand whether a trend is a fad or a fact that needs to be addressed.

    1.3 Trend-Analysis

    Discuss the driver(s) behind the trend

    Determining the root cause(s) of a trend is an important precursor to understanding the how, why, and to what extent a trend will impact your industry and market.

    Trend analysis can be a valuable approach to reduce uncertainties about the future and an opportunity to understand the underlying drivers (forces) that may be contributing to a shift in pattern. Understanding the drivers is important to help determine implication on your organization and potential opportunities.

    The image contains a screenshot of a driver diagram.

    1.3 Trend-Analysis

    Examples of driver(s)

    INDUSTRY

    Healthcare Exemplar

    Macro Trends

    (Transformative change)

    Industry Trend

    (A pattern of change…)

    Drivers

    (“Why”….)

    Accessibility

    Increase in wait times

    Aging population leading to global workforce shortage

    New models of care e.g., diversify scope of practice

    Address capacity issues

    Understanding the drivers is not about predicting the future. Don’t get stuck in “analysis paralysis.” The key objective is to determine what opportunities and risks the trend and its underlying driver pose to your business. This will help elicit leapfrog opportunities that can be funneled into actionable initiatives.

    Other examples…

    Dimensions

    Macro-Trends

    Industry Trend

    Driver

    Social

    Demographic shift

    Global shortage of healthcare workers

    Workforce age

    Customer expectations

    Patients as partners

    Customer demographics

    Technology

    AI and robotics

    Early detection of cancer

    Patient outcomes

    Ubiquitous connectivity

    Virtual health

    Capacity

    Economic

    Recession

    Cost-savings

    Sustainability

    Consumer spending

    Value-for-money

    Prioritization

    Environment

    Climate change

    Shift in manufacturers

    ESG compliant vendors

    Pandemic

    Supply chain disruption

    Local production

    Political

    Regulatory

    Consolidation of professional colleges

    Operational efficiency

    De-regulation

    New models of care

    New service (business) model

    1.3 Trend-Analysis

    Case Study

    Industry

    Healthcare

    Artificial Intelligence (AI) in Precision Medicine (Genomics)

    Precision Medicine has become very popular over the recent years fueled by research but also political and patient demands to focus more on better outcomes vs. profits. A cancer care center in Canada wanted to look at what was driving this popularity but more importantly, what this potentially meant to their current service delivery model and operations and what opportunities and risks they needed to address in the foreseeable future. They determined the following drivers:

    • Improve patient outcomes
    • Earlier detection of cancer
    • Better patient experience
    • Ability to compute vast amounts of data to reduce manual effort and errors
    • Accelerate from research to clinical trials to delivery

    The image contains a screenshot of AI in Genomics.

    1.3 Trend-Analysis

    INDUSTRY

    Healthcare Exemplar

    Category

    Macro-Trends

    Industry Trends

    (Use-Case)

    Drivers

    Impact to Industry

    Impact to Business

    Talent Availability

    Diverse workforce

    Aboriginal health

    Systemic inequities

    Brand and legal

    Policies in place

    Hybrid workforce

    Virtual care

    COVID-19 and infectious disease

    New models of care

    New digital talent

    Customer Expectation

    Personalization

    On-demand care

    Patient experience

    Patients as consumers

    New operating model

    Digital experience

    Patient portals

    Democratization of data

    Privacy and security

    Capacity

    Emerging Technologies

    Internet of Things (IoT)

    Smart glucometers

    Greater mobility

    System redesign

    Shift from hospital to home care

    Quantum computing

    Genomic sequencing

    Accelerate analysis

    Improve quality of data analysis

    Faster to clinical trial and delivery

    Regulatory System

    Consumer protection

    Protect access to sensitive patient data

    HIPPA legislation

    Restrict access to health record

    Electronic health records

    Global green

    Green certification for redev. projects

    Political optics

    Higher costs

    Contract management

    Supply Chain

    Supply chain disruptions

    Surgical strategic sourcing

    Preference cards

    Quality

    Organizational change management

    New pharma entrants

    Telco’s move into healthcare

    Demand/supply

    Funding model

    Resource competition

    Sample Output From Trend Analysis

    1.3 Elicit New Opportunities

    Leapfrog into the future

    Turn trends into growth opportunities.

    To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

    In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

    “The best way to predict the future is to invent it.”

    – Alan Kay

    Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors, who are unable to mobilize to respond to the opportunities.

    1.3 Elicit New Opportunities

    Funnel trends into leapfrog ideas

    Go from trend insights into ideas for opportunities

    Brainstorm ways to generate leapfrog ideas from trend insights.

    Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

    To identify the impact the trend has on the organization, consider the four areas of growth for the organization:

    1. New Customers: Leverage the trend to target new customers for existing products or services.
    2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
    3. New Markets: Enter or create new markets by applying existing products or services to different problems.
    4. New Product or Service Offerings: Introduce new products or services to the existing market.

    1.3 Elicit New Opportunities

    INDUSTRY: Healthcare

    SOURCE: Memorial Sloan Kettering Cancer Center

    Case Study

    Machine Learning Sensor to Sniff Out Cancer

    Challenge

    Solution

    Results

    Timely access to diagnostic services is a key indicator of a cancer patient’s prognosis i.e., outcome. Early detection of cancer means the difference between life and death for cancer patients.

    Typically, cancer biomarkers need to be present to detect cancer. Often the presence of these biomarkers is late in the disease state when the cancer cells have likely spread, resulting in suspicions of cancer only when the patient does not feel well or suspects something is wrong.

    Researchers in partnership with IBM Watson at Memorial Sloan Kettering Cancer Center (MSK) have created a tool that can sniff for and identify cancer in a blood sample using machine learning.

    Originally, MSK worked with IBM Watson to identify machine learning as an emerging technology that could drive early cancer detection without the use of cancer biomarkers. But they needed to find specific use cases. After a series of concept prototypes, they were able to use machine learning to detect patterns in blood cells vs. cancer biomarkers to detect cancer disease.

    Machine learning was an emerging trend that researchers at MSK felt held great promise. They needed to turn the trend into tangible opportunities by identifying some key use cases that could be prototyped.

    Computational tools in oncology have the ability to greatly reduce clinician labor, improve the consistency of variant classification, and help accelerate the analytics of vast amounts of clinical data that would be prone to errors and delays when done manually.

    From trends to leapfrog ideas

    Additional Examples in the Appendix

    Example of leapfrog ideas that can generate opportunities for consideration

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New stakeholder segment

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services and experiences

    Virtualize Registration

    Empower patients as consumers of healthcare partners

    Direct B2C to close gap between providers and patients by removing middle administrative overhead.

    24/7 On-Demand Patient Portal

    Leverage AI to develop chatbots and on-demand

    Phase 1: Deliverable

    Phase 1 Deliverable

    Example of output from phase 1 ideation session

    Business Objectives

    New Customers

    (Customer Experience)

    New Markets

    (Health Outcomes)

    New Business or

    Operating Models

    (Operational Excellence)

    New Service Offering

    (Value for Money)

    Description:

    Focus on improving experiences for patients and providers

    Improve quality and standards of care to continually drive better health outcomes

    Deliver care better, faster, and more efficiently

    Reduce cost per capital of delivery care and increase value for services

    Trends:

    • Global workforce shortage due to ageing demographics
    • Clinicians are burnt-out and unable to practice at the top of their profession
    • On-demand care/mobile/wearables
    • Virtual care
    • Faster access to quality service
    • Help navigating complex medical ecosystem from primary to acute to community
    • Standardize care across regions
    • New models of care to expand capacity
    • Improve medication errors
    • Opportunities to use genomics to design personalized medicine
    • Automate tasks
    • Leverage AI and robotics more effectively
    • Regulatory colleges consolidation mandate
    • Use data and analytics to forecast capacity and health outcomes
    • Upskill vs. virtualize workforce
    • Payment reform i.e., move to value-based care vs. fee-for-service
    • Consolidation of back-office functions like HR, supply chain, IT, etc. to reduce cost i.e., shared services model

    Digital Opportunities:

    1. Virtual health command center
    2. Self-scheduling patient portal
    3. Patient way-finder
    4. Smart glucometer for diabetes
    1. Machine learning for early detection of cancer
    2. Visualization tools for capacity planning and forecasting
    3. Contact tracing apps for public health
    1. Build advanced analytics capabilities with new skills and business intelligence tools
    2. Pharmacy robotics
    3. Automate registration
    1. Automate provider billing solution
    2. Payment gateways – supplier portal in the cloud

    Phase 2

    Evaluate Opportunities and Business Capabilities

    Build a better understanding of the opportunities and their impact on your business.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 2

    Evaluate Opportunities and Business Capabilities

    2.1

    CREATE OPPORTUNITY PROFILES

    Evaluate each opportunity

    Some opportunities will have an immediate and significant impact on your business. Some may have a significant impact but on a longer time scale or some may be unlikely to have a significant impact at all. Understanding these trends is an important context for your digital business strategy.

    Consider:

    • Does this opportunity conform with your guiding principles?
    • Can this opportunity feasibly deliver the anticipated benefits?
    • Is this opportunity desired by your stakeholders?

    Avoid:

    • Overly vague language. Opportunities need to be specific enough to evaluate what impact they will have.
    • Simply following what competitors are doing. Be ambitious and tailor your digital strategy to your organizational values, goals, and priorities.
    2.2

    UNDERSTAND THE IMPACT OF OPPORTUNITIES ON BUSINESS CAPABILITIES

    Understand the impact across your value chains

    Each opportunity has the potential to impact multiple areas of your business. Prioritize where to start acting on new opportunities based on your business objectives and capabilities. You need to assess their impacts across value chains. Does the opportunity impact existing value chain(s) or create a new value chain?

    Consider:

    • How well does this opportunity align with your digital vision, mission, and goals?
    • What will be the overall impact of this opportunity?
    • How urgently must you act?

    Avoid:

    • Guessing. Validate assumptions and use clear, unbiased information to make decisions. Info-Tech has extensive resources to assist in evaluating trends, opportunities, and solutions.
    • Making everything a high priority. Most organizations can only prioritize one to two initiatives at a time.

    2.1 Build an opportunity profile

    Evaluate each opportunity

    Discussion Framework:

    In your discussion, evaluate each opportunity to assess assumptions, value drivers, and benefits.

    Ideas matter, but not all ideas are created equal. Now that you have elicited opportunities, discuss the assumptions, risks, and benefits associated with each new digital opportunity.

    Design Thinking

    Leverage the guiding principles as the guardrails to limit the scope of your new digital opportunities. You may want to consider taking a design-thinking approach to innovation by discussing the merits of each opportunity based on:

    • DesirabilityDesirability: People want it. Does the solution enable the organization to meet the expectations of stakeholders?
    • Feasibility
    • Feasibility: Able to Execute. Do we have the capabilities to deliver e.g., the right skills, partners, technology, and leadership?

    • Viability
    • Viability: Delivers Value. Will this idea meet business goals e.g., cost, revenue, and benefits?

    Source: Adapted from IDEO

    Transform the Business

    Must Prioritize

    Should Plan

    Drive Digital Experiences

    Build Digital Capabilities

    High Value/Low Complexity

    • stakeholders want it
    • easy to implement
    • capabilities exist to deliver
    • creates significant value
    • strategic growth = competitive advantage

    High Value/High Complexity

    • customers want it
    • not easy to implement without carefully planning
    • need to invest in developing capabilities
    • Competitive differentiator

    Low Value/Low Complexity

    • stakeholders don’t want it
    • easy to implement but takes resources away from priority
    • some capabilities exist
    • creates marginal value
    • minimal growth

    Low Value/High Complexity

    • stakeholders don’t want it
    • difficult to implement
    • need to invest in developing capabilities
    • no real strategic growth

    Could Have

    Don’t Need

    Transform Operations

    IMPACT

    COMPLEXITY

    Source: Adapted from MoSCoW prioritization model

    Exemplar: Opportunity Profile

    Example:

    An example of a template to capture the output of discussion.

    Automate the Registration Process Around Admission, Discharge, and Transfer (ADT)

    Description of Opportunity:

    ADT is a critical function of registration that triggers patient identification to support services and billing. Currently, ADT is a heavily manual process with a high degree of errors as a result of human intervention. There is an opportunity to leverage intelligent automation by using RPA and AI.

    Alignment With Business Objectives

    Improve patient outcome

    Drive operational efficiency and effectiveness

    Better experiences for patients

    Business Architecture

    This opportunity may impact the following business capabilities:

    • Referral evaluation
    • Admission, discharge, and transfer management
    • Scheduling management
    • Patient registry management
    • Provider registry management
    • Patient billing
    • Provider billing
    • Finance management
    • EHR/EMR integration management
    • Enterprise data warehouse for reporting
    • Provincial/state quality reporting

    Benefits & Outcomes

    • Reduce errors by manual registration
    • Improve turnaround time for registration
    • Create a consistent customer experience
    • Improve capacity
    • Virtualize low-value work

    Key Risks & Assumptions

    • Need to add skills & knowledge to maintain systems
    • Perception of job loss or change by unions
    • assume documentation of standard work for automation vs. non-standard

    Opportunity Owner

    VP, Health Information Management (HIM)

    Incremental Value

    Reduce errors in patient identity

    • Next Steps
    • Investigate use cases for RPA and AI in registration
    • Build business case for funding

    2.2 Business capabilities impact

    Understand the impact on your business capabilities

    Each opportunity has the potential to impact multiple areas of your business. Prioritize where to start acting on new opportunities based on your business objectives and capabilities.

    You will need:

    Industry Reference Architecture.Industry Reference Architecture

    Activity: 1-2 hours

    1. Using your industry reference architecture, highlight the business capabilities that may be impacted by the opportunity. Use a value chain analysis approach to help with this exercise.
    2. Referring to your Prioritized Opportunities for Transformation, prioritize areas to transform. Priority should be given to low maturity areas that are highly or urgently relevant to your overall strategic goals.
    +
    Prioritized Opportunities for Transformation.Prioritized Opportunities for TransformationPrioritized Business Capability Map.

    2.2 Business capabilities impact

    Start with a value chain analysis

    This will help identify the impact on your business capabilities.

    As we identify and prioritize the opportunities available to us, we need to assess impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?

    The image contains a screenshot of the value chain analysis.

    The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.

    As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.

    Exemplar: Prioritized Business Capability Map

    The image contains a screenshot of the exemplar prioritized business capability map.

    In this example, intelligent automation for referral and admission would create opportunity to virtualize repeatable tasks.

    Phase 3

    ETransform Stakeholder Journeys

    Understand the impact of opportunities across the value chain and possibilities of new or better stakeholder experiences.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 3

    Identify opportunities to transform stakeholder experiences

    3.1 IDENTIFY STAKEHOLDER PERSONA

    Understand WHO gains value from the value chain

    To define a stakeholder scenario, you need to understand whom we are mapping for. Developing stakeholder personas is a great way to understand their needs through a lens of empathy.

    Consider:

    • Keep your stakeholder persona groupings to the core clusters typical of your industry.
    • See it from their perspective not the business’s.

    Avoid:

    • Don’t create a multitude of personas based on discrete nuances.
    3.2 BUILD A STAKEHOLDER JOURNEY

    Identify opportunities to transform the stakeholder experience

    A stakeholder or customer journey helps teams visualize the impact of a given opportunity through a value chain. This exercise uncovers the specific initiatives and features that should be considered in the evolution of the digital strategy.

    Consider:

    • Which stakeholders may be most affected by this opportunity?
    • How might stakeholders feel about a given solution as they move through the journey? What pain points can be solved?

    Avoid:

    • Simply listing steps in a process. Put yourself in the shoes of whoever’s journey you are mapping. What do they care about?
    • Choosing a stakeholder with limited involvement in the process.
    3.3 BREAKDOWN OPPORTUNITIES INTO INITIATIVES ALIGNED TO BUSINESS OBJECTIVES

    Unlock key initiatives to deliver value

    Opportunities need to be broken down into actionable initiatives that can be turned into business cases with clear goals, benefits realization, scope, work plans, and investment ask.

    Consider:

    • Multiple initiatives can be grouped into one opportunity that is similar or in phases.
    • Ensure the initiatives support and enable the business goals.

    Avoid:

    • Creating a laundry list of initiatives.
    • Initiatives that don’t align with business goals.

    Map Stakeholder Journey

    Conduct a journey mapping exercise to further refine and identify value streams to transform.

    Stakeholder Journey Mapping

    Digital Business Strategy Blueprint

    Activity: 4-6 hours

    Our analysts can guide and support you, where needed.

    1. First download the Define Your Digital Business Strategy blueprint to review the Stakeholder Journey Mapping exercise.
    2. Identify a stakeholder persona and a one-journey scenario.
    3. Map a stakeholder journey using a single persona across one-journey scenarios to identify pain points and opportunities to improve experiences and generate value.
    4. Consolidate a list of opportunities for business case prioritization.

    Key Concepts:

    Value Stream: a set of activities to create and capture value for and from the end consumer.

    Value Chain: a string of end-to-end processes that creates value for the consumer.

    Journey Scenario: a specific use case across a value chain (s).

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Stakeholder Persona.Stakeholder Persona

    1-Journey Use Case.1-Journey Use Case

    Map Stakeholder Journey 
Map Stakeholder Journey

    Content Leveraged

    • Stakeholder Persona
    • Journey Use Case
    • Map Stakeholder Journey

    Deliverable:

    1. Guiding principles
    2. Strategic growth opportunities

    Download the Define Your Digital Business Strategy blueprint for Customer Journey Mapping Activities

    3.1 Persona identification

    Identify a stakeholder persona and journey scenario

    From value chain to journey scenario.

    Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.

    A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.

    A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.

    Learn more about applying design thinking methodologies

    3.1 Persona identification

    Identify a stakeholder persona

    Who are you transforming for?

    To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.

    One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.

    For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.

    Info-Tech Insight

    Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.

    3.1 Persona identification

    Identify stakeholder scenarios to map

    For your digital strategy, leverage the existing and opportunity value chains identified in phases 1 and 2 for journey mapping.

    Identify two existing value chains to be transformed.

    In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a registration clerk who is part of the Health Information Management team responsible for registering and adjudicating patient identity.

    The image contains a screenshot example of two existing value chains to be transformed.

    Identify one new value chain.

    In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain.

    The image contains a screenshot of one value chain.

    3.1 Persona identification

    Example Stakeholder Persona

    Stakeholder demographics

    Name: Anne

    Age: 35

    Occupation: HIM Clerk

    Location: Unity Hospital System

    Pains

    What are their frustrations, fears, and anxieties?

    • Volume of patients to schedule
    • Too many applications to access
    • Data quality is an error
    • Extensive manual entry of data prone to errors
    • Disruptions with calls from patients, doctors, and FOI requests

    What do they need to do?

    What do they want to get done? How will they know they are successful?

    • Automate some non-valuable tasks that can also reduce human errors. Allow patients to self-schedule online or answer FAQs via a chatbox. Would love to have a virtual triage to alleviate volume of calls and redirects.

    Gains

    What are their wants, needs, hopes, and dreams?

    • Reduce errors in data entry for patient identity (reduce manual look-ups).
    • Have standard requests go through a chatbot.
    • Have physicians automate billing through front-end speech recognition software.

    3.1 Persona identification

    Define a journey statement for mapping

    Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.

    Leverage the following format to define the journey statement.

    “As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].”

    The image contains a screenshot of a journey statement for mapping.

    3.2 Stakeholder Journey-Map

    Leverage customer journey mapping to capture value chains to be transformed

    Conduct a journey mapping exercise to identify opportunities for innovation or automation.

    A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.

    The image contains a screenshot of an example of journey mapping.

    Embrace design-thinking methodologies to elevate the stakeholder journey and build a competitive advantage for your organization.

    3.2 Stakeholder Journey-Map

    Key Concepts

    0. Name: Annie Smith

    Age: 35

    Occupation: HIM Registration Clerk for Unity Hospital System

    Key Concepts.0.Stakeholder Persona

    A fictitious profile of a representative stakeholder group that shares a common yet discrete set of characteristics that embodies how they think, feel, and act.

    1. Journey (Value Chain)

    Describes the end-to-end steps or processes that a customer takes across the value chain that groups a set of activities, interactions, touch-points, and experiences.

    2. Persona’s Goals

    Exemplifies what the persona is thinking and wanting across each specific step of their journey.

    3. Nature of Activity (see detailed definition in this section)

    This section captures two key components: 1) the description of the action or interaction between the personas to achieve their goals, and 2) the classification of the activity to determine the feasibility for automation. The type is based on four main characteristics: 1) routine cognitive, 2) non-routine cognitive , 3) routine manual, and 4) non-routine manual.

    4. Type of Touch-Point

    The channel by which a persona interacts or touches products, services, the organization, or information.

    5. Key Moments & Pain Points

    Captures the emotional experience and value of the persona across each step and interaction.

    6. Metrics

    This section captures the KPIs used to measure the experience, process or activity today. Future KPIs will need to be developed to measure the opportunities.

    7. Opportunities refer to both the possible initiatives to address the persona’s pain points, and the ability to enable business goals.

    3.2 Stakeholder Journey-Map

    Opportunities for Automation: Nature of Activity

    Example
    We identified opportunities for automation

    Categorize the activity type to identify opportunities for automation. While there is no perfect framework for automation, this 4x4 matrix provides a general guide to identifying automation opportunities for consideration.

    Automation example list.Automation Quadrant Analysis

    Info-Tech Insight

    Automation is more than a 1:1 relationship between the defined task or job and automation. When considering automation, look for opportunities to: 1) streamline across multiple processes, 2) utilize artificial intelligence to augment or virtualize manual tasks, and 3) create more structured data to allow for improved data quality over the long-term.

    3.2 Stakeholder Journey-Map

    Example of stakeholder journey output: Healthcare

    Stakeholder: HIM Clerks

    Journey: Follow-up visit of 80-year-old diabetes patient at diabetic clinic outpatient

    Journey

    (Value Chain)

    AppointmentRegistrationIdentity ReconciliationEligibility VerificationTreatment Consult

    Persona’s Goals

    • Confirm appointment
    • Verify referral through provider registry
    • Request medical insurance or care card
    • Enroll patient into CIS
    • Patient registry validation
    • Secondary identification request
    • Verify eligibility through the patient registry
    • Schedule follow referrals & appointments
    • Coding for billing

    Nature of Activity

    Priority

    Priority

    Investigate – ROI

    Investigate – ROI

    Defer

    Type of Touchpoint

    • Telephone (land/mobile)
    • Email
    • CIS Application
    • Verbal
    • Patient registry system
    • Telephone
    • Patient and provider registry
    • CIS
    • Email, call, verbal
    • Physician billing
    • Hospital ERP
    • CIS
    • Paper appointments

    Pain Points & Gains

    • Volume of calls
    • Manual scheduling
    • Too many applications
    • Data entry errors
    • Limited languages
    • Too many applications
    • Data entry errors
    • Too many applications
    • Limited languages
    • Ask patients to repeat info
    • Data entry errors
    • Too many applications
    • Limited languages
    • Ask patients to repeat info
    • Patient identity not linked to physician billing
    • Manual coding entry

    Metrics

    Time to appointment

    Time to enrollment

    Patient mis-match

    Provider mis-match

    Percentage of errors in billing codes

    Opportunities

    • Patient scheduling portal (24/7)
    • Use of AI and chatbots
    • Automate patient matching index digitalization and integration
    • Automate provider matching index digitalization and integration
    • Natural language processing using front-end speech recognition software for billing

    Break opportunities into a series of initiatives aligned to business objectives

    Opportunity 1

    Virtual Registration

    »

    Business Goals

    Initiatives

    Health Outcomes

    Stakeholder Experience

    New Models of Care

    Operational Efficiency

    • Enterprise master patient index integration with patient registry
    • Intelligent automation for outpatient department
    • Customer service chat box for triage FOI1
    • Front-end speech recognition for billing (FESR)

    Opportunity 2

    Machine Learning Pre-Cancer Diagnosis

    »

    Business Goals

    Initiatives

    Health Outcomes

    Stakeholder Experience

    New Models of Care

    Operational Efficiency

    • Enterprise Datawarehouse architecture (build data lake)
    • Build genomics analytics capabilities e.g., recruitment, data-quality review
    • Implementation of machine learning software
    • Supply chain integration with ERP for medical and research supplies
    FOI = Freedom of Information

    Info-Tech Insight

    Evaluate if an opportunity will require a series of discrete activities to execute and/or if they can be a stand-alone initiative.

    Now you are ready to select and prioritize digital initiatives for business case development

    After completing all three phases of activities in this blueprint, you will have compiled a list of new and planned digital initiatives for prioritization and business case development in the next phase.

    Consolidated List of Digital Initiatives.

    Example: Consolidated List of Digital Initiatives

    The next step will focus on prioritizing and building a business case for your top digital initiatives.

    IT Roadmap for your Digital Business Strategy.

    Appendix: Additional Examples

    From trend to leapfrog ideas

    Every idea is a good one, unless you need one that works.

    Additional Examples
    Examples of leapfrog ideas that can generate opportunities for consideration

    Example 1 Finance

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    Open banking

    Account integrators (AISPs)

    Payment integrators
    (PISPs)

    Data monetization

    Social payments

    Example 2: Retail

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    Virtual cashier

    (RFID Enablement)

    Big-box retailers

    Brick & mortar stores

    Automated stores driving new customer experiences

    Digital cart

    From trend to leapfrog ideas

    Every idea is a good one, unless you need one that works.

    Additional Exemplars in Appendix

    Examples of leapfrog ideas that can generate opportunities for consideration

    Example 3:

    Manufacturing

    Trend

    New Customer

    New Market

    New Business or

    Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    IT/OT convergence

    Value-added resellers

    New geographies

    Train quality-control algorithms and sell as a service to other manufacturers

    Quality control as a service

    Case Study: International Airport

    Persona Journey Map: International/Domestic Departure

    Persona: Super Traveler

    Name: Annie Smith

    Age: 35

    Occupation: Engineer, Global Consultant

    Journey Activity Name: Inspired to Travel

    Persona’s Goals

    What Am I Thinking?

    • I am planning on traveling to Copenhagen, Denmark for work.
    • It’s my first time and I need to gather information about the destination, accommodation, costs, departure information, bag weight, etc..

    Nature of Activity

    What Am I Doing?

    • Logging onto airline website
    • Confirming departure gates

    Type of Touchpoint

    • Airport rewards program
    • Airport Website
    • Online hotel eCommerce
    • Social media
    • Transportation services on mobile

    Key moments & pain points

    How Am I Feeling?

    • Frustrated because the airport website is difficult to navigate to get information
    • Annoyed because there is no FAQ online and I have to call; there’s a long wait to speak to someone.
    • Stress & uncertainty (cancellation, logistics, insurance, etc..)

    Metrics

    • Travel dates
    • Trip price & budget

    Opportunities

    • Tailored communication based on search history
    • Specific messaging (e.g., alerts for COVID-19, changes in events, etc.)
    • Interactive VR experience that guides customers through the airport as a navigator

    Related Info-Tech Research

    Tech Trends and Priorities Research Center

    • Access Info-Tech’s Tech Trends reports and research center to learn about current industry trends, shifts in markets, and disruptions that are impacting your industry and sector. This is a great starting place to gain insights into how the ecosystem is changing your business and the impact of these changes on IT.

    Digital Business Strategy

    • Leverage Info-Tech’s Digital Business Strategy to identify opportunities to transform the customer experience.

    Industry Reference Architecture

    • Access Info-Tech’s Industry coverage to accelerate your understanding of your business capabilities and opportunities for automation.

    Contact Your Account Manager

    Research Contributors and Experts

    Joanne Lee

    Joanne Lee

    Principal, Research Director, CIO Strategy

    Info-Tech Research Group

    Kim Osborne-Rodgriguez

    Kim Osborne-Rodgriguez

    Research Director, CIO Strategy

    Info-Tech Research Group

    Joanne is an executive with over 25 years of in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.

    Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG’s CIO management consulting services and the Western Canada Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.

    Joanne holds a Master’s in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach to digital transformation, with a track record of supporting successful implementations.

    Kim holds a Bachelor’s degree in Mechatronics Engineering from University of Waterloo.

    Research Contributors and Experts

    Jack Hakimian

    Jack Hakimian

    Vice President, Research

    Info-Tech Research Group

    Charl Lombard.

    Charl Lombard

    President, Digital Transformation Consulting

    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.

    Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.

    Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Charl has more than 20 years of professional services experience, “majoring” in digital transformation and strategic topics. He has led multiple successful Digital Transformation programs across a range of industries like Information technology, hospitality, Advanced Industries, High Tech, Entertainment, Travel and Transport, Insurance & Financial Services, Metals & Mining, Electric Power, Renewable Energy, Telecoms, Manufacturing) across different geographics (i.e., North America, EU, Africa) in both private and public sectors.

    Prior to joining Info-Tech Research Group, Charl was the Vice President of Global Product Management and Strategy (Saber Hospitality Solution), Associate President, McKinsey Transformation Practice, e-Business Practice for PwC, and tech start-up founder and investor.

    Charl is a frequent speaker at innovation and digital transformation conferences and holds an MBA from the University of Cape Town Graduate School of Business, and a bachelor’s degree from the University of Pretoria, South Africa.

    Research Contributors and Experts

    Mike Tweedie

    Mike Tweedie

    Practice Lead, CIO Strategy

    Info-Tech Research Group

    Michael Alemany

    Michael Alemany

    Vice President, Digital Transformation Consulting

    Info-Tech Research Group

    Mike Tweedie brings over 25 years of experience as a technology executive. He’s led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor’s degree in Architecture from Ryerson University.

    Michael is a leader in Info-Tech’s digital transformation consulting practice. He brings over 10 years of experience working with companies across a range of industries. His work experience includes ~4.5 years at McKinsey & Company where he led large-scale transformations for fortune 500 companies. Prior to joining Info-Tech, he worked for Sabre Corp., an SaaS platform provider for the travel and hospitality sector, leading Product Strategy & Operations. Michael holds an MBA from the Tuck School of Business at Dartmouth and a B.S in Business Strategy from Brigham Young University.

    Research Contributors and Experts

    Duane Cooney

    Duane Cooney

    Executive Counselor, Healthcare

    Info-Tech Research Group

    Denis Goulet

    Denis Goulet

    Senior Workshop Director

    Info-Tech Research Group

    Duane brings over 30 years of experiences a healthcare IT leader with a passion for the transformation of people, processes, and technology. He has led large-scale health technology transformation and operations across the enterprise. Before joining Info-Tech, Duane served as the Deputy CIO, Senior Information Technology Director, and Enterprise Architect for both public not-for-profit and private sectors. He has a Bachelors in Computer Science and is a graduate of EDS Operations. He holds certifications in EHR, LEAN/Agile, ITIL, and PMP.

    Denis is an IAF Certified Professional Facilitator who has helped organizations and technology executives develop IT strategies for small to large global enterprises. He firmly believes in a collaborative value-driven approach. Prior to joining Info-Tech Research Group, Denis held several industry positions as CIO, Chief Administrative Office (City Manager), General Manager, and Vice President of Engineering. Denis holds an MBA from Queen’s University and a Diploma in Technology Engineering and Executive Municipal Management.

    Jay Cappis.

    Jay Cappis

    Executive Advisor, Real-Estate

    Info-Tech Research Group

    Christine Brick.

    Christine Brick

    Executive Advisor, Financial Services
    Info-Tech Research Group

    Jay brings over 30 years of experience in management and technology across small and medium enterprises to large global enterprises including Exxon and Xerox. His cross-industry experience includes professional services, commercial real estate, oil and gas, digital start-ups, insurance, and aerospace. Jay has led business process improvements and change management and has expertise in software development lifecycle management and DevOps practices.

    Christine brings over 20 years in IT transformation across DevOps, infrastructure, operations, supply chain, IT Strategy, modernization, cost optimization, data management, and operational risk. She brings expertise in business transformation, mergers and acquisitions, vendor selection, and contract management.

    Bibliography

    Bhatia, AD. “Transforming through disruptions: A conversation with Dan Antonelli. Transformation Insights.” McKinsey & Company. January 31, 2022. Web
    Bertoletti, Antonella and Peter Eeles. “Use an IT Maturity Model.” IBM Garage Methodology. Web. accessed May 30, 2022.
    Catlin, Tanguy, Jay Scanlan, and Paul Willmott. “Raising your Digital Quotient.” McKinsey Quarterly. June 1, 2015. Article
    Custers, Heidi. “Digital Blueprint. Reference Architecture. Deloitte Digital.Accessed May 15, 2022.
    Coundouris, Anthony. “Reviewed: The Top 5 Digital Transformation Frameworks in 2020.” Run-frictionless Blog. Accessed May 15, 2022. Web.
    Daub, Matthias and Anna Wiesinger. “Acquiring the Capabilities you need to go digital.” Business Technology Office – McKinsey and Company. March 2015. Web.
    De La Boutetiere, Alberto Montagner and Angelika Reich. “Unlocking success in digital transformations.” McKinsey and Company. October 2018. Web.
    “Design Thinking Defined.” IDEO.com. November 21, 2022. Web.
    Dorner, Karle and David Edelman. “What ‘Digital’ really means.” McKinsey Digital. July 2015. Web
    “Everything Changed. Or Did it? Harvey Nash KPMG CIO Survey 2020.” KPMG, 2020
    Kane, Gerald C., Doug Palmer, Ahn Nguyen Phillips, David Kiron, Natasha Buckley. “Aligning the organization for its digital future.” Findings from the 2016 Digital Business Global Executive Study and Research Project. MIT Sloan Management Review. July 26, 2016. Web
    LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021
    Mindtools Content Team. “Cause and Effect Analysis.” Mindtools.com. November 21, 2022. Web.
    “Strategic Foresight.” OECD.org. November 21, 2022, Web
    Sall, Sherman, Dan Lichtenfeld. “The Digital ME Method. Turning digital opportunities into customer engagement and business growth.” Sygnific. 2017. Web.
    Scoblic, J. Peter. “Learning from the Future. How to make robust strategy in times of deep uncertainty.” Harvard Business Review, August 2020.
    Silva, Bernardo and Schoenwaelder, Tom. ‘Why Good Strategies fail. Addressing the three critical strategic tensions.” Deloitte Monitor Group. 2019.

    Fix Your IT Culture

    • Buy Link or Shortcode: {j2store}518|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $32,499 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Go beyond value statements to create a culture that enables the departmental strategy.
    • There is confusion about how to translate culture from an abstract concept to something that is measurable, actionable, and process driven.
    • Organizations lack clarity about who is accountable and responsible for culture, with groups often pointing fingers at each other.

    Our Advice

    Critical Insight

    • When it comes to culture, the lived experience can be different from stated values. Culture is the pattern of behaviors and the way work is done rather than simply perks, working environment, and policy.
    • Executives’ active participation in culture change is paramount. If executives aren’t willing to change the way they behave, attempts to shift the culture will fail.
    • Elevate culture to a business imperative. Foster a culture that is linked to strategy rather than trying to replicate the hot culture of the moment.
    • Target values that will have the greatest impact. Select a few focus values as a guide and align all behaviors and work practices to those values.

    Impact and Result

    • Executives need to clarify how the culture they want will help achieve their strategy and choose the focus values that will have the maximum impact.
    • Measure the current state of culture and facilitate the process of leveraging existing elements while shifting undesirable ones.

    Fix Your IT Culture Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should improve your culture to enable your strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assessment: Determine current culture and identify focus values

    Complete a cultural assessment and select focus values to form core culture efforts.

    • Culture Documentation Template
    • IT Departmental Values Survey
    • IT Culture Diagnostic
    • Cultural Assessment Report Template

    2. Tools: Give IT executives the tools to drive change

    Enable executives to gather feedback on behavioral perceptions and support behavioral change.

    • Executive Reflection Template

    3. Behavioral Alignment: Align IT behaviors to the desired culture

    Review all areas of the department to understand where the links to culture exist and create a communication plan.

    • Standard Internal Communications Plan
    • IT Competency Library
    • Leadership Competency Library

    4. Sustainment: Disseminate and manage culture within the department

    Customize a process to infuse behaviors aligned with focus values in work practices and complete the first wave of meetings.

    • Culture Facilitation Guide for Leaders
    [infographic]

    Understand the Difference Between Backups and Archives

    • Buy Link or Shortcode: {j2store}506|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • You don’t understand the difference between a backup and an archive or when to use one or the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that was in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?

    Our Advice

    Critical Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks, but recovery and discovery are capabilities the business wants and is willing to pay for.

    Impact and Result

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Understand the Difference Between Backups and Archives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the Difference Between Backups and Archives

    What is the difference between a backup and a data archive? When should I use one over the other? They are not the same and confusing the two concepts could be expensive.

    • Understand the Difference Between Backups and Archives Storyboard
    [infographic]

    Further reading

    Understand the Difference Between Backups and Archives

    They are not the same, and confusing the two concepts could be expensive

    Analyst Perspective

    Backups and archives are not interchangeable, but they can complement each other.

    Photo of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group.

    Backups and archives are two very different operations that are quite often confused or misplaced. IT and business leaders are tasked with protecting corporate data from a variety of threats. They also must conform to industry, geographical, and legal compliance regulations. Backup solutions keep the data safe from destruction. If you have a backup, why do you also need an archive? Archive solutions hold data for a long period of time and can be searched. If you have an archive, why do you also need a backup solution? Backups and archives used to be the same. Remember when you would keep the DAT tape in the same room as the argon gas fire suppression system for seven years? Now that's just not feasible. Some situations require a creative approach or a combination of backups and archives.

    Understand the difference between archives and backups and you will understand why the two solutions are necessary and beneficial to the business.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • You don’t understand the difference between a backup and an archive or when to use one over the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that had been in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?
    Common Obstacles
    • Storage costs can be expensive, as can some backup and archiving solutions.
    • Unclear requirements definition to decide between backups or archives.
    • Historically, people referred to archiving as tossing something into a box and storing it away indefinitely. Data archiving has a different meaning.
    • Executives want retired applications preserved but do not provide reasons or requirements.
    Info-Tech’s Approach
    • Spend wisely. Why spend money on an archive solution when a backup will suffice? Don’t leave money on the table.
    • Be creative and assess each backup or archive situation carefully. A custom solution may be required.
    • Backup your production data for the purpose of restoring it and adhere to the 3-2-1 rule of backups (Naviko.com).
    • Archive your older data to an alternate storge platform to save space, allow for searchability, and provide retention parameters.

    Info-Tech Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks but recovery and discovery are capabilities the business wants and is willing to pay for.

    Archive

    What it IS

    A data archive is an alternate location for your older, infrequently accessed production data. It is indexed and searchable based on keywords. Archives are deleted after a specified period based on your retention policy or compliance directives.

    What it IS NOT

    Archives are not an emergency copy of your production data. They are not any type of copy of your production data. Archives will not help you if you lose your data or accidentally delete a file. Archives are not multiple copies of production data from various recovery points.

    Why use it

    Archives move older data to an alternate location. This frees up storage space for your current data. Archives are indexed and can be searched for historical purposes, compliance reasons, or in the event of a legal matter where specific data must be provided to a legal team.

    Tips & Tricks – Archiving

    • Archiving will move older data to an alternate location. This will free up storage space in the production environment.
    • Archiving solutions index the data to allow for easier searchability. This will aid in common business searches as well as assist with any potential legal searches.
    • Archiving allows companies to hold onto data for historical purposes as well as for specific retention periods in compliance with industry and regional regulations such as SOX, GDPR, FISMA, as well as others (msp360.com).

    Backup

    What it IS

    A backup is a copy of your data from a specific day and time. It is primarily used for recovery or restoration if something happens to the production copy of data. The restore will return the file or folder to the state it was in at the time of the backup.

    Backups occur frequently to ensure the most recent version of data is copied to a safe location.

    A typical backup plan makes a copy of the data every day, once a week, and once a month. The data is stored on tapes, disk, or using cloud storage.

    What it IS NOT

    Backups are not designed for searching or discovery. If you backup your email and must go to that backup in search of all email pertaining to a specific topic, you must restore the full backup and then search for that specific topic or sender. If you kept all the monthly backups for seven years, that will mean repeating that process 84 times to have a conclusive search, assuming you have adequate storage space to restore the email database 84 times.

    Backups do not free up space.

    Why use it

    Backups protect your data in the event of disaster, deletion, or accidental damage. A good backup strategy will include multiple backups on different media and offsite storage of at least one copy.

    Tips & Tricks – Backups

    • Production data should be backed up on a regular basis, ideally once a day or more frequently if possible.
    • Backups are intended to restore data when it gets deleted, over-written, or otherwise compromised. Most restore requests are from the last 24 to 48 hours, so it may be advantageous to keep a backup readily available on disk for a quick restore when needed.
    • Some vendors and industry subject matter experts advocate the use of a 3-2-1 rule when it comes to backups:
      • Keep three copies of your production data
      • In at least two separate locations (some advocate two different formats), and
      • One copy should be offsite (nakivo.com)

    Cold Storage

    • Cold storage refers to a storage option offered by some cloud vendors. In the context of the discussion between backups and archives, it can be an option for a dedicated backup solution for a specific period. Cost is low and the data is protected from destruction.
    • If an app has been replaced and all data transferred to the replacement solution but for some reason the company wishes to hold onto the data, you want a backup, not an archive. Extract the data, convert it into MongoDB or a similar solution, and drop it into cheap cloud storage (cold storage) for less than $5 per TB/month.

    Case Study

    Understanding the difference between archives and backups could save you a lot of time and money

    INDUSTRY: Manufacturing | SOURCE: Info-Tech Research

    Understanding the difference between an archive and a backup was the first step in solving their challenge.

    A leading manufacturing company found themselves in a position where they had to decide between archiving or doing nothing.

    The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies and although the data they held had been migrated to a replacement solution, executives felt they should hold onto these applications for a period of time, just in case.

    Some of the larger applications were archived using a modern archiving solution, but when it came to the smaller applications, the cost to add them to the archiving solution greatly exceeded the cost to just keep them running and maintain the associated infrastructure.

    A research advisor from Info-Tech Research Group joined a call with the manufacturing company and discussed their situation. The difference between archives and backups was explained and through the course of the conversation it was discovered that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment. The requirement to keep the legacy application up and running was not necessary but in compliance with the request to keep the information, the data could be exported from the legacy application into a non-sequential database, compressed, and stored in cloud-based cold storage for less than five dollars per terabyte per month. The manufacturing company’s staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.

    Understand the Difference Between Backups and Archives

    Backups

    Backups are for recovery. A backup is a snapshot copy of production data at a specific point in time. If the production data is lost, destroyed, or somehow compromised, the data can be restored from the backup.

    Archives

    Archives are for discovery. It is production data that is moved to an alternate location to free up storage space, allow the data to be searchable, and still hold onto the data for historical or compliance purposes.

    Info-Tech Insight

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Additional Guidance

    Production data should be backed up.

    The specific backup solution is up to the business.

    Production data that is not frequently accessed should be archived.

    The specific solution to perform and manage the archiving of the data is up to the business

    • Archived data should also be backed up at least once.
    If the app has been replaced and all data transferred, you want a backup not an archive if you want to keep the data.
    • Short term – fence it off.
    • Long term – extract into Mongo then drop it into cheap cloud storage.

    Case Study

    Using tape backups as an archive solution could result in an expensive discovery and retrieval exercise.

    INDUSTRY: Healthcare | SOURCE: Zasio Enterprises Inc.

    “Do not commingle archive data with backup or disaster recovery tapes.”

    A court case in the United States District Court for the District of Nevada involving Guardiola and Renown Health in 2015 is a good example of why using a backup solution to solve an archiving challenge is a bad idea.

    Renown Health used a retention policy that declared any email older than six months of age as inactive and moved that email to a backup tape. Renown Health was ordered by the court to produce emails from a period of time in the past. Renown estimated that it would cost at least $248,000 to produce those emails, based on the effort involved to restore data from each tape and search for the email in question. Renown Health argued that this long and expensive process would result in undue costs.

    The court reviewed the situation and ruled against Renown Health and ordered them to comply with the request (Zasio.com).

    A proper archiving solution would have provided a quick and low-cost method to retrieve the emails in question.

    Backups and archives are complementary to each other

    • Archives are still production data, but the data does not change. A backup is recommended for the archived data, but the frequency of the backups can be lowered.
    • Backups protect you if a disaster strikes by providing a copy of the production data that was compromised or damaged. Archives allow you to access older data that may have just been forgotten, not destroyed or compromised. Archives could also protect you in a legal court case by providing data that is older but may prove your argument in court.

    Archives and backups are not the same.

    Backups copy your data. Archives move your data. Backups facilitate recovery. Archives facilitate discovery.

    Archive Backup
    Definition Move rarely accessed (but still production) data to separate media. Store a copy of frequently used data on a separate media to ensure timely operational recovery.
    Use Case Legal discovery, primary storage reduction, compliance requirements, and audits. Accidental deletion and/or corruption of data, hardware/software failures.
    Method Disk, cloud storage, appliance. Disk, backup appliance, snapshots, cloud.
    Data Older, rarely accessed production data. Current production data.

    Is it a backup or archive?

    • You want to preserve older data for legal and compliance reasons, so you put extra effort into keeping your tape backups safe and secure for seven years. That’s a big mistake that may cost you time and money. You want an archive solution.
    • You replace your older application and migrate all data to the new system, but you want to hold onto the old data, just in case. That’s a backup, not an archive.
    • A long serving senior executive recently left the company. You want to preserve the contents of the executive's laptop in case it is needed in the future. That’s a backup.

    Considerations When Choosing Between Solutions

    1

    Backup or archive?

    2

    What are you protecting?

    3

    Why are you protecting data?

    4

    Solution

    Backup

    Backup and/or archive.
    Additional information required.
    Column 3 may help

    Archive

    Device

    Data

    Application

    Operational Environment

    Operational recovery

    Disaster recovery

    Just in case

    Production storage space reduction

    Retention and preservation

    Governance, risk & compliance

    Backup

    Archive

    Related Info-Tech Research

    Stock image of light grids and flares. Establish an Effective Data Protection Plan

    Give data the attention it deserves by building a strategy that goes beyond backup.

    Stock image of old fuse box switches. Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Logo for 'Software Reviews' and their information on 'Compare and Evaluate: Data Archiving.'
    Sample of Info-Tech's 'Data Archiving Policy'. Data Archiving Policy

    Bibliography

    “Backup vs. archiving: Know the difference.” Open-E. Accessed 05 Mar 2022.Web.

    G, Denis. “How to build retention policy.” MSP360, Jan 3, 2020. Accessed 10 Mar 2022.

    Ipsen, Adam. “Archive vs Backup: What’s the Difference? A Definition Guide.” BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.

    Kang, Soo. “Mitigating the expense of E-discovery; Recognizing the difference between back-ups and archived data.” Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.

    Mayer, Alex. “The 3-2-1 Backup Rule – An Efficient Data Protection Strategy.” Naviko. Accessed 12 Mar 2022.

    “What is Data-Archiving?” Proofpoint. Accessed 07 Mar 2022.

    Implement DevOps Practices That Work

    • Buy Link or Shortcode: {j2store}155|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $42,916 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices are critical for business value delivery.
    • Organizations are looking to DevOps as an approach to rapidly deliver changes, but they often lack the foundations to use DevOps effectively.

    Our Advice

    Critical Insight

    Even in a highly tool-centric view, it is the appreciation of DevOps core principles that will determine your success in implementing its practices.

    Impact and Result

    • Understand the basics of DevOps-related improvements.
    • Assess the health and conduciveness of software delivery process through Info-Tech Research Group’s MATURE framework.

    Implement DevOps Practices That Work Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement DevOps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Examine your current state

    Understand the current state of your software delivery process and categorize existing challenges in it.

    • DevOps Readiness Survey

    2. MATURE your delivery lifecycle

    Brainstorm solutions using Info-Tech Research Group’s MATURE framework.

    • DevOps Roadmap Template

    3. Choose the right metrics and tools for your needs

    Identify metrics that are insightful and valuable. Determine tools that can help with DevOps practices implementation.

    • DevOps Pipeline Maturity Assessment

    4. Select horizons for improvement

    Lay out a schedule for enhancements for your software process to make it ready for DevOps.

    [infographic]

    Workshop: Implement DevOps Practices That Work

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Examine Your Current State

    The Purpose

    Set the context for improvement.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Activities

    1.1 Review the outcome of the DevOps Readiness Survey.

    1.2 Articulate the current-state delivery process.

    1.3 Categorize existing challenges using PEAS.

    Outputs

    Baseline assessment of the organization’s readiness for introducing DevOps principles in its delivery process

    A categorized list of challenges currently evident in the delivery process

    2 MATURE Your Delivery Lifecycle

    The Purpose

    Brainstorm solutions using the MATURE framework.

    Key Benefits Achieved

    Collaborative list of solutions to challenges that are restricting/may restrict adoption of DevOps in your organization.

    Activities

    2.1 Brainstorm solutions for identified challenges.

    2.2 Understand different DevOps topologies within the context of strong communication and collaboration.

    Outputs

    A list of solutions that will enhance the current delivery process into one which is influenced by DevOps principles

    (Optional) Identify a team topology that works for your organization.

    3 Choose the Right Metrics and Tools for Your Needs

    The Purpose

    Select metrics and tools for your DevOps-inspired delivery pipeline.

    Key Benefits Achieved

    Enable your team to select the right metrics and tool chain that support the implementation of DevOps practices.

    Activities

    3.1 Identify metrics that are sensible and provide meaningful insights into your organization’s DevOps transition.

    3.2 Determine the set of tools that satisfy enterprise standards and can be used to implement DevOps practices.

    3.3 (Optional) Assess DevOps pipeline maturity.

    Outputs

    A list of metrics that will assist in measuring the progress of your organization’s DevOps transition

    A list of tools that meet enterprise standards and enhance delivery processes

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a plan laying out the work needed to be done for implementing the necessary changes to your organization.

    Key Benefits Achieved

    Roadmap of steps to take in the coming future.

    Activities

    4.1 Create a roadmap for future-state delivery process.

    Outputs

    Roadmap for future-state delivery process

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    • Buy Link or Shortcode: {j2store}216|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $25,860 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Most IT organizations do not have standard RFP templates and tools.
    • Many RFPs lack sufficient requirements.
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time that is required to perform an effective RFP.

    Our Advice

    Critical Insight

    • Vendors generally do not like RFPs
      Vendors view RFPs as time consuming and costly to respond to and believe that the decision is already made.
    • Dont ignore the benefits of an RFI
      An RFI is too often overlooked as a tool for collecting information from vendors about their product offerings and services.
    • Leverage a pre-proposal conference to maintain an equal and level playing field
      Pre-proposal conference is a convenient and effective way to respond to vendors’ questions ensuring all vendors have the same information to provide a quality response.

    Impact and Result

    • A bad or incomplete RFP results in confusing and incomplete vendor RFP responses which consume time and resources.
    • Incomplete or misunderstood requirements add cost to your project due to the change orders required to complete the project.

    Drive Successful Sourcing Outcomes With a Robust RFP Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Storyboard – Leverage your vendor sourcing process to get better results

    Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.

    • Drive Successful Sourcing Outcomes With a Robust RFP Process Storyboard

    2. Define your RFP Requirements Tool – A convenient tool to gather your requirements and align them to your negotiation strategy.

    Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.

    • RFP Requirements Worksheet

    3. RFP Development Suite of Tools – Use Info-Tech’s RFP, pricing, and vendor response tools and templates to increase your efficiency in your RFP process.

    Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.

    • RFP Calendar and Key Date Tool
    • Vendor Pricing Tool
    • Lean RFP Template
    • Short-Form RFP Template
    • Long-Form RFP Template
    • Excel Form RFP Tool
    • RFP Evaluation Guidebook
    • RFP Evaluation Tool
    • Vendor TCO Tool
    • Consolidated Vendor RFP Response Evaluation Summary
    • Vendor Recommendation Presentation

    Infographic

    Workshop: Drive Successful Sourcing Outcomes With a Robust RFP Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation for Creating Requirements

    The Purpose

    Problem Identification

    Key Benefits Achieved

    Current process mapped and requirements template configured

    Activities

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Outputs

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    2 Creating a Sourcing Process

    The Purpose

    Define Success Target

    Key Benefits Achieved

    Baseline RFP and evaluation templates

    Activities

    2.1 Create and issue RFP

    2.2 Evaluate responses/proposals and negotiate the agreement

    2.3 Purchase goods and services

    Outputs

    RFP Calendar Tool

    RFP Evaluation Guidebook

    RFP Respondent Evaluation Tool

    3 Configure Templates

    The Purpose

    Configure Templates

    Key Benefits Achieved

    Configured Templates

    Activities

    3.1 Assess and measure

    3.2 Review templates

    Outputs

    Long-Form RFP Template

    Short-Form RFP Template

    Excel-Based RFP Template

    Further reading

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    EXECUTIVE BRIEF

    Drive Successful Sourcing Outcomes with a Robust RFP Process

    Lack of RFP Process Causes...
    • Stress
    • Confusion
    • Frustration
    • Directionless
    • Exhaustion
    • Uncertainty
    • Disappointment
    Solution: RFP Process
    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.
    • Best value solutions
    • Right-sized solutions
    • Competitive Negotiations
    • Better requirements that feed negotiations
    • Internal alignment on requirements and solutions
    • Vendor Management Governance Plan
    Requirements
    • Risk
    • Legal
    • Support
    • Security
    • Technical
    • Commercial
    • Operational
    • Vendor Management Governance
    Templates, Tools, Governance
    • RFP Template
    • Your Contracts
    • RFP Procedures
    • Pricing Template
    • Evaluation Guide
    • Evaluation Matrix
    Vendor Management
    • Scorecards
    • Classification
    • Business Review Meetings
    • Key Performance Indicators
    • Contract Management
    • Satisfaction Survey

    Analyst Perspective

    Consequences of a bad RFP

    Photo of Steven Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group

    “A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”

    Steven Jeffery
    Principal Research Director, Vendor Management
    Co-Author: The Art of Creating a Quality RFP
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Most IT organizations are absent of standard RFP templates, tools, and processes.
    • Many RFPs lack sufficient requirements from across the business (Legal, Finance, Security, Risk, Procurement, VMO).
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time required to perform an effective RFP.
    • An ad hoc sourcing process is a common recipe for vendor performance failure.

    Common Obstacles

    • Lack of time
    • Lack of resources
    • Right team members not engaged
    • Poorly defined requirements
    • Too difficult to change supplier
    • Lack of a process
    • Lack of adequate tools/processes
    • Lack of a vendor communications plan that includes all business stakeholders.
    • Lack of consensus as to what the ideal result should look like.

    Info-Tech’s Approach

    • Establish a repeatable, consistent RFP process that maintains negotiation leverage and includes all key components.
    • Create reusable templates to expedite the RFP evaluation and selection process.
    • Maximize the competition by creating an equal and level playing field that encourages all the vendors to respond to your RFP.
    • Create a process that is clear and understandable for both the business unit and the vendor to follow.
    • Include Vendor Management concepts in the process.

    Info-Tech Insight

    A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.

    Executive Summary

    Your Challenge

    Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.

    Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.

    An additional challenge is to answer the question “What is the purpose of our RFX?”

    If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.

    If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.

    If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.

    This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.

    Executive Summary

    Common Obstacles

    • Lack of process/tools
    • Lack of input from stakeholders
    • Stakeholders circumventing the process to vendors
    • Vendors circumventing the process to key stakeholders
    • Lack of clear, concise, and thoroughly articulated requirements
    • Waiting until the vendor is selected to start contract negotiations
    • Waiting until the RFP responses are back to consider vendor management requirements
    • Lack of clear communication strategy to the vendor community that the team adheres to

    Many organizations underestimate the time commitment for an RFP

    70 Days is the average duration of an IT RFP.

    The average number of evaluators is 5-6

    4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.)

    “IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”)

    Why Vendors Don’t Like RFPs

    Vendors’ win rate

    44%

    Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022).
    High cost to respond

    3-5%

    Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available).
    Time spent writing response

    23.8 hours

    Vendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021).

    Negative effects on your organization from a lack of RFP process

    Visualization titled 'Lack of RFP Process Causes' with the following seven items listed.

    Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships.

    Confusion, because you don’t know what the expected or desired results are.

    Directionless, because you don’t know where the team is going.

    Uncertainty, with many questions of your own and many more from other team members.

    Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements.

    Exhaustion, because reviewing RFP responses of insufficient quality is tedious.

    Disappointment in the results your company realizes.

    (Source: The Art of Creating a Quality RFP)

    Info-Tech’s approach

    Develop an inclusive and thorough approach to the RFP Process

    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.

    The Info-Tech difference:

    1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – by developing a standard process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
    2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
    3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
    4. Based on the predetermined requirements, either an RFI or an RFP is issued to vendors with a predetermined due date.

    Insight Summary

    Overarching insight

    Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.

    Phase 1 insight

    Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.

    Phase 2 insight

    Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.

    Phase 3 insight

    Consider adding vendor management requirements to manage the ongoing relationship post contract.

    Tactical insight

    Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.

    Tactical insight

    Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.

    Key deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverables:

    Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.

    Sample of

    Long-Form RFP Template
    For when you have complete requirements and time to develop a thorough RFP.
    Sample of the Long-Form RFP Template deliverable. Short-Form RFP Template
    When the requirements are not as extensive, time is short, and you are familiar with the market.
    Sample of the Short-Form RFP Template deliverable.
    Lean RFP Template
    When you have limited time and some knowledge of the market and wish to include only a few vendors.
    Sample of the Lean RFP Template deliverable. Excel-Form RFP Template
    When there are many requirements, many options, multiple vendors, and a broad evaluation team.
    Sample of the Excel-Form RFP Template deliverable.

    Blueprint benefits

    IT Benefits
    • Side-by-side comparison of vendor capabilities
    • Pricing alternatives
    • No surprises
    • Competitive solutions to deliver the best results
    Mutual IT and Business Benefits
    • Reduced time to implement
    • Improved alignment between IT /Business
    • Improved vendor performance
    • Improved vendor relations
    Business Benefits
    • Budget alignment, reduced cost
    • Best value
    • Risk mitigation
    • Legal and risk protections

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is seven to twelve calls over the course of four to six months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5

    Phase 6

    Phase 7

    Call #1: Identify the need Call #3: Gain business authorization Call #5: Negotiate agreement strategy Call #7: Assess and measure performance
    Call #2: Define business requirements Call #4: Review and perform the RFX or RFP Call #6: Purchase goods and services

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3
    Activities
    Answer “What problem do we need to solve?”

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Define what success looks like?

    2.1 Create and issue RFP

    2.2 Evaluate responses/ proposals and negotiate the agreement.

    2.3 Purchase goods and services

    Configure Templates

    3.1 Assess and measure

    3.2 Review tools

    Deliverables
    1. Map your process with gap identification
    2. RFP Requirements Worksheet
    1. RFP Calendar and Key Date Tool
    2. RFP Evaluation Guidebook
    3. RFP Evaluation Tool
    1. Long-form RFP Template
    2. Short-form RFP Template
    3. Excel-based RFP Tool
    4. Lean RFP Template

    Phase 1

    Identify Need

    Steps

    1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI).

    Steps in an RFP Process with the first step, 'Identify Need', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • IT
    • Sourcing/Procurement
    • Finance

    Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.

    Outcomes of this phase

    Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.

    Identify Need
    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Identify the Need for Your RFP

    • An RFP is issued to the market when you are certain that you intend to purchase a product/service and have identified an adequate vendor base from which to choose as a result of:

      • IT Strategy
      • Changes in technology
      • Marketplace assessment
      • Contract expiration/renewal
      • Changes in regulatory requirements
      • Changes in the business’ requirements
    • An RFI is issued to the market when you are uncertain as to available technologies or supplier capabilities and need budgetary costs for planning purposes.
    • Be sure to choose the right RFx tool for your situation!
    Stock photo of a pen circling the word 'needs' on a printed document.

    Phase 2

    Define Your RFP Requirements

    Steps

    2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business.

    Steps in an RFP Process with the second step, 'Define Business Requirements', highlighted.

    This phase involves the following participants:

    • IT
    • Legal
    • Finance
    • Risk management
    • Sourcing/Procurement
    • Business stakeholders

    Outcomes of this phase

    A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”

    Define Business Requirements

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Define RFP Requirements

    Key things to consider when defining requirements

    • Must be inclusive of the needs of all stakeholders: business, technical, financial, and legal
    • Strive for clarity and completeness in each area of consideration.
    • Begin defining your “absolute,” “bargaining,” “concession,” and ‘”dropped/out of scope” requirements to streamline the evaluation process.
    • Keep the requirements identified as “absolute” to a minimum, because vendors that do not meet absolute requirements will be removed from consideration.
    • Do you have a standard contract that can be included or do you want to review the vendor’s contract?
    • Don’t forget Data Security!
    • Begin defining your vendor selection criteria.
    • What do you want the end result to look like?
    • How will you manage the selected vendor after the contract? Include key VM requirements.
    • Defining requirements can’t be rushed or you’ll find yourself answering many questions, which may create confusion.
    • Collect all your current spend and budget considerations regarding the needed product(s) and service(s).

    “Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)

    Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
    https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively

    2.1 Prioritize your requirements

    1 hr to several days

    Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal

    Output: Prioritized list of RFP requirements approved by the stakeholder team

    Materials: The RFP Requirements Worksheet

    Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal

    1. Use this tool to assist you and your team in documenting the requirements for your RFP. Leverage it to collect and categorize your requirements in preparation for negotiations. Use the results of this tool to populate the requirements section of your RFP.
    2. As a group, review each of the requirements and determine their priority as they will ultimately relate to the negotiations.
      • Prioritizing your requirements will set up your negotiation strategy and streamline the process.
      • By establishing the priority of each requirement upfront, you will save time and effort in the selection process.
    3. Review RFP requirements with stakeholders for approval.

    Download the RFP Requirements Worksheet

    Phase 3

    Gain Business Authorization

    Steps

    3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement

    Steps in an RFP Process with the third step, 'Gain Business Authorization', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • Technology and finance (depending upon the business)
    • Sourcing/Procurement

    Outcomes of this phase

    Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.

    Gain Business Authorization

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Gain Business Authorization

    Gain authorization for your RFP from all relevant stakeholders
    • Alignment of stakeholders
    • Agreement on final requirements
    • Financial authorization
    • Commitment of resources
    • Agreement on what constitutes vendor qualification
    • Finalization of selection criteria and their prioritization

    Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in.

    Stock photo of the word 'AUTHORIZED' stamped onto a white background with a much smaller stamp laying beside it.

    Phase 4

    Create and Issue

    Steps

    4.1 Build your RFP

    4.2 Decide RFI or not

    4.3 Create your RFP

    4.4 Receive & answer questions

    4.5 Perform Pre-Proposal Conference

    4.6 Evaluate responses

    Steps in an RFP Process with the fourth step, 'Perform RFI/RFP', highlighted.

    This phase involves the following participants:

    • The RFP owner
    • IT
    • Business SMEs/stakeholders

    Outcomes of this phase

    RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.

    SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.

    Create and Issue Your RFP/RFI

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Build your RFP with evaluation in mind

    Easing evaluation frustrations

    At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.

    Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.

    Things to Consider When Creating Your RFP:

    • Consistency is the foundation for ease of evaluation.
    • Provide templates, such as an Excel worksheet, for the vendor’s pricing submissions and for its responses to close-ended questions.
    • Give detailed instructions on how the vendor should organize their response.
    • Limit the number of open-ended questions requiring a long narrative response to must-have requirements.
    • Organize your requirements and objectives in a numerical outline and have the vendor respond in the same manner, such as the following:
      • 1
      • 1.1
      • 1.1.1

    Increase your response quality

    Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:

    Challenges
    • Vendor responses are submitted with different and confusing nomenclature
    • Inconsistent format in response
    • Disparate order of sections in the vendors responses
    • Different style of outlining their responses, e.g. 1.1 vs. I.(i)
    • Pricing proposal included throughout their response
    • Responses are comingled with marketing messages
    • Vendor answers to requirements or objectives are not consolidated in a uniform manner
    • Disparate descriptions for response subsections
    Prevention
    • Provide specific instructions as to how the vendor is to organize their response:
      • How to format and outline the response
      • No marketing material
      • No pricing in the body of the response
    • Provide templates for pricing, technical, operational, and legal aspects.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Perform Request for Information

    Don’t underestimate the importance of the RFI

    As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.

    RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.

    A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP

    Several days
    1. Create an RFI with all of the normal and customary components. Next, add a few additional RFP-like requirements (e.g. operational, technical, and legal requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all of the vendors. Finally, notify the vendors that you will not be doing an RFP.
    2. Review the vendors’ proposals and evaluate their proposals against your requirements along with their notional or budgetary pricing.
    3. Have the evaluators utilize the Lean RFP Template to record their scores accordingly.
    4. After collecting the scores from the evaluators, consolidate the scores together to discuss which vendors – we recommend two or three – you want to present demos.
    5. Based on the vendors’ demos, the team selects at least two vendors to negotiate contract and pricing terms with intent of selecting the best-value vendor.
    6. The Lean RFP shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    Download the Lean RFP Template

    Download the RFP Evaluation Tool

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP continued

    Input

    • List of technical, operational, business, and legal requirements
    • Budgetary pricing ask

    Output

    • A Lean RFP document that includes the primary components of an RFP
    • Lean RFP vendors response evaluation

    Materials

    • Lean RFP Template
    • RFP Evaluation Tool
    • Contracting requirements
    • Pricing

    Participants

    • IT
    • Business
    • Finance
    • Sourcing/Procurement

    Case Study

    A Lean RFP saves time
    INDUSTRY: Pharmaceutical
    SOURCE: Guided Implementation
    Challenge
    • The vendor manager (VM) was experiencing pressure to shorten the expected five-month duration to perform an RFP for software that planned, coordinated, and submitted regulatory documents to the US Food and Drug Administration.
    • The VM team was not completely familiar with the qualified vendors and their solutions.
    • The organization wanted to capitalize on this opportunity to enhance its current processes with the intent of improving efficiencies in documentation submissions.
    Solution
    • Leveraging the Lean RFP process, the team reduced the 200+ RFP questionnaire into a more manageable list of 34 significant questions to evaluate vendor responses.
    • The team issued the Lean RFP and requested the vendors’ responses in three weeks instead of the five weeks planned for the RFP process.
    • The team modified the scoring process to utilize a simple weighted-scoring methodology, using a scale of 1-5.
    Results
    • The Lean RFP scaled back the complexity of a large RFP.
    • The customer received three vendor responses ranging from 19 to 43 pages and 60-80% shorter than expected if the RFP had been used. This allowed the team to reduce the evaluation period by three weeks.
    • The duration of the RFx process was reduced by more than two months – from five months to just under three months.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    4.3.1 RFP Calendar

    1 hour

    Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP

    Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.

    Materials: RFP Calendar and Key Date Tool

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    1. As a group, identify the key activities to be accomplished and the amount of time estimated to complete each task:
      1. Identify who is ultimately accountable for the completion of each task
      2. Determine the length of time required to complete each task
    2. Use the RFP Calendar and Key Date Tool to build the calendar specific to your needs.
    3. Include vendor-related dates in the RFP, i.e., Pre-Proposal Conference, deadline for RFP questions as well as response.

    Download the RFP Calendar and Key Date Tool

    Draft your RFP

    Create and issue your RFP, which should contain at least the following:
    • The ability for the vendors to ask clarifying questions (in writing, sent to the predetermined RFP contact)
    • Pre-Proposal/Pre-Bid Conference schedule where vendors can receive the same answer to all clarifying written questions
    • A calendar of events (block the time on stakeholder calendars – see template).
    • Instructions to potential vendors on how they should construct and return their response to enable effective and timely evaluation of each offer.
    • Requirements; for example: Functional, Operational, Technical, and Legal.
    • Specification drawings as if applicable.
    • Consider adding vendor management requirements – how do you want to manage the relationship after the deal is done?
    • A pricing template for vendors to complete that facilitates comparison across multiple vendors.
    • Contract terms required by your legal team (or your standard contract for vendors to redline as part of their response and rated/ranked accordingly).
    • Create your RFP with the evaluation process and team in mind to ensure efficiency and timeliness in the process. Be clear, concise, and complete in the document.
    • Consistency and completeness is the foundation for ease of evaluation.
    • Give vendors detailed instruction on how to structure and organize their response.
    • Limit the number of open-ended questions requiring a long narrative response.
    • Be sure to leverage Info-Tech’s proven and field-tested Short-Form, Long-Form, and Lean RFP Templates provided in this blueprint.

    Create a template for the vendors’ response

    Dictating to the vendors the format of their response will increase your evaluation efficiency
    Narrative Response:

    Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include.

    Pricing Response:

    Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees.

    Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require.

    Stock image of a paper checklist in front of a laptop computer's screen.

    4.3.2 Vendor Pricing Tool

    1 hour

    Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)

    Output: Vendor Pricing Tool

    Materials: RFP Requirements Worksheet, Pricing template

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Using a good pricing template will prevent vendors from providing pricing offers that create a strategic advantage designed to prevent you from performing an apples-to-apples comparison.
    2. Provide specific instructions as to how the vendor is to organize their pricing response, which should be submitted separate from the RFP response.
    3. Configure and tailor pricing templates that are specific to the product and/or services.
    4. Upon receipt of all the vendor’s responses, simply cut and paste their total response to your base template for an easy side-by-side pricing comparison.
    5. Do not allow vendors to submit financial proposals outside of your template.

    Download the Vendor Pricing Tool

    Three RFP Templates

    Choose the right template for the right sourcing initiative

    • Short-Form
    • Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.

    • Long-Form
    • We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.

    • Excel-Form
    • Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.

    Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    4.3.3 Short-Form RFP Template

    1-2 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all participants agree to

    Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • This is a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves both your team and the vendors time. Of course, the short-form RFP contains less-specific instructions, guidelines, and rules for vendors’ proposal submissions.
    • We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that don’t require significant vendor risk assessment.

    Download the Short-Form RFP Template

    4.3.4 Long-Form RFP Template

    1-3 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • A long-form or major RFP is an excellent tool for more complex and complicated requirements. This template is for a baseline RFP.
    • It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, legal, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review and the vendors to respond.
    • You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Download the Long-Form RFP Template

    4.3.5 Excel-Form RFP Tool

    Several weeks

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • The Excel-Form RFP Tool is used as an alternative to the other RFP toolsets if you have multiple requirements and have multiple vendors to choose from.
    • Requirements are written as a “statement” and the vendor can select from five answers as to their ability to meet the requirements, with the ability to provide additional context and materials to augment their answers, as needed.
    • Requirements are listed separately in each tab, for example, Business, Legal, Technical, Security, Support, Professional Services, etc.

    Download the Excel-Form RFP Template

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Answer Vendor Questions

    Maintaining your equal and level playing field among vendors

    • Provide an adequate amount of time from the RFP issue date to the deadline for vendor questions. There may be multiple vendor staff/departments that need to read the RFP and then discuss their response approach and gather any clarifying questions, so we generally recommend three to five business days.
    • There should be one point of contact for all Q&A, which should be submitted in writing via email only. Be sure to plan for enough time to get the answers back from the RFP stakeholders.
    • After the deadline, collect all Q&A and begin the process of consolidating into one document.
    Large silver question mark.
    • Be sure to anonymize both vendor questions and your responses, so as not to reveal who asked or answered the question.
    • Send the document to all RFP respondents via your sourcing tool or BCC in an email to the point of contact, with read receipt requested. That way, you can track who has received and opened the correspondence.
    • Provide the answers a few days prior to the Pre-Proposal Conference to allow all respondents time to review the document and prepare any additional questions.
    • Begin the preparation for the Pre-Proposal Conference.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Conduct Pre-Proposal Conference

    Maintain an equal and level playing field

    • Consolidate all Q&A to be presented to all vendors during the Pre-Proposal Conference.
    • If the Pre-Proposal Conference is conducted via conference call, be sure to record the session and advise all participants at the beginning of the call.
    • Be sure to have key stakeholders present on the call to answer questions.
    • Read each question and answer, after which ask if there are any follow up questions. Be sure to capture them and then add them to the Q&A document.
    • Remind respondents that no further questions will be entertained during the remainder of the RFP response period.
    • Send the updated and completed document to all vendors (even if circumstances prevented their attending the Pre-Proposal Conference). Use the same process as when you sent out the initial answers: via email, blind copy the respondents and request read/receipt.

    “Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    Pre-Proposal Conference Agenda

    Modify this agenda for your specific organization’s culture
    1. Opening Remarks & Welcome – RFP Manager
      1. Agenda review
      2. Purpose of the Pre-Proposal Conference
    2. Review Agenda
      1. Introduction of your (customer) attendees
    3. Participating Vendor Introduction (company name)
    4. Executive or Sr. Leadership Comments (limit to five minutes)
      1. Importance of the RFP
      2. High-level business objective or definition of success
    5. Review Key Dates in the RFP

    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)
    1. Review of any Technical Drawings or Information
      1. Key technical requirements and constraints
      2. Key infrastructure requirements and constraints
    2. Review of any complex RFP Issues
      1. Project scope/out of scope
    3. Question &Answer
      1. Vendors’ questions in alphabetical order
    4. Review of Any Specific Instructions for the Respondents
    5. Conclusion/Closing
      1. Review how to submit additional questions
      2. Remind vendors of the single point of contact

    Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Evaluate Responses

    Other important information

    • Consider separating the pricing component from the RFP responses before sending them to reviewers to maintain objectivity until after you have received all ratings on the proposals themselves.
    • Each reviewer should set aside focused time to carefully read each vendor’s response
    • Read the entire vendor proposal – they spent a lot time and money responding to your request, so please read everything.
    • Remind reviewers that they should route any questions to the vendor through the RFP manager.
    • Using the predetermined ranking system for each section, rate each section of the response, capturing any notes, questions, or concerns as you proceed through the document(s).
    Stock photo of a 'Rating' meter with values 'Very Bad to 'Excellent'.

    Use a proven evaluation method

    Two proven methods to reviewing vendors’ proposals are by response and by objective

    The first, by response, is when the evaluator reviews each vendor’s response in its entirety.

    The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.

    By Response

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    By Objective

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    • Each response is thoroughly read all the way through.
    • Response inconsistencies are easily noticed.
    • Evaluators obtain a good feel for the vendor's response.
    • Evaluators will lose interest as they move from one response to another.
    • Evaluation will be biased if the beginning of response is subpar, influencing the rest of the evaluation.
    • Deficiencies of the perceived favorite vendor are overlooked.
    • Evaluators concentrate on how each objective is addressed.
    • Evaluators better understand the responses, resulting in identifying the best response for the objective.
    • Evaluators are less susceptible to supplier bias.
    • Electronic format of the response hampers response review per objective.
    • If a hard copy is necessary, converting electronic responses to hard copy is costly and cumbersome.
    • Discipline is required to score each vendor's response as they go.

    Maintain evaluation objectivity by reducing response evaluation biases

    Evaluation teams can be naturally biased during their review of the vendors’ responses.

    You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.

    Vendor

    The evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
    • Evaluate the responses blind of vendor names, if possible.
    Centerpiece for this table, titled 'BIAS' and surrounding by iconized representations of the four types listed.

    Account Representatives

    Relationships extend beyond business, and an evaluator doesn't want to jeopardize them.
    • Craft RFP objectives that are vendor neutral.

    Technical

    A vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
    • Conduct fair and open solution demonstrations.

    Price

    As humans, we can justify anything at a good price.
    • Evaluate proposals without awareness of price.

    Additional insights when evaluating RFPs

    When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”.
    Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement.

    Establish your evaluation scoring scale

    Define your ranking scale to ensure consistency in ratings

    Within each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.

    Score Criteria for Rating
    5 Outstanding – Complete understanding of current and future needs; solution addresses current and future needs
    4 Competent – Complete understanding and adequate solution
    3 Average – Average understanding and adequate solution
    2 Questionable – Average understanding; proposal questionable
    1 Poor – Minimal understanding
    0 Not acceptable – Lacks understanding
    Stock photo of judges holding up their ratings.

    Weigh the sections of your RFP on how important or critical they are to the RFP

    Obtain Alignment on Weighting the Scores of Each Section
    • There are many ways to score responses, ranging from extremely simple to highly complicated. The most important thing is that everyone responsible for completing scorecards is in total agreement about how the scoring system should work. Otherwise, the scorecards will lose their value, since different weighting and scoring templates were used to arrive at their scores.
    • You can start by weighting the scores by section, with all sections adding up to 100%.
    Example RFP Section Weights
    Pie chart of example RFP section weights, 'Operational, 20%', 'Service-Level Agreements, 20%', 'Financial, 20%', 'Legal/Contractual, 15%', 'Technical, 10%' 'Functional, 15%'.
    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)

    Protect your negotiation leverage with these best practices

    Protect your organization's reputation within the vendor community with a fair and balanced process.
    • Unless you regularly have the evaluators on your evaluation team, always assume that the team members are not familiar nor experienced with your process and procedures.
    • Do not underestimate the amount of preparations required to ensure that your evaluation team has everything they need to evaluate vendors’ responses without bias.
    • Be very specific about the expectations and time commitment required for the evaluation team to evaluate the responses.
    • Explain to the team members the importance of evaluating responses without conflicts of interest, including the fact that information contained within the responses and all discussions within the team are considered company owned and confidential.
    • Include examples of the evaluation and scoring processes to help the evaluators understand what they should be doing.
    • Finally – don’t forget to the thank the evaluation team and their managers for their time and commitment in contributing to this essential decision.
    Stock photo of a cork board with 'best practice' spelled out by tacked bits of paper, each with a letter in a different font.

    Evaluation teams must balance commercial vs. technical requirements

    Do not alter the evaluation weights after responses are submitted.
    • Evaluation teams are always challenged by weighing the importance of price, budget, and value against the technical requirements of “must-haves” and super cool “nice-to-haves.”
    • Encouraging the evaluation team not to inadvertently convert the nice-to-haves to must-haves will prevent scope creep and budget pressure. The evaluation team must concentrate on the vendors’ responses that drive the best value when balancing both commercial and technical requirements.
    Two blocks labelled 'Commercial Requirements' and 'Technical Requirements' balancing on either end of a flat sheet, which is balancing on a silver ball.

    4.6.1 Evaluation Guidebook

    1 hour

    Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard

    Output: One or two finalists for which negotiations will proceed

    Materials: RFP Evaluation Guidebook

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Info-Tech provides an excellent resource for your evaluation team to better understand the process of evaluating vendor response. The guidebook is designed to be configured to the specifics of your RFP, with guidance and instructions to the team.
    2. Use this guidebook to provide instruction to the evaluation team as to how best to score and rate the RFP responses.
    3. Specific definitions are provided for applying the numerical scores to the RFP objectives will ensure consistency among the appropriate numerical score.

    Download the RFP Evaluation Guidebook

    4.6.2 RFP Vendor Proposal Scoring Tool

    1-4 hours

    Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard

    Output: A consolidated ranked and weighted comparison of the vendor responses with pricing

    Materials: Vendor responses, RFP Evaluation Tool

    Participants: Sourcing/Procurement, Vendor management

    1. Using the RFP outline as a base, develop a scorecard to evaluate and rate each section of the vendor response, based on the criteria predetermined by the team.
    2. Provide each stakeholder with the scorecard when you provide the vendor responses for them to review and provide the team with adequate time to review each response thoroughly and completely.
    3. Do not, at this stage, provide the pricing. Allow stakeholders to review the responses based on the technical, business, operational criteria without prejudice as to pricing.
    4. Evaluators should always be reminded that they are evaluating each vendor’s response against the objectives and requirements of the RFP. The evaluators should not be evaluating each vendor’s response against one another.
    5. While the team is reviewing and scoring responses, review and consolidate the vendor pricing submissions into one document for a side-by-side comparison.

    Download the RFP Evaluation Tool

    4.6.3 Total Cost of Owners (TCO)

    1-2 hours

    Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget

    Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.

    Materials: Vendor TCO Tool, Vendor pricing responses

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement

    • Use Info-Tech’s Vendor TCO Tool to normalize each vendor’s pricing proposal and account for the lifetime cost of the product.
    • Fill in pricing information (the total of all annual costs) from each vendor's returned Pricing Proposal.
    • The tool will summarize the net present value of the TCO for each vendor proposal.
    • The tool will also provide the rank of each pricing proposal.

    Download the Vendor TCO Tool

    Conduct an evaluation team results meeting

    Follow the checklist below to ensure an effective evaluation results meeting

    • Schedule the evaluation team’s review meeting well in advance to ensure there are no scheduling conflicts.
    • Collect the evaluation team’s scores in advance.
    • Collate scores and provide an initial ranking.
    • Do not reveal the pricing evaluation results until after initial discussions and review of the scoring results.
    • Examine both high and low scores to understand why the team members scored the response as they did.
    • Allow the team to discuss, debate, and arrive at consensus on the ranking.
    • After consensus, reveal the pricing to examine if or how it changes the ranking.
    • Align the team on the next steps with the applicable vendors.

    4.6.4 Consolidated RFP Response Scoring

    1-2 hours

    Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.

    Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.

    Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Collect from the evaluation team all scorecards and any associated questions requiring further clarification from the vendor(s). Consolidate the scorecards into one for presentation to the team and key decision makers.
    2. Present the final scores to the team, with the pricing evaluation, to determine, based on your needs, two or three finalists that will move forward to the next steps of negotiations.
    3. Discuss any scores that are have large gaps, e.g., a requirement with a score of one from one evaluator and the same requirement with a score five from different evaluator.
    4. Arrive at a consensus of your top one or two potential vendors.
    5. Determine any required follow-up actions with the vendors and include them in the Evaluation Summary.

    Download the Consolidated Vender RFP Response Evaluation Summary

    4.6.5 Vendor Recommendation Presentation

    1-3 hours
    1. Use the Vendor Recommendation Presentation to present your finalist and obtain final approval to negotiate and execute any agreements.
    2. The Vendor Recommendation Presentation provides leadership with:
      1. An overview of the RFP, its primary goals, and key requirements
      2. A summary of the vendors invited to participate and why
      3. A summary of each component of the RFP
      4. A side-by-side comparison of key vendor responses to each of the key/primary requirements, with ranking/weighting results
      5. A summary of the vendor’s responses to key legal terms
      6. A consolidated summary of the vendors’ pricing, augmented by the TCO calculations for the finalist(s).
      7. The RFP team’s vendor recommendations based on its findings
      8. A summary of next steps with dates
      9. Request approval to proceed to next steps of negotiations with the primary and secondary vendor

    Download the Vendor Recommendation Presentation

    4.6.5 Vendor Recommendation Presentation

    Input

    • Consolidated RFP responses, with a focus on key RFP goals
    • Consolidated pricing responses
    • TCO Model completed, approved by Finance, stakeholders

    Output

    • Presentation deck summarizing the key findings of the RFP results, cost estimates and TCO and the recommendation for approval to move to contract negotiations with the finalists

    Materials

    • Consolidated RFP responses, including legal requirements
    • Consolidated pricing
    • TCO Model
    • Evaluators scoring results

    Participants

    • IT
    • Finance
    • Business stakeholders
    • Legal
    • Sourcing/Procurement

    Caution: Configure templates and tools to align with RFP objectives

    Templates and tools are invaluable assets to any RFP process

    • Leveraging templates and tools saves time and provides consistency to your vendors.
    • Maintain a common repository of your templates and tools with different versions and variations. Include a few sentences with instructions on how to use the template and tools for team members who might not be familiar with them.

    Templates/Tools

    RFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague.

    Sourcing

    Regardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal.

    Review

    Then you must carefully examine the components of the deal before creating your final documents.

    Popular RFP templates include:

    • RFP documents
    • Pricing templates
    • Evaluation and scoring templates
    • RFP requirements
    • Info-Tech research

    Phase 5

    Negotiate Agreement(s)

    Steps

    5.1 Perform negotiation process

    Steps in an RFP Process with the fifth step, 'Negotiate Agreement', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • Legal
    • IT stakeholders
    • Finance

    Outcomes of this phase

    A negotiated agreement or agreements that are a result of competitive negotiations.

    Negotiate Agreement(s)

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Negotiate Agreement

    You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.


    Then you should:

    • Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.
    • Select finalist(s).
    • Apply selection criteria.
    • Resolve vendors’ exceptions.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor.

    Centerpiece of the table, titled 'Negotiation Process'.

    Leverage Info-Tech's negotiation process research for additional information

    Negotiate before you select your vendor:
    • Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.
    • Perform legal reviews as necessary.
    • Use sound competitive negotiations principles.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Phase 6

    Purchase Goods and Services

    Steps

    6.1 Purchase Goods & Services

    Steps in an RFP Process with the sixth step, 'Purchase Goods and Services', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • IT stakeholders

    Outcomes of this phase

    A purchase order that completes the RFP process.

    The beginning of the vendor management process.

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Purchase Goods and Services

    Prepare to purchase goods and services

    Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
    • Have the vendor complete applicable tax forms.
    • Set up the vendor in accounts payable for electronic payment (ACH) set-up.
    Then transact day-to-day business:
    • Provide purchasing forecasts.
    • Complete applicable purchase requisition and purchase orders. Be sure to reference the agreement in the PO.
    Stock image of a computer monitor with a full grocery cart shown on the screen.

    Info-Tech Insight

    As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.

    Phase 7

    Assess and Measure Performance

    Steps

    7.1 Assess and measure performance against the agreement

    Steps in an RFP Process with the seventh step, 'Assess and Measure Performance', highlighted.

    This phase involves the following participants:

    • Vendor management
    • Business stakeholders
    • Senior leadership (as needed)
    • IT stakeholders
    • Vendor representatives & senior management

    Outcomes of this phase

    A list of what went well during the period – it’s important to recognize successes

    A list of areas needing improvement that includes:

    • A timeline for each item to be completed
    • The team member(s) responsible

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Assess and Measure Performance

    Measure to manage: the job doesn’t end when the contract is signed.

    • Classify vendor
    • Assess vendor performance
    • Manage improvement
    • Conduct periodic vendor performance reviews or quarterly business reviews
    • Ensure contract compliance for both the vendor and your organization
    • Build knowledgebase for future
    • Re-evaluate and improve appropriately your RFP processes

    Info-Tech Insight

    To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.

    Summary of Accomplishment

    Problem Solved

    Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.

    Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Final Thoughts: RFP Do’s and Don’ts

    DO

    • Leverage your team’s knowledge
    • Document and explain your RFP process to stakeholders and vendors
    • Include contract terms in your RFP
    • Consider vendor management requirements up front
    • Plan to measure and manage performance after contract award leveraging RFP objectives
    • Seek feedback from the RFP team for process improvements

    DON'T

    • Reveal your budget
    • Do an RFP in a vacuum
    • Send an RFP to a vendor your team is not willing to award the business to
    • Hold separate conversations with candidate vendors during your RFP process
    • Skimp on the requirements definition to speed the process
    • Tell the vendor they are selected before negotiating

    Bibliography

    “2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.

    Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019

    “Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.

    Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.

    “RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.

    “State of the RFP 2019.” Bonfire, 2019. Web.

    “What Vendors Want (in RFPs).” Vendorful, 2020. Web.

    Related Info-Tech Research

    Stock photo of two people looking at a tablet. Prepare for Negotiations More Effectively
    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.
    Stock photo of two people in suits shaking hands. Understand Common IT Contract Provisions to Negotiate More Effectively
    • Focus on the terms and conditions, not just the price. Too often, organizations focus on the price contained within their contracts, neglecting to address core terms and conditions that can end up costing multiples of the initial price.
    • Lawyers can’t ensure you get the best business deal. Lawyers tend to look at general terms and conditions for legal risk and may not understand IT-specific components and business needs.
    Stock photo of three people gathered around a computer. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service-level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments

    • Buy Link or Shortcode: {j2store}386|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Security remains a large impediment to realizing cloud benefits. Numerous concerns still exist around the ability for data privacy, confidentiality, and integrity to be maintained in a cloud environment.
    • Even if adoption is agreed upon, it becomes hard to evaluate vendors that have strong security offerings and even harder to utilize security controls that are internally deployed in the cloud environment.

    Our Advice

    Critical Insight

    • The cloud can be secure despite unique security threats.
    • Securing a cloud environment is a balancing act of who is responsible for meeting specific security requirements.
    • Most security challenges and concerns can be minimized through our structured process (CAGI) of selecting a trusted cloud security provider (CSP) partner.

    Impact and Result

    • The business is adopting a cloud environment and it must be secured, which includes:
      • Ensuring business data cannot be leaked or stolen.
      • Maintaining privacy of data and other information.
      • Securing the network connection points.
    • Determine your balancing act between yourself and your CSP; through contractual and configuration requirements, determine what security requirements your CSP can meet and cover the rest through internal deployment.
    • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prioritize security in the cloud, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine your cloud risk profile

    Determine your organization’s rationale for cloud adoption and what that means for your security obligations.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 1: Determine Your Cloud Risk Profile
    • Secure Cloud Usage Policy

    2. Identify your cloud security requirements

    Use the Cloud Security CAGI Tool to perform four unique assessments that will be used to identify secure cloud vendors.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 2: Identify Your Cloud Security Requirements
    • Cloud Security CAGI Tool

    3. Evaluate vendors from a security perspective

    Learn how to assess and communicate with cloud vendors with security in mind.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 3: Evaluate Vendors From a Security Perspective
    • IaaS and PaaS Service Level Agreement Template
    • SaaS Service Level Agreement Template
    • Cloud Security Communication Deck

    4. Implement your secure cloud program

    Turn your security requirements into specific tasks and develop your implementation roadmap.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 4: Implement Your Secure Cloud Program
    • Cloud Security Roadmap Tool

    5. Build a cloud security governance program

    Build the organizational structure of your cloud security governance program.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 5: Build a Cloud Security Governance Program
    • Cloud Security Governance Program Template
    [infographic]

    Improve IT Governance to Drive Business Results

    • Buy Link or Shortcode: {j2store}190|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $194,553 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT governance is the number-one predictor of value generated by IT, yet many organizations struggle to organize their governance effectively.
    • Current IT governance does not address the changing goals, risks, or context of the organization, so IT spend is not easily linked to value.
    • The right people are not making the right decisions about IT.

    Our Advice

    Critical Insight

    • Organizations do not have a governance framework in place that optimally aligns IT with the business objectives and direction.
    • Implementing IT governance requires the involvement of key business stakeholders who do not see IT’s value in corporate governance and strategy.
    • The current governance processes are poorly designed, making the time to decisions too long and driving non-compliance.

    Impact and Result

    • Use Info-Tech’s four-step process to optimize your IT governance framework.
    • Our client-tested methodology supports the enablement of IT-business alignment, decreases decision-making cycle times, and increases IT’s transparency and effectiveness in decisions around benefits realization, risks, and resources.
    • Successful completion of the IT governance redesign will result in the following outcomes:
      1. Align IT with the business context.
      2. Assess the current governance framework.
      3. Redesign the governance framework.
      4. Implement governance redesign.

    Improve IT Governance to Drive Business Results Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should redesign IT governance, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Align IT with the business context

    Align IT’s direction with the business using the Statement of Business Context.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 1: Align IT With the Business Context
    • Make the Case for an IT Governance Redesign
    • Stakeholder Power Map Template
    • IT Governance Stakeholder Communication Planning Tool
    • PESTLE Analysis Template
    • Business SWOT Analysis Template
    • Statement of Business Context Template

    2. Assess the current governance framework

    Evaluate the strengths and weaknesses of current governance using the Current State Assessment.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 2: Assess the Current Governance Framework
    • Current State Assessment of IT Governance

    3. Redesign the governance framework

    Build a redesign of the governance framework using the Future State Design template.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 3: Redesign the Governance Framework
    • Future State Design for IT Governance
    • IT Governance Terms of Reference

    4. Implement governance redesign

    Create an implementation plan to jump-start the communication of the redesign and set it up for success.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 4: Implement Governance Redesign
    • Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template
    • IT Governance Implementation Plan
    [infographic]

    Workshop: Improve IT Governance to Drive Business Results

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Need for Governance

    The Purpose

    Identify the need for governance in your organization and engage the leadership team in the redesign process.

    Key Benefits Achieved

    Establish an engagement standard for the leadership of your organization in the IT governance redesign.

    Activities

    1.1 Identify stakeholders.

    1.2 Make the case for improved IT governance.

    1.3 Customize communication plan.

    Outputs

    Stakeholder Power Map

    Make the Case Presentation

    Communication Plan

    2 Align IT With the Business Context

    The Purpose

    Create a mutual understanding with the business leaders of the current state of the organization and the state of business it is moving towards.

    Key Benefits Achieved

    The understanding of the business context will provide an aligned foundation on which to redesign the IT governance framework.

    Activities

    2.1 Review documents.

    2.2 Analyze frameworks.

    2.3 Conduct brainstorming.

    2.4 Finalize the Statement of Business Context.

    Outputs

    PESTLE Analysis

    SWOT Analysis

    Statement of Business Context

    3 Assess the Current Governance Framework

    The Purpose

    Establish a baseline of the current governance framework.

    Key Benefits Achieved

    Develop guidelines based off results from the current state that will guide the future state design.

    Activities

    3.1 Create committee profiles.

    3.2 Build governance structure map.

    3.3 Establish governance guidelines.

    Outputs

    Current State Assessment

    4 Redesign the Governance Framework

    The Purpose

    Redesign the governance structure and the committees that operate within it.

    Key Benefits Achieved

    Build a future state of governance where the relationships and processes that are built drive optimal business results.

    Activities

    4.1 Build governance structure map.

    4.2 Create committee profiles.

    Outputs

    Future State Design

    IT Governance Terms of Reference

    5 Implement Governance Redesign

    The Purpose

    Build a roadmap for implementing the governance redesign.

    Key Benefits Achieved

    Create a transparent and relationship-oriented implementation strategy that will pave the way for a successful redesign implementation.

    Activities

    5.1 Identify next steps for the redesign.

    5.2 Establish communication plan.

    5.3 Lead executive presentation.

    Outputs

    Implementation Plan

    Executive Presentation

    Further reading

    Improve IT Governance to Drive Business Results

    Avoid bureaucracy and achieve alignment with a minimalist approach.

    ANALYST PERSPECTIVE

    Governance optimization is achieved where decision making, authority, and context meet.

    "Governance is something that is done externally to IT and well as internally by IT, with the intention of providing oversight to direct the organization to meet goals and keep things on target.

    Optimizing IT governance is the most effective way to consistently direct IT spend to areas that provide the most value in producing or supporting business outcomes, yet it is rarely done well.

    IT governance is more than just identifying where decisions are made and who has the authority to make them – it must also provide the context and criteria under which decisions are made in order to truly provide business value" (Valence Howden, Director, CIO Practice Info-Tech Research Group)

    Our understanding of the problem

    This Research is Designed For:

    • CIOs
    • CTOs
    • IT Directors

    This Research Will Help You:

    • Achieve and maintain executive and business support for optimizing IT governance.
    • Optimize your governance structure.
    • Build high-level governance processes.
    • Build governance committee charters and set accountability for decision making.
    • Plan the transition to the optimized governance structure and processes.

    This Research Will Also Assist:

    • Executive Leadership
    • IT Managers
    • IT Customers
    • Project Managers

    This Research Will Help Them:

    • Improve alignment between business decisions and IT initiatives.
    • Establish a mechanism to validate, redirect, and reprioritize IT initiatives.
    • Realize greater value from more effective decision making.
    • Receive a better overall quality of service.

    Executive Summary

    Situation

    • IT governance is the #1 predictor of value generated by IT, yet many organizations struggle to organize their governance effectively.*
    • Current IT governance does not address the changing goals, risks, or context of the organization so IT spend is not easily linked to value.
    • The right people are not making the right decisions about IT.

    Complication

    • Organizations do not have a governance framework in place that optimally aligns IT with the business objectives and direction.
    • Implementing IT governance requires the involvement of key business stakeholders who do not see IT’s value in governance and strategy.
    • The current governance processes are poorly designed, creating long decision-making cycles and driving non-compliance with regulation.

    Resolution

    • Use Info-Tech’s four-step process for optimizing your IT governance framework. Our client-tested methodology supports the enablement of IT-business alignment, decreases decision-making cycle times, and increases IT’s transparency and effectiveness in making decisions around benefits realization, risks, and resources.
    • Successful completion of the IT governance redesign will result in the following outcomes:
      1. Align IT with the business context.
      2. Assess the current governance framework.
      3. Redesign the governance framework.
      4. Implement governance redesign.

    Info-Tech Insight

    • Establish IT-business fusion. In governance, alignment is not enough. Merge IT and the business through governance to ensure business success.
    • With great governance comes great responsibility. Involve relevant business leaders, who will be impacted by IT outcomes, to take on governing responsibility of IT.
    • Let IT manage and the business govern. IT governance should be a component of enterprise governance, allowing IT leaders to focus on managing.

    IT governance is...

    An enabling framework for decision-making context and accountabilities for related processes.

    A means of ensuring business-IT collaboration, leading to increased consistency and transparency in decision making and prioritization of initiatives.

    A critical component of ensuring delivery of business value from IT spend and driving high satisfaction with IT.

    IT governance is not...

    An annoying, finger-waving roadblock in the way of getting things done.

    Limited to making decisions about technology.

    Designed tacitly; it is purposeful, with business objectives in mind.

    A one-time project; you must review and revalidate the efficiency.

    Avoid common misconceptions of IT governance

    Don’t blur the lines between governance and management; each has a unique role to play. Confusing these results in wasted time and confusion around ownership.

    Governance

    A cycle of 'Governance Processes' and 'Management Processes'. On the left side of the cycle 'Governance Processes' begins with 'Evaluate', then 'Direct', then 'Monitor'. This leads to 'Management Processes' on the right side with 'Plan', 'Build', 'Run', and 'Monitor', which then feeds back into 'Evaluate'.

    Management

    IT governance sets direction through prioritization and decision making, and monitors overall IT performance.

    Governance aligns with the mission and vision of the organization to guide IT.

    Management is responsible for executing on, operating, and monitoring activities as determined by IT governance.

    Management makes decisions for implementing based on governance direction.

    The IT Governance Framework

    An IT governance framework is a system that will design structures, processes, authority definitions, and membership assignments that lead IT toward optimal results for the business.

    Governance is performed in three ways:
    1. Evaluate

      Governance ensures that business goals are achieved by evaluating stakeholder needs, criteria, metrics, portfolio, risk, and definition of value.
    2. Direct

      Governance sets the direction of IT by delegating priorities and determining the decisions that will guide the IT organization.
    3. Monitor

      Governance establishes a framework to monitor performance, compliance to regulation, and progress on expected outcomes.

    "Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?" (Martha Heller, President, Heller Search Associates)

    Create impactful IT governance by embedding it within enterprise governance

    The business should engage in IT governance and IT should influence the direction of the business.

    Enterprise Governance

    IT Governance

    Authority for enterprise governance falls to the board and executive management.

    Responsibilities Include:
    • Provide strategic direction for the organization.
    • Ensure objectives are met.
    • Set the risk standards or profile.
    • Delegate resources responsibly.
    –› Engage in –›

    ‹– Influence ‹–

    Governance of IT is a component of enterprise governance.

    Responsibilities Include:
    • Build structure, authority, process, and membership designations in a governance framework.
    • Ensure the IT organization is aligned with business goals.
    • Influence the direction of the business to ensure business success.

    Identify signals of sub-optimal IT governance within any of these domains

    If you notice any of these signals, governance redesign is right for you!

    Inability to Realize Benefits

    1. IT is unable to articulate the value of its initiatives or spend.
    2. IT is regularly delegated unplanned projects.
    3. The is no standard approach to prioritization.
    4. Projects do not meet target metrics.

    Resource Misallocation

    1. Resources are wasted due to duplication or overlap in IT initiatives.
    2. IT projects fail at an unacceptable rate, leading to wasted resources.
    3. IT’s costs continue to increase without reciprocal performance increase.

    Misdiagnosed Risks

    1. Risk appetite is incorrectly identified or not identified at all.
    2. Disagreement on the approach to risk in the organization.
    3. Increasing rate of IT incidents related to risk.
    4. IT is failing to meet regulatory requirements.

    Dissatisfied Stakeholders

    1. There are no ways to measure stakeholder satisfaction with IT.
    2. Business strategies and IT strategies are misaligned.
    3. IT’s relationship with key stakeholders is unstable and there is a lack of mutual trust.

    A majority of organizations experience significant alignment gaps

    The majority of organizations and their key stakeholders experience highly visible gaps in the alignment of IT investments and organizational goals.

    There are two bars with percentages of their length marked out for different CXO responses. The possible responses are from '1, Critical Gap' to '7, No Gap'. The top bar says '57% of CXOs identify a major gap in IT's ability to support business goals', and shows 13% answered '1, Critical Gap', 22% answered '2', and 22% answered '3'. The bottom bar says '84% of CXOs often perceive that IT is investing in areas that do not support the business' and shows 38% answered '1, Critical Gap', 33% answered '2', and 13% answered '3'.

    88% of CIOs believe that their governance is not effective. (Info-Tech Diagnostics)

    Leverage governance as the catalyst for connecting IT and the business

    49% of firms are misaligned on current performance expectations for IT.

    • 49% Misaligned
    • 51% Aligned

    67% of firms are misaligned on the target role for IT.

    • 34% Highly Misaligned
    • 33% Somewhat Misaligned
    • 33% Aligned

    A well-designed IT governance framework will hep you to:

    1. Make sure IT keeps up with the evolving business context.
    2. Align IT with the mission and the vision of the organization.
    3. Optimize the speed and quality of decision making.
    4. Meet regulatory and compliance needs in the external environment.
    5. (Info-Tech Diagnostics)

    Align with business goals through governance to attain business-IT fusion

    Create a state of business-IT fusion, in which the two become one.

    Without business-IT fusion, IT will go in a different direction, leading to a divergence of purpose and outcomes. IT can transform into a fused partner of the business by ensuring that they govern toward the same goal.

    Firefighter
    • Delivers lower value
    • Duplication of effort
    • Unclear risk profile
    • High risk exposure
    Three sets of arrows, each pointing upward and arranged in an ascending stair pattern. The first, lowest set of arrows has a large blue arrow with a small green arrow veering off to the side, unaligned. The second, middle set of arrows has a large blue arrow with a medium green arrow overlaid on its center, somewhat aligned. The third, highest set of arrows has half of a large blue arrow, and the other half is a large green arrow, aligned. Business Partner
    • Increased speed of decision making
    • Aligned with business priorities
    • Optimized utility of people, financial, and time resources
    • Monitors and mitigates risk and compliance issues

    Redesign IT governance in accordance with COBIT and proven good practice

    Info-Tech’s approach to governance redesign is rooted in COBIT, the world-class and open-source IT governance standard.

    COBIT begins with governance, EDM – Evaluate, Direct, and Monitor.

    We build upon these standards with industry best practices and add a practical approach based on member feedback.

    This blueprint will help you optimize your governance framework.

    The upper image is a pyramid with 'Info-Tech Insights, Analysts, Experts, Clients' on top, 'IT Governance Best Practices' in the middle, and 'COBIT 5' on the bottom, indicating that Info-Tech's Governance guidance is based in COBIT 5. 'This project will focus on EDM01, Set/Maintain Governance Framework.'

    Use Info-Tech’s approach to implementing an IT governance redesign

    The four phases of Info-Tech’s governance redesign methodology will help you drive greater value for the business.

    1. Align IT With the Business Context
      Align IT’s direction with the business using the Statement of Business Context Template.
    2. Assess the Current Governance Framework
      Evaluate the strengths and weaknesses of current governance using the Current State Assessment of IT Governance.
    3. Redesign the Governance Framework
      Build a redesign of the governance framework using the Future State Design for IT Governance tool.
    4. Implement Governance Redesign
      Create an IT Governance Implementation Plan to jumpstart the communication of the redesign and set it up for success.
    5. Continuously assess your governance framework to ensure alignment.

    Leverage Info-Tech’s insights for an optimal redesign process

    Common Pitfalls

    Info-Tech Solutions

    Phase 1

    There must be an active understanding of the current and future state of the business for governance to address the changing needs of the business. –›
    1. Make the case for a governance redesign.
    2. Create a custom communication plan to facilitate support.
    3. Establish a collectively agreed upon statement of business context.

    Phase 2

    Take a proactive approach to revising your governance framework. Understand why you are making decisions before actually making them. –›
    1. Conduct the IT governance current state assessment.
    2. Create governance guidelines for redesign.

    Phase 3

    Keep the current and future goals in sight to build an optimized governance framework that maintains the minimum bar of oversight required. –›
    1. Redesign the future state of IT governance in your organization.

    Phase 4

    Don’t overlook the politics and culture of your organization in redesigning your governance framework. –›
    1. Rationalize steps in an implementation plan.
    2. Outline a communication strategy to navigate culture and politics.
    3. Construct an executive presentation to facilitate transparency for the governing framework.

    Leverage both COBIT and Info-Tech-defined metrics to evaluate the success of your redesign

    These metrics will help you determine the extent to which your governance is supporting your business goals, and whether the governance in place promotes business-IT fusion.

    Benefits Realization

    1. Percent of IT-enabled investments where benefit realization is monitored through the full economic life. (COBIT-defined metric)
    2. Percent of enterprise strategic goals and requirements supported by IT strategic goals. (COBIT-defined metric)
    3. Percent of IT services where expected benefits are realized or exceeded. (COBIT-defined metric)

    Resources

    1. Satisfaction level of business and IT executives with IT-related costs and capabilities. (COBIT-defined metric)
    2. Average time to turn strategic IT objectives into an agreed-upon and approved initiative. (COBIT-defined metric)
    3. Number of deviations from resource utilization plan.

    Risks

    1. Number of security incidents causing financial loss, business disruption, or public embarrassment. (COBIT-defined metric)
    2. Number of issues related to non-compliance with policies. (COBIT-defined metric)
    3. Percentage of enterprise risk assessments that include IT-related risks. (COBIT-defined metric)
    4. Frequency with which the risk profile is updated. (COBIT-defined metric)

    Stakeholders

    1. Change in score of alignment with the scope of the planned portfolio of programs and services (using CIO-CXO Alignment Diagnostic).
    2. Percent of executive management roles with clearly defined accountabilities for IT decisions. (COBIT-defined metric)
    3. Percent of business stakeholders satisfied that IT service delivery meets agreed-upon service levels. (COBIT-defined metric)
    4. Percent of key business stakeholders involved in IT governance.

    Capture monetary value by establishing and monitoring key metrics

    While benefits of governance are often qualitative, the power of effective governance can be demonstrated through quantitative financial gains.

    Scenario 1 – Realizing Expected Gains

    Scenario 2 – Mitigating Unexpected Losses

    Metric

    Track the percentage of initiatives that provided expected ROI year over year. The optimization of the governance framework should generate an increase in this metric. Monitor this metric for continuous improvement opportunities. Track the financial losses related to non-compliance with policy or regulation. An optimized governance framework should better protect the organization against policy breach and mitigate the possibility and impact of “rogue” actions.

    Formula

    ROI of all initiatives / number of initiatives in year 2 – ROI of all initiatives / number of initiatives in year 1

    The expected result should be positive.

    Cost of non-compliance in year 2 – cost of non-compliance in year 1

    The expected result should be negative.

    Redesign IT governance to achieve optimal business outcomes

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Situation

    The IT governance had been structured based on regulations and had not changed much since it was put in place. However, a move to become an integration and service focused organization had moved the organization into the world of web services, Agile development, and service-oriented architecture.

    Complication

    The existing process was well defined and entrenched, but did not enable rapid decision making and Agile service delivery. This was due to the number of committees where initiatives were reviewed, made worse by their lack of approval authority. This led to issues moving initiatives forward in the timeframes required to meet clinician needs and committed governmental deadlines.

    In addition, the revised organizational mandate had created confusion regarding the primary purpose and function of the organization and impacted the ability to prioritize spend on a limited budget.

    To complicate matters further, there was political sensitivity tied to the membership and authority of different governing committees.

    Result:

    The CEO decided that a project would be initiated by the Enterprise Architecture Group, but managed by an external consultant to optimize and restructure the governance within the organization.

    The purpose of using the external consultant was to help remove internal politics from the discussion. This allowed the organization to establish a shared view of the organization’s revised mission and IT’s role in its execution.

    The exercise led to the removal of one governing committee and the merger of two others, modification to committee authority and membership, and a refined decision-making context that was agreed to by all parties.

    The redesigned governance process led to a 30% reduction in cycle time from intake to decision, and a 15% improvement in alignment of IT spend with strategic priorities.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Redesign IT Governance – project overview

    Align IT With the Business Context

    Assess the Current State

    Redesign Governance

    Implement Redesign

    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Identify Stakeholders
    1.2 Make the Case
    1.3 Present to Executives
    1.4 Customize Comm. Plan
    1.5 Review Documents
    1.6 Analyze Frameworks
    1.7 Conduct Brainstorming
    1.8 Finalize the SoBC
    2.1 Create Committee Profiles

    2.2 Build a Governance Structure Map

    2.3 Establish Governance Guidelines

    3.1 Build Governance Structure Map

    3.2 Create Committee Profiles

    3.3 Leverage Process Specific Governance Blueprints

    4.1 Identify Next Steps for the Redesign

    4.2 Establish Communication Plan

    4.3 Lead Executive Presentation

    Guided Implementations

    • Move towards gaining buy-in from the business if necessary. Then identify the major components of the SoBC.
    • Review SoBC and discuss a strategy to engage key stakeholders in the redesign.
    • Explore the process of identifying the four major elements of governance. Build guidelines for the future state.
    • Review the current state of governance and discuss the implications and guidelines.
    • Identify the changes that will need to be made.
    • Review redesigned structure and authority.
    • Review redesigned process and membership.
    • Discuss and review the implementation plan.
    • Prepare the presentation for the executives. Provide support on any final questions.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Align IT with the business context
    Module 2:
    Assess the current governance framework
    Module 3:
    Redesign the governance framework
    Module 4:
    Implement governance redesign
    Phase 1 Results:
    • Align IT’s direction with the business.
    Phase 2 Results:
    • Evaluate the strengths and weaknesses of current governance and build guidelines.
    Phase 3 Results:
    • Establish a redesign of the governance framework.
    Phase 4 Results:
    • Create an implementation plan for the communication of the redesign.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5

    Task – Identify the Need for Governance Task – Align IT with the Business Context Task – Assess the Current State Task – Redesign Governance Framework Task – Implement Governance Redesign

    Activities

    • 1.1 Identify Stakeholders
    • 1.2 Make the Case
    • 1.3 Present to Executives
    • 1.4 Customize Communication Plan
    • 2.1 Review Documents
    • 2.2 Analyze Frameworks
    • 2.3 Conduct Brainstorming
    • 2.4 Finalize the Statement of Business Context
    • 3.1 Create Committee Profiles
    • 3.2 Build Governance Structure Map
    • 3.3 Establish Governance Guidelines
    • 4.1 Build Governance Structure Map
    • 4.2 Create Committee Profiles
    • 4.3 Leverage Process Specific Governance Blueprints
    • 5.1 Identify Next Steps for the Redesign
    • 5.2 Establish Communication Plan
    • 5.3 Lead Executive Presentation

    Deliverables

    1. Make the Case Presentation
    2. Stakeholder Power Map Template
    3. Communication Plan
    1. PESTLE Analysis
    2. SWOT Analysis
    3. Statement of Business Context
    1. Current State Assessment
    1. Future State Design Tool
    2. IT Governance Terms of Reference
    1. Implementation Plan
    2. Executive Presentation

    Improve IT Governance to Drive Business Results

    PHASE 1

    Align IT With the Business Context

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Align IT With the Business Context

    Proposed Time to Completion: 2-4 weeks
    Step 1.1: Identify the Need for Governance Step 1.2: Create the Statement of Business Context
    Start with an analyst kick-off call:
    • Understand the core concepts of IT governance.
    • Create a strategy for key stakeholder support.
    • Identify key communication milestones.
    Review findings with analyst:
    • Identify and discuss the process of engaging senior leadership.
    • Review findings from business analysis.
    • Review diagnostic and interview outcomes.
    Then complete these activities…
    • Identify stakeholders.
    • Make the case to executives.
    • Build a communication plan.
    Then complete these activities…
    • Review business documents.
    • Review the PESTLE and SWOT analyses.
    • Analyze outcomes of CIO-CEO Alignment Diagnostic.
    • Complete the Statement of Business Context.
    With these tools & templates:
    • Make the Case for an IT Governance Redesign
    • Stakeholder Power Map Template
    • IT Governance Stakeholder Communication Planning Tool
    With these tools & templates:
    • PESTLE Analysis Template
    • Business SWOT Analysis Template
    • CIO-CEO Alignment Diagnostic
    • Statement of Business Context Template

    Phase 1: Align IT With the Business Context

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 1.1 Identify Stakeholders
    • 1.2 Customize Make the Case Presentation
    • 1.3 Present to Executives
    • 1.4 Customize Communication Plan
    • 1.5 Review Business Documents
    • 1.6 Analyze Business Frameworks
    • 1.7 Conduct Brainstorming Efforts
    • 1.8 Finalize the SoBC

    Outcomes:

    • Make the case for a governance redesign.
    • Create a custom communication plan to facilitate support for the redesign process.
    • Establish a collectively agreed upon statement of business context.

    Set up business-driven governance by gaining an understanding of the business context

    Fuse IT with the business by establishing a common context of what the business is trying to achieve. Align IT with the business by developing an understanding of the business state, creating a platform to build a well-aligned governance framework.

    "IT governance philosophies can no longer be a ‘black box’ … IT governance can no longer be ignored by senior executives." (Iskandar and Mohd Salleh, University of Malaya, International Journal of Digital Society)

    Info-Tech Insight

    Get consensus on the changing state of business. There must be an active understanding of the current and future state of the business for governance to address the changing needs of the business.

    The source for the governance redesign directive will dictate the route for attaining leadership buy-in

    "Without an awareness of IT governance, there is no chance that it will be followed … The higher the percentage of managers who can describe your governance, the higher the governance performance." (Jeanne Ross, Director, MIT Center for Information Systems Research)

    The path you will choose for your governance buy-in tactics will be based on the original directive to redesign governance.

    Enterprise Directive.
    In the case that the redesign is an enterprise directive, jump directly to building a communication plan.

    IT Directive.
    In the case that the redesign is an IT directive, make the case to get the business on board.

    Use the Make the Case presentation template to get buy-in from the business

    Supporting Tool icon 1A Convince senior management to redesign governance

    INSTRUCTIONS

    1. Identify Stakeholders
      Determine which business stakeholders will be impacted or involved in the redesign process.
    2. Customize the Presentation
      Identify specific pain points regarding IT-business alignment.
    3. Present to Executives
      Present the make the case presentation.

    Info-Tech Best Practice

    Use the Make the Case customizable deliverable to lead a boardroom-quality presentation proving the specific need for senior executive involvement in the governance redesign.

    Determine which business stakeholders will be impacted or involved in the redesign process

    Associated Activity icon 1.1 Identify the stakeholders for the IT governance redesign

    It is vital to identify key business and IT stakeholders before the IT governance redesign has begun. Consider whose input and influence will be necessary in order to align with the business context and redesign the governance framework accordingly.

    Business

    • Shareholders
    • Board
    • Chief Executive Officer
    • –› Example: the CEO wants to know how IT will support the achievement of strategic corporate objectives.
    • Chief Financial Officer
    • Chief Operating Officer
    • Business Executives
    • Business Process Owners
    • Strategy Executive Committee
    • Chief Risk Officer
    • Chief Information Security Officer
    • Architecture Board
    • Enterprise Risk Committee
    • Head of Human Resources
    • Compliance
    • Audit

    IT

    • Chief Information Officer
    • –› Example: the CIO would like validation from the business with regards to prioritization criteria.
    • Head Architect
    • Head of Development
    • Head of IT Operations
    • Head of IT Administration
    • Service Manager
    • Information Security Manager
    • Business Continuity Manager
    • Privacy Officer

    External

    • Government Agency
    • –› Example: some governments mandate that organizations develop and implement an IT governance framework.
    • Audit Firm

    Build a power map to prioritize stakeholders

    Associated Activity icon 1.1 2-4 hours

    Stakeholders may have competing concerns – that is, concerns that cannot be addressed with one solution. The governance redesigner must prioritize their time to address the concerns of the stakeholders who have the most power and who are most impacted by the IT governance redesign.

    Draw a stakeholder power map to visualize the importance of various stakeholders and their concerns, and to help prioritize your time with those stakeholders.

    • Power: How much influence does the stakeholder have? Enough to drive the project forward or into the ground?
    • Involvement: How interested is the stakeholder? How much involvement does the stakeholder have in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change the job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resistor?
    A power map of stakeholders with two axes and four quadrants. The vertical axis is 'Low Power' on the bottom and 'High Power' on top. The horizontal axis is 'Low Involvement' on the left and 'High Involvement' on the right. The top left quadrant is labeled 'Keep satisfied' and contains 'CFO', a Strongly Impacted Resistor, and 'COO', a Weakly Impacted Resistor. The top right quadrant is labeled 'Key Players' and contains 'CIO' and 'CEO', both Strongly Impacted Supporters. The bottom left quadrant is labeled 'Minimal effort' and contains 'Marketing Head', a Weakly Impacted Neutral, and 'Production Head', a Moderately Impacted Neutral. The bottom right quadrant is labeled 'Keep informed' and contains 'Director of Ops', a Strongly Impacted Supporter, and 'Chief Architect', a Strongly Impacted Neutral.

    Download Info-Tech’s Stakeholder Power Map Template to help you visualize your key stakeholders.

    Build a power map to prioritize stakeholders

    Associated Activity icon 1.1

    It is important to identify who will be impacted and who has power, and the level of involvement they have in the governance redesign. If they have power, will be highly impacted, and are not involved in governance, you have already lost – because they will resist later. You need to get them involved early.

    • Focus on key players – relevant stakeholders who have high power, are highly impacted, and should have a high level of involvement.
    • Engage the stakeholders that are impacted most and have the power to impede the success of redesigning IT governance.
      • For example, if a CFO, who has the power to block project funding, is heavily impacted and not involved, the IT governance redesign success will be put at risk.
    • Some stakeholders may have influence over others so you should focus your efforts on the influencer rather than the influenced.
      • For example, if an uncooperative COO is highly influenced by the Director of Operations, it is recommended to engage the latter.

    The same power map of stakeholders with two axes and four quadrants, but with focus points and notes. The vertical axis is 'Low Power' on the bottom and 'High Power' on top. The horizontal axis is 'Low Involvement' on the left and 'High Involvement' on the right. The top left quadrant is labeled 'Keep satisfied' and contains 'CFO', a Strongly Impacted Resistor, and 'COO', a Weakly Impacted Resistor, as well as a dotted line moving 'CFO' to the top right quadrant with the note 'A) needs to be engaged'. The top right quadrant is labeled 'Key Players' and contains 'CIO' and 'CEO', both Strongly Impacted Supporters, as well as the new required position of 'CFO'. The bottom left quadrant is labeled 'Minimal effort' and contains 'Marketing Head', a Weakly Impacted Neutral, and 'Production Head', a Moderately Impacted Neutral. The bottom right quadrant is labeled 'Keep informed' and contains 'Director of Ops', a Strongly Impacted Supporter, and 'Chief Architect', a Strongly Impacted Neutral, as well as a line from 'Director of Ops' to 'COO' in the top left quadrant with a note that reads 'B) Influences'.

    Identify specific pain points regarding business-IT alignment

    Associated Activity icon 1.2 2-4 hours

    INPUT: Signal Questions, CIO-CXO Alignment Diagnostic

    OUTPUT: List of Categorized Pain Points

    Materials: Make the Case for an IT Governance Redesign

    Participants: Identified Key Business Stakeholders

    1. Consider Signals for Redesign
      Refer to the Executive Brief for questions to identify pain points related to governance.
      • Benefits Realization
      • Resources
      • Risks
      • Stakeholders
    2. Conduct CIO-CEO Alignment Diagnostic
      Assess the current state of alignment between the CIO and the major stakeholders of the organization.

    See the CEO-CIO Alignment Program for more information.

    Conduct the CEO-CIO Alignment Diagnostic

    Why CEO-CIO Alignment?

    The CEO-CIO Alignment Program helps you understand the gaps between what the CEO wants for IT and what the CIO wants for IT. The program will also evaluate the current state of IT, from a strategic and tactical perspective, based on the CEO’s opinion.

    The CEO-CIO Alignment Program helps to:

    • Evaluate how the executive leadership currently feels about the IT organization’s performance along the following dimensions:
      • IT budgeting and staffing
      • IT strategic planning
      • Degree of project success
      • IT-business alignment
    • Answer the question, “What does the CEO want from IT?”
    • Understand the CEO’s perception of and vision for IT in the business.
    • Define the current and target roles for IT. Understanding IT’s current and target roles, in the eyes of the CEO, is crucial to creating IT governance. By focusing the IT governance on achieving the target role, you will ensure that the senior leadership will support the implementation of the IT governance.

    To conduct the CEO-CIO Alignment Program, follow the steps outlined below.

    1. Select the senior business leader to participate in the program. While Info-Tech suggests that the CEO participate, you might have other senior stakeholders who should be involved.
    2. Send the survey link to your senior business stakeholder and ensure the survey’s completion.
    3. Complete your portion of the survey.
    4. Hold a meeting to discuss the results and document your findings.

    See the CEO-CIO Alignment Program for more information.

    Present the “Make the Case” for IT governance redesign

    Associated Activity icon 1.3 30 minutes

    1. Review Finalized Stakeholder List
      Consolidate a list of the most important and impactful stakeholders who need further convincing to participate in the governance redesign and implementation.
    2. Present the Deck
      Include the information gathered throughout the discovery into the presentation deck and hold a meeting to review the findings.

    Business

    • Shareholders
    • Board
    • Chief Executive Officer
    • Chief Financial Officer
    • Chief Operating Officer
    • Business Executives
    • Strategy Executive Committee
    • Chief Risk Officer
    • Architecture Board
    • Enterprise Risk Committee
    • Head of Human Resources
    • Compliance

    IT

    • Chief Information Officer

    External

    • Government Agency
    • Audit Firm

    Use the Make the Case for an IT Governance Redesign template for more information.

    Create a custom communication plan to facilitate support for the redesign process

    Supporting Tool icon 1B Create a plan to engage the key stakeholders

    INSTRUCTIONS

    1. Identify Stakeholders
      Determine which business stakeholders will be involved (refer to Activity 1.1).
    2. Customize Communication Plan
      Follow up with individual communication plans.

    Info-Tech Best Practice

    Create personal communication plans to provide individualized engagement, instead of assuming that everyone will respond to the same communication style.

    Download the IT Governance Stakeholder Communication Planning Tool for more information.

    Create a communication plan to engage key stakeholders

    Associated Activity icon 1.4 1 hour
    1. Input Stakeholders
      Determine which business stakeholders will be involved (refer to Activity 1.1). Then, insert their position on the power map, the rationale to inform them, the timing of communications, and what inputs they will be needed to provide.

      Stakeholder role

      Power map position

      Why inform them

      When to inform them

      What we need from them

      Chief Executive Officer
      Chief Financial Officer
      Chief Operating Officer
    2. Identify Communication Strategy
      Outline the most effective communication plan for that stakeholder. Identify how to best communicate to the stakeholders to make sure they are appropriately engaged in the redesign process.

      Vehicle

      Audience

      Purpose

      Frequency

      Owner

      Distribution

      Level of detail

      Status Report IT Managers Project progress and deliverable status Weekly CIO, John Smith Email Details for milestones, deliverables, budget, schedule, issues, next steps
      Status Report Marketing Manager Project progress Monthly CIO, John Smith Email High-level detail for major milestone update and impact to the marketing unit

    Establish a collectively agreed upon statement of business context (SoBC)

    Supporting Tool icon 1C Document the mutual understanding of the business context

    INSTRUCTIONS

    1. Review Business Documents
      Review business documents from broad areas of the business to assess the business context.
    2. Analyze Business Frameworks
      Analyze business frameworks to articulate the current and projected future business context.
    3. Brainstorm With Key Stakeholders
      Conduct stakeholder brainstorming efforts to gain insights from key business stakeholders.
    4. Finalize the SoBC
      Document and sign the SoBC with identified stakeholders.

    Info-Tech Best Practice

    Use the Statement of Business Context customizable deliverable as a point of reference that will guide the direction of the governance redesign.

    Use the Statement of Business Context to identify the critical information needed to guide governance

    Components of the SoBC

    1. Mission
      • Who are you as an organization?
      • Who are your internal and external customers?
      • What are your core business functions?

      Example (Higher Education)
      Nurture global leaders and provide avenues for intellectual exploration.
    2. Vision
      • Is your vision statement future-facing?
      • Is your vision statement concise?
      • Is your vision statement achievable?
      • Does your vision statement involve change?

      Example
      Be a catalyst for creating the future leaders of tomorrow through dynamic and immersive educational experiences. The university will be recognized for being a prestigious innovative research hub and educational institution.
    Sample of Info-Tech's Statement of Business Context Template with the Mission and Vision Statements.

    Use the Statement of Business Context to identify the critical information needed to guide governance (cont.)

    More Components of the SoBC

    1. Strategic Objectives
      • What are the strategic initiatives of the organization?
      • Do you have a roadmap to accomplish your mission?
      • What are the primary goals of senior leaders for the organization?

      Example
      1. Meeting government regulation
      2. Revenue generation
      3. Top research quality
      4. High teaching quality
    Sample of Info-Tech's Statement of Business Context Template with Strategic Objectives.
    1. State of Business
      • Consider what the current state and future state are.
      • How does the operating model used define the state?
      • How do industry trends shape the business?
      • What internal changes impact the business model?

      Example
      Our organization aims to make quick decisions and navigate the fast-paced industry with agility, uniting the development and operational sides of the business.
    Sample of Info-Tech's Statement of Business Context Template with State of the Business.

    Leverage core concepts to determine the direction of the organization’s state of the business

    1. Mission
    2. Vision
    3. Strategic Objectives
    –›
    1. State of Business

    2. Work through if your organization’s state is small vs. large, public vs. private, and lean vs. DevOps vs. traditional.

    Small

    IT team is 30 people or less.

    Large

    IT team is more than 30 people.

    Public

    Wholly or partly funded by the government.

    Private

    No government funding is provided.
    Lean: The business aims to eliminate any waste of resources (time, effort, or money) by removing steps in the business process that do not create value. Devops/Agile: Our organization aims to make quick decisions and navigate the fast-paced industry with agility. Uniting the development and operational sides of the business. Hierarchical: Departments in the organization are siloed by function. The organization is top-down and hierarchical, and takes more time with decision making.

    ‹– Multi-State (any combination) –›

    Review business documents to assess business context

    Associated Activity icon 1.5 2-4 hours

    INPUT: Strategic Documents, Financial Documents

    OUTPUT: Mission, Vision, Strategic Objectives

    Materials: Corporate Documents

    Participants: IT Governance Redesign Owner

    Start assessing the state of the business context by leveraging easily accessible information. Many organization have strategic plans, documents, and presentations that already include a large portion of the information for the SoBC – use these sources first.

    Instructions

    1. Strategic Documents
      Leverage your organization’s strategic documents to gain understanding of the business context.

    2. Documents to Review:
    • Corporate strategy document.
    • Business unit strategy documents.
    • Annual general reports.
  • Financial Documents
    Leverage your organization’s financial documents to gain understanding of the business context.

  • Documents to Review:
    • Look for large capital expenditures.
    • Review operating costs.
    • Business cases submitted.

    Review strategic planning documents

    Overview

    Some organizations (and business units) create an authoritative strategy document. These documents contain the organization’s corporate aspirations and outline initiatives, reorganizations, and shifts in strategy. Additionally, some documents contain strategic analysis (Porter’s Five Forces, etc.).

    Action

    • Read through any of the following:
      • Corporate strategy document
      • Business unit strategy documents
      • Annual general reports
    • Watch out for key future-looking words:
      • We will be…
      • We are planning to…

    Overt Statements

    • Corporate objectives and initiatives are often explicitly stated in these documents. Look for statements that begin with phrases such as “Our corporate objectives are…”
    • Remember that different organizations use different terminology – if you cannot find the word “goal” or “objective” then look for “pillar,” “imperative,” “theme,” etc.
    • Ask a business partner to assist if you need some help.

    Covert, Outdated, and Non-Existent Statements

    • Some corporate objectives and initiatives will be mentioned in passing and will require clarification, for example:
      “As we continue to penetrate new markets, we will be diversifying our manufacturing geography to simplify distribution.”
    • Some corporate strategies may be outdated and therefore of limited use for understanding the state of business – validate the statement to ensure it is up to date.
    • Some organizations lack a strategic plan altogether. Use stakeholder interviews to identify imperatives and validate conflicting statements before moving on.

    Review financial documentation

    Overview

    Departmental budgets highlight the new projects that will launch in the next fiscal year. The overwhelming majority of these projects will have IT implications. Additionally, identifying where the department is spending money will allow you to identify business unit initiatives and operational change.

    Action

    • Scan budgets:
      • Look for large capital expenditures
      • Review operating costs
      • Review business cases submitted
    • Look for abnormalities or changes:
      • What does an increase in spending mean?
      • Does IT need to change as a result?

    Capital Budgets

    • Capital expenditures are driven by projects, which map to corporate goals and initiatives.
    • Look for large capital expenditures and cross-reference the outflows with any project plans that have been collected.
    • If an expenditure cannot be explained by project plans, request additional information.

    Operating Budgets

    • Major changes to operating costs typically reflect changes to a business unit. Some of these changes affect IT capabilities and can be classified as corporate initiatives.
    • Changes that should be classified as corporate initiatives are expansion or contraction of a labor force, outsourcing initiatives, and significant process changes.
    • Changes that should not be classified as corporate initiatives are changes in third-party fees, consulting engagements, and changes caused by inflation or growth.

    Analyze business frameworks to articulate context

    Associated Activity icon 1.6 2-4 hours

    INPUT: Industry Research, Organizational Research, Analysis Templates

    OUTPUT: PESTLE and SWOT Analysis

    Materials: Computer or Whiteboards and Markers

    Participants: IT Governance Redesign Owner

    If corporate documents denoting the key components of the SoBC are not easily available, or do not provide all information required, refer to business analysis frameworks to discover internal and external trends that impact the mission, vision, strategic objectives, and state of the business.

    1. Conduct a PESTLE Analysis
      The PESTLE analysis will support the organization in identifying external factors that impact the business. Keep watch for trends and changes in the industry.
    2. Political

      Economic

      Social

      Technological

      Legal

      Environmental

    3. Conduct a SWOT Analysis
      The SWOT analysis will be more specific to the organization and the industry in which it operates. Identify the unique strengths, weaknesses, opportunities, and threats for your organization.
    4. Strengths

      Weaknesses

      Opportunities

      Threats

    Conduct a PESTLE analysis

    Associated Activity icon 1.6 Conduct a PESTLE analysis
    • Break participants into teams and divide the categories amongst them:
      • Political trends
      • Economic trends
      • Social trends
      • Technological trends
      • Legal trends
      • Environmental trends
    • Have each group identify relevant trends under their respective categories. You must relate each trend back to the business by considering:
      • How does this affect my business?
      • Why do we care?
    • Use the prompt questions on the next slide to help the brainstorming process.
    • Have each team present its list and have remaining teams give feedback and additional suggestions.

    Political. Examine political factors such as taxes, environmental regulations, and zoning restrictions.

    Economic Examine economic factors such as interest rates, inflation rate, exchange rates, the financial and stock markets, and the job market.

    Social. Examine social factors such as gender, race, age, income, disabilities, educational attainment, employment status, and religion.

    Technological. Examine technological factors such as servers, computers, networks, software, database technologies, wireless capabilities, and availability of software as a service.

    Legal. Examine legal factors such as trade laws, labor laws, environmental laws, and privacy laws.

    Environmental. Examine environmental factors such as green initiatives, ethical issues, weather patterns, and pollution.

    Download Info-Tech’s PESTLE Analysis Template to help get started.

    Review these questions to help you conduct a PESTLE analysis

    For each prompt below, always try to answer the question: how does this affect my business?

    Political

    • Will a change in government (at any level) affect your organization?
    • Do inter-government or trade relations affect you?
    • Are there shareholder needs or demands that must be considered?

    Economical

    • How are your costs changing (moving off-shore, fluctuations in markets, etc.)?
    • Do currency fluctuations have an effect on your business?
    • Can you attract and pay for top-quality talent (e.g. desirable location, reasonable cost of living, changes to insurance requirements)?

    Social

    • What are the demographics of your customers or employees?
    • What are the attitudes of your customers or staff (do they require social media, collaboration, transparency of costs, etc.)?
    • What is the general lifecycle of an employee (i.e. is there high turnover)?
    • Is there a market of qualified staff?
    • Is your business seasonal?

    Technological

    • Do you require constant technology upgrades (faster network, new hardware, etc.)?
    • What is the appetite for innovation within your industry or business?
    • Are there demands for increasing data storage, quality, BI, etc.?
    • Are you looking at cloud technologies?
    • What is the stance on “bring your own device”?
    • Are you required to do a significant amount of development work in-house?

    Legal

    • Are there changes to trade laws?
    • Are there changes to regulatory requirements, e.g. data storage policies or privacy policies?
    • Are there union factors that must be considered?

    Environmental

    • Is there a push towards being environmentally friendly?
    • Does the weather have any effect on your business (hurricanes, flooding, etc.)?

    Conduct a SWOT analysis on the business

    Associated Activity icon 1.6 Conduct a business SWOT analysis

    Break the group into two teams.

    Assign team A internal strengths and weaknesses.

    Assign team B external opportunities and threats.

    • Have the teams brainstorm items that fit in their assigned grids. Use the prompt questions on the next slide to help you with your SWOT analysis.
    • Pick someone from each group to fill in the grids on the whiteboard.
    • Conduct a group discussion about the items on the list. Identify implications for IT and opportunities to innovate as you did for the other business and external drivers.
    Helpful
    to achieve the objective
    Harmful
    to achieve the objective
    Internal Origin
    attributes of the organization
    Strength Weaknesses
    External Origin
    attributes of the environment
    Opportunities Threats

    Download Info-Tech’s Business SWOT Analysis Template to help get started.

    Review these questions to help you conduct your SWOT analysis on the business

    Strengths (Internal)

    • What competitive advantage does your organization have?
    • What do you do better than anyone else?
    • What makes you unique (human resources, product offering, experience, etc.)?
    • Do you have location advantages?
    • Do you have price, cost, or quality advantages?
    • Does your organizational culture offer an advantage (hiring the best people, etc.)?

    Weaknesses (Internal)

    • What areas of your business require improvement?
    • Are there gaps in capabilities?
    • Do you have financial vulnerabilities?
    • Are there leadership gaps (succession, poor management, etc.)?
    • Are there reputational issues?
    • Are there factors that are making you lose sales?

    Opportunities (External)

    • Are there market developments or new markets?
    • Industry or lifestyle trends, e.g. move to mobile?
    • Are there geographical changes in the market?
    • Are there new partnerships or M&A opportunities?
    • Are there seasonal factors that can be used to the advantage of the business?
    • Are there demographic changes that can be used to the advantage of the business?

    Threats (External)

    • Are there obstacles that the organization must face?
    • Are there issues with respect to sourcing of staff or technologies?
    • Are there changes in market demand?
    • Are your competitors making changes that you are not making?
    • Are there economic issues that could affect your business?

    Conduct brainstorming efforts to gain insights from key business stakeholders

    Associated Activity icon 1.7 2-4 hours

    INPUT: SoBC Template

    OUTPUT: Completed SoBC

    Materials: Computer, Phone, or Other Mechanism of Connection

    Participants: CEO, CFO, COO, CMO, CHRO, and Business Unit Owners

    There are two ways to gather primary knowledge on the key components of the SoBC:

    1. Stakeholder Interviews
      Approach each individual to have a conversation about the key components of the SoBC. Go through the SoBC and fill it in together.
    2. Stakeholder Survey
      In the case that you are in a very large organization, create a stakeholder survey. Input the key components of the SoBC into an online survey maker and send it off the key stakeholders.

    Use the SoBC as the guide to both the interview and the survey. Be clear about the purpose of understanding the business context when connecting with key business stakeholders to participate in the brainstorming. This is a perfect opportunity to establish or develop a relationship with the stakeholders who will need to buy into the redesigned governance framework since it will involve and impact them significantly.

    Go directly to the information source – the key stakeholders

    Overview

    Talking to key stakeholders will allow you to get a holistic view of the business strategy. You will be able to ask follow-up questions to get a better understanding of abstract or complex concepts. Interviews also allow you to have targeted discussions with specific stakeholders who have in-depth subject-matter knowledge.

    Action

    • Talk to key stakeholders:
      • Structure focused, i.e. CEO or CFO
      • Customer focused, i.e. CMO or Head of Sales
      • Operational focused, i.e. COO
      • Lower-level employees or managers
    • Listen for key pains that IT could alleviate.

    Overcome the Unstructured Nature of Interviews

    • Interviewees will often explicitly state objectives and initiatives.
    • However, interviews are less formal and less structured than objective-oriented strategy documents. Objectives are often stated using informal language.
      “We’re talking rev gen here. That’s the name of the game. If we can get a foothold in India, there’s huge upside potential.” (VP Marketing)
    • Further analysis might translate this into a corporate imperative: increase revenue by growing our market share in India to 8% by January of next year.
    • If an imperative is unclear, ask the stakeholder for more detail.
    • Understand how key stakeholders evaluate, direct, and monitor their own areas of the business; this will give you insight as to their style.

    Receive final sign-off to proceed with developing the IT governance redesign

    Associated Activity icon 1.8 30 minutes

    Document any project assumptions or constraints. Before proceeding with the IT governance activities, validate the statement of business context with senior stakeholders. When consensus has been reached, have them sign the final page of the document.

    How to ensure sign-off:

    • Schedule a meeting with the senior stakeholders and conduct a review of the document. This meeting presents a great opportunity to deliver your interpretation of management expectations and make any modifications.
    • Obtaining stakeholder approval in person ensures there is no miscommunication or misunderstandings around the tasks that need to be accomplished to develop a successful IT governance.
    • This is an iterative process; if senior stakeholders have concerns over certain aspects of the document, revise and review again.
    • Final sign-off should only take place when mutual understanding has been reached.

    Download the SoBC Template and complete for final approval.

    Info-Tech Tip

    In most circumstances, you should have the SoBC validated with the following stakeholders:

    • CIO
    • CEO
    • CFO
    • Business Unit Leaders

    Understand the business context to set the foundation for governance redesign

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Challenge

    The new business direction to become an integrator shifted focus to faster software iteration and on enabling integration and translation technologies, while moving away from creating complete, top-to-bottom IT solutions to be leveraged by clinicians and patients.

    Internal to the IT organization, this created a different in perspective on what was important to prioritize: foundational elements, web services, development, or data compliance issues. There was no longer agreement on which initiatives should move forward.

    Solution

    A series of mandatory meetings were held with key decision makers and SMEs within the organization in order to re-orient everyone on the overall purpose, goals, and outcomes of the organization.

    All attendees were asked to identify what they saw as the mission and vision of the organization.

    Finally, clinicians and patient representatives were brought in to describe how they were going to use the services the organization was providing and how it would enable better patient outcomes.

    Results

    Identifying the purpose of the work the IT organization was doing and how the services were going to be used realigned the different perspectives in the context of the healthcare outcomes they enabled.

    This activity provided a unifying view of the purpose and the state of the business. Understanding the business context prepared the organization to move forward with the governance redesign.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    Sample of activity 1.1 'Determine which business stakeholders will be impacted or involved in the redesign process'. Identify Relevant Stakeholders

    Build a list of relevant stakeholders and identify their position on the stakeholder power map.

    1.4

    Sample of activity 1.4 'Create a communication plan to engage key stakeholders'. Communication Plan

    Build customized communication plans to engage the key stakeholders in IT governance redesign.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

    Book a workshop with our Info-Tech analysts:

    1.7

    Sample of activity 1.7 'Review business documents to assess business context'. Gather Business Information

    Review business documents, leverage business analysis tools, and brainstorm with key executives to document the Statement of Business Context.

    1.8

    Sample of activity 1.8 'Receive final sign-off to proceed with developing the IT Governance redesign'. Finalize the Statement of Business Context

    Get final approval and acceptance on the Statement of Business Context that will guide your redesign.

    Improve IT Governance to Drive Business Results

    PHASE 2

    Assess the Current Governance Framework

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Assess the Current Governance Framework

    Proposed Time to Completion: 2 weeks
    Step 2.1: Outline the Current State AssessmentStep 2.2: Review the Current State Assessment
    Start with an analyst kick-off call:
    • Connect the current business state identified in Phase 1 with the current state of governance.
    • Identify the key elements of current governance.
    • Begin building the structure and committee profiles.
    Review findings with analyst:
    • Review the current governing bodies that were identified.
    • Review the current structure that was identified.
    • Determine the strengths, weaknesses, and guidelines from the implications in the current state assessment.
    Then complete these activities…
    • Identify stakeholders.
    • Make the case to executives.
    • Build a communication plan.
    Then complete these activities…
    • Create committee profiles.
    • Build governance structure map.
    With these tools & templates:
    • Current State Assessment of IT Governance
    With these tools & templates:
    • Current State Assessment of IT Governance

    Phase 2: Assess the Current Governance Framework

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 2.1 Create Committee Profiles
    • 2.2 Build a Governance Structure Map
    • 2.3 Establish Governance Guidelines

    Outcomes:

    • Use the Current State Assessment of IT Governance to determine governance guidelines.

    Info-Tech Insight

    Don’t be passive; take action! Take an active approach to revising your governance framework. Understand why you are making decisions before actually making them.

    Explore the current governance that exists within your organization

    Your current governance framework will give you a strong understanding of the way the key stakeholders in your business currently view IT governance.

    "Much of the focus of governance today has been on the questions:
    • Are we doing [things] the right way?
    • And are we getting them done well?"
    –› "We need to shift to…
    • Are we doing the right things?
    • Are we getting the benefits?
    • What are the outcomes?
    • What do we want to achieve?
    • How do we make intelligent decisions about what will help us achieve those outcomes?"
    (John Thorp, Author of The Information Paradox)

    Leverage this understanding of IT governance to determine where governance is occurring and how it transpires.

    Conduct a current state assessment

    Supporting Tool icon 2A Assess the current governance framework

    Use this tool to critically assess each governing body to determine the areas of improvement that are necessary in order to achieve optimal business results.

    1. Identify All Governing Bodies
      Some bodies govern intentionally, and some govern through habit and practice. Outline all bodies that take on an element of governance.
    2. Create a Governance Structure Map
      Configure the structural relationships for the governing bodies using the structure map.
    3. Reveal Strengths and Weaknesses
      Identify the strengths and weaknesses of the governance structure, authority definitions, processes, and membership.
    4. Establish Governance Guidelines
      Based on the SoBC, express clear and applicable guidelines to improve on the weaknesses while retaining the strengths of your governance framework.

    Download the Current State Assessment of IT Governance to work toward these outcomes

    Conduct a current state assessment to identify governance guidelines

    Supporting Tool icon 2A Assess the current governance framework

    How to use the Current State Assessment of IT Governance deliverable: Follow the steps below to create a cohesive understanding of the current state of IT governance and the challenges that the current system poses.

    Part A – Committee Profiles

    1. Identify Governing Bodies
    2. Leverage Committee Templates
    3. Create Committee Profiles
      Use the Committee Profile Template

    Part B – Structure Map

    1. Assess Inputs and Outputs to Express Structural Relationships
    2. Create Structure Map
      Use the Governance Structure Map

    Part C – Governance Guidelines

    1. Choose Operating Model Template
    2. Identify Strengths and Weaknesses
    3. Establish Governance Guidelines
      Use the Governance Guideline Template

    What makes up the “governance framework”?

    There are four major elements of the governance framework:

    1. Structure
      Structural relationships are shown by mapping the connections between committees.
    2. Authority
      Each committee will have a purpose and area of decision making that it is accountable for.
    3. Process
      The process includes the inputs, outputs, and activities required for the committee to function.
    4. Membership The individuals or roles who sit on each committee. Take into account members’ knowledge, capability, and political influence.

    Create governing board or committee profiles

    Supporting Tool icon 2A.1 Assess the current governance framework

    Part A – Committee Profiles

    1. Identify Governing Bodies

      Establish where governance happens and who is governing. For different organizations, the governance framework will contain a variety of governing bodies or people. Use a list format to identify governing bodies that exist in your organization.
    2. Leverage Committee Templates

      Use the templates provided. Create a profile for each governing body that currently operates in your IT governance framework as listed in step 1.
    3. Create Committee Profiles

      Identify what they are governing and how they are governing.
      Using the profiles created in step 2, identify each body’s membership roles, purpose, decision areas, inputs, and outputs. Refer to the example text in the template to guide you, but feel free to adjust the text to reflect the reality of your governing body. Screenshot of the 'Committee Template - Executive Management Committee'.
      Consider the following domains of governance:
      (refer to Executive Brief)
      • Benefits realization
      • Risks
      • Resources
      Refer to our examples for some common governing bodies.

    Consistently define the components of governance in the committee profiles

    Membership

    Membership Roles
    Insert information here that reflects who the individuals are that sit on that governing body and what their role is. Include other important information about the individuals’ knowledge, skills, or capabilities that are relevant.

    Authority

    Purpose
    Define why the committee was established in the first place.

    Decision Areas
    Explain the specific areas of decision making this group is responsible for overseeing.

    Process

    Inputs
    Consider the information and materials that are needed to make decisions.

    Outputs
    Describe the outcomes of the committee. Think about decisions that were made through the governance process.

    Screenshot of the components of governance section from the 'Committee Template'.

    Map out relationships on the Governance Map

    Supporting Tool icon 2A.2 Assess the current governance framework

    Part B – Structure Map

    Structure
    1. Assess Inputs and Outputs

      Governing Bodies

      Inputs

      Outputs

      Committee #1
      Committee #2
      Committee #3
      CFO
      IT Director
      CIO
      To understand relationships between governing bodies, list the inputs and outputs for each unique committee that rely on other committees in the table provided.
    2. Create Structure Map
      Sample of the 'Current State Structure Map'. Using the outline provided, create your own governance structure map to represent the way the governing bodies interact and feed into each other. This is crucial to ensure that the governing structure is streamlined. It will ensure that communication occurs efficiently and that there are no barriers to making decisions swiftly.

    Outline the governance structure in the governance structure map

    Associated Activity icon 2.2 30 minutes
    The 'Current State Structure Map' from the last slide, but with added description. There are three tiers of groups. At the bottom is 'Run', described as 'The lowest level of governance will be an oversight of more specific initiatives and capabilities within IT.' 'Design and Build', described as 'The second tier of groups will oversee prioritization of a certain area of governance as well as second-tier decisions that feed into strategic decisions.' At the top is 'Strategy', described as 'These groups will focus on decisions that directly connect to the strategic direction of the organization.' The specific groups laid out in the map are 'Risk and Compliance Committee' which straddle the line between 'Run' and 'Design and Build', 'Portfolio Review Board' and 'IT Steering Committee (ITSC)' both of which straddle the line between 'Design and Build' and 'Strategy', 'Executive Management Committee (EMC)' which is in 'Strategy', and 'Other' in all tiers.

    Identify strengths and weaknesses of the governance framework

    Supporting Tool icon 2A.3 Assess the current governance framework

    Part C – Governance Guidelines

    1. Choose Business State Template Choose the template that represents the identified future state of business in the Statement of Business Context. Mini sample of the 'State of Business' table from the 'Statement of Business Context'.
    2. Identify Strengths and Weaknesses Input the major strengths and weaknesses of your governance that were highlighted in the brainstorming activity. Mini sample of a Strengths and Weaknesses table.
    3. Establish Governance Guidelines Draw your own implications from the strength and weaknesses that will drive the design of your governance in its future state. These guidelines should be concise and easy to implement. Mini sample of an expanded Strengths and Weaknesses table including a row for 'Implication/Guideline'. Note: Refer to the example guidelines in the Current State Assessment of IT Governance after you have considered your own specific guidelines. The examples are supplementary for your convenience.

    Distinguish your business state from the others to ensure implications act as accurate guidelines

    Business State Options

    1

    Small

    IT team is 30 people or less.

    Large

    IT team is more than 30 people.

    2

    Public

    Wholly or partly funded by the government.

    Private

    No government funding is provided.

    3

    Lean: The business aims to eliminate any waste of resources (time, effort, or money) by removing steps in the business process that do not create value.Devops: Our organization aims to make quick decisions and navigate the fast-paced industry with agility. Uniting the development and operational sides of the business. Hierarchical: Departments in the organization are siloed by function. The organization is top-down and hierarchical, and takes more time with decision making.

    ‹– Multi-State (any combination) –›

    Multi-State Example A: If you are small organization that is publicly funded and you are shifting towards a lean methodology, combine the implications of all those groups in a way that fits your organization.

    Multi-State Example B: Your organization is shifting from a more traditional state of operating to combining the development and operations groups. Use hierarchical implications to govern one group and DevOps implications for the other.

    Identify strengths and weaknesses of the governance framework

    Associated Activity icon 2.3 2 hours

    INSTRUCTIONS

    1. Input Strengths of Governance
      Include useful components of the current framework; that may include elements that are operating well, fit the future state, or are required due to regulations or statutes.
    2. Determine Weaknesses and Challenges
      Discuss the pain points of the current governance framework by looking through the lenses of structure, authority, process, or membership.

    Consider:

    • Where is governance not meeting expectations?
    • Are we doing the right things?
    • Are we getting the benefits?
    • What are the outcomes?
    • What do we want to achieve?
    • How do we make intelligent decisions about what will help us achieve those outcomes?
    *Example

    Structure

    Authority

    Process

    Membership

    Strength

    • We must maintain a legal compliance committee due to the high level of legislation in the industry
    • The ITSC gathers and prioritizes investment options, saving time for the EMC
    • The EMC only make decisions on investments that are greater than $200,000
    • The legal board has a narrow focus, allowing it to maintain its necessary purpose efficiently
    • The information flow from ITSC to the EMC allows the EMC to spend their time effectively
    • The CIO sits on the EMC and the ITSC
    • The EMC is made up of senior leadership who have stakes in all areas of the business

    Weakness

    • Wrong number (too many/little groups)
    • Relationship is misaligned (input/output problems)
    • The tier it sits on the map is misguided
    • Duplication of the same tier of decisions in different groups
    • Approval for one specific topic occurs in more than one group
    • Lack of clarity in which group makes which decisions
    • Intake – where the information is coming from is the wrong source/inaccurate
    • Time to decision (too slow)
    • Poor results of governance (redoing projects, low value)
    • There is lack of knowledge in committee membership
    • Misplaced seniority (too Jr./Sr.)
    • Lack of representation in group (breadth across the business or depth of specific area)

    Derive governance implications from strengths and weaknesses

    Associated Activity icon 2.3 2-4 hours

    INSTRUCTIONS

    1. Copy and paste your strengths and weaknesses from part B into the template that reflects your business state.
    2. Draw your own implications from the strengths and weaknesses that will drive the design of your governance in its future state. These guidelines should be concise and practical.
    *Example

    Structure

    Authority

    Process

    Membership

    Strength

    Weakness

    Implication / Guideline

    • Make sure that the decision-making authority for most areas are at the lower tier
    • Governing bodies should be lower in the organization
    • One overarching governing body – directing priorities
    • High authority at a lower point of the organization
    • Highest tier is responsible for major budget shifts
    • High-level tier - reporting and feed in from lower level groups
    • Prioritization and sequencing occur at the mid-tier
    • Lowest governing tiers will have direct links to the customer to allow for interaction
    • Project or initiative owner as the leader of the body

    Note: Use the examples of guidelines provided in the Current State Assessment of IT Governance to help formulate your own.

    Conduct a current state assessment to identify guidelines for the future state of governance

    CASE STUDY

    Industry: Healthcare
    Source: Anonymous

    Challenge

    Over time, the organization had to create a large amount of governing committees and subcommittees in order to comply with governance frameworks applied to them and to meet regulatory compliance requirements.

    The current structure was no longer optimal to meet the newly identified mandate of the organization. However, the organization did not want to start from scratch and scrap the elements that worked, such as the dates and times that had been embedded into the organization.

    Solution

    A current state assessment was planned and executed in order to review what was currently being done and identify what could be retained and what should be added, changed, or removed to improve the governance outcomes.

    The scope involved examining how current and near-term governance needs were, or were not, met through the existing structure, bodies, and their processes.

    The organization investigated governance approaches of organizations with similar governance needs and with similar constraints to model their own.

    Results

    The outputs of this exercise included:

    • A list of effective practices and committee guidelines that could be leveraged with little to no change in the future state.
    • A list of opportunities to streamline the structure and processes.

    These guidelines were used to drive recommendations for improvements to the governance structures and processes in the organization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    Sample of activity 2.1 'Outline the governance structure in the governance structure map'. Create Current State Structure and Profiles

    Take the time to clearly articulate the current governance framework of your organization. Outline the structure and build the committee profiles for the governing bodies in your organization.

    2.3

    Sample of activity 2.3 'Identify strengths and weaknesses of the governance framework'. Determine Strengths, Weaknesses, and Guidelines

    Evaluate the strengths of your governance framework, the weaknesses that it exhibits, and the guidelines that will help maintain the strengths and alleviate the pains.

    Improve IT Governance to Drive Business Results

    PHASE 3

    Redesign the Governance Framework

    Phase 3 Guided Implementation

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Redesign the Governance Framework

    Proposed Time to Completion: 4 weeks
    Step 3.1: Understand the Redesign Process Step 3.2: Review Governance Structure Step 3.3: Review Governance Committees
    Start with an analyst kick-off call:
    • Review the guidelines from the current state assessment.
    • Begin modifying the governance structure, authorities, processes, and memberships.
    Review findings with analyst:
    • Determine the impact of the guidelines on the structural layout of the framework.
    • Determine the impact of the guidelines on the authority element of the framework.
    Finalize phase deliverable:
    • Determine the impact of the guidelines on the processes within the framework.
    • Determine the impact of the guidelines on the membership element of the framework.
    Then complete these activities…
    • Break down guidelines to make sure they are actionable and realistic.
    • Identify what to add, modify, or remove.
    • Review additional sources of information.
    Then complete these activities…
    • Build and review the governance structure map.
    • Identify additions, changes, or reductions in governing bodies and their areas of authority.
    Then complete these activities…
    • Use the template provided to build committee profiles for each identified committee.
    • Identify the membership, purpose, decision areas, inputs, and outputs of each.
    • Build committee charters if needed.
    With these tools & templates:
    • Current State Assessment
    • Future State Design for IT Governance
    With these tools & templates:
    • Future State Design for IT Governance
    With these tools & templates:
    • Future State Design for IT Governance
    • IT Governance Terms of Reference

    Phase 3: Redesign the Governance Framework

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 3.1 Build a Governance Structure Map
    • 3.2 Create Committee Profiles
    • 3.3 Leverage Process-Specific Governance Blueprints

    Outcomes:

    • Use the Future State Design for IT Governance template to build the optimal governance framework for your organization.

    Info-Tech Insight

    Keep the current and future goals in sight to build an optimized governance framework that maintains the minimum bar of oversight required.

    Anticipate the outcomes of the Future State Design for IT Governance tool

    Supporting Tool icon 3A Redesign the governance frameworks

    Use this tool to guide your organization toward transformative outcomes gleaned from an optimized governance framework.

    1. Implement Structural Guidelines
      Determine what governing bodies to add, change, or remove from your governance structure.
    2. Create a Governance Structure Map
      Configure the structural relationships for the redesigned governing bodies using the structure map.
    3. Build Effective Committees
      Use the IT Governance Terms of Reference to build profiles for each newly created committee and to alter any existing committees.
    4. Determine Follow-up Governance Support
      Access external material on governance from other Info-Tech blueprints that will help with specific governance areas.

    Download the Future State Design for IT Governance template to work toward these outcomes.

    Use the Future State Design for IT Governance tool to create a custom governance framework for your organization

    Supporting Tool icon 3A Redesign the governance frameworks

    How to use the Future State Design for IT Governance deliverable: Follow the steps below to redesign the future state of IT governance. Use the guidelines to respond to challenges identified in the current governance framework based on the current state assessment.

    Part A – Structure Map

    Part B – Committee Profiles

    1a. Input Structural Guidelines 1b. Input Authority Guidelines 1a. Input Process Guidelines 1b. Input Member Guidelines
    2. Guiding Questions
    Do governing bodies operate at a tier that matches the guidelines?

    Do governing bodies focus on the decisions that align with the guidelines?
    2. Guiding Questions
    Do the process inputs and outputs reflect the structure and authority guidelines?

    Do governing bodies engage the right people who have the roles, capacity, and knowledge to govern?
    3. Add / Change (Tier/Authority) / Remove
    Governing Bodies – Structure
    3. Adapt / Refine
    Governing Bodies – Profiles
    4. Use the Structure Map to Show Redesign Use the IT Governance Terms of Reference for Redesign

    Connect key learnings to initiate governance redesign

    The future state design will reflect the state of business that was identified in Phase 1 along with the guidelines defined in Phase 2 to build a governance framework that promotes business-IT fusion.

    Statement of Business Context –› Current State Assessment

    Identified Future Business State

    Structure
    Authority

    Leverage the structure and authority guidelines to build the governance structure.

    Defined Governance Guidelines

    Process
    Membership

    Leverage the process and membership guidelines to build the governance committees.

    Future State Design

    Use structure and authority guidelines to build a new governance structure map

    Supporting Tool icon 3A.1 Redesign the governance frameworks

    Part A – Structure Map

    Structure
    Authority
    1a. Structural Guidelines1b. Authority Guidelines
    Input the guidelines from the current state assessment to guide the redesign.

    2. Leverage Guiding Questions

    Use the guiding questions provided to assess the needed changes.
    Guiding Questions


    Do governing bodies operate at a tier that matches the guidelines?


    Do governing bodies focus on the decisions that align with the guidelines?
    Build the “where/why” of governance. Consider at what tier each committee will reside and what area of governance will be part of its domain. Modify the current structure; do not start from scratch.

    3. Add / Change (Tier/Authority) / Remove

    Determine changes to structure or authority that will be occurring for each of the current governing bodies. Work within the current structure as much as possible.A mini sample of an 'Add/Change/Remove' table for governing bodies.

    4. Use the Structure Map to Show Redesign

    Create your own governance structure map to represent the way the governing bodies interact and feed into each other. A mini sample of the 'Current State Structure Map' from before.

    Maintain as much of the existing framework as possible in the redesign

    Associated Activity icon 3.1 2-4 hours

    Future State Design

    • Structure
    • Authority

    Info-Tech Best Practice

    Keep the number of added or removed committees as low as possible, while still optimizing. The less change to the structure, the easier it will be to implement.

    Refer to the example to help guide your committee redesign.

      Determine:
    1. Do the guidelines impact committees you already have? Will you have to modify the tier or the authority of those committees?
    2. Do the guidelines require you to build a new committee to meet needs?
    3. Do the guidelines require you to remove a committee that isn’t necessary?

    All Governing Bodies

    Add

    Change

    Remove

    ITSC Structure

    Authority
    Delegate the authority of portfolio investment decisions over $200K to this body
    Portfolio Review Board This committee no longer needs to exist since its authority of portfolio investment decisions over $200K has been redelegated
    Risk and Compliance Committee Create a new governing body to address increasing risk and compliance issues that face the organization

    Outline the new governance structure in the governance structure map in the Future State Design for IT Governance tool

    Associated Activity icon 3.1 The 'Current State Structure Map' from before, but with some abbreviated terms. There are three tiers of groups. At the bottom is 'Run', described as 'The lowest level of governance will be an oversight of more specific initiatives and capabilities within IT.' 'Design and Build', described as 'The second tier of groups will oversee prioritization of a certain area of governance as well as second-tier decisions that feed into strategic decisions.' At the top is 'Strategy', described as 'These groups will focus on decisions that directly connect to the strategic direction of the organization.' The specific groups laid out in the map are 'Risk and Compliance Committee' which straddle the line between 'Run' and 'Design and Build', 'Portfolio Review Board' and 'ITSC' both of which straddle the line between 'Design and Build' and 'Strategy', 'EMC' which is in 'Strategy', and 'Other' in all tiers.

    Use process and membership guidelines along with the IT Governance Terms of Reference to build committees

    Supporting Tool icon 3A.2 Redesign the governance frameworks

    Part B – Committee Profiles

    Process
    Membership
    1a. Process Guidelines 1b. Authority Guidelines
    Input the guidelines from the current state assessment to guide the redesign.

    2. Leverage Guiding Questions

    Use the guiding questions provided to assess the needed changes.
    Guiding Questions
    Do the process inputs and outputs reflect the structure and authority guidelines?

    Do governing bodies engage the right people who have the roles, capacity, and knowledge to govern?
    Build the “what/how” of governance. Build out the process and procedures that each committee will use.

    3. Adapt / Refine Governing Body Profiles

    Using your customized guidelines, create a profile for each committee.

    We have provided templates for some common committees. To make these committee profiles reflective of your organization, use the information you have gathered in your Current State Assessment of IT Governance guidelines.

    For a more detailed approach to building out specific charters for each committee refer to the IT Governance Terms of Reference.

    A mini sample of the 'Committee Template - Executive Management Committee'.

    A mini sample of the 'IT Governance Terms of Reference'.

    Use the IT Governance Terms of Reference to establish operational procedures for governing bodies

    Associated Activity icon 3.2 3-6 hours

    Future State Design

    • Process
    • Membership

    Info-Tech Best Practice

    The people on the committee matter. Governance committee membership does not have to correspond with the organizational structure, but it should correspond with the purpose and decision areas of the governance structure.

    Refer to the example to help guide your committee redesign.

      Determine:
    1. Do the guidelines alter the members needed to achieve the outcomes?
    2. Do the guidelines change the purpose and decision areas of the committee?
    3. How do the new structure’s guidelines impact the inputs and outputs of the governing body?

    Screenshot of the 'Committee Template - Executive Management Committee'.

    Add depth to the committee profiles using the IT Governance Terms of Reference

    Supporting Tool icon 3A.3 Redesign the governance frameworks

    Refer to the sections outlined below to build a committee charter for your governance committees. Four examples are provided in the tool and can be edited for your convenience. They are: Executive Management Committee, IT Steering Committee, Portfolio Review Board, and Risk and Compliance Committee.

    1. Purpose
    2. Goals
    3. Responsibilities
    4. Committee Members
    5. RACI
    6. Procedures
    7. Agenda

    Be sure to embed the domains of governance in the charters so that committees focus on the appropriate elements of benefits realization, risk optimization, and resource optimization.

    Download the IT Governance Terms of Reference for more in-depth committee charters.

    Three pillars of planning effective governance meetings

    The effectiveness of the governance is reliant on the ability to work within operational dependencies that will exist in the governance framework. Consider these questions to guide the duration, frequency, and sequencing of your governing body meetings.

    Frequency

    • What is the quantity of decisions that must be made?
    • Is a rapid or urgent response typically required?

    Duration

    • How long should your meeting run based on your meeting frequency and the volume of work to be accomplished?

    Sequencing

    • Are there other decisions that rely on the outcomes of this meeting?
    • Are there any decisions that must be made first for others to occur?
    A venn diagram of the three pillars of planning effective governance meetings, 'Frequency', 'Duration', and 'Sequencing'.

    Leverage process-specific governance blueprints

    Associated Activity icon 3.3

    If there are specific areas of IT governance that you require further support on, refer to Info-Tech’s library of DIY blueprints, Guided Implementations, and workshops for further support. We cover IT governance in the following areas:

    Enterprise Architecture Governance

    Service Portfolio Governance

    Security Governance

    Titlecard of 'Create a Right-Sized Enterprise Architecture Governance Framework' blueprint. Titlecard of 'Lead Strategic Decision Making With Service Portfolio Management' blueprint. Titlecard of 'Build a Security Governance and Management Plan' blueprint.

    Consider the challenges and solutions when identifying a multi-state reality for your business state

    A multi-state business will face unique challenges in navigating the redesign process with the goal of combining all related business states in governance.

    1. Divergent Governance Models
      Separate the governance groups that need to function differently, and bring them back together at the highest level.
    2. Reflecting the Organizational Structure
      Unlike single-state governance, multi-state organizations should model the governance framework in reflection of the organizational structure.
    3. Combining Implications
      Prioritize which implications are the most important and make sure they work first, then see what else fits (e.g. start with regulation, then insert lean guidelines).

    The multi-state business will not fit into one “box” – consider implications from the overlapping business states.

    As business needs change, ensure that you establish triggers to reassess the design of your governance framework.

    Leverage the outcomes of the Current State Assessment and Statement of Business Context to build the future state

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Challenge

    Identifying the committees and processes that should be in place in the target state required a lot of different inputs.

    A number of high-profile senior management team members were still resistant to the overall idea of applying governance to their initiatives since they were clinician driven.

    The approach and target state, including the implementation plan, had to be approved and built out.

    Solution

    The information pulled together from the current state assessment, including best practices and jurisdictional scans, were tied together with the updated mandate and future state, and a list of recommended improvements were documented.

    The improvements were presented to the optimization committee and the governance committee members to ensure agreement on the approach and confirm the timeline for agreed improvements.

    Results

    A future state mapping of the new committee structure was created, as well as the revised membership requirements, responsibilities, and terms of reference.

    The approved recommendations were prioritized and turned into an implementation plan, with each improvement being assigned an owner who would be responsible for driving the effort to completion.

    Integration points in other processes, like SDLC, where change would be required were highlighted and included in the implementation plan.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    Sample of activity 3.1 'Maintain as much of the existing framework as possible in the redesign'. Redesign the Governance Structure

    Identify committees that need to be added, ones that must be changed, and the no-longer-needed governing bodies in an optimized and streamlined structure. Draw it out in the governance structure map.

    3.2

    Sample of activity 3.2 'Utilize the IT Governance Terms of Reference to establish operational procedures for governing bodies'. Redesign the Governing Bodies

    Use the IT Governance Terms of Reference and the Committee Template to build a committee profile for each governing body identified. Use these activities to build out and establish the processes of the modified governing groups.

    Improve IT Governance to Drive Business Results

    PHASE 4

    Implement Governance Redesign

    Phase 4 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Implement Governance Redesign

    Proposed Time to Completion: 2-3 weeks
    Step 4.1: Identify Steps for Implementation Step 4.2: Finalized Implementation Plan
    Start with an analyst kick-off call:
    • Identify major steps required to implement the governance redesign.
    • Outline the components and milestones of the implementation plan.
    • Review materials needed for the executive presentation.
    Review findings with analyst:
    • Review the major milestones identified in the implementation plan.
    • Discuss potential challenges and stakeholder objections.
    • Strategize for the executive presentation.
    Then complete these activities…
    • Then complete these activities…
    • Identify next steps for the redesign.
    • Establish a communication plan.
    Then complete these activities…
    • Review the implementation plan.
    • Assess any challenging milestones and build implementation strategies.
    • Finalize the executive presentation.
    With these tools & templates:
    • IT Governance Implementation Plan
    • Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template
    With these tools & templates:
    • IT Governance Implementation Plan
    • Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template

    Phase 4: Implement Governance Redesign

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 4.1 Identify Next Steps for the Redesign
    • 4.2 Establish a Communication Plan
    • 4.3 Lead the Executive Presentation

    Outcomes:

    • Rationalize steps in the Implementation Plan tool.
    • Construct an executive presentation to facilitate transparency for the governing framework.

    Anticipate and overcome implementation obstacles for the redesign

    Often high-level organizational changes create challenges. We will help you break down the barriers to optimal IT governance by addressing key obstacles.

    Key Obstacles

    Solutions

    Identifying Steps The prioritization must be driven by the common view of what is important for the organization to succeed. Prioritize the IT governance next steps according to the value they are anticipated to provide to the business.
    Communicating the Redesign The redesign of IT governance will bring impactful changes to diverse stakeholders across the organization. This phase will help you plan communication strategies for the different stakeholders.

    Info-Tech Insight

    Don’t overlook the politics and culture of your organization while redesigning your governance framework.

    Create an implementation roadmap to organize a plan for the redesign

    Supporting Tool icon 4A Create an implementation and communication plan

    INSTRUCTIONS

    1. Identify Tasks
      Decide on the order of tasks for your implementation plan. Consider the dependencies of actions and plan the sequence accordingly.
    2. Determine Communication Method
      Identify the most appropriate and impactful method of communicating at each milestone identified in step 1.

    Download the IT Governance Implementation Plan to organize your customized implementation and communication plan.

    Screenshot of a table in the 'IT Governance Implementation Plan'.

    Outline next steps for governance redesign

    Associated Activity icon 4.1

    INPUT: Tasks Identified in the Future State Design

    OUTPUT: Identified Tasks for Implementation as Well as the Audience

    Materials: N/A

    Participants: IT Governance Redesign Owner

    INSTRUCTIONS

    Keep these questions in mind as you analyze and assess what steps to take first in the redesign implementation.

    1. What needs to happen?
      Use the identified changes from the redesign as your guiding list of tasks that need to occur. If they are larger tasks, break them down into smaller parts to make the milestones more achievable.
    2. What are the dependencies?
      Throughout the implementation of the redesign, certain tasks will need to occur to enable other tasks to be performed. Make sure to clearly identify what dependencies exist in the implementation process and clearly identify the order of the tasks.
    3. Who do the changes impact?
      Consider the groups and individuals that will be impacted by changes to the governance framework. This includes key business stakeholders, IT leaders, members of governing boards, and anyone who provides an input or requires an output from one of the committees.

    Use a big-bang approach to implement the IT governance redesign

    While there are other methods to implementing change, the big-bang approach is the most effective for governance redesign and will maintain the momentum of the change as well as the support needed to make it successful.

    Phased

    Parallel

    Big Bang

    Implementation of redesign occurs in steps over a significant period of time.

    Three arrows, each beginning where the previous one ends, separated.

    Components of the redesign are brought into the governance framework, while maintaining some of the old components.

    Three arrows, each beginning slightly after the previous one begins, overlapping.

    Implementation of redesign occurs all at once. This requires significant preparation.

    One large arrow, spanning the length of the other grouped arrows, circled to emphasize.
    • Some committees will be operating under a new structure while others are not, which will undermine the changes being made.
    • This method proliferates a lack of transparency and trust.
    • Releasing IT governance in parallel leads to members sitting on too many boards and spending too much time on governance.
    • There will be a lack of clarity on a committee’s authority.
    • This approach will lead to consistency and transparency in the new process.
    • The change will be clear and fully embedded in the organization with stronger boundaries and well-defined expectations.

    Determine the most effective and impactful communication mediums for relevant stakeholders

    Associated Activity icon 4.2 1 hour

    INSTRUCTIONS

    1. Consider the Individual or Group
      Consider the group and individuals identified in step 4.1. Determine the most appropriate mechanism for communicating with that person or group. Keep in mind: If they are local, how much influence they have and if they are already engaged in the redesign process.
    2. Consider the Message
      The type of message that you are communicating will vary in impact and importance depending on the task. Make sure that the communication medium reflects your message. Keep in mind: If the you are communicating an important or more personal issue, the medium should be more personal as well.

    Screenshot of the same table in the 'IT Governance Implementation Plan'.

    Communicate the changes that result from the redesign

    Plan the message first, then deliver it to your stakeholders through the most appropriate medium to avoid message avoidance or confusion.

    Communication Medium

    Face-to-Face Communication

    Face-to-face communication helps to ensure that the audience is receiving and understanding a clear message, and allows them to voice their concerns and clarify any confusion or questions.

    • Use one-on-one meetings for key stakeholders and large organizational meetings to introduce large changes in the redesign.
    Emails

    Use email to communicate information to broad audiences. In addition, use email as the mass feedback mechanism.

    • Use email to follow up on meetings, or to invite people to next ones, but not as the sole medium of communication.
    Internal Website or Drive

    Use an internal website or drive as an information repository.

    • Store meeting minutes, policies, procedures, terms of reference, and feedback online to ensure transparency.

    Message Delivery

    1. Plan Your Message
      Emphasize what the audience really needs to know and how the change will impact them.
    2. Test Your Message
      If possible, test your communications with a small audience (2-3 people) first to get feedback and adjust messages before delivering them more broadly.
    3. Deliver and Repeat Your Message
      “Tell them what you’re going to tell them, then tell them, then tell them what you told them.”
    4. Gather Feedback and Evaluate Communications
      Evaluate the effectiveness of the communications (through surveys, stakeholder interviews, or metrics) to ensure the message was delivered and received successfully and communication goals were met.

    Construct an executive presentation to facilitate transparency for the governing framework

    Supporting Tool icon 4B Present the redesign to the key business stakeholders

    INSTRUCTIONS

    1. Identify Stakeholders
      Determine which business stakeholders have been the most involved in the redesign process.
    2. Customize Presentation
      Use the deliverables that you have built throughout this redesign to communicate the changes to the structure, authority, processes, and memberships in the governance framework.
    3. Present to Executives
      Present the executive presentation to the key business stakeholders who have been involved in the redesign process.

    Info-Tech best Practice

    Use the Executive Presentation customizable deliverable to lead a boardroom-quality presentation outlining the process and outcomes of the IT governance redesign.

    Present the executive presentation

    Associated Activity icon 4.3 1 hour

    INSTRUCTIONS

    1. Input SoBC Outcomes
      Input the outcomes of the SoBC. Specify the state of the business you have identified through the process of Phase 1.
    2. Input Current State Framework and Guidelines
      Input the outcomes of the current state assessment. Explain the process you used to identify the current governance framework and how you determined the strengths, weaknesses, and guidelines.
    3. Input Redesigned Governance Framework
      Input the governance redesign outcomes. Explain the process you used to modify and reconstruct the governance framework to drive optimal business results. Show the new structure and committee profiles.

    Use the Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template for more information.

    Implement the governance redesign to optimize governance and, in turn, business results

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Challenge

    Members of the project management group and in the larger SDLC process identified a lack of clarity on how to best govern active projects and initiatives that were moving through the governance process during the changes to the governance framework.

    These projects had already begun under the old frameworks and applying the redesigned governance framework would lead to work duplication and wasted time.

    Solution

    The organization decided that instead of applying the redesign to all initiatives across the organization, it would only be applied to new initiatives and ones that were still working within the first part of the “gating” process, where revised intake information could still be provided.

    Active initiatives that fell into the grandfathered category were identified and could proceed based on the old process. Yet, those that did not receive this status were provided carry-over lead time to revise their documentation during the changes.

    Results

    The implementation plan and timeframes were approved and an official change-over date identified.

    A communication plan was provided, including the grandfathered approach to be used with in-flight initiatives.

    A review cycle was also established for three months after launch to ensure the process was working as expected and would be repeated annually.

    The revised process improved the cycle time by 30% and improved the ability of the organization to govern high-speed requests and decisions.

    Summary of accomplishment

    Insights

    • IT governance requires business leadership.
      Instead of IT managing and governing IT, engage business leaders to take responsibility for governing IT.
    • With great governance comes great responsibility.
      Involve relevant business leaders, who will be impacted by IT outcomes, to share governing authority of IT.
    • Establish IT-business fusion.
      In governance, alignment is not enough. Merge IT and the business through governance to ensure business success.

    Knowledge Gained

    • There must be an active understanding of the current and future state of the business for governance to address the changing needs of the business.
    • Take a proactive approach to revising your governance framework. Understand why you are making decisions before actually making them.
    • Keep the current and future goals in sight to build an optimized governance framework that maintains the minimum bar of oversight required.

    Processes Optimized

    • EDM01 – Establishing a Governance Framework
    • Understanding the four elements of governance:
      • Structure
      • Authority
      • Process
      • Members
    • Embedding the benefits realization criteria, risk optimization, and resource optimization in governance.

    Deliverables Completed

    • Statement of Business Context
    • Current State Assessment of IT Governance
    • Future State Design for IT Governance
    • IT Governance Implementation Plan

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    Sample of activity 4.1 'Outline next steps for governance redesign'. Build and Deploy the Implementation Plan

    Construct a list of tasks and consider the individuals or groups that those tasks will impact when implementing the governance redesign. Ensure consistent and transparent communication for successful outcomes.

    4.3

    Sample of activity 4.3 'Present the Executive Presentation'. Build the Executive Presentation

    Insert the state of business, current state, and future state design outcomes into a presentation to inform the key business stakeholders on the process and outcomes of the governance redesign.

    Research contributors and experts

    Deborah Eyzaguirre, IT Business Relationship Manager, UNT System

    Herbert Kraft, MIS Manager, Prairie Knights Casino

    Roslyn Kaman, CFO, Miles Nadal JCC

    Nicole Haggerty, Associate Professor of Information Systems, Ivey Business School

    Chris Austin, CTO, Ivey Business School

    Adriana Callerio, IT Director Performance Management, Molina Healthcare Inc.

    Joe Evers, Consulting Principal, JcEvers Consulting Corp

    Huw Morgan, IT Research Executive

    Joy Thiele, Special Projects Manager, Dunns Creek Baptist Church

    Rick Daoust, CIO, Cambrian College

    Related Info-Tech Research

    Bibliography

    A.T. Kearney. “The 7 Habits of Highly Effective Governance.” A.T. Kearney, 2008. Web. Nov. 2016.

    Bertolini, Phil. “The Transformational Effect of IT Governance.” Government Finance Review, Dec. 2012. Web. Nov. 2016.

    CGI. “IT Governance and Managed Services – Creative a win-win relationship” CGI Group Inc., 2015. Web. Dec. 2016.

    De Haes, Steven, and Wim Van Grembergen. “An Exploratory Study into the Design of an IT Governance Minimum Baseline through Delphi Research.” Communications of the Association for Information Systems: Vol. 22 , Article 24. 2008. Web. Nov. 2016.

    Deloitte LLP. “The Role of Senior Leaders in IT Governance.” The Wall Street Journal, 22 Jun. 2015. Web. Oct. 2016.

    Dragoon, Alice. “Four Governance Best Practices.” CIO From IDG, 15 Aug. 2003. Web. Dec. 2016.

    du Preez, Gert. “Company Size Matters: Perspectives on IT Governance.” PricewaterhouseCoopers, Aug. 2011. Web. Nov. 2016.

    Hagen, Christian, et. al. “Building a Capability-Driven IT Organization.” A.T. Kearney, Jun. 2011. Web. Nov. 2016.

    Heller, Martha. “Five Best Practices for IT Governance.” CFO.com, 27 Aug. 2012. Web. Oct. 2016.

    Hoch, Detlev, and Payan, Miguel. “Establishing Good IT Governance in the Public Sector.” McKinsey Dusseldorf, Mar. 2008. Web. Oct. 2016.

    Horne, Andrew, and Brian Foster. “IT Governance Is Killing Innovation.” Harvard Business Review, 22 Aug. 2013. Web. Dec. 2016.

    ISACA. “COBIT 5: Enabling Processes.” ISACA, 2012. Web. Oct. 2016.

    IT Governance Institute. “An Executive View of IT Governance.” IT Governance Institute, in association with PricewaterhouseCoopers. 2009. Web. Nov. 2016.

    Bibliography continued

    IT Governance Institute. “IT Governance Roundtable: Defining IT Governance.” IT Governance Institute, 2009. Web. Nov. 2016.

    Macgregor, Stuart. “The linchpin between Corporate Governance and IT Governance.” The Open Group’s EA Forum Johannesburg and Cape Town, Nov. 2013. Web. Nov. 2016.

    Mallette, Debra. “Implementing IT Governance An Introduction.” ISACA San Francisco Chapter, 23 Sep. 2009. Web. Oct. 2016.

    Massachusetts Institute of Technology. “IT Governance Introduction.” MIT Centre for Information System Research, 2016. Web. Nov. 2016.

    Mueller, Lynn, et. al. “IBM IT Governance Approach – Business Performance through IT Execution.” IBM Redbooks, Feb. 2008. Web. Nov. 2016.

    National Computing Centre. “IT Governance: Developing a successful governance strategy.” The National Computing Centre, Nov. 2005. Web. Oct. 2016.

    Pittsburgh ISACA Chapter. “Practical Approach to COBIT 5.0.” Pittsburgh ISACA Chapter, 17 Sep. 2012. Web. Nov. 2016.

    PricewaterhouseCoopers. “Great by governance: Improve IT performance and Value While Managing Risks.” PricewaterhouseCoopers, Nov. 2014. Web. Dec. 2016.

    PricewaterhouseCoopers. “IT Governance in Practice: Insights from leading CIOs.” PricewaterhouseCoopers, 2006. Web. Nov. 2016.

    Routh, Richard L. “IT Governance Part 1 of 2.” Online video clip. YouTube. The Institute of CIO Excellence, 01 Aug. 2012. Web. Nov. 2016.

    Salleh, Noor Akma Mohd, et. al. “IT Governance in Airline Industry: A Multiple Case Study.” International Journal of Digital Society, Dec. 2010. Web. Nov. 2016.

    Bibliography continued

    Speckert, Thomas, et. al. “IT Governance in Organizations Facing Decentralization – Case Study in Higher Education.” Department of Computer and Systems Sciences. Stockholm University, 2014. Web. Nov. 2016.

    Thorp, John. The Information Paradox—Realizing the Business Benefits of Information Technology. Revised Edition, McGraw Hill, 2003 (written jointly with Fujitsu).

    Vandervost, Guido, et. al. “IT Governance for the CxO.” Deloitte, Nov. 2013. Web. Nov. 2016.

    Weill, Peter, and Jeanne W. Ross. “IT Governance: How Top Performers Manage IT Decision Rights for Superior Results.” Boston: Harvard Business School, 2004. Print. Oct. 2016.

    Wong, Daron, et. al. “IT Governance in Oil and Gas: CIO Roundtable, Priorities for Surviving and Thriving in Lean Times.” Online video clip. YouTube. IT Media Group, Jun. 2016. Web. Nov. 2016.

    Build IT Capabilities to Enable Digital Marketing Success

    • Buy Link or Shortcode: {j2store}553|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Misalignment: Even if IT builds the capabilities to pursue digital channels, the channels will underperform in realizing organizational goals if the channels and the goals are misaligned.
    • Ineffective analytics: Failure to integrate and analyze new data will undermine organizational success in influencer and sentiment identification.
    • Missed opportunity: If IT does not develop the capabilities to support these channels, then lead generation, brand promotion, and engagement opportunities will be lost.
    • Lack of control: Marketing is developing and depending on internal power users and agencies. This practice can isolate IT from digital marketing technology decision making.

    Our Advice

    Critical Insight

    • Identify and understand the digital marketing channels that can benefit your organization.
    • Get stakeholder buy-in to facilitate collaboration between IT and product marketing groups to identify necessary IT capabilities.
    • Build IT capability by purchasing software, outsourcing, and training or hiring individuals with necessary skillsets.
    • Become transformational: use IT capabilities to support analytics that identify new customer segments, key influencers, and other invaluable insights.
    • Time is of the essence! It is easier to begin strengthening the relationship between marketing and IT today then it will be at any point in the future.
    • Being transformational means more than just enabling the channels marketing wants to pursue; IT must assist in identifying new segments and digital marketing opportunities, such as enabling influencer management.

    Impact and Result

    • IT is involved in decision making and has a complete understanding of the digital channels the organization is going to migrate to or phase out if unused.
    • IT has the necessary capabilities to support and enable success in all relevant digital channel management technologies.
    • IT is a key player in ensuring that all relevant data from new digital channels is managed and analyzed in order to maintain a 360 degree view of customers and feed real-time campaigns.
    • This enables the organization to not only target existing segments effectively, but also to identify and pursue new opportunities not presented before.
    • These opportunities include: identifying new segments among social networks, identifying key influencers as a new target, identifying proactive service and marketing opportunities from the public social cloud, and conducting new competitive analyses on the public social cloud.

    Build IT Capabilities to Enable Digital Marketing Success Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case for building IT capabilities

    Identify the symptoms of inadequate IT support of digital marketing to diagnose the problems in your organization.

    • Storyboard: Build IT Capabilities to Enable Digital Marketing Success

    2. Identify digital marketing opportunities to understand the need for action in your organization

    Identify the untapped digital marketing value in your organization to understand where your organization needs to improve.

    • Digital Marketing Capability Builder Tool

    3. Mobilize for action: get stakeholder buy-in

    Develop a plan for communicating with stakeholders to ensure buy-in to the digital marketing capability building project.

    • Digital Marketing Communication Deck

    4. Identify the product/segment-specific digital marketing landscape to identify required IT capabilities

    Assess how well each digital channel reaches target segments. Identify the capabilities that must be built to enable digital channels.

    5. Create a roadmap for building capabilities to enable digital marketing

    Assess the people, processes, and technologies required to build required capabilities and determine the best fit with your organization.

    [infographic]

    Workshop: Build IT Capabilities to Enable Digital Marketing Success

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Digital Marketing Opportunities

    The Purpose

    Determine the fit of each digital channel with your organizational goals.

    Determine the fit of digital channels with your organizational structure and business model.

    Compare the fit of digital channels with your organization’s current levels of use to:Identify missed opportunities your organization should capitalize on.Identify digital channels that your organization is wasting resources on.

    Identify missed opportunities your organization should capitalize on.

    Identify digital channels that your organization is wasting resources on.

    Key Benefits Achieved

    IT department achieves consensus around which opportunities need to be pursued.

    Understanding that continuing to pursue excellent-fit digital channels that your organization is currently active on is a priority.

    Identification of the channels that stopping activity on could free up resources for.

    Activities

    1.1 Define and prioritize organizational goals.

    1.2 Assess digital channel fit with goals and organizational characteristics.

    1.3 Identify missed opportunities and wasted resources in your digital channel mix.

    1.4 Brainstorm creative ways to pursue untapped digital channels.

    Outputs

    Prioritized list of organizational goals.

    Assigned level of fit to digital channels.

    List of digital channels that represent missed opportunities or wasted resources.

    List of brainstormed ideas for pursuing digital channels.

    2 Identify Your Product-Specific Digital Marketing Landscape

    The Purpose

    Identify the digital channels that will be used for specific products and segments.

    Identify the IT capabilities that must be built to enable digital channels.

    Prioritize the list of IT capabilities.

    Key Benefits Achieved

    IT and marketing achieve consensus around which digital channels will be pursued for specific product-segment pairings.

    Identification of the capabilities that IT must build.

    Activities

    2.1 Assess digital channel fit with specific products.

    2.2 Identify the digital usage patterns of target segments.

    2.3 Decide precisely which digital channels you will use to sell specific products to specific segments.

    2.4 Identify and prioritize the IT capabilities that need to be built to succeed on each digital channel.

    Outputs

    Documented channel fit with products.

    Documented channel usage by target segments.

    Listed digital channels that will be used for each product-segment pairing.

    Listed and prioritized capabilities that must be built to enable success on necessary digital channels.

    3 Enable Digital Marketing Capabilities and Leverage Analytics

    The Purpose

    Identification of the best possible way to build IT capabilities for all channels.

    Creation of a plan for leveraging transformational analytics to supercharge your digital marketing strategy.

    Key Benefits Achieved

    IT understanding of the costs and benefits of capability building options (people, process, and technology).

    Information about how specific technology vendors could fit with your organization.

    IT identification of opportunities to leverage transformational analytics in your organization.

    Activities

    3.1 Identify the gaps in your IT capabilities.

    3.2 Evaluate options for building capabilities.

    3.3 Identify opportunities for transformational analytics.

    Outputs

    A list of IT capability gaps.

    An action plan for capability building.

    A plan for leveraging transformational analytics.

    Grow Your Own PPM Solution

    • Buy Link or Shortcode: {j2store}436|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $47,944 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As portfolio manager, you’re responsible for supporting the intake of new project requests, providing visibility into the portfolio of in-flight projects, and helping to facilitate the right approval and prioritization decisions.
    • You need a project portfolio management (PPM) tool that promotes the maintenance and flow of good data to help you succeed in these tasks. However, while throwing expensive technology at bad process rarely works, many organizations take this approach to solve their PPM problems.
    • Commercial PPM solutions are powerful and compelling, but they are also expensive, complex, and hard to use. When a solution is not properly adopted, the data can be unreliable and inconsistent, defeating the point of purchasing a tool in the first place.

    Our Advice

    Critical Insight

    • Your choice of PPM solution must be in tune with your organizational PPM maturity to ensure that you are prepared to sustain the tool use without having the corresponding PPM processes collapse under its own weight.
    • A spreadsheet-based homegrown PPM solution can provide key capabilities of an optimized PPM solution with a high level of sophistication and complexity without the prohibitive capital and labor costs demanded by commercial PPM solution.
    • Focus on your PPM decision makers that will consume the reports and insights by investigating their specific reporting needs.

    Impact and Result

    • Think outside the commercial box. Develop an affordable, adoptable, and effective PPM solution using widely available tools based on Info-Tech’s ready-to-deploy templates.
    • Make your solution sustainable. When it comes to portfolio management, high level is better. A tool that is accurate and maintainable will provide more value than one that strives for precise data yet is ultimately unmaintainable.
    • Report success. A PPM tool needs to foster portfolio visibility in order to engage and inform the executive layer and support effective decision making.

    Grow Your Own PPM Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should grow your own PPM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-size your PPM solution

    Scope an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.

    • Grow Your Own PPM Solution – Phase 1: Right-Size Your PPM Solution
    • Portfolio Manager 2017 Cost-in-Use Estimation Tool
    • None

    2. Get to know Portfolio Manager 2017

    Learn how to use Info-Tech's Portfolio Manager 2017 workbook and create powerful reports.

    • Grow Your Own PPM Solution – Phase 2: Meet Portfolio Manager 2017
    • Portfolio Manager 2017
    • Portfolio Manager 2017 (with Actuals)
    • None
    • None
    • None

    3. Implement your homegrown PPM solution

    Plan and implement an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.

    • Grow Your Own PPM Solution – Phase 3: Implement Your PPM Solution
    • Portfolio Manager 2017 Operating Manual
    • Stakeholder Engagement Workbook
    • Portfolio Manager Debut Presentation for Portfolio Owners
    • Portfolio Manager Debut Presentation for Data Suppliers

    4. Outgrow your own PPM solution

    Develop an exit strategy from your home-grown solution to a commercial PPM toolset. In this video, we show a rapid transition from the Excel dataset shown on this page to a commercial solution from Meisterplan. Christoph Hirnle of Meisterplan is interviewed starting at 9 minutes.

    • None
    [infographic]

    Workshop: Grow Your Own PPM Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope a Homegrown PPM Solution for Your Organization

    The Purpose

    Assess the current state of project portfolio management capability at your organization. The activities in this module will inform the next modules by exploring your organization’s current strengths and weaknesses and identifying areas that require improvement.

    Set up the workbook to generate a fully functional project portfolio workbook that will give you a high-level view into your portfolio.

    Key Benefits Achieved

    A high-level review of your current project portfolio capability is used to decide whether a homegrown PPM solution is an appropriate choice

    Cost-benefit analysis is done to build a business case for supporting this choice

    Activities

    1.1 Review existing PPM strategy and processes.

    1.2 Perform a cost-benefit analysis.

    Outputs

    Confirmation of homegrown PPM solution as the right choice

    Expected benefits for the PPM solution

    2 Get to Know Portfolio Manager 2017

    The Purpose

    Define a list of requirements for your PPM solution that meets the needs of all stakeholders.

    Key Benefits Achieved

    A fully customized PPM solution in your chosen platform

    Activities

    2.1 Introduction to Info-Tech's Portfolio Manager 2017: inputs, outputs, and the data model.

    2.2 Gather requirements for enhancements and customizations.

    Outputs

    Trained project/resource managers on the homegrown solution

    A wish list of enhancements and customizations

    3 Implement Your Homegrown PPM Solution

    The Purpose

    Determine an action plan regarding next steps for implementation.

    Implement your homegrown PPM solution. The activities outlined in this step will help to promote adoption of the tool throughout your organization.

    Key Benefits Achieved

    A set of processes to integrate the new homegrown PPM solution into existing PPM activities

    Plans for piloting the new processes, process improvement, and stakeholder communication

    Activities

    3.1 Plan to integrate your new solution into your PPM processes.

    3.2 Plan to pilot the new processes.

    3.3 Manage stakeholder communications.

    Outputs

    Portfolio Manager 2017 operating manual, which documents how Portfolio Manager 2017 is used to augment the PPM processes

    Plan for a pilot run and post-pilot evaluation for a wider rollout

    Communication plan for impacted PPM stakeholders

    Build an Application Integration Strategy

    • Buy Link or Shortcode: {j2store}198|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Even though organizations are now planning for Application Integration (AI) in their projects, very few have developed a holistic approach to their integration problems resulting in each project deploying different tactical solutions.
    • Point-to-point and ad hoc integration solutions won’t cut it anymore: the cloud, big data, mobile, social, and new regulations require more sophisticated integration tooling.
    • Loosely defined AI strategies result in point solutions, overlaps in technology capabilities, and increased maintenance costs; the correlation between business drivers and technical solutions is lost.

    Our Advice

    Critical Insight

    • Involving the business in strategy development will keep them engaged and align business drivers with technical initiatives.
    • An architectural approach to AI strategy is critical to making appropriate technology decisions and promoting consistency across AI solutions through the use of common patterns.
    • Get control of your AI environment with an appropriate architecture, including policies and procedures, before end users start adding bring-your-own-integration (BYOI) capabilities to the office.

    Impact and Result

    • Engage in a formal AI strategy and involve the business when aligning business goals with AI value; each double the AI success rate.
    • Benefits from a formal AI strategy largely depend on how gaps will be filled.
    • Create an Integration Center of Competency for maintaining architectural standards and guidelines.
    • AI strategies are continuously updated as new business drivers emerge from changing business environments and/or essential technologies.

    Build an Application Integration Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for AI Strategy

    Obtain organizational buy-in and build a standardized and formal AI blueprint.

    • Storyboard: Build an Application Integration Strategy

    2. Assess the organization's readiness for AI

    Assess your people, process, and technology for AI readiness and realize areas for improvement.

    • Application Integration Readiness Assessment Tool

    3. Develop a Vision

    Fill the required AI-related roles to meet business requirements

    • Application Integration Architect
    • Application Integration Specialist

    4. Perform a Gap Analysis

    Assess the appropriateness of AI in your organization and identify gaps in people, processes, and technology as it relates to AI.

    • Application Integration Appropriateness Assessment Tool

    5. Build an AI Roadmap

    Compile the important information and artifacts to include in the AI blueprint.

    • Application Integration Strategy Template

    6. Build the Integration Blueprint

    Keep a record of services and interfaces to reduce waste.

    • Integration Service Catalog Template

    Infographic

    Workshop: Build an Application Integration Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for AI Strategy

    The Purpose

    Uncover current and future AI business drivers, and assess current capabilities.

    Key Benefits Achieved

    Perform a current state assessment and create a future vision.

    Activities

    1.1 Identify Current and Future Business Drivers

    1.2 AI Readiness Assessment

    1.3 Integration Service Catalog Template

    Outputs

    High-level groupings of AI strategy business drivers.

    Determine the organization’s readiness for AI, and identify areas for improvement.

    Create a record of services and interfaces to reduce waste.

    2 Know Current Environment

    The Purpose

    Identify building blocks, common patterns, and decompose them.

    Key Benefits Achieved

    Develop an AI Architecture.

    Activities

    2.1 Integration Principles

    2.2 High-level Patterns

    2.3 Pattern decomposition and recomposition

    Outputs

    Set general AI architecture principles.

    Categorize future and existing interactions by pattern to establish your integration framework.

    Identification of common functional components across patterns.

    3 Perform a Gap Analysis

    The Purpose

    Analyze the gaps between the current and future environment in people, process, and technology.

    Key Benefits Achieved

    Uncover gaps between current and future capabilities and determine if your ideal environment is feasible.

    Activities

    3.1 Gap Analysis

    Outputs

    Identify gaps between the current environment and future AI vision.

    4 Build a Roadmap for Application Integration

    The Purpose

    Define strategic initiatives, know your resource constraints, and use a timeline for planning AI.

    Key Benefits Achieved

    Create a plan of strategic initiatives required to close gaps.

    Activities

    4.1 Identify and prioritize strategic initiatives

    4.2 Distribute initiatives on a timeline

    Outputs

    Use strategic initiatives to build the AI strategy roadmap.

    Establish when initiatives are going to take place.

    Select and Implement an IT PPM Solution

    • Buy Link or Shortcode: {j2store}440|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • The number of IT project resources and the quantity of IT projects and tasks can no longer be recorded, prioritized, and tracked using non-commercial project portfolio management (PPM) solutions.
    • Your organization has attained a moderate level of PPM maturity.
    • You have sufficient financial and technical resources to purchase a commercial PPM solution.
    • There is a wide variety of commercial PPM solutions; different kinds of PPM solutions are more appropriate for organizations of a certain size and a certain PPM maturity level than others.

    Our Advice

    Critical Insight

    • Implementations of PPM solutions are often unsuccessful resulting in wasted time and resources; failing to achieve sustainable adoption of the tool is a widespread pain point.
    • The costs of PPM solutions do not end after the implementation and subscription invoices are paid. Have realistic expectations about the time required to use and maintain PPM solutions to ensure success.
    • PPM solutions help PMOs serve the organization’s core decision makers. Success depends on improved service to these stakeholders.

    Impact and Result

    • Using Info-Tech’s Vendor Landscape and PPM solution use cases, you will be able to make sense of the diversity of PPM solutions available in today’s market and choose the most appropriate solution for your organization’s size and level of PPM maturity.
    • Info-Tech’s blueprint for a PPM solution selection and implementation project will provide you with a variety of tools and templates.
    • A carefully planned out and executed selection and implementation process will help ensure your organization can maximize the value of your project portfolio and will allow the PMO to improve portfolio stakeholder satisfaction.

    Select and Implement an IT PPM Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a commercial PPM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the PPM solution project and collect requirements

    Create a PPM solution selection and implementation project charter and gather your organizations business and technical requirements.

    • Select and Implement a PPM Solution – Phase 1: Launch the PPM Solution Project and Collect Requirements
    • PPM Solution Project Charter Template
    • PPM Implementation Work Breakdown Structure
    • PPM Solution Requirements Gathering Tool
    • PPM Solution Cost-of-Use Estimation Tool
    • PPM Solution RFP Template
    • PPM Solution Success Metrics Workbook
    • PPM Solution Use-Case Fit Assessment Tool

    2. Select a PPM solution

    Select the most appropriate PPM solution for your organization by using Info-Tech’s PPM solution Vendor Landscape and use cases to help you create a vendor shortlist, produce an RFP, and establish evaluation criteria for ranking your shortlisted solutions.

    • Select and Implement a PPM Solution – Phase 2: Select a PPM Solution
    • PPM Vendor Shortlist & Detailed Feature Analysis Tool
    • PPM Solution Vendor Response Template
    • PPM Solution Evaluation & RFP Scoring Tool
    • PPM Solution Vendor Demo Script

    3. Plan the PPM solution implementation

    Plan a PPM solution implementation that will result in long-term sustainable adoption of the tool and that will allow the PMO to meet the needs of core project portfolio stakeholders.

    • Select and Implement a PPM Solution – Phase 3: Plan the PPM Solution Implementation
    [infographic]

    Workshop: Select and Implement an IT PPM Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the PPM Solution Project and Gather Requirements

    The Purpose

    Create a PPM solution selection and implementation project charter.

    Gather the business and technical requirements for the PPM solution.

    Establish clear and measurable success criteria for your PPM solution project.

    Key Benefits Achieved

    Comprehensive project plan

    Comprehensive and organized record of the various PPM solution requirements

    A record of PPM solution project goals and criteria that can be used in the future to establish the success of the project

    Activities

    1.1 Brainstorm, refine, and prioritize your PPM solution needs

    1.2 Stakeholder identification exercise

    1.3 Project charter work session

    1.4 Requirements gathering work session

    1.5 PPM solution success metrics workbook session

    Outputs

    High-level outline of PPM solution requirements

    Stakeholder consultation plan

    A draft project charter and action plan to fill in project charter gaps

    A draft requirements workbook and action plan to fill in requirement gathering gaps

    A PPM project success metrics workbook that can be used during and after the project

    2 Select a PPM Solution

    The Purpose

    Identify the PPM solutions that are most appropriate for your organization’s size and level of PPM maturity.

    Create a PPM solution and vendor shortlist.

    Create a request for proposal (RFP).

    Create a PPM solution scoring and evaluation tool.

    Key Benefits Achieved

    Knowledge of the PPM solution market and the various features available

    An informed shortlist of PPM vendors

    An organized and focused method for evaluating the often long and complex responses to the RFP that vendors provide

    The groundwork for an informed and defensible selection of a PPM solution for your organization

    Activities

    2.1 Assess the size of your organization and the level of PPM maturity to select the most appropriate use case

    2.2 PPM solution requirements and criteria ranking activity

    2.3 An RFP working session

    2.4 Build an RFP evaluation tool

    Outputs

    Identification of the most appropriate use case in Info-Tech’s Vendor Landscape

    A refined and organized list of the core features that will be included in the RFP

    A draft RFP with an action plan to fill in any RFP gaps

    An Excel tool that can be used to compare and evaluate vendors’ responses to the RFP

    3 Prepare for the PPM Solution Implementation

    The Purpose

    To think ahead to the eventual implementation of the solution that will occur once the selection phase is completed

    Key Benefits Achieved

    An understanding of key insights and steps that will help avoid mistakes resulting in poor adoption or PPM solutions that end up producing little tangible value

    Activities

    3.1 Outline high-level implementation stages

    3.2 Organizational change management strategy session

    3.3 A PPM project success metrics planning session

    Outputs

    High-level implementation tasks and milestones

    A RACI chart for core implementation tasks

    A high-level PPM solution implementation organizational change management strategy

    A RACI chart for core organizational change management tasks related to the PPM solution implementation

    A PPM project success metrics schedule and plan

    Choose Your Mobile Platform and Tools

    • Buy Link or Shortcode: {j2store}281|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness their value of these trends.

    Our Advice

    Critical Insight

    • Mobile applications can stress the stability, reliability, and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what built-in features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain built-in feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Impact and Result

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Choose Your Mobile Platform and Tools Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Choose Your Mobile Platform and Tools Storyboard

    This blueprint helps you develop an approach to understand the mobile experience your stakeholders want your users to have and select the appropriate platform and delivery tools to meet these expectations.

    • Choose Your Mobile Platform and Tools Storyboard

    2. Mobile Application Delivery Communication Template – Clearly communicate the goal and approach of your mobile application implementation in a language your audience understands.

    This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

    • Mobile Application Delivery Communication Template

    Infographic

    Workshop: Choose Your Mobile Platform and Tools

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Choose Your Platform and Delivery Solution

    The Purpose

    Choose the right mobile platform.

    Shortlist your mobile delivery solution and desired features and services.

    Key Benefits Achieved

    A chosen mobile platform that meets user and enterprise needs.

    Candidate mobile delivery solutions that meet your delivery needs and capacity of your teams.

    Activities

    1.1 Select your platform approach.

    1.2 Shortlist your mobile delivery solution.

    1.3 Build your feature and service lists.

    Outputs

    Desired mobile platform approach.

    Shortlisted mobile delivery solutions.

    Desired list of vendor features and services.

    2 Create Your Roadmap

    The Purpose

    Design the mobile application minimal viable product (MVP).

    Create your mobile roadmap.

    Key Benefits Achieved

    An achievable and valuable mobile application that is scalable for future growth.

    Clear intent of business outcome delivery and completing mobile delivery activities.

    Activities

    2.1 Define your MVP release.

    2.2 Build your roadmap.

    Outputs

    MVP design.

    Mobile delivery roadmap.

    3 Set the Mobile Context

    The Purpose

    Understand your user’s environment needs, behaviors, and challenges.

    Define stakeholder expectations and ensure alignment with the holistic business strategy.

    Identify your mobile application opportunities.

    Key Benefits Achieved

    Thorough understanding of your mobile user and opportunities where mobile applications can help.

    Level set stakeholder expectations and establish targeted objectives.

    Prioritized list of mobile opportunities.

    Activities

    3.1 Generate user personas with empathy maps.

    3.2 Build your mobile application canvas.

    3.3 Build your mobile backlog.

    Outputs

    User personas.

    Mobile objectives and metrics.

    Mobile opportunity backlog.

    4 Identify Your Technical Needs

    The Purpose

    Define the mobile experience you want to deliver and the features to enable it.

    Understand the state of your current system to support mobile.

    Identify your definition of mobile application quality.

    List the concerns with mobile delivery.

    Key Benefits Achieved

    Clear understanding of the desired mobile experience.

    Potential issues and risks with enabling mobile on top of existing systems.

    Grounded understanding of mobile application quality.

    Holistic readiness assessment to proceed with mobile delivery.

    Activities

    4.1 Discuss your mobile needs.

    4.2 Conduct a technical assessment.

    4.3 Define mobile application quality.

    4.4 Verify your decision to deliver mobile applications.

    Outputs

    List of mobile features to enable the desired mobile experience.

    System current assessment.

    Mobile application quality definition.

    Verification to proceed with mobile delivery.

    Further reading

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    EXECUTIVE BRIEF

    Analyst Perspective

    Mobile is the way of working.

    Workers require access to enterprise products, data, and services anywhere at anytime on any device. Give them the device-specific features, offline access, desktop-like interfaces, and automation capabilities they need to be productive.

    To be successful, you need to instill a collaborative business-IT partnership. Only through this partnership will you be able to select the right mobile platform and tools to balance desired outcomes with enterprise security, performance, integration, quality, and other delivery capacity concerns.

    This is a picture of Andrew Kum-Seun Senior Research Analyst, Application Delivery and Application Management Info-Tech Research Group

    Andrew Kum-Seun
    Senior Research Analyst,
    Application Delivery and Application Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness the value of these trends.

    Common Obstacles

    • Mobile applications can stress the stability, reliability and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what native features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain native feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Info-Tech's Approach

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Insight Summary

    Overarching Info-Tech Insight

    Treat your mobile applications as digital products. Digital products are continuously modernized to ensure they are fit-for-purpose, secured, accessible, and immersive. A successful mobile experience involves more than just the software and supporting system. It involves good training and onboarding, efficient delivery turnaround, and a clear and rational vision and strategy.

    Phase 1: Set the Mobile Context

    • Build applications your users need and desire – Design the right mobile application that enables your users to address their frustrations and productivity challenges.
    • Maximize return on your technology investments – Build your mobile applications with existing web APIs, infrastructure, and services as much as possible.
    • Prioritize mobile security, performance and integration requirements – Understand the unique security, performance, and integration influences has on your desired mobile user experience. Find the right balance of functional and non-functional requirements through business and IT collaboration.

    Phase 2: Define Your Mobile Approach

    • Start with a mobile web platform - Minimize disruptions to your existing delivery process and technical stack by building against common web standards. Select a hybrid platform or cross-platform if you need device hardware access or have complicated non-functional requirements.
    • Focus your mobile solution decision on vendor support and functional complexity – Verify that your solution is not only compatible with the architecture, data, and policies of existing business systems, but satisfies IT's concerns with access to restricted technology and data, and with IT's ability to manage and operate your applications.
    • Anticipate changes, defects & failures in your roadmap - Quickly shift your mobile roadmaps according to user feedback, delivery challenges, value, and stability.

    Mobile is how the business works today

    Mobile adoption continues to grow in part due to the need to be a mobile workforce, and the shift in customer behaviors. This reality pushed the industry to transform business processes and technologies to better support the mobile way of working.

    Mobile Builds Interests
    61%
    Mobile devices drove 61% of visits to U.S. websites
    Source: Perficient, 2021

    Mobile Maintains Engagement
    54%
    Mobile devices generated 54.4% of global website traffic in Q4 2021.
    Source: Statista, 2022

    Mobile Drives Productivity
    82%
    According to 82% of IT executives, smartphones are highly important to employee productivity
    Source: Samsung and Oxford Economics, 2022

    Mobile applications enable and drive your digital business strategy

    Organizations know the criticality of mobile applications in meeting key business and digital transformation goals, and they are making significant investments. Over half (58%) of organizations say their main strategy for driving application adoption is enabling mobile access to critical enterprise systems (Enterprise CIO, 2016). The strategic positioning and planning of mobile applications are key for success.

    Mobile Can Motivate, Support and Drive Progress in Key Activities Underpinning Digital Transformation Goals

    Goal: Enhance Customer Experience

    • A shift from paper to digital communications
    • Seamless, omni-channel client experiences across devices
    • Create Digital interactive documents with sections that customers can customize to better understand their communications

    Goal: Increase Workflow Throughput & Efficiency

    • Digitized processes and use of data to improve process efficiency
    • Modern IT platforms
    • Automation through robotic process automation (RPA) where possible
    • Use of AI and machine learning for intelligent automation

    Source: Broadridge, 2022

    To learn more, visit Info-Tech's Define Your Digital Business Strategy blueprint.

    Well developed mobile applications bring unique opportunities to drive more value

    Role

    Opportunities With Mobile Applications

    Expected Value

    Stationary Worker

    Design flowcharts and diagrams, while abandoning paper and desktop applications in favor of easy-to-use, drawing tablet applications.

    Multitask by checking the application to verify information given by a vendor during their presentation or pitch.

    • Reduce materials cost to complete administrative responsibilities.
    • Digitally and automatically store and archive frequently used documents.

    Roaming Worker
    (Engineer)

    Replace physical copies of service and repair manuals with digital copies, and access them with mobile applications.

    Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.

    • Readily access and update corporate data anywhere at anytime.
    • Expand employee responsibilities with minimal skills impact.

    Roaming Worker
    (Nurse)

    Log patient information according to HIPAA standards and complete diagnostics live to propose medication for a patient.

    Receive messages from senior staff about patients and scheduling while on-call.

    • Quickly and accurately complete tasks and update patient data at site.
    • Be readily accessible to address urgent issues.

    Info-Tech Insight

    If you build it, they may not come. Design and build the applications your user wants and needs, and ensure users are properly onboarded and trained. Learn how your applications are leveraged, capture feedback from the user and system dashboards, and plan for enhancements, fixes, and modernizations.

    Workers expect IT to deliver against their high mobile expectations

    Workers want sophisticated mobile applications like what they see their peers and competitors use.

    Why is IT considering building their own applications?

    • Complex and Unique Workflows: Canned templates and shells are viewed as incompatible to the workflows required to complete worker responsibilities outside the office, with the same level of access to corporate data as on premise.
    • Supporting Bring Your Own Device (BYOD): Developing your own mobile applications around your security protocols and standards can help mitigate the risks with personal devices that are already in your workforce.
    • Long-Term Architecture Misalignment: Outsourcing mobile development risks the mobile application misaligned with your quality standards or incompatible with other enterprise and third-party systems.

    Continuously meeting aggressive user expectations will not be easy

    Value Quickly Wears Off
    39.9% of users uninstall an application because it is not in use.
    40%
    Source: n=2,000, CleverTap, 2021

    Low Tolerance to Waiting
    Keeping a user waiting for 3 seconds is enough to dissatisfy 43% of users.
    43%
    Source: AppSamurai, 2018

    Quick Fixes Are Paramount
    44% of defects are found by users
    44%
    Source: Perfecto Mobile, 2014

    Mobile emphasizes the importance of good security, performance, and integration

    Today's mobile workers are looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile devices, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Accept change as the norm

    IT is challenged with keeping up with disruptive technologies, such as mobile, which are arriving and changing faster and faster.

    What is the issue? Mobile priorities, concepts, and technologies do not remain static. For example, current Google's Pixels benefit from at least three versions of Android updates and at least three years of monthly security patches after their release (NextPit, 2022). Keeping up to date with anything mobile is difficult if you do not have the right delivery and product management practices in place.

    What is the impact on IT? Those who fail to prepare for changing requirements and technologies will quickly run into maintainability, extensibility, and flexibility issues. Mobile applications will quickly become stale and misaligned with the maturity of other enterprise infrastructure and applications.

    Continuously look at the trends, vendor roadmaps, and your user's feedback to envision where your mobile applications should be. Learning from your past attempts gives you insights on the opportunities and impacts changes will have on your people, process, and technology.

    How do I address this issue? A well-defined mobile vision and roadmap ensures your initiatives are aligned with your holistic business and technology strategies, the right problem is being solved, and resources are available to deliver high priority changes.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Address the difficulties in managing enterprise mobile technologies

    Adaptability During Development

    Teams must be ready to alter their mobile approach when new insights and issues arise during and after the delivery of your mobile application and its updates.

    High Cybersecurity Standards

    Cybersecurity should be a top priority given the high security exposure of mobiles and the sensitive data mobile applications need to operate. Role-based access, back-up systems, advanced scanning, and protection software and encryption should all be implemented.

    Integration with Other Systems

    Your application will likely be integrated with other systems to expand service offerings and optimize performance and user experience. Your enterprise integration strategy ensures all systems connect against a common pattern with compatible technologies.

    Finding the Right Mobile Developers

    Enterprise mobile delivery requires a broad skillset to build valuable applications against extensive non-functional requirements in complex and integration environments. The right resources are even harder to find when native applications are preferred over web-based ones.

    Source: Radoslaw Szeja, Netguru, 2022.

    Build and manage the right experience by treating mobile as digital products

    Digital products are continuously modernized to ensure they are fit-for-purpose, secured, insightful, accessible, and interoperable. A good experience involves more than just technology.

    First, deliver the experience end users want and expect by designing the application against digital application principles.

    Business Value

    Continuous modernization

    • Fit for purpose
    • User-centric
    • Adaptable
    • Accessible
    • Private and secured
    • Informative and insightful
    • Seamless application connection
    • Relationship and network building

    To learn more, visit Info-Tech's Modernize Your Applications blueprint.

    Then, deliver a long-lasting experience by supporting your applications with key governance and management capabilities.

    • Product Strategy and Roadmap
    • External Relationships
    • User Adoption and Organizational Change Management
    • Funding
    • Knowledge Management
    • Stakeholder Management
    • Product Governance
    • Maintenance & Enhancement
    • User Support
    • Managing and Governing Data
    • Requirements Analysis and Design
    • Research & Development

    To learn more, visit Info-Tech's Make the Case for Product Delivery blueprint.

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    WORKFLOW

    1. Capture Your User Personas and Journey workflow: Trigger: Step 1; Step 2; Step 3; Step 4; Outcome
    2. Select Your Platform Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.
    3. Shortlist Your Solutions A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Strategic Perspective
    Business and Product Strategies

    1. End-User Perspective

    End User Needs

    • Productivity
    • Innovation
    • Transformation

    Native User Experience

    • Anytime, Anywhere
    • Visually Pleasing & Fulfilling
    • Personalized & Insightful
    • Hands-Off & Automated
    • Integrated Ecosystem

    2. Platform Perspective

    Technical Requirements

    Security

    Performance

    Integration

    Mobile Platform

    3. Solution Perspective

    Vendor Support

    Services

    Stack Mgmt.

    Quality & Risk

    Mobile Delivery Solutions

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be meaningful, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    Define the mobile experience your end users want

    • Anytime, Anywhere
      • The user can access, update and analyze data and corporate products and services whenever they want, in all networks, and on any device.
    • Hands-Off and Automated
      • The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.
    • Personalized and Insightful
      • Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware, or predicted actions.
    • Integrated Ecosystem
      • The application supports a seamless experience across various third-party and enterprise applications and services the user needs.
    • Visually Pleasing and Fulfilling
      • The UI is intuitive and aesthetically gratifying, with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely-coupled API architecture, whether the supporting system is managed and supported by your organization or by third-party providers.

    Web

    Mobile web applications are deployed and executed within the mobile web browser. They are often developed with a combination of web and scripting languages, such as HTML, CSS, and JavaScript. Web often takes two forms on mobile:

    • Progressive Web Applications (PWA)
    • Mobile Web Sites

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container. It uses the device's browser runtime engine to support more sophisticated designs and features than to the web approach.

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. The solution compiles the code into device-specific builds for native deployment.

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first. Then consider a cross-platform application if you require device access or need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g. geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices. This requires resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices can execute and render many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security, and device-specific access and customizations.
    • Application use cases require significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g. AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with third-party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution provides the tools, resources, and support to enable or build your mobile application. It can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Solutions can be barebone software development kits (SDKs), or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need to acquire new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Optimize your software delivery process

    Mobile brings new delivery and management challenges that are often difficult for organizations that are tied to legacy systems, hindered by rigid and slow delivery lifecycles, and are unable to adopt leading-edge technologies. Many of these challenges stem from the fact that mobile is a significant shift from desktop development:

    • Mobile devices and operating systems are heavily fragmented, especially in the Android space.
    • Test coverage is significantly expanded to include physical environments and multiple network connections.
    • Mobile devices do not have the same performance capabilities and memory storage as their desktop counterparts.
    • The user interface must be strategically designed to accommodate the limited screen size.
    • Mobile applications are highly susceptible to security breaches.
    • Mobile users often expect quick turnaround time on fixes and enhancements due to continuously changing technology, business priorities, and user needs.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    How should the process change?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      1. The activeness of users on the applications, the number of returning users, and the happiness of the users.
      2. Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      1. The business value that the user directly or indirectly receives with the mobile application.
      2. Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      1. The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      2. Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end-user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Grow your mobile delivery practice

    Level 1: Mobile Delivery Foundations

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    Level 2: Scaled Mobile Delivery

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Level 3: Leading-Edge Mobile Delivery

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    Awareness Education & Discovery Evaluation Selection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Selection Decision Model 5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternate Solutions & Conduct Market Education 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application Portfolio Narrow the Field to Four Top Contenders 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Pitch your mobile delivery approach with Info-Tech's template

    Communicate the justification of your approach to mobile applications with Info-Tech's Mobile Application Delivery Communication Template:

    • Level set your mobile application goals and objectives by weighing end user expectations with technical requirements.
    • Define the high priority opportunities for mobile applications.
    • Educate decision makers of the limitations and challenges of delivering specific mobile experiences with the various mobile platform options.
    • Describe your framework to select the right mobile platform and delivery tools.
    • Lay out your mobile delivery roadmap and initiatives.

    INFO-TECH DELIVERABLE

    This is a screenshot from Info-Tech's Mobile Application Delivery Communication Template

    Info-Tech's methodology for mobile platform and delivery solution selection

    1. Set the Mobile Context

    2. Define Your Mobile Approach

    Phase Steps

    Step 1.1 Build Your Mobile Backlog

    Step 1.2 Identify Your Technical Needs

    Step 1.3 Define Your Non-Functional Requirements

    Step 2.1 Choose Your Platform Approach

    Step 2.2 Shortlist Your Mobile Delivery Solution

    Step 2.3 Create a Roadmap for Mobile Delivery

    Phase Outcomes

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand the case and motivators for mobile applications.

    Call #2: Discuss the end user and desired mobile experience.

    Call #5: Discuss the desired mobile platform.

    Call #8: Discuss your mobile MVP.

    Call #3: Review technical complexities and non-functional requirements.

    Call #6: Shortlist mobile delivery solutions and desired features.

    Call #9: Review your mobile delivery roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 9 calls over the course of 2 to 3 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Module 1 Module 2 Module 3 Module 4 Post-Workshop
    Activities Set the Mobile Context Identify Your Technical Needs Choose Your Platform & Delivery Solution Create Your Roadmap Next Steps andWrap-Up (offsite)

    1.1 Generate user personas with empathy maps

    1.2 Build your mobile application canvas

    1.3 Build your mobile backlog

    2.1 Discuss your mobile needs

    2.2 Conduct a technical assessment

    2.3 Define mobile application quality

    2.4 Verify your decision to deliver mobile applications

    3.1 Select your platform approach

    3.2 Shortlist your mobile delivery solution

    3.3 Build your feature and service lists

    4.1 Define your MVP release

    4.2 Build your roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Verification to proceed with mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap
    • Completed workshop output deliverable
    • Next steps

    Phase 1

    Set the Mobile Context

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following steps:

    • Step 1.1 – Build Your Mobile Backlog
    • Step 1.2 – Identify Your Technical Needs
    • Step 1.3 – Define Your Non-Functional Requirements

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 1.1

    Build Your Mobile Backlog

    Activities

    1.1.1 Generate user personas with empathy maps

    1.1.2 Build your mobile application canvas

    1.1.3 Build your mobile backlog

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog

    Users expect your organization to support their mobile way of working

    Today, users expect sophisticated and personalized features, immersive interactions, and cross-platform capabilities from their mobile applications and be able to access information and services anytime, anywhere and on any device. These demands are pushing organizations to become more user-driven, placing greater importance on user experience (UX) with enterprise-grade technologies.

    How has technologies evolved to easily enable mobile capabilities?

    • Desktop-Like Features
      • Native-like features, such as geolocation and local caching, are supported through web language or third-party plugins and extensions.
    • Extendable & Scalable
      • Plug-and-play architecture is designed to allow software delivery teams to explore new use cases and mobile capabilities with out-of-the-box connectors and/or customizable REST APIs.
    • Low Barrier to Entry
      • Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without direct IT involvement.
    • Templates & Shells
      • Vendors provide UI templates and application shells that contain pre-built native features and multiple aesthetic layouts in a publishing-friendly and configurable way.
    • Personalized Content
      • Content can be uniquely tailored to a user's preference or be automatically generated based on the user's profile or activity history.
    • Hands-Off Operations
      • Many mobile solutions operate in a as-a-service model where the underlying and integrated technologies are managed by the vendor and abstracted away.

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be a meaningful experience, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    UX-driven mobile apps bring together a compelling UI with valuable functionality

    Info-Tech Insight

    Organizations often over-rotate on the UI. Receptive and satisfying applications require more than just pretty pictures, bold colors, and flashy animations. UX-driven mobile applications require the seamless merging of enticing design elements and valuable functions that are specifically tailored to the behaviors of the users. Take a deep look at how each design element and function is used and perceived by the user, and how your application can sufficiently support user needs.

    UI-Function Balance to Achieve Highly Satisfying Mobile Applications

    An application's UI and function both contribute to UX, but they do so in different ways.

    • The UI generates the visual, audio, and vocal cues to draw the attention of users to key areas of the application while stimulating the user's emotions.
    • Functions give users the means to satisfy their needs effortlessly.

    Finding the right balance of UI and function is dependent on the organization's understanding of user emotions, needs, and tendencies. However, these factors are often left out of an application's design. Having the right UX competencies is key in assuring user behaviors are appropriately accommodated early in the delivery process.

    To learn more, visit Info-Tech's Modernize Your Corporate Website to Drive Business Value blueprint.

    Focus your efforts on all items that drive high user experience and satisfaction

    UX-driven mobile applications involve all interaction points and system components working together to create an immersive experience while being actively supported by delivery and operations teams. Many organizations commonly focus on visual and content design to improve the experience, but this is only a small fraction of the total UX design. Look beyond the surface to effectively enhance your application's overall UX.

    Typical Focus of Mobile UX

    Aesthetics
    What Are the Colors & Fonts?

    Relevance & Modern
    Will Users Receive Up to Date Content and Trending Features?

    UI Design
    Where Are the Interaction Points?

    Content Layout
    How Is Content Organized?

    Critical Areas of Mobile UX That Are Often Ignored

    Web Infrastructure
    How Will Your Application Be Operationally Supported?

    Human Behavior
    What Do the Users Feel About Your Application?

    Coding Language
    What Is the Best Language to Use?

    Cross-Platform Compatibility
    How Does It Work in a Browser Versus Each Mobile Platform?

    Application Quality
    How are Functional and Non-Functional Needs Balanced?

    Adoption & Retention
    How Do I Promote Adoption and Maintain User Engagement?

    Application Support
    How Will My Requests and Issues Be Handled?

    Use personas to envision who will be using your mobile application

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your mobile application. It represents a type of user in a particular scenario. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user's behavior.
    • Aid in uncovering critical features and functionalities.
    • Describe real people with backgrounds, goals, and values.

    Why Are Personas Important to UX?

    They are important because they help:

    • Focus the development of mobile application features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to and resonates with the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the mobile application.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Professional and Technical Skills and Experiences (e.g., knowledge of mobile applications, area of expertise)
    • Persona Group (e.g., executives)
    • Technological Environment of User (e.g., devices, browsers, network connection)
    • Demographics (e.g., nationality, age, language spoken)
    • Typical Behaviors and Tendencies (e.g., goes to different website when cannot find information in 20 seconds)
    • Purpose of Using the Mobile Application (e.g., search for information, submit registration form)

    Create empathy maps to gain a deeper understanding of stakeholder personas

    Empathy mapping draws out the characteristics, motivations, and mannerisms of a potential end user.

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Source: XPLANE, 2017

    Empathy mapping focuses on identifying the problems, ambitions, and frustrations they are looking to resolve and describes their motivations for wanting to resolve them. This analysis helps your teams:

    • Better understand the reason behind the struggles, frustrations and motivators through a user's perspective.
    • Verify the accuracy of assertions made about the user.
    • Pinpoint the specific problem the mobile application will be designed to solve and the constraints to its successful adoption and on-going use.
    • Read more about empathy mapping and download the empathy map PDF template here.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    1.1.1 Generate user personas with empathy maps

    1-3 hours

    1. Download the Empathy Map Canvas and draw the map on a whiteboard or project it on the screen.
    2. Choose an end user to be the focus of your empathy map. Using sticky notes, fill out the sections of the empathy map in the following order:
      1. Start by filling out the goals section. State who the subject of the empathy map will be and what activity or task you would like them to do.
        1. Focus on activities and tasks that may benefit from mobile.
      2. Next, complete the outer sections in clockwise order (see, say, do, hear). The purpose of this is to think in terms of what the subject of your empathy map is observing, sensing, and experiencing.
        1. Indicate the mobile devices and OS users will likely use and the environments they will likely be in (e.g., places with poor connections)
        2. Discuss accessibility needs and how user prefer to consume content.
      3. Last, complete the inner circle of the empathy map (pains and gains). Since you spent the last step of the exercise thinking about the external influences on your stakeholder, you can think about how those stimuli affect their emotions.
    3. Document your end user persona into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential mobile application users
    • User personas
    Materials Participants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.1 cont'd

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Download the Empathy Map Canvas

    Many business priorities are driving mobile

    Mobile Applications

    • Product Roadmap
      • Upcoming enterprise technology releases and updates offer mobile capabilities to expand its access to a broader userbase.
    • Cost Optimization
      • Maximizing business value in processes and technologies through disciplined and strategic cost and spending reduction practices with mobile applications.
    • Competitive Differentiation
      • Developing and optimizing your organization's distinct products and services quickly with mobile applications.
    • Digital Transformation
      • Transitioning processes, data and systems to a digital environment to broaden access to enterprise data and services anywhere at anytime.
    • Operational Efficiency
      • Improving software delivery and business process throughput by increasing worker productivity with mobile applications.
    • Other Business Priorities
      • New corporate products and services, business model changes, application rationalization and other priorities may require modernization, innovation and a mobile way of working.

    Focus on the mobile business and end user problem, not the solution

    People are naturally solution-focused. The onus isn't on them to express their needs in the form of a problem statement!

    When refining your mobile problem statement, attempt to answer the following four questions:

    • Who is impacted?
    • What is the (user or organizational) challenge that needs to be addressed?
    • Where does it happen?
    • Why does it matter?

    There are many ways of writing problem statements, a clear approach follows the format:

    • "Our (who) has the problem that (what) when (where). Our solution should (why)."
    • Example: "Our system analysts has the problem that new tickets take too long to update when working on user requests. Our approach should enable the analyst to focus on working with customers and not on administration."

    Adapted from: "Design Problem Statements – What and How to Frame Them"

    How to write a vision statement

    It's ok to dream a little!

    When thinking about a vision statement, think about:

    • Who is it for?
    • What does the customer need?
    • What can we do for them?
    • And why is this special?

    There are different statement templates available to help form your vision statements. Some include:

    1. For [our target customer], who [customer's need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators]. (Crossing the Chasm)
    2. "We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    3. To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    4. Our vision is to [verb: build, design, provide], the [goal, future state], to [verb: help, enable, make it easier to...] [persona]."

    (Numbers 2-4 from: How to define a product vision)

    Info-Tech Best Practice

    A vision shouldn't be so far out that it doesn't feel real and so short term that it gets bogged down in minutiae and implementation details. Finding that right balance will take some trial and error and will be different depending on your organization.

    Ensure mobile supports ongoing value delivery and stakeholder expectations

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Set realistic mobile goals

    Mobile applications enables the exploration of new and different ways to improve worker productivity and deliver business value. However, the realities of mobile applications may limit your ability to meet some of your objectives:

    • On the day of installation, the average retention rate for public-facing applications was 25.3%. By day 30, the retention rate drops to 5.7%. (Source: Statista, 2020)
    • 63% of 3,335 most popular Android mobile applications on the Google Play Store contained open-source components with known security vulnerabilities and other pervasive security concerns including exposing sensitive data (Source: Synopsys, 2021)
    • 62% of users would delete the application because of performance issues, such as crashes, freezes and other errors (Source: Intersog, 2021).

    These realities are not guaranteed to occur or impede your ability to deliver valuable mobile applications, but they can lead to unachievable expectations. Ensure your stakeholders are not oversold on advertised benefits and hold you accountable for unrealistic objectives. Recognize that the organization must also change how it works and operates to see the full benefit and adoption of mobile applications and overcome the known and unknown challenges and hurdles that often come with mobile delivery.

    Benchmarks present enticing opportunities, but should be used to set reasonable expectations

    66%
    Improve Market Reach
    66% of the global population uses a mobile device
    Source: DataReportal, 2021

    20%
    Connected Workers are More Productive
    Nearly 20 percent of mobile professionals estimate they miss more than three hours of working time a week not being able to get connected to the internet
    Source: iPass, 2017

    80%
    Increase Brand Recognition
    80% of smartphone users are more likely to purchase from companies whose mobile sites of apps help them easily find answers to their questions
    Source: Google, 2018

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      • The activeness of users on the applications, the number of returning users, and the happiness of the users.
      • Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      • The business value that the user directly or indirectly receives with the mobile application.
      • Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      • The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      • Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use a canvas to define key elements of your mobile initiative

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    The problem or need mobile applications are addressing

    Vision, unique value proposition, elevator pitch, or positioning statement

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    List of business objectives or goals for the mobile application initiative.

    List of business capabilities, processes and application systems related to this initiative.

    Personas/Customers/Users

    Stakeholders

    List of groups who consume the mobile application

    List of key resources, stakeholders, and teams needed to support the process, systems and services

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    1.1.2 Build your mobile application canvas

    1-3 hours

    1. Complete the following fields to build your mobile application canvas:
      • Mobile application initiative name
      • Mobile application owner
      • Parent initiative name
      • Problem that mobile applications are intending to solve and your vision. See the outcome from the previous exercise.
      • Mobile application business goals and metrics.
      • Capabilities, processes and application systems involved
      • Primary customers/users (For additional help with your product personas, download and complete to Deliver on Your Digital Product Vision.)
    2. Stakeholders
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Business strategy
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.2 cont'd

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    [Problem Statement]

    [Vision]

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    [Business Goal 1, Metric]
    [Business Goal 2, Metric]
    [Business Goal 3, Metric]

    [Business Capability]
    [Business Process]
    [Application System]

    Personas/Customers/Users

    Stakeholders

    [User 1]
    [User 2]
    [User 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Create your mobile backlog

    Your backlog gives you a holistic understanding of the demand for mobile applications across your organization.

    Opportunities
    Trends
    MVP

    External Sources

    Internal Sources

    • Market Trends Analysis
    • Competitive Analysis
    • Regulations & Industry Standards
    • Customer & Reputation Analysis
    • Application Rationalization
    • Capability & Value Stream Analysis
    • Business Requests & Incidents
    • Discovery & Mining Capabilities

    A mobile application minimum viable product (MVP) focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to maximize learning, evaluate value and acceptance, and inform the development of a full-fledged mobile delivery practice.

    Find your mobile opportunities

    Modern mobile technologies enable users to access, analyze and change data anywhere with native device features, which opens the door to enhanced processes and new value sources.

    Examples of Mobile Opportunities:

    • Mobile Payment
      • Cost alternative to credit card transaction fees.
      • Loyalty systems are updated upon payment without need of a physical card.
      • Quicker completion of transactions.
    • Inventory Management
      • Update inventory database when shipments arrive or deliveries are made.
      • Inform retailers and consumers of current stock on website.
      • Alert staff of expired or outdated products.
    • Quick and Small Data Transfer
      • Embed tags into posters to transfer URIs, which sends users to sites containing product or location information.
      • Replace entry tags, fobs, or smart cards at doors.
      • Exchange contact details.
    • Location Sensitive Information
      • Proactively send promotions and other information (e.g. coupons, event details) to users within a defined area.
      • Inform employees of nearby prospective clients.
    • Supply Chain Management
      • Track the movement and location of goods and delivery trucks.
      • Direct drivers to the most optimal route.
      • Location-sensitive billing apps such as train and bus ticket purchases.
    • Education and Learning
      • Educate users about real-world objects and places with augmented books and by pushing relevant learning materials.
      • Visualize theories and other text with dynamic 3D objects.
    • Augmented Reality (AR)
      • Provide information about the user's surroundings and the objects in the environment through the mobile device.
      • Interactive and immersive experiences with the inclusion of virtual reality.
    • Architecture and Planning
      • Visualize historic buildings or the layout of structural projects and development plans.
      • Develop a digital tour with location-based audio initiated with location-based services or a camera.
    • Navigation
      • Provide directions to users to navigate and provide contextual travelling instructions.
      • Push traffic notifications and route changes to travelling users.
    • Tracking User Movement
      • Predict the future location of users based on historic information and traffic modelling.
      • Proactively push information to users before they reach their destination.

    1.1.3 Build your mobile backlog

    1-3 hours

    1. As a group, discuss the use and value mobile already has within your organization for each persona.
      1. What are some of the apps being used?
      2. What enterprise systems and applications are already exposed to the web and accessible by mobile devices?
      3. How critical is mobile to business operations, marketing campaigns, etc.?
    2. Discuss how mobile can bring additional business value to other areas of your organization for each persona.
      1. Can mobile enhance your customer reach? Do your customers care that your services are offered through mobile?
      2. Are employees asking for better access to enterprise systems in order to improve their productivity?
    3. Write your mobile opportunities in the following form: As a [end user persona], I want to [process or capability to enable with mobile applications], so that [organizational benefit]. Prioritize each opportunity against feasibility, desirability, and viability.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    • Mobile opportunities backlog
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Manage your mobile backlog

    Your backlog stores and organizes your mobile opportunities at various stages of readiness. It must be continuously refined to address new requests, maintenance and changing priorities.

    3 – IDEAS
    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 – QUALIFIED
    Researched and qualified opportunities awaiting refinement.

    1 READY
    Discrete, refined opportunities that are ready to be placed in your team's delivery plans.

    Adapted from Essential Scrum

    A well-formed backlog can be thought of as a DEEP backlog

    • Detailed Appropriately: opportunities are broken down and refined as necessary
    • Emergent: The backlog grows and evolves over time as opportunities are added and removed.
    • Estimated: The effort an opportunity requires is estimated at each tier.
    • Prioritized: The opportunity's value and priority are determined at each tier.

    (Source Perforce, 2018)

    See our Deliver on Your Digital Product Vision for more information on backlog practices.

    Step 1.2

    Identify Your Technical Needs

    Activities

    1.2.1 Discuss your mobile needs

    1.2.2 Conduct a technical assessment

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • List of mobile features to enable the desired mobile experience
    • System current assessment

    Describe your desired mobile experiences with journey maps

    A journey map tells the story of the user's experience with an existing or prospective product or service, starting with a trigger, through the process of engagement, to create an outcome. Journey maps can focus on a particular part of the user's or the entire experience with your organization's products or services. All types of maps capture key interactions and motivations of the user in chronological order.

    Why are journey maps an important for mobile application delivery?

    Everyone has their own preferred method for completing their tasks on mobile devices – often, what differentiates one persona from another has to do with how users privately behave. Understand that the activities performed outside of IT's purview develop context for your persona's pain points and position IT to meet their needs with the appropriate solution.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    Two charts are depicted, the first shows the path from Trigger, through steps 1-4, to the outcome, and the Activities and Touchpoints for each. The second chart shows the Expectation analysis, showing which steps are must-haves, nice-to-haves, and hidden-needs.

    Pinpoint specific mobile needs in your journey map

    Realize that mobile applications may not precisely fit with your personas workflow or align to their expectations due to device and system limitations and restrictions. Flag the mobile opportunities that require significant modifications to underlying systems.

    Consider these workflow scenarios that can influence your persona's desire for mobile:

    Workflow Scenarios Ask Yourself The Key Questions Technology Constraints or Restrictions to Consider Examples of Mobile Opportunities

    Data View – Data is queried, prepared and presented to make informed decisions, but it cannot be edited.

    Where is the data located and can it be easily gathered and prepared?

    Is the data sensitive and can it be locally stored?

    What is the level of detail in my view?

    Multi-factor authentication required.

    Highly sensitive data requires encryption in transit and at rest.

    Minor calculations and preparation needed before data view.

    Generate a status report.

    View social media channels.

    View contact information.

    Data Collection – Data is inputted directly into the application and updates back-end system or integrated 3rd party services.

    Do I need special permission to add, delete and overwrite data?

    How much data can I edit?

    Is the data automatically gathered?

    Bandwidth restrictions.

    Multi-factor authentication required.

    Native device access required (e.g., camera).

    Multiple types and formats of gathered data.

    Manual and automatic data gathering

    Book appointments with clients.

    Update inventory.

    Tracking movement of company assets.

    Data Analysis & Modification – Data is evaluated, manipulated and transformed through the application, back-end system or 3rd party service.

    How complex are my calculations?

    Can computations be offloaded?

    What resources are needed to complete the analysis?

    Memory and processing limitations on device.

    Inability to configure device and enterprise hardware to support system resource demand.

    Scope and precision of analysis and modifications.

    Evaluate and propose trends.

    Gauge user sentiment.

    Propose next steps and directions.

    Define the mobile experience your end users want

    Anytime, Anywhere
    The user can access, update and analyze data, and corporate products and services whenever they want, in all networks, and on any device.

    Hands-Off & Automated
    The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.

    Personalized & Insightful
    Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware or predicted actions.

    Integrated Ecosystem
    The application supports a seamless experience across various 3rd party and enterprise applications and services the user needs.

    Visually Pleasing & Fulfilling
    The UI is intuitive and aesthetically gratifying with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    1.2.1 Discover your mobile needs

    1-3 hours

    1. Define the workflow of a high priority opportunity in your mobile backlog. This workflow can be pertaining to an existing mobile application or a workflow that can benefit with a mobile application.
      1. Indicate the trigger that will initiate the opportunity and the desired outcome.
      2. Break down the persona's desired outcome into small pieces of value that are realized in each workflow step.
    2. Identify activities and touchpoints the persona will need to complete to finish each step in the workflow. Indicate the technology used to complete the activity or to facilitate the touchpoint.
    3. Indicate which activities and touchpoints can be satisfied, complimented or enhanced with mobile.

    Input

    Output
    • User personas
    • Mobile application canvas
    • Desired mobile experience
    • List of mobile features
    • Journey map
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.1 cont'd

    Workflow

    Trigger

    Conduct initial analysis

    Get planning help

    Complete and submit RFP

    Design and implement solution

    Implement changes

    Activities, Channels, and Touchpoints

    Need is recognized in CIO council meeting

    See if we have a sufficient solution internally

    Seek planning help (various channels)

    *Meet with IT shared services business analyst

    Select the appropriate vendor

    Follow action plan

    Compliance rqmt triggered by new law

    See if we have a sufficient solution internally

    *Hold in-person initial meeting with IT shared services

    *Review and approve rqmts (email)

    Seek miscellaneous support

    Implement project and manage change

    Research potential solutions in the marketplace

    Excess budget identified for utilization

    Pick a "favorite" solution

    *Negotiate and sign statement of work (email)

    Prime organization for the change

    Create action plan

    If solution is unsatisfactory, plan remediation

    Current Technology

    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • ERP
    • IT asset management
    • Internet browser for research
    • Virtual environment to demonstrate solutions
    • Email
    • Vendor assessment and procurement solution
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Vendor assessment and procurement solution
    • Project management solution
    • Team collaboration solution
    • Email
    • Video conferencing
    • Phone
    • Project management solution
    • Team collaboration solution
    • Vendor's solution

    Legend:

    Bold – Touchpoint

    * – Activities or Touchpoints That Can Benefit with Mobile

    1.2.1 cont'd

    1-3 hours

    1. Analyze persona expectations. Identify the persona's must-haves, then nice-to-haves, and then hidden needs to effectively complete the workflow.
      1. Must-haves. The necessary outcomes, qualities, and features of the workflow step.
      2. Nice-to-haves. Desired outcomes, qualities, or features that your persona is able to articulate or express.
      3. Hidden needs. Outcomes, qualities, or features that your persona is not aware they have a desire for; benefits that they are pleasantly surprised to receive. These will usually be unknown for your first-iteration journey map.
    2. Indicate which persona expectations can be satisfied with mobile. Discuss what would the desired mobile experience be.
    3. Discuss feedback and experiences your team has heard from the personas they engage with regularly.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    1.2.1 cont'd

    Example

    This image contains an example workflow for determining mobile needs.

    1.2.1 cont'd

    Template:

    Workflow

    TriggerStep 1Step 2Step 3Step 4

    Desired Outcome

    Journey Map

    Activities & Touch-points

    <>

    <>

    <>

    <>

    <>

    <>

    Must-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Nice-to-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Hidden Needs

    <>

    <>

    <>

    <>

    <>

    <>

    Emotional Journey

    <>

    <>

    <>

    <>

    <>

    <>

    If you need more than four steps in the workflow, duplicate this slide.

    Understand how mobile fits with your current system

    Evaluate the risks and impacts of your desired mobile features by looking at your enterprise system architecture from top to bottom. Is your mobile vision and needs compatible with your existing business capabilities and technologies?

    An architecture is usually represented by one or more architecture views that together provide a coherent description of the application system, including demonstrating the full impact mobile will have. A single, comprehensive model is often too complex to be understood and communicated in its most detailed form, and a model too high level hides the underlying complexity of an application's structure and deployment (The Open Group, TOGAF 8.1.1 - Developing Architecture Views). Obtain a complete understanding of your architecture by assessing it through multiple levels of views to reveal different sets of concerns:

    Application Architecture Views

    1. Use Case View
    • How does your business operate, and how will users interact with your mobile applications?
  • . Process View
    • What is the user workflow impacted by mobile, and how will it change?
  • Component View
    • How are my existing applications structured? What are its various components? How will mobile expand the costs of the existing technical debt?
  • Data View
    • What is the relationship of the data and information consumed, analyzed, and transmitted? Will mobile jeopardize the quality and reliability of the data?
  • Deployment View
    • In what environment are your mobile application components deployed? How will the existing systems operate with your mobile applications?
  • System View
    • How does your mobile application communicate with other internal and external systems? How will dependencies change with mobile?
  • See our Enhance Your Solution Architecture for more information.

    Ask key questions in your current system assessment

    • How do the various components of your system communicate with each other (e.g., web APIs, middleware, and point to point)?
    • What information is exchanged during the conversation?
    • How does the data flow from one component to the next? Is the data read-only or can application and users edit and modify it?
    • What are the access points to your mid- and back-tier systems (e.g., user access through web interface, corporate networks and third-party application access through APIs)?
    • Who has access to your enterprise systems?
    • Which components are managed and operated by third-party providers? What is your level of control?
    • What are the security protocols currently enforced in your system?
    • How often are your databases updated? Is it real-time or periodic extract, transfer, and load (ETL)?
    • What are the business rules?
    • Is your mobile stack dependent on other systems?
    • Is a mobile middleware, web server, or API gateway needed to help facilitate the integration between devices and your back-end support?

    1.2.2 Conduct a technical assessment

    1-3 hours

    1. Evaluate your current systems that will support the journey map of your mobile opportunities based on two categories: system quality and system management. Use the tables on the following slides and modify the questions if needed.
    2. Discuss if the current state of your system will impede your ability to succeed with mobile. Use this discussion to verify the decision to continue with mobile applications in your current state.
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Journey map
    • Understanding of current system
    • Assessment of current system
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.2 cont'd

    Current State System Quality Assessment

    Factors Definitions Survey Responses
    Fit-for-Purpose System functionalities, services and integrations are designed and implemented for the purpose of satisfying the end users' needs and technology compatibilities. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Response Rate The system completes computation and processing requests within acceptable timeframes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Data Quality The system delivers consumable, accurate, and trustworthy data. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Usability The system provides functionalities, services and integrations that are rewarding, engaging, intuitive, and emotionally satisfying. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Reliability The system is resilient or quickly recovers from issues and defects. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Accessible The system is available on demand and on the end user's preferred interface and device. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Secured End-user activity and data is protected from unauthorized access. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Adaptable The system can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    1.2.2 cont'd

    Current State System Management Assessment

    Factors Definitions Survey Responses
    Documentation The system is documented, accurate, and shared in the organization. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Measurement The system is continuously measured against clearly defined metrics tied to business value. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Compliance The system is compliant with regulations and industry standards. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Continuous Improvement The system is routinely rationalized and enhanced. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Architecture There is a shared overview of how the process supports business value delivery and its dependencies with technologies and other processes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Ownership & Accountability The process has a clearly defined owner who is accountable for its risks and roadmap. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Support Resources are available to address adoption and execution challenges. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Organizational Change Management Communication, onboarding, and other change management capabilities are available to facilitate technology and related role and process changes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    Step 1.3

    Define Your Non-Functional Requirements

    Activities

    1.3.1 Define mobile application quality

    1.3.2 Verify your decision to deliver mobile applications

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams

    Outcomes of this step

    • Mobile application quality definition
    • Readiness for mobile delivery

    Build a strong foundation of mobile application quality

    Functionality and aesthetics often take front seats in mobile application delivery. Applications are then frequently modified and changed, not because they are functionally deficient or visually displeasing, but because they are difficult to maintain or scale, too slow, vulnerable or compromised. Implementing clear quality principles (i.e., non-functional requirements) and strong quality assurance practices throughout delivery are critical to minimize the potential work of future maintenance and to avoid, mitigate and manage IT risks.

    What is Mobile Application Quality?

    • Quality requirements (i.e., non-functional requirements) are properties of a system or product that dictate how it should behave at runtime and how it should be designed, implemented, and maintained.
    • These requirements should be involved in decision making around architecture, UI and functional design changes.
    • Functionality should not dictate the level of security, availability, or performance of a product, thereby risking system quality. Functionality and quality are viewed orthogonally, and trade-offs are discussed when one impacts the other.
    • Quality attributes should never be achieved in isolation as one attribute can have a negative or positive impact on another (e.g. security and availability).

    Why is Mobile Quality Assurance Critical?

    • Quality assurance (QA) is a necessity for the validation and verification of mobile delivery, whether you are delivering applications in an Agile or Waterfall fashion. Effective QA practices implemented across the software development lifecycle (SDLC) are vital, as all layers of the mobile stack need to readily able to adjust to suddenly evolving and changing business and user needs and technologies without risking system stability and breaking business standards and expectations.
    • However, investments in QA optimizations are often afterthoughts. QA is commonly viewed as a lower priority compared to other delivery capabilities (e.g., design and coding) and is typically the first item cut when delivery is under pressure.

    See our Build a Software Quality Assurance Program for more information.

    Mobile emphasizes the importance of good security, performance and integration

    Today's mobile workforce is looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile device, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Mobile risks opening and widening existing security gaps

    New mobile technologies and the continued expansion of the enterprise environment increase the number of entry points attackers to your corporate data and networks. The ever-growing volume, velocity, and variety of new threats puts significant pressure on mobile delivery teams who are responsible for implementing mobile security measures and maintaining alignment to your security policies and those of app stores.

    Mobile attacks can come from various vectors:

    Attack Surface: Mobile Device

    Attack Surface: Network

    Attack Surface: Data Center

    Browser:
    Phishing
    Buffer Overflow
    Data Caching

    System:
    No Passcode
    Jailbroken and Rooted OS
    No/Weak Encryption
    OS Data Caching

    Phone:
    SMSishing
    Radio Frequency Attacks

    Apps:
    Configuration Manipulation
    Runtime Injection
    Improper SSL Validation

    • Packet Sniffing
    • Session Hijacking
    • Man-in-the-Middle (circumvent password verification systems)
    • Fake SSL Certificate
    • Rogue Access Points

    Web Server:
    Cross-Site Scripting (XSS)
    Brute Force Attacks
    Server Misconfigurations

    Database:
    SQL Injection
    Data Dumping

    Understand the top web security risks and vulnerabilities seen in the industry

    Recognize mobile applications are exposed to the same risks and vulnerabilities as web applications. Learn of OWASP's top 10 web security risks.

    • Broken Access Control
      • Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
    • Cryptographic Failures
      • Improper and incorrect protection of data in transit and at rest, especially proprietary and confidential data and those that fall under privacy laws.
    • Injection
      • Execution of malicious code and injection of hostile or unfiltered data on the mobile device via the mobile application.
    • Insecure Design
      • Missing or ineffective security controls in the application design. An insecure design cannot be fixed by a perfect implementation,. Needed security controls were never created to defend against specific attacks.
    • Security Misconfiguration
      • The security settings in the application are not securely set or configured, including poor security hardening and inadequate system upgrading practices.
    • Vulnerable and Outdated Components
      • System components are vulnerable because they are unsupported, out of date, untested or not hardened against current security concerns.
    • Identification and Authentication Failures
      • Improper or poor protection against authentication-related attacks, particularly to the user's identity, authentication and session management.
    • Software and Data Integrity Failures
      • Failures related to code and infrastructure that does not protect against integrity violations, such as an application relying upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks
    • Security Logging and Monitoring Failures
      • Insufficient logging, detection, monitoring, and active response that hinders the ability to detect, escalate, and respond to active breaches.
    • Server-Side Request Forgery (SSRF)
      • SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL.

    Good mobile application performance drives satisfaction and value delivery

    Underperforming mobile applications can cause your users to be unproductive. Your mobile applications should always aim to satisfy the productivity requirements of your end users.

    Users quickly notice applications that are slow and difficult to use. Providing a seamless experience for the user is now heavily dependent on how well your application performs. Optimizing your mobile application's processing efficiency can help your users perform their jobs properly in various environment conditions.

    Productive Users Need
    Performant Mobile Applications

    Persona

    Mobile Application Use Case

    Optimized Mobile Application

    Stationary Worker

    • Design flowcharts and diagrams, while abandoning paper and desktop apps in favor of easy-to-use, drawing tablet applications.
    • Multitask by checking the application to verify information given by a vendor during their presentation or pitch.
    • Flowcharts and diagrams are updated in real time for team members to view and edit
    • Compare vendors under assessment with a quick look-up app feature

    Roaming Worker (Engineer)

    • Replace physical copies of service and repair manuals physically stored with digital copies and access them with mobile applications.
    • Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.
    • Worker is capable of interacting with other features of the mobile web app while product bar code is being verified

    Enhance the performance of the entire mobile stack

    Due to frequently changing mobile hardware, users' high performance expectations and mobile network constraints, mobile delivery teams must focus on the entire mobile stack for optimizing performance.

    Fine tune your enterprise mobile applications using optimization techniques to improve performance across the full mobile stack.

    This image contains a bar graph ranking the importance of the following datapoints: Minimize render blocking resources; Configure the mobile application viewport; Determine the right image file format ; Determine above-the-fold content; Minimize browser reflow; Adopt UI techniques to improve perceived latency; Resource minification; Data compression; Asynchronous programming; Resource HTTP caching; Minimize network roundtrips for first time to render.

    Info-Tech Insight

    Some user performance expectations can be managed with clever UI design (e.g., spinning pinwheels to indicate loading in progress and directing user focus to quick loading content) and operational choices (e.g. graceful degradation and progressive enhancements).

    Create an API-centric integration strategy

    Mobile delivery teams are tasked to keep up with the changing needs of end users and accommodate the evolution of trending mobile features. Ensuring scalable APIs is critical in quickly releasing changes and ensuring availability of corporate services and resources.

    As your portfolio of mobile applications grows, and device platforms and browsers diversify, it will become increasingly complex to provide all the data and service capabilities your mobile apps need to operate. It is important that your APIs are available, reliable, reusable, and secure for multiple uses and platforms.

    Take an API-centric approach to retain control of your mobile development and ensure reliability.

    APIs are the underlying layer of your mobile applications, enabling remote access of company data and services to end users. Focusing design and development efforts on the maintainability, reliability and scalability of your APIs enables your delivery teams to:

    • Reuse tried-and-tested APIs to deliver, test and harden applications and systems quicker by standardizing on the use and structure of REST APIs.
    • Ensure a consistent experience and performance across different applications using the same API.
    • Uniformly apply security and access control to remain compliant to security protocols, industry standards and regulations.
    • Provide reliable integration points when leveraging third-party APIs and services.

    See our Build Effective Enterprise Integration on the Back of Business Process for more information.

    Guide your integration strategy with principles

    Craft your principles around good API management and integration practices

    Expose Enterprise Data And Functionality in API-Friendly Formats
    Convert complex on-premises application services into developer-friendly RESTful APIs

    Protect Information Assets Exposed Via APIs to Prevent Misuse
    Ensure that enterprise systems are protected against message-level attack and hijack

    Authorize Secure, Seamless Access for Valid Identities
    Deploy strong access control, identity federation and social login functionality

    Optimize System Performance and Manage the API Lifecycle
    Maintain the availability of backend systems for APIs, applications and end users

    Engage, Onboard, Educate and Manage Developers
    Give developers the resources they need to create applications that deliver real value

    Source: 5 Pillars of API Management, Broadcom, 2021

    Clarify your definition of mobile quality

    Quality does not mean the same thing to everyone

    Do not expect a universal definition of mobile quality. Each department, person and industry standard will have a different interpretation of quality, and they will perform certain activities and enforce policies that meet those interpretations. Misunderstanding of what is defined as a high quality mobile application within business and IT teams can lead to further confusion behind governance, testing priorities and compliance.

    Each interpretation of quality can lead to endless testing, guardrails and constraints, or lack thereof. Be clear on the priority of each interpretation and the degree of effort needed to ensure they are met.

    For example:

    Mobile Application Owner
    What does an accessible mobile application mean?

    Persona: Customer
    I can access it on mobile phones, tablets and the web browser

    Persona: Developer
    I have access to each layer of the mobile stack including the code & data

    Persona: Operations
    The mobile application is accessible 24/7 with 95% uptime

    Example: A School Board's Quality Definition

    Quality Attribute Definitions
    Usability The product is an intuitive solution. Usability is the ease with which the user accomplishes a desired task in the application system and the degree of user support the system provides. Limited training and documentation are required.
    Performance Usability and performance are closely related. A solution that is slow is not usable. The application system is able to meet timing requirements, which is dependent on stable infrastructure to support it regardless of where the application is hosted. Baseline performance metrics are defined and changes must result in improvements. Performance is validated against peak loads.
    Availability The application system is present, accessible, and ready to carry out its tasks when needed. The application is accessible from multiple devices and platforms, is available 24x7x365, and teams communicate planned downtimes and unplanned outages. IT must serve teachers international student's parents, and other users who access the application outside normal business hours. The application should never be down when it should be up. Teams must not put undue burden on end users accessing the systems. Reasonable access requirements are published.
    Security Applications handle both private and personal data, and must be able to segregate data based on permissions to protect privacy. The application system is able to protect data and information from unauthorized access. Users want it to be secure but seamless. Vendors need to understand and implement the District School Board's security requirements into their products. Teams ensure access is authorized, maintain data integrity, and enforce privacy.
    Reusability Reusability is the capability for components and subsystems to be suitable for use in other applications and in other scenarios. This attribute minimizes the duplication of components and implementation time. Teams ensure a modular design that is flexible and usable in other applications.
    Interoperability The degree to which two or more systems can usefully exchange meaningful information via interfaces in a particular context.

    Scalability

    There are two kinds of scalability:

    • Horizontal scalability (scaling out): Adding more resources to logical units, such as adding another server to a cluster of servers.
    • Vertical scalability (scaling up): Adding more resources to a physical unit, such as adding more memory to a single computer.

    Ease of maintenance and enhancements are critical. Additional care is given to custom code because of the inherent difficulty to make it scale and update.

    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.
    Cost Efficiency The application system is executed and maintained in such a way that each area of cost is reduced to what is critically needed. Cost efficiency is critical (e.g. printers cost per page, TCO, software what does downtime cost us), and everyone must understand the financial impact of their decisions.
    Self-Service End users are empowered to make configurations, troubleshoot and make changes to their application without the involvement of IT. The appropriate controls are in place to manage the access to unauthorized access to corporate systems.
    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.

    1.3.1 Define mobile application quality

    1-3 hours

    1. List 5 quality attributes that your organization sees as important for a successful mobile application.
    2. List the core personas that will support mobile delivery and that will consume the mobile application. Start with development, operations and support, and end user.
    3. Describe each quality attributes from the perspective of each persona by asking, "What does quality mean to you?".
    4. Review each description from each persona to come to an acceptable definition.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Mobile application canvas
    • Journey map
    • Mobile application quality definition
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.1 cont'd

    Example: Info-Tech Guided Implementation with a Legal and Professional Services Organization

    Quality AttributeDeveloperOperations & Support TeamEnd Users

    Usability

    • Architecture and frameworks are aligned with industry best practices
    • Regular feedback through analytics and user feedback
    • Faster development and less technical debt
    • Pride in the product
    • Satisfaction that the product is serving its purpose and is actually being used by the user
    • Increased update of product use and feedback for future lifecycle
    • Standardization and positive perception of IT processes
    • Simpler to train users to adopt products and changes
    • Trust in system and ability to promote the product in a positive light
    • Trusted list of applications
    • Intuitive (easy to use, no training required)
    • Encourage collaboration and sharing ideas between end users and delivery teams
    • The information presented is correct and accurate
    • Users understand where the data came from and the algorithms behind it
    • Users learn features quickly and retain their knowledge longer, which directly correlates to decreased training costs and time
    • High uptake in use of the product
    • Seamless experience, use less energy to work with product

    Security

    • Secure by design approach
    • Testing across all layers of the application stack
    • Security analysis of our source code
    • Good approach to security requirement definition, secure access to databases, using latest libraries and using semantics in code
    • Standardized & clear practices for development
    • Making data access granular (not all or none)
    • Secure mission critical procedures which will reduce operational cost, improve compliance and mitigate risks
    • Auditable artifacts on security implementation
    • Good data classification, managed secure access, system backups and privacy protocols
    • Confidence of protection of user data
    • Encryption of sensitive data
    Availability
    • Good access to the code
    • Good access to the data
    • Good access to APIs and other integration technologies
    • Automatic alerts when something goes wrong
    • Self-repairing/recovering
    • SLAs and uptimes
    • Code documentation
    • Proactive support from the infrastructure team
    • System availability dashboard
    • Access on any end user device, including mobile and desktop
    • 24/7 uptime
    • Rapid response to reported defects or bugs
    • Business continuity

    1.3.2 Verify your decision to deliver mobile applications

    1-3 hours

    1. Review the various end user, business and technical expectations for mobile its achievability given the current state of your system and non-functional requirements.
    2. Complete the list of questions on the following slide as an indication for your readiness for mobile delivery.

    Input

    Output
    • Mobile application canvas
    • Assessment to proceed with mobile
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.2 cont'd

    Skill Sets
    Software delivery teams have skills in creating mobile applications that stakeholders are expecting in value and quality. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Architects look for ways to reuse existing technical asset and design for future growth and maturity in mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Resources can be committed to implement and manage a mobile platform. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Software delivery teams and resources are adaptable and flexible to requirements and system changes. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Delivery Process
    My software delivery process can accommodate last minute and sudden changes in mobile delivery tasks. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business and IT requirements for the mobile are clarified through collaboration between business and IT representatives. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile will help us fill the gaps and standardize our software delivery process process. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My testing practices can be adapted to verify and validate the mobile functional and non-functional requirements. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Technical Stack
    My mid-tier and back-end support has the capacity to accommodate additional traffic from mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have access to my web infrastructure and integration technologies, and I am capable of making configurations. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My security approaches and capabilities can be enhanced address specific mobile application risks and vulnerabilities. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have a sound and robust integration strategy involving web APIs that gives me the flexibility to support mobile applications. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    Phase 2

    Define Your Mobile Approach

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following activities:

    • Step 2.1 – Choose Your Platform Approach
    • Step 2.2 – Shortlist Your Mobile Delivery Solution
    • Step 2.3 – Create a Roadmap for Mobile Delivery

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 2.1

    Choose Your Platform Approach

    Activities

    2.1.1 Select your platform approach

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Desired mobile platform approach

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely coupled API architecture whether the supporting system is managed and supported by your organization or by 3rd party providers.

    Web

    The mobile web often takes on one of the following two approaches:

    • Responsive websites – Content, UI and other website elements automatically adjusts itself according to the device, creating a seamless experience regardless of the device.
    • Progressive web applications (PWAs) – PWAs uses the browser's APIs and features to offer native-like experiences.

    Mobile web applications are often developed with a combination of HTML, CSS, and JavaScript languages.

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container, and it uses the device's browser runtime engine to support more sophisticated designs and features compared to the web approach. Hybrid mobile solutions allows teams to code once and deploy to multiple platforms.

    Some notable examples:

    • Gmail
    • Instagram

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. Then the solution will compile the code into device-specific builds for native deployment.

    Some notable examples:

    • Facebook
    • Skype
    • Slack

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    With this platform, developers have direct access to local device features allowing customized operations. This enables the use of local resources, such as memory and runtime engines, which will achieve a higher performance than hybrid and cross-platform applications.

    Each platform offers unique pros and cons depending on your mobile needs

    WebHybridCross-PlatformNative

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    • Modern browsers support the popular of web languages (HTML, CSS, and JavaScript).
    • Ubiquitous across multiple form factors and devices.
    • Mobile can be easily integrated into traditional web development processes and technical stacks.
    • Installations are not required, and updates are immediate.
    • Sensitive data can be wiped from memory after app is closed.
    • Limited access to local device hardware and software.
    • Local caching is available for limited offline capabilities, but the scope of tasks that can be completed in this scenario is restricted.
    • The browser's runtime engine is limited in computing power.
    • Not all browsers fully support the latest versions of HTML, CSS, or JavaScript.
    • Web languages can be used to develop a complete application.
    • Code can be reused for multiple platforms, including web.
    • Access to commonly-used native features that are not available through the web platform.
    • Quick delivery and maintenance updates compared to native and cross-platform platforms.
    • Consistent internet access is needed due to its reliance heavily reliance on web technologies to operate.
    • Limited ability to support complex workflows and features.
    • Sluggish performance compared to cross-platform and native applications.
    • Certain features may not operate the same across all platforms given the code once, deploy everywhere approach.
    • More cost-effective to develop than using native development approaches to gain similar features. Platform-specific developers are not needed.
    • Common codebase to develop applications on different applications.
    • Enables more complex application functionalities and technical customizations compared to hybrid applications.
    • Code is not portable across cross-platform delivery solutions.
    • The framework is tied to the vendor solution which presents the risk of vendor lock-in.
    • Deployment is dependent on an app store and the delivery solution may not guarantee the application's acceptance into the application store.
    • Significant training and onboarding may be needed using the cross-platform framework.
    • Tight integration with the device's hardware enables high performance and greater use of hardware features.
    • Computationally-intensive and complex tasks can be completed on the device.
    • Available offline access.
    • Apps are available through easy-to-access app stores.
    • Requires additional investments, such as app stores, app-specific support, versioning, and platform-specific extensions.
    • Developers skilled in a device-specific language are difficult to acquire and costly to train.
    • Testing is required every time a new device or OS is introduced.
    • Higher development and maintenance costs are tradeoffs for native device features.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first and then consider a cross-platform application if you require device access or the need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g., geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices requiring resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices are capable of executing and rendering many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Do you need a native platform?

    Consider web workarounds if you choose a web platform but require some native experiences.

    The web platform does not give you direct access or sophisticated customizations to local device hardware and services, underlying code and integrations. You may run into the situation where you need some native experiences, but the value of these features may not offset the costs to undertake a native, hybrid or cross-platform application. When developing hybrid and cross-platform applications with a mobile delivery solution, only the APIs of the commonly used device features are available. Note that some vendors may not offer a particular native feature across all devices, inhibiting your ability to achieve feature parity or exploiting device features only available in certain devices. Workarounds are then needed.

    Consider the following workarounds to address the required native experiences on the web platform:

    Native Function Description Web Workaround Impact
    Camera Takes pictures or records videos through the device's camera. Create an upload form in the web with HTML5. Break in workflow leading to poor user experience (UX).
    Geolocation Detects the geographical location of the device. Available through HTML5. Not Applicable.
    Calendar Stores the user's calendar in local memory. Integrate with calendaring system or manually upload contacts. Costly integration initiative. Poor user experience.
    Contacts Stores contact information in local memory. Integrate app with contact system or manually upload contacts. Costly integration initiative. Poor user experience.
    Near Field Communication (NFC) Communication between devices by touching them together or bringing them into proximity. Manual transfer of data. A lot of time is consumed transferring simple information.
    Native Computation Computational power and resources needed to complete tasks on the device. Resource-intensive requests are completed by back-end systems and results sent back to user. Slower application performance given network constraints.

    Info-Tech Insight

    In many cases, workarounds are available when evaluating the gaps between web and native applications. For example, not having application-level access to the camera does not negate the user option to upload a picture taken by the camera through a web form. Tradeoffs like this will come down to assessing the importance of each platform gap for your organization and whether a workaround is good enough as a native-like experience.

    Architect and configure your entire mobile stack with a plan

    • Assess your existing technology stack that will support your mobile platform. Determine if it has the capacity to handle mobile traffic and the necessary integration between devices and enterprise and 3rd party systems are robust and reliable. Reach out to your IT teams and vendors if you are missing key mobile components, such as:
    • The acquisition and provisioning of physical or virtual mobile web servers and middleware from existing vendors.
    • Cloud services [e.g., Mobile Back-end as a Service (mBaaS)] that assists in the mobilization of back-end data sources with API SDKs, orchestration of data from multiple sources, transformation of legacy APIs to mobile formats, and satisfaction of other security, integration and performance needs.
    • Configure the services of your web server or middleware to facilitate the translation, transformation, and transfer of data between your mobile front-end and back-end. If your plan involves scripts, maintenance and other ongoing costs will likely increase.
    • Leverage the APIs or adapters provided by your vendors or device manufacturers to integrate your mobile front-end and back-end support to your web server or middleware. If you are reusing a web server, the back-end integration should already be in place. Remember, APIs implement business rules to maintain the integrity of data exchange within your mobile stack.
    • See Appendix A for examples of reference architectures of mobile platforms.

    See our Enhance Your Solution Architecture for more information.

    Do Not Forget Your Security and Performance Requirements

    Security: New threats from mobile put organizations into a difficult situation beyond simply responding to them in a timely matter. Be careful not to take the benefits of security out of the mobile context. You need to make security a first-order citizen during the scoping, design, and optimization of your systems supporting mobile. It must also be balanced with other functional and non-functional requirements with the right roles taking accountability for these decisions.

    See our Strengthen the SSDLC for Enterprise Mobile Applications for more information.

    Performance: Within a distributed mobile environment, performance has a risk of diminishing due to limited device capacity, network hopping, lack of server scalability, API bottlenecks, and other device, network and infrastructure issues. Mobile web APIs suffer from the same pain points as traditional web browsing and unplanned API call management in an application will lead to slow performance.

    See our Develop Enterprise Mobile Applications With Realistic and Relevant Performance for more information.

    Enterprise platform selection requires a shift in perspective

    Your mobile platform selection must consider both user and enterprise (i.e., non-functional) needs. Use a two-step process for your analysis:

    Begin Platform Selection with a User-Centric Approach

    Organizations appealing to end users place emphasis on the user experience: the look and appeal of the user interface, and the satisfaction, ease of use, and value of its functionalities. In this approach, IT concerns and needs are not high priorities, but many functions are completed locally or isolated from mission critical corporate networks and sensitive data. Some needs include:

    • Performance: quick execution of tasks and calculations made on the device or offloaded to web servers or the cloud.
    • User Interface: cross-platform compatibility and feature-rich design and functionality. The right native experience is critical to the user adoption and satisfaction.
    • Device Access: use of local device hardware and software to complete app use cases, such as camera, calendar, and contact lists.

    Refine Platform Selection with an Enterprise-Centric Approach

    From the enterprise perspective, emphasis is on security, system performance, integration, reuse and other non-functional requirements as the primary motivations in the selection of a mobile platform. User experience is still a contributing factor because of the mobile application's need to drive value but its priority is not exclusive. Some drivers include:

    • Openness: agreed-upon industry standards and technologies that can be applied to serve enterprise needs which support business processes.
    • Integration: increase the reuse of legacy investments and existing applications and services with integration capabilities.
    • Flexibility: support for multiple data types from applications such as JSON format for mobile.
    • Capacity: maximize the utilization of your software delivery resources beyond the initial iteration of the mobile application.

    Info-Tech Insight

    Selecting a mobile platform should not solely be made on business requirements. Key technical stakeholders should be at the table in this discussion to provide insight on the implementation and ongoing costs and benefits of each platform. Both business and technical requirements should be considered when deciding on a final platform.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security and device-specific access and customizations.
    • Application use cases requiring significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    2.1.1 Select your platform approach

    1-3 hours

    1. Review your mobile objectives, end user needs and non-functional requirements.
    2. Determine which mobile platform is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: user-centric and enterprise-centric needs.
    3. Calculate an average score for user-centric and one for enterprise-centric. Then, map them on the matrix to indicate possible platform options. Consider all options around the plotted point.
    4. Further discuss which platforms should be the preferred choice.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Desired mobile experience
    • List of desired mobile features
    • Current state assessments
    • Mobile platform approach
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.1.1 cont'd

    User-Centric Needs: Functional Requirements

    Factors Definitions Survey Responses
    Device Hardware Access The scope of access to native device hardware features. Basic features include those that are available through current web languages (e.g., geolocation) whereas comprehensive features are those that are device-specific. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Hardware The degree of changes to the execution of local device hardware to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Device Software Access The scope of access to software on the user's device, such as calendars and contact. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Software The degree of changes to the execution of local device software to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Use Case Complexity Workflow tasks and decisions are simple and straightforward. Complex computation is not needed to acquire the desired outcome. 1 (Strongly Agree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Disagree)
    Computational Resources The resources needed on the device to complete desired functional needs. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Use Case Ambiguity The mobile use case and technical requirements are well understood and documented. Changes to the mobile application is likely. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile Application Access Enterprise systems and data are accessible to the broader organization through the mobile application. This factor does not necessarily mean that anyone can access it untracked. You may still need to identify yourself or log in, etc. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Scope of Adoption & Impact The extent to which the mobile application is leveraged in the organization. 1 (Enterprise) – 2 – 3 (Department) – 4 – 5 (Team)
    Installable The need to locally install the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Targeted Devices & Platforms Mobile applications are developed for a defined set of mobile platform versions and types and device. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Output Audience The mobile application transforms an input into a valuable output for high-priority internal or external stakeholders. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    User-Centric Needs: Native User Experience Factors

    Factors Definitions Survey Responses
    Immersive Experience The need to bridge physical world with the virtual and digital environment, such as geofencing and NFC. 1 (Internally Delivered) – 2 – 3 (3rd Party Supported) – 4 – 5 (Business Implemented)
    Timeliness of Content and Updates The speed of which the mobile application (and supporting system) responds with requested information, data and updates from enterprise systems and 3rd party services. 1 (Reasonable Delayed Response) – 2 – 3 (Partially Outsourced) – 4 – 5 (Fully Outsourced)
    Application Performance The speed of which the mobile application completes tasks is critical to its success. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Network Accessibility The needed ability to access and use the mobile application in various network conditions. 1 (Only Available When Online) – 2 – 3 (Partially Available When Online) – 4 – 5 (Available Online)
    Integrated Ecosystem The approach to integrate the mobile application with enterprise or 3rd party systems and services. 1 (Out-of-the-Box Connectors) – 2 – 3 (Configurable Connectors) – 4 – 5 (Customized Connectors)
    Desire to Have a Native Look-and-Feel The aesthetics and UI features (e.g., heavy animations) that are only available through native and cross-platform applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    User Tolerance to Change The degree of willingness and ableness for a user to change their way of working to maximize the value of the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Mission Criticality The business could not execute its main strategy if the mobile application was removed. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Value The mobile application directly adds business value to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Industry Differentiation The mobile application provides a distinctive competitive advantage or is unique to your organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    Enterprise-Centric Needs: Non-Functional Requirements

    Factors Definitions Survey Responses
    Legacy Compatibility The need to integrate and operate with legacy systems. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Code Portability The need to enable the "code once and deploy everywhere" approach. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Vendor & Technology Lock-In The tolerance to lock into a vendor mobile delivery solution or technology framework. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Data Sensitivity The data used by the mobile application does not fall into the category of sensitive data – meaning nothing financial, medical, or personal identity (GDPR and worldwide equivalents). The disclosure, modification, or destruction of this data would cause limited harm to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Data Policies Policies of the mobile application's data are mandated by internal departmental standards (e.g. naming standards, backup standards, data type consistency). Policies only mandated in this way usually have limited use in a production capacity. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Security Risks Mobile applications are connected to private data sources and its intended use will be significant if underlying data is breached. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Continuity & System Integrity Risks The mobile application in question does not have much significance relative to the running of mission critical processes in the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    System Openness Openness of enterprise systems to enable mobile applications from the user interface to the business logic and backend integrations and database. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Mobile Device Management The organization's policy for the use of mobile devices to access and leverage enterprise data and services. 1 (Bring-Your-Own-Device) – 2 – 3 (Hybrid) – 4 – 5 (Corporate Devices)

    2.1.1 cont'd

    Enterprise-Centric Needs: Delivery Capacity

    Factors Definitions Survey Responses
    Ease of Mobile Delivery The desire to have out-of-the-box and packaged tools to expedite mobile application delivery using web technologies. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Competency The capability for internal staff to and learn how to implement and administer mobile delivery tools and deliver valuable, high-quality applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Ease of Deployment The desire to have the mobile applications delivered by the team or person without specialized resources from outside the team. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Approach The capability to successfully deliver mobile applications given budgetary and costing, resourcing, and supporting services constraints. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Maintenance & Operational Support The capability of the resources to responsibly maintain and operate mobile applications, including defect fixes and the addition and extension of modules to base implementations of the digital product. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Domain Knowledge Support The availability and accessibility of subject and domain experts to guide facilitate mobile application implementation and adoption. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Urgency The desire to have the mobile application delivered quickly. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Reusable Components The desire to reuse UI elements and application components. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)

    2.1.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric Needs 4.25 3
    Functional Requirements 4.5 2.25
    Native User Experience Factors 4 1.75
    Enterprise-Centric Needs 4 2
    Non-Functional Requirements 3.75 3.25
    Delivery Capacity 4.25 2.75
    Possible Mobile Platform Cross-Platform Native PWA Hybrid

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform. Two yellow circles are overlaid, one containing the phrase: Remote Support - over the box containing Progressive Web Applications (PWA) or Hybrid; and a yellow circle containing the phrase Inventory MGMT, partly covering the box containing Native; and the box containing Cross-Platform.

    Build a scalable and manageable platform

    Long-term mobile success depends on the efficiency and reliability of the underlying operational platform. This platform must support the computational and performance demands in a changing business environment, whether it is composed of off-the-self or custom-developed solutions, or a single vendor or best-of-breed.

    • Application
      • The UI design and content language is standardized and consistently applied
      • All mobile configurations and components are automatically versioned
      • Controlled administration and tooling access, automation capabilities, and update delivery
      • Holistic portfolio management
    • Data
      • Automated data management to preserve data quality (e.g. removal of duplications)
      • Defined single source of truth
      • Adherence to data governance, and privacy and security policies
      • Good content management practices, governance and architecture
    • Infrastructure
      • Containers and sandboxes are available for development and testing
      • Self-healing and self-service environments
      • Automatic system scaling and load balancing
      • Comply to budgetary and licensing constraints
    • Integration
      • Backend database and system updates are efficient
      • Loosely coupled architecture to minimize system regressions and delivery effort
      • Application, system and data monitoring

    Step 2.2

    Shortlist Your Mobile Delivery Solution

    Activities

    2.2.1 Shortlist your mobile delivery solution

    2.2.2 Build your feature and service lists

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services

    Ask yourself: should I build or buy?

    Build Buy

    Multi-Source Best-of-Breed

    Vendor Add-Ons & Integrations

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Enhance an existing vendor's offerings by using their system add-ons either as upgrades, new add-ons or integrations.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • Introduces tool sprawl.
    • Requires resources to understand tools and how they integrate.
    • Some of the tools necessary may not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Multi-Source Custom

    Single Source

    Integrate systems built in-house with technologies developed by external organizations.

    Buy an application/system from one vendor only.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • May introduce tool sprawl.
    • Requires resources to have strong technical skills
    • Some of the tools necessary may
    • not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Weigh the pros and cons of mobile enablement versus development

    Mobile Enablement

    Mobile Development

    Description Mobile interfaces that heavily rely on enterprise or 3rd party systems to operate. Mobile does not expand the functionality of the system but complements it with enhanced access, input and consumption capabilities. Mobile applications that are custom built or configured in a way that can operate as a standalone entity, whether they are locally deployed to a user's device or virtually hosted.
    Mobile Platform Mobile web, locally installed mobile application provided by vendor Mobile web, hybrid, cross-platform, native
    Typical Audience Internal staff, trusted users Internal and external users, general public
    Examples of Tooling Flavors Enterprise applications, point solutions, robotic & process automation Mobile enterprise application platform, web development, low and no code development, software development kits (SDKs)
    Technical Skills Required Little to no mobile delivery experience and skillsets are needed, but teams must be familiar with the supporting system to understand how a mobile interface can improve the value of the system. Have good UX-driven and quality-first practices in the mobile context. In-depth coding, networking, system and UX design, data management and security skills are needed for complex designs, functions, and architectures.
    Architecture & Integration Architecture is standardized by the vendor or enterprise with UI elements that are often minimally configurable. Extensions and integrations must be done through the system rather than the mobile interface. Much of application stack and integration approach can be customized to meet the specific functional and non-functional needs. It should still leverage web and design standards and investments currently used.
    Functional Scope Functionality is limited to the what the underlying system allows the interface to do. This often is constrained to commodity web application features (e.g., reporting) or tied to minor configurations to the vendor-provided point solution Functionality is only constrained by the platform and the targeted mobile devices whether it is performance, integration, access or security related. Teams should consider feature and content parity across all products within the organization portfolio.
    Delivery Pipeline End-to-end delivery and automated pipeline is provided by the vendor to ensure parity across all interfaces. Many vendors provide cloud-based services for hosting. Otherwise, it is directly tied to the SDLC of the supporting system. End-to-end delivery and automated pipeline is directly tied to enterprise SDLC practices or through the vendor. Some vendors provide cloud-based services for hosting. Updates are manually or automatically (through a vendor) published to app stores and can be automatically pushed to corporate users through mobile application management capabilities.
    Standards & Guardrails Quality standards and technology governance are managed by the vendor or IT with limited capabilities to tailor them to be mobile specific. Quality standards and technology governance are managed by the mobile delivery teams. The degree of customizations to these standards and guardrails is dependent on the chosen platform and delivery team competencies.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g., AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with 3rd party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution gives you the tools, resources and support to enable or build your mobile application. They can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Some solutions can be barebone software development kits (SDKs) or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need of acquiring new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Explore the various solution options

    Vendor Hosted Mobile Platform

    • Cloud Services (Mobile Backend-as-a-Service) (Amazon Amplify, Kinvey, Back4App, Google Firebase, Apache Usergrid)
    • Low Code Mobile Platforms (Outsystems, Mendix, Zoho Creator, IBM Mobile Foundation, Pega Mobile, HCL Volt MX, Appery)
    • Mobile Development via Enterprise Application (SalesForce Heroku, Oracle Application Accelerator MAX, SAP Mobile Development Kit, NetSuite Mobile)
    • Mobile Development via Business Process Automation (PowerApps, Appian, Nintex, Quickbase)

    Cross-Platform Development SDKs

    React Native, NativeScript, Xamarin Forms, .NET MAUI, Flutter, Kotlin Multiplatform Mobile, jQuery Mobile, Telerik, Temenos Quantum

    Custom Native Development Solutions

    • Native Development Languages and Environments (Swift, Java, Objective-C, Kotlin, Xcode, NetBeans, Android Studio, AppCode, Microsoft Visual Studio, Eclipse, DriodScript, Compose, Atom)
    • Mobile Application Utilities (Unity, MonoGame, Blender, 3ds Max Design, Maya, Unreal Engine, Amazon Lumberyard, Oculus)

    Commercial-Off-the-Shelf Solutions

    • No Code Mobile Platforms (Swiftic, Betty Blocks, BuildFire, Appy Pie, Plant an App, Microsoft Power Apps, AppSheet, Wix, Quixy)
    • Mobile Application Point Solutions and Enablement via Enterprise Applications

    Hybrid Development SDKs

    Cordova Project, Sencha Touch, Electron, Ionic, Capacitor, Monaca, Voltbuilder

    Custom Web Development Solutions

    Web Development Frameworks (React, Angular, Vue, Express, Django, Rails, Spring, Ember, Backbone, Bulma, Bootstrap, Tailwind CSS, Blade)

    Get the most out of your solutions by understanding their core components

    While most of the heavy lifting is handled by the vendor or framework, understanding how the mobile application is built and operates can identify where further fine-tuning is needed to increase its value and quality.

    Platform Runtime

    Automatic provisioning, configurations, and tuning of organizational and 3rd party infrastructure for high availability, performance, security and stability. This can include cloud management and non-production environments.

    Extensions

    • Mobile delivery solutions can be extended to allow:
    • Custom development of back-end code
    • Customizable integrations and hooks where needed
    • Integrations with CI/CD pipelines and administrative services
    • Integrations with existing databases and authentication services

    Platform Services

    The various services needed to support mobile delivery and enable continuous delivery, such as:

    • Configuration & Change Management – Verifies, validates, and monitors builds, deployments and changes across all components.
    • Code Generator – Transforms UI and data models into native application components that are ready to be deployed.
    • Deployment Services – Deploys application components consistently across all target environments and app stores.
    • Application Services – Manages the mobile application at runtime, including executing scheduled tasks and instrumentation.

    Application Architecture

    Fundamentally, mobile application architecture is no different than any other application architecture so much of your design standards still applies. The trick is tuning it to best meet your mobile functional and non-functional needs.

    This image contains an example of mobile application architecture.

    Source: "HCL Volt MX", HCL.

    Build your shortlist decision criteria

    The decision on which type of mobile delivery solution to use is dependent on several key questions?

    Who is the Mobile Delivery Team?

    • Is it a worker, business or IT?
    • What skills and knowledge does this person have?
    • Who is supporting mobile delivery and management?
    • Are other skills and tools needed to support, extend or mature mobile delivery adoption?

    What are the Use Cases?

    • What is the value and priority of the use cases?
    • What native features do we need?
    • Who is the audience of the output and who is impacted?
    • What systems, data and services do I need access?
    • Is it best to build it or buy it?
    • What are the quality standards?
    • How strategic is the use case?

    How Complex is the System?

    • Is the mobile application a standalone or integrated with enterprise systems?
    • What is the system's state and architecture?
    • What 3rd party services do we need integrated?
    • Are integrations out-of-the-box or custom?
    • Is the data standardized and who can edit its definition?
    • Is the system monolithic or loosely coupled?

    How Much Can We Tolerate?

    • Risks: What are the business and technical risks involved?
    • Costs: How much can we invest in implementation, training and operations?
    • Change: What organizational changes am I expecting to make? Will these changes be accepted and adopted?

    2.2.1 Shortlist your mobile delivery solution

    1-3 hours

    1. Determine which mobile delivery solutions is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: complexity of mobile workflows and native features and management of the mobile stack.
      1. Take the average of the enterprise-centric and user-centric scores from step 2.1 for your complexity of mobile workflows and native features scores.
    2. Calculate an average score for the management of the mobile stack. Then, map them on the matrix to indicate possible solution options alongside your user-centric scores. Consider all options around the plotted point.
    3. Further discuss which solution should be the preferred choice and compare those options with your selected platform approach.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Current state assessment
    • Mobile platform approach
    • Shortlist of mobile delivery solution
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.2.1 cont'd

    Stack Management

    Factors Definitions Survey Responses
    Cost of Delayed Delivery The expected cost if a vendor solution or update is delayed. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Vendor Negotiation Organization's ability to negotiate favorable terms from vendors. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Controllable Delivery Timeline Organization's desire to control when solutions and updates are delivered. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Hosting The desired approach to host the mobile application. 1 (Fully Outsourced) – 2 – 3 (Partially Outsourced) – 4 – 5 (Internally Hosted)
    Vendor Lock-In The tolerance to be locked into a specific technology stack or vendor ecosystem. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Operational Cost Target The primary target of the mobile application's operational budget. 1 (External Resources) – 2 – 3 (Hybrid) – 4 – 5 (Internal Resources)
    Platform Management The desired approach to manage the mobile delivery solution, platform or underlying technology. 1 (Decentralized) – 2 – 3 (Federated) – 4 – 5 (Centralized)
    Skill & Competency of Mobile Delivery Team The ability of the team to create and manage valuable and high-quality mobile applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Current Investment in Enterprise Technologies The need to maximize the ROI of current enterprise technologies or integrate with legacy technologies. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Ease of Extensibility Need to have out-of-the-box connectors and plug-ins to extend the mobile delivery solution beyond its base implementation. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Holistic Application Strategy Organizational priorities on the types of applications the portfolio should be comprised. 1 (Buy) – 2 – 3 (Hybrid) – 4 – 5 (Build)
    Control of Delivery Pipeline The desire to control the software delivery pipeline from design to development, testing, publishing and support. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Specific Quality Requirements Software and mobile delivery is constrained to your unique quality standards (e.g., security, performance, availability) 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)

    2.2.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric & Enterprise Centric Needs (From Step 2.1) 4.125 2.5
    Stack Management 2 2.5
    Desired Mobile Delivery Solution Vendor-Hosted Mobile Platform

    Commercial-Off-the-Shelf Solution

    Hybrid Development Solution

    A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions.

    Consider the following in your solution selection and implementation

    • Vendor lock in – Each solution has its own approach, frameworks, and data schemas to convert designs and logic into an executable build that is stable in the targeted environment. Consequently, moving application artifacts (e.g., code and designs) from one solution or environment to another may not be easily accomplished without significant modifications or the use of application modernization or migration services.
    • Conflicting priorities and viewpoints of good delivery practices – Mobile delivery solutions are very particular on how they generate applications from designs and configurations. The solution's approach may not accommodate your interpretation of high-quality code (e.g., scalability, maintainability, extensibility, security). Technical experts should be reviewing and refactoring the generated code.
    • Incompatibility with enterprise applications and systems – The true benefit of mobile delivery solutions is their ability to connect your mobile application to enterprise and 3rd party technologies and services. This capability often requires enterprise technologies and services to be architected in a way that is compatible with your delivery solution while ensuring data, security protocols and other standards and policies are consistently enforced.
    • Integration with current application development and management tools – Mobile delivery solutions should be extensions from your existing application development and management tools that provides the versioning, testing, monitoring, and deployment capabilities to sustain a valuable application portfolio. Without this integration, IT will be unable to:
      • Root cause issues found on IT dashboards or reported to help desk.
      • Rollback defective applications to a previous stable state.
      • Obtain a complete application portfolio inventory.
      • Execute comprehensive testing for high-risk applications.
      • Trace artifacts throughout the development lifecycle.
      • Generate reports of the status of releases.

    Enhance your SDLC to support mobile delivery

    What is the SDLC?

    The software development lifecycle (SDLC) is a process that ensures valuable software products are efficiently delivered to customers. It contains a repeatable set of activities needed to intake and analyze requirements to design, build, test, deploy, and maintain software products.

    How will mobile delivery influence my SDLC?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    Example: Low- & No-Code Mobile Delivery Pipeline

    Low Code

    Data Modeling & Configuration

    No Code

    Visual Interface with Complex Data Models

    Data Modeling & Configuration

    Visual Interfaces with Simple Data Models

    GUI Designer with Customizable Components & Entities

    UI Definition & Design

    GUI Designer with Canned Templates

    Visual Workflow and Custom Scripting

    Business Logic Rules and Workflow Specification

    Visual Workflow and Natural Language Scripting

    Out-of-the-Box Plugins & Custom Integrations

    Integration of External Services (via 3rd Party APIs)

    Out-of-the-Box Plugins

    Automated and Manual Build & Packaging

    Build & Package

    Automated Build & Packaging

    Automated & Manual Testing

    Test

    Automated Testing

    One-Click Push or IT Push to App Store

    Publish to App Store

    One-Click Push to App Store

    Use Info-Tech's research to address your delivery gaps

    Mobile success requires more than a set of good tools.

    Overcome the Common Challenges Faced with Building Mobile Applications

    Common Challenges with Digital Applications

    Suggested Solutions

    • Time & Resource Constraints
    • Buy-In From Internal Stakeholders
    • Rapidly Changing Requirements
    • Legacy Systems
    • Low-Priority for Internal Tools
    • Insufficient Data Access

    Source: DronaHQ, 2021

    Learn the differentiators of mobile delivery solutions

    • Native Program Languages – Supports languages other than web (Java, Ruby, C/C++/C#, Objective-C).
    • IDE Integration – Available plug-ins for popular development suites and editors.
    • Debugging Tools – Finding and eliminating bugs (breakpoints, single stepping, variable inspection, etc.).
    • Application Packaging via IDE – Digitally sign applications through the IDE for it to be packaged and published in app stores.
    • Automated Testing Tools – Native or integration with automated functional and unit testing tools.
    • Low- and No- Code Designer – Tools for designing graphical user interfaces and features and managing data with drag-and-drop functionalities.
    • Publishing and Deployment Capabilities – Automated deployment to mobile device management (MDM) systems, mobile application management (MAM) systems, mobile application stores, and web servers.
    • Third-Party and Open-Source Integration – Integration with proprietary and open-source third-party modules, development tools, and systems.
    • Developer Marketplace – Out-of-the-box plug-ins, templates, and integration are available through a marketplace.
    • Mobile Application Support Capabilities – Ability to gather, manage, and address application issues and defects.
    • API Gateway, Monitoring, and Management – Services that enable the creation, publishing, maintenance, monitoring, and securing of APIs through a common interface.
    • Mobile Analytics and Monitoring – View the adoption, usage, and performance of deployed mobile applications through graphical dashboards.
    • Mobile Content Management – Publish and manage mobile content through a centralized system.
    • Mobile Application Security – Supports the securing of application access and usage, data encryption, and testing of security controls.

    Define your mobile delivery vendor selection criteria

    Focus on the key vendor attributes and capabilities that enable mobile delivery scaling and growth in your organization

    Considerations in Mobile Delivery Vendor Selection
    Platform Features & Capabilities Price to Implement & Operate Platform
    Types of Mobile Applications That Can Be Developed Ease of IT Administration & Management
    User Community & Marketplace Size Security, Privacy & Access Control Capabilities
    SME in Industry Verticals & Business Functions Vendor Product Roadmap & Corporate Strategy
    Pre-Built Designs, Templates & Application Shells Scope of Device- and OS-Specific Compatibilities
    Regulatory & Industry Compliance Integration & Technology Partners
    Importing Artifacts From and Exporting to Other Solutions Platform Architecture & Underlying Technology
    End-to-End Support for the Entire Mobile SDLC Relevance to Current Mobile Trends & Practices

    Build your features list

    Incorporate different perspectives when defining the list of mandatory and desired features of your target solution.

    Appendix B contains a list of features for low- and no-code solutions that can be used as a starting point.

    Visit Info-Tech's Implement a Proactive and Consistent Vendor Selection Process blueprint.

    Mobile Developer

    • Visual, drag-and-drop models to define data models, business logic, and user interfaces.
    • One-click deployment.
    • Self-healing capabilities.
    • Vendor-managed infrastructure.
    • Active community and marketplace.
    • Pre-built templates and libraries.
    • Optical character recognition and natural language processing.
    • Knowledgebase and document management.
    • Business value, operational costs, and other KPI monitoring.
    • Business workflow automation.

    Mobile IT Professional

    • Audit and change logs.
    • Theme and template builder.
    • Template management.
    • Role-based access.
    • Regulatory compliance.
    • Consistent design and user experience across applications.
    • Application and system performance monitoring.
    • Versioning and code management.
    • Automatic application and system refactoring and recovery.
    • Exception and error handling.
    • Scalability (e.g. load balancing) and infrastructure management.
    • Real-time debugging.
    • Testing capabilities.
    • Security management.
    • Application integration management.

    2.2.2 Build your feature and service lists

    1-3 hours

    Review the key outcomes in the previous exercises to help inform the features and vendor support you require to support your mobile delivery needs:

    End user personas and desired mobile experience

    Objectives and expectations

    Desired mobile features and platform

    Mobile delivery solutions

    Brainstorm a list of features and functionalities you require from your ideal solution vendors. Prioritize these features and functionalities. See our Implement a Proactive and Consistent Vendor Selection Process blueprint for more information on vendor procurement.

    Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Shortlist of mobile solutions
    • Quality definitions
    • Mobile objectives and metrics
    • List of desired features and services of mobile delivery solution vendors
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    AwarenessEducation & DiscoveryEvaluationSelection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization2.1 Understand Marketplace Capabilities & Trends3.1 Gather & Prioritize Requirements & Establish Key Success Metrics4.1 Create a Weighted Selection Decision Model5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action2.2 Discover Alternate Solutions & Conduct Market Education3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application PortfolioNarrow the Field to Four Top Contenders4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation2.4 Validate the Business Case5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Step 2.3

    Create a Roadmap for Mobile Delivery

    Activities

    2.3.1 Define your MVP release

    2.3.2 Build your roadmap

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • MVP design
    • Mobile delivery roadmap

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Leverage a canvas to detail your MVP

    Use the release canvas to organize and align the organization around your MVP!

    This is an example of a release canvas which can be used to detail your MVP.

    2.3.1 Define your MVP release

    1-3 hours

    1. Create a list of high priority use cases slated for mobile application delivery. Brainstorm the various supporting activities required to implement your use cases including the shortlisting of mobile delivery tools.
    2. Prioritize these use cases based on business priority (from your canvas). Size the effort of these use cases through collaboration.
    3. Define your MVPs using a release canvas as shown on the following slide.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • High priority mobile opportunities
    • Mobile platform approach
    • Shortlist of mobile solutions
    • List of potential MVPs
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.1 cont'd

    MVP Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    MVP Theme/Goals

    [Theme / Goal]

    Use Cases

    Value

    Costs

    [Use Case 1]
    [Use Case 2]
    [Use Case 3]

    [Business Value 1]
    [Business Value 2]
    [Business Value 3]

    [Cost Item 1]
    [Cost Item 2]
    [Cost Item 3]

    Impacted Personas

    Impacted Workflows

    Stakeholders

    [Persona 1]
    [Persona 2]
    [Persona 3]

    [Workflow 1]
    [Workflow 2]
    [Workflow 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Build your mobile roadmap

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going

    Your mobile roadmap

    • Lays out a strategy for your mobile application, platform and practice implementation and scaling.
    • Is a statement of intent for your mobile adoption.
    • Communicates direction for the implementation and use of mobile delivery tools, mobile applications and supporting technologies.
    • Directly connects to the organization's goals

    However, it is not:

    • Representative of a hard commitment.
    • A simple combination of your current product roadmaps

    Roadmap your MVPs against your milestones and release dates

    This is an image of an example of a roadmap for your MVPS, with milestones across Jan 2022, Feb 2022, Mar 2022, Apr 2022. under milestones, are the following points: Points in the timeline when an established set of artifacts is complete (feature-based), or to check status at a particular point in time (time-based); Typically assigned a date and used to show progress; Plays an important role when sequencing different types of artifacts. Under Release Dates are the following points: Releases mark the actual delivery of a set of artifacts packaged together in a new version of processes and applications or new mobile application and delivery capabilities. ; Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Understand what is communicated in your roadmap

    WHY is the work being done?

    Explains the overarching goal of work being done to a specific audience.

    WHO is doing the work?

    Categorizes the different groups delivering the work on the product.

    WHAT is the work being done?

    Explains the artifacts, or items of work, that will be delivered.

    WHEN is the work being done?

    Explains when the work will be delivered within your timeline.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Pay attention to organizational changes

    Be prepared to answer:

    "How will mobile change the way I do my job?"

    • Plan how workers will incorporate mobile applications into their way of working and maximize the features it offers.
    • Address the human concerns regarding the transition to a digital world involving modern and mobile technologies and automation.
    • Accept changes, challenges and failures with open arms and instill tactics to quickly address them.
    • Build and strengthen business-IT trust, empowerment, and collaborative culture by adopting the right practices throughout the mobile delivery process.
    • Ensure continuous management and leadership support for business empowerment, operational changes, and shifts in role definitions to best support mobile delivery.
    • Establish a committee to manage the growth, adoption, and delivery of mobile as part of a grandeur digital application portfolio and address conflicts among business units and IT.

    Anticipate and prepare for changes and issues

    Verify and validate the flexibility and adaptability of your mobile applications, strategy and roadmap against various scenarios

    • Scenarios
      • Application Stores Rejecting the Application
      • Security Incidents & Risks
      • Low User Adoption, Retention & Satisfaction
      • Incompatibility with User's Device & Other Systems
      • Device & OS Patches & Updates
      • Changes in Industry Standards & Regulations

    Use the "Now, Next, Later" roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now

    What are you going to do now?

    Next

    What are you going to do very soon?

    Later

    What are you going to do in the future?

    This is a roadmap showing various points in the following categories: Now; Next; Later

    Adapted From: "Tips for Agile product roadmaps & product roadmap examples," Scrum.org, 2017

    2.3.2 Build your roadmap

    1-3 hours

    1. Identify the business outcomes your mobile application delivery and MVP is expected to deliver.
    2. Build your strategic roadmap by grouping each business outcome by how soon you need to deliver it:
      1. Now: Let's achieve this ASAP.
      2. Next: Sometime very soon, let's achieve these things.
      3. Later: Much further off in the distance, let's consider these things.
    3. Identify what the critical steps are for the organization to embrace mobile application delivery and deliver your MVP.
    4. Build your tactical roadmap by grouping each critical step by how soon you need to address it:
      1. Now: Let's do this ASAP.
      2. Next: Sometime very soon, let's do these things.
      3. Later: Much further off in the distance, let's consider these things.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential MVPs
    • Mobile roadmap
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.2 cont'd

    Example: Tactical Roadmap

    Milestone 1

    • Modify the business processes of the MVP to best leverage mobile technologies. Streamline the business processes by removing the steps that do not directly support value delivery.
    • Develop UI templates using the material design framework and the organization's design standards. Ensure it is supported on mobile devices through the mobile browser and satisfy accessibility design standards.
    • Verify and validate current security controls against latest security risks using the W3C as a starting point. Install the latest security patches to maintain compliance.
    • Acquire the Ionic SDK and upskill delivery teams.

    Milestone 2

    • Update the current web framework and third-party libraries with the latest version and align web infrastructure to latest W3C guidelines.
    • Verify and validate functionality and stability of APIs with third-party applications. Begin transition to REST APIs where possible.
    • Make minor changes to the existing data architecture to better support the data volume, velocity, variety, and veracity the system will process and deliver.
    • Update the master data management with latest changes. Keep changes to a minimum.
    • Develop and deliver the first iteration of the MVP with Ionic.

    Milestone 3

    • Standardize the initial mobile delivery practice.
    • Continuously monitor the system and proactively address business continuity, system stability and performance, and security risks.
    • Deliver a hands-on and facilitated training session to end users.
    • Develop intuitive user manuals that are easily accessible on SharePoint.
    • Consult end users for their views and perspectives of suggested business model and technology changes.
    • Regularly survey end users and the media to gauge industry sentiment toward the organization.

    Pitch your roadmap initiatives

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Outcome

    • Costs or benefits estimates

    Sign off on cost and benefit projections

    Executives and decision makers

    • Business value and financial benefits
    • Notable business risks and impacts
    • Business rationale and strategic roadmap

    Revisions, edits, and approval

    IT teams

    • Notable technical and IT risks
    • IT rationale and tactical roadmap
    • Proposed resourcing and skills capacity

    Clarity of vision and direction and readiness for delivery

    Business workers

    • Business rationale
    • Proposed business operations changes
    • Application roadmap

    Verification on proposed changes and feedback

    Continuously measure the benefits and value realized in your mobile applications

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    Business Value Matrix

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Grow your mobile delivery practice

    We are Here
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Grow your mobile delivery practice (cont'd)

    Ask yourself the following questions:
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    Checkpoint questions shown at the end of step 1.2 of this blueprint

    You should be at this point upon the successful delivery of your first mobile application.

    Security

    • Your mobile stack (application, data, and infrastructure) is updated to incorporate the security risks mobile apps will have on your systems and business operations.
    • Leading edge encryption, authentication management (e.g., multi-factor), and access control systems are used to bolster existing mobile security infrastructure.
    • Network traffic to and from mobile application is monitored and analyzed.

    Performance Optimization

    • Performance enhancements are made with the entire mobile stack in mind.
    • Mobile performance is monitored and assessed with both proactive (data flow) and retroactive (instrumentation) approaches.
    • Development and testing practices and technologies accommodate the performance differences between mobile and desktop applications.

    API Development

    • Existing web APIs are compatible with mobile applications, or a gateway / middleware is used to facilitate communication with backend and third-party services.
    • APIs are secured to prevent unauthorized access and misuse.
    • Web APIs are documented and standardized for reuse in multiple mobile applications.
    • Implementing APIs of native features in native and/or cross-platform and/or hybrid platforms is well understood.
    • All leading-edge mobile features are mapped to and support business requirements and objectives.
    • The new mobile use cases are well understood and account for the various scenarios/environments a user may encounter with the leading-edge mobile features.
    • The relevant non-mobile devices, readers, sensors, and other dependent systems are shortlisted and acquired to enable and support your new mobile capabilities.
    • Delivery teams are prepared to accommodate the various security, performance, and integration risks associated with implementing leading-edge mobile features. Practices and mechanisms are established to minimize the impact to business operations.
    • Metrics are used to measure the success of your leading-edge mobile features implementation by comparing its performance and acceptance against past projects.
    • Business stakeholders and development teams are up to date with the latest mobile technologies and delivery techniques.

    Summary of Accomplishment

    Choose Your Mobile Platform and Tools

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    If you would like additional support, have our analysts guide you through other phases as part of Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    This is a picture of Chaim Yudkowsky, Chief Information Officer for The American Israel Public Affairs Committee

    Chaim Yudkowsky
    Chief Information Officer
    The American Israel Public Affairs Committee

    Chaim Yudkowsky is currently Chief information Officer for American Israel Public Affairs Committee (AIPAC), the DC headquartered not-for-profit focused on lobbying for a strong US-Israel relationship. In that role, Chaim is responsible for all traditional IT functions including oversight of IT strategy, vendor relationships, and cybersecurity program. In addition, Chaim also has primary responsibility for all physical security technology and strategy for US offices and event technology for the many AIPAC events.

    Bibliography

    "5 Pillars of API Management". Broadcom, 2021. Web.

    Bourne, James. "Apperian research shows more firms pushing larger numbers of enterprise apps". Enterprise CIO, 17 Feb 2016. Web.

    Ceci, L. "Mobile app user retention rate worldwide 2020, by vertical". Statista, 6 Apr 2022. Web.

    Clement, J. "Share of global mobile website traffic 2015-2021". Statista, 18 Feb 2022. Web

    DeVos, Jordan. "Design Problem Statements – What They Are and How to Frame Them." Toptal, n.d. Web.

    Enge, Eric. "Mobile vs. Desktop Usage in 2020". Perficient, 23 March 2021. Web.

    Engels, Antoine. "How many Android updates does Samsung, Xiaomi or OnePlus offer?" NextPit, Mar 2022. Web.

    "Fast-tracking digital transformation through next-gen technologies". Broadridge, 2022. Web.

    Gayatri. "The Pulse of Digital Transformation 2021 – Survey Results." DronaHQ, 2021. Web.

    Gray, Dave. "Updated Empathy Map Canvas." The XPLANE Collection, 15 July 2017. Web.

    "HCL Volt MX". HCL, n.d. Web.

    "iPass Mobile Professional Report 2017". iPass, 2017. Web.

    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce, 2019. Web.

    Karnes, KC. "Why Users Uninstall Apps: 28% of People Feel Spammed [Survey]". CleverTap, 27 July 2021. Web.

    Kemp, Simon. "Digital 2021: Global Overview Report". DataReportal, 27 Jan 2021. Web.

    Kleinberg, Sara. "Consumers are always shopping and eager for your help". Google, Aug 2018. Web.

    MaLavolta, Ivano. "Anatomy of an HTML 5 mobile web app". University of L'Aquila, 16 Apr 2012. Web.

    "Maximizing Mobile Value: To BYOD or not to BYOD?" Samsung and Oxford Economics, 2022. Web.

    "Mobile App Performance Metrics For Crash-Free Apps." AppSamurai, 27 June 2018. Web.

    "Mobile Application Development Statistics: 5 Facts". Intersog, 23 Nov 2021. Web.

    Moore, Geoffrey A. "Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers." Harper Business, 3rd edition, 2014. Book.

    "OWASP Top Ten". OWASP, 2021. Web.

    "Personas". Usability.gov, n.d. Web.

    Roden, Marky. "PSC Tech Talk: UX Design – Not just making things pretty". Xomino, 18 Mar 2018. Web.

    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." USC Student Computing Facility, 1970. Web.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012. Book.

    Sahay, Apurvanand et al. "Supporting the understanding and comparison of low-code development platforms." Universit`a degli Studi dell'Aquila, 2020. Web.

    Schuurman, Robbin. "Tips for Agile product roadmaps & product roadmap examples." Scrum.org, 2017. Web.

    Strunk, Christian. "How to define a product vision (with examples)." Christian Strunk. n.d. Web.

    Szeja, Radoslaw. "14 Biggest Challenges in Mobile App Development in 2022". Netguru, 4 Jan 2022. Web.

    "Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic". Synopsys, 25 Mar 2021. Web.

    "TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views." The Open Group, n.d. Web.

    Wangen, Emilie Nøss. "What Is a Software Platform & How Is It Different From a Product?" HubSpot, 2021. Web.

    "Mobile App Retention Rate: What's a Good Retention Rate?" Localytics, July 2021. Web.

    "Why Mobile Apps Fail: Failure to Launch". Perfecto Mobile, 26 Jan 2014. Web.

    Appendix A

    Sample Reference Frameworks

    Reference Framework: Web Platform

    Most of the operations of the applications on a web platform are executed in the mid-tier or back-end servers. End users interact with the platform through the presentation layer, developed with web languages, in the browser.

    This is an image of the Reference Framework: Web Platform

    Reference Framework: Mobile Web Application

    Many mobile web applications are composed of JavaScript (the muscle of the app), HTML5 (the backbone of the app), and CSS (the aesthetics of the app). The user will make a request to the web server which will interact with the application to provide a response. Since each device has unique attributes, consider a device detection service to help adjust content for each type of device.

    this is an image of the Reference Framework: Mobile Web Application

    Source: MaLavolta, Ivono, 2012.

    Web Platform: Anatomy of a Web Server

    Web Server Services

    • Mediation Services: Perform transformation of data/messages.
    • Boundary Services: Provide interface protocol and data/message conversion capabilities.
    • Event Distribution: Provides for the enterprise-wide adoption of content and topic-based publish/subscribe event distribution.
    • Transport Services: Facilitate data transmission across the middleware/server.
    • Service Directory: Manages multiple service identifiers and locations.

    This image shows the relationships of the various web server services listed above

    Reference Framework: Hybrid Platform

    Unlike the mobile web platform, most of an application's operations on the hybrid platform is on the device within a native container. The container leverages the device browser's runtime engine and is based on the framework of the mobile delivery solution.

    This is an image of the Reference Framework: Hybrid Platform

    Reference Framework: Native Platform

    Applications on a native platform are installed locally on the device giving it access to native device hardware and software. The programming language depends on the operating system's or device's SDK.

    This is an image of the Reference Framework: Native Platform

    Appendix B

    List of Low- and No- Code Software Delivery Solution Features

    Supplementary List of Features

    Graphical user interface

    • Drag-and-drop designer - This feature enhances the user experience by permitting to drag all the items involved in making an app including actions, responses, connections, etc.
    • Point and click approach - This is similar to the drag-and-drop feature except it involves pointing on the item and clicking on the interface rather than dragging and dropping the item.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user can use when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user can use when developing an application.
    • Forms - This feature helps in creating a better user interface and user experience when developing applications. A form includes dashboards, custom forms, surveys, checklists, etc. which could be useful to enhance the usability of the application being developed.
    • Progress tracking - This features helps collaborators to combine their work and track the development progress of the application.
    • Advanced Reporting - This features enables the user to obtain a graphical reporting of the application usage. The graphical reporting includes graphs, tables, charts, etc.
    • Built-in workflows - This feature helps to concentrate the most common reusable workflows when creating applications.
    • Configurable workflows - Besides built-in workflows, the user should be able to customize workflows according to their needs.

    Interoperability support

    • Interoperability with external services - This feature is one of the most important features to incorporate different services and platforms including that of Microsoft, Google, etc. It also includes the interoperability possibilities among different low-code platforms.
    • Connection with data sources - This features connects the application with data sources such as Microsoft Excel, Access and other relational databases such as Microsoft SQL, Azure and other non-relational databases such as MongoDB.

    Security Support

    • Application security - This feature enables the security mechanism of an application which involves confidentiality, integrity and availability of an application, if and when required.
    • Platform security - The security and roles management is a key part in developing an application so that the confidentiality, integrity and authentication (CIA) can be ensured at the platform level.

    Collaborative development support

    • Off-line collaboration - Different developers can collaborate on the specification of the same application. They work off-line locally and then they commit to a remote server their changes, which need to be properly merged.
    • On-line collaboration - Different developers collaborate concurrently on the specification of the same application. Conflicts are managed at run-time.

    Reusability support

    • Built-in workflows - This feature helps to concentrate the most common reusable workflows in creating an application.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user might want to employ when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user might want to employ when developing an application.

    Scalability

    • Scalability on number of users - This features enables the application to scale-up with respect to the number of active users that are using that application at the same time.
    • Scalability on data traffic - This features enables the application to scale-up with respect to the volume of data traffic that are allowed by that application in a particular time.
    • Scalability on data storage - This features enables the application to scale-up with respect to the data storage capacity of that application.

    Business logic specification mechanisms

    • Business rules engine - This feature helps in executing one or more business rules that help in managing data according to user's requirements.
    • Graphical workflow editor - This feature helps to specify one or more business rules in a graphical manner.
    • AI enabled business logic - This is an important feature which uses Artificial Intelligence in learning the behavior of an attributes and replicate those behaviors according to learning mechanisms.

    Application build mechanisms

    • Code generation - According to this feature, the source code of the modeled application is generated and subsequently deployed before its execution.
    • Models at run-time - The model of the specified application is interpreted and used at run-time during the execution of the modeled application without performing any code generation phase.

    Deployment support

    • Deployment on cloud - This features enables an application to be deployed online in a cloud infrastructure when the application is ready to deployed and used.
    • Deployment on local infrastructures - This features enables an application to be deployed locally on the user organization's infrastructure when the application is ready to be deployed and used.

    Kinds of supported applications

    • Event monitoring - This kind of applications involves the process of collecting data, analyzing the event that can be caused by the data, and signaling any events occurring on the data to the user.
    • Process automation - This kind of applications focuses on automating complex processes, such as workflows, which can take place with minimal human intervention.
    • Approval process control - This kind of applications consists of processes of creating and managing work approvals depending on the authorization of the user. For example, payment tasks should be managed by the approval of authorized personnel only.
    • Escalation management - This kind of applications are in the domain of customer service and focuses on the management of user viewpoints that filter out aspects that are not under the user competences.
    • Inventory management - This kind of applications is for monitoring the inflow and outflow of goods and manages the right amount of goods to be stored.
    • Quality management - This kind of applications is for managing the quality of software projects, e.g., by focusing on planning, assurance, control and improvements of quality factors.
    • Workflow management - This kind of applications is defined as sequences of tasks to be performed and monitored during their execution, e.g., to check the performance and correctness of the overall workflow.

    Source: Sahay, Apurvanand et al., 2020

    Endpoint Management Selection Guide

    • Buy Link or Shortcode: {j2store}65|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Endpoint management solutions are becoming an essential solution: Deploying the right devices and applications to the right user and the need for zero-touch provisioning are indispensable parts of a holistic strategy for improving customer experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.

    Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering a concrete business value.

    Our Advice

    Critical Insight

    Investigate vendors’ roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements, without any unnecessary investment in features that are not currently useful for you. Make sure you don’t purchase capabilities that you will never use.

    Impact and Result

    • Determine what you require from an endpoint management solution.
    • Review the market space and product offerings, and compare capabilities of key players.
    • Create a use case and use top-level requirements to determine use cases and shortlist vendors.
    • Conduct a formal process for interviewing vendors using Info-Tech’s templates to select the best platform for your requirements.

    Endpoint Management Selection Guide Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Endpoint Management Selection Guide Storyboard – A structured guide to walk you through the endpoint management market.

    This storyboard will help you understand endpoint management solution core capabilities and prepare you to select an appropriate tool.

    • Endpoint Management Selection Guide Storyboard

    2. UEM Requirements Workbook – A template to help you build your first draft of requirements for UEM selection.

    Use this spreadsheet to brainstorm use cases and features to satisfy your requirements. This document will be help you score solutions and narrow down the field to a list of candidates who can meet your requirements.

    • UEM Requirements Workbook
    [infographic]

    Further reading

    Endpoint Management Selection Guide

    Streamline your organizational approach to selecting a right-sized endpoint management platform.

    Endpoint Management Selection Guide

    Streamline your organizational approach toward the selection of a right-sized endpoint management platform.

    EXECUTIVE BRIEF

    Analyst Perspective

    Revolutionize your endpoint management with a proper tool selection approach

    The endpoint management market has an ever-expanding and highly competitive landscape. The market has undergone tremendous evolution in past years, from device management to application deployments and security management. The COVID-19 pandemic forced organizations to service employees and end users remotely while making sure corporate data is safe and user satisfaction doesn't get negatively affected. In the meantime, vendors were forced to leverage technology enhancements to satisfy such requirements.

    That being said, endpoint management solutions have become more complex, with many options to manage operating systems and run applications for relevant user groups. With the work-from-anywhere model, customer support is even more important than before, as a remote workforce may face more issues than before, or enterprises may want to ensure more compliance with policies.

    Moreover, the market has become more complex, with lots of added capabilities. Some features may not be beneficial to corporations, and with a poor market validation, businesses may end up paying for some capabilities that are not useful.

    In this blueprint, we help you quickly define your requirements for endpoint management and narrow down a list to find the solutions that fulfill your use cases.

    An image of Mahmoud Ramin, PhD

    Mahmoud Ramin, PhD
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Endpoint management solutions are becoming increasingly essential – deploying the right devices and applications to the right users and zero-touch provisioning are indispensable parts of a holistic strategy for improving customers' experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.

    Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering concrete business value.

    Common Obstacles

    Despite the importance of selecting the right endpoint management platform, many organizations struggle to define an approach to picking the most appropriate vendor and rolling out the solution in an effective and cost-efficient manner. There are many options available, which can cause business and IT leaders to feel lost.

    The endpoint management market is evolving quickly, making the selection process tedious. On top of that, IT has a hard time defining their needs and aligning solution features with their requirements.

    Info-Tech's Approach

    Determine what you require from an endpoint management solution.

    Review the market space and product offerings, and compare the capabilities of key players.

    Create a use case – use top-level requirements to determine use cases and short-list vendors.

    Conduct a formal process for interviewing vendors, using Info-Tech's templates to select the best platform for your requirements.

    Info-Tech Insight

    Investigate vendors' roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements without any unnecessary investment in features that are not currently useful for you. Make sure you don't purchase capabilities that you will never use.

    What are endpoint management platforms?

    Our definition: Endpoint management solutions are platforms that enable IT with appropriate provisioning, security, monitoring, and updating endpoints to ensure that they are in good health. Typical examples of endpoints are laptops, computers, wearable devices, tablets, smart phones, servers, and the Internet of Things (IoT).

    First, understand differences between mobile management solutions

    • Endpoint management solutions monitor and control the status of endpoints. They help IT manage and control their environment and provide top-notch customer service.
    • These solutions ensure a seamless and efficient problem management, software updates and remediations in a secure environment.
    • Endpoint management solutions have evolved very quickly to satisfy IT and user needs:
    • Mobile Device Management (MDM) helps with controlling features of a device.
    • Enterprise Mobile Management (EMM) controls everything in a device.
    • Unified Endpoint Management (UEM) manages all endpoints.

    Endpoint management includes:

    • Device management
    • Device configuration
    • Device monitoring
    • Device security

    Info-Tech Insight

    As endpoint management encompasses a broad range of solution categories including MDM, EMM, and UEM, look for your real requirements. Don't pay for something that you won't end up using.

    As UEM covers all of MDM and EMM capabilities, we overview market trends of UEM in this blueprint to give you an overall view of market in this space.

    Your challenge: Endpoint management has evolved significantly over the past few years, which makes software selection overwhelming

    An mage showing endpoint management visualzed as positions on an iceberg. at the top is UEM, at the midpoint above the waterline is Enterprise Mobile Management, and below the water is Mobile Device Management.

    Additional challenges occur in securing endpoints

    A rise in the number of attacks on cloud services creates a need to leverage endpoint management solutions

    MarketsandMarkets predicted that global cloud infrastructure services would increase from US$73 billion in 2019 to US$166.6 billion in 2024 (2019).

    A study by the Ponemon Institute showed that 68% of respondents believe that security attacks increased over the past 12 months (2020).

    The study reveals that over half of IT security professionals who participated in the survey believe that organizations are not very efficient in securing their endpoints, mainly because they're not efficient in detecting attacks.

    IT professionals would like to link endpoint management and security platforms to unify visibility and control, to determine potential risks to endpoints, and to manage them in a single solution.

    Businesses will continue to be compromised by the vulnerabilities of cloud services, which pose a challenge to organizations trying to maintain control of their data.

    Trends in endpoint management have been undergoing a tremendous change

    In 2020, about 5.2 million users subscribed to mobile services, and smartphones accounted for 65% of connections. This will increase to 80% by 2025.
    Source: Fortune Business Insights, 2021

    Info-Tech's methodology for selecting a right-sized endpoint management platform

    1. Understand Core Features and Build Your Use Case

    2. Discover the Endpoint Management Market Space and Select the Right Vendor

    Phase Steps

    1. Define endpoint management platforms
    2. Explore endpoint management trends
    3. Classify table stakes & differentiating capabilities
    4. Streamline the requirements elicitation process for a new endpoint management platform
    1. Discover key players across the vendor landscape
    2. Engage the shortlist and select finalists
    3. Prepare for implementation

    Phase Outcomes

    1. Consensus on scope of endpoint management and key endpoint management platform capabilities
    2. Top-level use cases and requirements
    1. Overview of shortlisted vendors
    2. Prioritized list of UEM features

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand what an endpoint management platform is and learn how it evolved. Discuss core capabilities and key trends.
    Call #2: Build a use case and define features to fulfill the use case.

    Call #3: Define your core endpoint management platform requirements.
    Call #4: Evaluate the endpoint management platform vendor landscape and shortlist viable options.
    Review implementation considerations.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The endpoint management purchase process should be broken into segments:

    1. Endpoint management vendor shortlisting with this buyer's guide
    2. Structured approach to selection
    3. Contract review

    Info-Tech's approach

    The Info-Tech difference:
    Analyze needs

    Evaluate solutions

    Determine where you need to improve the tools and processes used to support the company.

    Determine the best fit for your needs by scoring against features.

    Assess existing solution

    Features

    Determine if your solution can be upgraded or easily updated to meet your needs.

    Determine which features will be key to your success

    Create a business case for change

    Use Cases

    A two-part business case will focus on a need to change and use cases and requirements to bring stakeholders onboard.

    Create use cases to ensure your needs are met as you evaluate features

    Improve existing

    High-Level Requirements

    Work with Info-Tech's analysts to determine next steps to improve your process and make better use of the features you have available.

    Use the high-level requirements to determine use cases and shortlist vendors

    Complementary research:

    Create a quick business case and requirements document to align stakeholders to your vision with Info-Tech's Rapid Application Selection Framework.
    See what your peers are saying about these vendors at SoftwareReviews.com.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Phase 1

    Understand core features and build your business case

    Phase 1

    Phase 2

    Define endpoint management platforms

    Explore endpoint management trends

    Classify table stakes & differentiating capabilities

    Streamline the requirements elicitation process for a new endpoint management platform

    Discover key players across the vendor landscape

    Engage the shortlist and select finalist

    Prepare for implementation

    This phase will walk you through the following activity:

    Define use cases and core features for meeting business and technical goals

    This phase involves the following participants:

    • CIO
    • IT manager
    • Infrastructure & Applications directors
    Mobile Device Management

    Enterprise Mobile Management

    MDM applies security over corporate-owned devices.

    What is MDM and what can you do with it?

    1. MDM helps manage and control corporate owned devices.
    2. You can enforce company policies, track, monitor, and lock device remotely by an MDM.
    3. MDM helps with remote wiping of the device when it is lost or stolen.
    4. You can avoid unsecure Wi-Fi connections via MDM.

    EMM solutions solve the restrictions arose with BYOD (Bring Your Own Device) and COPE (Corporate Owned, Personally Enabled) provisioning models.

    • IT needs to secure corporate-owned data without compromising personal and private data. MDM cannot fulfill this requirement. This led to the development of EMM solutions.
    • EMM tools allow you to manage multiple device platforms through MDM protocols. These tools enforce security settings, allow you to push apps to managed devices, and monitor patch compliance through reporting.

    MDM solutions function at the level of corporate devices. Something else was needed to enable personal device management.

    Major components of EMM solutions

    Mobile Application Management (MAM)

    Allows organizations to control individual applications and their associated data. It restricts malicious apps and enables in-depth application management, configuration, and removal.

    Containerization

    Enables separation of work-related data from private data. It provides encrypted containers on personal devices to separate the data, providing security on personal devices while maintaining users' personal data.

    Mobile Content Management (MCM)

    Helps remote distribution, control, management, and access to corporate data.

    Mobile Security Management (MSM)

    Provides application and data security on devices. It enables application analysis and auditing. IT can use MSM to provide strong passwords to applications, restrict unwanted applications, and protect devices from unsecure websites by blacklisting them.

    Mobile Expense Management (MEM)

    Enables mobile data communication expenses auditing. It can also set data limits and restrict network connections on devices.

    Identity Management

    Sets role-based access to corporate data. It also controls how different roles can use data, improving application and data security. Multifactor authentication can be enforced through the identity management featured of an EMM solution.

    Unified endpoint management: Control all endpoints in a single pane of glass

    IT admins used to provide customer service such as installation, upgrades, patches, and account administration via desktop support. IT support is not on physical assistance over end users' desktops anymore.

    The rise of BYOD enhanced the need to be able to control sensitive data outside corporate network connection on all endpoints, which was beyond the capability of MDM and EMM solutions.

    • It's now almost impossible for IT to be everywhere to support customers.
    • This created a need to conduct tasks simultaneously from one single place.
    • UEM enables IT to run, manage, and control endpoints from one place, while ensuring that device health and security remain uncompromised.
    • UEM combines features of MDM and EMM while extending EMM's capabilities to all endpoints, including computers, laptops, tablets, phones, printers, wearables, and IoT.

    Info-Tech Insight

    Organizations once needed to worry about company connectivity assets such as computers and laptops. To manage them, traditional client management tools like Microsoft Configuration Manager would be enough.

    With the increase in the work-from-anywhere model, it is very hard to control, manage, and monitor devices that are not connected to a VPN. UEM solutions enable IT to tackle this challenge and have full visibility into and management of any device.

    UEM platforms help with saving costs and increasing efficiency

    UEM helps corporates save on their investments as it consolidates use-case management in a single console. Businesses don't need to invest in different device and application management solutions.

    From the employee perspective, UEM enables them to work on their own devices while enforcing security on their personal data.

    • Security and privacy are very important criteria for organizations. With the rapid growth of the work-from-anywhere model, corporate security is a huge concern for companies.
    • Working from home has forced companies to invest a lot in data security, which has led to high UEM demand. UEM solutions streamline security management by consolidating device management in a single platform.
    • With the fourth-generation industrial revolution, we're experiencing a significant rise in the use of IoT devices. UEM solutions are very critical for managing, configuring, and securing these devices.
    • There will be a huge increase in cyber threats due to automation, IoT, and cloud services. The pandemic has sped up the adoption of such services, forcing businesses to rethink their enterprise mobility strategies. They are now more cautious about security risks and remediations. Businesses need UEM to simplify device management on multiple endpoints.
    • With UEM, IT environment management gets more granular, while giving IT better visibility on devices and applications.

    UEM streamlines mundane admin tasks and simplifies user issues.

    Even with a COPE or COBO provisioning model, without any IT intervention, users can decide on when to install relevant updates. It also may lead to shadow IT.

    Endpoint management, and UEM more specifically, enables IT to enforce administration over user devices, whether they are corporate or personally owned. This is enabled without interfering with private/personal data.

    Where it's going: The future state of UEM

    Despite the fast evolution of the UEM market, many organizations do not move as fast as technological capabilities. Although over half of all organizations have at least one UEM solution, they may not have a good strategy or policies to maximize the value of technology (Tech Orchard, 2022). As opposed to such organizations, there are others that use UEM to transform their endpoint management strategy and move service management to the next level. That integration between endpoint management and service management is a developing trend (Ivanti, 2021).

    • SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. Further, the pandemic saw 47% of organizations significantly increase their use of BYOD (Cybersecurity Insiders, 2021).
    • Over 2022, 78% of people worked remotely for at least some amount of time during the week (Tech Orchard, 2022).
    • 84% of organizations believe that cybersecurity threat alarms are becoming very overwhelming, and almost half of companies believe that the best way to tackle this is through consolidating platforms so that everything will be visible and manageable through a single pane of glass (Cybersecurity Insiders, 2022).
    • The UEM market was worth $3.39 billion in 2020. It is expected to reach $53.65 billion by 2030, with an annual growth rate of 31.7% (Datamation, 2022). This demonstrates how dependent IT is becoming on endpoint management solutions.

    An image of a donut chart showing the current state of UEM Strategy.

    Only 27% of organizations have "fully deployed" UEM "with easy management across all endpoints"
    Source: IT Pro Today, 2018.

    Endpoint Management Key Trends

    • Commoditization of endpoint management features. Although their focus is the same, some UEM solutions have unique features.
    • New endpoint management paradigms have emerged. Endpoint management has evolved from client management tools (CMT) and MDM into UEM, also known as "modern management" (Ivanti, 2022).
    • One pane of glass for the entire end-user experience. Endpoint management vendors are integrating their solution into their ITSM, ITOM, digital workspace, and security products.
    • AI-powered insights. UEM tools collect data on endpoints and user behavior. Vendors are using their data to differentiate themselves: Products offer threat reports, automated compliance workflows, and user experience insights. The UEM market is ultimately working toward autonomous endpoint management (Microsoft, 2022).
    • Web apps and cloud storage are the new normal. Less data is stored locally. Fewer apps need to be patched on the device. Apps can be accessed on different devices more easily. However, data can more easily be accessed on BYOD and on new operating systems like Chrome OS.
    • Lighter device provisioning tools. Instead of managing thick images, UEM tools use lighter provisioning packages. Once set up, Autopilot and UEM device enrollment should take less time to manage than thick images.
    • UEM controls built around SaaS. Web apps and the cloud allow access from any device, even unmanaged BYOD. UEM tools allow IT to apply the right level of control for the situation – mobile application management, mobile content management, or mobile device management.
    • Work-from-anywhere and 5G result in more devices outside of your firewalls. Cloud-based management tools are not limited by your VPN connection and can scale up more easily than traditional, on-prem tools.

    Understand endpoint management table stakes features

    Determine high-level use cases to help you narrow down to specific features

    Support the organization's operating systems:
    Many UEM vendors support the most dominant operating systems, Windows and Mac; however, they are usually stronger in one particular OS than the other. For instance, Intune supports both Windows and Mac, although there are some drawbacks with MacOS management by Intune. Conversely, Jamf is mainly for MacOS and iOS management. Enterprises look to satisfy their end users' needs. The more UEM vendors support different systems, the more likely enterprises will pick them. Although, as mentioned, in some instances, enterprises may need to select more than one option, depending on their requirements.

    Support BYOD and remote environments:
    With the impact of the pandemic on work model, 60-70% of workforce would like to have more flexibility for working remotely (Ivanti, 2022). BYOD is becoming the default, and SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. As BYOD can boost productivity (Samsung Insights, 2016), you may be interested in how your prospective UEM solution will enable this capability with remote wipe (corporate wipe capability vs. wiping the whole device), data and device tracking, and user activity auditing.

    Understand endpoint management table stakes features

    Determine high-level use cases to help you narrow down to specific features

    Integration with the enterprise's IT products:
    To get everything in a single platform and to generate better metrics and dashboards, vendors provide integrations with ticketing and monitoring solutions. Many large vendors have strong integrations with multiple ITSM and ITAM platforms to streamline incident management, request management, asset management, and patch management.

    Support security and compliance policies:
    With the significant boost in work-from-anywhere, companies would like to enable endpoint security more than ever. This includes device threat detection, malware detection, anti-phishing, and more. All UEMs provide these, although the big difference between them is how well they enable security and compliance, and how flexible they are when it comes to giving conditional access to certain data.

    Provide a fully automated vs manual deployment:
    Employees want to get their devices faster, IT wants to deploy devices faster, and businesses want to enable employees faster to get them onboard sooner. UEMs have the capability to provide automated and manual deployment. However, the choice of solution depends on enterprise's infrastructure and policies. Full automation of deployment is very applicable for corporate devices, while it may not be a good option for personally owned devices. Define your user groups and provisioning models, and make sure your candidate vendors satisfy requirements.

    Plan a proper UEM selection according to your requirements

    1. Identify IT governance, policy, and process maturity
      Tools cannot compensate for your bad processes. You should improve deploying and provisioning processes before rolling out a UEM. Automation of a bad process only wraps the process in a nicer package – it does not fix the problem.
      Refer to InfoTech's Modernize and Transform Your End-User Computing Strategy for more information on improving endpoint management procedures.
    2. Consider supported operating systems, cloud services, and network infrastructure in your organization
      Most UEMs support all dominant operating systems, but some solutions have stronger capability for managing a certain OS over the other.
    3. Define enterprise security requirements
      Investigate security levels, policies, and requirements to align with the security features you're expecting in a UEM.
    4. Selection and implementation of a UEM depends on use case. Select a vendor that supports your use cases
      Identify use cases specific to your industry.
      For example, UEM use cases in Healthcare:
      • Secure EMR
      • Enforce HIPAA compliance
      • Secure communications
      • Enable shared device deployment

    Activity: Define use cases and core features for meeting business and technical goals

    1-2 hours

    1. Brainstorm with your colleagues to discuss your challenges with endpoint management.
    2. Identify how these challenges are impacting your ability to meet your goals for managing and controlling endpoints.
    3. Define high-level goals you wish to achieve in the first year and in the longer term.
    4. Identify the use cases that will support your overall goals.
    5. Document use cases in the UEM Requirements Workbook.

    Input

    • List of challenges and goals

    Output

    • Use cases to be used for determining requirements

    Materials

    • Whiteboard/flip charts
    • Laptop to record output

    Participants

    • CIO
    • IT manager
    • Infrastructure & Applications directors

    Download the UEM Requirements Workbook

    Phase 2

    Discover the endpoint management market space and select the right vendor

    Phase 1

    Phase 2

    Define endpoint management platforms

    Explore endpoint management trends

    Classify table stakes & differentiating capabilities

    Streamline the requirements elicitation process for a new endpoint management platform

    Discover key players across the vendor landscape

    Engage the shortlist and select finalist

    Prepare for implementation

    This phase will walk you through the following activity:
    Define top-level features for meeting business and technical goals
    This phase involves the following participants:

    • CIO
    • IT manager
    • Infrastructure & Applications directors
    • Project managers

    Elicit and prioritize granular requirements for your endpoint management platform

    Understanding business needs through requirements gathering is the key to defining everything about what is
    being purchased. However, it is an area where people often make critical mistakes.

    Risks of poorly scoped requirements

    • Fail to be comprehensive and miss certain areas of scope.
    • Focus on how the solution should work instead of what it must accomplish.
    • Have multiple levels of confusing and inconsistent detail in the requirements.
    • Drill down all the way to system-level detail.
    • Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow.
    • Omit constraints or preferences that buyers think are "obvious."

    Best practices

    • Get a clear understanding of what the system needs to do and what it is expected to produce.
    • Test against the principle of MECE – requirements should be "mutually exclusive and collectively exhaustive."
    • Explicitly state the obvious and assume nothing.
    • Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes.
    • Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors.

    Review Info-Tech's blueprint Improve Requirements Gathering to improve your requirements gathering process.

    Consider the perspective of each stakeholder to ensure functionality needs are met

    Best of breed vs. "good enough" is an important discussion and will feed your success

    Costs can be high when customizing an ill-fitting module or creating workarounds to solve business problems, including loss of functionality, productivity, and credibility.

    • Start with use cases to drive the initial discussion, then determine which features are mandatory and which are nice-to-haves. Mandatory features will help determine high success for critical functionality and identify where "good enough" is an acceptable state.
    • Consider the implications of implementation and all use cases of:
      • Buying an all-in-one solution.
      • Integration of multiple best-of-breed solutions.
      • Customizing features that were not built into a solution.
    • Be prepared to shelve a use case for this solution and look to alternatives for integration where mandatory features cannot meet highly specialized needs that are outside of traditional endpoint management solutions.

    Pros and Cons

    An image showing the pros and cons of building vs buying

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews
    A screenshot of softwareReviews Data Quadrant analyis.. A screenshot of softwareReviews Emotonal Fotprint analyis
    • evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
    • Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.
    • The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
    • Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    SoftwareReviews

    • Fact-based reviews of business software from IT professionals.
    • Product and category reports with state-of-the-art data visualization.
    • Top-tier data quality backed by a rigorous quality assurance process.
    • User-experience insight that reveals the intangibles of working with a vendor.

    CLICK HERE to ACCESS

    Comprehensive software reviews
    to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today's technology.
    With the insight of our expert analysts, our members receive unparalleled support in their buying journey.

    Get to Know the Key Players in the Endpoint Management Landscape

    The following slides provide a top-level overview of the popular players you will encounter in the endpoint management shortlisting process in alphabetical order.

    A screenshot showing a series of logos for the companies addressed later in this blueprint. It includes: Ciso; Meraki; Citrix; IBM MaaS360; Ivanti; Jamf|Pro; ManageEngine Endpoint Central; Microsoft Endpoint Manager, and VMWARE.

    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF, and NPS scores are pulled from live data as of January 2023.

    Secure business units and enhance connection by simplifying the digital workplace

    A good option for enterprises that want a single-pane-of-glass UEM that is easy to use, with a modern-looking dashboard, high threat-management capability, and high-quality customer support.

    CISCO Meraki

    Est. 1984 | CA, USA | NASDAQ: CSCO

    8.8

    9.1

    +92

    91%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    This is a Screenshot of CISCO Meraki's dashboard.

    Screenshot of CISCO Meraki's dashboard. Source: Cisco

    Strengths:

    Areas to improve:

    • Cisco Meraki offers granular control over what users can and cannot use.
    • The system is user friendly and intuitive, with a variety of features.
    • The anti-malware capability enhances security.
    • Users are very satisfied with being able to control everything in a single platform.
    • System configuration is easy.
    • Vendor relationship is very high with a rate of 96%.
    • System setup is easy, and users don't need much experience for initial configuration of devices.
    • Users are also mostly satisfied with the platform design.
    • Monitoring within the tool is easy.
    • According to SoftwareReviews' survey report, the primary reason for leaving Cisco Meraki and switching over to another vendor is functionality.
    • Regardless of the top-notch offerings and high-quality features, the product is relatively expensive. The quality and price factors make the solution a better fit for large enterprises. However, SoftwareReviews' scorecard for Cisco Meraki shows that small organizations are the most satisfied compared to the medium and large enterprises, with a net promoter score of 81%.

    Transform work experience and support every endpoint with a unified view to ensure users are productive

    A tool that enables you to access corporate resources on personal devices. It is adaptable to your budget. SoftwareReviews reports that 75% of organizations have received a discount at initial purchase or renewal, which makes it a good candidate if looking for a negotiable option.

    Citrix Endpoint Management

    Est. 1989 | TX, USA | Private

    7.9

    8.0

    8.0

    83%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Citrix Endpoint Management's dashboard.

    Screenshot of Citrix Endpoint Management's dashboard. Source: Citrix

    Strengths:

    Areas to improve:

    • Citrix Endpoint Management is a cloud-centric, easy-to-use UEM with an upgradable interface.
    • The solution simplifies endpoint management and provides real-time visibility and notifications.
    • Citrix allows deployments on different operating systems to meet organizations' infrastructure requirements.
    • The vendor offers different licenses and pricing models, allowing businesses of different sizes to use the tool based on their budgets and requirements.
    • Some users believe that integration with external applications should be improved.
    • Deployment is not very intuitive, making implementation process challenging.
    • User may experience some lagging while opening applications on Citrix. Application is even a bit slower when using a mobile device.

    Scale remote users, enable BYOD, and drive a zero-trust strategy with IBM's modern UEM solution

    A perfect option to boost cybersecurity. Remote administration and installation are made very easy and intuitive on the platform. It is very user friendly, making implementation straightforward. It comes with four licensing options: Essential, Deluxe, Premier, and Enterprise. Check IBM's website for information on pricing and offerings.

    IBM MaaS360

    Est. 1911 | NY, USA | NYSE: IBM

    7.7

    8.4

    +86

    76%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of IBM MaaS360's dashboard.

    Screenshot of IBM MaaS360's dashboard. Source: IBM

    Strengths:

    Areas to improve:

    • IBM MaaS360 is easy to install and implement.
    • It has different pricing models to fit enterprises' needs.
    • MaaS360 is compatible with different operating systems.
    • Security management is one of the strongest features, making the tool perfect for organizations that want to improve cybersecurity.
    • Vendor support is very effective, and users find knowledge articles very helpful.
    • It has a very intuitive dashboard.
    • The tool can control organizational data, allowing you to apply BYOD policy.
    • AI Advisor with Watson provides AI-driven reporting and insights.
    • Working with iOS may not be as intuitive as other operating systems.
    • Adding or removing users in a user group is not very straightforward.
    • Some capabilities are limited to particular Android or iOS devices.
    • Deploying application packages may be a bit difficult.
    • Hardware deployment may need some manual work and is not fully automated.

    Get complete device visibility from asset discovery to lifecycle management and remediation

    A powerful tool for patch management with a great user interface. You can automate patching and improve cybersecurity, while having complete visibility into devices. According to SoftwareReviews, 100% of survey participants plan to renew their contract with Ivanti.

    Ivanti Neurons

    Est. 1985 | CA, USA | Private

    8.0

    8.0

    +81

    83%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Ivanti Neurons UEM's dashboard.

    Screenshot of Ivanti Neurons UEM's dashboard. Source: Ivanti

    Strengths:

    Areas to improve:

    • The tool is intuitive and user friendly.
    • It's a powerful security management platform, supporting multiple operating systems.
    • Ivanti Neurons is very strong in patch management and inventory management. It helps a seamless application deployment.
    • Users can install their applications via Ivanti's portal.
    • The user interface is very powerful and easy to use.
    • AI-augmented process management automates protocols, streamlining device management and application updates.
    • Vendor is very efficient in training and provides free webinars.
    • Data integration is very easy. According to SoftwareReviews, it had a satisfaction score for ease of data integration of 86%, which makes Ivanti the top solution for this capability.
    • Data analytics is powerful but complicated.
    • Setup is easy for some teams but not as easy for others, which may cause delays for implementation.
    • Software monitoring is not as good as other competitors.

    Improve your end-user productivity and transform enterprise Apple devices

    An Apple-focused UEM with a great interface. Jamf can manage and control macOS and iOS, and it is one of the best options for Apple products, according to users' sentiments. However, it may not be a one-stop solution if you want to manage non-Apple products as well. In this case, you can use Jamf in addition to another UEM. Jamf has some integrations with Microsoft, but it may not be sufficient if you want to fully manage Windows endpoints.

    Jamf PRO

    Est. 2002 | MN, USA | NASDAQ: JAMF

    8.8

    8.7

    +87

    95%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Jamf PRO's dashboard.

    Screenshot of Jamf PRO's dashboard. Source: Jamf

    Strengths:

    Areas to improve:

    • Jamf Pro is a unique product with an easy implementation that enables IT with minimum admin intervention.
    • It can create smart groups (based on MDM profile and user group) to automatically assign users to their pertinent apps and updates.
    • It's a very user-friendly tool, conducting device management in fewer steps than other competitors.
    • Reports are totally customizable and dynamic.
    • Notifications are easy to navigate and monitor.
    • Self-service feature enables end users to download their predefined categories of applications in the App Store.
    • It can apply single sign-on integrations to streamline user access to applications.
    • Businesses can personalize the tool with corporate logos.
    • Vendor does great for customer service when problems arise.
    • It is a costly tool relative to other competitors, pushing prospects to consider other products.
    • The learning process may be long and not easy, especially if admins do not script, or it's their first time using a UEM.

    Apply automation of traditional desktop management, software deployment, endpoint security, and patch management

    A strong choice for patch management, software deployment, asset management, and security management. There is a free version of the tool available to try get an understanding of the platform before purchasing a higher tier of the product.

    ManageEngine Endpoint Central

    Est. 1996 | India | Private

    8.3

    8.3

    +81

    88%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of ME Endpoint Central's dashboard.

    Screenshot of ME Endpoint Central's dashboard. Source: ManageEngine

    Strengths:

    Areas to improve:

    • It supports several operating systems including Windows, Mac, Linux, Android, and iOS.
    • Endpoint Central provides end-to-end monitoring, asset management, and security in a single platform.
    • Setup is simple and intuitive, and it's easy to learn and configure.
    • The reporting feature is very useful and gives you clear visibility into dashboard.
    • Combined with ME Service Desk Plus, we can call Endpoint Central an all-in-one solution.
    • The tool provides a real-time report on devices and tracks their health status.
    • It has multiple integrations with third-party solutions.
    • Tool does not automate updates, making application updates time-consuming.
    • Sometimes, patches and software deployments fail, and the tool doesn't provide any information on the reason for the failure.
    • There is no single point of contact/account manager for the clients when they have trouble with the tool.
    • Remote connection to Android devices can sometimes get a little tedious.

    Get device management and security in a single platform with a combination of Microsoft Intune and Configuration Manager

    A solution that combines Intune and ConfigMgr's capabilities into a single endpoint management suite for enrolling, managing, monitoring, and securing endpoints. It's a very cost-effective solution for enterprises in the Microsoft ecosystem, but it also supports other operating systems.

    Microsoft Endpoint Manager

    Est. 1975 | NM, USA | NASDAQ: MSFT

    8.0

    8.5

    +83

    85%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of MS Endpoint Manager's dashboard.

    Screenshot of MS Endpoint Manager's dashboard. Source: Microsoft

    Strengths:

    Areas to improve:

    • Licensing for the enterprises that use Windows as their primary operating system is more efficient and cost effective.
    • Endpoint Manager is very customizable, with the ability to assign personas to device groups.
    • Besides Windows, it manages other operating systems, such as Linux, Android, and iOS.
    • It creates endpoint security and compliance policies for BitLocker that streamlines data protection and security. It also provides SSO.
    • It provides very strong documentation and knowledgebase.
    • User interface is not as good as competitors. It's a bit clunky and complex to use.
    • The process of changing configurations on devices can be time consuming.
    • Sometimes there are service outages such as Autopilot failure, which push IT to deploy manually.
    • Location tracking is not very accurate.

    Simplify and consolidate endpoint management into a single solution and secure all devices with real-time, "over-the-air" modern management across all use cases

    A strong tool for managing and controlling mobile devices. It can access all profiles through Google and Apple, and it integrates with various IT management solutions.

    VMware Workspace ONE

    Est. 1998 | CA, USA | NYSE: VMW

    7.5

    7.4

    +71

    75%

    COMPOSITE SCORE

    CX SCORE

    EMOTIONAL FOOTPRINT

    LIKELINESS TO RECOMMEND

    DOWNLOAD REPORT

    Screenshot of Workspace ONE's dashboard.

    Screenshot of Workspace ONE's dashboard. Source: VMware

    Strengths:

    Areas to improve:

    • Workspace ONE provides lots of information about devices.
    • It provides a large list of integrations.
    • The solution supports various operating systems.
    • The platform has many out-of-the-box features and helps with security management, asset management, and application management.
    • The vendor has a community forum which users find helpful for resolving issues or asking questions about the solution.
    • It is very simple to use and provides SSO capability.
    • Implementation is relatively easy and straightforward.
    • Customization may be tricky and require expertise.
    • The solution can be more user friendly with a better UI.
    • Because of intensive processing, updates to applications take a long time.
    • The tool may sometimes be very sensitive and lock devices.
    • Analytics and reporting may need improvement.

    Review your use cases to start your shortlist

    Your Info-Tech analysts can help you narrow down the list of vendors that will meet your requirements.

    Next steps will include:

    1. Reviewing your requirements
    2. Checking out SoftwareReviews
    3. Shortlisting your vendors
    4. Conducting demos and detailed proposal reviews
    5. Selecting and contracting with a finalist!

    Activity: Define high-level features for meeting business and technical goals

    Input

    • List of endpoint management use cases
    • List of prioritized features

    Output

    • Vendor evaluation
    • Final list of candidate vendors

    Materials

    • Whiteboard/flip charts
    • Laptop
    • UEM Requirements Workbook

    Participants

    • CIO
    • IT manager
    • Infrastructure & Applications directors
    • Project managers

    Activity: Define top-level features for meeting business and technical goals

    As there are many solutions in the market that share capabilities, it is imperative to closely evaluate how well they fulfill your endpoint management requirements.
    Use the UEM Requirements Workbook to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    1. Refer to the output of the previous activity, the identified use cases in the spreadsheet.
    2. List the features you want in an endpoint solution for your devices that will fulfill these use cases. Record those features in the second column ("Detailed Feature").
    3. Prioritize each feature (must have, should have, nice to have, not required).
    4. Send this list to candidate vendors.
    5. When you finish your investigation, review the spreadsheet to compare the various offerings and pros and cons of each solution.

    Info-Tech Insight

    The output of this activity can be used for a detailed evaluation of UEM vendors. The next steps will be vendor briefing and having further discussion on technical capabilities and conducting demos of solutions. Info-Tech's blueprint, The Rapid Application Selection Framework, takes you to these next steps.

    This is a screenshot showing the high value use cases table from The Rapid Application Selection Framework.

    Download the UEM Requirements Workbook

    Leverage Info-Tech's research to plan and execute your endpoint management selection and implementation

    Use Info-Tech Research Group's blueprints for selection and implementation processes to guide your own planning.

    • Assess
    • Prepare
    • Govern & Course Correct

    This is a screenshot of the title pages from INfo-tech's Governance and management of enterprise Software Implementaton; and The Rapid Applicaton Selection Framework.

    Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

    Communication

    Teams must have some type of communication strategy. This can be broken into:

    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Injecting awards and continually emphasizing delivery of value can encourage relationship building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

    Proximity

    Distributed teams create complexity because communication can break down more easily. This can be mitigated by:

    • Location: Placing teams in proximity can close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication Tools: Having the right technology (e.g. video conference) can help bring teams closer together virtually.

    Trust

    Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:

    Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.

    • Role Clarity: Having a clear definition of what everyone's role is.

    Implementation with a partner typically results in higher satisfaction

    Align your implementation plans with both the complexity of the solution and internal skill levels

    Be clear and realistic in your requirements to the vendor about the level of involvement you need to be successful.

    Primary reasons to use a vendor:

    • Lack of skilled resources: For solutions with little configuration change happening after the initial installation, the ramp-up time for an individual to build skills for a single event is not practical.
    • Complexity of solution: Multiple integrations, configurations, modules, and even acquisitions that haven't been fully integrated in the solution you choose can make it difficult to complete the installation and rollout on time and on budget. Troubleshooting becomes even more complex if multiple vendors are involved.
    • Data migration: Decide what information will be valuable to transfer to the new solution and which will not benefit your organization. Data structure and residency can both be factors in the complexity of this exercise.

    This is an image of a bar graph showing the Satisfaction Net Promotor Score by Implementation type and Organization Size.

    Source: SoftwareReviews, January 2020 to January 2023, N= 20,024 unique reviews

    To ensure your SOW is mutually beneficial, download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable.

    Consider running a proof of concept if concerns are expressed about the feasibility of the chosen solution

    Proofs of concept (PoCs) can be time consuming, so make good choices on where to spend the effort

    Create a PoC charter that will enable a quick evaluation of the defined use cases and functions. These key dimensions should form the PoC.

    1. Objective – Giving an overview of the planned PoC will help to focus and clarify the rest of this section. What must the PoC achieve? Objectives should be specific, measurable, attainable, relevant, and time bound. Outline and track key performance indicators.
    2. Key Success Factors – These are conditions that will positively impact the PoC's success.
    3. Scope – High-level statement of scope. More specifically, state what is in scope and what is out of scope.
    4. Project Team – Identify the team's structure, e.g. sponsors, subject matter experts.
    5. Resource Estimation – Identify what resources (time, materials, space, tools, expertise, etc.) will be needed to build and socialize your prototype. How will they be secured?

    An image of two screenshots from Info-Tech Research Group showing documentaton used to generate effective proof of concepts.

    To create a full proof of concept plan, download the Proof of Concept Template and see the instructions in Phase 3 of the blueprint Exploit Disruptive Infrastructure Technology.

    Selecting a right-sized endpoint management platform

    This selection guide allows organizations to execute a structured methodology for picking a UEM platform that aligns with their needs. This includes:

    • Identifying and prioritizing key business and technology drivers for an endpoint management selection business case.
    • Defining key use cases and requirements for a right-sized UEM platform.
    • Reviewing a comprehensive market scan of key players in the UEM marketspace.

    This formal UEM selection initiative will map out requirements and identify technology capabilities to fill the gap for better endpoint management. It also allows a formal roll-out of a UEM platform that is highly likely to satisfy all stakeholder needs.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Summary of Accomplishment

    Knowledge Gained

    • What endpoint management is
    • Historical origins and evolution of endpoint management platforms
    • Current trends and future state of endpoint management platforms

    Processes Optimized

    • Identifying use cases
    • Gathering requirements
    • Reviewing market key players and their capabilities
    • Selecting a UEM tool that fulfills your requirements

    UEM Solutions Analyzed

    • CISCO Meraki
    • Citrix Endpoint Management
    • IBM MaaS360
    • Ivanti Neurons UEM
    • Jamf Pro
    • ManageEngine Endpoint Central
    • Microsoft Endpoint Manager
    • VMware Workspace ONE

    Related Info-Tech Research

    Modernize and Transform Your End-User Computing Strategy

    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Best Unified Endpoint Management (UEM) Software | SoftwareReviews

    Compare and evaluate Unified Endpoint Management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best Unified Endpoint Management software for your organization.

    The Rapid Application Selection Framework

    This blueprint walks you through a process for a fast and efficient selection of your prospective application. You will be enabled to use a data-driven approach to select the right application vendor for your needs, shatter stakeholder expectations with truly rapid application selections, boost collaboration and crush the broken telephone with concise and effective stakeholder meetings, and lock in hard savings.

    Bibliography

    "BYOD Security Report." Cybersecurity Insiders, 2021. Accessed January 2023.
    "Cloud Infrastructure Services Market." MarketsAnd Markets, 2019. Accessed December 2022.
    Evans, Alma. "Mastering Mobility Management: MDM Vs. EMM Vs. UEM." Hexnode, 2019. Accessed November 2022.
    "Evercore-ISI Quarterly Enterprise Technology Spending Survey." Evercore-ISI, 2022. Accessed January 2023.
    "5G Service Revenue to Reach $315 Billion Globally in 2023." Jupiter Research, 2022. Accessed January 2023.
    Hein, Daniel. "5 Common Unified Endpoint Management Use Cases You Need to Know." Solutions Review, 2020. Accessed January 2023.
    "Mobile Device Management Market Size, Share & COVID-19 Impact Analysis." Fortune Business Insights, 2021. Accessed December 2022.
    Ot, Anina. "The Unified Endpoint Management (UEM) Market." Datamation, 14 Apr. 2022. Accessed Jan. 2023.
    Poje, Phil. "CEO Corner: 4 Trends in Unified Endpoint Management for 2023." Tech Orchard, 2022. Accessed January 2023.
    "The Future of UEM November 2021 Webinar." Ivanti, 2021. Accessed January 2023.
    "The Third Annual Study on the State of Endpoint Security Risk." Ponemon Institute, 2020. Accessed December 2022.
    "The Ultimate Guide to Unified Endpoint Management (UEM)." MobileIron. Accessed January 2023.
    "Trends in Unified Endpoint Management." It Pro Today, 2018. Accessed January 2023.
    Turek, Melanie. "Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research." Samsung Insights, 3 Aug. 2016.
    "2023 State of Security Report." Cybersecurity Insiders, 2022. Accessed January 2023.
    Violino, Bob. "Enterprise Mobility 2022: UEM Adds User Experience, AI, Automation." Computerworld, 2022. Accessed January 2023.
    Violino, Bob. "How to Choose the Right UEM Platform." Computerworld, 2021. Accessed January 2023.
    Violino, Bob. "UEM Vendor Comparison Chart 2022." Computerworld, 2022. Accessed January 2023.
    Wallent, Michael. "5 Endpoint Management Predictions for 2023." Microsoft, 2022. Accessed January 2023.
    "What Is the Difference Between MDM, EMM, and UEM?" 42Gears, 2017. Accessed November 2022.

    Establish a Foresight Capability

    • Buy Link or Shortcode: {j2store}88|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • To be recognized and validated as a forward-thinking CIO, you must establish a structured approach to innovation that considers external trends as well as internal processes.
    • The CEO is expecting an investment in IT innovation to yield either cost reduction or revenue growth, but growth cannot happen without opportunity identification.

    Our Advice

    Critical Insight

    • Technological innovation is disrupting business models – and it’s happening faster than organizations can react.
    • Smaller, more agile organizations have an advantage because they have less resources tied to existing operations and can move faster.

    Impact and Result

    • Be the disruptor, not the disrupted. This blueprint will help you plan proactively and identify opportunities before your competitors.
    • Strategic foresight gives you the tools you need to effectively process the signals in your environment, build an understanding of relevant trends, and turn this understanding into action.

    Establish a Foresight Capability Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to effectively apply strategic foresight, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Signal gathering

    Develop a better understanding of your external environment and build a database of signals.

    • Establish a Foresight Capability – Phase 1: Signal Gathering
    • Foresight Process Tool

    2. Trends and drivers

    Select and analyze trends to uncover drivers.

    • Establish a Foresight Capability – Phase 2: Trends and Drivers

    3. Scenario building

    Use trends and drivers to build plausible scenarios and brainstorm strategic initiatives.

    • Establish a Foresight Capability – Phase 3: Scenario Building

    4. Idea selection

    Apply the wind tunneling technique to assess strategic initiatives and determine which are most likely to succeed in the face of uncertainty.

    • Establish a Foresight Capability – Phase 4: Idea Selection
    [infographic]

    Workshop: Establish a Foresight Capability

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-workshop – Gather Signals and Build a Repository

    The Purpose

    Note: this is preparation for the workshop and is not offered onsite.

    Gather relevant signals that will inform your organization about what is happening in the external competitive environment.

    Key Benefits Achieved

    A better understanding of the competitive landscape.

    Activities

    1.1 Gather relevant signals.

    1.2 Store signals in a repository for quick and easy recall during the workshop.

    Outputs

    A set of signal items ready for analysis

    2 Identify Trends and Uncover Drivers

    The Purpose

    Uncover trends in your environment and assess their potential impact.

    Determine the causal forces behind relevant trends to inform strategic decisions.

    Key Benefits Achieved

    An understanding of the underlying causal forces that are influencing a trend that is affecting your organization.

    Activities

    2.1 Cluster signals into trends.

    2.2 Analyze trend impact and select a key trend.

    2.3 Perform causal analysis.

    2.4 Select drivers.

    Outputs

    A collection of relevant trends with a key trend selected

    A set of drivers influencing the key trend with primary drivers selected

    3 Build Scenarios and Ideate

    The Purpose

    Leverage your understanding of trends and drivers to build plausible scenarios and apply them as a canvas for ideation.

    Key Benefits Achieved

    A set of potential responses or reactions to trends that are affecting your organization.

    Activities

    3.1 Build scenarios.

    3.2 Brainstorm potential strategic initiatives (ideation).

    Outputs

    Four plausible scenarios for ideation purposes

    A potential strategic initiative that addresses each scenario

    4 Apply Wind Tunneling and Select Ideas

    The Purpose

    Assess the various ideas based on which are most likely to succeed in the face of uncertainty.

    Key Benefits Achieved

    An idea that you have tested in terms of risk and uncertainty.

    An idea that can be developed and pitched to the business or stored for later use. 

    Activities

    4.1 Assign probabilities to scenarios.

    4.2 Apply wind tunneling.

    4.3 Select ideas.

    4.4 Discuss next steps and prototyping.

    Outputs

    A strategic initiative (idea) that is ready to move into prototyping

    Refine Your Estimation Practices With Top-Down Allocations

    • Buy Link or Shortcode: {j2store}434|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As a portfolio manager, you’re expected to size projects for approval and intake before they have sufficient definition.
    • The consequences of initial sizing are felt throughout the project lifecycle.

    Our Advice

    Critical Insight

    • Your organization lacks strong organizational memory upon which assumptions and estimates can be made.
    • Definition is at a minimum not validated, untested, and is likely incomplete. It has the potential to be dangerously misleading.

    Impact and Result

    • Build project history and make more educated estimates – Projects usually start with a “ROM” or t-shirt size estimate, but if your estimates are consistently off, then it’s time to shift the scale.
    • Plan ahead – Projects face risks; similar projects face similar risks. Provide sponsors with estimates that account for as many risks as possible, so that if something goes wrong you have a plan to make it right.
    • Store and strengthen organizational memory – Each project is rich with lessons that can inform your next project to make it more effective and efficient, and ultimately help to avoid committing the same failures over and over again. Develop a process to catalogue project history and all of the failures and successes associated with those projects.

    Refine Your Estimation Practices With Top-Down Allocations Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should improve your estimation practices, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build organizational memory to inform early estimates

    Analyze your project history to identify and fill gaps in your estimation practices.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 1: Build Organizational Memory to Inform Early Estimations
    • PMO Organizational Memory Tool
    • T-Shirt Sizing Health Check Lite
    • Project Estimation Playbook

    2. Develop and refine a reliable estimate with top-down allocations

    Allocate time across project phases to validate and refine estimates and estimate assumptions.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 2: Develop and Refine a Reliable Estimate With Top-Down Allocations
    • Planning-Level Estimate Calculator

    3. Implement a new estimation process

    Implement a lessons learned process to provide transparency to your sponsors and confidence to your teams.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 3: Implement a New Estimation Process
    • Project Lessons Learned Template
    [infographic]

    Workshop: Refine Your Estimation Practices With Top-Down Allocations

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop the Foundations of Organizational Memory

    The Purpose

    Track key performance indicators on past projects to inform goals for future projects.

    Key Benefits Achieved

    Developed Project History List.

    Refined starting estimates that can be adjusted accurately from project to project.

    Activities

    1.1 Build project history.

    1.2 Analyze estimation capabilities.

    1.3 Identify estimation goals.

    Outputs

    Project History List

    T-Shirt Sizing Health Check

    Estimate Tracking Plan

    2 Define a Requirements Gathering Process

    The Purpose

    Outline the common attributes required to complete projects.

    Identify the commonly forgotten attributes to ensure comprehensive scoping early on.

    Key Benefits Achieved

    Refined initial estimate based on high-level insights into work required and resources available.

    Activities

    2.1 Develop a list of in-scope project attributes.

    2.2 Identify leadership priorities for deliverables and attributes.

    2.3 Track team and skill responsibilities for attributes.

    Outputs

    Identified list or store of past project attributes and costs

    Attribute List and Estimated Cost

    Required Skills List

    3 Build an Estimation Process

    The Purpose

    Set clear processes for tracking the health of your estimate to ensure it is always as accurate as possible.

    Define check-in points to evaluate risks and challenges to the project and identify trigger conditions.

    Key Benefits Achieved

    An estimation process rooted in organizational memory and lessons learned.

    Project estimates that are consistently reevaluated to predict and correct challenges before they can drastically affect your projects.

    Activities

    3.1 Determine Milestone Check-In Points.

    3.2 Develop Lessons Learned Meeting Agendas.

    3.3 Identify common risks and past lessons learned.

    3.4 Develop contingency tracking capabilities.

    Outputs

    Project Lessons Learned Template

    Historic Risks and Lessons Learned Master Template

    Contingency Reserve and Risk Registers

    4 Improve Business Alignment With Your Estimation Plan

    The Purpose

    Bridge the gap between death march projects and bloated and uncertain estimates by communicating expectations and assumptions clearly to your sponsors.

    Key Benefits Achieved

    Clear estimation criteria and assumptions aligned with business priorities.

    Post-mortem discussion items crucial to improving project history knowledge for next time.

    Activities

    4.1 Identify leadership risk priorities.

    4.2 Develop IT business alignment.

    4.3 Develop hand-off procedures and milestone approval methods.

    4.4 Create a list of post-mortem priorities.

    Outputs

    Estimation Quotation

    Risk Priority Rankings

    Hand-Off Procedures

    Post-mortem agenda planning

    Structure the Role of the DBA

    • Buy Link or Shortcode: {j2store}273|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • The traditional role of Database Administrators (DBAs) is shifting due to a variety of changes such as cloud databases, increased automation, close relations with development, and the need for more integration with the business at large. All this means that organizations will have to adapt to integrate a new type of DBA into IT.
    • Organizations often have difficulty establishing a refined and effective DBA structure based on repeatable and well-grounded processes.
    • The relationship between DBAs and the rest of IT (especially development) can often be problematic due to a lack of mutual co-operation and clear communication.
    • There is often confusion in organizations as how to approach staffing DBAs.

    Our Advice

    Critical Insight

    • An organization’s relative focus on operations or development is essential in determining many DBA related decisions. This focus can determine what kinds of DBAs to hire, what staffing ratios to use, the viability of outsourcing, and the appropriate reporting structure for DBAs.
    • Utilizing technological strategies such as database automation, effective auditing, and database consolidation to bolster the DBA team helps make efficient use of DBA staff and can turn a reactive environment into a proactive one.
    • Ensuring refined and regularly assessed processes are in place for change and incident management is essential for maintaining effective and structured database administration.

    Impact and Result

    • Right-size, support, and structure your DBA team for increased cost effectiveness and optimal productivity.
    • Develop a superior level of co-operation between DBAs and the rest of IT as well as the business at large.
    • Build an environment in which DBAs will be motivated and flourish.

    Structure the Role of the DBA Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand how Database Administrators are evolving

    Develop an effective structure for managing and supporting Database Administrators.

    • Storyboard: Structure the Role of the DBA

    2. Create the right Database Administrator roles to meet organizational needs

    Build a team that is relevant to the focus of the organization.

    • System Database Administrator
    • Application Database Administrator
    [infographic]

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    • Buy Link or Shortcode: {j2store}338|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • According to Info-Tech research, 74% of our clients feel that IT quality management is an important process, however, only 15% said they actually had effective quality management.
    • IT is required to deliver high quality projects and services, but if CIOs are ineffective at quality management, how can IT deliver?
    • Rather than disturb the status quo with holistic quality initiatives, heads of IT leave quality in the hands of process owners, functional areas, and other segmented facets of the department.
    • CIOs are facing greater pressures to be innovative, agile, and cost-effective, but cannot do so without stable operations, an accountable staff base, and business support; all of which are achieved by high IT quality.

    Our Advice

    Critical Insight

    • Quality management needs more attention that it’s typically getting. It’s not going to happen randomly; you must take action to see results.
    • Quality must be holistic. Centralized accountability will align inconsistencies in quality and refocus IT towards a common goal.
    • Accountability is the key to quality. Clearly defined roles and responsibilities will put your staff on the hook for quality outcomes.

    Impact and Result

    • Shift your mindset to the positive implications of high quality. Info-Tech’s quality management methodology will promote innovation, agility, lower costs, and improved operations.
    • We will help you develop a fully functional quality management program in four easy steps:
      • Position your program as a group to encourage buy-in and unite IT around a common quality vision. Enact a center of excellence to build, support, and monitor the program.
      • Build flexible program requirements that will be adapted for a fit-to-purpose solution.
      • Implement the program using change management techniques to alleviate challenges and improve adoption.
      • Operate the program with a focus on continual improvement to ensure that your IT department continues to deliver high quality projects and services as stakeholder needs change.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program Research & Tools

    Start here – read the Executive Brief

    Understand why Info-Tech’s unique approach to quality management can fix a variety of IT issues and understand the four ways we can support you in building a quality management program designed just for you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Position the program

    Hold a positioning working session to focus the program around business needs, create solid targets, and create quality champions to get the job done.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 1: Position the Quality Program
    • Quality Management Program Charter
    • Quality Management Capability Assessment and Planning Tool
    • Quality Management Roadmap

    2. Build the program

    Build program requirements and design standard templates that will unite IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 2: Build a Quality Program
    • Quality Management Quality Plan Template
    • Quality Management Review Template
    • Quality Management Dashboard Template

    3. Implement the program

    Evaluate the readiness of the department for change and launch the program at the right time and in the right way to transform IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 3: Implement the Quality Program
    • Quality Management Communication Plan Template
    • Quality Management Readiness Assessment Template

    4. Operate the program

    Facilitate the success of key IT practice areas by operating the Center of Excellence to support the key IT practice areas’ quality initiatives.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 4: Operate the Quality Program
    • Quality Management User Satisfaction Survey
    • Quality Management Practice Area Assessment and Planning Tool
    • Quality Management Capability Improvement Plan
    [infographic]

    Workshop: Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Position Your Program

    The Purpose

    Create a quality center of excellence to lead and support quality initiatives.

    Position your quality program to meet the needs of your business.

    Develop clear targets and create a roadmap to achieve your vision. 

    Key Benefits Achieved

    Defined Center of Excellence roles & responsibilities.

    A firm vision for your program with clearly outlined targets.

    A plan for improvements to show dedication to the program and create accountability. 

    Activities

    1.1 Identify current quality maturity.

    1.2 Craft vision and mission.

    1.3 Define scope.

    1.4 Determine goals and objectives.

    1.5 Specify metrics and critical success factors.

    1.6 Develop quality principles.

    1.7 Create action plan.

    Outputs

    Completed Maturity Assessment

    Completed Project Charter

    Completed Quality Roadmap

    2 Build Your Program

    The Purpose

    Build the requirements for the quality program, including outputs for quality planning, quality assurance, quality control, and quality improvement.

    Key Benefits Achieved

    Defined standards for the quality program.

    General templates to be used to unify quality throughout IT. 

    Activities

    2.1 Define quality policy, procedures, and guidelines.

    2.2 Define your standard Quality Plan.

    2.3 Define your standard Quality Review Document.

    2.4 Develop your Standard Quality Management Dashboard.

    Outputs

    Quality Policy

    Standard Quality Plan Template

    Standard Quality Review Template

    Standard Quality Dashboard

    3 Implement Your Program

    The Purpose

    Launch the program and begin quality improvement.

    Key Benefits Achieved

    Perform a readiness assessment to ensure your organization is ready to launch its quality program.

    Create a communication plan to ensure constant and consistent communication throughout implementation. 

    Activities

    3.1 Assess organizational readiness.

    3.2 Create a communication plan.

    Outputs

    Completed Readiness Assessment

    Completed Communication Plan

    4 Operate Your Program

    The Purpose

    Have the Center of Excellence facilitate the roll-out of the quality program in your key practice areas.

    Initiate ongoing monitoring and reporting processes to enable continuous improvement.  

    Key Benefits Achieved

    Quality plans for each practice area aligned with the overall quality program.

    Periodic quality reviews to ensure plans are being acted upon.

    Methodology for implementing corrective measures to ensure quality expectations are met.

    Activities

    4.1 Perform a quality management satisfaction survey.

    4.2 Complete a practice area assessment.

    4.3 Facilitate the creation of practice area quality plans.

    4.4 Populate quality dashboards.

    4.5 Perform quality review(s).

    4.6 Address issues with corrective and preventative measures.

    4.7 Devise a plan for improvement.

    4.8 Report on quality outcomes.

    Outputs

    Completed Satisfaction Surveys

    Practice Area Assessments

    Quality Plans (for each practice area)

    Quality Reviews (for each practice area)

    Quality Improvement Plan